Nobody likes to break the build. When I do it, it is often because I forgot to add a file to the repository. The build server will not get it and the build will break.
Le site de support à la clientèle de Vidétron offre la possibilité de changer le mot de passe STMP ou POP associé à votre compte. Ce mot de passe n’est pas le même que celui utilisé pour ouvrir une session dans l’espace client. Votre code d’utilisateur débute par VL (en minuscule, pour Videotron lté) vlxxxxxx et vous avez un mot de passe associé pour la réception de courriel SMTP.
Windows XP mode is like a virtual image that allows you to run Windows XP (applications) on Windows 7. It comes with an activation key, in the file key.txt in XP Mode installation folder (C:\Program Files\Windows XP Mode\KEY.txt). It will activate your Windows XP virtual image in Virtual PC or in VMWare player, but it will not work with Virtual Box.
I found a way to edit the registry while under a remote Windbg session. !dreg allows you to read the registry, but I had added a corrupt authentication package to the Lsa list in the registry that I had to remove. I found out the hard way that LSASS will load all authentication packages listed, even if you boot in safe mode.
Here is a quick and easy way to debug a Credential Provider running on your development machine, without needing to set up a kernel debugging session with two computers. Before you go down this road, let me tell you a little bit about LogonUI.exe behavior (as seen on Windows 7 ultimate SP1 64 bits) set to require CTRL-ALT-DEL to log on.
I have been working a little bit lately on a Credential Provider port of my custom GINA. I did some tests, I poked around the API and I whipped together something I could load and play with. The route I first thought of taking is still the right one, but I ran into some unexpected problems.
I get asked a lot of questions about my custom Gina. Most of them come from people who want to write a custom Gina themselves to do … whatever.
I use Subversion command line client. But I also have Tortoise SVN installed, because some operations like log and check-in benefit from the GUI.
Je lis toujours les contrats de licence. Celui de Simple Comptable 2010 est particulier : il nous interdit de désosser le logiciel !
I just release a small update to Notifu. You can now display a pop-up without playing the system event sound (-q). Notifu also supports the Windows 7 quiet time. By default, pop-up will not be displayed in the first hour or so after the very first logon. I you must display a pop, you can ignore the quiet time with the –w flag.
Again with much help from user Abdul Khaliq, I can now offert you a 64 bits version of my replacement GINA, called aucun64.dll.
There is an important update to aucun that fixes a bug in the dialog procedure hooking code. If you have Aucun version 1.4.2 or earlier, you will experiment the following bug :
J’étais au centre ville aujourd’hui et j’avais affaire pas très loin. Au lieu d’utiliser le métro, j’ai loué un Bixi, vélo en libre service. J’ai été surpris de constater que les codes Bixi ne comporte que 3 chiffres, sur 5 caractères, soit 3^5=243 codes possibles.
I updated my Notifu utility to use the new IUserNotification2 interface introduced in Vista. It allows to detect a left or right click on the icon in the system notification area. If you run Windows XP, behaviour is unchanged.
From time to time, I come across an application whose designers need - or think they need - a CAPTCHA. I stay convinced that CAPTCHA are to be avoided. This post just goes to show the effect of segmentation on optical character recognition (OCR).
If you read about artificial intelligence and character recognition, you will hear that there are references to segmentation. In short, segmentation is separating the letters from each other, before trying to guess what letters are there.
Segmentation is the “hard” part in solving a text based CAPTCHA, background noise and colors are the easy part. As a rule of thumb, if the letters of your CAPTCHA do not touch each other, your CAPTCHA is weak.
Je suis tombé sur cette implémentation d’un CAPTCHA.
Le Parti Québecois à répondu au président Sarkozy. Je retiens surtout ce passage :
Like many of you, I had a drive that showed up in the “Safely remove hardware” tray icon, and was unable to remove it.
I have a been a TrueCrypt user since version 4.0. I used to have an half-baked solution of TrueCrypt, EFS with SYSKEY option 2 (password). When full disk encryption was introduced, I finally got a laptop encryption scheme that I like. It features :
I just put online version 1.4 of my replacement Gina ! Thanks to everyone who gave me a break while I was spending more time house shopping, buying and renovating. This release is very good, thanks to everybody who wrote me about problems they were facing… Here is what’s new :
I left a terrible bug in version 1.3 of my replacement Gina. I didn’t want to miss any test case this time, so I wrote a batch file that tests every one of them. That batch file adds a user to a group and a group to the registry. There are two possible groups in the registry, and the user can be a member of either two groups, making 2^(2+2) possibilities, 16 use cases.
I noticed a new link in my GMail account (I am using gmail for your domain), showing the sessions used to connect to an account and the last time since it had activity on that session.
I wanted to test the relative strength of a password policy. I wanted to run a password cracking tool over different passwords, from a dictionary based password (like Banana42) to a random one (generated with Password Safe). Creating users setting passwords and running different password extraction tools was a lot of trouble.
