Gecko Bloggle

• Universal Silent Switch Finder (USSF) http://www.msfn.org/board/topic/17940-universal-silent-switch-finder-01/
• Universal Extractor (install this on your system, it’ll give you the ability to right-click on many executables and extract them into a folder) http://legroom.net/software/uniextract
• WinRAR (also handy for pulling apart some installers)
• Procexp.exe Process explorer, great for determining command line of a nested installer after you run the “big” installer http://technet.microsoft.com/en-ca/sysinternals/bb896653.aspx
• Elevated Shortcut to give the ability to run certain apps without UAC or administrator capabilities on a “per shortcut” basis, can upgrade an existing shortcut to have admin rights, or create a completely new one.
  • Very useful if there’s an executable/installer that only runs with Admin capabilities
  • Some only need admin rights during install or the first time they’re run
  • Can be used for non-admins to install things in a one-off fashion (printer drivers) or VPN client, etc
  • http://topsoftzone.com/program/9686/Elevated_Shortcut.html
• A disposable Virtual Machine of WinXP or Win7
  
  • Set to snapshot so you can rollback often, nothing but updates installed so you can install all/one app and then roll it back if it works as expected, leaving a clean machine for further testing.
• Steve’s Explorer Bar (StExBar) from Tortoise (the same people that make SVN) http://tools.tortoisesvn.net/StExBar.html
  • Once installed, you can enable the new StEx toolbar in the Windows Explorer that will give you the ability to copy either the filename only or the full path of a file without having to ever type it out, very useful when scripting installations
• Uninstall Cleanly (also known as “UnClean2.0”) which can display all of your installed applications, and with most of the apps, it will also show the UNINSTALL command line, which can be used to remove previous versions if necessary
• WPIW: Windows Post Installation Wizard
  • Pretty front end for scripted/batched commands
  • http://www.wpiw.net/

• If you take the installer file and drag/drop it onto the USSF.exe
  • You should be given back the switches that it can find for that type of file (things like /S and /SuppressSilent /NoReboot)
  • Copy/paste those into a command line and test to see if you can install it cleanly while running Silent

• In some cases, you can run the installer, stop at the first “Next” screen, and then open Process Explorer and see what the nested executable is (under the base setup.exe, you might see a child process in a temp or AppData folder somewhere.  Go grab that folder and see what’s in there.)
  • This is especially true for applications like Chrome and Shockwave Player that have small “helper” applications for download, but then pull down the “real” installer and run that.  If a 40MB app has a 300K installer, you know something’s up.
    • Watch out for these, as they will often delete the “helper” app once the full installer’s been downloaded, thus killing your automation by removing the installer’s executable.
  • Once you’ve got that folder, look for executables and drop them on the USSF again, to see what you can find.

• Sometimes there’s no graceful way to install an application, but if you still want to install it quickly to a number of workstations, see if perhaps the developers offer a “portable” version of the app.  One that runs completely out of the installation folder, without any installation necessary.
  • http://portableapps.com/ has a lot of common applications in this format

Note: Portable applications are not listed as installed applications in the registry, so they’re effectively “invisible” to utilities that search systems for installed programs  Keep that in mind if you plan on going portable with something – you probably won’t be able to track it effectively.

• Many applications have the ability to include the installation key in the installation (either in the command line, or in an XML or INI file in the install directory)
• If you can’t find documentation from the originator of the software, try some of the large installation repositories like http://www.itninja.com (previously appdeploy.com) or Spiceworks databases before googling it
• Remember that key automation could mean difficulty finding those keys again later, or having many seats with the same key unintentionally

• After launching the WPI, click Config, and find the application you’re replacing, or updating.
  • Make sure the description is reasonable (add version numbers if it makes sense)
  • Check/Add the command line that you’ve found with full path based on the steps you went through above
  • Set which category and configurations need this app (Utilities/Base)
• Save/Exit to go back to the main WPI screen
• Select None, and check your new app only
• Begin installation to test.

