Scott Hanselman

Some Assembly Required - the AIC250 as a motion detecting ClickOnce application

April 8, '06 Comments [0] Posted in Coding4Fun
Sponsored By

Babies_5My Coding4Fun MSDN Column "Some Assembly Required" is back after a hiatus. This article is about interfacing with a MotionJPEG Stream and AirLink AIC250 Network Camera extending Andrew Kirillov's brilliant Motion project.

I took Andrew's application and ported it to .NET 2.0 and made it a ClickOnce application. Then I extended his implementation of MotionJPEG to get around some of the [psycho] quirks in the AIC250's Web Server.

I hope you enjoy "Everyone Loves Babies! Webcams and Motion Detection." I use it to have video calls with my wife and son while at work.

UPDATE: Andrew has updated his original article with a Motion Alarm, as well as the ability to save arbitrary video streams.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Hanselminutes Podcast 12

April 8, '06 Comments [1] Posted in Podcast | ASP.NET | XML | Tools
Sponsored By

HanselminutesMy twelfth Podcast is up. This episode is about 10 Windows Utilities you may not realize you already have.

We're listed in the iTunes Podcast Directory, so I encourage you to subscribe with a single click (two in Firefox) with the button below. For those of you on slower connections there are lo-fi and torrent-based versions as well.

Subscribe to my Podcast in iTunes

Our sponsors are Xceed, PeterBlum and the .NET Dev Journal.

NOTE: Xceed is a new sponsor and I'm stoked about it. Do take moment to check them out. Xceed is the home of the brilliant Martin Plante and you should subscribe to his blog and not just because of his (honestcriticisms of podcasting. He is leaving Xceed in two months, but they part as friends. Martin is an expert in all things System.IO, IMHO, and particularly System.IO.Stream. Their Data Manipulation Suite is top notch.

As I've said before this show comes to you with the audio expertise and stewardship of Carl Franklin. The name comes from Travis Illig, but the goal of the show is simple. Avoid wasting the listener's time. (and make the commute less boring)

  • Each show will include a number of links, and all those links will be posted along with the show on the site. There were 14 sites mentioned in this twelfth episode, some planned, some not.
  • The basic MP3 feed is here, and the iPod friendly one is here. There's a number of other ways you can get it (streaming, straight download, etc) that are all up on the site just below the fold. I use iTunes, myself, to listen to most podcasts, but I also use FeedDemon and it's built in support.
  • Note that for now, because of bandwidth constraints, the feeds always have just the current show. If you want to get an old show (and because many Podcasting Clients aren't smart enough to not download the file more than once) you can always find them at http://www.hanselminutes.com.
  • I have, and will, also include the enclosures to this feed you're reading, so if you're already subscribed to ComputerZen and you're not interested in cluttering your life with another feed, you have the choice to get the 'cast as well.
  • If there's a topic you'd like to hear, perhaps one that is better spoken than presented on a blog, or a great tool you can't live without, contact me and I'll get it in the queue!

Enjoy. Who knows what'll happen in the next show?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Tracking down a Trojan

April 8, '06 Comments [7] Posted in Musings
Sponsored By

I'm not even a tenth as clever as Mark Russinovich in tracking these things down, but I got to play IT department a bit today. You're probably the IT department for your family as well. When Uncle Frank gets a virus, he calls you. In this case, I was called upon to track down a virus.

With all due respect to Russia, there's very few things that regular folks need to be visiting in a .ru domain. In this case it was SMTP traffic and there's ZERO reason anyone should be sending mail in this way.

He had ran all sorts of anti-virus, anti-spyware, and anti-malware applications and didn't find anything. A cursory glance for funky .exe's in Task Manager showed nothing obvious.

I showed up and suggested we download the three horsemen: TCPView, Autoruns, and ProcessExplorer.

First step was to find out what process was asking for the Russian sites. TCPView to the rescue. We can see from the first screenshot that the port is being opened by winlogon.exe, the Windows NT Login Manager - certainly a legitimate executable.

