Hashemian Blog
Web, Finance, Technology

Do Not Iron Your Shower Liner

by @ 12:48 pm
Filed under: social — Tags:

... and don't bleach or dryclean it either. While changing my IKEA vinyl shower liner today, for some reason I noticed the back side of the package.

ikea shower liner

It's weird already that IKEA needs to warn the consumer against machine washing/drying, bleaching, ironing, and drycleaning the $5 liner, but it's telling that only the US consumers are given these warnings.

Apparently for other countries a simple 100% PEVA does the job, they just know what not to do. Admittedly I had no idea what PEVA was, but thank goodness for the warnings. I was about to spend hours washing, drying, bleaching, and ironing my old shower liner 🙂

Live Long And Prosper Spock

by @ 7:59 pm
Filed under: star trek — Tags:

In my native country of Iran during the pre-Islamic-revolution times, the television, rife with American films, was a window into the western culture, specially the American culture, for most people.

But Star Trek was something else. It wasn't so much a glimpse of the western culture than it was the promise of what humanity could be if we let go of our bigotry and superstitions, and instead embrace humanity, science and rationality.

As a young boy I had a few sleepless nights after watching some of the more action-packed episodes. One memorable episode was The Doomsday Machine, which had me terrified of the specter of Earth being gobbled up by a fiery funnel. But many episodes also had the power to make us look at our society and at ourselves and see things from a different angle, mainly a logical one.

doomsday-machine

In of my most favorite episodes, Mirror, Mirror, the audience is taken on a journey to a parallel universe where greed for power, tyranny, and savagery is the order of the day. To the crew of the parallel Enterprise it's all par for the course, but to the few normal-world Enterprise crew members who are transported there by accident and to us, the viewers, it's a dark and hopeless world. That is not so different from many parts of our world today. We can only root for the parallel-Enterprise Spock who, at the end of the episode, realizes how illogical his world actually is. Of course seeing Spock with a beard in this episode is a pretty good bonus in itself.

spock-mirror-mirror

Leonard Nimoy has sadly passed away, but his character, Spock, will undoubtedly live long and prosper. LLAP

The SSL Safety Myth

by @ 6:21 pm
Filed under: hacking — Tags: ,

The past week the security universe has been pounded by a whirlwind of bad press and bad actors. It all started with the news of Lenovo pre-installing adware (better yet, crapware) on new machines that would allow ads from a company with the ironic and unfortunate name, Superfish, to display context ads even when users are viewing secure web pages. The details are technical, but suffice it to say that they employ SSL certificate trickery to fool browsers and silence any possible warnings to users.

Suddenly the previously esoteric or arcane man-in-the-middle (MITM) terminology has been thrust into the mainstream and now MITM is just as well known as Ebola, even if most people have no idea how it works.

MITM - Courtesy owasp.org

MITM - Courtesy owasp.org

The bigger question however is, does ubiquitous SSL (nowadays, TLS) really make computing safer? There has been a concerted push as of late to encrypt the entire web. Google for example has suggested that it favors secure sites over regular ones.

But as evident, SSL is no panacea for security or data privacy. It does make the job of corporate security teams harder, sucks more power from infrastructures, complicates interoperability, but worst of all, gives a false sense of security to users and admins. For example, people may simply assume that with SSL they can't get infected or their private data can't be hacked.

I am obviously not against cyber security, but there are proper times and places for that. Just because something is good when appropriately applied, it doesn't mean it's good for everything all the time. Unfortunately, society always seems to over-simplify things and take everything to absurd levels using the logic, if a little is good, a lot is better.

What The Linux Ghost Bug Teaches

by @ 6:07 pm
Filed under: computers,hacking — Tags:

A couple of weeks ago it was revealed that a known Linux bug, Ghost (short-ish for the gethostbyname() function in the older glibc library versions) is riskier than previously thought. So the internet became abuzz with warnings to those who might not have updated their Linux distros.

I have several versions of Fedora running on various machines and updating them was simply not an option. Unfortunately they are also too old and patches are no longer available. But here comes the beauty of Linux, the open source code model. Combine that with a virtual server like Hyper-V and you have all the tools you need to create the patch yourself.

This is what I did to create patches for one of my platforms:

  • Created a guest virtual machine on the virtual server.
  • Downloaded the needed version of Fedora from this archive.
  • Installed the OS on the guest machine.
  • Downloaded the appropriate source code version of glibc. rpmfind.net is a good place to find many source code packages.
  • After installing all tools and libraries necessary to compile and build glibc, I used this StackExchange post as a guide to patch the C files based on the documented modifications and built the rpm package.
  • After installing and testing the newly built glibc library on the guest machine, I copied the rpm files to the production machine and installed them.
  • After a reboot, the bug was patched.

C code

Now many would object to running an older and unsupported version of Linux for production but I am not so sure that jumping to every new version as soon it is released contributes to additional safety. Staying with older versions does make the job of patching these sorts of bugs more cumbersome, but there's something to be said about the educational value of patching these bugs at more basic levels than just running the yum or apt-get commands. I, for one, learned quite a bit from this exercise.

 

Windows 10 Disappearing Start Menu Mystery

by @ 12:34 pm
Filed under: microsoft — Tags:

I have Windows 10 Pro Technical Review installed on a virtual machine at work and all was going swimmingly until the updates came along a while back and pushed it to Build 9926.

windows 10

That was the end of the Start menu, it just vanished. I made a bunch settings and config changes as advised by various forum posts, including some from Microsoft employees, and rebooted countless times but no dice. Clicking on the Start menu was as useless as doing so on Windows 8.

Eventually I decided to run Windows Update manually (wuapp.exe) to see if any new updates would fix the issue, but every time I ran the command I was greeted with the dreaded error message: This app can't be activated by the built-in administrator. Yes, I log in as the Administrator on that machine, and why the almighty account can't run an application is beyond me.

Thankfully this article saved the day. After enabling the policy, User Account Control: Admin Approval Mode for the Built-in Administrator Account and a reboot, I was able to run Windows Update.

But as a side effect, the Start menu suddenly began working. Had this policy change fixed the problem or was it just a coincidence? Maybe if you have the same issue, you can try the same action and report back if it fixes the problem. Right now I'm too elated to have the Start menu back to undo the change and test the theory.

PHP - echo'ing String Fragments Using Periods Vs. Commas

by @ 10:18 pm
Filed under: computers — Tags:

One of the mysteries of PHP's echo function is the supposed equal treatment of multiple strings separated by periods (.) vs. those separated by commas (,). Actually echo is a language construct, but I digress. In both cases echo appears to concatenate the string fragments and output the resulting string.

In actuality, the period is the real concatenation operator in PHP. The comma on the other hand signifies echo's ability to accept variable-length arguments. Judging by Google search, most people just accept the fact that they can use either periods or commas with the echo function to get the job done.

But there's a subtle difference that's mostly overlooked because it rarely mucks up the results. Take a look at the two code lines below. You might expect to see 12 for both cases, but that is not so.

php echo

The reason is that with periods, some or all expressions are evaluated first and the results are concatenated. Then echo outputs the result after all fragments are concatenated. With commas echo walks the argument list, evaluating expressions and spitting out the results as it goes along.

« Newer Posts

Powered by


Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1GfrF49zFWfn7qHtgFxgLMihgdnVzhE361
paypal.me/rhashemian
© 2001-2021 Robert Hashemian   Powered by Hashemian.com