Tag Archives: technology

micro$not, mshtml, and activex

back in the dark ages, when i was working at STLabs, before we moved to factoria (i.e. STLabs… so, what? maybe 1995? 1996? somewhere in there), i was testing Internet Explorer version 3.0, which meant, basically, that i was testing micro$not’s browser engine, which is called MSHTML.dll. at the time, a very good friend of mine from college, saint fred (now, sadly, passed on) was mucking about with the innards of micro$not’s operating system, and discovered a problem which had existed for several years prior to this, which micro$not had “made disappear” by changing the technology’s name from OLE — which was, itself, a “renamed” technology, originally called Visual Basic for Applications, or “VB-A” — to “ActiveX”, and, in the process of making it “disappear”, actually made it more prevalent and insidious, by making it work seamlessly with even more micro$not technology.

and, saint fred being who he was, took advantage of this by writing the “Exploder Control”, which could be embedded in a web page, or a microsoft document, and would, when “activated”, perform a clean shutdown of the computer on which it was being viewed… whether you wanted to shut down your computer, or not.

you hit this web page, and, within seconds, your computer shuts down, with no further input from you. 😏

or…

you open this microsoft word document, and, within seconds, your computer shuts down, with no further input from you. 🤣

i watched it happen as it first came out, before anybody realised what it was. it was hillarious! i gave the URI for the exploder control to my boss, and then went back to my workstation and listened, as she suddenly whined “it shut down my computer!” 🤣🤣🤣

and, of course, micro$not’s response to this was to threaten saint fred with lawsuits for doing stuff he shouldn’t have been doing, and when that didn’t work (because fred made sure that the exploder did everything strictly “by the book”, including getting micro$not’s signature on the control), they made the exploder control something that was detected by their anti-virus software (even though it was very clearly NOT a virus, and, actually, did everything totally “by the book”, something to which micro$not never admitted), and, once they figured out that they had caused all of this, they pulled their signature on the control, so that it raised even more red flags before actually activating it…

and, basically, did everything EXCEPT fix the problem, which, after a few months of frantic ass-covering by micro$not’s marketing department, while the tech industry had a good laugh, got swept under the rug, anyway, by more current micro$not fiascos.

but the technology remained, and every version of windows has support for activex, every version of MSHTML.dll has support for activex (which is one of the reasons micro$not got rid of MSHTML.dll a couple years ago, and current versions of Internet Exploder… um… what’s their browser called again? EDGE, that’s it… uses google’s “chrome” browser engine, instead. the browser wars are over! micro$not LOST!) and you can, literally, do ANYTHING with activex, that you could do from the normal user interface of windows, and there is, literally, NOTHING stopping you from doing this — or other, more nefarious things — given A LITTLE knowledge of the technology.

which is why, when i saw this headline: Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft the FIRST THING i thought was “Exploder Control strikes again!”

this is one of the VERY BIG reasons i do not use micro$not on my computers. i don’t even have my microsoft 5-button mouse any longer!

i wonder if they’ll ever learn. 🙄

Continue reading micro$not, mshtml, and activex

i might have known…

so, the weird weirdness with my web site was ENTIRELY caused by the osCommerce web site…

which i haven’t even thought about since 2016, because the previous web designer was supposed to have deleted it, once i had successfully migrated to wordpress…

but which wasn’t deleted (despite the fact that it was one of the things i paid her to do 😠), and continued to “function”, without a “head”, for FIVE YEARS

if nothing else, i suppose, it says something about osCommerce’s resiliancy and ability to continue to function despite being headless and updateless for the past 5 years. i wonder if i could treat wordpress the same way, and expect the same result. i suspect, probably, not.

it’s still there, physically, but it has had it’s hooks into the system removed, so it is no longer functioning. the next step is to figure out which parts are wordpress parts and which parts are osCommerce parts, and delete the osCommerce parts.

in other news, ezra has come up with an idea that needs internet and a web host to work, and, well… i’m the next best thing to a web host, these days… apart from the FUMTU with osCommerce… 😉

database hell, okay?

i gave the web developer my login to the open support ticket at the host provider. there hasn’t been any obvious action yet, but i’ve emailed with the web developer, who worked out a temporary solution which may work out if his attempts to communicate with the host provider don’t work out… but, as i said, he hasn’t even logged in, much less done what the host provider asked of me, which was to “clearly lay out the issues you’re facing and the solution you need done to resolve this issue”.

