Archive for the ‘Computer’ Category

anti-mining malware measures

Tuesday, February 5th, 2019

A recent article on heise (https://www.heise.de/ratgeber/Mining-Parasiten-erkennen-und-loswerden-4198965.html) outlined how one can investigate a possible infection of a mining trojan on one’s computer. Typical symptoms of such an infection include a high CPU usage (usually resulting in the fan spinning despite running no high-load applications).

The general way to go on about this is to identify the process causing the high load and terminating it. On Windows, the OS-included application to use for that is TaskManager, on MacOS it’s Activity Monitor. On Windows platform, one other freely available tool is ProcessExplorer by Sysinternals.
Using those tools, it’s easy to list the running processes, sort them by CPU percentage and terminating them.

There is a serious limiting factor to this solution, however.

As malware creators are also getting more proficient, some of them include checks in the malware binaries which terminate the mining processes as soon as tools resp. their process names such as Taskmgr.exe, Activity Monitor or procexp64.exe are detected running.

The article therefor recommends to rename the binaries and running them again. This way, the malware will not suspend its activity and can easily be identified and subsequently be terminated.

On earlier Windows platforms, copying taskmgr.exe and renaming it was straightforward. On Windows 10 however, a renamed Task Manager binary does not display any data – I’m still trying to figure this one out.

Renaming procexp64.exe however is straight-forward. Extract the binary from the downloaded zip file, rename it and off you go.

On macOS Mojave (10.14.x) and High Sierra (10.13.x), Activiy Monitor can be renamed as follows:
Open the Utilities folder
Copy and paste Activity Monitor (provide an administrator password if asked)
From the context menu of the copied item, select “Rename”
From the context menu of the renamed item, select “Show Package Contents”
In the subfolder MacOS, rename Activity Monitor
In the Contents folder, open Info.plist
Change the following strings to the name you chose: Executable file, Bundle name, Bundle display name

Run the renamed Activity Monitor binary by running the Unix executable in the folder MacOS

phone number? f*** u, twitter

Thursday, December 20th, 2018

For some reasons I spent a lot of time recently thinking I would like to try twitter. Probably it’s because there is twitter desktop client availabe in linux distributions… corebird

So I signed up on twitter using my email address. After a couple of days, the account was suspended for “breaking the rules” – which is pretty amazing given that I’ve never twitted anything so far.

the only way to un-suspend the account? (re-animate?) provide a (mobile) phone number. well, fark you… not going to happen.

I’ve tried to find alternatives… there seem to be some but I’m not going to spend time creating fake phone numbers just to try to stay ahead in a game of cats and mice for a short while as twitter seems to be really strict about it and blocking phone number blocks and not allowing this and that.

update: fixed two typos

My first self-created course on memrise.com

Friday, September 28th, 2018

I’ve been posting about memrise on a couple of occasions. This time rather than bragging how many words I’ve learned and how many points I made, I created my own course:

https://www.memrise.com/course/2053021/qian-shui-shi-shi-yan-nodan-yu/

It’s a Japanese -> English course supposed to help you with vocabulary required to help passing the Japanese dive theory test called 潜水士試験

(I have no idea why the URL uses the Mandarin pinyin pronounciation for the test… I’ve inputted Japanese kanji – I also opened a help call with memrise but no reaction so far)

Creating the course was not difficult but you need to prepare the list(s) ahead and put the colums in the right order if you want to mass-import the lists.

Good luck, give it a try yourself (the course as well as creating your own course ^^)

A script to allow non-admin users to install security updates on CentOS

Thursday, September 27th, 2018

At work, I needed to come up with a script that allows non-admin users to install security updates on CentOS servers.

The only real dependency is yum-utils (because it uses the binary needs-restart to check the status of things) but you should also create a folder to store the script and of course a sudo command for the users to run.

Please also note the creative accumulation of several copied scripts to create the multiple choice menus…. I patched together some code samples found on the usual websites where coding is discussed.

