system error 1326

Note to self: When CreateProcessWithLogonW returns a 1326 system error (login error basicaly), you can always spawn Sysinternals’ PsExec.

While RunAs accepts the Administrator’s password from the terminal input by design, PsExec accepts it from a command line switch, which means that the source for the password can be the terminal, a file (encrypted symmetrically or not), a window application, etc. Way more flexible, but potentially insecure, especially if the administrator password is stored somewhere in the filesystem unencrypted.

How? Where? What?

Reading Alec Muffett’s blog post on Google Chrome’s team decision to remove http:// as redundant geek speak from the browser, I think I cannot highlight enough the following piece:

“The URL represents “how://where/what” – how to retrieve some data, at where, and what the data is called”

Ah the joys of browser intelligence stupidity, while it tries to second-guess the user in order to help him. So when I type ftp.ntua.gr in the address bar, do I want to access it via HTTP or via FTP because the name starts with FTP? Do not second-guess the user because you are not helping him although you think you do.

And if the how:// part is not persuasive enough, let’s see the where part for which I have commented elsewhere. Users seem to expect that http://www.dom.ain should be identical to http://dom.ain. Instead of altering this expectation browsers tried to be helpful enough to connect to http://www.dom.ain when dom.ain does not respond and thus reinforcing it. Yay, right? No! Not only is the browser second-guessing the user, it also assumes the existence of http://www.dom.ain, and that a common administrative domain exists for both dom.ain and http://www.dom.ain. And then along come newer services, like for example OpenDNS that provides working pages for non-existent pages to the user’s dismay and irritation because what they get† is not what they asked for (but technically it is exactly what they asked for). This abstraction (and expectation) implies certain types of architectures that support the expected behavior and there is nothing that guarantees (or mandates) that such architectures are implemented. But hey, the browser is helping the user here by saving him from four keystrokes on two keys.

Since browsers are second-guessing both the how:// and the where, how long before they are going to second-guess the what too?

So please people, when trying to help by “improving” a user interface, ask yourself who (besides yourself) are you really helping. The Law of Unintended Consequences seeks opportunity.


[†] – If you want to be helpful, you do it the OpenDNS way: By giving the user choice. By removing choice for “convenience” you end up with misdirected user irritation, since the users tend to believe that not reaching a page is the administrators fault, where in fact it is the result of a series of choices done for years on behalf of the user without his consent. And we reach today, where the combination of an “intelligent” choice by the browser is incompatible with the user choice (using OpenDNS).]

pwgen for Windows

pwgen is a handy package that runs on Linux (among other systems). According to its description it “generates random, meaningless but pronounceable passwords. These passwords contain either only lowercase letters, or upper and lower case mixed, or digits thrown in. Uppercase letters and digits are placed in a way that eases remembering their position when memorizing only the word”. I use pwgen -1 for “one time only passwords” like when subscribing to mailing lists or web sites that require a username/password combination and I am not sure that I will stick with them. In other words, passwords that I fire and forget.

Unfortunately, it does not run under Windows, which is what I am working on some of these days. The code is pretty standard though, and with some minor tweaking, like borrowing a getopt(3) implementation and using srand(3)/rand(3) instead of /dev/urandom (Windows does have a similar capability) porting it to Windows was easy.

Having the source around is always handy! For those who do not want to do it themselves, here is a link to the (compiled with Digital Mars C++) binary: wpwgen.exe

Super League 2009-2010

Αν όντως η αξία του νικημένου δίνει αξία στο νικητή, τότε η φετινή παρουσία του Ολυμπιακού αδικεί την προσπάθεια του Παναθηναϊκού.

Και του χρόνου με υγεία.

adnsrblcheck – RBL check via ADNS

adnsrblcheck is a DNSBL check tool that I wrote sometime in 1999. At the time I had come across the ADNS resolver library and I wanted to try it out. So I grabbed a copy of rblcheck (then at version 1.4) and modified it to use ADNS instead of the standard resolver library.

Some time in 2003 Stephen Friedl grabbed adnsrblcheck.c, did his own modifications and released it back as arblcheck. He even provides a Windows port.

In December 2008, and while I was supposed to be performing ns2 simulations, I was struck by a severe case of structured procrastination which led to me picking up the tool again and doing some minor modifications. Eventually I pulled myself together, dealt with the deadlines and (almost) forgot about the tool. That is until today: adnsrblcheck, a DNSBL check tool using ADNS, is available again and you can grab it via subversion from here:

svn checkout https://rainbow.cs.unipi.gr/svn/adnsrblcheck

2-2

Arsenal FC vs FC Barcelona χτες.

Έχω ένα φίλο που προσπαθεί να καταλάβει γιατί παρακολουθούμε ποδόσφαιρο. Για αγώνες σαν το χτεσινό που τους πετυχαίνουμε μια στα 10 χρόνια. Και που μια στα 20 (30, 40 , 50, …) ελπίζουμε να είναι η ομάδα μας μία από τις δύο.

Πίσω στη φτώχεια στο θέαμα της Super League τώρα…