Medo's Home Page

Gone

Every restart I get familiar UAC prompt. And it is not a Microsoft’s fault for once. No, this is torture by Oracle ™.

Java updater is a perfect example of how things SHOULD NOT be done. For start we have uploader that requires account elevation for simple task of downloading newest update. All other programs can do the same with lowly user credentials.

Things get even worse if you are actually using Java while update is being done. As it is usual with installers, this one will require restart. But only to start whole process from scratch instead of completing it. If you have Java program starting with system, whole thing turns into exercise of futility.

Just to remind you that morons are all around, this thing will also pop up after restart even if there is no update pending. It would be shame to skip annoying user. Solution is simple.

Just disable this idiotic thing.

Not Java mind you. Java is nice programming language that is still not completely ruined by Oracle. Just kill updater. Security wise this is not smartest thing you can do. But you know what? I don’t care. It is only decision that sane person can make after being subjected to this.

PS: And don’t let me get started about Oracle’s practice of installing junk (yes, Ask toolbar, you are junk) with its runtime.

Crypt-compatible Passwords in C#

For hashing passwords I usually use SHA-256 PBKDF2. No project I ever made needed anything better than this. There is only one problem with this hashing function - it is not really compatible with anything.

Kinda unofficial standard for password hashing is an Unix crypt function. You can recognize its passwords by following format: $id$salt$hash. It was originally used for hashing user password on *nix systems but with time it became common format for other usages also.

After scouring Internet to find C# implementation I decided to code it myself. It seems that C# porting stopped for everybody with MD-5 variant of crypt. While that lowest common format supported quite a few use cases, I wanted to use a bit newer SHA-512 based hashing. It should have been just an hour of coding. Eventually it took me almost eight to get it working.

Few things took me by surprise during development. I was surprised how many pointless steps were in SHA-256/512 hash creation. Best example would be base-64 implementation that not only uses incompatible character set but it also shuffles bytes around before encoding. These steps don’t add any security nor they serve to slow attacker.

Lack of proper specification for MD-5 hash was annoying more than anything else. For most of part I used just specification for SHA-256/512 combined with reference implementation in C. Yes, it wasn’t mission impossible, but lack of description for something that is part of every Unix/Linux system for more than decade is an annoyance at best.

Sample supporting MD-5 ( $1$ ), Apache MD-5 ( $apr1$ ), SHA-256 ( $5$ ) and SHA-512 ( $6$ ) password generation is available for download.

PS: If you are interested in test cases for it, you can check Medo.dll repository.

Naughty ArgumentException

Writing a function you probably write following checks as a reflex:

void DoSomething(string argument) {
    if (argument == null) {
        throw new ArgumentNullException(&quot;argument&quot;, &quot;No nulls allowed!&quot;);
    }
    if (argument == string.Empty) {
        throw new ArgumentOutOfRangeException(&quot;argument&quot;, &quot;No empty strings!&quot;);
    }
    if (Environment.Foo &amp;&amp; (argument == &quot;bar&quot;)) {
        throw new ArgumentException(&quot;argument&quot;, &quot;Something else!&quot;);
    }
    ...
}

Yep, there is an error in third “throwing”. For some unknown reason ArgumentException needs parameters in a different order. Correct statement would be:

    ...
        throw new ArgumentException(&quot;Something else!&quot;, &quot;argument&quot;);
    ...
}

What will happen if you mess it up?

Well, nothing much. Exception will still be thrown and your code should be fine. You will see wrong exception text but any stacktrace will probably lead you to correct spot in code.

But it looks ugly.

Reader Is Gone

Few days ago Google made announcement that Google Reader is going the way of dodo. Personally I was quite annoyed with this because it was my RSS reader of choice, but there is enough time to search for alternative.

There were few reactions to this decision but most of them stayed in realm of realism. And then came Dvorak with his suggestion of Google releasing source code to public domain. Regardless of wishful thinking, this is never going to happen.

Google Reader is an old product and I can guess that its backend it very much reliant on Google’s infrastructure. Releasing it into wild would require quite a lot of work to make internal dependencies go away. Company that is closing down a product will not spend their engineers time to prepare product for future competitor.

Nor should it. Nobody expected WordPerfect to become open source as it was dying. And that was an excellent program that had a lot of users. Why would expectation be different for any other program just because it is on web? And don’t give me that crap about being able to use last version indefinitely. When program dies everybody switches to something else regardless of how good the last version was.

Even if it went open source I don’t think it would stay the Reader we know. First it would lose its simplicity. Everybody would add a feature or two to solve their particular problem. Lean Reader would soon start to get some fat and it would go the way of Firefox - nice browser that got way too much configuration options with time.

Google Reader is dead. Face it.

PS: Yes, I think that Google is being a bit evil. But it is not their first time nor it will be the last.

Changing Network Name (Etc.)

As I was playing with my wireless router, I noticed that Windows started referring to my text network with number two (2) in suffix. Each visit to Network and Sharing center resulted in annoyance since my good old MedvedAlt network was now named MedvedAlt 2 without any obvious way to change it.

We start adventure by entering gpedit.msc to Windows start menu. This will open Local Group Policy Editor in which we have to navigate to Computer Configuration, Windows Settings, Security Settings, Network List Manager Policies. There we can see our network in all its glory. All that is left at this point is to go into Properties and change Name setting from Not configured to whatever name we prefer.

1 … 142 143 144 145 146 … 264