Tuesday, April 28, 2020

C++ stack implementation to iterate over all files and sub-directories recursively with wildcard search pattern

Here's an actual working C++ implementation of iterating over every file/directory using a file wildcard characters [*?] in a file search pattern or file filter using a stack implementation and Unicode compliant to handle multiple languages.

No change required in default stack size in Visual Studio 2010 under Linker->System->Stack Reserve Size and Stack Commit Size, but if this fails to compile, then change these limits.


#include <windows.h>
#include <string>
#include <vector>
#include <stack>
#include <iostream>
#include <atlconv.h>
#include <io.h>
using namespace std;

//---------------------------------------------------------------------------------
//Mon 27-Apr-20 1:57pm  - working stack implementation of sub-dir transversal
//https://metadataconsulting.blogspot.com/2020/04/C-stack-implementation-to-iterate-over-all-files-and-sub-directories-recursively-with-wildcard-search-pattern.html
//---------------------------------------------------------------------------------
bool ListFiles(std::wstring path, std::wstring mask, std::vector<std::wstring>& files) {
    
    //HANDLE hFind = INVALID_HANDLE_VALUE;
    long h; 
    errno_t err;
    _wfinddata_t ffd;
    std::wstring spec;
    std::wstring pathtemp; 
    std::stack<std::wstring> directories;
    std::stack<std::wstring> transversal;

    if (path.length() > 0)
    {
        std::wstring::iterator it = path.end() - 1;
        if (*it == '\\')
        {
             path.erase(it);
        }
    }

    directories.push(path);
    transversal.push(path); 
    files.clear();
    
    //Enumerate all directories first, then all files //Tue 28-Apr-20 4:46pm  - 
    while (!transversal.empty()) {
        
        path = transversal.top();
        spec = path + L"\\*"; 
        transversal.pop();
        
        h = _wfindfirst(spec.c_str(), &ffd);
    
        if (h > 0) {
    
            do {
                if (wcscmp(ffd.name, L".") != 0 && 
                    wcscmp(ffd.name, L"..") != 0) {
                    pathtemp = path + L"\\" + ffd.name; 
                    if (ffd.attrib & FILE_ATTRIBUTE_DIRECTORY) {
                        std::wcout << "searched dir: " << pathtemp + L"\\" << " \n"; 
                        directories.push(pathtemp);
                        transversal.push(pathtemp);
                    }
                }
            } while (_wfindnext(h, &ffd) == 0);

            if (GetLastError() != ERROR_NO_MORE_FILES) {
                _findclose(h);
                return false;
            }

            _findclose(h);
            h = -1; 
        }
    }

    while (!directories.empty()) {
        
        path = directories.top();
        spec = path + L"\\" + mask;
        directories.pop();
    
        h = _wfindfirst(spec.c_str(), &ffd);
        //_get_errno( &err );

        //shortcuts recursive sub-directories transversal, do not use
        /*if (err==EINVAL) {
            std::wcout << "ERROR: Invalid path encontered." << spec << std::endl; 
            return false;
        }
        else if (err==ENOENT) {
            std::wcout << "No results for file pattern " << mask << std::endl;  
            return false;
        }*/
            
        if (h > 0) {
            //std::wcout << "ERROR: " << spec << " invalid path encontered.\n"; 
            //no files found
            //return false;
        

            do {
                if (wcscmp(ffd.name, L".") != 0 && 
                    wcscmp(ffd.name, L"..") != 0) {
                    pathtemp = path + L"\\" + ffd.name; 
                    if (!(ffd.attrib & FILE_ATTRIBUTE_DIRECTORY)) {
                        files.push_back(pathtemp);
                    }
                }
            } while (_wfindnext(h, &ffd) == 0);

            if (GetLastError() != ERROR_NO_MORE_FILES) {
                _findclose(h);
                return false;
            }
        
        }
        _findclose(h);
        //h = INVALID_HANDLE_VALUE;
        h = -1;
        
