The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Category: Administrivia

Overhead

Tucking Other Files into an OpenDocument Document
WordPress doesn’t allow ZIP files, but very often I want to upload a collection of files that all relate to a common topic. For example, the three Tek 492 EPROM HEX files ought to come with a bit of documentation about how to use them.

Fortunately, OpenDocument documents (sounds like something put out by the Department of Redundancy Department) are actually ordinary ZIP files with a different extension. There’s no good reason you can’t tuck some additional files into that container. Nay, verily, if you use a word processor file, then you can have documentation accompany your files!

Note that the additional files don’t have any effect on the word processor document: OpenOffice simply uses the files it knows about and ignores the additional ones. You won’t see them in the word processor document; you won’t even know they’re present.

However, because OpenOffice doesn’t know about them, it won’t transfer them to the new document when you save the file. You must add the files as the last step, after editing and saving the word processor document for the last time.

I suppose there are pathological cases where this will cause trouble and I certainly hope that OpenDocument validators will complain vehemently about the presence of additional files. Use this knowledge wisely, OK?

So, for example…

Create a document and save it as the default ODT format using OpenOffice; let’s call it Tek 492 ROM Images.odt, just so you can see one in action.

Now, to add those HEX files to it, you’d use the ordinary ZIP utility:
```
zip "Tek 492 ROM Images.odt" *hex
```
The quotes protect the blanks in the file name and you must type the entire file name out with the extension, because ZIP doesn’t expect to work with ODT files.

You can list the file’s contents, which will show you all the other files that go into making an OpenDocument document work:
```
unzip -l "Tek 492 ROM Images.odt"
Archive:  Tek 492 ROM Images.odt
Length     Date   Time    Name
--------    ----   ----    ----
39  07-30-09 18:09   mimetype
0  07-30-09 18:09   Configurations2/statusbar/
0  07-30-09 18:09   Configurations2/accelerator/current.xml
0  07-30-09 18:09   Configurations2/floater/
0  07-30-09 18:09   Configurations2/popupmenu/
0  07-30-09 18:09   Configurations2/progressbar/
0  07-30-09 18:09   Configurations2/menubar/
0  07-30-09 18:09   Configurations2/toolbar/
0  07-30-09 18:09   Configurations2/images/Bitmaps/
23156  07-30-09 18:09   content.xml
18259  07-30-09 18:09   styles.xml
1240  07-30-09 18:09   meta.xml
4943  07-30-09 18:09   Thumbnails/thumbnail.png
8742  07-30-09 18:09   settings.xml
1889  07-30-09 18:09   META-INF/manifest.xml
4876  07-30-09 11:56   U1012 - 160-0886-04.hex
19468  07-30-09 11:56   U2023 - 160-0838-00.hex
19468  07-30-09 11:56   U2028 - 160-0839-00.hex
--------                   -------
102080                   18 files
```
For obvious reasons, if you’re stuffing a bunch of files into an ODT file, you should probably ZIP them into a single ZIP file of their own, then add that single file to the ODT file. That means your victims users must also apply UNZIP twice, which may be expecting too much.

When you want to use the HEX files, extract them:
```
unzip "Tek 492 ROM Images.odt" *hex
```
And there they are again:
```
ls -l
-rw-r--r-- 1 ed ed 15447 2009-08-11 20:51 Tek 492 ROM Images.odt
-rw-r--r-- 1 ed ed  4876 2009-07-30 11:56 U1012 - 160-0886-04.hex
-rw-r--r-- 1 ed ed 19468 2009-07-30 11:56 U2023 - 160-0838-00.hex
-rw-r--r-- 1 ed ed 19468 2009-07-30 11:56 U2028 - 160-0839-00.hex
```
That’s all there is to it…

For what it’s worth, Microsoft DOCX files (and their ilk) are also ZIP files in disguise, so this same hack should work there, too. However, many folks (myself included) treat MS DOC files with the same casual nonchalonce as they do any other hunk of high-level radioactive waste, so stashing an additional payload in those files might not have a happy ending.

This trick will certainly come in handy again, so I better write it down…
2009-08-22
Why Friends Don’t Let Friends Use Windows: Torpig

For those of you still using Windows, here’s a sobering look at why you shouldn’t: an analysis of the Torpig botnet by an academic group that managed to take over its command & control structure for a few days.

The report is tech-heavy, but well worth the effort to plow through.

Here are some of the high points…

Why do the bad guys do this? It’s all about the money, honey:

In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions.

… we extracted 1,660 unique credit and debit card numbers from our
collected data.

Does an antivirus program help?

Torpig has been distributed to its victims as part of Mebroot. Mebroot is a rootkit that takes control of a machine by replacing the system’s Master Boot Record (MBR). This allows Mebroot to be executed at boot time, before the operating system is loaded, and to remain undetected by most anti-virus tools

In these attacks, web pages on legitimate but vulnerable web sites are modified with the inclusion of HTML tags that cause the victim’s browser to request JavaScript code from a[nother] web site under control of the attackers. This JavaScript code launches a number of exploits against the browser or some of its components, such as ActiveX controls and plugins. If any exploit is successful, an executable is downloaded from the drive-by-download server to the victim machine, and it is executed.

What happens next?