• Always test your installations to find out what happens if there’s already an old/same version installed
  • Eg: New version of Firefox installation that takes 4 seconds to install is good – but one that blows away your saved passwords and settings is bad.
• Run every app at least once to make sure it really did what you think it did – It may have completed installation successfully, but does it actually launch now?
  • Also check for any first-run weirdness (like checks for updates, or registration, or plugins)

Posting this from RockMelt (which is an interesting spin on Chrome, embedding Facebook and Twitter into either side of the browser window).  Okay, no, it WAS being written in RockMelt, but then I bailed on it ’cause the screen framing didn’t wrap properly on my tiny 1024×768 screen, which meant the word “embedding” scrolled off into nowheresville while typing that first sentence.

I have terrible handwriting, but maybe I’d do it more often if I had one of LifeHacker’s freakishly nice pens.  Especially the Namiki ones, from the Chinkin line.

Tomorrow’s Friday, and since I’ve been riding every other day this week, I should ride to/from work, but not if it’s gonna be cold, and it has been *cold* lately.  Not exploding coffee cup weather, but cold enough to make you not want to go work out in it.  The two rides I’ve done this week on the new bike have been good (considering I’ve been off my bike for a month or more).  Wanna see?  Of course you do!  I’ve been using a free Blackberry app called Endomondo which tracks traveling workouts via GPS.  It even tells you over the headphones every kilometer: “Six keelahmeeterrs in ayiteen minutes. Last laptime 3 minutes 22 seconds.”

It also shows GoogleMashed maps with elevation, which is pretty damned cool (if a little creepy, considering I didn’t log into the site as myself to see the information under that link).

In the process of the work I do, I occasionally go looking for people online, and one of the odd things I’ve noticed is that any public running event (SunRun, marathon, triathlon) will publish your name and placing online after the event (it’s in the newspaper, too.)  Doesn’t give you much information, but it does give you a year and a city if you’re tracking someone who’s ghosted on your for a bit.  (Do I even want to tell the story of the con artist in Montreal who I managed to get an alarming amount of data about, up to and including freakin’ ultrasounds of his unborn third child?)

That was a particularly freaky amount of tracking I did.  My accounting manager at the time said “That’s hilarious – don’t do that with me.”

Some Google-Fu and some nice lateral thinking can get you an alarming amount of information on a group of people who don’t lock down their privacy settings on things like Flickr.

It’s Midnight, so I’m a hit Publish, take a picture of the straggly-looking stache, put that in the Mo’10 page, and then head to bed.  (Oh crap, Conan’s on already, I’m toast).

Stood at the cenotaph in downtown Vancouver today while the planes did their flyby and the 21-gun salute was performed with artillery, and it rained and a bajillion kids in uniforms were quiet and strong and trained.  Lots of fresh-faced Asian (and SouthEast Asian) kids there.  Sorta made me proud that Canada has enough of a mixed culture that our population on the street is reflected in the cadets.  Or maybe that’s a bad sign.  Not sure.

But thanks to all those who were once (or currently) somewhere really really far from home, in a place where maybe there’s not a lot of hope (or security), and that the people that sent you there bring you home safe and sane.

Guy I used to work with suddenly started talking to me after about a year and a half of nothing.  Looks like he got hit by what we at EA used to call an “MSN IQ Test.”  Gotta give them credit for incorporating that INTO the bot itself. Remember kids, just ’cause someone you know sends you a link, doesn’t make it safe.

ViralBot
1:29 PM
hello!

Zen Render
1:41 PM
Hey man, how goes?

ViralBot
1:42 PM
i just took an iq quiz

Zen Render
1:42 PM
Okay… The one for the interview process at work there?

ViralBot
1:42 PM
Hi!
1:42 PM
yeah, I was brighter than I am

Zen Render
1:43 PM
I suspect that perhaps you’re a bot, or something, instead of actually Mr. (ex-coworker)

ViralBot
1:43 PM
you should look if u can do better than me, http://{badlink}

Zen Render
1:44 PM
Yeeeaaaah… Not so much. {ex-coworker}, sorry you got hit, man. Good luck.

ViralBot
1:44 PM
i bet you cant haha
1:45 PM
hey!

Zen Render
1:49 PM
Hello, Bot McBotterperson. Your programmer should have taught you that most people don’t say HI/Hey!/Hello three times in a five minute period.

