Sam Liddicott

See the sad story of over-strict food safety control and see how they back-fire on public health.

http://divisionoflabour.com/archives/004849.php

I am an old delphi user. For delphi 1 I even wrote a multi-threader, and a form-inheritance mechanism.

I’m now playing with vala, but I miss the automatic class member definitions from Delphi, where items on a window would have fields automatically defined in the source, so I could refer to widgets directly.

With current vala demo’s I have to make calls to this.xml.get_widget("widget_name") and I can’t be doing with that.

I’ve written some xslt which will convert the glade file into a vala file and class, which should be a super-class to whatever vala class is going to implement the form and signal handlers.

At Nicolas Joseph suggestion (and help for providing a sample gtk builder file) I’ve converted this to gtkbuilder. Glade can still be used to design the UI, but libglade is no longer needed at runtime.

Any .glade file can be automatically converted to a gtkbuilder .ui file, and any .ui file can be converted to a .vala file, and they are converted as a group to .c and .h and then compiled.

Because the .vala file contains the gtkbuilder xml within it, the .glade files don’t need to be around at runtime.

When the subclass is instantiated the superclass constructor will instantiate the window from the glade xml, and fix up all the widget locations, so that the subclass can refer to this.widgets.name_entry and so forth.

demo.glade

A sample "hello world" glade file with a button, and a label, and event handlers on button click and window close.

demo.ui

demo.ui is a gtkbuilder format built automatically from demo.glade IF demo.vala is listed as one of the vala sources.

demo.vala

When xsltproc –nodtdattr gen-vala-gltk-widget-bindings.xslt is invoked it generates the vala file, with the xml embedded. The main class name is taken from the top level widget identifier.
It’s widgets protected class has a member defined for each of the widgets.
Such code as:
this.widgets.label2.label=’Hello’;
can be used to affect the UI.

mainwindow.vala

The human subclasses the automatically generated class (named after the top level widget) in demo.vala, in order to implement signal handlers, and can still access widgets with:
this.widgets.label2.label=’Hello’;

Makefile.am

I also had to make changes to Makefile.am (generated vala-gen-project) to add the reciples for building .vala files from .ui files from .glade files.

To add a new auto-built source based on window.glade, you must add the window.glade file to the project_GLADESOURCES definition and window.vala to project_VALASOURCES

gen-vala-gtk-widget-bindings.xslt

This converts gtkbuilder files to vala files with the original xml as a string constant.

widget-bindings-0.1.0.tar.gz

Here is a sample project. I use it with anjuta and it mostly works, but I edit Makefile.am manually when I add new source files cos anjuta gets anxious about adding certain filetypes to certain targets if it doesn’t know about. them

An anonymous author sent me the source to a tool to clone SysKey information from Windows 2000, XP, and 2003 and read and write password hashes to live windows systems, called SKCLONE.

The file is available for download here, and the README is quoted below.

---

SKCLONE - Like PWDUMP or COPYPWD but works on 64 bit.

(The 32bit exe works on 64 bit. How about that?)

THERE IS NO WARRANTY.

THIS PROGRAM:-

* MAY TRASH YOUR SYSTEM.

* MAY CAUSE PROBLEMS WHICH CANNOT BE FIXED.

* RELIES ON ASSUMPTIONS WHICH MAY NOT ALWAYS BE TRUE.

* MAY NOT BE FIT FOR YOUR PURPOSE (OR ANY PURPOSE).

* IS NOT OF MERCHANTABLE QUALITY.

* IS NOT FIT TO BE SOLD.

USE AT YOUR OWN RISK.!!!!

IF YOUR JURISDICTION DOES NOT GIVE EFFECT TO THESE

DISCLAIMERS YOU MAY NOT USE THE PROGRAM.

YOU HAVE BEEN WARNED!

Overview

================

SKCLONE: Clone SysKey information from Windows 2000, XP, and 2003.

Read and write password hashes to live systems.

MUST run under the SYSTEM account. HINT: Use the AT command.

SKCLONE is free software.

Permission is granted

* to copy, distribute and use

* and make derived works

* provided attribution is given:

Copyright 2008 By Anonymous

Thanks to clark@hushmail.com for

http://beginningtoseethelight.org/ntsecurity

Thanks to Nicola Cuomo - ncuomo@studenti.unina.it for

samdump2 and bkreg, consulted for information

on how syskey is stored and used.

