Archive for 2006

« Older Entries
Newer Entries »

Cracking Windows passwords

Wednesday, August 23rd, 2006

Ok, do you all remember how on Slashdot and Digg they had a link to a sourceforge project used to crack passwords? It can be found here.

My brother wouldn’t let me use his laptop over the weekend so I downloaded the ISO and made a boot CD to show how easy it would be to get his password.  So, we booted his lappy up with the CD in there and sure enough, it cracked his password in a few minutes.  So, we ran it on my other brother’s lappy from work.

His work uses domains and the cracker didn’t actually find his username, so it couldn’t crack his password.  It did find the local admin though (which is an account closely guarded by his work’s IT department).  Now my brother happened to know that password.  When it had finished running, it had only managed to determine half of the password.  I was curious about this so I did some experimenting.

I’ve determined that if I put a special character at the beginning and end of the password, that Ophcrack cannot determine a single letter of the password.  That is, if I put a [!@#$%^&*()_] as the leading and ending characters.  I believe that if your password is too long, windows stores it in two hashes.  So, if you have a long password, you need to put some of those characters in the middle.  If not, Ophcrack will be able to determine at least a few characters of your password.

What I found interesting about the domain issue is that you can log into a laptop with a domain username and password even when not connected to the domain.  In fact, when my brother first used the laptop, he was not even connected to the domain and could log in with his username and password.  This suggests that windows stores domain usernames and passwords on the local machine.

If that is the case, one just needs to figure out where to point Ophcrack and it just might be able to harvest domain usernames and passwords.  If so, then shame on Windows.  That would be a huge security flaw!

Posted in Technology | 1 Comment »

XBox 360 mods & game demos

Monday, August 21st, 2006

A friend of mine pointed out a new “mod chip” available for the 360 today.  It’s not a full mod chip because you can’t run home brew code, but it allows you to play pirated games or as they like to say “backed up games” (but not online). It’s pretty ingenious in that it switches between DVD drive firmwares on the fly and can even disable your network connection for you automatically. 

I’m not at all interested in this though because I just want home brew.  I take good care of my DVDs and don’t really need a backup.  Plus, I think most of these people acquire their backups online, and not by creating their own.  But, I do want to be able to run a customized media center, or stream videos from a non Media Center Edition PC and things like that. 

I won’t get into the running backups issue because I think people ought to be able to keep a backup of software that they pay for.  That is, of course, unless the game publisher wants to replace disks for free/low cost.  But I do think that game demos ought to be required.  It costs $6 to rent a game and give it a try. That is 1/10th of the cost to purchase the game.  So, if I really like the game I’d rather buy than rent.  But, with no game demo, how do I know if I am going to like the demo? People hype games all the time and then they suck.  No thanks.  I’m not dropping $60 on garbage.

So, if Microsoft wants to discourage the development of mod chips, they ought to let free software projects submit their code so they can get approved to run on the 360.  They should also require demo releases so that people can try before they buy and won’t care  (as much) about running “backup” disks.

Posted in Technology, Video Games | No Comments »

LSI Raid cards

Monday, August 21st, 2006

So we shipped a whole bunch of products out into the field that use LSI raid cards.  The controller cards have cache on them, as do the drives.  The drive cache was left on and it ended up causing a bunch of headaches for us in the field.  Obviously it is bad to cache on both the hard drive and the controller.  If the drive loses power before it writes its cache to disk, the controller will think everything is ok when, in fact, the cached data was never written out.  It has caused drives to fail in the field and sometimes arrays do not rebuild when a drive is replaced.

So, since I did the hardware abstraction layer, which interacts with the LSI cards through their “megalib” library, I was tasked with writing an application that would disable the drive cache on all of the hard drives.  The drives in question are SATA drives, but the LSI card makes them appear as SCSI devices to Linux.

