This is the second installment of the Defender’s Guide series. In keeping with the theme, we are discussing Windows Services, the underlying technology, common attack vectors, and methods of securing/monitoring them. Services are an important part of the Windows operating system, allowing the control and configuration of long-running processes essential to keeping the OS functional. This also allows services to be a common vector of escalation and persistence by attackers. Some services (especially custom services) run with high privilege levels, and are set to restart themselves on boot. This is a slam dunk for the enterprising attacker looking to gain a foothold in an environment. Everything you ever wanted to know about services in Windows, particularly as it relates to security.
I tend to launch most programs on my Windows 10 laptop by typing the <Win> key, then a few letters of the program name, and then hitting enter. On my powerful laptop (SSD and 32 GB of RAM) this process usually takes as long as it takes me to type these characters, just a fraction of a second. Usually. Sometimes, however, it takes longer. A lot longer. As in, tens of seconds. The slowdowns are unpredictable but recently I was able to record an Event Tracing for Windows (ETW) trace of one of these delays. With a bit of help from people on twitter I was able to analyze the trace and understand why it took about a minute to launch notepad. I loved reading every bit of this post. Even for someone not versed in programming, it’s quite easy to follow along and understand what is happening deep in the bowels of Windows when this bug occurs. I’ll spoil the surprise: This deserves reiterating. My start menu was hung due to the combination of heap corruption and WerFault.exe deciding that it needed to upload the crash dump before releasing the old process so that a new one could be started. And uploading the crash dump ran into issues, causing the delay. The tools to watch for bugs is causing more bugs. Who watches the watchers?
Here are some of the major cuts in the tech industry so far. All numbers are approximations based on filings, public statements and media reports. Many of the listed companies have experienced – and are experiencing – insane growth and financial success.
So we weren’t surprised to hear that Chrome users were concerned after learning that several of the internet’s most popular ad blockers, like uBlock Origin, would lose some of their privacy-preserving functionality on Google’s web browser, resulting from the changes Manifest V3 brings to Chrome’s extensions platform – changes that strengthen other facets of security, while unfortunately limiting the capabilities of certain types of privacy extensions. But rest assured that in spite of these changes to Chrome’s new extensions architecture, Firefox’s implementation of Manifest V3 ensures users can access the most effective privacy tools available like uBlock Origin and other content-blocking and privacy-preserving extensions. I’m so glad Firefox exists. There simply isn’t any viable alternative to it, and that’s why I’m continuously worried about the continued existence of Mozilla. The story around Manifest V3 is just another example of why Firefox is superior.
Here’s an in-depth look at a portable, ruggedized, third-party PA-RISC system running a pre-CDE version of HP-UX. The SAIC Galaxy family consisted of two systems, the 1000 and the 1100. Both the 1000 and 1100 were essentially recased 9000/712 workstations with minor hardware modifications and custom added electronics, but all of the systems I’ve seen including mine are Galaxy 1100s, based on an 80MHz PA-7100LC (the 1000 reportedly ran the 60MHz version).
Project Mage is an effort to build a power-user environment and a set of applications in Common Lisp. To get an overview, see The Power of Structure. Otherwise, the essays listed below may be read in any order. This goes far beyond my comfort level, but I’m pretty sure quite a few of you will find this project incredibly interesting.
In case you thought IBM AIX had a future, IBM’s legacy proprietary Unix, IBM apparently doesn’t. The Register reported Friday that IBM has moved the entire AIX development group to IBM India, apparently their Bangalore office, and placing 80 US-based developers into “redeployment.” That’s a fairly craven way of replacing layoffs with musical chairs, requiring the displaced developers to either find a new position within the company (possibly relocating as well) within some unspecified period, or retire. About a third of IBM’s global staff is on the Indian subcontinent. IBM didn’t publicly announce this move and while it’s undoubtedly good news for IBM India it seems bad news for AIX’s prospects: the technologies IBM thinks are up and coming IBM tends to spend money on, and so an obvious cost-cutting move suggests IBM doesn’t think AIX is one of those things. The writing’s on the wall for all the remaining commercial UNIX variants. By this point I think most of the work being done on AIX and HP-UX is maintaining the install base and fulfilling support contracts, after which there’s no real reason to keep these platforms going.
