Search This Blog

Thursday, November 27, 2008

Install Fedora 10 on Virtual PC 2007 SP1

The graphics mode pretty much does not work, at least for me. The whole installation was done in Text mode. This is weird because I remembered I managed to get it working in Fedora 9. In any case, to make the WORST happens, I installed everything, which WAS a mistake. The sensible thing to do is to NOT select virtualization. The reason being it doesnt help much in a already virtualized environment. Unless someone has a paper which prove me wrong about VoV (Virtualization on Virtualization).

Ok, I will only flag out the hard part, the rest is standard protocol. 

For the file system, it may make sense to use a normal non-RAID partition because in the VM, there should not be any performance improvement (or rather its probably going to cause performance issue). So, what I did was a simple 1 x swap and 1 x ext3 partition. If you free you want to secure your /boot, you can split that out too.

The rest goes as per normal. After the reboot, you will realized you see nothing (or some garbage) on the screen and cannot see anything. To fix this, you have to get into grub menu. Edit the kernel... line adding "vga=0x32D" at the end. That should allow you to boot up into text mode at least.

Now once you are in text mode, you will want to fix this once and for all. Go to /boot/grub and change the menu.lst according with the vga=0x32D on the line.

You will also notice the screen is huge and its not very friendly for some of us using a laptop with tiny screen. To fix that, you will need internet to install some modules. Once you confirm that internet is up, do :

yum install system-config-display

and then after the installation, run :

system-config-display --reconfigure

You X should now run properly in whichever resolution your choose. The rest, should be easy.


Wednesday, November 26, 2008

Afterdark Horrorfest 3

http://www.horrorfestonline.com/

The 8 films for the Afterdark Horrorfest 3 is confirmed as:
  • The Broken
  • Slaughter
  • Perkins 14
  • Butterfly Effect : Revelation
  • From Within
  • Dying Breed
  • Autopsy
  • Voices

Publishing source codes onto Blogger

You cannot imagine how bad it is... All your lines gone, errors on symbols etc...

Fortunate for you, I had found something that converts all the special characters for Blogger because I was trying to make my previous entry.

You can use this online convertor to convert your source code for publishing on Blogger:

List to Range in Excel

I know that range means something else in Excel, what we are talking about here is making a list of numbers into a list of ranges. For example, we have :

1 3 4 6 8 9 10 14 15 19 20 22

Imagine we have this on the first column of an Excel sheet. What we want on the second column is:

1 3-4 6 8-10 14-15 19-20 22


Sound dead simple right? Ok, maybe you can skip reading this then. While its sound simple, it took me 15 minutes after a cup of 7-11 Slurpee Brainfreeze to write this :

Option Explicit
Sub Rangemaker()
     
    Dim i As Long
    Dim col As Long
    Dim sRow As Long
    Dim wRow As Long
    Dim seq As Boolean
    Dim LastRow As Long
     
    '  speed
    Application.ScreenUpdating = False
     
    '***begin change***
    '
    'init start row: CHANGE TO SUIT
    sRow = 1
    'set column to put results on: CHANGE TO SUIT
    col = 2
    '
    '***end change***
     
     
    'get last row of data to process
    LastRow = Cells(65536, 1).End(xlUp).Row
     
    'init dest row
    seq = False
    wRow = 1
     
    'do all rows from sRow
    For i = sRow To LastRow
        'see if next row is continuous
        If CLng(Cells(i + 1, 1)) <> CLng(Cells(i, 1)) + 1 Then
            'Not Continous
            If (seq <> False) Then
                'is part of a seq
                Cells(wRow, col) = Cells(wRow, col) & " - " & Cells(i, 1)
                wRow = wRow + 1
                seq = False
            Else
                'is not a seq but single number
                Cells(wRow, col) = Cells(i, 1)
                wRow = wRow + 1
                seq = False
            End If
        Else
            'Continous
            If (seq <> True) Then
                Cells(wRow, col) = Cells(i, 1)
            End If
            seq = True
        End If
    Next i
    
   
    'reset
    Application.ScreenUpdating = True
     
End Sub


Lets run through this a bit. I had added in as much comments as possible. Basically, you can play with 2 variables for your need.
  • sRow which is which row to start making the range.
  • col which is which column the result will appears.
Basically, it checks through each row and the next row and see if they are in continuous sequence. If no, then check if its already part of a sequence, which you should end with a "- ", otherwise then its a single number. If its in continuous sequence, you set some variables and continue.