HTH someone out there…

#!/bin/bash

######################################
## only root can run this (or sudo) ##
######################################

# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
echo “This script must be run using sudo (“sudo /opt/yumcleanup/restartsetupscript”) or as root. Exiting…” 1>&2
exit 1
fi

###############
## functions ##
###############

display_help () {
echo “The script can be run without interaction using the following”
echo “command line option: –non-interactive”
echo “This will silently install security updates only and restart”
echo “affected services.”
echo ” ”
echo “Calling the script with –help will also display this help text”
echo “as does calling the script with an unknown option.”
exit
}

set_exports () {
export http_proxy=”http://my.proxy.server.local:11111″
export https_proxy=”http://my.proxy.server.local:11111″
export proxy=”http://my.proxy.server.local:11111″
}

unset_exports () {
unset http_proxy
unset https_proxy
unset proxy
}

outputs_preparation () {
`rm -f $outputs`
touch $outputs
chmod 600 $outputs
}

outputr_preparation () {
`rm -f $outputr`
touch $outputr
chmod 600 $outputr
}

outputs_filling () {
`$mybin -s >> $outputs`
}

outputr_filling () {
`$mybin -r >> $outputr`
}

services_restart () {
while read line
do
# Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs
}

#################
## getopt test ##
#################

getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi

#######################
## setting variables ##
#######################

outputs=/tmp/myoutputs
outputr=/tmp/myoutputr
mybin=/bin/needs-restarting

getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi

LONGOPTIONS=non-interactive,help

PARSED=$(getopt –options=$OPTIONS –longoptions=$LONGOPTIONS –name “$0” — “$@”)
if [[ $? -ne 0 ]]; then
# e.g. $? == 1
# then getopt has complained about wrong arguments to stdout
echo “something wrong, showing help instead in one second”
display_help
exit 2
fi

# echo “$PARSED”

# read getopt’s output this way to handle the quoting right:
eval set — “$PARSED”

# now enjoy the options in order and nicely split until we see —
while true; do
case “$1” in
–non-interactive)
n=y
# echo “doing silent stuff now… TODO: disable this line”
# should do these steps: (probably better to put this in its own function)
set_exports
`yum -y -d0 –security update`
outputs_preparation
outputs_filling
services_restart
unset_exports
exit
shift
;;
–help)
h=y
# echo “displaying help in two seconds”
display_help
shift
;;
–)
#echo “instead of — showing help in three seconds”
#display_help
shift
break
;;
*)
echo “Programming error”
echo “displaying help instead in four seconds”
display_help
exit 3
;;
esac
done

set_exports
#export http_proxy=”http://my.proxy.server.local:11111″
#export https_proxy=”http://my.proxy.server.local:11111″
#export proxy=”http://my.proxy.server.local:11111″

# cleanup before we do anything
#`rm -f $outputs`
#`rm -f $outputr`

# install updates, ask user which type of updating he wants to do
echo “”
echo “Please select the type of updates you want to install: ”
echo “”
PS3=’Enter your choice: ‘
options=(“All updates (will most certainly require a reboot)” “Security updates only (reboot probably not required)” “All updates except kernel and kernel-related packages (reboot might be required)” “Quit (you will need to run the script again later)”)
select opt in “${options[@]}”
do
case $opt in
#”Option 1″)
“All updates (will most certainly require a reboot)”)
echo “Installing all updates… please wait”
`yum -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 2″)
“Security updates only (reboot probably not required)”)
echo “Installing only security updates…. please wait”
`yum -y -d0 –security update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 3″)
“All updates except kernel and kernel-related packages (reboot might be required)”)
echo “Installing all updates except kernel and kernel-related packages… please wait”
`yum –exclude=kernel* -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Quit”)
“Quit (you will need to run the script again later)”)
echo “Quitting… bye!”
exit
;;
*) echo “invalid option $REPLY”;;
esac
done

unset_exports
#unset http_proxy
#unset https_proxy
#unset proxy

##############################
## section services restart ##
##############################

outputs_preparation
outputs_filling

# `$mybin -s >> $outputs`
# chmod 600 $outputs

if [ `wc -l $outputs | awk ‘{ print $1 }’` -ge 1 ]; then
echo “”
echo “The following services should be restarted:”
echo “******************************”
cat $outputs
echo “******************************”

while true
do
read -p “Do you want to restart the above services? (y/N)” answer

case $answer in
[yY]* ) #
echo “restarting services….”

