Wednesday 19 November 2008

Excellent Slashdot posting

Copied from here:

I don't know what it all means but it's a great read, and good practice for any debate you may forsee.
There are a number of things I can’t stand about Slashdot, and I would just love to share them with you. For starters, I wish I didn’t have to be the one to break the news that this is an exceptionally convincing illustration of the power wielded by Slashdot and of the destructive way in which it uses that power. Nevertheless, I cannot afford to pass by anything that may help me make my point. So let me just state that Slashdot’s rank-and-file followers are merely ciphers. Slashdot is the one who decides whether or not to fuel inquisitions. Slashdot is the one who gives out the orders to enable lascivious four-flushers to punch above their weight. And Slashdot is the one trying to conceal how we are at war. Don’t think we’re not just because you’re not stepping over dead bodies in the streets. We’re at war with Slashdot’s profligate slogans. We’re at war with its ethically bankrupt threats. And we’re at war with its homophobic canards. As in any war, we ought to be aware of the fact that the hysteria and witch-hunts fueled by Slashdot’s sound bites will perpetuate harmful stereotypes by the next full moon. No joke.

It has long been obvious to attentive observers that we must educate, inform, and nurture our children instead of keeping them ignorant, afraid, and in danger. But did you know that its expositions are nothing shy of a slap in the face to all those who have fought and fallen in war for this country? It doesn’t want you to know that because the main dissensus between me and Slashdot is that I feel that I can no longer brook Slashdot’s psychotic, self-satisfied publicity stunts. It, on the other hand, contends that it knows 100% of everything 100% of the time. Imagine getting a dollar every time Slashdot said it wouldn’t ensure that there can never in the future be accord, unity, or a common, agreed-upon destiny among the citizens of this once-great nation but did so anyway. You’d be very, very rich. Slashdot’s ventures obfuscate any attempt to locate responsibility for the consequential decisions of those who have access to the means of power, as evidenced by the way that in a recent essay, Slashdot stated that it is the most recent incarnation of the Buddha. Since the arguments it made in the rest of its essay are based in part on that assumption, it should be aware that it just isn’t true. Not only that, but most of us are now painfully aware of its pertinacious indiscretions. So what’s the connection between that and its undertakings? The connection is that I frequently wish to tell Slashdot that if it is allowed to silence critical debate and squelch creative brainstorming, the implications can be widespread. But being a generally genteel person, however, I always bite my tongue.

Slashdot should work with us, not step in at the eleventh hour and hog all the glory. An old joke tells of the optimist who falls off a 60-story building and, as he whizzes past the 35th floor, exclaims, "So far, so good!" But it is not such blind optimism that causes Slashdot’s helots to think that they can distract attention from more important issues. You won’t find many of Slashdot’s attendants who will openly admit that they favor Slashdot’s schemes to strip the world of conversation, friendship, and love. In fact, their double standards are characterized by a plethora of rhetoric to the contrary. If you listen closely, though, you’ll hear how carefully they cover up the fact that Slashdot’s occasional demonstrations of benevolence are not genuine. Nor are its promises. In fact, Slashdot is doing everything in its power to make me get fired from my job. The only reason I haven’t yet is that I believe in the four P’s: patience, prayer, positive thinking, and perseverance.

As far as being frightful is concerned, none of Slashdot’s mercenaries holds a candle to it. I could write pages on the subject, but the following should suffice. Slashdot should get with the program. But what, you may ask, does any of that have to do with the theme of this letter, viz., that you do not need to be selfish to know that I accept the call to encourage open, civic engagement? It is bootless to speculate on the matter but it should be noted that Slashdot may deny minorities a cultural voice right after it reads this letter. Let it. In a lustrum or two, I will deal with Slashdot appropriately.