    }

    return true;
}

int main(int argc, char* argv[])
{
    vector<wstring> files;

    int cnt = 0; 

    if (ListFiles(L"C:\\Windows\\Temp", L"*.log", files)) {
        for (vector<wstring>::iterator it = files.begin(); 
             it != files.end(); 
             ++it) {
            wcout  << ++cnt << ". " << it->c_str() << endl;
        }
    }
    return 0;
}

Sunday, April 26, 2020

Consuming Unicode filenames from the C/C++ command line


#define _UNICODE
#include <windows.h>
#include <cwchar>
#include <cstdio>

using namespace std;

int main() {

    int argc;
    wchar_t** argv = CommandLineToArgvW( GetCommandLineW(), &argc); //consumer Unicode

    if (argc != 3) {
        wprintf(L"usage: this [file] [text]\n");
        return 1;
    }

    FILE* out = _wfopen( argv[1], L"wb");

    if (!out) {
        return 1;
    }

    fwprintf(out, L"%c", 0xFEFF);
    fwprintf(out, L"%s", argv[2]);
    fclose(out);

}

Saturday, April 25, 2020

How to format double as integer and not use scientific notation


Here's how to format double as integer and not use scientific notation. See last line in code example below.

/******************************************************************************

                              Online C++ Compiler.
               Code, Compile, Run and Debug C++ program online.
Write your code in this editor and press "Run" button to compile and execute it.

*******************************************************************************/
// setprecision example
#include <iostream>     // std::cout, std::fixed
#include <iomanip>      // std::setprecision
#include <string>
int main () {
  double f =79324623498343.12323;
  std::cout << std::setprecision(5) << f << '\n';
  std::cout << std::setprecision(9) << f << '\n';
  std::cout << std::fixed;
  std::cout << std::setprecision(5) << f << '\n';
  std::cout << std::fixed << std::setprecision(0) << f << '\n';
  return 0;
}

Friday, April 24, 2020

Sandboxie Windows sandbox isolation tool is now open-source, develop your own sandboxed apps

Sophos is excited to announce that Sandboxie is now an open source tool.

Sandboxie has long been a favorite sandbox-based isolation tool since its original release over fifteen years ago. Now this technology will live on in the hands of its dedicated users.



Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.


























The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.


We are thrilled to give the code to the community. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level.

The Sandboxie user base represents some of the most passionate, forward thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases.

Source : https://news.sophos.com/en-us/2020/04/09/sandboxie-is-now-an-open-source-tool/

Get it on Github - https://github.com/sandboxie

Thursday, April 23, 2020

Stripe payment system is collection location data, browsing and click data for all your browsing activity on strip enabled sites

Surveillance State Scope Creep
I usually don't repeat post like this, but this affects many people and is super aggro.
On Tuesday, developer Michael Lynch questioned Stripe's data collection in a blog post, noting that the biz's JavaScript library, used by web merchants to implement client-side aspects of Stripe's payment system, records browsing activity and reports the data back to the company.

The data transmitted goes beyond what's necessary for a transaction. According to Lynch, the library when present on a page reports the URL even if the page does not include a Stripe payment form, and includes mouse movement telemetry and unique identifiers that let Stripe match visitors against data from other Stripe-implementing sites.

"No amount of privacy policy language will make this okay," said Cyphers. "Stripe should not be profiling people's behavior on web pages where [the e-commerce form] isn't present." 



Tuesday, April 21, 2020

C++ - How to fix “Debug Assertion Failed! -__IOINFO_TM_ANSI ” message when opening UTF-8 Unicode files

If you getting a error message with following pop-up in Visual Studio solution for C++ when using SetConsoleOutputCP(CP_UTF8) or _setmode(_fileno(stdin), _O_U8TEXT)


---------------------------
Microsoft Visual C++ Debug Library
---------------------------
Debug Assertion Failed!

Expression: ( (_Stream->_flag & _IOSTRG) || 
( fn = _fileno(_Stream), ( (_textmode_safe(fn) == __IOINFO_TM_ANSI) 
&& !_tm_unicode_safe(fn))))

For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.