210606 screenshot SQL error
210606 screenshot SQL error
the issues are that i can’t add new content (the “not HTML” difficulty and its results), and i get weird SQL errors, which only appear once, and then go away. i don’t get them on a regular basis: sometimes i get them the first time i hit the site, when i boot my computer in the morning, and sometimes i get them in the middle of the afternoon. frequently i get them when i’m hitting the base URI, but i’ve also seen them when i’m hitting deeper content.

i don’t know what the solution is, because i don’t know what is causing it. my web developer seems to think it’s the database engine at my host provider, because he has some sort of advanced tool that tells him when things aren’t working correctly. my host provider says he’s full of shit, that his proposed “upgrades” will break things for everybody else, and won’t even talk to the him unless he logs in as me. unfortunately, i know little enough about database engines that any input i can offer would be totally meaningless.

i feel a little bit better, because, now, instead of "doing this as a courtesy as this is not included as part of your Web Maintenance", they have now, actually charged me money, so i am, actually, paying them to fix my shit, and the temporary work around that he proposed, while not ideal, would certainly fix the problem for at least a year.

but i seem to recall going through another database fiasco last year around this time, and, if this is going to become a regular occurrance, i think i’ll pass, thanks. 😒

ETA: the web developer has logged in as me, and given a detailed description of exactly what is wrong, exactly why he thinks it’s wrong, examples of identical installations that follow his guidelines that don’t experience the problems i’m having, and a variety of different solutions to the problems he’s found. the host provider has yet to reply. because of the fact that they’re on eastern time, there’s a good chance we won’t hear anything until tomorrow.

blargh! 🤬

i’ve noticed a couple of things that are… screwy… about my web sites.

intermittently, i get random SQL errors. they only appear once, and when i reload the page, they disappear, but it’s sort of alarming.

and then there’s the “not HTML” FUMTU, which usually works, but has decided not to for a few days now.

so, i contacted my web developer, who said that my database needed “upgrading” to prevent these, and future problems.

not knowing that much about databases, i contacted my host provider, who said that the “upgrades” he proposed are actually DOWNgrades, and implementing them would break the databases for EVERYONE who shares the server i’m on.

so, i got back to the developer, who said that the reason he stopped using this host provider two years ago (which was about the same time i started using this host provider) was because “their policy” was to avoid communication with “third parties” (i.e. i’m a customer of the host provider, and the guy who i pay to know more about the web than me is a “third party”).

while they didn’t actually deny that this was “their policy”, the host provider went out of their way to emphasise that i am their customer, and if i wanted to include my web designer, i would have to give him my login, because they weren’t going to create a special login for him.

so i did that.

i figure, whatever happens, i can change my password once this whole thing is resolved. it is also A LOT easier than trying to convince the host provider to create a login for someone who is not a customer of theirs…

then they switched their tactics, and had a different technician chime in (one with whom i have not talked about this particular problem), who stated “let your developer know that it is already upgraded and using a stable version. If he is unable to diagnose this issue then another developer may be needed…”

this was AFTER i gave my web developer my login, so that he could participate in the “conversation”…

i wanted to say “HE’S RIGHT HERE! TALK TO HIM, NOT TO ME!!” 😠🤬😠🤬

but i didn’t…

but i wanted to… 😒

the web developer was busy yesterday, and (like most “businesses”) he doesn’t work on the weekend, so i’ve pushed back the impending storm until monday…

but…

the web developer has already said “we’re doing this as a courtesy as this is not included as part of your Web Maintenance” and “if they can’t do what we’re asking them to do our hands are tied.” AND the host provider has already said “we do not have a way to resolve something like this as the server itself is not causing the issue and the database server is already up to date.”, which gives me the very strong impression that, when monday comes around, the web developer is going to show up and make demands, the host provider is going to say no, and we’ll be right back where we started.

