Tuesday, March 26, 2013

Acrobat 9 Pro bug

I have been processing a bunch of scanned pdf's and running the OCR tool on them.  Since I had a pile to do, I created a "Advanced > Document Processing > Batch Processing > Batch Sequence" script in Acrobat to auotmate the process. Problem is, its results are bizare.

If I run the commands manually, I get a nice result. (OCR Text Plus smallish ~2MB file size)
If I run the commands by batch, I get a weird result (OCR Text Plust origional file size)  With the same options and the save options to reduce the files size turned on.

Also, If I run the OCR command manually, and then run the batch command on the same file, it detects the existing OCR text.  However, if I run the batch command first, then run the OCR command manually on the same file, it does not detect existing OCR text and seems to completely re-do the whole file (and do a much better job).


The is with Acrobat 9 Pro.


Monday, March 25, 2013

My ...adequate Development System Wish List

Currently I am wrestling with my system configuration to try to get it to do all the different dev tasks that I need.

Mostly I build desktop apps in various toolsets for various platforms. I target Win XP, Vista, Win 7 and MacOSX with a tiny bit on Debian.  I've been asked to look at Windows Phone 7.5 and 8 for a project. I build some Office apps for MS Office and maintain a bunch of add-ins.  I also support a scatter of fairly simple websites and web "glue" scripts to keep various projects running.

So I'm using VS2010 for the Phone dev, VS2012 for the Desktop dev,  VBA in Office for Excel and Access Dev. DreamWeaver for Web dev, Matlab, Eprime and Python for various experimental platforms. I have a natvie OSX codebase pending and something in PowerBasic that I need to convert. Each of these has its own versions of libraries and SDK's that support whatever horror platform or library dependencies its currently carrying.

Just trying to keep all this stuff straight in my head, let alone up to date, robust and vagley tested is a total joke. If I counted strictly, I currently have four different development boxes in various states of use.  Chances are I'm about to inherit a 5th (Native MacOSX) very soon.

This brings me to my current pain point.  I can't touch Windows Phone 8 without Windows 8 due to the restriction on installing the Windows Phone 8 SDK on anything except Windows 8.

The my main base system is an Optiplex 990 with (soon 12GB) of RAM with 4 monitors.

Base install is Windows 7 (not able to be changed)

On top of that is Visual Studio 2010 Ultimate and Visual Stuido 2012 Premium with a bunch of SDK's but specifically Windows Phone SDK 7.8. Which gives me fair coverage over the various toolsets and platforms.

I want to keep all my normal dev tools and working tools in the base image, simply because thats where I go to get most of the "other" work done. (File munging, multi-media work, administration, databases etc.)

The only physcial requirement is the ability to go into the labs and physically plug into some of  the systems that are not mobile. (Treadmill via Serial cable, Motion capture system via LAN) Everything else I can get to via sneakernet.

I have recently started to look at multiple virtual box images for development simply because putting all the tools into the same image is starting to creak at the seams.

Virtual Box Development Images

Windows 7 with Visual Studio 2012 + Desktop SDK's and other toolchains.
This will allow me to develop a single image for most of the desktop work. 

Windows 7 with Visual Studio 2012 + Web frameworks and testing add-ins.
Keep all the web stuff seperate from the Desktop tools as the add-ins tend to drag eachother down.

Windows 8 with Visual Studio 2012 + Windows Phone 8 SDK.
This will be my "Windows Phone" image. And allow me to target WP7.5, 7.8 and 8.

Hackintosh + XCode and Matlab.
This will allow me to develop for OSX and specifically the Matlab codebases that I need to maintain.

Ubuntu for some Cross Platform work.  Needs a GCC compiler chain and an IDE (YTBD)

Virtual Box Testing Images

Windows XP SP3 with current patches. This is my "Lab Image" machine.  Mainly Eprime and Desktop Experiments testing.

Windows 7 with Office 2010 + Current Patches for Excel, Database and Deployment Testing.

Windows 8 for future Win 8 desktop app, and Deployment Testing.

Hackintosh + current patches? With Matlab?

Ubuntu and Debian for testing the MoCap Interface software.

This does not solve my need to move to some of the equipment, so I will continue to need a physical laptop that I can run a debugger on.  Currently this is WinXP with Visual Stuido 2010; which is showing its age and need an update.

2 of the other dev machines are various configurations of WinXP with VS2008 or VS2010.

