http://2917564725 if that is better for your memory.

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

- Careful Chrome users, this search box might be "Not secure"

21 June 2019, 20:31 UTCrdesktop not working for you using certs?

Give xfreerdp a shot:

xfreerdp /u:"someuser" /v:server:3389


21 June 2019, 19:22 UTCsystemctl output

Strange days indeed:

systemctl status -l | iconv -f UTF-8 -t ASCII//TRANSLIT | sed 's/|//g' | sed 's/+-//g' | awk '{$1=$1;print}'

To do a quick comparison of what systemd thinks is the list of PPID's for Apache that are running, versus
the list ps gives.
Would have thought it would have been a quick thing, but argh.

In case that goes away:

please remove unicode from systemd outputs ... it's insane .. and fire please that teenager who did it.
please, consult that with some older and more experienced colleague (or any other responsible adult you
have avail around there) if you're in doubts .. I'm tired to explain, that logs should be ascii plaintext
and that they are very often parsed in industry by stupid old tools that choke on your sexy (and cunning) unicode ..



18 June 2019, 19:26 UTCBravo Microsoft - KB4503267
UPDATE - KB4503294
Apparently this one fixes the logging issue!
But of course, it comes with some possible side effects...

When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error,
"MMC has detected an error in a snap-in and will unload it." and the app may stop responding
or close. You may also receive the same error when using Filter Current Log in the Action menu
with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

"you may receive the error",
"the app may stop responding or close."

... weasel words. If it happens 100% of the time, it is not
a may or might...
Ok, walk it back a bit. It was some of them. Still don't feel good about some items using the same software base
breaking in different ways from the same patch. - still reserving disgust.
Love the - use powershell after a bit of programming workaround bit as well (every time you wan't to view the logs!) - ugh...
Can't wait until Systemd logging makes this move :-)


To work around this issue, copy and paste the following function into a PowerShell window and run it.
You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views.
You will need to re-enter the function each time you open a new PowerShell window.
Note The get-EventViewer function will only allow you to view previously defined Custom Views.
To create new Custom Views, see Creating Get-WinEvent queries with FilterHashtable.

function get-EventViewer {
                Write-Output "List of custom views on the machine"
                Write-Output ""
                Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
                Write-Output ""
                $view_name = Read-Host "Enter the name of custom view to execute"
                # Get the file name of the view
                $ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
                Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))


18 June 2019, 1:52 UTCSACKED - CVE-2019-11477 & CVE-2019-11478 & CVE-2019-11479

/proc/sys/net/ipv4/tcp_sack - TCP Selective Acknowledgements. They can    
reduce retransmissions, however make servers more prone to DDoS Attacks   
and increase CPU utilization.

Uh, so what did Netflix to, read the kernel documentation?
Good advice from Suse:
Give this a shot if you find you need relief (with a trade-off):
echo 0 > /proc/sys/net/ipv4/tcp_sack


29 May 2019, 4:01 UTCDrop Android phones from your network?:

Want to have a quick way to drop Android phones from your network?

iptables -I FORWARD -d  -j DROP
iptables -I FORWARD -d -j DROP

Not sure which network does it, but if you add this to your firewall,
the Android phones will show "Connected, no internet".
They will "connect" to the network, but not have internet access (apart from the cell
network) as a fall-back route.
They (Google) must be using some connectivity to some host or hosts in those networks?
Silly, but I suppose they had some reason to do that.
It does make it hard to trust the basics of networking when that is true, as
I would sometimes use my phone to troubleshoot networking issues.
Makes it easy for the pinks I suppose.
p.s. This works today (2019/5/28) on all current 'Droid software that I am aware of.
It might not work after they patch it. Also, assume burgerland isp's in use.


24 May 2019, 17:20 UTCPython 2.7 still? Unicode and conversions...

Stop using str()
If you are and get:

UnicodeDecodeError: 'ascii' codec can't decode byte 0xff in position 6:
ordinal not in range(128)

More here
Short version for the impatient (and in case that link goes away:
- Set your encoding to closer to ascii if possible like:
closertoascii = yourunicodestring.encode('utf-8')
- But it is best to use Unicode across the board as some bits have no replacement..


21 May 2019, 20:53 UTCShoot the messenger:

Re-blogging a tweet from here:
So true:

The evaluations based on such reasoning as ‘root cause’ do not
reflect a technical understanding of the nature of failure but
rather the social, cultural need to blame specific, localized
forces or events for outcomes.

Here is a perfect example...


20 May 2019, 18:04 UTCNice 'n blinkey...

Blink tag makes a slight comeback:
See it in action here:

<script type="text/javascript">
            $(this).css('opacity' , $(this).css('opacity') === '0' ? '1' : '0')
    }, 500);



20 May 2019, 18:02 UTCSupport portal broken, loop, use Support portal...

What the heck?

Incident resolved
The issue with the Support Portal has now been resolved, and tickets
may be created and viewed normally. If you continue to experience
any issues, please open a ticket with our support team via


14 May 2019, 21:21 UTCThe next worm for older Microsoft OS's?

Might want to patch your older systems (2008 and down):
- Even 2003 and XP if you still run them:
As usual - short description here for when that page goes away:

Short bit from the page above on 5/14/2019:

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – 
formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable.
This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future
malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way
as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability,
it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.


9 May 2019, 3:56 UTCMySQL vs MariaDB
9 May 2019, 3:42 UTCBreak down barriers
30 April 2019, 3:58 UTCBlah... is now open source...
29 April 2019, 19:30 UTCvi / vim stuff:
27 April 2019, 5:43 UTCFun Google search:
26 April 2019, 4:05 UTCLight reading:
23 April 2019, 20:09 UTCGopher links:
23 April 2019, 14:50 UTCMagento bits
3 April 2019, 20:31 UTCnetplan with a plan (dhcp and alt dns servers):
13 March 2019, 13:21 UTCMore systemd in the way. - deluser.
17 January 2019, 21:46 UTCInstalling .Net 3.5 on Windows 10 and failing?
31 December 2018, 23:04 UTCcompgen -c (you complete me)
16 December 2018, 6:03 UTCRIP Timothy C. May - December 2018
11 December 2018, 12:43 UTCFirewalld - what is it?
5 December 2018, 15:05 UTCPolicyKit - uid's > max_int allows unprivileged user to run systemctl commands.
30 November 2018, 3:35 UTCOld Sonicwall - nogo ssh?
27 November 2018, 20:33 UTCBracketed paste mode \e[200~ (and) \e[201~ (or) 30 7E ... 31 7E (or) ~0 ... 1~
28 September 2018, 19:31 UTCAnybody seeing a pattern here? - SYN flood spoofing
14 September 2018, 16:48 UTCUbuntu 18.04.1 - Libvirt/KVM/Qemu setup with Wok/Kimchi
23 August 2018, 21:04 UTCOk, now disable SMT / Hyper-threading? This is getting old.

All older entries

[atom feed]