Is it true that Slashdot is the devil incarnate? The evidence is clear and compelling for those who are willing to look with open eyes and open minds. Everyone else should note that Slashdot’s plans for the future cannot stand on their own merit. That’s why they’re dependent on elaborate artifices and explanatory stories to convince us that Slashdot has the mandate of Heaven to condition the public to accept violence as normal and desirable. It is difficult, if not impossible, for people to come up with an accurate conclusion if the only information Slashdot has given them is false. That’s pretty transparent. What’s not so transparent is the answer to the following question: How far do Slashdot’s lies extend? A clue might be that Slashdot insists that ebola, AIDS, mad-cow disease, and the hantavirus were intentionally bioengineered by negligent, money-grubbing upstarts for the purpose of population reduction. That lie is a transparent and strained effort to keep us from noticing that its writings are more than just yellow-bellied. They’re a revolt against nature.

Consequently, Slashdot’s theatrics have caused widespread social alienation and from this alienation a thousand social pathologies have sprung. You’ve never heard that Slashdot’s intention is to irritate an incredible number of people? That’s because its faithfuls have been staging a massive cover-up for quite some time now. But if you keep your eyes open you’ll notice that it counts flippant turncoats as its friends. Unfortunately for Slashdot, these are hired friends, false friends, friends incapable of realizing for a moment that it wants me to stop trying to take personal action and lay out some ideas and interpretations that hold the potential for insight. Instead, it’d rather I hang myself by the neck until dead. Sorry, but I don’t accept defeat that easily. Slashdot truly believes that the cure for evil is more evil. I hope you realize that that’s just a brainless pipe dream from a silly, morally repugnant pipe and that in the real world, Slashdot is trying to brainwash us. It wants us to believe that it’s craven to draw a picture of what we conceive of under the word "hyperphosphorescence"; that’s boring; that’s not cool. You know what I think of that, don’t you? I think that Slashdot has declared that it’s staging a revolt against everyone who dares to discuss the programmatic foundations of its mealymouthed, tendentious histrionics in detail. Slashdot’s revolting all right; the very sight of it turns my stomach. All kidding aside, even if one isn’t completely conversant with current events, the evidence overwhelmingly indicates that I have observed that those who disagree with me on the next point tend to be unsophisticated and those who recognize the validity of the point to be more educated. The point is that some people say that that isn’t sufficient evidence to prove that Slashdot is secretly scheming to perpetuate myths that glorify expansionism. And I must agree; one needs much more evidence than that. But the evidence is there, for anyone who isn’t afraid to look at it. Just look at the way that its lackadaisical invectives have caused shabby, condescending braggadocios to descend upon us like a swarm of locusts, increasing society’s cycle of hostility and violence.

Is anyone else out there as struck as I am by Slashdot’s utter disregard for morality and humanity? The reason I ask is that given a choice of having Slashdot egg on negative externalities in the form of evasion, collusion, and corruption or having my bicuspids extracted sans Novocaine, I would embrace the pliers, purchase some Polident Partials, and call it a day. Slashdot uses hooliganism to break down traditional values. That’s the large elephant in the room that nobody talks about. Nevertheless, I insist that people really ought to start talking about it because then they’d realize that Slashdot insists that it has no choice but to impinge upon our daily lives. Its reasoning is that science is merely a tool invented by the current elite to maintain power. Yes, I realize that that argument makes no sense, but Slashdot’s codices are not pedantic treatises expressing theories or extravaganzas dealing in fables or fancies. They are substantial, sober outpourings from the very soul of nonrepresentationalism.

Slashdot’s cat’s-paws want to take us over the edge of the abyss of obstructionism for one purpose and one purpose only: to tell everyone else what to do. I guess that my take on this is that Slashdot wants us to believe that we can solve all of our problems by giving it lots of money. We might as well toss that money down a well because we’ll never see it again. What we will see, however, is that I’ve tried to explain to Slashdot’s flagitious fans that Slashdot’s soporific jokes have a demoralizing effect on the victims of human-rights violations. As could be expected, they were a bit slow on the uptake. I just couldn’t get them to comprehend that the real question here is not, "What provoked Slashdot to make individuals indifferent to the survival of their families?". The real question is rather, "Why does it insist on boring holes in the hull of the boat in which it itself is also a passenger?" All I can do now is give you a bare-bones answer and then let you dig into it yourself. To understand the basic answer you need to realize that if we don’t remove the Slashdot threat now, it will bite us in our backside within a short period of time.

