The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,466 other followers

Archive for February 11th, 2021

Evil environment variables….

Posted by jpluimers on 2021/02/11

I totally agree with Nick Craver “I absolutely hate environmental variables for configuration. They’re brittle, they’re ambient, they can be changed and FUBAR any known state underneath you, they’re an attack vector, just…”.

A little event in the early 1990s made me cautious whenever I see environment variables in use.

One of my clients had a network that had to be separated into three logical areas: one for workstations communicating with a certain server and some equipment, and another for a different server and other equipment, and finally a bunch of semi-local workstations that did some peer-to-peer and specialised equipment communication.

For that era, this was a LOT of stuff to manage.

Since users always were working from the same computers, and there was very little overlap between the areas, I created a bunch of login scripts. Since this was Novell NetWare 3.x era, you only had default, system and user login scripts (see [WayBack] NetWare 3 Login Script Fundamentals), of which only system+default or system+user could be combined. No groups scripts yet (:

So I introduced an environment variable NETWORK that would hold the kind of logical network.

Boy was I surprised that a few days later, the head of administration came to me with a problem: one of his administration programs – despite no documentation mentioning anything about such a feature – suddenly asked for a license!

A few hours of phone calls and trying later, we found the culprit: that software had an undocumented feature: when the NETWORK environment variable was set, it assumed a large corporate, with a very special license feature.

That was the day, I started to be wary of environment variables.

The workaround was simple: have the program being started with a batch file, temporarily clean the NETWORK environment variable, then run the application, and finally restore the environment variable.

Inspired by two tweets I got within a few days time:

–jeroen

Read the rest of this entry »

Posted in History, Power User, Security | Leave a Comment »

Still looking for base64url decoding tools, both on-line and for MacOS homebrew

Posted by jpluimers on 2021/02/11

Remember the screenshot on the right from yesterdays post Kristian Köhntopp explaining theories?

In the end, I:

  1. saved that tweet
  2. in archive.is
  3. then took the screenshot image from there (see below)
  4. cut out the grey parts, then posted the middle part

I much more would have used the screenshot functionality of Google as described here by Terence Eden:

[WayBack] twitter – How to convert a tweet to image – Stack Overflow

Google has a secret screenshot API

For example, you can use it to get a screenshot of a tweet like this

https://www.googleapis.com/pagespeedonline/v1/runPagespeed?screenshot=true&strategy=mobile&url=https%3a%2f%2ftwitter.com%2fedent%2fstatus%2f661570680253755392

At the bottom of that JSON response, you’ll see

"screenshot": {
     "data": "_9j_4AAQSkZJRgAB.....=",
     "height": 569,
     "mime_type": "image/jpeg",
     "width": 320
 }

You will need to Base64 decode it using the URL and Filename safe alphabet.

That will give you a JPG screenshot of the Tweet.

I was hoping for an on-line way, so I followed [WayBack] Google’s Secret Screenshot API – Terence Eden’s Blog.

The blog post pointed me to a Python based script ([WayBack] Python-Twitter-Hacks/websiteScreenshot.py at master · edent/Python-Twitter-Hacks · GitHub) but had no online way.

So I tried out a few on-line things myself that failed:

Then I found out the script was just a proof of concept with hard coded URL and filename.

So I forked the repository, and fixed the script basing it on Python 3.

More on that next week.

Related:

  • [WayBack] RFC 4648 – The Base16, Base32, and Base64 Data Encodings: Base 64 Encoding with URL and Filename Safe Alphabet:
       The Base 64 encoding with an URL and filename safe alphabet has been
       used in [12].
    ...
       An alternative alphabet has been suggested that would use "~" as the
       63rd character.  Since the "~" character has special meaning in some
       file system environments, the encoding described in this section is
       recommended instead.
    ...
       This encoding may be referred to as "base64url".  This encoding
       should not be regarded as the same as the "base64" encoding and
       should not be referred to as only "base64". 
    ...
       This encoding is technically identical to the previous one, except
       for the 62:nd and 63:rd alphabet character, as indicated in Table 2.
    ...
             Table 2: The "URL and Filename safe" Base 64 Alphabet
    
