デフコン

This afternoon the Internet at my workplace went down. Since the rest of the network infrastructure was running fine, I thought it was one of those random pesky Unifi downtimes that happens once in a blue moon.

After a couple of hours I couldn’t take it anymore and decided to investigate and observed the primary gateway is slowly chugging along. Well, a quick hard reboot should fix it…

… Not.

Then I noticed my secondary gateway has high CPU usage as well – so a soft-reboot should do the trick…

… Nope.

Tried to run PING to Google (el classico!) and the response was quite odd – on-and-off responses.

I thought something was definitely wrong with the network, and boy I was pretty damn right.

A quick peek at the network monitoring tool shows 5 MBps activities on my network servers, it’s a magic number just enough to drown the Unifi link. Something is hogging the network.

So I disconnected my IP masquerade from the network – and Internet access (on the server) immediately restored.

Time to find the bad boy – DARKSTAT to the rescue. In a few seconds, the wolf among the sheep is found (more like a zombie, that fella was happily flooding the network with RDP requests). First thing that came across my mind is to immediately configure the firewall to drop all packets coming from the machine.

Yep, this time it fully restored the Internet access in our network.

ZENMAP showed our target as a Windows 2003 Server SP2 machine with a handful of opened ports. From the outside it doesn’t seem vulnerable.

… From the outside that is…

I saw RDP was opened so the most logical thing to do is to try to remote access that sonnovabeech with the most powerful account available and the most stupid password known on Earth.

Jackpot – Administrator privileges granted on the first try itself. As expected, I was greeted with loads of suspicious looking processes and a very nicely placed backdoor (LogMeIn) upon firing up the task manager.

Let’s kill this beach before it lays eggs.

Next time I’m going to audit each !@#$ server that is going to be placed on the network.

とある物語３

Imagine you are going to conduct a full day technical training to government officers. Imagine you have suited up with your best professional appearance.

Imagine you arrived on site on time. You took out a large box containing 21 pieces of equipment from your boot, your 5 kilo working backpack, your water bottle from the car.

Locked the car and proceed walking towards the traffic light junction between the car park and the government building.

Everything is cool and smooth. You felt your pants pockets and…

Shit happened - your car ignition key is missing (imagine the key is not kept together with the remote for security reasons).

You looked frantically around you and the key is no where in sight. You have to deliver the equipment on-time, there are issues requiring your on-time support, and top it all off it is your turn to present soon. You are afraid if the key is picked up by someone else. You are afraid you will not able to go home today.

You’re sweating profusely, your shirt is all wet, after all that trouble you took to look good. Time is ticking, make your choice.

This is not fiction.

I chose to deliver the equipment to my colleague (the current presenter) and fulfill my commitment to support the technician in the Personalization Centre. Apparently there was some unknown (to the technician, at least) error during personalization of test cards, and the issue was very urgent.

I requested the technician to open up the PIN file, but watching the clueless technician staring blankly at the monitor is excruciatingly difficult. Clock is ticking. Calm down, don’t let the personal stuff affect work.

After a good 5 minutes or so he gave up and asked if I could locate it. He should have done so in the first place. I made an educated guess and found the file I’m looking for. Looks like someone was lying, the machine is clearly not pre-configured for test card personalization.

After a few trips back-and-forth the meeting room (where my notebook was) and Personalization Centre, I found out the culprit was just a mistyped SAM PIN. Awesome.

Went back to the meeting room (where the training session was held) and troubleshooted a few participants’ code.

Finally got the chance to continue the search for the key after things have pretty much calmed down.

After searching the grasses, the pavement, the tar roads, under cars, in the boot, on the seat constantly rewinding my memory trying to recall the most possible place the key could have misplaced or dropped, hope was gradually lost. I was going to give up, the search area big and full of obstacles for such a small key.

I texted my family members saying I have lost my keys and might need to tow my car later.

“The Law of Attraction”, I recalled the words someone told me. It’s too early to give up. Kept my cool and restarted the search from my car, searching beneath nearby cars, under the scorching sun.

Underneath one black car a few lots away from my car, there was my key. And then I was like “ZOMG IT’S A MIRACLE I’M SAVEDZZZZ”

Started my car with that key just to double confirm.

End of story.