In order to disable the cache, I have to send a command directly to the drives using a pass through function in the controller cards.  After finding some good resources on SCSI commands, I found it wasn’t actually a difficult task.  But the LSI Library’s pass through is somewhat confusing to me and not very well documented.  You pass in a CDB structure (command descriptor block) that tells the drive what you want it to do (in this case modify the drive cache settings). 

The problem being that I need to modify just one bit of an entire byte.  So I have to know the value of the rest of that byte.  So I sent in a command to read the drive information.  Using the serial output on the LSI card, I can see that it is reading the HDD configuration, but I see no change in the output with write cache enabled and disabled.

The pass through function provided by LSI requires you pass in a CDB which also has a pointer to memory used for input or output (depending on the command you send).  When I try to just set the first three bytes (which are all I should need to modify the drive cache), it fails. 

So, not only does it not seem to be reading the data properly, but it doesn’t seem to write it either.  Most likely, I’m doing something wrong.  But the fact that there is no satisfactory documentation, and that I have to wait to hear from one of their developers, kind of irritates me.

But, I cannot say a whole lot here because the code my work puts out almost completely lacks documentation.  I’ve written general classes to do some basic things only to be told by someone later that we already had a class written to perform that task.  Of course, I couldn’t have possibly known that unless I delved through our source.  The problem being that we have millions of lines of code!

Edit: I forgot, I was going to put some links to some great resources that I found.
This one from answers.com talks about all the different commands you might want to issue to a SCSI device.
Here is one from Apple that shows where the WCE (write cache enable) bit is changed.

Posted in Programming, Technology | No Comments »

Invisible Shield for Canon camera LCD

Monday, August 21st, 2006

Well, I’m not much of a picture taker, so it took a long time to get a good field test in on the camera’s LCD screen protector.  I was pretty nervous about this one because they tend to peel off after some time.  The screen has been on there for a month and has been used several times and you still cannot even tell that there is a protector over the screen.  No, it’s not because the screen fell off.  If you look closely you can see the edges of it.

This last time I used it in the dark at the beach, however.  So it was clumsily removed from its bag, and replaced in the dark.  The humidity did not seem to affect the adhesive either.

As you recall, I put one of these shields on my Creative Zen Vision:M also.  The camera’s protector was much easier to put on but both are performing quite well.  I did manage to get a small scratch on the protector on my MP3 player, but it is not very noticable.  If I were to take a picture of it, I could undoubtedly get that replaced, but it isn’t worth the effort at this time.

Posted in Technology | No Comments »

English errors

Thursday, August 17th, 2006

This isn’t the geekiest thing in the world but my brother pointed me to a website that deals with common English errors.  This all started when I accused him of being at the “beck and call” of someone at work.  Because most people, myself included, don’t properly enunciate their “d” when they say this, it sounds like “beckon call.”

That prompted him to look for this site.

When people misspell or misuse words and phrases, it really bothers me.  The funny thing is that I’m not the world’s greatest speller myself.  But the site has so many common errors that one could spend hours looking through them.  Some are mistakes that I make on a regular basis, and will have to spend much time working on correcting them. 

Edit: The reason we discussed the spelling is that we were talking about this using IM while at work.

Posted in Personal | No Comments »

Shameless plug

Thursday, August 17th, 2006

Ok, here I am putting in a shameless plug for a friend of mine.  He wrote a time clock or time sheet program for windows.  You can find it here.

Alright, I’m not just putting it here as a shameless plug.  I think it is pretty cool.  He spent a lot of time and effort developing it in his free time.  What I find so remarkable about it is that he wrote it using pascal.  I thought it was an interesting choice.  I don’t know anything about pascal, to speak of.  I didn’t even have a class on it at school.  I’m not at all remotely interested in it as a language.  Granted that Delphi is still supposed to be pretty popular.  There are sites devoted to it.  But this friend of mine hasn’t had to do pascal programming at work for years.

If I had a lot of viewers, I’d probably get flamed for being so marvelled by the use of pascal.  But I guess it’s just a change in the wind, all programming languages tend to get phased out.  It’s sink or swim in this world.  I’ll likely have to learn some languages that I had never dreamed of some day.