My Mac solution has been to borrow a lab machine when I need it, but that not tenable going forward.

Thinking thinking... I need more coffee.


* Adding 8G more RAM to my main box to deal with VS choaking and help the VM's run a little easier.
* Turning the other physical machines into VM's simply to deal with the variability in hardware across my fleet.
* Trying to avoid the whole "hackintosh" approch simply because it introduces more unknowns into the process.  
* Scrounged for Mac hardware but only came up with PowerPC based systems stuck on OSX 10.5 or older so thats a fail.  (I do have a PowerPC specific codebase that has to be dragged into this century so that machine will help with that project....)
* Still need a worthwhile laptop with a serial port that I can walk to various systems.  This will need to run VS2010 more than likely.  I have some recent Dells with serial ports so thats probably solved. Just have to build one and get it all tuned up.


AHHHHHHHHHH!  Totally F$%$@G snookered again.  Got everything going in my carefully planned Virtualisation Solution and then got this chunk of golden S@#t on my monitor.


So, no matter what, I need Win8 Pro running on bare metal somewhere to run the phone dev tools.  Do I seriously want to rebuild my main box to win8?  I do not think F@$##(ing so.  What are my options?  Sweet F@#$# all.

Dual booting is looking like a painful and retarded possible solution. I do not want to be dropping out of my main workspace, rebooting to another boot image, running some tools and finding that I need to get back to my other image to perform a step or generate a resource... talk about interupting the flow.  Especially as I have just finished bedding everything down and getting my head and heart set on doing it all with win7 as my base os.  F#$## F#@#$ F#$@#@#$@#$@#$@#$@#!

*More cathartic ranting here*
WTF! After the hours of building VM images, running infinite updates and service packs. Figuring out how to do a base VHD + difference disks that will not self destruct. Getting all the right SDK's on the various images. Deriving the testing images and planning how to do their difference disks. And the endless fucking licensing roundabout.... and logging into accounts with stupid secure passwords and the spew of packs, tools and extra shit that the SDK suit's install that spray all over the place.

So my option, it would seem is:

BareMetal + Optiplex 990 12GB 1.5T i7 etc.
+ Win8 Pro 64bit Dual boot with
+ Win7 Pro 64bit.
++ Virtual Box running on both pointed at a shared partition containing the VM's with the dev and testing images.

Use Win7 for the general work, Multimedia and Animation projects.  Boot a VM for all the unusual dev works and deployment testing.  Dual boot win8 for win8 apps and win phone 7,7.5 and 8.

Still don't have a good solution for the Mac dev and testing as I have quite chasing the Hackintosh rout. But I have a line on a Macbook Pro that is about to be replaced that might solve that problem finally. SciLab is just not cutting it for my MatLab work. 

Fuck me.  What a horrible snarl of shit. It's enough to make me go and hack together a supercomputer from old gamboy's and gen 1 iPods just for relaxation.

I had someone ask me if I could write custom apps for a samsung tv yesterday... If anyone so much as mentions iPad or Android development I am going to fucking snap...


Just ran across Vagrant.


Looks like an interesting solution for some of the problems I have (especially testing boxes).  I was solving this problem using VHD's and discarding the changes after the test was complete.

Friday, March 22, 2013

Strategy for dealing with learning while Coding


This is blindingly obvious once you read it.  Something to think about.

Article on RPG design using detailed characters


This is a good article on some aspects of using characters to drive an RPG world.  Seems to be quite single-player centric but the idea could be mapped to a multi-player environment with enough horsepower in the social layer.

Internet Census via Carna botnet


There is so much to enjoy in the research that was published in this paper.  Not lease of which is the audacity to publish the research. 

The findings from the survey are mildly interesting.  Probably similar to what we could have guessed, but its nice to have some independant confirmation.

The methodology is technically fascinating and demonstrates a high level of skill.  Some of the anecdotes are fun to read but are similar to the war stories every researcher has of their struggles and triumphs.

The quality of the design, writup and presentation of the research is world class.  This was one of the most enjoyable reads of a technical paper I have had in a long time. This should have been published in an A* journal.  I would be proud to do something a quarter as good as this.

The underlying psychology of the researcher is quite interesting. 