and all of this is IN SPITE of the fact that i am paying BOTH of these entities to make sure that my shit is kept up to date! 🤬🤬🤬🤬🤬🤬

🤬

this morning is the second in a row that i have woken up at 4:00 in the morning, and can’t get back to sleep. 😒

it is THIS EXACT PHENOMENON that makes me want to give up internet forever and go live in the woods, like a hermit, not interacting with anyone! 😠

sigh…

getting old sucks. 🤬

i got home this afternoon, and took the small doggie outside, and, as i was going down the stairs from the deck, my right foot hit a slippery spot on the third step from the bottom, and i fell, bruising my back and legs, and scraping my right arm, which reached out for support, but reached in the wrong direction, because of my brain injury. 😒

the dog experienced a rather rough landing, but she wandered off without more than an “oof” when she hit the ground. she’s fine.

i lay on the ground for a few minutes, deciding whether or not anything was broken (as far as i can tell, nothing was), and breathing hard, because my back REALLY hurt, while the doggie wandered, obliviously, around the yard.

fortunately, i had my phone, so i called moe, who called the neighbour, who came to help me, but all she actually did was pick up the doggie, because i couldn’t bend over.

at this point, i have taken ibuprophen and applied ice, and i can sit down without too much difficulty, although i can still REALLY feel my lower back, and i probably will be able to do so for the next few days.

in other news, i got my first order for 10 boxes of aparajita today. the guy actually wrote me while i was in the process of updating my web site, and wanted to make a “special order”. my guess is that i’ll have two or three more orders for 10 boxes, before the week is out… at $90 bucks a pop… 👍😉

also, i got a new monitor. the old one is an VGA 17″ flat screen from a few years ago. the new one is a HDMI 24″ flat screen from this year… it’s awesome, how much real estate is in the difference between 17″ and 24″

PUBLIC SERVICE ANNOUNCEMENT

Phishing Emails Used to Deploy KONNI Malware

if you are in the habit of using micro$not software, particularly the office varients (word, excell, power point, etc.), you should beware of the new “phishing” (specifically, “spear-phishing”) attack which uses an infected microsoft word document as the vector.

solution: don’t use micro$hit.

alternative solution: don’t use windoesn’t, or, if you do, don’t open ANY files that you receive in email, from ANYONE, if you weren’t expecting it, keep your antivirus software up to date, backup everything, and pray that something doesn’t happen anyway.

this is just the most recent extension of the exploder control controversy, started by my friend fred, back when W95 was current… except that, now, instead of calling it “OLE or “ActiveX” they’re calling it “VBA“, and it can do a lot more nefarious things to your computer than the exploder control could do — and the exploder control was relatively benign, in that it ONLY shut down your computer without your say so…

but micro$lop made a BIG OL’ fuss about it, when fred actually got it signed, because of the fact that it used ActiveX APIs in EXACTLY the way they were supposed to be used, and the automated process of signing didn’t take into account what the control actually DID, and whether doing that thing, at that time, was actually USEFUL… 😂🤣

by the way, the exploder control was SPECIFICALLY designed to work with W95 and IE3, so, unless you’re browsing on your grandfather’s computer, you’ve got nothing to worry about. 😉

hrmph!

i am done with the moisture festival for another year: 13 shares. we’ll see what a share costs in about a month, but i’m not holding my breath.

during the fremont phil part of the run, i broke my tuba: the mouthpiece receiver came loose, which made playing the instrument sort of interesting, but not absolutely impossible, which is why i took it to the repair shop today, instead of when it happened.

i’m still recovering from the flu. i’ve got a persistent cough which, according to what i’ve read recently, may never go away, although it seems to be, so i don’t know yet.