The Altair 8800 arguably launched Microsoft. Now Dave Glover from Microsoft offers an emulated and potentially cloud-based Altair emulation with CP/M and Microsoft Basic. You can see a video of the project below. One thing that makes it a bit odd compared to other Altair clones we’ve seen is that the emulator runs in a Docker environment and is fully cloud-enabled. You can interact with it via a PCB front panel, or a terminal running in a web browser. Neat.
Recently over the holiday break, I became interested in the 2600’s hardware architecture and started reading everything that I could find about it. I knew that it was some kind of 6502-based system, and I’d heard mentions of “racing the beam”, but that’s as far as my knowledge went. I was shocked to discover how primitive the 2600 hardware was, even compared to contemporary 6502 systems like the Apple II, Commodore PET, and even Atari’s own 8-bit computers. The 2600 was a bit before my time – I’m from 1984 – and I’ve never even seen one in person. While I understand how important and influential the 2600 really was, I find the games and technology just a bit too primitive to enjoy today, whereas games for the NES I can still happily play today. I’m sure if you grew up with the 2600, you’d disagree.
On Sunday, a Chuck E. Cheese employee named Stewart Coonrod posted a TikTok video that documents the process of installing a new song-and-dance show on an old Chuck E. Cheese animatronics system—a process that involves a 3.5-inch floppy disk and two DVDs. Coonrod says it is the last update before his store undergoes a remodel that will remove the animatronics altogether. I’ve never visited this restaurant chain, but I always love peeks behind the curtain of the technology places like this use. It reminds me of our favourite bar near the red light district in Amsterdam, which used a touchscreen computer running BeOS to manage its music playlist.
Confession time: I don’t fully understand how terminals, shells and SSH really work (and my guess is you don’t either). And I don’t mean the cryptography behind SSH. I mean how SSH and the terminal — and the shell for that matter — interact with one another. I recently realized that even though I’ve been daily remotely logging into Linux systems for all of my adult life (and type in the shell and Vim) I didn’t really grasp how these things actually work. I mean, it’s one of those things I kind of understand, but not completely. The author of the short linked post found four articles that detail all this stuff quite well, so go on over there and see just how well you really understood it.
NetBSD continues using the FFS file-system by default while it’s offered ZFS support that has been slowly improving — in NetBSD-CURRENT is the ability to use ZFS as the root file-system if first booting to FFS, for example. There may be another modern file-system option soon with an effort underway to port DragonFlyBSD’s HAMMER2 over to NetBSD. The GitHub repository has the code if you’re up for contributing.
One unfortunate fact of my life is that I have to deal with an obscure database whose macOS drivers require the addition of a directory to DYLD_LIBRARY_PATH for their Python driver to find them. To make matters worse, Apple’s CLI tools strip that variable away as part of macOS’s System Integrity Protection (SIP) before running a command. Given that DYLD_* environment variables are a known attack vector for Mac malware, that’s a good thing in general. However, sometimes one needs a workaround to get the job done. Some of this made sense to me.
Your T95 is infected with malware pre-installed, ready to do whatever the C2 servers decide. Yes, malware from Amazon straight to your door! If they insist on selling these devices they really should add an “Includes Malware” category in the Android TV section. I find it absolutely baffling that Amazon is full of sketchy garbage like this, and nobody really seems to care. Amazon itself, lawmakers, consumers – everybody just takes it for granted?