The legal implications both of the massive base of exploitable machines being so obviously demonstrated and the implications of both exploiting them and publicly identifying them is complex.  There is a case for the manufacturers, users and local and national regulators to have the finger pointed at them.  The fact that so many trivially vulnerable devices exist on the network bothers people enough to talk about it, but not enough to do anything about it.  Its much easier to shoot the messenger.

Good luck to the author staying anonymous. 

Monday, March 18, 2013

Why is Microsoft a bad shepherd?


The above article is yet another mild... how to fix windows 8 piece.  Quite nice and makes some useful points about customising win 8 to suit different users. But thats not the idea that I found interesting.

The seed came from the first comment.  "Microsoft should buy startdock. Or steal some of their employees".  This is both blindingly obvious and subtly interesting.

But why would that be a bad thing?

Consider this,  Microsoft purchases Stardock... or any other company that is building interesting products.  Lets not argue about how much or what the finacials are... lets be real and say that if the decision was made to purchase... it could be done.  This is not the point. Lets focus on what happens.

Microsoft and the mangers of the inhaled company integrate the staff and processes with MS and merge them into one of the MS business groups. They let go anyone that is not right and add some resources where needed.  Imagine it all goes well. (Not making any inuendos... just skipping past distractions while I get to my point) So whats the problem? Everyone is happy and productive.  There is only one thing that has been lost in the process.


The new additions to the Microsoft family... are now part of the Microsoft family.  They are goverened by the same internal politics that have generated the Microsoft platform.  They no longer have the choice to "have a different vision".  They cannot "fix things" that Microsoft do not see as broken. They cannot be a dissenting voice. (They can internally... but it carries less weight in the market place than offering an actual product that provides a solution users want)

The erosion of dissent and the aggregation of control are the things I see as being the death of all great organisations.  As more and more central control takes over a platform, there is less flexibility in thinking, less ability to adapt and address different users needs.  There is more movement towards a shared vision... the so-called "reality distortion field". 

What Microsoft and all the other lumbering giants of the tech industry need is an eccosystem of "loose" collaborators.  Companies, developers and users who all work on the same platform... but with different visions and objectives.  They fill the eccosystem and flesh out all the tiny little niche opportunities. 

Bringing the successful ones under the same vision and managment is just foolish.  Imposing control is the last thing that Microsoft should do to the ecosystem. Their role is simply to foster the ecosystem... to increase opportunity for the benine population and limit the opportunity for the predator population.   They are curators for the platform and the herds that browse upon its bountiful slopes.  Trying to domesticate the herds and put them into factory farms is just totally missing the point.

But, luckily MS have not bought Stardock.  They have not crippled the voices of dissent. Either intentionally or accidentally, there is still a healthy ecosystem around the platform(s).  This in no way forgives the many many many missteps that MS has taken and the many ways that it regularly alienates the ecosystem... but change is always painful.  Some will win, while others will sit around and whinge in the dust... such is life.

Thursday, March 14, 2013

Floppy Disk attack on Zombie BIOS...

You know those sureal moments when something from the past comes back to life... wanders around and tries to eat your brain? 

I have had two of those in the past couple of days.  One was people from the past contacting me and having mid-life crisies... the other was a computer needing a floppy disk to fix a corrupt bios.

Talk about a blast from the past.  Even finding a functioning USB floppy drive is hard enough... then I had to scrounge for a floppy disk in working order.

But so far to no avail.  The machine is still in a loop of death ( it was working... ok-ish before I tried to flash the bios... but had obvious problems) So I am considering either canabalising it for parts or just dropping it down the stairs a couple of times....

I am still blown away that a floppy drive is the manufacturers fallback position... even for a machine that was never supplied with one.  It does make sense as BIOS basic features were carved in stone a few decades ago....



Anyway, this machine looks like its bricked.

It powers up, with a normal HP boot screen... but the F9,F10 & F12 options do not work.  Then it quickly flicks to a black screen with the message:

"Your BIOS failed to complete update..... blah blah"  again with the F10 option mentioned at the bottom.  Again F10 does not work.

Then after a couple of seconds it reboots. Rince - repeat.

I have read my way across the net and tried all the recomended BIOS recovery procedures involving USB sticks, old bios images, win+b button combinations and have not found anything that has worked..(obviously)


 It's interesting that when I run a BIOS recovery using the USB Floppy, you can hear it seek and start to read... but it still reboots on the same schedule. This suggests that the USB drivers, FAT driver and the disk driver are getting loaded... but something choaks or is corrupt and it reboots.