ViralBot
1:49 PM
i just took an iqtest

Zen Render
1:51 PM
So did I. You failed yours, I appear to have passed mine.

ViralBot
1:51 PM
yeah, I was smarter than I am

Zen Render
1:52 PM
That would be a neat trick, to be smarter than you are. Maybe if you were smarter than you THOUGHT you were, that’d be something, but mostly, you’re just coming off like a broken record.

ViralBot
1:52 PM
you have to look if you can do better then me, http://{badlink}

Zen Render
1:53 PM
What’s ironic is that I know I can do better than you, by not clicking anything at all.

ViralBot
1:53 PM
im sure you cant haha

Zen Render
1:53 PM
Eliza, is that you?

ViralBot
1:53 PM
take it now while i take a shower!

Zen Render
1:55 PM
Let’s see if you know how to respond to anything a human would, shall we?
1:55 PM
Marco!

ViralBot
1:56 PM
BRB!   take that test!

Zen Render
1:56 PM
Eye zuzpekt yoo arr prrapps not Henglitch schpeeking…
2:05 PM
Aww, did you forget what you were doing, and erase yourself? Maybe {ex-coworker}’s shut down the account now.

Latest Movember photos are on the Mo’09 photos (there’s a link to the page at the top of this page.)

So, a while ago (really? April of last year?) I wrote about Microsoft’s new toolkit for police to quickly gather everything they’d need from a Windows-based workstation, called COFEE.  I had a bunch of questions about COFEE at the time, and now that I know a little more about it, I’m going to go back and answer my own questions and see if there’s any clarification on some of the  (I hope).

(15 minutes go by while I read the documentation).

Are you serious?  Is this the right thing?

There’s like, it’s practically, I mean, c’mon.

It’s a nice big batch file that collects a bunch of information, fair enough, but it doesn’t actually DO very much.  No passwords are grabbed.  No filelist generated (at least, not that they documented), and it looks like all you’d need to do to make it pretty-much useless is disable your USB ports’ and/or mass storage device drivers.  The documentation for end-users tells us how to do such things as run the scanner with OR without the autorun enabled on the system.

(Heh, wait. What?)

I thought this was going to be a bootable thing – was I wrong?  I thought there was going to be this killer tool that meant you could walk up to a machine that’s OFF, boot from the stick instead of the onboard drive, collect the data from the operating system, and walk away, and as far as Windows knows, the machine wasn’t even powered on.

I’m, I guess, in a way, sorta saddened.  Don’t get me wrong – I don’t expect the average cop out there to be able to do a thorough job of collecting all the necessary data by hand, but I was sorta hoping that maybe they’d have something that would at least be on-par with Backtrack, which any person with a highspeed connection and a thumb drive (or a blank CD) could create, and it’ll let you do all SORTS of alarming things to a machine without actually “touching” the operating system (unless you want to, in which case you can pretty much set the thing on “Liquefy” and watch all of Microsoft’s security go away).

(That was a long sentence, woof).

I guess what makes me sad is that COFEE isn’t going to collect any data that isn’t obviously available on the system in the first place.  Seriously: is it common for prosecutors to bring forth evidence based on which local groups on the machine someone is a member of?

“He must have done it – he’s in the SuperElite Hacker Pwnz0rz group, see?”

I know the “no touchies” forensic methods for data gathering (like ENCASE, which I’ve used in a previous job) are a different class than what COFEE is meant to do, but it looks like it’s only meant to be useful for kicking the door in, pushing the alleged bad guy outta the chair in front of the computer, and then running the launcher to collect your data.

I can literally hear the hardware hackers out there trying to figure out how to set up something that’ll either automatically cram the drive with data that’s bogus, or simply melt it into a little plastic Hershey’s Kiss, or hey, maybe a virus that’ll wreak havoc back at the station.

Not that I want that to happen.  As much as my brain enjoys trying to figure out how to defeat whatever security system I come across, I want the cops to be able to figure out what’s real and what’s not about a given machine.  I want them to be able to nail the bad guys when the chips are down.  I want them to have the tools, I really do.

COFEE isn’t the tool they need (yet).  It’s better than taking the machine to the guys at the nearest Best Buy and asking “has this machine been used illegally?” but not much better.

