The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Internet of default passwords … – did it improve at all?

Posted by jpluimers on 2017/10/26

Just over a year after this got posted, I wonder what the current state of affairs is. Did it get a lot worse or just a little (as when writing this in November 2016 my guess is that it won’t get any better soon):

To repeat +Thomas Mueller ‘s words:

Internet of default passwords …
Sounds bad until you realize that it’s even worse. There are millions of devices out there that can be or have already been compromised and can get their owners into deep shit, without their owners even doing anything wrong. And keeping your virus scanner up to date won’t help at all (it doesn’t really protect your PC either, but that’s a different story).

Just watch the first 10 minutes of the video, but be warned, it might ruin your day.

Via +Joe C. Hecht:

I found this to be a superior product – If you are into security, this episode was worth a listen. I hear they are into talking about home servers too. I like that.

Jupiter Broadcasting originally shared:

A new TechSNAP is OUT: http://bit.ly/tsnap288

The Internet of Things is the Internet of Terrible, we’ll round up the week’s stories & submit the TechSNAP solution to you the audience. Plus the security cost of Android fragmentation, great questions & a packed round up!

Source:

Read the rest of this entry »

Posted in IoT Internet of Things, Network-and-equipment, Opinions, Power User | Leave a Comment »

The Format function introduced in Delphi 1 was based on the FormatStr function in Turbo Vision available in Turbo Pascal 6 or higher

Posted by jpluimers on 2017/10/26

I did find my Borland Pascal 7.0.1 ISO which showed that https://github.com/romiras/turbo-pascal-archive/blob/master/Files/Dos%20Navigator/FORMAT.ASM is identical to ./BP/RTL/TV/FORMAT.ASM which is used from ./BP/RTL/TV/DRIVERS.PAS to provide this:

{ String formatting routines }

{$L FORMAT.OBJ}

procedure FormatStr(var Result: String; const Format: String; var Params);external {FORMAT};

There are various examples like in ./BP/EXAMPLES/DOS/TVDEMO/ASCIITAB.PAS at line 143:

FormatStr(TempStr, ' Char: %c Decimal: %0# Hex: %0#x ', ASCIIChar);

So it was in the Drivers unit, but also easy to incorporate in your own unit by linking the .OBJ file and providing the external declaration in any unit.

The Drivers unit is very independent of the rest of Turbo Vision: it uses the Objects unit (which most projects use as the System unit at ~500 lines of code provided very little functionality by itself).

For the diskette based install, the .TPU files were on the standard disks and the sources for both RTL and Turbo Vision on separate disks, but anyone would install them as they provided a lot of insight. The CD-ROM has them all on the same medium (both as installers and unpacked in the BP directory).

I just checked Turbo Pascal 6.0 (that I did have a VM for) which has them in the same way.

Source: [WayBackWe’re discussing with the collegues: anybody knows when Format function was introduced in Delphi? – Klaus Edelmann – Google+

–jeroen

Posted in Borland Pascal, Delphi, Development, History, Pascal, Software Development, Turbo Pascal | Leave a Comment »

roelandjansen/pcmos386v501: PC-MOS/386 v5.01 final release including cdrom driver sources.

Posted by jpluimers on 2017/10/25

History: Borland C++ source code for the PC-MOS/386 5.01 version at roelandjansen/pcmos386v501: PC-MOS/386 v5.01 final release including cdrom driver sources.

Related:

–jeroen

Via: [WayBack/Archive.is] PC-MOS/386 is na dertig jaar opensourcesoftware – Computer – .Geeks – Tweakers

Posted in Borland C++, C, C++, Development, History, Software Development | Leave a Comment »

cURL – POST an XML file as a stream

Posted by jpluimers on 2017/10/25

I hope I’m not alone on this but I find the cURL documentation hard to follow and short on examples.

My goal was to mimic some HTTP XML posting traffic a server gets from IoT devices. Google Chrome Postman (or Postman REST Client) reproduction is very easy and will send.

TL;DR

  1. ensure you have an empty --header "Content-Type:" header: this ensures that cURL doesn’t add one and does not mess on how the content is being transferred.
  2. use the --data or --data-binary command with an @ to post a file as body.
  3. if you want --write-out then be sure you have a recent cURL version.

This is how the IoT or Postman will send.

  • Post headers like these:

Host:127.0.0.1:8080
Content-Length: 245
Connection:Keep-Alive

  • Content like this:


<?xml version="1.0"?>
<Root Attribute="value">
<Branch>
<Leaf>content</Leaf>
</Branch>
<Branch Attribute="value">
<Bough Attribute="value">
<Twig Attribute="value">
<Leaf Attribute="value"/>
</Twig>
</Bough>
</Branch>
</Root>

view raw

httpPostSample.xml

hosted with ❤ by GitHub

The data is being streamed to the HTTP server even with the very limited set of headers.

I’ve been unable to come up with exact cURL statement that exactly matches the headers and way the content is being transferred.

This is what I tried (in all examples, %1 is the IPv4 address of the HTTP 1.1 server):

  • POST with the all the headers and the --data command:

curl --request POST --header "Host: %1:8080" --header "Content-Length: 245" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This will hang the connection: somehow cURL will never notify the upload is done and the HTTP server keeps waiting. When you put --verbose or --trace-ascii - on the command-line you will see something like this before hanging: * upload completely sent off: 245 out of 245 bytes.

Note the trick to emit the ASCII trace to stdout using --trace-ascii with the minus sign: thanks to [WayBack] Daniel Stenberg for answering [WayBackHow can I see the request headers made by curl when sending a request to the server? – Stack Overflow.

You can do the same with --trace which dumps all characters (not only ASCII) including their HEX representation

  • POST with the all but the Content-Length headers and the --data command:

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This will automatically add a Content-Length: 245 header and complete the transfer. But it will also add a Content-Type: application/x-www-form-urlencoded header causing the content not being posted as a body.

  • POST with a --form file= command:

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --form file=@httpPostSample.xml http://%1:8080/target

This will automatically ad a Content-Length: xxx header (way longer than 245) because it converts the request into a Content-Type: multipart/form-data; boundary=------------------------e1c0d47bac806954 one (the hex at the end differs) which is totally unlike what Postman does.

It is also unlike to what the HTTP server accepts.

curl --request POST --header "Host: %1:8080" --header "Connection: Keep-Alive" --data-binary @httpPostSample.xml http://%1:8080/target

curl –request POST –header “Host: %1:8080” –header “Connection: Keep-Alive” –data-binary @httpPostSample.xml http://%1:8080/target

It turns out that --data-ascii is exactly the same as --data and that --data-binary just skips some new-line conversion when compared to --data or --data-ascii. Contrary to the --data-raw documentation that suggest it is equivalent to --data-binary it seems --data-raw behaves exactly like --data and --data-ascii. Odd.

So these are all stuck with the Content-Type: application/x-www-form-urlencoded and I thought I was running out of options.

Then I found [WayBacksoundmonster had posted an answer at [WayBackhttp – What is the cURL command-line syntax to do a POST request? – Super User mentioning to add a Content-Type header.

So I changed the request to include the --header "Content-Type: text/xml; charset=UTF-8"  header:

  • curl --request POST --header "Content-Type: text/xml; charset=UTF-8" --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

This works. But: the Content-Type header is not present in the original request.

Finally it occurred to me: What if cURL would not insert a Content-Type header if I add an empty Content-Type header?.

That works!

  • curl --request POST --header "Content-Type:" --header "Host: %1:8080" --header "Connection: Keep-Alive" --data @httpPostSample.xml http://%1:8080/target

It posts exactly the same content as the IoT devices and Postman do.

Phew!

 

I tried to combine this with the --write-out (a.k.a. -w) option, but for older versions of cURL (I could reproduce with 7.34) that forces cURL back in to Content-Type: application/x-www-form-urlencoded mode so watch your cURL version!

Later I will put more research in chuncked transfer. Links that might help me:

–jeroen

Some of the references:

Posted in *nix, bash, cURL, Development, Encoding, Power User, Scripting, Software Development | Leave a Comment »

MAC address ranges safe for testing purposes (Locally Administered Address)

Posted by jpluimers on 2017/10/25

Similar to IP ranges for private networks that are safe for testing

  • 10.0.0.0/8 (255.0.0.0)
  • 172.16.0.0/12 (255.240.0.0)
  • 192.168.0.0/16 (255.255.0.0)
  • fd00::/8

there are also locally administered MAC address ranges safe for testing

  • x2:xx:xx:xx:xx:xx
  • x6:xx:xx:xx:xx:xx
  • xA:xx:xx:xx:xx:xx
  • xE:xx:xx:xx:xx:xx

Thanks to [WayBack] Sam and [WayBackPeter for answering.