while read line
do
echo Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs

break;;

[nN]* )echo “exiting…” && break ;;

* ) echo “Please enter Y or N”;;
esac
done
else
echo “******************************”
echo “No services need to be restarted.”
echo “******************************”
fi

# section reboot

outputr_preparation
outputr_filling

# `$mybin -r >> $outputr`
# chmod 600 $outputr

echo “”
echo “Please check the following output and decide whether a reboot is required:”
echo “***************”
cat $outputr
echo “***************”

while true
do
echo “If you need to disable some kind of monitoring before rebooting the server,”
echo “please cancel this script (Ctrl+c) and disable the monitoring now,”
echo “then re-run this script again.”
read -p “Do you want to reboot the server in 60 seconds? (y/N)” answer

case $answer in
[yY]* ) #
echo “Scheduling reboot….”

shutdown -r -t 1

break;;

[nN]* )echo “exiting…” && exit;;

* ) echo “Please enter Y or N”;;
esac
done

Block Puzzle finally done…

Saturday, March 10th, 2018

… it took only about five years.

Here’s the proof:

Some puzzles on the Expert level have taken me weeks to solve. Now I don’t have to bother with this anymore. Good riddance!

ICT-Manager mit eidg. Diplom geschafft…

Saturday, July 8th, 2017

2017 könnte ein grosses Jahr in Sachen Auszeichnungen werden… im April seit Jahren wieder einmal TOIEC Test geschrieben und mit 985 von 990 Punkten geschafft.

Im Mai dann die ICT-Manager Diplomprüfung und Ende Juni dann endlich die Bestätigung – bestanden. Das letzte Jahr der Wirtschaftsinformatiker Fachausweis und dieses Jahr das Diplom nachgeschoben.

Wenn ich nicht gerade ein PADI Divemaster Praktikum absolvieren und mich auf die Cambridge Proficiency Prüfung im Oktober vorbereiten würde, könnte ich ein wenig durchschnaufen…. naja, vielleicht nächstes Jahr.

Mal schauen, was das Jahr sonst noch mit sich bringt…

Open remote files in LibreOffice (WebDAV)

Monday, April 10th, 2017

Although the feature “Open remote files” has been around in LibreOffice for a while, I only got it working recently, at least for WebDAV. Success on remote files on Sharepoint is still on the horizon, maybe I will follow up with another post once I get that working.

In Writer, go to the menu File, select Open Remote File…
Click Add service
Select WebDAV from the dropdown menu

If the WebDAV url for your host is https://host.yourdomain.orgorg/remote.php/webdav, then fill in the details as follows:

(Selecting “Secure connection” should change the Port number to 443. If it does not change, change it manually.)

After clicking OK, a dialogue box should ask for your usernamen and password, which can be saved if you want to.

If your username and password are correct, the usual Open File dialogue will show but the content is of course your remote location.

To save the file in your webdav folder again, select “Save to Remote Server”. You can choose to overwrite your existing file or save as a different file.

Schnapszahl* anniversary on memrise

Monday, April 10th, 2017

I’m a cautiosly avid user of memrise (memrise.com) – every tool has its advantages and disadvantages. So far, memrise has worked well for me and this weekend I was able to celebrate a 555 day streak (everyday continous learning). Something to be a little proud of.

This means two things:

  1. I have used a computer/tablet/smartphone for 555 days straight
  2. 556 days ago, the memrise app login and the website were not available, I just could not login which ruined my previous 300+ streak. Thanks a lot, memrise. By the way, there was never an apology or even an explanation about the outage. Well, it’s a free tool so I guess I can’t complain.

*What’s a Schnapszahl, you ask? Apparently there’s no direct translation in English. It’s defined as a number which consists of several equal numbers such as the above 555. Before trying to find a translation and checking the definition I though it also included patterns e.g. 737737, but this could be a regional difference.

Does memrise help you remember stuff?

Monday, August 29th, 2016

I use a couple of memorization tools…. anymemo, memrise, mnemosyne. They all have their strengths and weaknesses. In this post, I would like to divulge my opinion on memrise.

Overall, I have been using memrise for app. 553 days. The app encourages streaks – continous days of usage. For one set of vocabulary, I’m on my 333rd consecutive day – before that, the website was down so I lost my previous 200 or so day streak.

By the way, no one at memrise has ever apologized for that one day of downtime nor was there ever any explanation posted on the webiste. Shame, shame….

Memrise comes in two options: You can either login to the website memrise.com and learn facts and vocabulary there or you can install the memrise app.

Please keep in mind that I’m using memrise to learn Mandarin Chinese, Japanese, Korean and Hebrew. The relevance will be clear after the next paragraph…

The algorithm behind either version is the same – the main difference is the input and its configuration. On the website, you can choose to type vocabulary by using your physical keyboard whereas in the app, memrise provides an onscreen keyboard. Why does that make a difference?

On my pc/laptop, I have succesfully configured Mandarin and Japanese input for which I can use the latin alphabet as a basis. To type 漢字 in Japanese, I switch to the Japanese input and type “kanji” (Enter). The same principle works for Mandarin.

Korean on the other hand uses a totally different keyboard and so far I have not found a latin alphabet-bases input configuration. A colleague uses a self-made paper layout on top of his physical keyboard. Until I have to get really close and intimate with Korean, I will remain on the current low-key configuration, thank you.

As for Hebrew which is a right-to-left language (totally freaks me out in vocabulary lists in Excel), I don’t know. I’m just learning some basic words and phrases for the time being, so I have not looked into any input methods on my pc/laptop.

The exercises on memrise come in several patterns, but this can widely differ from course by course, which are contributed by memrise members. Naturally, the quality of the courses can also differ…

Most courses come with cards in English–><foreign_language> and the opposite (<foreign_language>->English). The “better” courses provided audio files for the <foreign_language> cards which can be really helpful for any foreign language, especially tonal languagues.

The “written” cards come in the following variety: Typing, recognizing and selecting. All in all, a good variety.

Before a card is marked as learned, you have to repeat it appr. six or seven times in learning mode. Afterwards it is moved to the “learned” heap and reappears according to a long-time memorization algorithm, similar to supermemo, anymemo, mnemosye and so on.

The downsides of memrise (the app, not the website) is the development. I was invited to participate as beta tester for memrise but after watching the google+ group for a couple of weeks, I decided to leave the group and not update memrise if I can avoid it.

The guys behind memrise basically make the same mistake all developers seem to make…. features over fixes and implemenation of features that do not make sense. I can understand the rationale behind this, but first of all I want a working app not new features all the time.

Also, there is considerable lack of communication about development and features. I have not seen a properly maintained list of bugs (open, in work, fixes). Frankly, the whole process of reporting bugs until a fix is implemented seems not very mature. A lot of users in the groups simply state “it’s not working pls fix it”. The more communicative users at least state their type of mobile phone, what version of ios or android and how to recreate the bug.

If you just are looking for a different way to learn vocabulary, check out memrise – at least I think it’s a good way to learn.

Wirtschaftsinformatiker mit eidg. FA

Wednesday, June 29th, 2016

Uff… nach Schule von Oktober 2014 bis April 2016 und zwei Tagen schwierige Prüfung…. geschafft! Ich bin offiziell Wirtschaftsinformatiker mit eidg. Fachausweis *freu*

Was soll ich sagen…. es war wie viele andere Prüfungen:
Fragen zu Inhalt, der in keinem Lehrbuch stand
Fragen fast wortwörtlich aus den Lehrbüchern kopiert
Formulismus wichtiger als Inhalt
Keine praktische Erfahrung nötig

Aber ich will mich ja nicht beklagen, immerhin habe ich die Prüfung geschafft. Trotzdem, ein wenig bitteres Gefühl bleibt schon zurück…