I don’t know if Slashdot is consciously and purposely evil or merely arrogant. I do know, however, that its methods are much subtler now than ever before. It is more adept at hidden mind control and its techniques of social brainwash are much more appealingly streamlined and homogenized. Slashdot never misses an opportunity to indulge its preoccupation with its alleged victimization, yet most law-abiding citizens disapprove of Slashdot’s methods. This sort of vertiginous paradox is well known to most hateful, malignant criticasters. The point at which you discover that Slashdot oppresses its critics by crushing them, expelling them, pauperizing them, and cutting them off from families and friends is not only a moment of disenchantment. It is a moment of resolve, a determination that its thralls are too lazy to put inexorable pressure on it to be a bit more careful about what it says and does. They just want to sit back, fasten their mouths on the public teats, and casually forget that Slashdot sometimes has trouble convincing people that it has mystical powers of divination and prophecy. When it has such trouble, it usually trots out a few bumptious reavers to constate authoritatively that Slashdot’s sanctimonious peuplade is a benign and charitable agency. Whether or not that trick of its works, it’s still the case that our national media is controlled by intrusive prophets of commercialism. That’s why you probably haven’t heard that Slashdot has vowed that as soon as our backs are turned it’ll lay the foundation for some serious mischief. This is hardly news; Slashdot has been vowing that for months with the regularity of a metronome. What is news is that we must learn to celebrate our diversity, not because it is the politically correct thing to do but because if it were up to Slashdot, schoolchildren would be taught reading, ‘riting, and racism.

I find Slashdot’s lack of depth and insight mind-boggling. To cap that off, it’s Slashdot’s belief that my letters demonstrate a desire to eroticize relations of dominance and subordination. I can’t understand how anyone could go from anything I ever wrote to such a pesky idea. In fact, my letters generally make the diametrically opposite claim, that from secret-handshake societies meeting at "the usual place" to back-door admissions committees, Slashdot’s acolytes have always found a way to feed information from sources inside the government to organizations with particularly mindless agendas. Common-sense understanding of human nature tells us that Slashdot’s idea of inane, salacious moral relativism is no political belief. It is a fierce and burning gospel of hatred and intolerance, of murder and destruction, and the unloosing of an irritating blood-lust. It is, in every sense, an uppity and pagan religion that incites its worshippers to a ridiculous frenzy and then prompts them to shatter and ultimately destroy our most precious possessions. All in all, I realize that this letter has seemed incredibly bleak. However, expecting the worst from Slashdot means we will never be disappointed. If we’re wrong and Slashdot does not try to let scornful chiselers serve as our overlords, we’ll be relieved. If we’re right and it does, we’ll be prepared.

Monday 22 September 2008

BBC and Flash 10

Many Cbeebies flash games don’t work on with flash 10 due to bogus flash version detection for mozilla browsers.

The flash detection code is credited thus:

<!-- Flash Detect SSITool (Multi-clip pt1 of 2) v2.2 – do not copy, see http://intracat/ssi/ for usage -->

I can’t find any current references to SSITool any more, but looking into the java script it’s easy to see that this sample expression shows that the author wasn’t planning to cope with flash version numbers of more than one digit:


A better expression would be:

(ssit_NavY.split('.')[0]).split(' ').pop()

So I installed filterproxy on my ubuntu machine, and because the edit UI seems buggy I had to edit the /etc/filterproxy.conf file by hand to add this fragment:

      'Rewrite' => {
        'filters' => [          'FLASHVER: rewrite regex /ssit_NavY\.charAt\(ssit_NavY\.indexOf\(\'\.\'\)-1\)/ as (ssit_NavY.split(\'.\')[0]).split(\' \').pop()'

I also had to remove some other javascript fixups which dealt with blocking popup-windows and all kinds of stuff - I’m only trying to fix flash detection - my entire config is here

BBC should be ashamed for not having had someone run something like this on their webroots before now

find /var/www -name '*.htm*' -o -name '*.php' | while read f ; do \
  perl -i -pe "s/ssit_NavY\.charAt\(ssit_NavY\.indexOf\('\.'\)-1\)/(ssit_NavY.split('.')[0]).split(' ').pop()/g" "$f" \

Thursday 10 July 2008

Unintended consequences of over-strict control

See the sad story of over-strict food safety control and see how they back-fire on public health.

In summary over-strict requirements for food vendors means that the only food vendors left are lax care-free an possibly severely unhygenic vendors, making it almost impossible to find a safe vendor.

Tuesday 24 June 2008

automatic widget binding for glade/gtk-builder and vala

I am an old delphi user. For delphi 1 I even wrote a multi-threader, and a form-inheritance mechanism.

I’m now playing with vala, but I miss the automatic class member definitions from Delphi, where items on a window would have fields automatically defined in the source, so I could refer to widgets directly.

With current vala demo’s I have to make calls to this.xml.get_widget("widget_name") and I can’t be doing with that.

I’ve written some xslt which will convert the glade file into a vala file and class, which should be a super-class to whatever vala class is going to implement the form and signal handlers.

At Nicolas Joseph suggestion (and help for providing a sample gtk builder file) I’ve converted this to gtkbuilder. Glade can still be used to design the UI, but libglade is no longer needed at runtime.

Any .glade file can be automatically converted to a gtkbuilder .ui file, and any .ui file can be converted to a .vala file, and they are converted as a group to .c and .h and then compiled.

Because the .vala file contains the gtkbuilder xml within it, the .glade files don’t need to be around at runtime.

When the subclass is instantiated the superclass constructor will instantiate the window from the glade xml, and fix up all the widget locations, so that the subclass can refer to this.widgets.name_entry and so forth.

A sample "hello world" glade file with a button, and a label, and event handlers on button click and window close.


demo.ui is a gtkbuilder format built automatically from IF demo.vala is listed as one of the vala sources.


When xsltproc –nodtdattr gen-vala-gltk-widget-bindings.xslt is invoked it generates the vala file, with the xml embedded. The main class name is taken from the top level widget identifier.
It’s widgets protected class has a member defined for each of the widgets.
Such code as:
can be used to affect the UI.


The human subclasses the automatically generated class (named after the top level widget) in demo.vala, in order to implement signal handlers, and can still access widgets with:

I also had to make changes to (generated vala-gen-project) to add the reciples for building .vala files from .ui files from .glade files.

To add a new auto-built source based on, you must add the file to the project_GLADESOURCES definition and window.vala to project_VALASOURCES


This converts gtkbuilder files to vala files with the original xml as a string constant.


Here is a sample project. I use it with anjuta and it mostly works, but I edit manually when I add new source files cos anjuta gets anxious about adding certain filetypes to certain targets if it doesn’t know about. them

Friday 23 May 2008

SKCLONE - Like PWDUMP or COPYPWD but works on 64 bit

An anonymous author sent me the source to a tool to clone SysKey information from Windows 2000, XP, and 2003 and read and write password hashes to live windows systems, called SKCLONE.

The file is available for download here, and the README is quoted below.

SKCLONE - Like PWDUMP or COPYPWD but works on 64 bit.

(The 32bit exe works on 64 bit. How about that?)







SKCLONE: Clone SysKey information from Windows 2000, XP, and 2003.
Read and write password hashes to live systems.
MUST run under the SYSTEM account. HINT: Use the AT command.
SKCLONE is free software.

Permission is granted
* to copy, distribute and use
* and make derived works
* provided attribution is given:

Copyright 2008 By Anonymous

Thanks to for

Thanks to Nicola Cuomo - for
samdump2 and bkreg, consulted for information on how syskey is stored and used.

Purpose and History


SKCLONE was written because copypwd does not work on 64bit windows at the time of writing, and I needed to move a large number of local user accounts from a 32 bit installation to a 64bit installation.

The intention was originally to clone the SysKey from a 64 bit windows to a 32 bit windows so I could use copypwd to copy the hashes to the 32bit windows, then just copy the syskey’d hashes to the 64bit windows. That’s because had a page explaining where the syskey was stored, but not how it was used. Hence the functionality for exporting syskey and syskey’d hashes.

I then found out that Nicola Cuomo has worked out how to use SysKey to decrypt the hashes extracted from NTBACKUP system state, knowledge Nicola generously embodied in BKREG and SAMDUMP2.

Since I had already written the code for decoding the SAM user V record, it was simple to duplicate the SysKey decrypting function using CryptoAPI.

It was also simple to make the process go both ways. These functions are embodied SysKeyRead, SysKeyGetBootKey and SysKeyCrypt. It was also simple to make the function GetSetSamUserPwHash both read and write.

So I never got around to finishing the code for importing the SysKey data. (You just have to recreate the four keys under LSA with new Class values).

SysKey cloning could still be useful though — just not sure for what!

How to Use

SKCLONE uses the registry APIs to read and write the SAM values directly. It MUST be run under the SYSTEM account, since only SYSTEM has access to HKLM\SECURITY\SAM.

Only writes to STDOUT. It is STRONGLY recommended that you pipe this straight into GPG or similar.

The easiest way to do this by hand on a local machine is with the AT command. Say it is 11:30, enter this in a command window: at 11:32 /interactive cmd.exe

At 11:32 a command prompt will appear running as SYSTEM. You can run SKCLONE from this prompt. Interestingly you can run RegEdit.exe from this prompt and browse the SAM, which is what I did.

The simplest way to do it remotely is to use Remote Desktop with the "connect to console:1" option, then you can just use the method above.

The simplest way to do this from script, is:
* Copy skclone.exe to \\MACHINE\admin$\skclone.exe
* Schedule a task on the remote machine as the SYSTEM account.

You don’t have to set a schedule, just create the task.
* Start the task, and wait for it to finish, by polling it’s status.

It is pretty quick (almost instant, generally).

* Copy off the file, hopefully you took advice and encrypted it with GPG. Otherwise, you should ensure it went to a directory readable only by Administrators group and SYSTEM.
* Delete the file from the remote server. Should use SDELETE or similar.
* You are done.

When importing passwords, it will NOT:

* Set the Administrator password, or any account with RID < 1000.

* Set any password which is blank. But you can use PRESETPW to

set these to a random password first.




skclone [OPTIONS] COMMAND [argument]

Options are

/DEBUG executes a debug breakpoint immediately

(so you can attach a debugger).

/VERBOSE Prints more rubbish.


Imports pwdump style passwords directly into registry.

INFO: A Password must already exist. Use PRESETPW to set a random one.

WARNING: Invalidates ALL user’s protected data.

WARNING: LSA Secrets, EFS files, CryptoAPI secret keys etc.


Dumps pwdump style passwords directly from the registry.

INFO: Will not set null passwords. Set a random password first.

skclone USAGE

More options will be shown.


Same as IMPORTPWDUMP, but just does the one from the command line.

Will not overwrite a null password. Use NET USER <username> <password>

to set one first.

skclone PRESETPW

Reads list of usernames (or username:hashes) and sets a random

password for those with no password. Ignores those with one, and RID < 1000.

This is here because IMPORTPWDUMP requires that a password already exists.

skclone CLEARPW [accountName]

Clears user’s password. Will clear RID < 1000.

WARNING: Invalidates ALL user’s protected data.

WARNING: LSA Secrets, EFS files, CryptoAPI secret keys etc.

skclone REPORTPW

Lists accounts with clear passwords.

Compile without #define SIMPLEONLY for more options.

Useful Functions


These functions could be usefully put into a library of some sort.

SysKeyRead reads syskey values from the live SAM into a SK_DATA



SysKeyGetBootKey derives the bootkey from SK_DATA. This is not used

for anything in the program, but duplicates the functionality of BKREG.

SysKeyDerive derives the intermediate key from SK_DATA.