And if any of you have ever had your USB stick’s data go “poof” when being moved from computer A to computer B, you’ll know why I don’t trust that the data will even make it back to the office (or even the cruiser’s laptop).

I just hope what I have is a red herring, and not the real deal.

Oh, and this time last year*? I was yammering about other stuff, but still lovin’ a good run-on sentence…

And now, because most people won’t bother going to my Movember page, here’s a picture of me rubber-facing because my normal face never looks good to me.

Neither does this, but it makes me giggle.

Helps if you imagine me going "Borkely-orkely-yobbley-bawk!"

* I’m tellin’ you? With the uptalking?

I’m tired today, even though I slept through most of Spy Kids 2 this afternoon.

Spent two hours doing groceries, watched a movie, and then we went to Ikea for wandering (whoops, $100) and dinner before coming back, putting the kids to bed, and hanging with the beautiful and talented MoxieSnacks.

Today blew by.  Pweroom.  Zorp.  Flurm.  Ka-done.

Wide angle lenses do weird things to my eyes (and/or glasses)

Oh, and I’m starting to get the moustache that I’m going to be coping with for the next three and a bit weeks.  (See photo, attached).

(Right now, Arwen and Moxie are talking about holding their breath while underwater, and so they’re closing the backs of their throats and talking, leaving them sounding like Edith Anne from Saturday Night Live, or perhaps the Professor from the Simpsons, who’s actually Jerry Lewis.  So, to recap: the two women in my living room right now are doing Jerry Lewis impressions.)

Oh holy shit.  My blog.  The main page blog (I should probably pull that, since I’m not looking for work from the outside world), and the Podcast site were all GONE for the last 15 minutes.  The blogs were still there, but they were all asking me to enter the name of the blog, and my email address.  Total amnesia.  The good folks at Fused Network are freakishly awesome and fixed it up and I’m back.  I’m sure I’ll get a thing about my ticket in a bit, if I don’t close it first.

But first, I’m going to go back up the databases on all six of the blogs on this domain…  Just. In. Case.  *cough*

In music news, I’m nervously excited that Massive Attack has a new album coming out soon, and last night, without really trying, I managed to lock down some pretty tight beats using Torq and it was embarrassingly easy.  Maybe I’ll have to get one of them thar Torq Xponent things next time I have… oh… hmm… $750… whoops.  Maybe if/when I see one on Craigslist some time.  One day.

But yeah, “Housecleaning Mix” should be something doable in the next few weeks, for sure.

I’m not going to put up photos for another day or two, but I’m taking shots daily, so maybe by tomorrow or Friday.  In the meantime, if you got a few bucks kicking around, and can’t think of anything better to do with them than give ’em to some sorta good cause, like maybe Movember?

Of course, a bucket of icecream’s good too, if you wanna go that way.  Costs about the same these days.

So what sorts of things have I been reading about lately?  It’s always fun to do a linkdump, right?  Right?  No?  Tough.  Buckle up, ’cause Kansas is going the way of the Feces Ape.

• The long unanswered question of the four Doc Browns.
• Use the Windows 7 USB/DVD Download Tool with custom ISOs
• The XBox Media Center Minus the XBox

• The Horribly Slow Murderer with the Extremely Inefficient Weapon

• Change Product Key On Windows Server 2008

• Run Windows 7 on two different computers from only one install

• David Lynch and his people are running around the States interviewing random strangers
• The cutest owl in the world that you keep thinking is gonna eat your head
  

• Sysinternals Disk2vhd helps migrate physical desktops to virtual machines

• Know-Em: Check Usernames on a whole bunch of social networks at once
• Hard-to-Place Accounts (Insurance People have a forum for the “Yeah but what if…” accounts)
• Boing Boing Video remix of documentary about Synesthesia

Anyone still here after all that?  You haven’t wandered off into space yet?

I’m on the emergency call number for this and next week for work, and I’ve been woken around 2am three times now, and I’m starting to get used to it, ’cause it’s the same overnight wrangler calling me from an out-of-town studio to help with things that so far have been either “Okay, let’s see what happens in an hour” or “Phone the guy (yep, at 2:10am) who knows the site best and have him figure it out.”

I feel bad about it, but when you’re baaarely awake, and you can’t think your way out of a sketch of a paper bag, just about anything sounds like a pretty good idea.  I bet one of these days I’m going to either suggest she put the spaghetti back into the frog swatch before the king of the potato people harvests the sunjuice OR I’m going to tell her she should just go get a pillow and a blanket and wait until the sun comes up before watching TV.

The only problem so far is that I have a little trouble getting back to sleep after having to suddenly be awake and play calm support person while the person on the other end, while not at all panicking (awesome), is WIDE awake, and has been at work for a couple hours.  Gotta be a weird job for them.

Arwen’s worked the graveyard shift for a coffee place (if you lived in Vancouver’s West End  during the mid 90s, you probably bought coffee from her), and she used to talk about heading homeward for dinner and sleep when the rest of the world was waking up and heading, blearily, to work.  Working graveyard at a coffee place is one thing (you get the club kids and the folks who can’t sleep and the crazies), but when it’s a hightech job at 3am… how’s the… who d’ya… I mean.

Yeah, I don’t know if I could do that job.  Maybe for a little while.

I’d need to go somewhere for coffee though.  Coffee from a nightowl who’s used to it.

BREAKING NEWS:

Just saw the ad for the HTC “You don’t need to get a phone, you need a phone that gets you.” which was quite good, except for the fact that a number of the snippets of reasoning they showed looked more like heartbroken stalker footage than actual “here’s why you need one.”  The other problem was all these shots of people going places and using transit and trains and planes and stuff, but the music riff they’re playing the whole time is Nina Simone’s “Sinnerman.”  All these “isn’t it cool that people have GPS and cameras” clips and all I kept hearing in my head was “Oh sinnerman, where you gonna run to?”

I think that’s why I’m somewhat grey hat about my use of security technologies.  There’s the part of my jobs that have always meant I had to know about viruses and security systems of some sort, but then I’d turn around a corner and I was being asked to defeat those same systems in order to determine whether or not someone was up to no good with something.  I’m certainly no forensics expert, nor would I even consider myself a script kiddie, much less an actual hacker at all.  I’m hackish though, in that any time I’m presented with something that claims to be secure, I’m trying to figure it out.  It’s a new puzzle for me to play with.  A new game.

When the web was young, we didn’t have to worry about viruses, ’cause nothing worked well enough, fast enough, or often enough to actually spread a virus that would work on the fly.  It had to be copied manually.  The virus would have to attach itself to a file that people wanted, and that they’d share around.

Now?  I think it’s something like four minutes that an unprotected Windows machine attached directly to the net (not behind a firewall/router or anything) will be infected with at least on piece of malware, and that first one will usually invite friends over.

I think what’s going to very quickly become the new battlefront isn’t going to be hackers.  It’s going to be friends, family, and staff.  Social hacking, or social engineering will be where the real money is.  Mostly because the money is real.  The money is actually MONEY.  We’re back to the oldest tricks in the book to scam people, but because there’s technology involved, somehow everyone think the magical technology will protect them from giving all their identifying information to some punk who’s going to use it to buy a new pair of sneakers for $300… or a new boat for $30,000.

So everyone needs to THINK a little more about what they give to whom.  Quit freaking out about strangers snooping in your recycling box in the alley for your returnable bottles, and start worrying about Uncle Wally, who blindly forwards whatever thing crosses their inbox without thinking that maybe somehow, someone, somewhere might have started that chain email in order to collect email address that he can sell off to some spammers in Russia so you can have your mailbox stuffed with P4ent3RMINEsez.

Oh, too much babbling, I missed Midnight.

ka-publish!

Anyone who knows me knows I enjoy chasing viruses through the darkest recesses of a workstation, and learning what weird and wonderful new way things are hiding themselves (or reinstalling themselves), and I know it can go sideways and get scary really really fast.

And then you move up and up in the ladder of technicians, across the line into guru or mad scientist land. You start pulling craziness from the magician’s hat, only it’s not always a cute little bunny you pulled out of that hat, like people might have expected you to. It’s this horrifying multi-legged gibbering *thing* that came from the deep blackness of the net, and it might eat every machine in a 50-foot radius if you don’t handle it properly. And nobody knows how to handle it properly, and everyone who knows enough about such things knows enough to be a little scared.  -  JBurton

Was reading a post over at Pelalusa that the virus/malware that ripped through VSB’s offices and classrooms faster than pinkeye is still a problem, even though it’s been four weeks since initial infection.  This is a known piece of malware, and I’m assuming it’s viral (spreads by itself, using a known vulnerability in Windows).

So why can’t they get rid of it?

Click here to read more.. »

Life on Mars should be a very bad show, based on the elevator pitch:

A cop in present-day New York gets hit by a passing car, and wakes up in 1973, still a cop in New York.  There’s some odd crossover from present day (people he knows in 2008 are younger in 1973), and the occasional anachronism (a kid shows up at some point with a Nirvana tour shirt on).

but it’s not.  I dunno much about it (like who wrote it, or whether or not there was a UK version first), but it’s like a grittier version of Quantum Leap.  I mean that in the best possible way.

Whoa, did you know this about Quantum Leap?

Quantum Leap is an American science fiction television series which ran for 96 episodes from March 1989 to May 1993 on the NBC network. The series was created by Donald P. Bellisario, based on a concept originally created for Galactica 1980. This concept was then reworked outside of the Battlestar Galactica framework.    – The Might Mighty Wikipedia

Well now you do (and doing is half the… wait… that’s wrong).  Now that piece of information is lodged into the same part of your brain that holds infinite amounts of 70s lyrics, you’ll never get that part of your brain working right ever again.  You’re welcome.

Click here to read more.. »

I’m changing the titling so as not to offend KarlaBabble (like SHE ever comes HERE any MORE), but mostly ’cause yeah, I agree that the vast majority of my own “I’m going to write every day for X days” challenges are deeply depressing to myself, ’cause I don’t usually get past day three before skipping a day or two, and then doing one more day, and then giving up, assuming nobody noticed in the first place.

Karla has this to say about it:

Do us all a favor and vow NOT to participate in NaBloPoMo this year. If you’re already committed to it, then at least remove the word “NaBloPoMo” from every post, because that’s like announcing, “This is going to suck” in big letters across the top of the post. Allow us the temporary illusion that you blogged today because you were inspired, and not because there’s a national bore-a-thon going on and you’re determined not to be left out.

This is why I don’t use something like Twitter (or Twittr, or Twitr, or Twtr, or whatevr they’r calling it this wkr,) it’s just too much pressure.  I’m afraid people would actually start to get annoyed by what I’m tweeting.  See?  I’m already annoying myself by talking about it.  Shut UP.

Click here to read more.. »

In which our hero finally sits his two little ones down in front of Star Wars.  It might be the “fixed” version, but it looks pretty good.  When they get older, we’ll get into the whole thing about how the “real” version is the “best” version.  Han shot first, dammit (but in this version they shoot at the same time, and that Greedo is a lousy shot, lemme just say).

Laundry night (writing in bits and pieces while hauling stuff).  Tate and I went to Sport Ball at the West End Rec Center tonight, which meant leaving a little early from work, and hauling butt up the hill on my bike, so I could then walk back down the other side of the hill with Tate.  Cycling’s going really well, I think, since I’ve only NOT rode my bike for maybe four days since starting, and I had a Dr’s note for that.  Really.  Like, specific “No riding a bike for at least a week” kinda instructions.

So, SportBall, or “Dad & Me” class.  Imagine a half-dozen or so kids between 3 & 4 running around with an equal number of dads, all playing sorta-kinda sports.  Each week is a different sport.  The first week was soccer, sorta-ish, and this week was basketball.

Tate *hearts* the running and kicking and throwing, but sometimes his natural inventiveness gets the better of him, and he wants to roll the hulahoop and then chase it WHILE trying to throw the ball through it (to me).

In the control room Luke and the gang hole up in, there are large reddish buckets near the door.  What’s in those things?  Toner for the printers?  Buckets of new helmets?  Wine?  I bet it’s wine.  No wonder the StormTroopers are such bad shots.  They should have all just set their guns on stun, and blue hoopie-thingied the hallways every five minutes.

Click here to read more.. »