仕事の日々#3: VB.NET anonymous methods

What we lazy coders do in C# when dealing with a non-STA WinForm on another thread is usually:

Invoke((MethodInvoker) delegate
{
    txtSomeLabel.Text = "Foobar!";
});

Today I had to deal with a piece of code written in VB.NET, and here’s how it’s done:

Invoke(
   Sub()
      txtSomeLabel.Text = "Foobar!"
   End Sub
)

No casting is required as BASIC is not a strongly typed language.

It also works with anonymous methods with parameters, you just have to use Function in place of Sub.

仕事の日々#2: C# byte & Java byte

Although C# could be said a rip off from Java, I would understand why Microsoft made the choice to be different from Sun – because it’s downright confusing when doing low level processing if it’s done the Java way.

Aside from String/string, boolean/bool, endianness etc. beginner coders migrating from C# to Java or vice versa would most definitely make this mistake – C# byte and Java byte

In C#, a byte is an 8-bit unsigned integer (unsigned char for you C/C++ dinosaurs out there), while a byte in Java is an 8-bit signed integer (signed char).

What does that mean?

Well, it meant you’ll screw up your code if you ignore this difference.

C#

for(byte i = 10; --i >= 0; )
   Console.WriteLine("foo");

Java

for(byte i = 10; --i >= 0; )
   System.out.println("foo");

For a more hidden problem:

C#

short i = 0xFF;
byte j = (byte) 0xFF; // (byte) is optional
if(i == j) Console.WriteLine("Yay!");
else Console.WriteLine("Nay!");

Java

short i = 0xFF;
byte j = (byte) 0xFF; // (byte) is mandatory
if(i == j) System.out.println("Yay!");
else System.out.println("Nay!");

If you’re not aware of this problem, your program will most probably compile, probably pass all your tests but randomly fails after live deployment.

Captain Obvious says:
“The samples above behave differently for C# and Java.”

Oh, to make things worse, there’s no “unsigned” keyword in Java. Great. Static casting like a magus.

仕事の日々#1: OIC & ORACLE_HOME

Here’s the scenario: I’m writing a setup deployment (installer wizard) project that uses Oracle on a 64-bit system.

Naturally, the installed Oracle Client on the target system is 64-bit. Because Microsoft Installer Executive (MSIEXEC) by default runs in 32-bit mode, and building a dedicated 64-bit project is rather tedious, I’ve resorted to including the Oracle Instant Client into my setup project file.

During setup the wizard will invoke sqlplus to run various database installation scripts. When testing my freshly baked project on the test bed, sqlplus execution ended with code 1.

Well, the problem is: my scripts are configured to exit with code -1 if errors occur during execution. Out of sheer programmer instinct I inspected my setup logs and extracted the specific failed command line out to run it on the console.

The command worked fine.

For a few hours I’ve tried to find out the culprit – changing PATH, altering the script to use “connect”, changing executing user… It just wouldn’t work.

Then I tried redirecting the standard output and error streams (which are originally hidden) from the process into my log file as well.

Sqlplus said:

Error 6 initializing SQL*Plus
Message file sp1<lang>.msb not found
SP2-0750: You may need to set ORACLE_HOME to your Oracle software directory

The error message was very helpful, thank you.

I then checked my default environment variables using “echo %ORACLE_HOME%” – the values looked okay.

So what went wrong?

Apparently some bloody smart component written by a bloody smarty pants changed the ORACLE_HOME environment variable to the current execution directory, which is obviously not ORACLE_HOME.

I did not touch environment variables in my code – so that leaves Oracle Instant Client as the culprit.

Once I changed ORACLE_HOME to the values I find in registry right before launching sqlplus, everything worked like a charm. Bloody Oracle developers.

Yes, this affects imp.exe too.

２４歳まで

It is the time again, though this time around it is slightly earlier, before I get overwhelmed by other things.

This is the time I list down small milestones for the past biological-year.

I have to admit, it is quite difficult for me to recall…

 

November 2012: Distant Worlds Live in Malaysia

A very memorable orchestral concert, streams of memories filled with emotions gushing into your head. Distant Worlds is a definite must for Final Fantasy fans.

 

December 2012: Surviving the “Apocalypse”

Apparently we survived the so-called “apocalypse”. Yay.

 

2013

I couldn’t recall much about the events this year.

For this period of time, up until now, I am occupied by my career. Apart from sleeping and resting, most of my time is spent on work.

