blarg?

The number of times in my life that a friend has been so grateful that I’d cut their mom’s box-spring mattress in half with a Leatherman that they bought me dinner has, I’ll admit, been pretty small. But when it does happen, boy, that’s a great day.


“What’s the damage?”

“About twelve dollars.”

“Twelve dollars?”

“Twelve Canadian dollars.”

“Wow. It’s like free food.”

That’s me and Chris Blizzard talking about the bill from last night’s culinary onslaught. Shaver and his friends are pretty cool folks to hang with.

Following yesterday’s scotch comments, Kev brought me a treat, a little hotel-bar bottle of Red Label. “I would have got a better scotch”, he said, “but none of them come in tiny little bottles.” It’s remarkable how that works. He and Coop should both come out more often, even without the scotch.

But with it is OK too.

Another day, another completely undocumented windows worm. Has any legitimate traffic ever happened on port 445? I doubt it. This week’s culprits are the barely-heard-of wucmdex.exe and the completely-unknown zsxtr.exe.

If your computer starts “acting funny”, Mcafee won’t run and so forth, well, here you are. If you can’t even call up the task manager, that’s an artefact of the zsxtr.exe infection.

I’ll have more information on this soon, and I’ll put together another document on the fixes for these bastards, but for now I suggest you apply the following procedure, that might as well be called the ANSI Standard Windows Fix: log in to safe mode with command prompt, as administrator, delete the file and hand-scrub the registry, P.S. hope you got everything. In this case, like so:

  1. Reboot the machine and hit F8 as soon as it POSTs.

  2. Choose “Safe Mode With Command Prompt”.
  3. Log in with an admin-privileged account.
  4. At the command prompt, do this:
    cd c:\windows\system32
    attrib -s -h -r wucmdex.exe
    attrib -s -h -r zsxtr.exe
    del wucmdex.exe
    del zsxtr.exe
    
  5. Run regedit, search for both of those filenames and delete any registry entries you find with them in it. On my machine, zsxtr.exe appears under a folder called “Krypton” which I’ve also deleted. There’s an associated file hidden in c:\windows\system32 called sys16.exe, which you should also unhide and remove.
  6. Reboot, hit F8, choose “safe mode with networking” and do a full Windows Update.

I should add here that it’s a good idea as a general practice to turn “System Recovery” off and to have all of these security updates on a burned CD. That last step, the Windows Update part, is just a race against time.

More news as it develops. Again, I’m grateful for any information people want to add to this. Please email me or leave a comment below.

This entry was last updated 1:00 PM EST, July 21/04

Q: Bad Boys, watcha want, watcha want?

A: If you have chosen a career outside the law, typically you’ll be in it for the acquisition of wealth. There may be ulterior motives involved, such as a desire for fame or the acquisition of a particular item or class of items, but generally speaking you’ll be in it for the money.

Q: Whatcha gonna do when Sherrif John Brown come for you?

A: This isn’t something that you should worry about. Sherrif Brown was shot, alongside one of his deputies. The suspect in that shooting confessed, though he denied having anything to do with the shooting of the deputy, and his accomplice has not been apprehended. Generally speaking, however, law enforcement does have extensive and highly mobile resources, and are typically better equipped and trained than even the most talented or well-heeled blue-collar criminals.

Q: Bad Boys, Bad Boys, Whatcha gonna do?

A: By the time this question arises, you should be aware that the police are on to you. Your options are limited at this point; you can either turn yourself in or flee the scene. Some people choose a third option, entrenching themselves in some convenient domicile, but that is the least feasible of your options, providing law enforcement with a sitting target and time to muster their resources.

The decision to turn yourself in or flee depends entirely on the gravity of your offence and your perceived risk in turning yourself over to the authorities – if your local authorities are known to abuse their prisoners, or you’re facing a third strike for something relatively trivial, this may give you some impetus to flee. But let me be clear about this: barring an extremely abusive police force, unjust judicial system or particularly heinous crime, your best option is to turn yourself in.

Q: Whatcha gonna do when they come for you?

A: Typically, once the police have decided that they’re coming for you, they’re going to come for you in force. What they’re going to do if and when they catch you depends as much on their original reason for coming for you as they do on how the process of apprehending you went.

If you’ve decided to turn yourself in, go directly to the police station or the first uniformed officer you see and inform them of your identity. Do not wear a jacket, do not carry a bag, and ask to speak to your lawyer immediately. Most importantly, do not resist or give the impression of resistance; again, police officers are professionals trained to deal quickly and efficiently with that kind of situation, and your welfare will be very low on their list of concerns.

If you’re going to run, and you have a little time, it’s imperative that you move promptly and draw no attention to yourself; be cool, pack a bag, put on your sunday best, take public transit to the bus station and pay cash for the first bus ticket to another major urban center. Do not look people in the eye, be polite, do not call anyone and do not tell anyone where you’re going; just go, and do not look back. Pay cash, and do not under any circumstances take your own vehicle or steal another. Do not carry a firearm. Especially in major urban centers, a modern police force is far better trained, experienced and equipped to end high speed chases or gunfights than you are at surviving them; the odds that you will escape from either of these situations in better shape than you’d be by fleeing quietly or turning yourself are vanishingly small.

If you’re going to run and you have no time, don’t. Without a head start, your odds of success are as close to zero as they can be.