This Notifu update allows you to concatenate multiple /m and /p switches. It is usefull when a paramater to Notifu is feed by a program you have no control over.
I fixed a bug in notifu that made it ignore quotes that were escaped with a backslash. For example, this command line works now :
IBM WebSphere stores its passwords in files. Everybody does that and it is hard to do otherwise. When I am confronted with the problem, I usually say that the only option you have is what file you want a password in. IBM (in WebSphere) went a little further by applying a hardcoded XOR. Each caracter is XORed with the caracter ‘_’, and the resulting string is encoded in base64. This is not cryptography, it is just enough encoding so that a casual glance at the file will not reveal the password.
When ever I teach cryptography to beginners, they are confused with what you can do with the private and public key, in an asymmetric cryptographic scheme. I start by saying the your private key never leaves you, no matter what. No exception to the rules.
Here is just a little update to my Notifu utility. It is a drop-in replacement (no new command-line switches) that features
I was a little overwhelmed by the reaction to my custom GINA. The good thing about it is that it motivated me to put a better version out that addresses all the comments I had so far, namely :
Here is a trick I found that solved an old problem: How can coin flipping ever be fair if only one person chooses head or tail ?
I was reading the FAQ on how to be a hacker, from Eric Raymond. I recognized in me many of the hacker traits - maybe even some of the skills. But I use a handle, ixe013.
UPDATED Feb. 2nd 2008 : There is an enhanced version out, with better code, features and documentation.
Microsoft wants you to run with lower privileges. They went out of their way in Windows Vista. You are a member of the Administrative group in Vista, but you the group is for deny only in your token. When you elevate, you get a new token without that deny group. Just like an administrator removing its newbie mask.
I was struggling with an strange error message, trying to retrieve a username from a desktop handle (HDESK). The Windows function LookupAccountName would always return error code 0x534 (that’s 1332 in decimal). Looking it up with GetLastError gave this :
Il y a présentement un mouvement d’opposition à l’introduction d’une loi semblable au DMCA américain. Le mouvement “Online Rights Canada” (ORC) a un outil qui permet d’envoyer une lettre à votre député ainsi qu’aux Ministres Prentice et Vermeer.
This page contains links to useful, free content to prepare to your GSSP certification. I gathered these links as I was preparing for the exam myself.
Last week I went to a conference given by Mathieu Hébert. He was showing off, and somewhat teaching, his ability to do mathematical operations on his fingers (article in French), using each one as a binary digit. Ten fingers makes for 1024 combinaisons, allowing to represent number as big as 1023 since it starts with 0.
I used to my code in Google’s subversion. It was good, but I needed more. The built-in wiki was to restrictive, and I wanted to track usage and downloads.
I was playing around with SSPI, the Security Support Provider Interface. I stumbled across a behavior that I cannot explain : you cannot call LoadLibrary when you are impersonating.
I use Apache Forrest to generate what will someday be the homepage of paralint.com. I use “forrest run” most of the time, and “forrest site”, “forrest clean” every now and then.
I followed advice from my father and learned how to type back in high school. Using a typewriter, in case you wonder. The first time I had to type something, I forced myself to “do it right”, even though hunt and peck was faster. I now type quite fast, and I can type while looking at somebody. Might not qualify as listening, though…
I use Apache’s Forrest tool, which uses internally the Jetty engine. I wanted to make Jetty listen to 127.0.0.1 instead of 0.0.0.0, so my computer wouldn’t show up in a enterprise port scan.
À la lumière des résultats de l’élection mais aussi de la campagne électorale en général, je suis encore en réflexion sur l’avenir du Québec et le fondement de mes convictions souverainistes. Le projet de souveraineté du MSA de 68 ou du PQ de 76 n’est plus applicable tel quel aujourd’hui, 30 ou 40 ans plus tard. Le Québec a trop changé. On parle maintenant aux enfants de la loi 101 et au Québec inc.
Don’t you just love man-in-the-middle (MITM) HTTPS proxies ? I use Burp proxy a lot, it does man-in-the-middle and gzip.
J’ai lu la présentation sur les services web de Benoit Piette. Très bien, mais j’ai des réserves sur tout ce qui est UDDI. Non pas que la technologie est mal expliquée, c’est juste que je résume habituellement UDDI par “technology waiting for a problem”. Voici mon raisonnement.
I was looking for free subversion hosting. I had just set up an empty projet at opensvn.csie.org when I heard the news : Google is now hosting open source projects. So I added a few hobby projects I have going.
I was looking for a table that showed how client authentication, server authentication and impersonate flag work together. I found many good examples and tutorials explaining how to make any combinaison work, but not a quick reference table.
I’ve been playing with web services for a while now. First code to hit production was in 2001. SOAP has come a long way since then… I am now focusing on computer security, actually making a living out of it.
So this is a first post about securing a Web Services in J2EE with WSS. Not just by using HTTPS, but using a full fledged WS-Security setup. Things I have ready to run :
subscribe via RSS