To me it sounds like the boot region of the bios has been corrupted and its just not able to set up enough of a rudimentary system to be able to reload the new BIOS image from the disk.  Keep in mind that the BIOS image that is supplied for flashing, is not the "whole" of the code in the BIOS eprom.  There are some other regions that are not always replaced when you "flash" the bios.  If these get corrupted...well the ability to repair them gets increasingly low-level.

From reading between the lines and looking at the discussion on the MyDigitalLife boards about BIOS mods... I think there is no reasonable way to replace this code without desoldering the BIOS chip and reloading it with a working image dumped from another machine (Ignoring the serial number issue... which can be managed)

As this sounds like fun.... I have thought about it... but realistically... I just don't have the time.  I have about 8-10 laptops of the same model and some are in worse shape than this one... but boot happy... so I think its canabal time. 

Monday, March 11, 2013

The Whack-A-Mole Strategy case study

The Whack-A-Mole strategy is pretty much exactly as it sounds.  It's a reactive strategy where you wait for a problem or issue before attempting to deal with it. This is opposed to a "proactive" type strategy where you attempt to predict the problem before hand and deal with it in a way that prevents it occuring.

The ideas of "Proactive" and "Reactive" seem to often be cast in terms of "Proactive is good" and "Reactive is bad".  However there are lots of scenarios where this is neither true nor efficient.

My current problem is to update a group of students from using one document based data entry form to an updated version to refelect both changes in the course and changes in the data retention requirements.  Simply by their nature and some pre-exisiting use of the old form version, I reasonably expect some to not immediatly comply with the request, no matter how its delivered.

The proactive solutions that have been floated are:

1) Deliver the upgrade message in such strong terms that no-one will even consider not complying.
2) Build the system to cope with multiple versions of the data entry form and accept that they will not comply. 

As you can see, the cost of proactivly solving the problem is unpleasant in both cases.. because mostly the problem is "people factors" rather than a technical issue. I could implement both solutions, but they lead to bad places both technically and personally.  So, the best solution is to politely ask all the students to update their forms, give them a short cut-over period and then use the whack-a-mole strategy to individually handle any students who have problems with the upgrade. 

Another benefit of this solution is that we also learn exactly what sort of problems people are having with the new system (if any) and that can inform us about either bugs or unexpected "people factors" without the students feeling like they are at fault.

And everyone sleeps well...

Trusting Robots Article


This is an excellent article that covers a lot of subtle ground about the state of integration of robots into our social space. It's worth a couple of reads and some followup.


This related article moves in the opposite direction and relates some anecdotes about just how far we have to go before this kind of social interaction will be comfortable.

iPad Consumption vs Creation Article


This is a very good analysis of the Creation vs Consumption arguments that I have been involved in (and perpetuated in some cases...) I personally feel that this is a very good summary and makes some useful points about where iPads (and their ilk) will be positioned in the near future in education environments (at least).  I would also contend that virtually everything that is said in this article that relates to the education environment probably maps to most of the enterprise space.  The heavy duty creation work in enterprise will still be dominated by workstations and laptops... but its easy to envisage a large amount of the "other activity" being suplanted by tablets.

Change is already here...

Emergent Social Movement and Bullying


The above is an interesting post-mortem of Freindster which illustrates some of the emergent nature of social movements.  Its interesting to see the conclusions that the researchers reached about the resiliance of the network.  This echos some of the resiliance models I have seen recently surrounding the issues of bullying, where children and teens who have small peer networks and mentor networks are much less resiliant to bullying.

It raises the question about whether a student is able to be identified as being "vulnerable" to bullying simply by examining their social network and an intervention designed to mitigate the risk or better understand the underlying issues that have contributed to the social isolation of that student. ( I would suggest that the systemic removal of all possible mentors from the school environments means that students are having their social networks composed of other students who are by their very nature not as mature or rich in experience as adult mentors could be, which results in the student having access to lower quality mentor networks).

ViolatorWare Software


This article talks about a Chrome extension that has "turned evil".  This is a strategy that I have been thinking about for some time.  I think its probably only the tip of the iceberg for this one being found out.

This highlights the weakness in reputation based systems with incomplete review mechanisms. This extension, like so many other products that have evolved from good to bad start out as a useful tool, then either cease to be useful or outright implement "features" that the user neither expected nor finds beneficial to them.