         Value Encoding  Value Encoding  Value Encoding  Value Encoding
             0 A            17 R            34 i            51 z
             1 B            18 S            35 j            52 0
             2 C            19 T            36 k            53 1
             3 D            20 U            37 l            54 2
             4 E            21 V            38 m            55 3
             5 F            22 W            39 n            56 4
             6 G            23 X            40 o            57 5
             7 H            24 Y            41 p            58 6
             8 I            25 Z            42 q            59 7
             9 J            26 a            43 r            60 8
            10 K            27 b            44 s            61 9
            11 L            28 c            45 t            62 - (minus)
            12 M            29 d            46 u            63 _
            13 N            30 e            47 v           (underline)
            14 O            31 f            48 w
            15 P            32 g            49 x
            16 Q            33 h            50 y         (pad) =
    

–jeroen

Read the rest of this entry »

Posted in Apple, Development, Encoding, Home brew / homebrew, Mac OS X / OS X / MacOS, Power User, Software Development, Web Browsers | Leave a Comment »

One second code: Do YOU know how much your computer can do in a second?

Posted by jpluimers on 2021/02/11

[WayBack] One second code: Do YOU know how much your computer can do in a second? is a quiz version of the [WayBack] Numbers Every Programmer Should Know By Year.

[WayBack] About this game revealed it was made by 3 people curious in the speed of their hardware which – not surprisingly – has been relatively stable over the last decade or so.

Source code is at [WayBack] GitHub – kamalmarhubi/one-second: Fun performance game!

I bumped into it via these tweets:

I like games like this (ever played the The Deadlock Empire multi-threading game?), so I played the computers-are-fast.github.io tests, and learned a lot:

[WayBack] Thread by @jpluimers: “@astropuffin @b0rk @yminsky 9/18 here. Not sure that is poor, as I learned a lot from it. This is what I learned after industry for 30+ years: “

  • Google being a 3 millisecond ping away made me guess google.com query frequency to be ~100 Hz. Here, curl can dot it at ~15 Hz. Seems most are less lucky.
  • Knowing Linux fork being fast, I was amazed how many magnitudes it is faster than process start.
  • @b0rk’s SSD is way faster than mine which made my estimation of 10 million bytes/second write speed too slow.
  • SSD and interface speeds have improved more than I thought.
  • The grep implementation is way faster than I anticipated.
  • Parsing of msgpack is only an order magnitude faster than parsing JSON. My guess was at least two orders of magnitude.
  • I assumed SQLite did everything in memory, and kept SQL statements prepared, so I was 2 orders of magnitude too high on both the indexed and non-indexed query.
  • Boy, md5 is much faster and bcrypt much slower than I thought. Again 2 orders of magnitude wrong. On both sides.

Definitely stuff to show some development and operations teams. Including of course the interactive graph people.eecs.berkeley.edu/~rcs/research/interactive_latency.html … (be amazed at the things that have staid constant speed over time)

The game brings the latency numbers way more in perspective than I thought. For background reading, see Latency Numbers every Programmer and Architect should know.

For more things on perspective, two videos below:

  • the famous “Grace Hopper explains the nanosecond”
  • Jeff Dean lecturing at Stanford: “Building Software Systems At Google and Lessons Learned”

Via:

–jeroen

Read the rest of this entry »

Posted in Development, Hardware, Power User, Software Development | Leave a Comment »

F2084 Internal Error: MA1263 – no relevant results

Posted by jpluimers on 2021/02/11

I tried searching for F2084 Internal Error: MA1263 – Google Search which happened on a complete up to date Delphi 10.1 Berlin installation.

It came from a large unit testing application using truckloads of generic language constructs, and large unit uses cycles.

Could not find anything useful. The error disappeared after recompiling the same application:

–jeroen

Posted in Delphi, Delphi 10.1 Berlin (BigBen), Development, Software Development | Leave a Comment »

 
%d bloggers like this: