The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Copy-Paste from Website to Terminal – always paste via an intermediate text editor

Posted by jpluimers on 2016/11/22

Everybody surely knows about more and more software trying to smart replace straight double quotes " with opening ” and closing ” ones.

WordPress is no exception and when you forget to embed these quotes in code and/or pre tags, your source code won’t paste as such.

For terminal code (nx or Windows console doesn’t matter much): it’s much worse: you should not copy/paste code directly to the terminal.

I usually did this any way to get quotes corrected, but  – via Daniela Osterhagen referring Dorin Duminica – recently came across a reason that’s much more important:

What’s on the clipboard might not be what you saw on the web site.

An elaborate example is at User iteraction based exploitation: WYSINWYC (What you see is not what you copy) but it comes down to:

  1. The clipboard is getting all text from a selection
  2. The browser hides some part of that text by cleverly using one more more  style tags.

So basically copy/pasting to the console is just as risky as piping curl through bash or another shell. You can actually detect that server-side (and abuse it)!

–jeroen

Source: Copy-Paste from Website to Terminal

Posted in Console (command prompt window), Development, Power User, Scripting, Software Development, Windows | Leave a Comment »

Coping with UTF-16 / UCS-2 little endian in Batch files: numbers from WMIC

Posted by jpluimers on 2016/11/22

A while ago, I needed to get the various date, time and week values from WMIC to environment variables with pre-padded zeros. I thought: easy job, just write a batch file.

Tough luck: I couldn’t get the values to expand properly. Which in the end was caused by WMIC emitting UTF-16 and the command-interpreter not expecting double-byte character sets which messed up my original batch file.

What I wanted What I got 
wmic_Day=21
wmic_DayOfWeek=04
wmic_Hour=15
wmic_Milliseconds=00
wmic_Minute=02
wmic_Month=05
wmic_Quarter=02
wmic_Second=22
wmic_WeekInMonth=04
wmic_Year=2015

Day=21
wmic_DayOfWeek=4
wmic_Hour=15
wmic_Milliseconds=
wmic_Minute=4
wmic_Month=5
wmic_Quarter=2
wmic_Second=22
wmic_WeekInMonth=4
wmic_Year=2015

WMIC uses this encoding because the Wide versions of Windows API calls use UTF-16 (sometimes called UCS-2 as that is where UTF-16 evolved from).

As Windows uses little-endian encoding by default, the high byte (which is zero) of a UTF-16 code point with ASCII characters comes first. That messes up the command interpreter.

Lucikly rojo was of great help solving this.

His solution is centered around set /A, which:

  • handles integer numbers and calls them “numeric” (hinting floating point, but those are truncated to integer; one of the tricks rojo uses)
  • and (be careful with this as 08 and 09 are not octal numbers) uses these prefixes:
    • 0 for Octal
    • 0x for hexadecimal

Enjoy and shiver with the online help extract:
Read the rest of this entry »

Posted in Algorithms, Batch-Files, Development, Encoding, Floating point handling, Scripting, Software Development, UCS-2, UTF-16, UTF16 | Leave a Comment »

When your browser extensions go rouge…

Posted by jpluimers on 2016/11/21

A while ago I suspected at least one of my Chrome extensions to do funny things.

In the end it appeared that “Live HTTP Headers 1.0.8” went rogue a while ago and has by now been removed from the store as this link is gone: https://chrome.google.com/webstore/detail/iaiioopjkcekapmldfgbebdclcnpgnlo ()

It was part of a much larger set of extensions that went away and isn’t limited to Chrome: other browsers with extension mechanisms suffer from this too. More links about this at the bottom of this post.

Which means that by now you should be really careful which extensions you have installed and enabled.

So, browse through these and ensure you’ve disabled everything you don’t need permanently:

On my system, I removed these:

When you go from Chrome to these URLs through the extensions page, it usually appends an UTM tracker like utm_source to the URL.

So I dug into that as well and found these links explaining them:

References:

Read the rest of this entry »

Posted in Chrome, Chrome, Firefox, Google, Internet Explorer, Opera, Power User, Safari, Web Browsers | 3 Comments »

Hydrogen – a free and open source cross platform drum machine…

Posted by jpluimers on 2016/11/21

Features | Hydrogen

via: Hydrogen – a free and open source cross platform drum machineHydrogen is a software synthesizer which can be used alone, emulating a drum machine based… – Danie van der Merwe – Google+

 

Posted in About, LifeHacker, Music, Personal, Power User | Leave a Comment »

Some links to get WDS to work with Tomato

Posted by jpluimers on 2016/11/21

Just in case I ever need this: some links to get WDS working on Tomato based routers and have seamless WiFi handover.

