Category: Freelance

Freelance work related.

Removing AVG from Ubuntu

I’m using Ubuntu Mate 1.8.2 and for some unknown reason installed, or tried to install, the AVG deb package (avg2013flx).  Well, the install failed. I did some research to attempt to rectify this and instead came to the conclusion that I didn’t need AVG in the first place.  So I tried uninstalling it… and that failed:

Selection_001
Turns out part of the install failure involved the installers inability to fire up the AVG service, avgd.service, and that’s where the uninstaller was choking – trying to turn off that service that wasn’t on in the first place.  What a stupid ass uninstallation script.  Thankfully the fix was pretty easy:

  1. Open an elevated (sudo) text editor of your choosing and navigate to /var/lib/dpkg/info and open the file avg2013flx.prerm
  2.  Locate all instances of the following lines (my prerm had two sets) and comment them out by placing a pound sign (or a number sign or hashtag depending on your age, geographic location or level of nerdiness) at the beginning of each line.
    Selection_002
  3. Save the file, and then attempt to uninstall the app again:

If you were having the same problem I was, that should do the trick.

Microsoft slips it to you on Windows 7 and 8

Microsoft is slipping into Windows 7 and 8 the same data mining and privacy violating tracking that has made news for being a part of Windows 10.  I’m in the midst of absorbing it all, but for now further info, including updates to block, can be found here.

Also, instructions on how to opt-out of their CEIP (Customer Experience Improvement Program) which if you’ve installed Office you’ve surely inadvertently joined, can be found here.

This is getting to be a bit much.

CMS dangers: Plugins. This episode – Sweet Captcha

First, an apology for anyone who recently visited this site and found themselves bombarded with pop up ads or alarmist claims that they’d contracted viruses.  I’m incredibly sorry.  A plugin that I use(d), SweetCAPTCHA, is now injecting pop ups in what appears to be an attempt to monetize their plugin.

Now, whether SweetCAPTCHA’s been compromised (I don’t think so) or has turned to nefarious means to try to fill their coffers (ding ding!), the ease at which this happened should set off alarm bells for CMS users everywhere (after all, SweetCAPTCHA’s not WordPress specific).  I’ve been absolutely guilty of thoughtlessly hitting the “upgrade” link on plugins, especially on sites of my own.  I’m a bit more cautious with client sites after having been bit more than once by an upgrade that rendered inoperable an important plugin, but I’d be lying if I didn’t admit that sometimes I don’t do sufficient research before and adequate QA after some upgrades.   And that leads to a night like tonight, logging into all my personal and client sites in a panic to see who had SweetCAPTCHA installed and activated (thankfully no clients – only this site and one other personal site).

Plugins are third party.  They’re dangerous.  We’re trusting them to do what they say they do and nothing more.  And we placing that trust in them again and again each time we agree to an upgrade.  We need to be careful.

So again, I sincerely apologize.  This site doesn’t get a whole lot of traffic, but the traffic it does get are mostly people looking for help.  Every time I receive an email or comment from someone telling me this little site of mine has helped them it makes me a bit warm inside.  That SweetCAPTCHA hijacked my little warmth generating site to take advantage of its visitors pisses me right the fuck off.

Read more about SweetCAPTCHA’s shitty new business model here and here.

Tracking Protection in Firefox – let it help you

By turning on tracking protection in Firefox you’ll not only get some help in blocking sites known to track their visitors, but you’ll reduce your page load time.  Win win!

  1. In the URL/Location bar in Firefox, enter about:config and hit enter.
  2. You’ll get a friendly warning that you’re poking around under the hood.  Promise to be careful to continue.
  3. Search for privacy.trackingprotection.enabled and set it to True.

That’s it!

TrueCrypt Open Audit

Phase 2 is done.  Read it here.  The findings summary is basically:

During the engagement, CS [Cryptography Services] identified four (4) issues, and none led to a complete bypass of confidentiality in common usage scenarios. The standard workflow of creating a volume and making use of it was reviewed, and no significant flaws were found that would impact it.

The most severe finding relates to the use of the Windows API to generate random numbers for master encryption key material among other things. While CS believes these calls will succeed in all normal scenarios, at least one unusual scenario would cause the calls to fail and rely on poor sources of entropy; it is unclear in what additional situations they may fail.

Additionally, CS identified that volume header decryption relies on improper integrity checks to detect tampering, and that the method of mixing the entropy of keyfiles was not cryptographically sound. Finally, CS identified several included AES implementations that may be vulnerable to cache-timing attacks. The most straightforward way to exploit this would be using native code, potentially delivered through NaCl in Chrome; however, the simplest method of exploitation through that attack vector was recently closed off.

So basically, unless you’re concerned about the Windows API generation of the encryption key, the last version of TC prior to the developer bailout remains an effective encryption solution.  And TCNext is out there, though they’ve got no new version as yet (7.1 is available there).

Auto Repair and The Web

One of my clients (and friends) hit me up the other day, out of the blue, asking about the value of domain names. He’d been contacted by a squatter sitting on a name relevant to his business.  He called and spoke to the squatter and ultimately agreed to purchase the rights to the name.  Immediately after the call Mr. Squatter began snarfing up any and all other domain names similar to the one he’d just sold and started mailing my friend about them.  His emails sounded technical and official:  “I managed to procure XXXXXXX.com domain name and would like to offer it to you for $150.”

