Hacking TiVO, PS2, Palm, GPRS, or your riding bikes

New computers – Windows 7 – compatibility (2) XP Mode

In researching the purchase of the new desktop, I found/was told/noted that you needed Windows 7 Pro version for “XP compatibility.”  Naturally, I assumed that this would be built into the product that I bought.  (Actually, I was a bit worried by that statement, since one would assume that a new version of an operating system would still run stuff that the old one did.  I still use programs that I first ran on MS-DOS 2, and they were still working fine on XP.)

Not so.

Well, I’m sure that Microsoft would take issue with that statement.  After all, when you try to use the “recommended settings” when troubleshooting compatibility, it tells you that it is running “Windows XP (Service Pack 2)” compatibility mode.  (Pretty much regardless of what the program or utility is.)  And if, trying the more manual troubleshooting, you tell the troubleshooting program that it did run under previous versions of Windows, there are XP SP2 and XP SP3 options (among nine others) to choose from.

It doesn’t matter which you choose.  I haven’t found any of them to work with any program to date.

However, the advice to buy Win7 Pro is sound, if you want to have much of a chance of running anything (interesting) that you have been using up until now.  You absolutely must have XP Mode.  It solves all your problems.  (Well, it solves a bunch of problems, and you can probably fix the rest with some scripting, which is annoying, but better than nothing.)  You have XP Mode if you buy Win7 Pro.

Well, no you don’t.

XP Mode turns out to be part of Windows Virtual PC.  You don’t have it with the base install.  You have the right to have it, but you don’t have it, and you have to download it and install it.  In trying to find out why I couldn’t run stuff that had run perfectly well under XP, I found a mention in the Help system, which made me realize this was a possiblity.  Sure enough, chasing this mention down through a few related help articles, I found a link to go and get it.  So I did.

Well, I tried.  In order to install Windows Virtual PC, Microsoft wants to run MGA.  MGA stands for Microsoft’s Grasping Authenticator.  Microsoft disputes this, and refers to it as Microsoft Genuine Advantage, but there is absolutely no advantage to you, the user, in MGA.  There definitely is an advantage to Microsoft, because, if you need MGA to run or install something, and anything at all goes wrong, you have to pay Microsoft to get it fixed.  Even if you’ve paid already.  I had no fear of MGA, because a) I knew that it was a genuine product, and b) I’d already had to run MGA to get the updates to work, and it hadn’t blinked.  This time, however, it would not believe that my Win7 Pro was Win7 Pro, and would I please cough up an extra $200.

(I took it back to the store I bought it from.  They got it fixed, for no money, but it did take them two days to do it.  And all my passwords were gone.  Oh, you thought passwords were there to keep people out of your computer?  Silly you.)

So now I have Windows Virtual PC, and XP Mode with it.  And, absent the fact that it creates a virtual disk for itself, and that, if you want to work on anything on your real disk you probably have to copy it on to this virtual disk, and mess around with settings, it runs everything just fine.  Per my previous posting on compatibility, Netscape/Communicator 4.8 works.  Eudora 1.5.2 works.  My beloved WordPerfect 4.2 (yes, that old) works.  So does WordPerfect 5.1, which is what Gloria prefers.  (I’m not sure I’m going to go to all the trouble of setting up the system that allows us to print from WordPerfect to a winprinter: we really only need to get at the files for reference purposes.)  Good stuff.

I did have to do a whole bunch of Windows Updates on XP Mode itself, which seems very strange to me.  Seeing as how I was downloading it from Microsoft, couldn’t they keep it patched and up to date?  Three or four sessions with Windows Update, and something close to a hundred updates by the time it seemed to settle down.

Ceterum censeo Microsoft esse delendam.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

New computers – Windows 7 – general observations

It took me about a month or so to create my first hard, no-you-can’t-recover-with-Ctrl-Alt-Del, pull-the-plug-and-hope-the-filesystem-isn’t-trashed crash on Win NT.  It took longer than that for XP.

Three days after installing, taking a break and watching an amusing little video, Win7 crashed.  Black screen.  Well, it does a black screen rather a lot, really, and it’s getting a bit nerve wracking, but usually it starts showing stuff within a few seconds.  Not this time.  This time I got a full, right back to the boot sequence event, with some very worrying questions along the way.  Although it did seem to recover OK.
Since I’m going to be complaining about Win7 rather a lot (going on my initial experiences) I suppose I should note some things that I do like.

The main reason that Gloria has her own account and “Desktop,” rather than both of us just using the same one, is that I’m right handed, and she’s left handed.  So her account has the mouse buttons switched.  (And I always buy symmetric mice.)  An ongoing annoyance on XP is that, once it’s been on Gloria’s account, the mouse is left-handed until signed on to a right-handed account.  And vice-versa.  So it’s nice to know that, in Win7, someone at Microsoft has finally realized that, when you are switching users, there is need for context menus, and therefore both buttons can be active.  (It is annoying that they’ve added an extra screen you have to click through when switching …)

Also, it’s very cute that when a program is doing something that requires a progress bar, the toolbar button matches the “progress” with a green shading of its own.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

New computers – Windows 7 – compatibility (1)

Windows 7 is not compatible with anything before Vista.  (I refused to have Vista in the house, so I have no idea about whether Win7 and Vista are compatible.)  If your artsy friends are bugging you to get a Mac, or your geek friends are bugging you to get Linux, and you have been limping along with Windows XP, and are now desperately in need of a new computer (all of which applied to me), then go along with whichever set of friends will give you the most help, and switch.  It’ll be easier than trying to figure out how to make Windows 7 work the way you’ve been used to.

That’s an overstatement, of course, but not much of a one.

First off, you’ll have to throw out all your previous software.  I tend to stick with computers for too long, and with software for too long.  At least, that would be the position of software vendors.  I figure a) if it ain’t broke don’t fix it, and b) why should I have to spend a lot of time learning the mixed up new interface that some idiot down in marketing thought would be kewl, and try to find the functions that I need down where they have buried them.  (Often I find that the stuff I really need is completely gone.)

Think I’m kidding?

I use Firefox.  No particular problem there.  Except that Mozilla wanted me to install 5.0.1, after I’ve been used to 3.6.18 for a while.  And I only then realized that I had no idea how to move the bookmarks over to my new system.  I have no idea where Firefox puts them.  Now, under the previous versions of Firefox, it was pretty good about using any sets of settings you might have lying around, including old bookmarks files.  Now it’s gotten fussy.  Of course, now Firefox has a new Sync feature.  That’ll probably help in future, but it’s not much use right now. (Yes, I’m reading up on how to use it in the old version, and, yes, I’ll probably be able to get everything across.  Eventually.)  (And, besides, all of this is Mozilla’s fault, and I know you are eager for me to get on with the Microsoft bashing.)

So, Firefox works (wonder of wonders).  I use a mail program called Pegasus, which, with a little care and attention on installation, also works.

I also use Netscape 4.8.  (Actually Communicator 4.8, but …)  Yes, I know, old tech.  But, it is a very safe browser, especially with JavaScript turned off, and, as a malware researcher, I have occasion to look at some pretty dangerous places.  Also, it uses the old bookmark.htm file, which is really handy for managing and transfering my collection of bookmarks.  The installer will not run in Win7.

(Yes, I researched the problem, and, yes, somebody mentioned SeaMonkey.  Interface is very similar, I grant you, but I can’t find out where they keep the bookmarks.)

(Also, Windows 7 initially choked big time trying to run the installation.)

My wife likes the simplicity (and I like the safety) of Eudora.  Version 1.5.2.  Doesn’t run.

For both programs I have tried the “Troubleshoot compatibility” option.  I bought, and paid extra for, Windows 7 Pro specifically because it was “compatible” with WinXP.  I tried the “recommended” settings, which supposedly ran in-or-as WinXPSP2.  I tried the manual troubleshooting, telling it that the programs ran just fine under Win95/98/NT/2K/XP and/or 2003.  They didn’t run under any compatibility mode.

And, of course, don’t even bother to try and run any DOS or other command-line utilities.  (Even using “Run as administrator.”)

(Using utilities that mess with internals is one area where you don’t expect compatibility.  So I was surprised, and very pleased, to note that the Frhed hex editor works just fine under Win7, particularly after all the other problems I had.)

Some of these problems can be overcome, or worked around, using Windows Virtual PC XP Mode.  More on the trials of that, later

Ceterum censeo Microsoft esse delendam.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

New computers – Windows 7

OK, I’ve thumped on Macs for a while now, so I guess it’s time to give Microsoft some bad words.

(I said a lot of bad words during this process …)

I bought the new computers back before Christmas, and it’s only now (well, last week, about seven months after I bought them) that I’m getting the new desktop set up.  Partly it’s been one darn thing after another, but partly it’s been a bit of anxiety.  And the anxiety was justified.

This will take a couple of postings to get through …

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

Fake Online Reviews

We’ve had means of expressing our opinions on various things for a long time.  Amazon has had reviews of the books pretty much since the beginning.  But how do we know that the reviews are real?  Virus writers took the opportunity presented by Amazon to trash my books when they were published.  (Even though they used different names, it only took a very simple form of forensic linguistics to figure out the identities.)

More recently, review spam has become more important, since many people are relying on the online reviews when buying items or booking services.  A number of “companies” have determined that it is more cost effective to have bots or other entities flood the review systems with fake positive reviews than it is to make quality products or services.  So, some nice people from Cornell university produced and tested some software to determine the fakes.

Note that, from these slides, there is not a lot of detail about exactly how they determine the fakes.  However, there is enough to indicate that sophisticated algorithms are less accurate than some fairly simple metrics.  When I teach about software forensics (aspects of which are similar to forensic lingusitics, or stylistic forensics), this seems counterintuitive and surprises a lot of students.  Generally they object that, if you know about the metircs, you should be able to avoid them.  In practice, this doesn’t seem to be the case.  Simple metrics do seem to be very effective in both forensic linguistics, and in software forensics.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

Aurasma: Graffiti meets YouTube

A company called Autonomy, which has been selling image search technology, has launched an apparently freely available (open?) project called Aurasma.  At the moment only available on iPhone 4, this allows you to “augment” the reality (that the mobile device sees) by adding video to overlay it.

In this article, a BBC reporter/commentator opines that this is a cute trick, but only that.  I’m going to go out on a limb and predict that this assessment is short-sighted (albeit only if the technology expands to other platforms).  Given that YouTube users are uploading 48 hours of video to the site every minute of the day, I suspect that the ability to create video graffiti, and “tag” it to any vista, location, or object, will be irresistable.

Apparently the company thinks this will be a platform that companies will use to create ads, to promote their products or shops at related locations.  They probably will.  However, myriad users will be creating other content, for the same images, and we will have SEO (Search Engine Optimization) battles that will make the malware and phishing sites we see now pale in comparison.  The Tokyo Chamber of Commerce or tourism board may wish to overlay video over certain landscapes or landmarks, but how will they stand up against thousands of geeks who’ve all seen Godzilla?

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

A recent flight …

Security wanted to open up my suitcase and look at the bag of chargers, USB sticks, etc, and was concerned about the laser pointers.  He decided they were pens, and I didn’t disabuse him of the notion.  Why disturb the tranquility of his ignorance?

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

New computers – Mac (Flash)

First off, I probably have to modify the perception that I may have left, in this series of postings, that I hate the Mac and everything it stands for.  Not true.  While I find the “Apple knows best” attitude frustrating at times (all right, many times), the MacBook Pro that I purchased is a nice machine in many ways.  For one thing, it’s the most powerful machine I’ve got at the moment.  (Until I get the time to install the new desktop, anyway.)  For another, it hibernates (or suspends, or sleeps, or whatever you want to call it) really well.  I appreciate that ability to simply close the lid, and open it up, and all my stuff is still ready to go, within seconds.  (This has been a particular frustration with the Asus netbook, which sometimes hibernates, and sometimes decides to think about it.  Forever.  Or, until I take the battery out, whichever comes first.)  I like the ongoing and very accurate battery indicator (although I’ll have more to say about that in another post).

It was the battery indicator that first alerted me to the issues with Flash.  As one of my Mac resource helpers noted when I found this out, Flash may, single-handedly, be responsible for global warming.  It is rather odd to pull up a YouTube video, or any other page with a high Flash content (news sites are particularly vile in this regard) and watch the battery life almost instantly cut in half (or drop even further).  To get your battery life (well, most of it, anyway) back again, all you have to do is drop the offending Flash page.

The thing is, I’ve never noticed this before on my other laptops.  Certainly Flash, on Windows, doesn’t have anything like that same effect on the battery life.  Yes, it’s more of a drain, and, yes, you’ll probably have to keep an eye on heating issues.  But the battery life isn’t half of what it was simply because of viewing videos.

Apple doesn’t like Flash.  The converse may also be true.  Because, despite the Mac’s much-vaunted prowess in multimedia areas, online video definitely seems to be a problem for it.

At home, we’ve recently been watching some TV programs via the Internet.  (We’ve done this because, at home, I get Internet service from Shaw, which provides our cable TV, as well.  And, they seem to be just as unreliable at providing the uninterrupted TV feed as they do at providing Internet service or help.  So we’ve had to fall back on the Internet to catch up on shows we’ve missed while the cable was out.)  Because of this, I’ve had a chance to do some comparison between a seven-year old Windows (XP) desktop machine, and a brand new MacBook Pro.  The old Windows machine wins, hands down.  We’ve watched streaming feeds of shows from the company Websites of CBC, GlobalTV, and Bravo, all at the standard presented resolution, and in the full-screen display.  All of these sites use Flash.  And the old (seven years old, remember) Windows machine, using Firefox, has won every round against the Mac, using Safari.  The streaming is just as good (which is odd, considering the sheer age of the Windows box), but the Mac tends to lock up (or go random places) any time we use the controls to rewind, or pick up a missed segment.

To repeat what I started out with, the Mac is great in many areas.  Viewing Twitter, even with the new (and heavily script-laden) interface, the Mac is very much faster, and Safari opens new windows and loads them quickly.  Which I why I found the online video weakness to be so odd …

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.