How do I determine the host key of the keyboard of my system ?
It's hard to know what you are asking without context. However, putting my psychic debugging hat on, I'm guessing you are asking "When I run Microsoft Virtual Server and the documentation says 'Press the host key' what does it mean?"
This page tells you more - the default is the right Alt key (http://technet.microsoft.com/en-us/library/cc708368(WS.10).aspx).
In which case, the question doesn't really belong on Stack Overflow, it isn't a programming question. If you are asking something else - sorry, my psychic powers failed me :-)
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 4 years ago.
Improve this question
PREFACE
I tried to put as much effort and work into this question as I reasonably could, so if you could at least read it through, I would highly appreciate it; I, also, have tried researching this question, but I never seemed to find anything useful, in terms of anything that directly answered my question; I do not know if this is right place for this question, even though it is related to programming, it is more related to operating system development and the Linux kernel, and if there is a better place for this question that I am unaware of, please move it there; feel free to do whatever, edit the question if need be, I do not care, I just need an answer to this question, because this is stressing me out.
The following is some background on why I am asking this question; if you are uninterested, and if you just want to see what I am asking, then skip to the 'MY QUESTION' label; I thought that I would put this is here, so that anyone who is reading this question would know why I am asking this question.
BACKGROUND
I have recently begun setting up an operating system development project; and after I get some things ready, it will be only me working on it, as of right now, and I plan to write the whole thing (yes, I know it will take a whole lot of work, but I can try, right? :p), including the bootstrapping, the CLI, and most of what is necessary to have to either my own kernel or Linux kernel function; GUI and much more; granted, eventually I may end up having a team, but that is for the future.
MY QUESTION
My question, which is actually consists of three parts, and I narrowed them down to specifically those thee things, which are the following:
(1) If I were to build everything else, and use the Linux kernel as-is, and if I were to not tie the other parts of the system into the kernel, but use the kernel for I/O and system calls, would I be violating the GPL in any way, and would I think need to open source the rest of my code?
(2) If I were to only use the kernel for I/O and for system calls, but not have the code that I wrote actually interface with any kernel functions, would that still be considered linking?
(3) If I were to do the above, would that be considered a derived work, when I wrote everything else, but used Linux as the system's kernel?
All these legal issues are making my head spin and extremely confusing to me.
No
No
No
The linux kernel considers the system calls a boundary, and code that communicates with the kernel via system calls is not covered by the licensing of the kernel. So, the user space code you write is not a derivative work of the kernel.
There's also a set of header files provided by the kernel, collectively named the UAPI headers which you can use without having your code become a derivative work
This is covered at https://www.kernel.org/doc/html/v4.17/process/license-rules.html and https://github.com/torvalds/linux/blob/master/LICENSES/exceptions/Linux-syscall-note
If you need legal advice though, contact a lawyer.
As it's in the title, I'd like to programmatically unlock my default lock screen. The programming language doesn't matter, it can be either a script language or a compiled language.
My current OS is linux mint with cinnamon desktop handler, but if the answer is general, that's even better.
Assuming my software always knows the plain text current password.
Disclaimer:
I know, it's NEVER safe to store the password in plaintext, even if it's compiled or something (actually, that's plaintext too...).
I know, if my "secret" signal is not safe enough (which is quite probably possible), then it could be outplayed by determined rogue people.
__
My reason to do this, is that I'd like to implement an RFID based login system for my PC :) (I know, RFID is fakeable, yees, yes...)
You can check the generic screensaver manpage (the xdg API).
There is the option reset. This method should be supported by most screen savers. You may need to test them.
If the policies of screen saver requires password, you need to tweak pam policies/modules. Too long to describe here, and you should really read documentation to understand pam (and security implications: pam is generic, so you should understand and check that there are not side effect on other authentication mechanisms). But what you are doing, it seems very pam related (and possibly there is already a module for it, you describe something similar to what it is used on POS).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
This is one of those "surely there is some generic utility that is
better than the quick and dirty thing I have whipped up" questions.
As in, I know how to do this in several ad-hoc ways, but would love to
use a standard.
BRIEF: I am looking for reasonably standard and ubiquitous tools to
determine my present geographical location. Callable from Linux/UNIX
command line, Perl, Emacs, etc.
DETAIL:
A trivial situation inspires this question (but there are undoubtedly
more important applications): I use emacs org-mode, often to record a
log or diary. I don't actually use the official org-mode diary much -
mainly, I drop timestamps in an ordinary org-mode log, hidden in
metadata that looks like a link.
[[metadata: timestamp="<2014-01-04 15:02:35 EST, Saturday, January 4, WW01>" <location location="??" timestamp="??"/>][03:02 PM]]
As you can see, I long ago added the ability to RECORD my
location. But hitherto I have had to set it manually. I am lazy, and
often neglect to set the location manually. (Minor note: I recorded
the last time I manually set the location, helpful when I move and
neglect to manually change my location.
