|
At least the word list is much shorter! Wouldn't take much to modify my Wordle solver for it...
|
|
|
|
|
Yeah, but I can't count that high!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
There are 10 types of people in this world - those that know binary and those that don't.
|
|
|
|
|
A month and a half ago, when my code-signing certificate was expiring, I found that a simple renewal was not possible...the rules had changed and there were only 2 choices.
0): depend on their hosted service to manage certs/signing
1): get an eToken h/w dongle for a hefty fee
IIUC, option 0 meant uploading/downloading which isn't attractive, especially if signing is part of an existing automated deployment process, so I went with option 1.
The little blue usb device arrived a few weeks ago, and has been sitting on my desk with an instructive little business card daring me to try it...'To set up and start using your Code Signing token, please go to http://theirwebsite...blah, blah'. (kinda funny they use http)
Well, today is the day. If I follow the instructions carefully, it should go smoothly.
At step 4, it reminded me that I needed that one-time-available-only password from step 2. What password? There was an initialization code, but no password. Oh well, there's an option for when you don't know the password. (rabbit hole) Something I did caused an unhandled exception and the tool crashed. When I bring it back up, I'm still unable to change the password per the instructions. (if you don't know the token password, you it's useless) Finally, I called for support.
I got the cert reissued and went through the process again, but this time actually knowing the correct password and got through the process of installing the certificate. But how do I know that it works?
Google finds me an obscure link to a Japanese site where a utility can be downloaded. I download and start it. There's an option to sign/timestamp an executable...and it works the first time!
Now that I know it works, I can move on the get it integrated with signcode in the chain. I already have some sample code from @RickZeeland to get me started. Thanks again Rick! It's been a busy Friday so far...now, on to more little victories! Have a great weekend!
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
That subject line.
Please never use it ever again, especially on a site where a bunch of aging software developers hang out.
|
|
|
|
|
"Hang out"?
Hoist on your own complaint, me thinks.
TTFN - Kent
|
|
|
|
|
Want to go down a rabbit hole?
I have an EV certificate from what I believe to be the same company.
Run the following command on any file that you have signed with your certificate:
>signtool verify filename.exe I'm curious if it displays the same behavior for you as it does for me.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I just ran that command and got the following error:
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Number of errors: 1
Under explorer properties, the digital sig/cert/path all look fine. Very strange. Shall I name the company?
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
Hallelujah!
I'm so happy that it's not just me!
Isn't that a strange error message? I worked with DigiCert support for days trying to get to the bottom of why their root certificate is not trusted, or why signtool is saying that.
Turns out that it doesn't prevent my kernel mode driver from loading, so it's harmless in practice.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
We also have a strange problem with our Sectigo (formerly known as Comodo) certificate, Windows 11 says the publisher is not trusted when running our software, while there is no problem under Windows 10.
|
|
|
|
|
Finally discovered your special purpose?
|
|
|
|
|
Wordle 1,091 4/6
⬜🟨🟨🟩⬜
🟨🟩⬜🟩⬜
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,091 4/6
⬜🟨🟨🟨⬜
🟨⬜🟩🟩🟩
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,091 4/6*
🟨⬜⬜⬜⬜
⬜🟨🟨⬜🟩
⬜🟩🟩🟩🟩
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Wordle 1,091 4/6
🟨⬜⬜⬜🟨
⬜🟨⬜🟨🟨
⬜🟨⬜🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
⬜⬜🟨⬜⬜
⬜⬜⬜🟨⬜
🟩🟩🟩🟩🟩
Good but lucky guess
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 1,091 4/6*
🟨🟨🟨⬜⬜
🟨🟩🟨⬜⬜
🟨🟩⬜🟨⬜
🟩🟩🟩🟩🟩
Happiness will never come to those who fail to appreciate what they already have. -Anon
And those who were seen dancing were thought to be insane by those who could not hear the music. -Frederick Nietzsche
|
|
|
|
|
Wordle 1,091 5/6
🟨🟨⬛⬛⬛
⬛🟨🟨⬛⬛
⬛🟩⬛🟩⬛
⬛🟩🟩🟩🟩
🟩🟩🟩🟩🟩
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Wordle 1,091 3/6
⬛⬛🟨⬛🟩
🟨🟨⬛⬛🟩
🟩🟩🟩🟩🟩
Jeremy Falcon
|
|
|
|
|
Wordle 1,091 4/6*
🟨🟨⬛⬛⬛
⬛🟩⬛🟨⬛
⬛🟩⬛🟨⬛
🟩🟩🟩🟩🟩
|
|
|
|
|
From the CP newsletter about how a new language will fix all problems that come from C++
Swift the best choice to succeed C++, Apple says | InfoWorld[^]
For a few years I was a principle security reviewer for a financial application. It wasn't written in C++ but that certainly didn't make me think that it wasn't possible to introduce security problems.
And I looked up top security problems in 2023. I only got above halfway down the list but I didn't see any that seemed to be caused by C++ pointer errors.
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 | Qualys Security Blog[^]
Matter of fact when I was a security reviewer I got to see a private study produced by a company that made quite a bit of money from cleaning up security problems that companies had.
And in that study something like 90% of the problems were caused by internal bad actors.
Rather pointless to obsess about whether your pointers are safe when the CEO is using internationally set up companies to ship fake orders and thus prop up the companies stock (real case.)
|
|
|
|
|
Back when I was a teenager and the Internet was a fresh thing to most people I spent my time getting into systems I didn't belong in.
And most of the time I got there by using buffer overrun attacks on services that should have never been Internet facing to begin with, like a network print daemon (citing a specific example that allowed me to identd on efnet as freshmeat@usda.gov )
My point is, this used to be common, at least in the wild west days of the Internet, so I wonder how much of the fact that it doesn't seem to be so common now has to do with better practices, better libraries, and such in C and C++. For example, Microsoft produced a bunch augmented functions to the C runtimes that take lengths which they check so you can't overrun them. Things like strcat_s? and stuff. I don't really use them because I don't do a lot of C++ on Microsoft's compiler, but it made me think of that.
Also, probably less services are written in C or C++ now that machines are cheaper and faster.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
I don't use the strcat_s family of functions either. I find that strncpy, strncat, and snprintf handle things quite well.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|
|
TBH, so do I. If I was pressed I probably couldn't tell you what the actual benefit of the _s functions are - only what MS presented them as.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
I believe their claim is they use sizes that are automatic so you can't "lie" to them. My view is this is C/C++ and I trust myself. I wouldn't use the language if I didn't.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|