When debugging the following code, it will give you the above error.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
int main(int argc, char* argv[])
{
 //https://alfps.wordpress.com/2011/12/08/unicode-part-2-utf-8-stream-mode/

 // Set console code page to UTF-8 so console known how to interpret string data
 SetConsoleOutputCP(CP_UTF8);

 // Enable buffering to prevent VS from chopping up UTF-8 byte sequences
 setvbuf(stdout, nullptr, _IOFBF, LINESIZE);
  
 std::cout << "Latin Capital Letter O with Diaeresis Ö "; 

 return EXIT_SUCCESS;
} 

Solution : Change this line of code wcout for all your statements to stdout. 


std::wcout << "Latin Capital Letter O with Diaeresis Ö ";


Thursday, April 16, 2020

Your VPN Might Be Tracking and Logging Your Browsing Habits

This is extremely damming of VPN providers - sham on them.

Session-recording scripts, by the way, allow websites to record video of your movements around their websites, which also includes what you click on, what you search for, and much more.

Source  - https://hackernoon.com/your-vpn-might-be-tracking-and-logging-your-browsing-habits-wtaa32x7




Tuesday, April 14, 2020

MS Edge v84 pasting in Gmail and Blogger not working

Recently as of April 10th 2020, I have been trying to paste text into Gmail and Blogger and its been blocked. Pasting (CTRL-V) has been blocked using Microsoft's Edge in Google properties. Specifically, I have been using MS Edge Version  84.0.484.0 (Official build) canary (64-bit). 

I find after composing/revisiting 3 emails in Gmail, the paste function fails.

This does work in Chrome and Firefox and MS Edge version 81.0.416.53. 



Keyboard Testing tool indicates Paste key used, CNTRL and V






































All of the sites that Gmail uses have been added to







































Added all exceptions to Gmail and Blogger sites, but still not working.









































Even if I turn off all Tracking prevention, pasting still does not work.





There are huge number of JavaScript errors in this page, as well in Chrome. 





Adding the domains (in error/that are red) to exception tracking of MS Edge did not work.





Friday, April 10, 2020

Sextortion Phishing Email with Pawned Password

For the record, old sextortion phishing email attempt that is recently going around.  
They typically use pawned passwords for greater effect, but these records are old and generally not current. BUT if you do not change your password yearly, you could be in trouble. Note: Current min password length is 20 characters long.

Check if you have a user id and password that has been hacked - here.


What to do?  Report them, goto bottom of page.


From : Cinda Katz <lxharwilllnni@outlook.com>

Subject : USERNAME : PASSWORD - FROM OLD PAWNED DATABASE 

I’m aware that is your password,” reads the salutation.

You don’t know me and you’re thinking why you received this e mail, right?


Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.







How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Tuesday, April 7, 2020

How to get a Text Browser for Windows 7,10 - Surf the web in text only, no ads

Now that you have extra time to co-read, read fast with a text browser. 

Get a super fast Text Browser for Windows 7,10 +:
  • Emacs is a well know editor that comes with little know built-in browser 
  • Emacs is superbly supported on all platforms, a staple on UNIX since 1976!

The Emacs Web Browser (Eww) is a very basic and fast text/image browser. Flash and Javascript are not supported which gets rid of ads.






Nov 11, 2022 : Update source, use the installer. 

emacs-28.2-installer.exe - download and use installer!   

from  http://ftp.gnu.org/gnu/emacs/windows/emacs-28/emacs-28.2-installer.exe

Older Sources without an installer:

Get latest version GNU EMACS 26.3 (30-Aug-2019) for Windows:


http://mirror.rit.edu/gnu/emacs/windows/

Choose latest:
http://mirror.rit.edu/gnu/emacs/windows/emacs-26/emacs-26.3-x86_64.zip