Purpose and History

=====================

SKCLONE was written because copypwd does not work on 64bit windows

at the time of writing, and I needed to move a large number of local

user accounts from a 32 bit installation to a 64bit installation.

The intention was originally to clone the SysKey from a 64 bit windows

to a 32 bit windows so I could use copypwd to copy the hashes to the 32bit

windows, then just copy the syskey’d hashes to the 64bit windows. That’s

because clark@husmail.com had a page explaining where the syskey was stored,

but not how it was used. Hence the functionality for exporting syskey and

syskey’d hashes.

I then found out that Nicola Cuomo has worked out how to use SysKey to

decrypt the hashes extracted from NTBACKUP system state, knowledge Nicola

generously embodied in BKREG and SAMDUMP2.

Since I had already written the code for decoding the SAM user V record,

it was simple to duplicate the SysKey decrypting function using CryptoAPI.

It was also simple to make the process go both ways. These functions are

embodied SysKeyRead, SysKeyGetBootKey and SysKeyCrypt. It was also simple

to make the function GetSetSamUserPwHash both read and write.

So I never got around to finishing the code for importing the SysKey data.

(You just have to recreate the four keys under LSA with new Class values).

SysKey cloning could still be useful though — just not sure for what!

How to Use

==================

SKCLONE uses the registry APIs to read and write the SAM values

directly. It MUST be run under the SYSTEM account, since only

SYSTEM has access to HKLM\SECURITY\SAM.

Only writes to STDOUT. It is STRONGLY recommended that you pipe this

straight into GPG or similar.

The easiest way to do this by hand on a local machine is with the

AT command. Say it is 11:30, enter this in a command window:

at 11:32 /interactive cmd.exe

At 11:32 a command prompt will appear running as SYSTEM. You can run

SKCLONE from this prompt. Interestingly you can run RegEdit.exe from

this prompt and browse the SAM, which is what I did.

The simplest way to do it remotely is to use Remote Desktop with the

"connect to console:1" option, then you can just use the method above.

The simplest way to do this from script, is:

* Copy skclone.exe to \\MACHINE\admin$\skclone.exe

* Schedule a task on the remote machine as the SYSTEM account.

You don’t have to set a schedule, just create the task.

* Start the task, and wait for it to finish, by polling it’s status.

It is pretty quick (almost instant, generally).

* Copy off the file, hopefully you took advice and encrypted it with

GPG. Otherwise, you should ensure it went to a directory readable

only by Administrators group and SYSTEM.

* Delete the file from the remote server. Should use SDELETE or similar.

* You are done.

When importing passwords, it will NOT:

* Set the Administrator password, or any account with RID < 1000.

* Set any password which is blank. But you can use PRESETPW to

set these to a random password first.

Options

===============

Usage:

skclone [OPTIONS] COMMAND [argument]

Options are

/DEBUG executes a debug breakpoint immediately

(so you can attach a debugger).

/VERBOSE Prints more rubbish.

skclone IMPORTPWDUMP

Imports pwdump style passwords directly into registry.

INFO: A Password must already exist. Use PRESETPW to set a random one.

WARNING: Invalidates ALL user’s protected data.

WARNING: LSA Secrets, EFS files, CryptoAPI secret keys etc.

skclone EXPORTPWDUMP

Dumps pwdump style passwords directly from the registry.

INFO: Will not set null passwords. Set a random password first.

skclone USAGE

More options will be shown.

skclone SETPW <USERNAME:PWDUMPHASHES>

Same as IMPORTPWDUMP, but just does the one from the command line.

Will not overwrite a null password. Use NET USER <username> <password>

to set one first.

skclone PRESETPW

Reads list of usernames (or username:hashes) and sets a random

password for those with no password. Ignores those with one, and RID < 1000.

This is here because IMPORTPWDUMP requires that a password already exists.

skclone CLEARPW [accountName]

Clears user’s password. Will clear RID < 1000.

WARNING: Invalidates ALL user’s protected data.

WARNING: LSA Secrets, EFS files, CryptoAPI secret keys etc.

skclone REPORTPW

Lists accounts with clear passwords.