The big problem is always that the ecconomic model for "free" software puts pressure on the developer to pour in their time and energy while indirectly seeking some return. (commonly called "monitorisation"... or "selling out") In the grand scheme of things this is the tragedy of all great "free" software... eventually it becomes too expensive to remain "free".

Even the great FOS systems have all evolved mechanims to fund their existance.  Donantions, "Support", sponsors, selling swag, advertising, crowdfunding... etc.  None are truly "free".

So whats my point today?

The point is that there will be pressure from the dark side of monitorization to take advantage of market position and trust to modify the software to do "other" things.  This is kind of a trojan horse strategy... but its really more like a "betrayal of trust" strategy.  I like the term "ViolatorWare". lol.

The point I made earlier about the tip of the iceberg needs to be expanded.  If you think about a popular extension for a browser with an installed base of some 500,000 that has a reasonable upgrade cycle.  In the event that it was possible to insert a backdoor into the package and have it go undetected for some period of time (assume a competent designer with a high level of sophistication) it should be possible to deploy that exploit to a large number of the users before the flag went up.

This makes these kind of extensions a really attractive mechanims to deploy all manner of malware, crimeware and spyware.  With the ubiquity of browsers.... there are virtually no places on the networked planet that are not vulnerable to that kind of attack.  It would be a really effective way to generate a massive botnet in the wrong hands. However, it would only work for a little while.  Who ever abused this kind of system would probably need to use the system simply to bootstrap a more effective system, such as we have seen with some of the very high level espionage systems recently.  Use the ViolatorWare to open a tiny, onetime backdoor that would probably not be noticed.  Use that to insert a tiny custom backdoor which then piggybacked on some other communication channel to "phone home" to a command and control system.  (The use of twitter is still a bit novel... but you get the idea) basically hide the handshake in some other traffic.
This then allows the exploit to upgrade itself if needed.

Anyway,  this kind of sophisticated attack is probably still out of the hands of most of the crimeware and malware writers.  I would expect to see it become very popular for espionage type attacks as the diversity of extensions and the frequency of updates to them makes it a very "noisy" system that is hard to police, hard to review and hard to notify users when something goes bad.

The perfect target of course is extensions with the "highest" trust and the most complexity.  Things like security tools.  I have been expecting some of these to publicly go bad for a few years.  Either through it being revealed that one of the crime gangs have been producing them right from the start or the whole project has been purchased/highjacked/forked and is now just a front for malware delivery.  This is also going to be a problem for "abandonware" extensions, where someone can "take over" the project and update it using the existing trust model.

The example that comes to mind is the hijack of Sharaza, the filesharing client. This is tangled up in the media industry funded attacks on the P2P file sharing networks so the politics are quite nasty.  The point being that the hijack certainly occured of both the webdomain and the name with a different software product being delivered via the channel which masquraded as the old client and relied on the trust relationship to fool users into installing it.  While that campaign was a straight forward attempt to disrupt and sabotage the file sharing activities using a popular client rather than a determined effort to deliver a malware/crimeware package, I feel that its a forerunner of the ViolatorWare strategy just applied for a different end.  In that case it was much more explicity about violating the trust of the user base to drive them away from the product rather than depending on that trust to exploit an on-going relationship.

Anyway,  my prediction is that we will see more low level violationware show up with clumsy attempts to add a little monitorisation to otherwise popular extensions.  The form this monitorisation takes will be all the usual suspects, advertising in all its forms, data harvesting, criminal penetration via backdoors, botneting etc.  The extent of the abuse of this vector for espionage work will probably not be known for some time, but if I was an anti-virus company, I would start building libraries of all the versions of these extensions that appear so that later on we can re-construct how this kind of incremental violation occured.

Lets just take a moment to look at the platform implications.  Since extensions (at least to browsers) are supposed to run in a sandbox model of some type.. how can violationware do much damage?  Firstly, breaking out of a sandbox is a proven hobby for malware writers.  So, the potential will always be there.  Second, even within the sandbox, the extension can do quite a lot.  Its a programming model, its not hard to build a whole email server or web server in a small amount of code and embed it into a script.  It doesn't need to be powerful or general purpose, it just needs to acheive the programmers ends.  Assume that espionage systems would be able to break out of the sandbox and there is not a whole lot that is not possible once the code is on the target computer.  The point is simply that this type of attack is a different way to "socially engineer" the user to install and more importantly update the package by abusing a trust relationship.