Russiantrojan1

There must be an evil DLL loaded inside of winlogon.exe. Next stop, Process Explorer.

Russiantrojan2Looking at winlogon.exe within Process Explorer and changing the Lower View to show DLLs. Then I sorted by Company Name, just because it never seems that evil software writers are clever enough to include a Company Name, does it?

That hywklcsj.dll looks a smdge suspicious, no? Smells auto generated to me and that fact that there's no Google results for it confirmed it to me.

Russiantrojan3Now, Autoruns. Note the now-missing ddcyv DLL. Perhaps that was the bootstrapper that started this whole thing, but now it's run away.

Russiantrojan4The BrowserHelperObject (BHO) section of Autoruns shows that this trojan also listens to IE and probably pops up porno ads while surfing.

After cleaning all this crap up and restarting, we're clean. No funky DLLs get loaded by explorer or winlogon and no suspicious traffic tries to get our of the computer.

I'm sure this Trojan has a name, but I couldn't figure out what Google Terms I could use to find our which version it is. I suspect a Trojan.Vundo varient, but this one doesn't quite fit the profile.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Mapping a CVS user to a real user (SSPI to PSERVER)

April 7, '06 Comments [0] Posted in Subversion
Sponsored By

I recently moved a machine from our MAIN domain to a LAB domain (another domain with a hardened filewall for R&D and crazy stuff.)

We use Subversion for most of our Source Control, but a lot of legacy stuff is still in CVS and uses SSPI (Security Service Provider Interface enabling NTLM for CVS). So, when I do an update from Tortoise it automatically sends my Windows User details over there and authenticates me against the domain.

However, now I'd moved the machine and it was in another domain. The LAB domain is fairly harded and doesn't have a way for a MAIN domain user to login. Consequently updating CVS via SSPI is/was a problem.

I wrote a lame little batch file that's used like this:

addcvsuser.bat MYREPO labcvsuser

It looks like this:

IF "%1"=="" GOTO USAGE
IF "%2"=="" GOTO USAGE
SET CVSROOT=:sspi:MYCVSSERVERNAME:/%1
cvs passwd -a -r MAIN\somewindowsuser %2
SET CVSROOT=
GOTO EXIT
:USAGE
ECHO Usage: addcvsuser REPOSITORY NEWUSERNAME
:EXIT

Assuming the admin is logged in as a legit user, this file temporarily sets the CVSROOT Environment Variable with the name of the Repository you want to add a user to. The user will be added to the passwd file in that repository and won't be a real Windows User. It might be a user named labcvsuser that doesn't exist on the domain. That user is mapped to MYCVSSERVERNAME\somewindowsuser that IS a real Windows User, on the real MAIN domain.

Then, in Tortoise I change the CVSROOT used by Tortoise to :pserver: instead of :sspi: and open up ports 2401 and 2402. Now the LAB TortoiseCVS can use a username/password combo that's not on the domain and get mapped to a domain (or local) user and crisis averted.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

IBM Laptop Wireless Adapter Turns Off Automatically Without Asking

April 7, '06 Comments [8] Posted in Musings
Sponsored By

IBMSoftwareInstallerI updated all the IBM (Lenovo) ThinkPad Craplets with the IBM Virus Software Installer this week. Mistake.

My wireless adapter started turning off every 3 minutes. Not losing signal, not disabling, TURNING OFF. The internal hardware would switch off.

Global SettingsWindows was/is set up to manage the Wireless Connection, but it seems that the IBM Access Connections (their view of networking) still influences things. Kind of a wireless "shadow government."

Automatic Location SwitchingI don't see this documented anywhere, but I figured out that you have to run the Access Connections and go to Configure|Automatic Location Switching and TURN OFF "Enable automatic location switching." You also have to go Configure|Global Settings and TURN OFF "Enable automatic wireless LAN radio control."

And all is well. Today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.