For those who like insult to injury, to do this in Perl, its simply :
@a= (1,3,4,6,8,9,10,14,15,19,20,22); 
print num2range(@a); 
sub num2range {  
local $_ = join ',' => @_;  
s/(?<!\d)(\d+)(?:,((??{$++1}))(?!\d))+/$1-$+/g;  
return $_; 
}

Original idea and post:
Perl code was found from:

First it was Bear Sterns. Then AIG. Then Lehman Brothers. I think this is the beginning of the end? Althought Citibank will survive for now... But only time will tell...

Tuesday, November 25, 2008

Why RAID 5 stops working in 2009...

Somewhere in July 2009, this was one hot topic that caught my eyes, but I did not care because WHS has a simply, cheaper and more advance way to manage drives then RAID. But it turns out that by mahtematics, ya Q.E.D so to speak, if a 2TB drive in a 12TB RAID 5 config goes KO. Then that will trigger a rebuild. And based on the 6 remaining SATA drives, the error rate is 100%. Therefore you cannot rebuild the RAID array. All 12TB gone. Thats the simple version...

I think the importance here is to stress that BACKUP and RAID are 2 different thing. You should not do without BACKUP, even if you have RAID, which in general is a good and sounding practice. What? Your company don't do that? Then you should quit before 2009 (or upgrading to a 12TB configuration) before shit is on your hand as per say. :)

See the original post and flaming all over in:

Monday, November 24, 2008

Pointsec Virus Protector

Following my previous concept on how a rootkit can be protected on the HDD of a laptop, this idea can be extended thanks to another product call Pointsec Protector:
http://www.checkpoint.com/products/datasecurity/protector/

Basically, this encrypts your USB / External flashdrive, HDD etc. Which in this article, I will conceptional talk about how this can be used to protect the virus in transit. 

Imagine a virus extension of the rootkit. It can be transmitted onto an external device. So we have some USB flashdrive, which in this case is protected by the Pontsec Protector. So the virus is injected on the flashdrive. Now typically, we should be able to scan the USB flashdrive in a clean environment such as Linux, but because its protected by Pointsec Protector, this is not an option here.

So, how about when it get plug into another Windows system? Well, if that windows system does not have the Pointsec Protector software, the virus is safely protected inside. Well, in the case it is. Then doesn't the host based antivirus picks it up immediately and wipe out our virus? It depends. There can be several ways to go about it. One way is to inject itself immediately into the Pointsec address space. That makes it hard to kill and most likely the antivirus will have to take the Pointsec down with it. Then it still leaves our virus intact in the USB flashdrive. However, this technique is not easy at all. Another way is to inject the rootkit immediately so that while the antivirus spends it time cleaning the virus (if it doesn't block it first), we 0wnz the system first hiding its trace. 

As you can see, the encryption here provides it a mechanism to transport the virus straight to the target. The only defend left is the target host based anti-malware. I suppose modern day malware has easily overcome this problem. In the case where the malware does not detect the virus at all, then its game over for the system. However, if in the first scenario is possible, then a virus which is able to target the encryption mechanism, it will provide a more foolproof entry into the system or at least it will disrupt the anti-malware's attempt to clean up the virus. No decryption, no cleaning. 

Conceptional, I believe this is possible. And the impact can be much more serious than to rootkit a hypervisor because of the vector of attack. 

Corporate Windows Update

While corporate spent tons on getting their system protected by anti-virus, IPS/IDS and firewalls, its the very fundermental that they overlook much very often. Yes, I am talking about Windows Update or Microsoft Updates. There is no doubt why the update services is often blocked by the corporate policy is due to a need to test updates before deployment. The excuse that it is not compatible with some of the software is lame in my view. If it is so, that piece of (crap) software should be updated or thrown away. People makes patches to make things work. They do not avoid patching just to keep it working. That's precisely the phase :

"If it's not broken, don't fix it!"

Well, I do not know if I had mentioned this before, but the weakest link on my network was my company laptop. It has easily 20 high findings just after scanning for 5 minutes with a commerical vulnerability scanner. Well, you also notice I use the word WAS. It is no longer. 