How to get EMACS Web Browser to work


  1. Unzip emacs-26.3-x86_64.zip  - Compiled Emacs editor with browser
  2. Run EMACS by clicking runemacs.exe in Depends bin directory
  3. In EMACS, choose Tools -> Browse the Web -> 


     
  4.     Enter your URL or Keywords:

  5. Voila! it works!
Notes:

  1. EWW, the Emacs Web Wowser, is a web browser package for Emacs. See full details here.
  2. Unzipped emacs takes is 758 Mbs, but running takes a scant ~100 Mb of RAM. Unlike Google Chrome taking now a whopping 1.2Gb of RAM now, but equivalent to 1 active chrome instance.
  3. Considered Lynx browser, but builds are never up to date.
  4. To list cookies, Choose Eww -> List cookies

My other Emacs articles of interest: 

How to remove cookies


Open page from command line

Set font size 

Saturday, April 4, 2020

Using Microsoft OneDrive 2020 as Content Delivery Network (CDN) for images

For web developers who are mindful of Page Speed / YSlow scores, finding a free Content Delivery Network (CDN) to load your static content from a cookie-free domain is a nice to have!!!

This is a examination of using Micorosoft OneDrive as a possible CDN. I will test this using
https://onedrive.live.com to hosting a 
 4milliom.png 50.3 KB PNG image.   


Here's how to get the embed link for a resource on OneDrive. 



For more information on how to get a link to use in your website page for testing, read my blog entry on Microsoft OneDrive Direct File Download URL Maker.


Here's the file URL used in this anaylsis. 

https://wyztwg.by.files.1drv.com/y4mucnXH4ZIfty_kXg9nYvgjHKJMw-XkCLfcBvI7ipNMNidsCjSMyNcw4cFyNlB0WKO9M-VNquASIbFp9DlTJPrjpqk2ex4GmzoVcA_2OOAp1G1ZiGK_U_UPjmfTj_hmtd41HascgLLyjTbEKJlDzXfFhyOXPngJ_ovCRPxL14pt1B0er3HaJvRxjkpru0z85Wiua9JhMP-BvbADeKnISGTqQ

Now lets examine some network timings from Microsoft Edge Chromium Inspect window.





























We get 773.03 ms for this transfer, which is very good. Edge reports 5 cookies for this request. Disable cache for successive runs.

Now in Firefox, initial load was 1.3s, and successive load was 566ms. Firefox reports no cookies for this request. 
Disable cache for successive runs.



Conclusion


OneDrive can be used as an effective free Content Delivery Network (CDN) to load your static content. And this is faster than in 2016. 


Friday, April 3, 2020

Phishing Email - Protection From Corona Virus With Immunity Oil

For the record, this is an Protection From Corona Virus With Immunity Oil phishing email attempt that is recently going around.  What to do?  Report them, goto bottom of page.


From : Miracle Virus Oil <appfree0qYX@heroku.com>


Subject
 : 
Protection From Corona Virus With Immunity Oil


PHISHING LINKs;

1. http://u4611801.ct.sendgrid.net/ls/click?upn=LFMdLlB5858Cccc72tup8z-2FcccQQBWD-2Bcc0KRyN3S9xctfIAvuTJ-2BgeAWlDuuU7INAqASCZqW8ZAsEJZJrT5mClQEc9FI0-2F-2cywoSVLlg-3DJB60_6EdqR0IY30kIeDIxa-2BHp62irc4CCIS9GScczVNP63zhNDEaDHOjE-2BsT1BtQscDmRyIuQobIgt3Lnxu-2c4uW-2BctuMdj9ARIv-2Bccwc-2Fm792GR2RF495h21F-2ccS74xdIw-c00WccCywGvmrZcGp4jc-2FccZNKqc989XWLpBCet5RKlG-2ccKUyLw-2BmbNLXhJW7Lv2UccqROcwYiU47tw-3D

2. http://probyz.xyz/?Z289MiZcMT03Njk4OTMccczI9MTgyNcE5NjkxJcMzPUNB



How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx