The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

VMware fixes critical zero-day Workstation/Player/Fusion exploit revealed at Pwn2Own

Posted by jpluimers on 2023/04/26

A less clickbaity title than most articles today as the below only applies to the VMware hypervisors running on MacOS and Windows.

The last Pwn2Own Zero Day Initiative revealed two major issues that allow a virtual machine to either execute code or read hypervisor memory on the VMware Workstation/Player/Fusion host:

  1. [Wayback/Archive] NVD – CVE-2023-20869

    VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

  2. [Wayback/Archive] NVD – CVE-2023-20870

    VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Both issues have been fixed now, so be sure to deploy the fixes or, if you can’t, apply the workarounds.

Read the rest of this entry »

Posted in Fusion, Power User, Security, Virtualization, VMware, VMware Player, VMware Workstation | Leave a Comment »

Kevin Lewis (he/him) on Twitter: “Wow thanks for all the support folks! I’ve been working on this project today: larger font, options for single/group captioning powered by @DeepgramAI, and a static badge mode as suggested by @bitandbang https://t.co/FBELwDsD4V” / Twitter

Posted by jpluimers on 2023/04/25

Wow, just wow: [Archive] Kevin Lewis (he/him) on Twitter: “Wow thanks for all the support folks! I’ve been working on this project today: larger font, options for single/group captioning powered by @DeepgramAI, and a static badge mode as suggested by @bitandbang https://t.co/FBELwDsD4V” / Twitter

Via [Archive] Jilles🏳️‍🌈 on Twitter: “Love it and worried about it at the same time.” / Twitter

–jeroen

Posted in Development, Hardware Development, Hardware Interfacing, Software Development | Leave a Comment »

So long and thanks for all the fish: PC Engines apu platform EOL (in 2024, but still)

Posted by jpluimers on 2023/04/24

It was great while it lasted, so be sure to order within the next 12 months as  [Wayback/Archive] PC Engines apu platform EOL:

PC Engines apu platform EOL
The end is near ! After a long production run, AMD will accept last orders for the SOC used in our apu2/3/4/5/6 boards by end of June 2023.
apu phase-out We will do a life-time buy for a quantity of the AMD SOC and some other key components. We are willing to schedule customer shipments through end of June 2024. There is a 26 week lead time on the AMD SOC, expect limited supply until late 2023.

First ordered, first served. Binding orders may be required for large quantities.
New products ? Despite having used considerable quantities of AMD processors and Intel NICs, we don’t get adequate design support for new projects. In addition, the x86 silicon currently offered is not very appealing for our niche of passively cooled boards. After about 20 years of WRAP, ALIX and APU, it is time for me to move on to different things.
Thank you ! I would like to thank all of our customers for their business, and sometimes patience.

–jeroen

Posted in APU, Hardware, Network-and-equipment, pfSense, Power User, routers | Leave a Comment »

Need to rethink which Windows package managers to use

Posted by jpluimers on 2023/04/24

Triggered by last week’s post Need to take a look a Scoop (as a long time Chocolatey user), I need to re-think which Windows package managers to use and in what order.

Basically there are two challenges:

  • User level (scoop) versus system level (winget and chocolatey) installations
  • Availability of packages in each package manager

Since I hardly used winget, I need to get started at Windows Package Manager – Wikipedia.

A good example of unavailability is at [Wayback/Archive] Scott’s Ultimate Tools via Winget – DVLUP (which has the ID values for winget or chocolatey of [Wayback/Archive] Scott Hanselman’s 2021 Ultimate Developer and Power Users Tool List for Windows – Scott Hanselman’s Blog)

–jeroen

Posted in Chocolatey, Power User, Scoop, Windows, winget | Leave a Comment »

Towards a work setup on a hardened host and doing everything in VMs

Posted by jpluimers on 2023/04/21

SwiftOnSecurity posted this interesting tweet in 2021: [Archive] SwiftOnSecurity on Twitter: “Lenovo P1 Gen3 with 12core Xeon, 64GB RAM, two 1TB M.2 SSDs. Running Windows Server 2022 with the Hyper-V role. All hardening applied to host OS, almost nothing happens here except managing guest VMs. On the second SSD I then have Win10 VMs joined to the corporate domain.” / Twitter.

I wonder if a similar setup can be done using an Apple M1 based machine as host and running all work in virtual machines.

