I have just uncovered a way to perform root priviledge escalation under Windows (tested using Server 2003 SP2)…so easy, with no addons or anything – all you need is a console.

  1. Open up a command prompt (cmd.exe)
  2. Type whoami. This should return your username – lowly peon user.
  3. In the command prompt, enter the following: at <current time + 1 min> /interactive “cmd.exe”
    The point of this step is to set up a scheduled task to execute in one minute of the current time. This scheduled task will launch a command prompt under the credentials of Local System.
    For example: at 11:05 /interactive “cmd.exe” will launch the cmd window at 11:05am.
  4. Type whoami into the new cmd window…..Voila!

Once escalated, you can use taskmgr to kill explorer and then re-run it from the new command prompt with the escalated priviledge.

I was recently reading a post about writing non-threadsafe code which talks about the main peril of multi-threading, and one way you can work around it.

I’ve long been a believer that doing anything multi-threaded is fraught with danger and you have to tread incredibly carefully when doing so. I say this with experience. What I learnt from reading that post wasn’t in the content, but in the comments, which talked about the Interlocked class for performing simple, thread-safe increments and decrements of operators.

So i decided to try it and see what the benefit really is, and i was surprised by by the results! I did my own profile against 3 scenarios:

  1. No thread safety (fast comparitively, though gave incorrect results)
  2. Locking using “lock” keyword (correct, but very slow by magnitude of nearly 10x)
  3. Locking using Interlocked class (correct, and fast – faster than no thread safety in some test runs)

Clearly these results aren’t scientific, but are quite good to give relative indicators of performance. I’ve reproduced the code below.


using System;
using System.Diagnostics;
using System.Threading;
using NUnit.Framework;

namespace ThreadingExample
{
	public interface IThreadTest
	{
		int Value { get; }
		void Debit();
		void Credit();
	}

	public class NonThreadSafe : IThreadTest
	{
		public int Value { get; private set; }

		public void Debit()
		{
			Value--;
		}

		public void Credit()
		{
			Value++;
		}
	}

	public class ThreadSafe : IThreadTest
	{
		public int Value { get; private set; }

		object lockSentinel = new object();

		public void Debit()
		{
			lock (lockSentinel)
			{
				Value--;
			}
		}

		public void Credit()
		{
			lock (lockSentinel)
			{
				Value++;
			}
		}
	}

	public class ThreadSafeUsingInterlocking : IThreadTest
	{
		private int value;
		public int Value
		{
			get { return value; }
			private set { this.value = value; }
		}

		public void Debit()
		{
			Interlocked.Decrement(ref value);
		}

		public void Credit()
		{
			Interlocked.Increment(ref value);
		}
	}

	[TestFixture]
	public class TestClass
	{
		[Test]
		public void TestNonThreadSafe()
		{
			NonThreadSafe nts = new NonThreadSafe();

			ExecuteThreadedTest(nts);

			Assert.AreEqual(0, nts.Value);
		}

		[Test]
		public void TestThreadSafe()
		{
			ThreadSafe ts = new ThreadSafe();

			ExecuteThreadedTest(ts);

			Assert.AreEqual(0, ts.Value);
		}

		[Test]
		public void TestThreadSafeUsingInterlocking()
		{
			ThreadSafeUsingInterlocking tsui = new ThreadSafeUsingInterlocking();

			ExecuteThreadedTest(tsui);

			Assert.AreEqual(0, tsui.Value);
		}

		private void ExecuteThreadedTest(IThreadTest threadTest)
		{
			int maxIterations = 99999999;
			DateTime start = DateTime.Now;
			Thread t1 = new Thread(() =>
			{
				for (int i = 0; i < maxIterations; i++)
				{
					threadTest.Credit();
				}
			}
			);
			t1.Name = "t1";

			Thread t2 = new Thread(() =>
			{
				for (int i = 0; i < maxIterations; i++)
				{
					threadTest.Debit();
				}
			}
			);
			t2.Name = "t2";

			t1.Start();
			t2.Start();

			t1.Join();
			t2.Join();

			DateTime finish = DateTime.Now;
			Debug.WriteLine(String.Format("Took {0}ms to complete", (finish - start).TotalMilliseconds));
		}
	}
}

I’ve just read a blog post about why you should pass interfaces instead of concrete classes as arguments to your methods.

I normally try to think about the most appropriate usages of interfaces for my own classes, but what this post alerted me to was the necessity to use interfaces when working with framework classes.
IE: IDictionary instead of Dictionary

The reasons the author discusses i believe are quite valid….It’s something i’m going to more actively do when writing code…

Reading an article about unit testing got me thinking about some of the tools i’d love to sink my teeth into.

I’m documenting them here in case i forget.

Backend
NHibernate (ORM)
SQLLite (DB)

Framework
Castle Windsor/Ninject (DI)
Lof4Net (Logging)
LINQ (Language Querying)
Tree Surgeon (Environment setup)

Testing
NUNit (Unit testing)
Rhino.Mocks/Moq (Mocking)
WatIn (UI testing)

Build Integration
Nant (Build tool)
CC.NET (CI server)

UI
WPF (GUI)
ASP.NET MVC /Monorail (Web engine)
PRISM (WPF App framework)
NHaml (MVC View Engine)

a lot of these i have or currently do use….some of them i have only ever played around with and a few i’ve never even touched.

At least me putting it down on paper (or bits, in this case) is a reminder of what i’m keen to try, and will get to it soon.

A friend told me this one – I missed the feature of “recently closed tabs” in FireFox – it displays a small menu which lists all tabs closed in chronological order.

Well Chrome doesnt have exactly that, but CTRL-SHIFT-T will re-open the last closed tab. If you repeat the keystroke in sucession, it will re-open the one before that, ad nausem.

its perfect for the trigger happy like myself.

If you are reading this through an RSS reader, take note – I have changed the URLs for my feeds, and they are not accessible via this website, but through the following URL:
http://feeds.feedburner.com/TheTomesOfExperience

So just to re-iterate, please update the feed URLs to the new address:

http://feeds.feedburner.com/TheTomesOfExperience

Sometimes though when you’re changing interfaces across several projects, you can end up in a stink because a method reference is removed or a signature is changed, and you end up with the following error:

When i build in Visual Studio, in order to save time, I don’t always do a <ctrl><shift>-<b> (Rebuild Solution). instead, i do a <alt>-<b>,<u> in order to rebuild just the project, and its dependencies (faster build).

I’ve had this error come up a few times, and it’s easy to solve – in case i ever forget here it is:.

Server Error in ‘/’ Application.
——————————————————————————–

?
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.MissingMethodException: ?

When you get this problem, just re-build the entire project.

The Hollywood principle is a software design methodology that takes its name from the cliche response given to amateurs auditioning in Hollywood: “Don’t call us, we’ll call you”. It is a useful paradigm that assists in the development of code with high cohesion and low coupling that is easier to debug, maintain and test.

http://en.wikipedia.org/wiki/Hollywood_Principle

I needed to quickly browse through some web-server logs and pull out the hostnames which were accessing the web-server (to see where people were originating from).

The following single linux command will pull the IP address out of the apache log (for a particular date) and do the reverse DNS lookup for me:

cat access.log | grep ‘1/Sep’ | awk ‘{print $1}’ | sort | uniq | xargs -n1 host | grep -v ‘not found’

just in case i ever need it again….