Most of my explorations this year are in fact circled around my field of work – virtualization, Java card, smart card OS reverse engineering, TWAIN, UX, MVC, ORM (Entity Framework), web services, web security, image processing, setup and deployment projects…

Though, I really hoped I could spend some time on other skills such as cooking, music instrument, language studies, electronics, interpersonal relationships…

I’m still struggling to squeeze them in, but my available time resources are frequently occupied by ad-hoc tasks until I somehow feel like a virtual resource pool that could be dynamically provisioned at any time.

To tell the truth, I would love to meet up with friends and listen to them talking about their lives, stroll around in malls, or watch the latest blockbuster in theatres, but what’s left of me is fatigue – social interaction became a stress to me (unless I’m only required to listen and don’t talk) and I rather coop inside my room to recharge myself, until the beginning of next business week arrives.

 

April 2013: Passing of Grandma

Witnessing the passing of grandma, whom has lived with us for the past 4 years, up to her final moments in life, had left an impression into my mind. The experience was as close as death itself.

It is not death (that scares me), it is the thought of death. It is probably not my death that I am afraid of, but the passing of people I care for, people that occupies the large part of my memories, people I depend on.

In the end our proof of existence is only the fragments of memories left in the living. If the memories are gone, so does the existence of the departed individual…

 

May 2013: Change

Putting Malaysian politics aside (don’t boo me please =w=), it is time for me to change my core principles.

I want to put emphasis on what I could do for people, and not what people should do, or could do. Death is a promise made to me from the moment I was born – my purpose of living is what I could do with the limited time given to me.

The world does not revolve around myself – I am a part of the world, I am a part of a whole, I am not the world, I am not everything.

I want to eliminate my inability to translate thoughts into actions; I want to wipe out shadows casted by my past that is preventing me from making a change.

 

May 2013: First Nendoroid

Seriously, it was a very huge surprise indeed :D

とある物語 III

Last week I met up with a product engineer for lunch. His company is producing Android phones, and somehow their latest product is suffering from the lack of public interest.

“People seem to prefer the sleeker iPhone over our product. How could we compete with the likes of iPhone with this product design? It’ll never get bought in stores,” he ranted.

Well, I’m not a fan of Apple products (my apologies Apple fanboys/fangirls), they may have good looks, but they just lack the features I’m looking for. To me, Apple over engineered the looks, in expense of features.

He then showed me a sample of their latest product. In all my honesty, indeed, the product designers could have done a better job. His concerns about the marketability of this product is real.

The phone’s firmware though, felt remarkably snappy; hardware is reasonably well equipped – NFC, dual-core SoC, 802.11n, SiRF III, 2GB RAM etc. He agreed, if not for the physical design, the product would sell very well in the market.

“Why not improve the product design?” I suggested.

The enclosure injection molds were already bought, changing the molds would be extremely costly to be practical. While the engineering team is currently trying to trim down the thickness of the phone, although it is definitely helpful, in my opinion is perhaps not enough to capture the hearts of consumers.

“We did a lot. We’ve fixed the occasional lock-ups in the kernel, zip-aligned the executables to conserve memory, and improved the UI architecture. But no, the response is still disappointing. Is this product not good enough? In the end consumers are all after the looks,” he replied.

In other words, they fixed the bugs and glitches.

“I’m pretty sure the situation will be worse if the lock-ups were not fixed. Have you tried adding magnesium finishing and companion accessories to make the phone look good? Man, even old cars could look good with the right body-kit and paint job.”

“It’s no use. Once they remove the accessories, they’ll be turned-off by the design. Even you are all about the looks, this phone will never sell,” he argued, as if the world, including me, had turned against him.

What he have yet to understand is the fact that in the market full of competitors, what does the product has to offer to stand out from the rest? I agree, the product indeed have competitive features – but to find a consumer that only looks for features is pretty rare; if the company plans to only sell their products to niche markets, that’s fine – but if they wanted to sell to the mass market, they have to change their strategy.

Little did he think about users bringing out their product and comparing with other products – will they be confident enough to state their phone is better than others? Is it worth an investment to buy a product from a company with no intention of putting all possible effort in improving the physical design of the product?

As a user, if he is given a chance to choose between a bunch of sleek phones, and his product as it is, will he choose his product? Reality is people almost definitely go for the looks first, with accessories or not, then understand the features; even if the phone doesn’t look anything special at all without the accessories, it has the potential to look good, as well as the features to keep the attention – it’s a keeper.

Perhaps not all consumers think this way, especially Apple fanboys (whoops!). But there are Android fans out there, this product has potential.