and, while i was busy with the moisture festival, a subscriber to one of the mailing lists i maintain, who has an email address at micro$awful, unknowingly sent email to the wrong address, and got the mailing list blacklisted from sending to addresses at micro$awful. the host provider’s response to this was to believe micro$awful, and to say that if i don’t move the mailing list to a third-party, commercial SMTP provider, that they were going to refuse to provide service to me any longer. i don’t want to do that, but i am running out of other choices very quickly, and informing micro$awful that their automated blacklister made a mistake is almost impossible. i’m getting really tired of dealing with other peoples’ screw-ups, and, once again, am debating whether or not to just toss all of my “web clients” except for my wife, and just deal with my own domains. it would be so much easier than explaining stuff to people who don’t understand, who don’t pay attention, and who do continue to do the stuff that makes problems happen which i can’t fix.

now that the moisture festival is over, i’ve got a band-mate’s saxophone to work on for a couple days, and moe and i are going to the beach in a week or so. hopefully that will give me the chance to get back to normal for a while. 😒

i’m really glad…

the computer industry has been a-twitter for the past few days, concerning a zero-day “bug” in micro$lop word, which gives an attacker full execution control of the victim’s machine — a Very Bad Thing®.

this reminds me of a couple of things that i experienced, more-or-less first-hand, while i was working at micro$lop, and is the PRIMARY REASON why i’m really glad i don’t run machines with their software on them.

there’s this, which outlines what the “bug” is, and how it allows an attacker to take control of a victim’s machine (i put the word “bug” in quotation marks because bugs are usually things that appear in the code by mistake, but it is my impression that micro$lop put this in deliberately, without realising the potential damage it could do)… which brings up the fact that they have known, particularly, about security problems with OLE (which went through a stage where they were referring to it as “ActiveX”), at least since my friend, and computer-god fred debuted The Exploder Control in 1995, which did a clean shut-down of any machine unfortunate enough to be running Windows95 — PLEASE NOTE: the Exploder Control is not harmful, and will not run correctly unless you’re running Windows95 and Internet Explorer version 3, which, by this time, presumably, you’re not. fred’s premise was, and still is, that if you have a method of excersising THAT MUCH control over a machine, it better well be FULLY AND COMPLETELY SECURE, otherwise people WILL take advantage of it.

i worked at micro$lop when the first Word Concept Virus was discovered. it was unique (at the time) because it allowed an attacker to infect a victim’s machine over email, without actually having to have physical contact with the target machine. it worked by utilising micro$lop word’s “normal.dot” template, and required the victim to have macros enabled by default. the new, most recent word problem doesn’t require macros to be enabled, and doesn’t work if the application is running in “Protected View”. so, the solution micro$lop has come up with is to recommend that you run word in “Protected View” in order to avoid this particular vulnerability.

it is significant, to me, that the primary reason we have things like active antivirus software on our computers today is because of actions taken by the micro$lop corporation when i worked there. when i was working there, they were the largest manufacturer of computer software in the world.

and it reminds me of the solution micro$lop came up with to avoid another “bug” in another one of their “excellent” programs, internet explorer: version 3 exhibited a flaw in the way that it displays URIs in the address bar, and by opening a specially crafted URI an attacker could open a page that appears to be from a different domain from the current location. the solution? “Do not click any hyperlinks that you do not trust. Type them into the address bar yourself“… despite the fact that one of the features of all web browsers is that you can get from one source of information to the next, easily, without having to type in long, unintelligible strings of code.