There are times that certain updates are necessary. For example, you had needed XML DCOM or MSSQL for some project. But you are then not allowed to update these component after you installed them. This will be the time to ask. Do you want to go as far as to "break" the corporate blocking of the Windows Update? If not, you can do what I do. Prohibits the stupid laptop from connecting to your network. That's one against working from home.

But if you figure to yourself: "Ya hell just do it!". Here is the solution.
Create a registry file (with extension .reg) with :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000000

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDevMgrUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000  

Save it and run it. Of course if you are hardcore enough, you can manually edit these registry. Make sure you make a backup in any case. There is also a file which is done up so you can download and run it from : Link

Well, happy updating.

Thursday, November 20, 2008

Truecrypt 6.1

This must be old news to many of you, but Truecrypt 6.1 is out. This is a file / disk based encryption software. I had a previous complain about the default settings (where you click next, next, next, install, oops, OS screwed up...) where they disabled the swap file. This is truly undesirable and cause a hell to troubleshoot because its hard to know where problem starts especially when you do not know what exactly happened.

Anyway, they got this right this time.

Download it at:
http://www.truecrypt.org/downloads.php

Wednesday, November 19, 2008

Pointsec Rootkit Protector

This is exactly how encryption can backfire in a corporate environment.

Basically, it applies to all the disk based encryption, more especially on those which cannot be reversed. But I decided to mention Pointsec because this is where I got it working. Most company will encrypt the whole disk especially in banks, military agencies.

Next, we have a concept rootkit, which should be fairly powerful to mask itself from all if not most conventional anti-malware. We can assume in a "perfect" environment where if the rootkit is loaded, it cannot be detected in the same environment. So as long as you have the OS running with the rootkit installed in Ring 0 layer, you are screwed so to speak.

Traditionally, in this case, we would attempt to remove or disable the malware by booting it up with an alternative environment such as WinPE or Linux. Then we can perform a scan on hte FAT/NTFS and wipe out the rootkit. Now, this is where it get tricky. Because disk based encryption is used, there is no way an alternative environment will be able to see the files on the infected Windows. So far I have only encounter Microsoft's Bitlocker which can be decrypted. And in this case, it is possible to remove the rootkit after decrypting it.

By now, I think you can figure out what I am trying to say. The only way to wipe out the rootkit is to destroy the whole encrypted partition. And as long as the partition is still encrypted (in my case using Pointsec), there is virtually no way to even read the partition using another OS. In a way, Pointsec protects the rootkit from being isolated and destroyed. That is in the first place if someone even figures out that there is a rootkit in place.

Where this can be applied? Well, almost everywhere where company can afford to have all their laptop encrypted and pay enough to acquire a really god rootkit. The company can effectively spy on their employee and perform logging or auditing services. And even if the employee finds out, there is nothing they can do. Well at least in countries where privacy is not protected by law.

Ok, I am not going to leave my contact here, but if you think your organization requires such a services, drop me a comment. :)

Microsoft to offer FREE Anti Malware in 2009 codename "Morro"

Read about it here:
http://windowsonecare.spaces.live.com/

In short. Onecare will be discontinued in June 2009 for sale at least. By then, I would expect that Morro will be available in Beta. So, if you did not pay for Onecare, you won't need to for Morro either.

I cannot say how good this may be because it is likely Microsoft will strip off the additional functions such as tuneup, photo sharing, backup etc. So, it may be a give and take thing.

The only advice I can give for those who are facing expiry of their subscription soon: Renew of switch to a new Anti Malware first. Morro will be a while. If your expiry is far, go on with it and wait. By Spring 2009, I will expect a beta of Morro to be available.

Monday, November 17, 2008

D-link DIR-655 Firmware 1.21 with USB support

Read all about it and also about the Secureport managed services which is slammed on several places including Slashdot :
http://tech.slashdot.org/article.pl?sid=08/11/05/2220213&from=rss

The changes are as stated on their support page:
http://support.dlink.com/products/view.asp?productid=DIR%2D655

Anyway, what they did not tell you is that there is a official firmware 1.21 which does not contain the Secureport function and you can download it at:
ftp://ftp.dlink.com/Gateway/dir655/Firmware/dir655_firmware_121_no_securespot.zip

Thursday, November 13, 2008

Umi no Tririton 海のトリトン OP、ED

Used to love this song and I remembered I even watched this in Malay... Was a little sad near the end when his dolphin died, but its a great story for its time. And guess what? Same artist and 3 eye kid and Astroboy.