I would much prefer to have code that automatically infers my
location. Particularly since I have been travelling quite a bit in the
last month, but probably more useful for the half-dozen or so
locations I move between on a daily basis: home, work, oceanside, the
standard restaurants I eat working lunch or breakfast in.
I can figure my location out using any of several tools, such as
Where Am I - See your Current Location on Google Maps - ctrlq.org/maps/where/
http://www.wolframalpha.com/input/?i=Where+am+I%3F
Perl CPAN packages such as IP::Location - to map an IP address to a location
note: doesn't necessarily work for a private IP address, behind NAT
but can combine with traceroute
and heuristics such as looking at WiFi SSIDs, etc.
I have already coded something up.
But... there's more depth to this than I have coded.
None of the
techniques above is perfect - e.g. I may not have net.connectivity,
etc. Some are OS specific.
If there is already some open source facility, I should use that.
Therefore my question: is there any reasonably ubiquitous geo location service?
My wishlist
Works cross OS
Cygwin
Linux
Android? OS-X? (just use OS standard)
e.g. tries to exec a command like Windows netsh, and if that fails...
Command line utility
Perl, etc.
callable in emacs
because that is where I want to use it
but I am sure that I would want to be able to use it in other places.
Can connect to widely available standard geolocation services
e.g. Perl CPAN IP::Location, IP->country/city/...
e.g. Google, etc., infer geographical location from browser
Works even when cannot connect to standard geolocation services, or the Internet
e.g. cache last location
e.g. ability to associate a name with a private network environment
e.g. if in a lab that is isolated from network
or at home, connected to WiFi, but broadband down
e.g. look at wifi SSID
Customizable
can use information that is NOT part of any ubiquitous geolocation database
e.g. I may recognize certain SSIDs as being my home or office.
Learned
Knows (or can learn) that some SSIDs are mobile, not geographically fixed (e.g. the mobile hotspot on my phone)
but some are (mainly) geographically fixed (e.g. WiFi at home connected to cable modem)
Learning
can override incorrect inferences (geo databases sometimes wrong, esp. VPN)
can extend or make precise
I wouldn't mind being able to write rules
but even better if some inference engine maintains the rules itself.
e.g. if I correct the location, make inferences about SSID coordinates used for the faulty inference
Heuristics
Windows 7 "netsh wlan show interfaces"
Windows / Cygwin ipconfig
*IX ifconfig
traceroute / tracert
reverse IP lookup
Caching
to avoid expensive lookups
but cache is NOT global - can be done per app
some apps may want to bypass the cache
others can use old data
GeoClue seems to satisfy at least some of your requirements.
To convert coordinates to human-readable address, one can use OSM Nominatim API.
Why didn't you just consider using GPS ? You could just add coordinates to your metadata and bind them to an address (going from simple numbers to an actual place) upon reading.
In this way almost anything can be tagged with coordinates.
In gnu/linux and other unices, gpds should do.
In windows, I have no idea.
In Android, the scripting layer for android should provide access to the gps device.
I am not sure this meets your requirements, but I'm just proposing.
You could use wget to pull data from one of those sites you mentioned, something like wget http://www.wolframalpha.com/input/?i=Where+am+I%3F and then find the data out of the file you just downloaded
Let me put it this way. You intend to track your location without using a positioning device such as gps. This is done based on your current geo location from your nearest network access point. The network access points are usually geo coded. I assume you are tracking your location in your laptop as it doesn't have a gps.
There must be a few frameworks out there to do this. Since you want it to be cross platform, I think a python based framework is your best option. You can also give google geo location a shot. There are a few api's built into html5 for geo location. I think you can coo-kup your own application and share it on opensource for everyone else to use.
For windows there are many commercial pc trackinga pps. All of them do a fine job at it.
I have a X7 G800V keyboard with 15 custom keys. The problem is they are not detected in anything but the software that comes with the keyboard which is a real cave eat since I can't use them in photoshop, word or any other program. Is there any way to make them detectable? I am open for ideas even if they include writing my own driver, although I may need some tips on that but still I am open for learning. After all the guys from A4Tech do it with their software and I think they are not even installing any drivers.
PS: I am sorry for this not being an exactly programming question.
If the OS doesn't support these keys, I don't see a way to process them, unless you can configure your driver to communicate them to the OS as some other key. For instance if you press key Special1, the driver tells the operating system to process it as Play.
Or you might consider to write a driver yourself, if the driver is open-source, or an API is available.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Bonus points for explaining how you improved it.
Real life security by obscurity?
The key to the front door is stashed under a rock nearby, or under the welcome mat, or on top of a high railing.
