Into the Void

Create your very own Semacode tag.

What is Semafox? Semafox is an easy way to create a smart 2D barcode (aka a semacode) using your web browser. There’s nothing to install or uninstall. Bonus… the QRCode reader from KAYWA can decode it.

As always, my search for this item resulted in something totally unexpected, in this case a Ruby on Rails book called BLiXy’s PREDOMINATELY IMPROMPTU big book of cryable, injectible ruby. Oddly enough, it is a Ruby tutorial in comic book format. This is a sample entitled When You Wish Upon a Beard.

http://www.laptop.org/

It’s here, the ideal gift for early adopters.

We’ve been hearing about the $100 Laptop for months now. It seemed like a pipe dream. A laptop for children in third world countries? It would have to be an engineering marvel. The kids often live in houses with dirt floors. They often don’t have electricity. Internet infrastructure - or even telephone service - is non-existent in rural towns. They’ve probably never seen a computer before. They’ll have to learn the OS and the software without the a priori assumptions of a Westerner. Getting computer teachers trained has to be a logistical nightmare! How can this possibly work?

The answer is one that wouldn’t occur to most of us… Cooperation on a global scale!

It’s the One Laptop Per Child (OLPC) program. This program attempted to design, build and distribute laptops for under $100 to children in third world countries.

In December OLPC had a promotion where if you donated a laptop you could buy a second laptop. PLUS you get a year of free Sprint wifi access at places like Barnes & Noble, St*rbucks, etc. that you can also use with any other wifi devices you may own - laptops and PDAs. The Sprint access alone is worth the price of the laptop.

The XO has totally new hardware with VERY low power consumption. The XO has a very cool GUI called “Sugar” that’s usuable even by kids who can’t read yet, much less read English. Sugar is based on a trimmed down Linux OS with programs written just for it. Programs like a music synthesizer, Turtle Graphics, word processing, a web browser and that’s just the START of it!

Since The XO is intended for third world countries, it has wifi - no ethernet infrastructure is necessary. They’ll automatically connect at power up to other XOs that they find. This enables the kids to work on collaborative projects. Not just chatrooms, but writing music together in the music workspace! Collaboration is the key to the future.

The XO has two antennas and uses them to triangulate and display a 2D map of surrounding XOs and wireless access points. It took a while and I had to change some of my router settings, but I was able to connect to the Internet with my XO.

There is an available hand crank to charge the XO if you don’t have electricity in your village. I think they said there’s a solar battery charger available too. They also have wireless teacher access points that enable the kids to get on the Internet and see what’s going on in the rest of the world. This is a really ambitious project. I did what I could.

I’ll post an update if the Give One - Get One program runs again. Your donation is partly tax deductible. And you’re doing something good for less fortunate kids. It’s a win-win game.

I signed up with a site called Outside.in a few months ago and they turned me down because I don’t have enough geotag info in my blog, i.e. I write about ideas rather than local coverage. I guess they figured out that nobody interesting is going to geotag every post.

Now Outside.in has changed things so that they can read a feed and include only items with geographical information in them.

Testing Hatboro, PA.

Two new worms use St. Valentine’s Day as bait

PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, has detected two new worms, Nuwar.OL and Valentin.E, which use the topic of St. Valentine’s Day to spread. I suppose you could call them love bugs.

Both Nuwar.OL and Valentin.E arrive by email with Valentine-themed subject lines. They may even appear to have been sent by someone you know.

The first one of these worms, Nuwar.OL, uses an email with subjects like “I Love You Soo Much,” “Inside My Heart” or “You’re In My Dreams” to trick the recipient into opening the website that downloads it. The webpage is very simple - a romantic greeting card with a large pink Valentine’s Day heart. Surprise!

Once it has infected a computer, Nuwar.OL spreads itself by sending out a large number of emails to people in the user’s email address book. This activity can slow down both the infected computer and the local network.

Valentin.E also spreads by email. Watch out for messages with subjects like “Searching for true Love” or “True Love” and an attached file called “friends4u.scr.” If you run the file, Valentin.E shows a new desktop background to distract you while it makes several copies of itself on the computer and emails copies of itself to all your friends.

“Both cases are clear examples of social engineering techniques used to spread malware. They use attractive subjects - Valentine’s Day greeting cards, romantic desktop themes, etc. - to entice users to run [email] attachments or click links that ultimately download malware onto their computers,” explains Luis Corrons, Technical Director of PandaLabs.

It would, of course, would have been far easier to reformat my hard drive.

The problem seems to be a bagel variant and has something to do with files named
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
and possibly an infected NETWAITING.EXE file.

I have tried multiple rootkit detection and removal programs with varying degrees of success.

McAfee Security Center says that no parts of my McAfee software are enabled. It says that parts of the software are missing and I have to reinstall.

McAfee Rootkit Detective 1.1 flagged hidr.sys and said it would remove it, but it didn’t.

F-Secure Online Virus Scanner is unable to download all its files - I suspect the bug is blocking them. Their Blacklight program has been integrated into the new scanner. Oh well.

AVG Free won’t install - it can’t find one of its installation files - I assume the malware is deleting it. AVG is my number one favorite free antivirus program.

Panda Anti-rootkit, available from Download.com, found the files and renamed one of them, but the problem came back next boot. Panda offers a number of free tools too, including an online scanner called ActiveScan and a beta online scanner named nano-scan. The big thing they offer is repair utilities for specific infections.

EliBagle v10.75 located the files and a registry entry. I rebooted in safe mode. I deleted the files. I deleted the registry entry. And just to be certain, I deleted the preload file for hidr.exe.

At this point IE is no longer going out to strange web sites. I can only hope that it was unable to download something even worse while McAfee was down.

My McAfee subscription is still active, but I haven’t decided whether to reinstall or to switch to something cheaper and just as useless.

Technorati: bagel+variant rootkit Panda+Anti-rootkit Panda+ActiveScan Rootkit+Detective F-Secure trojan

I found a related topic on the What the Tech forums.
http://forums.whatthetech.com/Someonething…ml&hl=srosa

It may be the same as my problem. The tool mentioned in the article, Blacklight, is no longer available, but the company has a dozen or so FREE special-purpose disinfecting tools. Time to make the donuts… errrr…. bagels.[/i]

Update 12/3/2007:
Got it! With a a couple of utilities and a brief foray into the frightening forest of “safe mode.” Why do they call it safe mode when you can do so much damage from there?

Please, folks, I’m just messing around here. DON’T DO WHAT I DID TO FIX YOUR PROBLEM!!! I’m an old lady who does regular backups and I often screw things up bad enough that I have to reformat. One thing about having two hard drives is that your data is (usually) safe from your tender ministrations.

So.

This thing seems to have been a Bagel variant. The gist of it is that it runs as a driver. An “intercept directory listings and delete anti-virus files” sort of a driver. Regular spyware cleaners don’t even look at drivers. So [i]that’s[/i] what a rookit is! Now things are starting to make sense. HJT didn’t list this bug.

Bagel hid its files well. Once I ran something to detect rootkits I had something to work with - filenames and registry entries. I couldn’t find anything to clean it automatically, but as I said, I’m not afraid to reformat. In a DOS command shell “dir sr*” listed the file srosa.sys. No other way of listing the directory could see it. Not “dir,” not “dir s*.” I couldn’t list hidr.wtfever it was called, but when I tried to delete it the error message indicated that the file was indeed there but couldn’t be deleted. Safe mode it is. I deleted the files, modified the registry, and sacrificed a small animal to the ‘Net God in hopes that my laptop would reboot after what I did. Hey, stuff happens.

So after all that garbage, my laptop is no longer going out to sites in Eastern Bloc countries looking for… trouble. My hope is that I didn’t delete some driver that, say, enables me to play movies or burn mp3 CDs for the car. That remains to be seen.

However, there is an entry left in the registry called LEGACY_SROSA. Since it doesn’t expressly list the path of “srosa” I’m not sure whether to delete it.

Found this f*cker at the bottom of index.php. The file was in the top level and IE kindly downloaded it for me. It’s late, it’s my own site, and I wasn’t paying attention. I ran it. I don’t know what’s going to happen. I’m running a McAfee scan - it didn’t flag the executable - and I suppose I should grab AdAware or Spybot S&D or both.

Now if you’ll excuse me, I’m going to go boil my laptop.

Update 11/19:
IE went out to a bunch of sites this morning looking for a page called hltraff.php. Not good. It also killed McAfee and won’t let me do a system restore. I found the installation and as I looked at the file it disappeared from the directory. I guess I’m going to have to reformat and start over.

Update 11/25:
I am so pwned.

First access of this file - the first person who was infected by my site - gives me an idea when it was uploaded to my server.

That’s someone who my webpage may have infected. After that the accesses come several times a page.

This is the ftp access where the hacker uploaded the infection and the hacked index.php:

66.246.252.53 resolves to sr178.2dayhost.com - that’s the hacker.
69.141.48.56 resolves to c-69-141-48-56.hsd1.pa.comcast.net - that’s me.

About a year ago there was a video circulating on the net about a computer game. You all know I’m too boring for computer games, but this one had a tie-in with physical, cultural and technological evolution. You can’t beat that.

[The name, Leslie, tell them the name!] The game is called Spore. Better pre-order that puppy. It’s going to sell out fast.

You know you want it. If you think you don’t want it, go grab another can of Monster, sit your hyper little butt down and watch the 36-minute video below. In the video, developer Will Wright demonstrates an alpha version of Spore at the 2005 Game Developer’s Conference. You’ve never seen anything like this before!

So why is so cool about Spore? Well, you get to design one-celled organisms. The fun is in configuring your creations and watching them feed and grow and evolve. Give them a new limb, watch them figure out how to use it, that is, watch the software figure out how to use it! Put them together, watch them build a community, watch them build a nation. Give them technology and they’ll incorporate it into their culture.

Plus the game is published by Electronic Arts, the folks who brought us The Sims. These guys have been creating games since Commodore 64 days. I can’t remember being this psyched over a silly computer game. I pre-ordered it and am waiting waiting waiting impatiently for the release date.

