Password recovery from open applications

Well I had a minor hiccup today when I decided it was ‘password change day’. I duly went around changing the password on all my systems. Then I got back to work. 10 minutes later I turned to my other system and typed in the password.
… It didn’t work …
I smacked my head and said to myself “D’oh”, I need to use the new password. But I couldn’t remember all of it. All I had was a few characters I could remember and the fact that my mail program was checking the mail every few minutes and still working.

First I got the pid of thunderbird…

~% ps -fe | grep thunder
1000     17509     1  0 13:19 ?        00:00:00 /bin/sh /usr/bin/thunderbird
1000     17521 17509  0 13:19 ?        00:00:00 /bin/sh /usr/lib/thunderbird/ /usr/lib/thunderbird/thunderbird-bin
1000     17526 17521  0 13:19 ?        00:00:24 /usr/lib/thunderbird/thunderbird-bin
1000     19101 19006  0 14:09 pts/10   00:00:00 grep thunder

Then I got the address of the heap from the process’ maps

~% grep 'heap' /proc/17526/maps
08d02000-0a9ad000 rw-p 08d02000 00:00 0          [heap]

I compiled up memory_dumper, and ran it against the process and heap addresses listed.

% ./memory_dumper 08d02000 0a46a000 17526 heap

Then I ran strings on the resulting file, looking for the pattern that matched my remembered password

% strings heap | grep t%7

4 copies of the password in memory in the program. That is just in-freaking-sane. It should be present in the program only once, and should probably be concealed using some form of obfuscation. Mind you, it has kept the new password in my mind now, so I should be grateful.

And just in case you feel like trying the password listed, don’t. It’s not the real password 😉

shorten irish links with

I like supporting Irish websites, so I tend to use for links. the algorithm for generating the link seems to be sequential, so I was happy yesterday when my link for the perfect coffee went to, or as Dale Cooper would (hopefully) say – perfect damn coffee.

You now have 5 update tasks running…

Aargh! google chrome comes with it’s own ‘updater’ which runs in the background checking for updates to the browser (along with the updater for google gears, I presume).
Add in the Java updater (oh, lets check once a month for updates but run 24-7)
The apple software updater
Liveupdate (probably 3)
Each of them is probably doing the same thing.

  • Wait until some time on the clock
  • Check for a network connection
  • Check if there’s new code to download
  • Display an obnoxious dialog saying ‘Update available‘ with an Ok or possibly Maybe next time pair of buttons
  • Download the update
  • Install the update
  • Require a reboot because it’s changing a file that’s in use
  • repeat until you head explodes

Ok. Time fricking out here people! There has got to be a better way. If only there was a single update mechanism that all these tools could use… Unfortunately, it’s the built in update mechanism from Microsoft/Apple and it’s closed to outside developers
As it is, most applications on the Mac perform an automated check for updates when they’re launched. It’s relatively painless, and works most of the time. Mind you the notification dialogs leave a lot to be desired (version n+1 is available, download here!) as opposed to a list of version n+1 changes – especially security updates.
Hopefully, they’re secure and have built in mechanisms to make sure that they’re not taking in a corrupted/malicious application.

swapping, binaries and the pagefile attack

It was something brought up by Joanna Rutkowska that her original pagefile attack on Vista was now stalled because Microsoft removed the ability of administrative users to perform write operations on the physical disk. So what happens to all those developers of undelete utilities (use a second disk?).
Firstly, lets look at the attack in more detail. What happens is that the kernel is forced to swap out pages of memory from drivers that are loaded in the kernel. These pages are swapped out to disk. I for one find this to be an incredibly stupid place to swap out the pages, as after all, until the kernel is completely done with a driver the original copy remains on disk.
Ok, maybe it had something to do with the new paging mentality of vista (you can page onto a usb memory device if it’s fast enough).
Damn, I’m talking myself out of my own argument.
No, paging of code from binaries should revert to the on-disk copy unless they have made COW modifications to their segments (does windows do this?)