Rule of thumb — Every time Microsoft uses the word “smart,” be on the lookout for something dumb.
     — John Walker

A little detective work revealed that, as is usually the case when you encounter something shoddy in the vicinity of a computer, Microsoft incompetence and gratuitous incompatibility were to blame.
     — John Walker

no, no… i’m really a luddite, really!

i got a used ipad today. i got it primarily so that i can start a limited usage of “social media” in order to keep me more abreast of what is actually happening in my social circle.

see, these days most of the people i know communicate with each other through facebook. they use mailing lists and forums a lot less frequently than they used to, and pretty much never use their telephones for, you know, actual phone calls. but i’ve been adamant about facebook, particularly. i have over 200 individual links to articles about the overt evil done in the name of facebook, i refuse to become another data point on their graph of suckers and sheeple, and, so far, i have resisted the numerous temptations i have had, over the years, to join the book of farce.

150222 Frank Zappa the Catbut i also have a cat, named Frank Zappa, who has become a minor celebrity among my wife’s ever expanding circle of friends, and people have been clamouring to get frankie a facebook account, so this is a good compromise: i get to keep my actual computers free of the scourge, i don’t have to share anything that is actually mine, and i’ll have access to all of the community organisation that slipped past me before…

and i’ll also have a place to play Luxuria Superbia, which i bought about a year ago because i thought it would work on my phone, but it doesn’t…

1 in 10 Americans think HTML is an STD

1 in 10 Americans think HTML is an STD — the other day i was at a friend’s house when my phone rang. it was my mother-in-law, who very rarely calls me, but when she does, it’s usually something fairly important, so i answered. she proceded to ask me “tech-support-geek” questions (something about filtering spam, i think) and i had to remember not to use “computer geek” language when i told her the proper techniques. this is the woman who has to have the difference between a browser and an operating system explained to her, repeatedly… to give her a little credit, she does have a neurological disorder that affects her memory… but so do i… 😐

Tech Support Cheat Sheet

i would give a copy of this to her, except that she doesn’t understand how to read a flowchart…


Continue reading 1 in 10 Americans think HTML is an STD

old school…

i am in the process of putting together an old-school component stereo system. a long time ago, i had an old-school component stereo system, but it faded away over the period of a number of years, and has been entirely gone for some time now. but this is a new era. i have recently obtained a marantz amplifier:
131124 marantz amplifier
and a pair of real “Realistic” speakers from the 1970s — 36″ speakers in solid wood cabinets — which i add to my already existing sony turntable and cassette player… and, unlike 30 years ago, i paid less than $300 for the entire lot! soon (like, hopefully, tomorrow) i will receive a mini-stereo-to-RCA cable, and 100′ of pure copper speaker wire, and i will put together the most KICK ASS stereo i have owned in a number of decades.

no more drizzle, but what have i gotten myself into?

and, coincidentally, it’s raining outside… what do i have to do to get away from it? 😐

today i cancelled my drizzle account. this has been coming for a few years, but already i get the feeling that it’s out of the frying pan, into the fire…

i get connection speeds that are at least five times as fast with the new provider, but they gave me a modem/router which has settings that they “don’t support”. they told me right up front that if i enable MAC authentication, it isn’t supported…

with drizzle, i had a static IP address. the new guys only offer DHCP, which means that, if i want to connect to my mac from my linux box, every day, i have to go to the terminal on the mac, type in “sudo ifconfig” and get the IP address, which is then used on the linux box to connect the linux box to the mac. every day both the linux box and the mac gets a new IP addresses, and the old ones quits working, which means that the connection on the linux box dies.

and, yes, i AM aware of the fact that MAC authentication does not refer specifically to Macintosh computers.

i know that there is a way to get the linux box to automatically find the mac on the network, and automatically change the addresses so that the icons in dolphin work from one day to the next, but i’ll be damned if i know how to do it… and, at this point, it has already been demonstrated that the people at the new ISP aren’t going to be any help at all… πŸ˜›

yee HAW!!