Compile without #define SIMPLEONLY for more options.

Useful Functions

============================

These functions could be usefully put into a library of some sort.

SysKeyRead reads syskey values from the live SAM into a SK_DATA

struct.

SysKeyWrite DOES NOT WORK. DO NOT USE IT.

SysKeyGetBootKey derives the bootkey from SK_DATA. This is not used

for anything in the program, but duplicates the functionality of BKREG.

SysKeyDerive derives the intermediate key from SK_DATA.

SysKeyCrypt uses the intermediate key to encrypt or decrypt LM or NT

hashes.

GetSetSamUserPwHash reads or writes SysKey encrypted NT or LM hashes.

Use SysKeyCrypt to convert these to/from PWDUMP/L0pth hashes. Takes

an open key to the SAM or a copy of it with KEY_READ access.

GetSamUserRid is a utility function which uses OpenSamUserRidKey to

lookup the RID of a user. Takes an open key to the SAM or a copy of

it with KEY_READ access.

Bugs and Limitations

============================

SKCLONE cannot clone the SysKey. DON’T TRY YOU WILL BREAK YOUR SYSTEM.

For good measure, the standard build does not include SysKey import

export functions, just PWDUMP/COPYPWD hash dumping and loading, plus

a couple of utiliies.

IMPORTPWDUMP will not overwrite a null password. However the PRESETPW

using the same input file will ensure that all accounts have passwords

by setting a random one where none exists.

IMPORTPWDUMP will not set an LM hash where none exists. If there exists

an NT hash but no LM hash, the NT hash will be set but the LM hash will

not. This shouldn’t hurt you — only very old OS require LM hashes. If

this is a problem, changing the user’s password manually will usually

set an LM hash.

REPORTPW will only list accounts with a null password (as opposed to a

zero-length password). This is generally accounts which have never had a

password, or have been cleared with CLEARPW.

SysKeyWrite function does not work! It does not write the boot key

information. It also writes some values which have nothing to do with

syskey — I think they have something to do with LSA Secrets but I am

not sure what.

For SysKey the relevant values are account_f which is 0×30 bytes from

offset 0×70 under HKLM\SECURITY\SAM\Domains\Account\F, and the

lsa_xxx_class values, which are the classes from four keys under

HKLM\SYSTEM\\ControlSet001\\Control\\Lsa.

See RegQueryInfoKey to learn about classes. They can’t be changed once set,

you have to delete the key and recreate it.

Really want a better name since we can’t actually clone the SysKey.

Maybe copypw64? Or pwdump7? or copysam?

That’s all folks.

A Daily Mail article on philosophy taught to children listed some of the questions put to the children for discussion.

Why do people treat animals like slaves?
Why are there so many answers to God’s questions?

Some of those questions are a bit loaded for young children:

"Why do people treat animals like slaves?"

For starters, how about:

• What are slaves?
• Do people treat animals like slaves?

Or are is this a sneak way to program the meaning of slaves to be "treat people like animals" to prevent children from ever learning that taxation is also slavery?

Truly the language defines the thoughts…

"Why are there so many answers to God’s questions?"

How about starting with:

• What are God’s questions?
• Who is God?

I like unix because it is easy to do tasks with throw-away 1 liners that take less than a minute to come up with.

I had re-factored some patches from one source tree to another, and I needed to make sure that I hadn’t missed any fragments.

git-diff ccache..v4-0-vfs-proxy | grep ‘^+++’ | sort | uniq | sed -e "s/^\+\+\+ b\///" | while read f ; do diff -bwu ../$f /home/projects/samba-git/$f ; done

So I get a list of files that my changes affected, and then compared those to the equivalent files in the new tree. The diff was small and consisted mostly of pre-existing changes between the two trees.

I was easily able to account for any other slight differences is the resulting files.

I suspect that there were git-tools to help here, but the point is that I didn’t have to learn the official way to do my task, but I was still able to do it quickly based on existing knowledge.

Dear Honourably-Confused,

I am regularly filled with sorry when I read such letters as this, demonstrating how low the manners of our population have sunk; however you did right to ask me!

You should not only thank the person at each door, but before you pass through the door you should both put your hands together and bow as a mark of respect.