Swift had some issues getting cameras and microphones to work: [Archive] SwiftOnSecurity on Twitter: “The problem here is Teams. If I want to pass through my webcam and microphone that could get a bit dicey, despite HyperV Enhanced Session being essentially an RDP session. For now I’m using my phone for Teams microphone. Also I’m not sure how well thermal management will work….” / Twitter

This resulted in some answers and interesting links:

Some more interesting tweets in that thread:

–jeroen

Posted in Apple, M1 Mac, Mac, Power User, Windows | Leave a Comment »

2023: Data kampen – Elisabeth Ruiterkampen

Posted by jpluimers on 2023/04/20

Voor mijn geheugen, de paardrijkampen in 2023: [Wayback/Archive] Data kampen – Elisabeth Ruiterkampen

–jeroen

Posted in Uncategorized | Leave a Comment »

The CPU load average metric often is not a good one to alert on

Posted by jpluimers on 2023/04/20

Boy I wish threads with more than one person could be saved by the ThreadReaderApp.

Anyway:

[WayBack] Thread by @mipsytipsy: oh boy.. i was just idly musing over how the single most ubiquitous/useless metric is “CPU load average”, lol i wonder if you could use CPU…

Jun 4th 2020

oh boy.. i was just idly musing over how the single most ubiquitous/useless metric is “CPU load average”, lol

i wonder if you could use CPU load alerts to score how modern and powerful a team’s toolchain is, like a Waffle House Index for tooling. 🤔

 

…oh oh! but i was gonna say, this thread between @drk and @shelbyspees is a killer nanotutorial in how to ask better questions about your code — where to start, how to drill down and dig in, how to instrument, and how to approach such an open-ended exploratory jaunt. 👏🐝❤️

it’s a really good illustration of this thing we end up saying all the time, which is “don’t fear the future, it is simpler and clearer and *easier* here! the way you are doing it NOW is the hard way!” 😖

time for cpu load average to go the way of the PC LOAD LETTER …

0:00
/ 0:01

 

 

Read the rest of this entry »

Posted in *nix, Cloud, Development, DevOps, Infrastructure, Power User, Software Development, Systems Architecture | Leave a Comment »

Some resources on CORS proxies

Posted by jpluimers on 2023/04/19

Having my background before the web-development era, and having lived mostly in back-ends or client-server front-ends, I sometimes need to really dig into things in order to understand them better.

CORS is such a thing, so below are some links to get started. My main interest is CORS proxies as they will force me do go deep and really get what is going on below the surface.

Defunct CORS proxy sites:

Used searches:

–jeroen

Posted in Communications Development, Development, HTTP, Internet protocol suite, REST, Software Development, TCP, Web Development | Leave a Comment »

xxd examples of big/little/middle endianness (thanks @jilles_com!)

Posted by jpluimers on 2023/04/18

Cool one-liner program via [Archive] Jilles🏳️‍🌈 (@jilles_com) / Twitter:

for s in 0123456789ABCDEF 172.16.0.254 Passwd:admin;do echo -en "Big    Endian: $s\nMiddle Endian: ";echo -n $s|xxd -e -g 4 | xxd -r;echo -en "\nLittle Endian: ";echo -n $s|xxd -e -g 2 | xxd -r;echo -en "\nReversed     : ";echo -n $s|xxd -p -c1 | tac | xxd -p -r;echo -e "\n";done

Note that the hex are bytes, not nibbles, so the endianness is OK:

Image

Big Endian: 0123456789ABCDEF
Middle Endian: 32107654BA98FEDC
Little Endian: 1032547698BADCFE
Reversed : FEDCBA9876543210

Big Endian: 172.16.0.254
Middle Endian: .2710.61452.
Little Endian: 71.2610.2.45
Reversed : 452.0.61.271

Big Endian: Passwd:admin
Middle Endian: ssaPa:dwnimd
Little Endian: aPssdwa:mdni
Reversed : nimda:dwssaP

That nibble/byte thing confused me at first (as I associate hexadecimal output with hex dumps, where each hexadecimal character represents a nibble)) so here are some interesting messages from the thread that Jilles_com started:

Some related man pages:

–jeroen

Posted in *nix, *nix-tools, bash, Development, Power User, Scripting, Software Development, xxd | Leave a Comment »

Berlin Typography on Twitter: “The best of #TypeInBerlin: The tʒ and ſʒ ligatures, together at last.” / Güntʒelstraſʒe == Güntzelstraße

Posted by jpluimers on 2023/04/17

Learned a new thing a while ago: I knew about the ſʒ ligature (that nowadays usually is written as ß), but the tʒ ligature was new to me.

So: Güntʒelstraſʒe == Güntzelstraße.

References:

Source: [Archive.is] Berlin Typography on Twitter: “The best of #TypeInBerlin: The tʒ and ſʒ ligatures, together at last. …” / Twitter

Read the rest of this entry »

Posted in Development, Encoding, LifeHacker, Power User, Software Development, Unicode | Leave a Comment »

« Previous Entries
Next Entries »