i’m back from OCF, with about 200 photos that i am currently going through, slowly. be patient and all will be revealed… or at least as much of it as i feel comfortable putting on internet… 8)

but the reason for this post is that the day i left i got a notice from my anti-cracker program that said that it had permanently banned yet another IP address from being able to access my web site, because the person behind it had been poking around on my web site in a place where they definitely should not be… i’m SO jazzed that this works… it makes my day… week… month… πŸ˜€

not only that, but, today i got a message from an email administrator in germany, informing me that one of my recent, automatic spam reports (i.e. i didn’t even know that the spam message had been sent, received, or reported, because it happens completely automatically) was actually successful in preventing approximately 12,000 further messages from being sent. now i realise that 12,000 messages are a drop in the ocean of spam, but it’s a drop that didn’t get sent because of my automatic set-up…

isn’t technology wonderful? 8)

oh well…

i suppose it had to happen some time…

i guess i am destined to be one of those stubborn old codgers who won’t give up their physical hard disks and wired connections when everyone else has gone to the cloud, but you’ve got to draw the line somewhere, and turning my perfectly good, perfectly functional laptop into a “fondle-slab” — which may or may not work, even if the hardware will support it, and is guaranteed not to work if the hardware won’t support it — is where i draw the line. ‘Lion’ Apple Mac OS X 10.7: Sneak Preview – OS X 10.6.8 is as high as i’m willing to go with this crap.

now, i’m going to play with my OS9 macintosh, which actually is a macintosh, thank you… 😐

update

i’ve been working on a new web site template for the mercer island vet clinic, which is essentially finished, but it hasn’t had the content added yet, so it’s not live.

i’m about a week away from my first colonoscopy, which starts in a week with multiple degrees of laxatives and purgatives and a clear-liquid fast… which should be a “thrill”… and then, to top it all off, i get an anesthetic that causes retrograde amnesia and i have to get a ride home, because i won’t be allowed to drive for 24 hours afterward, so i’m probably going to have to take the bus to the clinic, which is the same general location that they took me when i had my brain injury. 😐 then i have to schedule another appointment with dr. wackaloon to talk about my allegedly-high blood pressure. what i maintain, which is what i maintained before i tested “high” at his office the last time, is that i run a little higher than normal, which has been reinforced by the fact that i have been checking daily for 26 days, and my average is 143/95 – which is a little higher than normal… but my life is not as “relaxed” as i would like it to be, so it’s understandable…

the ballard sedentary sousa band is performing at the mural amphitheatre on sunday, for folklife. i pulled off a miraculous save and got the last remaining parking pass when it’s original recipient (clayton) wasn’t at the last rehearsal to claim it… which means that i’ll be able to park relatively close to the amphitheatre, for free, rather than having to pay to park a couple of miles away and take the bus there and back, which will also mean that i may actually spend more than the requisite hour or so that i have to be there.

the unauthorised authorisation dialogue went away when i realised that i have the leap.cc site in my RSS feed as well… i deleted the site, and the dialogue went away and has not come back. as far as i can tell, there’s still no site at leap.cc, although the domain itself doesn’t expire until 2013… weird…

ologies

i got my first ever backup of my entire home directory and my music collection finished a few minutes ago… 107gb… which is nowhere near all of the space i have available… 8) i still have to find out how to make the disk mount at startup, which i suspect will involve finding out how to add it to /etc/fstab or /etc/mtab. i’ve also got to figure out how to actually move my home directory, rather than just using a new one – basically what i want is, when i type cd .. into the terminal, instead of going to the main hard disk, i want to go to my newly populated external disk. i’ve got a list of instructions which don’t seem to do much more than moving stuff from one place to another, and neglects to tell the system of the change, and i already know how to move stuff…

i just got a HUGE packet of information about my heritage and genealogy… it’s enough that i’m going to be able to add another of the missing branches of my family tree, and it will definitely push my family research back to “the old country” – in this case, ireland – and the 17th century CE. it is something that i got in email from someone with whom i am apparently fourth cousins, either once or twice removed (depending on how old he is) – the last ancestor that we have in common was my great-great-great grandfather. i’m still sort of stuck finding any information at all about my mother’s side of the family, but i think i may have a lead on my maternal grandmother’s social security application, which should give me a birthdate and (hopefully) a maiden name around which i can start investigating.