SysKeyCrypt uses the intermediate key to encrypt or decrypt LM or NT


GetSetSamUserPwHash reads or writes SysKey encrypted NT or LM hashes.

Use SysKeyCrypt to convert these to/from PWDUMP/L0pth hashes. Takes

an open key to the SAM or a copy of it with KEY_READ access.

GetSamUserRid is a utility function which uses OpenSamUserRidKey to

lookup the RID of a user. Takes an open key to the SAM or a copy of

it with KEY_READ access.

Bugs and Limitations



For good measure, the standard build does not include SysKey import

export functions, just PWDUMP/COPYPWD hash dumping and loading, plus

a couple of utiliies.

IMPORTPWDUMP will not overwrite a null password. However the PRESETPW

using the same input file will ensure that all accounts have passwords

by setting a random one where none exists.

IMPORTPWDUMP will not set an LM hash where none exists. If there exists

an NT hash but no LM hash, the NT hash will be set but the LM hash will

not. This shouldn’t hurt you — only very old OS require LM hashes. If

this is a problem, changing the user’s password manually will usually

set an LM hash.

REPORTPW will only list accounts with a null password (as opposed to a

zero-length password). This is generally accounts which have never had a

password, or have been cleared with CLEARPW.

SysKeyWrite function does not work! It does not write the boot key

information. It also writes some values which have nothing to do with

syskey — I think they have something to do with LSA Secrets but I am

not sure what.

For SysKey the relevant values are account_f which is 0×30 bytes from

offset 0×70 under HKLM\SECURITY\SAM\Domains\Account\F, and the

lsa_xxx_class values, which are the classes from four keys under


See RegQueryInfoKey to learn about classes. They can’t be changed once set,

you have to delete the key and recreate it.

Really want a better name since we can’t actually clone the SysKey.

Maybe copypw64? Or pwdump7? or copysam?

That’s all folks.

Friday 8 February 2008

Why do people treat animals like slaves?

A Daily Mail article on philosophy taught to children listed some of the questions put to the children for discussion.

Why do people treat animals like slaves?
Why are there so many answers to God’s questions?

Some of those questions are a bit loaded for young children:

"Why do people treat animals like slaves?"

For starters, how about:
  • What are slaves?
  • Do people treat animals like slaves?
Or are is this a sneak way to program the meaning of slaves to be "treat people like animals" to prevent children from ever learning that taxation is also slavery?

Truly the language defines the thoughts…

"Why are there so many answers to God’s questions?"

How about starting with:
  • What are God’s questions?
  • Who is God?

Wednesday 30 January 2008

Why I like unix

I like unix because it is easy to do tasks with throw-away 1 liners that take less than a minute to come up with.

I had re-factored some patches from one source tree to another, and I needed to make sure that I hadn’t missed any fragments.

$ git-diff ccache..v4-0-vfs-proxy | grep '^+++' | sort | uniq | sed -e "s/^\+\+\+ b\///" | while read f ; do diff -bwu ../$f /home/projects/samba-git/$f ; done

So I get a list of files that my changes affected, and then compared those to the equivalent files in the new tree. The diff was small and consisted mostly of pre-existing changes between the two trees.

I was easily able to account for any other slight differences is the resulting files.

I suspect that there were git-tools to help here, but the point is that I didn’t have to learn the official way to do my task, but I was still able to do it quickly based on existing knowledge.

Friday 25 January 2008

Should I say thank-you?


Of course I thank some-one in front of me who holds the door open for me to pass, but if the same person holds open multiple doors, should I thank them each time, or just the first and last time - and how can I know which will be the last?

Honourably Confused

Dear Honourably-Confused,

I am regularly filled with sorrow when I read such letters as this, demonstrating how low the manners of our population have sunk; however you did right to ask me!

You should not only thank the person at each door, but before you pass through the door you should both put your hands together and bow as a mark of respect.

If you both bow low enough the door will not be able to slam in anyones face.

If one does not bow low enough, not only will the door slam in the face, it will also be a sign of bad grace and so in such circumstance it would not be appropriate to apologise.