These are all instances of security through obscurity, as in, it is right out in the open for anyone to grab, but most people wont be able to find it without huge amounts of searching. However, a dedicated attacker can walk right in.
Some people like to make their javascript difficult to read (and therefore hack) by using obfuscation. Google is among the users of this technique. At the simplest level, they change the variable and method names to a single inscrutable letter. The first variable is named "a", the second is named "b" and so on. It does succeed in making the javascript exceedingly difficult to read and follow. And it adds some protection to the intellectual property contained in the javascript code, which must be downloaded to the user's browser to be usable, therfore making it accessible to all.
In addition to making it difficult to read the code, this shortening of variable names reduces the size of the javascript code that has to be downloaded to the user's browser. Theoretically, this can reduce network traffic.
Here's an article about Google's obfuscation, and here's a list of available tools.
On a website I did some contract work on I noticed that they were storing double-hashed passwords. From memory, they were storing something like
$encrypted_password = md5( sha1( plaintext_password ) );
When I asked what the purpose of this was, I found out that the guy who wrote the account creation/login script had been reading about dictionary attacks. He figured that no one would ever think to create a dictionary where they hash inputs with md5 and sha1.
I improved the system by adding a random salt column to their user table. I left the double-hashing in though. It doesn't do anything to hurt the security of the system, and to be honest, I thought it was pretty clever for someone who didn't really know much about security to think of this.
Seen: Websites use a complex url to access ajax components rather than actually password protect them such as:
domain.com/3r809d8f09feefhjkdjfhjdf/delete.php?a=03809803983djfhkjsdfsadf
the string has remained constant, the query is random and is designed to stop attackers.
Improvement: Restrict the page to being accessed only from certain IP addresses. Add an authentication string to the query that is a salted hash of the access time.
In a more "real life" example, I don't know if it's intentional or not, but I like the way none of the doorbells in my block have any names on them, and that their numbers seem to have no correlation to the apartement numbers whatsoever. Ie. ring on #25 for apartement 605, #13 for apartement 404 and so on. :)
One vendor we deal with requires us to post the username and password in the querystring in ROT-13 "encrypted" format. No joke.
Security through obscurity is a valid tactic. Plenty of people have turned off replying with version information as a best practice for ftp and apache. Honeypots can be considered an obscured practice, since the attacker doesn't know the layout of the network and gets sucked into them. One high security site I know of assigns their username by a five digit alphanumeric phrase (such as '0a3bg') instead of using logical usernames. Anything that makes breaking into a system more difficult, or take longer, is a valid measure.
Security exclusively through obscurity is bad.
People writing their password on pieces of paper and putting it under their keyboard.
I solved it by logging into their computer with their account and sending out an embarrassing email to the group.
Seen: phpMyAdmin moved into the directory _phpmyadmin
Improvement: Disallowed access from outside the company's network.
Similar to #stech's solution.
Some of the admin pages in our application on the web, check for a local IP subnet range, else display access denied.
Improvement is accessed is restricted to users who are inside the network or VPNed to it.
Back in the old DBase/Clipper days I worked for a guy who developed an application for a friend of his. This friend wanted to have some "secretly" accessible program or data (I don't recall) that required a password only known to him.
The solution, I was told, was that Clipper opened a DOS prompt in the secret directory, with black text on black background colors (some ANSI control characters accomplished this).
The user had to type in the password, but this being input line of the DOS command prompt, the "password" was really the name of a batch file that was then executed.
I once saw a photography website where you could strip some characters off from the photo thumbnail pictures url to get the full version.
Many professional photographer websites use Javascript to prevent people from right-clicking on images to "save as ...". Most of those sites also don't do any watermarking.
I used to surf with referer headers disabled... it's quite surprising how many websites will blow up or flat-out reject you if they don't know where you came from.
One website had a poll and used cookies to prevent you from voting multiple times. You could simply erase that cookie and keep voting. And you could script it all using wget, too.
The example I see of this all the time is something being done in source code that the developer assumes no one will ever see. You see this a lot with crypto-keys in particular, embedded right in the source code. A lot of times it is not even a question of decompiling the code, they could outright just use the library.
The solution is always to teach the developer to assume that someone has the source code and can use it against you.
Going to great lengths to hide software names and version numbers .
Ie. changing Tomcat server name and version to some quotes and random numbers (like 666), changing the name and version numbers of regular javascript libraries like scriptaculous and prototype and so on.
In a current project we're using Google Web toolkit (GWT) and this sneaky little thing compiles Java to javascript (which you have little to no control over) and includes the string "GWT" and version number. Totally unacceptable of course so we'll need to make a script that will run after GWT compile to remove all these references(!).
/admin without password.
Yes I've seen it, it's very real.