Technorati: evolution Geekess Spore The+Sims Will+Wright

Mr. X was asking about his favorite DOS-based Doubles Pinochle program again. I was unable to get it running under either Win2000 Pro or WinXP Pro SP2 - it looked as if it were grabbing the fonts with the wrong character size. I had given up on it, but Mr. X is really into pinochle.

So here it is, 3AM, and DPIN is running under Windows 98 in a VMWare virtual machine. If I didn’t have bouts of insomnia I’d never get anything important done!

Incidentally, Kubrick looks hideous in a 640×480x16 window. But it was usable enough to enable me to write the first draft of this post. Good deal.

VMWare virtual machine pinochle kubrick Windows 98

Flush with my recent success running Tiki Wiki under Windows XP SP2, I thought it might be fun to try Subdreamer, too. Subdreamer is a Content Management System and is different from a Wiki mainly in the way it organizes and presents data. Subdreamer has the advantage of allowing me to integrate my phpBB forum into it so that my current users have the same user id and password on the new CMS.
In case anyone else wants to smear Linux web apps all over their harddrive, it’s not very hard to do. In this article I’ll walk you through the four main tasks required to evaluate the Subdreamer CMS on a Windows XP box.
You will be using an application called PhpTriad. PhpTriad contains Windows versions of the ubiquitous Apache server with PHP support, MySQL database software, and phpMyadmin. You’ll have no trouble at all getting PhpTriad running.
Next you’ll get the free version of Subdreamer and unzip it onto your hard drive. If you want more functionality when you take your CMS on-line you can buy the full version later.
Then you’ll run the MySQL software and use phpmyadmin to set up the MySql database where the Subdreamer CMS will store the contents of your web site.
Finally, you’ll open the Subdreamer installation file in your browser, work a little magic, and there you’ll be. It’s a little tricky, but I’ve made the mistakes several times so I’ll try to point out the gotchas before you make them.

Ok, let’s do it.

Download and install PhpTriad.

1. Download and save phptriad r2.2 from the project pages at http://www.sourceforge.net/phptriad/ on SourceForge.
2. Run phptriad2-2-1.exe.
3. When the install is done, run PHPTriad -> Apache Console -> Start Apache from the start menu like any other Windows app. A command window named “Start
   Apache” opens. Minimize the Apache window, but don’t exit the program. Apache is now listening on port 80 for browser requests.
4. Open your browser to http://localhost/ and you’ll see the PhpTriad welcome screen. Great!

Download Subdreamer Light.

1. Register on the Subdreamer site at http://www.subdreamer.com/, then log in. Go to http://www.subdreamer.com/light/, download the Subdreamer Light .zip file
2. Extract it into C:\apache\htdocs\. This will create directory C:\apache\htdocs\Subdreamer_Light_2202. Go into this directory, find the directory named upload and move it up to C:\apache\htdocs.
3. In directory C:\apache\htdocs\subdreamer\includes\, make a copy of the file config.php.new. Rename this file config.php.
4. Important! Check the properties of folder subdreamer and uncheck Read-only if it’s checked.

Configure a database for Subdreamer.

1. From the start menu run PHPTriad -> MySQL -> MYSQL-D-NT.
2. When you point your browser to http://localhost/phpmyadmin you’ll see the phpMyAdmin welcome page. It’s pretty much self-explanatory.
3. Point your browser to http://localhost/phpmyadmin and create a new database named sdcms.
4. Point your browser to http://localhost/phpmyadmin and Reload MySQL. It is very important to reload the SQL by revisiting http://localhost/phpmyadmin after every command, so check that out if things don’t work.
5. Point your browser to http://localhost/phpmyadmin and go to Users.
6. Select database scms in the pulldown menu Check Database Privileges. Now add a new user sdadmin and with password sdpasswd. Give the user all privileges. Don’t forget to write down that password!

Install Subdreamer Light.

1. Run the Subdreamer installer by pointing your browser to http://localhost/subdreamer/install/install.php. Fill in the requested data:
      Database server hostname: localhost
   Database name: sdcms
   Database username: sduser
   Database password: sdpw
   Table Prefix: sd_
   Username: admin
   Password: changeme
   Confirm Password: changeme
   Email: you@your.com
   When you click “Install Subdreamer” it should take you to the “Installation Successfull!” page. Hooray!
2. Now delete the install directory and you’re ready to create your web site.
3. Go to the subdreamer admin panel at http://localhost/subdreamer/admin/ and log in as user admin with password changeme. You will be prompted (via a pink error message) to enter the full URL for your Subdreamer installation. It is http://localhost/subdreamer/

And that’s it! Experiment with settings, post entries, create and delete users. Subdreamer is suitable for a small to medium website, and that is why it is so easy to use. If you like Subdreamer, by all means buy the full version.
Just remember to periodically export the sdcms database via http://localhost/phpmyadmin. Not only does it protect your data from late-night errors, and there will be errors, but when you decide to go live with Subdreamer you can reuse your local data on-line. Your web host will likely also use phpMyAdmin and you can follow the same steps to create the database, and then import the file.