Forgive the poor speling and the poor grammar. Last night was young dermot’s stag party. We spent the afternoon shooting things in Wicklow. I think the reverend should have been there, he would have probably beaten us all (embarassing, sonsidering that we are a bunch of computer gaming first person fools.

Desiderata, by Max Ehrmann (1927 probably)

Go placidly amid the noise and the haste,
and remember what peace there may be in silence.

As far as possible, without surrender,
be on good terms with all persons.
Speak your truth quietly and clearly;
and listen to others,
even to the dull and the ignorant;
they too have their story.
Avoid loud and aggressive persons;
they are vexatious to the spirit.

If you compare yourself with others,
you may become vain or bitter,
for always there will be greater and lesser persons than yourself.
Enjoy your achievements as well as your plans.
Keep interested in your own career, however humble;
it is a real possession in the changing fortunes of time.

Exercise caution in your business affairs,
for the world is full of trickery.
But let this not blind you to what virtue there is;
many persons strive for high ideals,
and everywhere life is full of heroism.
Be yourself. Especially do not feign affection.
Neither be cynical about love,
for in the face of all aridity and disenchantment,
it is as perennial as the grass.

Take kindly the counsel of the years,
gracefully surrendering the things of youth.
Nurture strength of spirit to shield you in sudden misfortune.
But do not distress yourself with dark imaginings.
Many fears are born of fatigue and loneliness.

Beyond a wholesome discipline,
be gentle with yourself.
You are a child of the universe
no less than the trees and the stars;
you have a right to be here.
And whether or not it is clear to you,
no doubt the universe is unfolding as it should.

Therefore be at peace with God,
whatever you conceive Him to be.
And whatever your labors and aspirations,
in the noisy confusion of life,
keep peace in your soul.

With all its sham, drudgery, and broken dreams,
it is still a beautiful world.
Be cheerful. Strive to be happy.

When you don’t know, then you need is a little magic(5)

What’s in a file? If you’re to believe Windows, a .doc file is a Word Document, a .xls is a spreadsheet, a .jpg is a jpeg file. The reality is in the business you will encounter a bunch of anonymous files. If you’fe fscked a file system or ran chkdsk /f you can end up with a bunch of unlabelled or labelled badly files. Identifying them is a bit tricky. Some people don’t care, they just wipe the recovered files, but if you care, probably the first thing you want to do is figure out what file type they are.
For Unix and Linux we have the file command. This command determines what a file is based on the content of the file. How it does this is based on the contents of the /usr/share/file/magic file, which describes in simple means how we identify the file. It’s not 100% accurate, and regularly makes a pigs ear out of identifying text files properly (curses and your free format), but it works most of the time for images, programs and most of your annoying microsoft files.
Convenience aside, most of the work on the file command is actually performed by the libmagic library. You, as an application developer can take advantage of this library to provide useful information about a file to the consumer.
Apple Macs (and PalmOS devices) have it easy. Each file carries along with it identifying marks of it’s creator application and file type. This information is stored in the resource fork of the file, which for Macs can mean problems when transporting it from platform to platform. Self identification goes a long way though. As creator codes are registered with Apple, it means you generally avoid treading on other applications and co-opting their file types, as happens on windows all the time.

Typeface based personals

This is something that has always interested me. Certain typefaces cause me to think of certain things, just like certain pieces of music and certain half-seen images. The typeface personals is a collection of personal ads/dates oriented on different type faces. It’s quite a good description, and evokes some of the feeling that you get from looking at them. Then again, I know of at least one person who will think I’m talking a load of w**k.
All I have to say is that the fight between Helvetica and Arial is not over yet!
Straight apostrophes and quote marks did not exist in typefaces until the advent of digital type in the 1980s. It’s a computer thing, not a typographic thing.

[Listening to: Break On Through – The Doors – The Best Of The Doors (2:28)]