Ars reports: It’s the end of the line for Windows 7 and Windows 8.1. These older versions of Windows (plus Windows RT) stop receiving all security updates today, over a decade after their original releases. Microsoft will also stop providing Microsoft Edge browser updates for these operating systems in a few days, and the remaining third-party apps that still work will eventually follow suit (Google Chrome support, most notably, ends early next month). Windows 7 support for most people actually ended three years ago, but businesses that still used it could pay for up to three years of additional support while they transitioned to Windows 10 or 11. That window has now closed, and Microsoft isn’t offering a paid support option for Windows 8.1. Run an unspported operating system, or invite more ads and spyware. Tough call.
So the Japanese market had very specific requirements, that PCs could not fulfill in the early DOS days. You couldn’t just replace the character ROM on your PC and make it display Japanese text (IBM did later develop the 5550 and the JX, a derivative of the PCjr, specifically for the Japanese market, and later, they developed the DOS/V variant, which added support for Japanese text to their PS/2 line, using standard VGA hardware, which by now had caught up in terms of resolution). Instead, Japanese companies jumped into the niche of developing business machines for the home market. Most notably NEC. In 1981 they introduced the PC-8800 series, an 8-bit home computer based on a Z80 CPU and BASIC. In 1982, the PC-9800 series followed, a more high-end 16-bit business-oriented personal computer based on an 8086 CPU and MS-DOS. These families of machines became known as PC-88 and PC-98 respectively (Note that the ‘PC’ name here is not a reference to IBM, as NEC had already released the PC-8000 series in 1979). I love these machines.
Several weeks ago, we published an article detailing five not-so-great features coming soon to Windows 11. Recommended websites in the Start menu (introduced in build 25247) appear in the list as arguably one of Microsoft’s worst ideas. Luckily, the company has decided to backtrack that controversial change. Those unhappy with Windows 11 showing more ads on the Start menu will be glad to learn that developers removed recommended websites in the latest preview build. A bit of positive news on the ads-in-Windows front for once.
Last year, Ubuntu developers pushed to remove Zsys from Ubuntu’s Ubiquity installer. This is an integral tool Ubuntu created to make it easier to manage and maintain ZFS-based installations. In a bug report they bluntly noted that ‘priority changes’ in the desktop team meant Zsys was no longer something they want to “advertise using”. As of writing, Zsys remains available in the Ubuntu archives but development of it isn’t looking healthy. Canonical’s contributions effectively fall off a cliff circa April 2021 based on GitHub commits, with only a trivial tweak made in April of last year. Daily builds for the upcoming Ubuntu 23.04 release come with a brand-new installer that has been built using Flutter to Canonical’s exact needs. But guess what this new Ubuntu installer does not include? An option to install Ubuntu on the ZFS file system. I thought the Linux world had settled on Btrfs as the “ZFS-like” file system for the platform, and had no idea Canonical had even been working on giving users the option to install to ZFS. With Btrfs already being the default on e.g. Fedora for a while now, it seems that is a better route to go for Ubuntu and other distributions than trying to make ZFS work.
At CES today, Sony gave a look at its latest PlayStation 5 gaming controller, but this one is very different from its previous designs. Aimed at lowering the barrier of entry for players with disabilities, Project Leonardo for the PS5 is a highly customizable controller kit that has been developed with help from organizations such as AbleGamers, SpecialEffect and Stack Up. The unique-looking controller does not have an official name nor a price attached to it yet, but Sony gave an in depth look at its features today. The unique design is said to help players with limited motor control, letting them use the controller for long periods and be accurate without much difficulty. This is very similar to Microsoft’s Xbox Adaptive Controller, and a very welcome product for those with disabilities.
DragonFly version 6.4 is the next step in the 6.x release series. This version has hardware support for type-2 hypervisors with NVMM, an amdgpu driver, the experimental ability to remote-mount HAMMER2 volumes, and many other changes. The details of all commits between the 6.2 and 6.4 releases are available in the associated commit messages for 6.4.0. The downloads are ready.
Guest post by