And if I want to do it with a few Fritz!Box devices:

–jeroen

Posted in Power User, WDS, WiFi | Leave a Comment »

Opinion: The Internet of Shitty Things — Kommentar: The Internet of Shitty Things | heise online

Posted by jpluimers on 2016/11/20

I translated the heading and one quote; if you want to read further in English: Google translate does a good job on the text.

HVAC thermostats, bread baskets, coffee machines: The net is full of things, which make no sense at all and nobody needs. The Internet of Things is a huge pile of shit, says Clemens Gleich.

There are no error-free systems, there are maximum undetected errors.

German original:

Heizungsthermostate, Brotkörbe, Kaffeemaschinen: Das Netz ist voll mit Dingen, die da nur Quatsch machen. Braucht kein Mensch. Das Internet of Things ist ein riesiger Haufen Scheiße, meint Clemens Gleich.

Es gibt keine fehlerfreien Systeme, es gibt maximal unentdeckte Fehler.

[WayBackKommentar: The Internet of Shitty Things | heise online

Posted in IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

Rob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Posted by jpluimers on 2016/11/20

Conclusions:

  1. Always put your IoT devices behind a firewall
  2. Isolate each IoT device into it’s own “world” that can communicate as little with the rest of your networks as possible
  3. Preferably isolate each set of IoT devices that do need to communicate in their LoT (Lan of Things)
  4. Use Ad-Blockers

“1/x: So I bought a surveillance camera”: [WayBackRob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Via: [WayBackPlugging in a new IP webcam. 98 seconds. infected. Wow. https://twitter.com/E… – G+ Jan Wildeboer

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Of course Rob tried many webcams to find a vulnerable one. And putting telnet port 23 to the open is not the best idea, but people do that or get an indirect infection by some piece of JavaScript from an Ad-Network that searches for local vulnerable devices. That’s how the internet works!

Since Twitter and other social media ten to show the non-interesting part of a stream, here is the full one (no time to edit out the superfluous stuff):

Read the rest of this entry »

Posted in IoT Internet of Things, Network-and-equipment, Power User, Security | Leave a Comment »

How To Chromecast MKV, MP4, DVI Videos from Chrome (on a Mac, Windows or Linux machine)

Posted by jpluimers on 2016/11/18

There is a Chrome App called Videostream for Google Chromecast that lets you play your own local videos on your Chromecast from your PC with subtitles supported. Not like those Chrome Extensions, it’s a Chrome App that you can launch directly from your desktop through Chrome Launch.

Just launch the app, choose a video, select a Chromecast, and enjoy. Easy as 123.

via: [WayBackHow To Chromecast MKV, MP4, DVI Videos from Windows Computer | Next of Windows

Posted in Chrome, Chromecast, Google, Power User | Leave a Comment »

Hope this doesn’t repeat itself…

Posted by jpluimers on 2016/11/18

Nice error starting Delphi XE8:

[Window Title]
Error

[Content]
Registration procedure, Dbexpressentimpl.Register in package c:\program files (x86)\embarcadero\studio\16.0\Bin\DataExplorerDBXPluginEnt220.bpl raised exception class EWrapperError: Parameter MetaClass cannot be nil.
Do you want to attempt to load this package the next time a project is loaded?

[Yes] [No]

–jeroen

Posted in Delphi, Delphi XE8, Development, Software Development | Leave a Comment »

Schlechte Nachrichten für Fritz!box User: http://nic.box/ Euer http://fritz.b…

Posted by jpluimers on 2016/11/18

[WayBack] Schlechte Nachrichten für Fritz!box User: http://nic.box/ Euer http://fritz.box ist nicht mehr das, was es sein sollte. EDIT: Muahahaha … – Kristian Köhntopp – Google+

Now there is http://nic.box/ for the new [WayBackbox top level domain and AVM does not yet have the pre-registered fritz.box there effectuated (because .box is not in final registration state yet).

Kristian:

Schlechte Nachrichten für Fritz!box User: http://nic.box/ Euer http://fritz.box ist nicht mehr das, was es sein sollte.

EDIT: Muahahaha

kris@h1755802:~> host fritz.box
fritz.box has address 127.0.53.53
fritz.box mail is handled by 10 your-dns-needs-immediate-attention.box.

The joke is in the cryptic “your-dns-needs-immediate-attention” and usage of 127.0.53.53. to indicate a gTLD name collision.

Chrome knows about ICANN though and explains it in a slightly more readable form when browsing to http://fritz.box (:

Read the rest of this entry »

Posted in Chrome, Fritz!, Fritz!Box, Internet, Power User, Web Browsers | Leave a Comment »

« Previous Entries
Next Entries »