Mebroot injects these modules […] into a number of applications. These applications include the Service Control Manager (services.exe), the file manager, and 29 other popular applications, such as web browsers (e.g., Internet Explorer, Firefox, Opera), FTP clients (Leech-FTP, CuteFTP), email clients (e.g., Thunderbird, Outlook, Eudora), instant messengers (e.g., Skype, ICQ), and system programs (e.g., the command line interpreter cmd.exe). After the injection, Torpig can inspect all the data handled by these programs and identify and store interesting pieces of information, such as credentials for online accounts and stored passwords.

If you think hiding behind a firewall router will save you, you’re wrong:

By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall.

If you think you’ve got a secure password, you’re wrong:

Torpig bots stole 297,962 unique credentials (i.e., username and password pairs), sent by 52,540 different Torpig-infected machines over the ten days we controlled the botnet

If you think a separate password manager will save you, you’re wrong.

It is also interesting to observe that 38% of the credentials stolen by Torpig were obtained from the password manager of browsers, rather than by intercepting an actual login session.

Somewhat more info on Mebroot from F-Secure.

Remember, the virus / worm / Trojan / botnet attacks you read about all the time only affect Windows machines. Linux isn’t invulnerable, but it’s certainly safer right now. If you’re running Windows, it’s only a matter of time until your PC is not your own, no matter how smart you think you are.

If you have one or two must-gotta-use Windows programs, set up a dedicated Token Windows Box and use it only for those programs. Network it (behind a firewall) if you like, but don’t do any email / Web browsing / messaging / VOIP on it. Just Say No!

For everything else, run some version of Linux. It’ll do what you need to get done with less hassle and far less risk. It’s free for the download, free for the installation, and includes all the functions you’re used to paying money for. Just Do It!

If you think using Linux is too much of a hassle, imagine what putting your finances back together will be like. Remember, the bad guys will steal everything you’ve ever put on your PC, destroy your identity, and never get caught.

Now you know… why are you still stalling?

2009-05-30
Geek Scratch Paper Redux

4×5" grid for 4.25×5.5" stock using 5×8" page

While attending a recent IEEE talk, I scored a stack of quarter-sheet flyers for a “Green Fair” that were outdated and presumably destined for recycling (or, more likely, the trash can), printed on gorgeous glare-white card stock with one blank side. Couldn’t pass ’em up…

As described there, I’m the sort of person who thinks on grid paper.

This being a new paper size, I went to incompetech.com again, set up a nice 4×5″ grid, fetched the PDF, then discovered that 4.25×5.5″ paper isn’t one of the R380 printer’s standard sizes. So I loaded the PDF into The GIMP and aligned it within a 5×8″ page. After a bit of to-and-fro tweakage, the grid came out neatly centered on the flyer.

The image is the resulting PNG file, which should Just Work if you have a similar setup and print on a borderless 5×8″ page. There may be some interaction with the default 2% borderless printing expansion; I turned that off in the Turboprint driver. You (well, I) want exact 1″ grids!

If you don’t have a full-bleed printer, some fiddling with the margins may be in order. My Epson R380 printer feeds & prints top-first and left-aligned, if that’s any help.

Anyhow, I ran off two dozen grids, whacked some cereal-box cardboard to the right size, and padded everything together with Elmer’s Wood Glue to see how that works. It’s a bit stiffer than I’d like, but these flyers are more like thin cardboard than thick paper.

Quarter-sheet grid tablet – showing binding

My R380 has a continuous-flow ink system, which is basically the only reason this sort of geekage makes sense. At two kilobucks per liter for photo ink, it sure doesn’t…

[Update: I wonder why somebody rated this one as “Dead Wrong”? It’d be useful to know what went wrong; the comments box works just fine.

For what it’s worth, I just ran off another stack. Nothing wrong with the process, that’s for sure.]

2009-05-15
Mandatory Setup Slide for All Presentations

Presentation Setup Slide

When you put together a presentation, add this slide at the very end.

Display it while you’re setting up the projector so you can make sure all the corners are on-screen, all the colors work, and that the circles are actually circular. Your audience will appreciate your consideration.

The text font should be whatever you’re using for the main body text in the presentation. If you think the text I’ve used is too large, then you’ve never sat in the back of your own presentation…

When you’re ready to start, whack the Home key and your regular title slide will appear.

Here it is as a single-slide PowerPoint presentation, because WordPress doesn’t allow uploading OpenOffice ODP presentations. Copy the slide into your own file and let your audience move around accordingly.

2009-04-28
Attention: Patent Litigation Attorneys

Read that before contacting me; it’ll save us both some time.

Thanks…

2009-04-19
Poof: A Post!

Looking at the calendar shows I missed 16 March… so I’ll just go back and rewrite history.

I generally have two or three weeks of posts scheduled for release, one a day, just before 8 am Eastern US time. That way I can write ’em when I have the time, edit them a bit to make the answer look better (or, in some cases, come out right), and not have to worry about being somewhere else in the morning.

Yes, I agree that’s a bit sneaky. Perhaps a blog post should appear when the spirit moves me, but all in all I’d rather not dump a dozen entries in two days, then go dry for a week.

That’s how it works… and now I’ve filled in the hole.

Memo to self: scan the dates a little closer next time, eh?

2009-03-16
Same Content, Different Theme: Redux

This theme (Rubric) seems less glaring than Shocking Blue Green, it’s flexible-width, and the fonts seem fine.

A bit heavy on the Javascript that nails that gradient to the screen. Ain’t it amazing how software eats up all the performance of the hardware?

Heck, it even has a customized header image!

2009-02-19