Gatchaman 2009

Teasers and photos :





Wednesday, November 12, 2008

Factory Farming

Here is a video about factory farming which I urge you to watch, but not after a full meal. It contain some pretty cruel footage and that really makes me rethink about supporting the meal industry in this way. While, this video mentions about the Christian faith, I believe it should be a universal belief that we should not have the right to ill treat other living beings even if they eventually end up as food.

Monday, November 03, 2008

YSMenu Oct 2008

In case you are wondering what is this. We all know that R4 for NDS has stop developement for quite a while stuck at V1.18. Even the NDS code manager recently has been giving me problem updating the cheat list. There is a R4 SDHC and I am very sure just using the firmware is not going to make your R4 into a R4 SDHC. So, here is one of the shell I tried.

YSMenu is basically japanese and to make the firmware and files for the NDS requires a hell lot of steps. You can read all about it at :
http://www.gbatemp.net/index.php?showtopic=97615

but I had save you some time by prepaing it and patching it with the DSTT firmware from :
http://www.gbatemp.net/index.php?showtopic=71613

And to make it all right, I added the cheat list as of 28 Oct 2008. In addition, I even throw in the GBA/GBC Emulator into the package.

So, with all these works put in, tell me why you will not download this for a shot on your NDS R4?

Grab it at:
YSMenu Oct 2008

PSP Slim 5.00 M33-3

Yes, its time to do the 5.00 M33-3 update now. Its plain simple. Just unpack it to the root of your memory stick and patch and reboot. Tada, its now 5.00 M33-3.

BTW, you need 5.00 M33 in hte first place to perform this update.

Download 5.00 M33-3 here:
PSP 5.00 M33-3

PSP 5.00 M33 0xFFFFFFFF PSX Error Fix v2

This is the trickiest of the installation for 5.00 M33. Ok, make sure you are not connected using the USB connection menu. Exit that menu if you are. I have to presumed you had flashed 5.00 M33, because this file is patched on top of that firmware. What you need to do now is :

1. Press and hold [Select]
2. Change the USB Device to Flash 0
3. Exit

Now activate the USB connection menu. Go to this new weird drive. If you cannot see "KB" folder, make sure you unhide system and hidden directory in your Windows. Now, extract the package you download here to the root of this drive. Safe remove the drive and exit USB menu.

Repeat the above steps, but set it back to Memory Stick. You have just flashed a file into the firmware and this patch is done.

Download the PSX fix for 5.00 M33:
PSP 5.00 M33 PSX Fix

Basically, just for the fun of it. I heard that Popsloader still does not work properly and PSx seems to be a big problem in 5.x firmware. So, if you are a hardcode PSX gamer on PSP, I would suggest skipping the whole 5.00 M33 until I say its good for PSX. :)

Lastly, why this is v2, apparently, v1 doesn't work so well.

PSP Slim 5.00 M33 Savestate Plugin

Here is the usual savestate plugin for the PSP 5.00 M33 firmware. There is the readme.txt file in the root directory explaining how to use this plugin. The directory has been prepared for you. But before you go ahead and unpack it all to your root of the memory card, I would like to have your attention to the game.txt inside /seplugins. You will need to modify this file if you have other plugins. Basically, you need to include this line into your existing game.txt if you already had one. Otherwise, plain and simple, unpack them and enable it by holding your R button and do a cold reboot.

Download the PSP Slim 5.00 M33 Savestate plugin:
PSPS 5.00 M33 Savestate

P.S. I do not need to mention that this only works on firmware 5.00 M33, I hope.

PSP Slim 5.00 M33

If you follow my blog, you should know my updates are usually very slow. The reason is I usually prefer to only post updates which I am confident and tested. So, here is the 5.00 M33 release for so long. There is 3 parts to this update. It consist of the core 5.00 M33 firmware, 1 bug fix for playing PSX game having 0xFFFFFFFF error and the usual savestate plugin for 5.00 M33. Nevertheless the 2 are optional and if you do not use them, you can do without. Therefore, I had post them separately.

Here is the Core firmware. The usual applies. Unpack it to the root of your memory card as all the directories has been created for you. DO NOT FORGET TO PRESS O TO REBOOT AT THE END OF THE FLASHING!!! Or you will brick you PSP as usual.

Download PSP 5.00 M33:
PSP 5.00 M33

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.