I explained to my client friend that “procure” sounds fancy, but all this dude did was snatch up some domains available out there in the wild for between $8 and $15 apiece, which took him all of 3 minutes and anyone can do, and now he’s marking them up 1000%.

Domain squatting like this is a strange business to be in.  Really all a squatter is doing is making a living taking advantage of the ignorance of non-technical people.  I imagine that successful squatters fancy themselves clever.  Beats accepting the truth, which is that they’re sleazy.  I associate squatters with shitty auto mechanics and shitty home contractors.  We all know a story about a mechanic or a contractor that told someone something completely untrue to use their ignorance to try to rip them off.

My own story is this:  as a kid I owned a Datsun 310gx manual (which I dearly wish I still had, but I totaled it).  It was having trouble getting into 2nd gear so I took it to a mechanic who told me that the transmission needed replacing and it was gonna cost me somewhere around $450.  That didn’t sound right based upon my driving experience, and I didn’t have the money regardless, so I took my car back.  A friend recommended a different mechanic, who within 10 minutes diagnosed my problem and said “You need a clutch adjustment.”  Less than a half hour later my car was ready and I think I paid the guy $25 for the fix.

Domain squatters make their money being that first mechanic. And just like that first mechanic does to the second, they make all of us people trying to make an honest living on tech look bad.

PCI\VEN_8086&DEV_29D4&SUBSYS_281E103C&REV_02

Rebuilding an old HP dc5800 to Windows 8.1 64 and a pesky PCI Simple Communications Controller can’t find its driver.  Its hardware id is:

PCI\VEN_8086&DEV_29D4&SUBSYS_281E103C&REV_02

Googlin’ turns up lots of dead links.  It’s the Intel Management Engine Interface, and here is the driver.

Yeah, I know the title of this post overruns the right column.  I figure by having the hardware id be the post title it will be easier for people in need to find, so I’m leaving it.

What’s Art?

wander1I made this to submit as a possible logo for an event.  Ultimately I’m pretty meh with how it came out, but making it started me thinking about art.  Thanks to technology my generation in particular has seen quite a change in the creation, and potentially the definition, of art. Bearing that in mind, is this creation of mine art?  Is it even my creation?  The owl began a photo I did not take, as did the moon.  The background originates from an image I did not create.  The text is in a font I did not create.  They’re all found items that I digitally manipulated – some dramatically – to suit my purposes.  So is this art?  Is it just theft?

The music on The Beastie Boys 1989 release Paul’s Boutique, ranked 156 on Rolling Stone magazine’s greatest 500 albums of all time, is comprised almost entirely of samples.  It’s an album that, thanks to changes in laws, would be impossible to make today.  The cost of securing the rights to all the samples would be enormous.  Here’s just a partial list of samples featured on the album.

Is Paul’s Boutique art?  Is it just theft?  And, if Paul’s Boutique isn’t art, then what of Warhol?  Shepard Fairey?  Banksy?  Where is the line drawn?

PS:  Three things.  

1. The word “art” doesn’t mean “good.” There’s bad art. Obviously that’s mostly (entirely?) subjective. So simply not liking something doesn’t make it not-art.

2. Obviously I’m not putting anything referenced above on equal footing. They’re all examples of projects created from existing media or artists known for works created from existing media.

3. It’s my personal opinion that, for the most part, art is the product of exercising creativity. To that end, every time a person picks up a guitar and plays something they came up with, it’s art. Even if they never play it again, and no one ever heard it other than them, for that moment there was art afoot. I believe a carpenter can be an artist. A cook can be an artist. I do not like the line some people try to draw between “art” and “craft.” I understand that crocheting something from a pattern is different from crocheting something of your own inspiration, but too many critics use the former activity to label the medium of crochet not-art. You can make art out of anything, dammit. And art doesn’t have to be paid for or displayed to be art. Art doesn’t have to be shared at all. The pictures my son draws, pulled from his own mind, that he discards once he’s done with them… they’re art. Rare art at that.

Windows 8 Preview Pane woes

I don’t like the Windows 8 preview pane.  It makes moving and deleting things difficult, especially over network shares.  It likes to lock shit up thanks to the (usually hidden) thumbs.db file it creates.  So, turn it off.  It’s a simple reg hack:

1
2
3
4
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoReadingPane"=dword:00000001

WordPress and updating PHP beyond 5.3

My host finally set up the ability to upgrade PHP.  I’ve been running on 5.2 for roughly forever.  I host for clients, and most upgrades went without a hitch.  A couple, however, barfed a bit thanks to undeclared variables, generated errors the likes of:

Warning: Creating default object from empty value in \wp-content\themes\hybrid\library\functions\core.php on line 27

Thankfully, it’s a pretty easy fix: just declare the variable! for example,

1
2
if ( post_type_supports( $post->post_type, 'entry-views' ) ) {
$entry_views->post_id = get_queried_object_id();

In a library/extensions file generated a warning. To fix, I simply declared the variable $entry_views:

1
2
3
if ( post_type_supports( $post->post_type, 'entry-views' ) ) {
if (!is_object($entry_views)) {$entry_views = new stdClass; }
$entry_views->post_id = get_queried_object_id();

I had to do the same in a few other files as well.