Posted in Programming, Technology | No Comments »

Behind the times again…

Monday, August 14th, 2006

Ok, I am loathe to admit it, but I just barely started playing World of Warcraft.  I had played previously, using a 10 day trial from a friend.  At the time I played, I was in a situation that granted me a lot of free time to play around on computers but I couldn’t really do anything else.  So, I played a lot during those 10 days.  A friend from work indicated he wanted some help, so I thought I’d try and catch up to him while he is away in China for business.  I found out from an email today that I have a lot of catching up to do.  I won’t be caught up before he comes back.  Maybe I’ll catch up during my medical leave.

So why am I confessing this?  I am beginning to wonder if I am becoming a luddite or something.  I’m completely behind technologically.  I haven’t bought a new computer in over 4 years.  Well, unless you count my Xbox360.  Can I really consider myself a computer geek or a nerd? I don’t know.

Posted in Video Games | No Comments »

Surgery Again

Saturday, August 12th, 2006

So, as all of my co-workers know, I had surgery back in April to try and help me sleep better.  I seem to have this problem where my tongue blocks my throat like 30 times an hour when I sleep.  Well, I had that problem.  I had a genio-glossus advancement (tongue advancement) back in April.  It seems that I’m down to a mere 7 events per hour but am still having trouble breathing when I sleep. 

So now I am getting a UPPP (soft palate cleanup), and a nose job.  I kind of look at it like porting the engine on your car.  You clean up all the intake (and exhaust for that matter), to make sure that you get as much oxygen flow as possible.  I’m completely excited about it though even though I hate surgery.

The big day is coming up in less than a month.  A doctor at Stanford is going to do it even though he’s not contracted on my insurance.  My previous surgery would have cost $7000 there but after talking to the doctor he’s worked out a deal where I’ll only have to pay him $2000 plus whatever the insurance company will give him.

He is the most awesome doctor in that regard.  He’s the number one doctor in the world in his field and could charge anything he wanted and there are people who would pay it.  But he’s a down to Earth guy and worked that out for me.  Thank you Dr. Nelson Powell!!!

Posted in Personal | No Comments »

Sorry…

Saturday, August 12th, 2006

For ignoring the internet completely for the past week or so.  Work has been rather busy, or at least it was at the start of the week.  On Thursday, I didn’t come in because I had a doctor’s appointment in the Bay Area.  Friday, I had a meeting that I was falling asleep through and didn’t come in after lunch because my garage door fell off the track and wouldn’t close.  In fact, I waited for someone to come and fix it (I have a home warranty until Tuesday).  Within hours, it almost completely fell out of the track and almost crushed my car.  I mean seriously, it was hanging on by a thread.  Now the home warranty people are saying they don’t cover it *sigh*.  It’s like $1000 to replace the door and fix the track.  That really sucks.

Posted in Personal | No Comments »

Am I a nerd?

Sunday, August 6th, 2006

Sometimes, when I listen to my coworkers talk about software, linux distros, etc, I wonder if I am really a computer nerd.  They talk about all these things that only seem to interest me mildly.  I’m always willing to talk to them about it, but never know as much as they do, and never am interested in learning a whole lot more.

I’ve worked on some interesting projects in the past that I have enjoyed.  I’ve worked on a Hardware Abstraction Layer (HAL), audio/video network transportation, code optimization, and administration tools just at my current employer alone.

They have, for the most part, been interesting projects.  The most interesting being the optimizing, and the HAL.

I’ve decided though that what I am most interested in is security, encryption, and other such things.  I probably am not good enough at math to develop or break encryption algorithms.  But, I think I need to start spending time getting more acquainted with these things that interest me.  Even if it never ends up aiding me greatly in a professional aspect.  I think it would make an interesting hobby.

Posted in Programming, Technology | No Comments »

« Older Entries
Newer Entries »