–jeroen

References:

Posted in Ethernet, Internet, Network-and-equipment, Power User | Leave a Comment »

EKON 21 – The Conference for Delphi & More

Posted by jpluimers on 2017/10/24

I barely made it to EKON21 mainly because of extensive family members care-taking, so could not attend everything and archived the site for

The Conference for Delphi & More | 23 – 25 October 2017, Cologne | presented by Entwickler Akademie and Entwickler Magazin

[WayBackEKON 21 – The Conference for Delphi & More:

It seems one older conference is archived.

–jeroen

Posted in Conferences, Delphi, Development, EKON, Event, Software Development | Leave a Comment »

Delay running a script after restart – MikroTik RouterOS

Posted by jpluimers on 2017/10/24

Start Time special value `startup`

Start Time special value `startup`

There is a special startup value for “Start Time” you can enter which makes it runs once 3 seconds after reboot.

If by then your router isn’t fully “up” yet (i.e. waiting for PPPoE or DHCP network settings), then inside the script you can perform a delay global command as shown in the code fragment from the below forum post.

Don’t you love how people still tend to both repeat themselves and abbreviate stuff even though they have code completion at their disposal?:

{:delay 10};
/log print file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); \
/tool e-mail send to="xxx@xxx.com" subject=([/system identity get name] . " Log " . \
[/system clock get date]) file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt"); :delay 10; \
/file rem [/file find name=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt")]; \
:log info ("System Log emailed at " . [/sys cl get time] . " " . [/sys cl get date])

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

Windows/*n*x: Getting curl to output HTTP status code – Super User

Posted by jpluimers on 2017/10/24

The first trick works in Windowa and nx (thanks [WayBackpvandenberk):

curl -s -o /dev/null -I -w "%{http_code}" http://www.example.org/

Inside a Windows batch file you need to escape the % to %% so you get this:

curl -s -o /dev/null -I -w "%%{http_code}" http://www.example.org/

The second is slick but only works on nx (thanks [WayBackHeath Borders):

#creates a new file descriptor 3 that redirects to 1 (STDOUT)
exec 3>&1
# Run curl in a separate command, capturing output of -w "%{http_code}" into HTTP_STATUS
# and sending the content to this command's STDOUT with -o >(cat >&3)
HTTP_STATUS=$(curl -w "%{http_code}" -o >(cat >&3) 'http://example.com')

[WayBackGetting curl to output HTTP status code? – Super User

–jeroen

Posted in *nix, *nix-tools, bash, Batch-Files, cURL, Development, Power User, Scripting, Software Development | Leave a Comment »

Nikon D850 Negative Digitizer Mode | Richard Haw’s Nikon Maintenance Site

Posted by jpluimers on 2017/10/23

For my link archive:

–jeroen

Posted in LifeHacker, Nikon, Photography, Power User | Leave a Comment »

All about UEFI vs BIOS – who to follow

Posted by jpluimers on 2017/10/23

A link to an old post [WayBack] All about UEFI vs BIOS – David Berneda – Google+ reminded me to follow these people:

Source: [WayBackAll about UEFI vs BIOS

[WayBackUEFI boot: how does that actually work, then? a long read ending with a long form of these recommendations:

  • If you can possibly manage it, have one OS per computer.
  • If you absolutely must have more than one OS per computer, at least have one OS per disk.
  • If you absolutely insist on having more than one OS per disk, understand everything written on this page, understand that you are making your life much more painful than it needs to be, lay in good stocks of painkillers and gin, and don’t go yelling at your OS vendor, whatever breaks.
  • If you’re using UEFI native booting, and you don’t tend to build your own kernels or kernel modules or use the NVIDIA or ATI proprietary drivers on Linux, you might want to leave Secure Boot on.
  • If you do build your own kernels or kernel modules or use NVIDIA/ATI proprietary drivers, you’re going to want to turn Secure Boot off.
  • Don’t do UEFI-native installs to MBR-formatted disks, or BIOS compatibility installs to GPT-formatted disks (an exception to the latter is if your disk is, IIRC, 2.2+TB in size…
  • Trust mjg59 in all things and above all other authorities, including me.

–jeroen

Posted in BIOS, Boot, Power User, UEFI, Windows | Leave a Comment »

« Previous Entries
Next Entries »