If you both bow low enough the door will not be able to slam in anyones face.

If one does not bow low enough, not only will the door slam in the face, it will also be a sign of bad grace and so in such circumstance it would not be appropriate to apologise.

Sam

This post is password protected. To view it please enter your password below:

Password:

It has been suggested by Shane Martin Coughlan following a gently heated discussion on the discussion@fsfeurope.org mailing list, that a collection of questions relating to the GPL3 be collated and put to the FSF authors.

* Shane Martin Coughlan wrote, On 21/11/07 20:14:

Suggestion:

How about we make a list of concerns that people have and I email BrettSmith with them?  That way we consolidate the concerns into onesubmission and potentially speed up the process of obtaining answers.MJ, Sam, perhaps you could coordinate the list of questions.

This page is setup for that purpose.

Readers: feel free to add comments or questions relating to GPL3 or AGPL, a compilation of which will be sent to Brett Smith by Shane.

My personal proposal is the creation of a list of implications of choosing a specific license to help prospective licensors choose (or avoid) a license according to their requirements.

My proposed implication is:

I believe that this implication is not widely understood and because ealier versions of the GPL are widely known to prohibit the addition of extra restrictions, this implication is also unexpected.

Here’s my nomination for the Food and Farming Awards 2007 Derek Cooper Special Award:

Published selected episodes from the life of Ray Gunge sold out, but discerning and appreciative readers will no doubt manage to get a copy of this well written account.

Slashdot It!

International websites, and American TV news have all covered the incident where a student was tasered by American police while resisting officers who tried to prevent him asking a long rambling political question, even after John Kerry being asked the question said he would answer.

Whatever your take on this particular situation, this is the continuation of bad trend that started before designation "safe protest zones" well away from the political figuring being protested to.

So how can Black Rod save the day? The answer lies in the power of political ritual and ceremony to keep certain ideas alive.
Purloining freely from Wikipedia:

State Opening of Parliament

Black Rod is best known for his part in the ceremonies surrounding the State Opening of Parliament and the Throne speech. He summons the Commons to attend the speech and leads them to the Lords. As part of the ritual, as Black Rod approaches the doors to the chamber of the House of Commons to make his summons, they are slammed in his face. This is to symbolise the Commons’ independence of the Sovereign. Black Rod then strikes the door three times with his staff, and in reply to the challenge "Who is there?" answers "Black Rod". He is then admitted and issues the summons of the monarch to attend. This ritual is derived from the attempt by Charles I of England to arrest five members in 1642, in what was seen as a breach of privilege, though strictly the King was entitled to enter the chamber. After that incident, the House of Commons has maintained its right to question the right of the monarch’s representative to enter their chamber, though they can not bar him from entering with lawful authority.

The ceremony maintains the right.

From this day forth, a new tradition (like the famous Slashdot "first post") must begin.

The first question asked at any political rally, or convention must be a ceremonial question:"The police aren’t going to arrest or taser us if we ask unpopular questions, are they?"

Let the asking of this ceremonial question be offered to distinguished guests as a token of politeness, or to student body presidents, or the rotary club president, or the mayor.

And then the police, or the host will give the ceremonial answer: "No, not even if you are courteous or impolite, but we respectfully ask you to be courteous and polite to our guests and others present".

Maybe the questions need improvement, but the main thing is that it happens.

Make it happen, have the suggestion posted in every student handbook and newspaper, have it asked every time.

The maintenance of your liberty depends on the regular performance of this new ceremony.

New Lyrics

Lyrics to "He’s not Heavy. He’s my brother", anyone want to make a recording?

To the tune of "He ain’t heavy"

I may be wrong
with many a foolish thought
that leads me to who
  knows where
who knows where
If I’m wrong
show me that you care
please don’t taze me, please my brother

I hope you know
I welcome your point of view
don’t have to agree
to hear
or to share

for I know
the law preserves our liberty
please don’t taze me, please me brother

If I’m learning
  at all
I’m learning
  with sadness
that every tyrants heart
is-a filled with the badness
and hate
for free opinion

it’s a long long road
I fear there is no return
and we’re on the way
to hell
were nearly there

and the law
shouldn’t weigh us down at all
please don’t taze me, please me brother

( please my brother

  please don’t taze me

  please my brother
)