As always, Chu Shing this Thursday night, 9:00, followed by bubble tea or scotch, depending on the prevailing mood and the average mental age of the participants. I make no promises either way, but those may not be exclusive options. We will have Mysterious Out Of Town Guests, whose names are Top-Secret-Majestic-Blue-classified, far too potent an incantation to be invoked aloud in a trifling weblog such as this and completely unconfirmed as of press time, but as always everyone’s invited, so it could be anyone. But is it? Duhn duhn dunnnnnn!

If the suspense is killing you, you’ll be absolutely demolished by the food. You’ll be destroyed, unmade. Your frail physique and attendent mentality will be swept aside like a mist before a cooling breeze, a breeze made entirely of beef in black pepper sauce, of chicken with cashews.

I’ll have more to say soon, I hope, but at the moment I’d like to wholeheartedly endorse the works of Iain M. Banks who is now three for three in his efforts to kick my head right down the hall.

mhoye@werewindle:/usr/src/linux$ nohup /usr/lib/xscreensaver/phosphor -root -scale 2 -program make &

Spectacular. Christ, I’m such a geek.

Earlier today, as I was idly watching a room full of computers reboot, I wondered if Microsoft ever does usability testing for administrators, perhaps for people who have experience with other operating systems and don’t want to spend their entire lives waiting for things to load up again so that the change actually takes.

It’s a funny story – we’ve got an app here called GUICat, whose crack-addled creators relied once upon a time on the fact that everyone on a Win9x box is an administrator, and sets the system-wide config-file ownership to whoever ran the program first. The practical upshot of this is just awesome: on WinXP, if an administrator tests the program before sending it out to the user, it will work fine for the admin and never, ever work for the user, crashing every time.

If the administrator doesn’t test it, it’ll work fine. But only for that one user.

Isn’t that beautiful? It’s kind of a Zen thing. If a tree falls in a forest, kills a GUICat programmer, and there’s nobody around to hear it, did they still get what they deserved?

Fixing it isn’t a huge pain in the ass, more of a persistent rectal itch really. And making it run properly for more than one user is just beautiful; you’ve got to set permissions to let world+dog read and write to everything under the install directory and recreate the config file. Hello, world, there’s your fix. It would be nice if you didn’t have to log in and out twenty times to work all that out, but hey, That’s Windows. Maybe someday in the distant future there will be an operating system that lets you log in as administrator without having to log out the other user. Maybe when hardware gets fast enough it won’t take five minutes to log in or out, too. Big dreams, big dreams.

Well, I guess you learn just as much from the bad programs as the good ones.

We should eat Chinese fare this fine Thursday evening, at the usual time, and the usual place. Geofford promises good news, presumably pertaining to things of his being flung into orbit. Look out, Julie!

I owe Nick an apology, and should not say mean things to my friends when I’m in a foul mood.

So by way of apology, Nick, I have this for you, which should brighten your day.

I had an entry here last night for about ten seconds, in which I described my current job and the situation therein, which displeases me, my mood, which is unpleasant, and my deep and abiding love of being micromanaged, which fills me with the unwavering joy that only black visions of bone-shearing cathartis provides.

Did you know that there are five and ten thousand dollar software packages that will silently unwind sixteen months of security patches as part of their install process? Neither did I. And for most of you, that information is completely useless. And the reason that you can permit that information to be completely useless is that people like me are paid to care very intensely about it. Boy, am I going to have to make some phone calls today.

Tonight, I eat Chinese food, and all will be well.

Confidential to Nick, re: cellphone blogging: Cute, but only cute. The idea spelling “paroxysms” with only my right thumb is absurd on its face, and I have more powerful tools (namely all ten fingers, a keyboard and a good editor) at my immediate disposal pretty much all the time.That’s why I don’t end up with advertisments for personals sites at the tail end of my entries, just to pull a completely random example that’s unconnected to anything else out of the aether. Here’s the thing: you remember that line from Rounders? Well, if you’re trying to do something as simple as write a text file and you can’t figure out what the best tool for the job is in five minutes, that’s because you’re the tool.

A recent BoingBoing article introduced me to “mashups”, songs that are mixed together from the instrumental track of one tune and the vocal track of another, completely different tune. I went looking for more, more, MORE! and because I’m a nice guy and I love you all very much, I’m going to share them with you.

In addition to Gomez Soul, Get Your Green On and the not-to-be-missed Stereo Kelly, the guys responsible for those tracks have also hidden away Cheeba Mortado and My Favorite Name on their awful flash website, worthy tracks all.

Elsewhere, via Mashmix.com, I have obtained a surprising Shaggy V. The Beatles mix that defies description. And my serious guilty pleasure in all this, Jet and Christina Aguilera, which I urge you to download, no matter what you might be thinking, because it’s all kinds of fun.

Shaggy seems to be a popular victim of this process. This realaudio bit may or may not be useful, but I have in my possession a Shaggy V. RATM mix that’s absolutely world-class, and if you’ve got an inbox that can take four megabytes of the People’s Elbow, I will pass it around.

If you know about any of more of these that I should have you must provide me with linkage immediately. The power of Mike compels you! The power of Mike compels you!

Update: In fighting-for-your-right-to-party news, you need to check this out forthwith. Furthermore, if you do not shim this and this into your cranial cavities instantly, you’ll be doing yourselves a grave disservice.