Tag Archives: computer

Zero Hour – S01E11 – The Hand

Yay, more code! If you split the view four ways and scroll each a little differently, it looks a lot more impressive. Source is: http://www.csee.wvu.edu/~cukic/CS350/Spring98/C_Ch10.txt

They C++-ified the code (ie, cout instead of printf). See leftmost pane in screenshot:

main()
{
   unsigned number1 = 960;

   printf("\nThe result of left shifting\n");
   displayBits(number1);
   printf("8 bit positions using the ");
   printf("left shift operator << is\n");
   displayBits(number1 << 8);

   printf("\nThe result of right shifting\n");
   displayBits(number1);
   printf("8 bit positions using the ");
   printf("right shift operator >> is\n");
   displayBits(number1 >> 8);
   return 0;
}

Screen Shot 2013-08-01 at 22.40.43

Mystery doc used as background in America’s Book of Secrets

I was watching America’s Book of Secrets – S02E10 – Presidential Assassins, and @18:57, I spotted hexdump output scrolling behind the images.  Unfortunately, the beginning frames had no obviously unique text:

Screen Shot 2013-06-18 at 23.10.13

But a few frames later, I spotted probably searchable text “rafrht Alwera”:

Screen Shot 2013-06-18 at 23.10.41

Here is where it becomes strange.  Googling for “rafrht alwera” returns just 1 hit, a PDF file that looks like it also contains hexdump output:

Screen Shot 2013-06-18 at 23.44.15

Opening the file in Acrobat and searching for the text “rafrht” returns one match but not the hexdump Google found.

Screen Shot 2013-06-18 at 23.02.20

 

Oddly, hexdump on the PDF does not show any “rafrht”. So what did Google and Acrobat find?

Adobe and case-sensitive filesystems

My Mac has multiple filesystems.  Non-system partitions are formatted Case-sensitive, Journaled while past experience with Adobe has taught me that the OS partition must be formatted Case-insensitive, Journaled.  The global Applications folder and the admin account’s home dir live on OS partition.  My non-privileged account’s home dir lives on a case-sensitive partition.

I  tried to install InDesign CS6 as myself via Adobe Application Manager download.  Very early on in the process, it threw up this error:

Screen Shot 2013-06-03 at 12.43.45 PM

Googling for that error code, A12E1, returned nothing useful.  I downloaded the full installation dmg, then ran the installer.  Different error:

Screen Shot 2013-06-03 at 12.48.42 PM

Which is frustrating because the partition I was trying to install on is case-insensitive.  Also, the installer does not allow you to select a different partition.  I saw many complaints in various forums about this decade-old bug.

Solution: Log in as admin (home dir on case-insensitive partition), run ID6 installer from downloaded dmg, log out of admin, log back in as myself, and run ID6.  The installer checks the active user’s home partition for case-sensitivity which does not make sense since the legacy stuff lives on the case-insensitive OS partition.

Castle – S05E24 – Watershed

Screen Shot 2013-05-15 at 00.15.03

I have never seen a security/firewall system like this.  On the left, I see emacs or some variant of, the status line says “edit code: mySysScan.c“.  And the middle bottom window says “*shell*“.  The lower right is some code that I cannot make out.  The rest looks familiar but I cannot identify it.

But the bigger question is, if they were looking into how somebody broke into a system, wouldn’t either/both the Security Scan or Firewall Protection Scan have alerted when the incursion occurred?  And if they did not, why would a post mortem scan produce a different result?

The Following – S01E04 – Mad Love

Screen Shot 2013-02-11 at 23.36.24

There are so many things wrong with this.

  • Once again, the window on the left is source code, because we always have source code up.  The code is unp.h from http://socketprogrammer.blogspot.com/2009/04/unix-network-programming.html
    /* OSF/1 actually disables recv() and send() in <sys/socket.h> */
    #ifdef	__osf__
    #undef	recv
    #undef	send
    #define	recv(a,b,c,d)	recvfrom(a,b,c,d,0,0)
    #define	send(a,b,c,d)	sendto(a,b,c,d,0,0)
    #endif
  • North Korea does not have a gigabit uplink to the rest of the world.
  • While none of the IP addresses are (understandably) valid (all have one octet > 255), the last few hops are multicast addresses which are not traceable.  See Wikipedia – Multicast address.
  • The real command is “traceroute” (or “tracert” in Windows land) and it shows you the path from the computer you are running it on to another IP address.  You can trace back to a mail/web/ftp/etc. server (cpanengine.com if it actually existed), but not to an email address.  Some mail servers add a header line that shows the client IP, which you can trace back to.
  • If the recipient of the message was at Host A (126.55.341.66), and the sender was Host B (cpanengine.com), an investigator at Host C (shown above) cannot run a traceroute to see how Host A would talk to Host B.
  • The hop times are simply replicated, 160ms/240ms 174ms/436ms alternating.
  • The normal traceroute does not show the type of device, ie., wifi router, satellite, etc.  It is possible to determine the type of device from its MAC address, but only the next/previous hop sees the MAC address, and it is not passed along.
  • Traffic going through a satellite would be layer 1 (the satellite does not have an IP on the customer traffic side) and thus the satellite would not show up as a hop.  This article is from 2008 but still valid – Identifying undersea fibre and satellite links with traceroute.
  • Why would traffic bounce through 10 satellites?
  • traceroute does not show the local computer’s network card as the first hop.
  • Why would every window have a WiFi menu?

A real traceroute looks like this:

Screen Shot 2013-06-09 at 16.04.25

The Mob Doctor – S01E09 – Fluid Dynamics

Screen Shot 2012-12-03 at 23.14.39

Screen graphics people love scrolling source code whenever somebody is working on a computer.  This appears to be Module1.bas from https://kenai.com/projects/jkatalog but reordered:

Attribute VB_Name = "Module1"
Option Explicit

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Copyright ©1996-2006 VBnet, Randy Birch, All Rights Reserved.
' Some pages may also contain other copyrights by the author.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Public Const IOCTL_STORAGE_EJECT_MEDIA As Long = &H2D4808
Public Const IOCTL_STORAGE_LOAD_MEDIA As Long = &H2D480C

Public Const DRIVE_REMOVABLE As Long = 2
Public Const DRIVE_CDROM As Long = 5
Public Const INVALID_HANDLE_VALUE As Long = -1&
Public Const GENERIC_READ As Long = &H80000000
Public Const FILE_SHARE_READ As Long = &H1
Public Const FILE_SHARE_WRITE As Long = &H2
Public Const FILE_ANY_ACCESS As Long = &H0
Public Const FILE_READ_ACCESS  As Long = &H1
Public Const FILE_WRITE_ACCESS As Long = &H2
Public Const OPEN_EXISTING As Long = 3
Public Const IOCTL_STORAGE_MEDIA_REMOVAL As Long = &H2D4804

Public Type PREVENT_MEDIA_REMOVAL
   PreventMediaRemoval As Byte
End Type