Wednesday, 28 December 2016

Temps Suspendus

In my last visit to Paris right before Christmas I was lucky to come across just by chance with one of the best art exhibitions that I've been able to enjoy in the last years. When walking from Belleville/Menilmontant (I really love that area) to La Villette, I passed by again a beautifult piece of modern architecture of the 70's, a building at Place du Collonel Favian that has always caught my eye but on which I'd never searched for information before. Well, I learnt that day that this building was built by Oscar Niemeyer in the 70's (and appropiately is called "Espace Niemeyer"), and hosts the headquarters of the Parti Communist Francaise. Furthermore, it also hosts art exhibitions (or even fashion shows to allow the party to raise some funds). This time there were some posters of an art exhibition, Temps Suspendus, dedicated to Urban Exploration and abandoned/derelic places.

The exhibition was just amazing. It presents 75 pieces by 3 photographers/explorers: Romain Veillon, Sylvain Margaine and Henk Van Rensbergen. The pics have been taken all over the world, but Belgium, France and Italy are by far the most represented locations (2 of the authors are French nationals, 2 of them live in Belgium...). Belgium is so present that one could think of it as one of the hottest spots for this kind of photography, which makes sense as one can imagine that the economic decline of Wallonia resulting from the lost of importance of coal mining and steel works (being Asturian that quite rings a bell...), has given place to a huge number of abandoned buildings. Notice anyway that one of the most impressive pics corresponds to the Stock Exchange of the wealthy city of Atwerpen.

Other than the content, the container is particularly pleasant. As I've said the external part of this Oscar Niemeyer building is pretty interesting, a nice 70's office building, but what is really outstading is the underground conference center(surrounded by the exhibition space).

The ancient building at this location was the seat of the Antifascist International Comittee where volunteers enrolled in the International Brigades. This plaque set by the Communist Party honoring these heroes is a powerful reminder of how at times of horror Humanity is able to produce dignity and courage, whether in Europe in 1936 or un Rojava in 2016.

Friday, 16 December 2016

Basic SQL Technique

I've never liked SQL too much and I've never been particularly skilled in it, so probably what I'm going to show in this post is pretty obvious, but anyway. This is something that I used like 12 years ago and when last week I faced the same issue it took me some head scratching to come up with the solution, so maybe in other 12 years I'll find useful having done a DumpToBlog here. The technique is using the same table twice in the same query.

Let's say I have 2 tables like this:

And we went to obtain a listing like this:

So we have 2 different columns in the Countries table that point to Cities table. The solution is pretty simple, just use the Cities table in our query twice, using a different alias. I mean:

select countries.Name, C1.Name as Capital, C2.Name as MostPopulated
from countries, cities C1, cities C2
where countries.CapitalCityId = C1.Id
and countries.MostPopulatedCityId=C2.Id 

Hum, probably my shortest post so far.

Wednesday, 14 December 2016

Java Bitness

It's been 5 years since the first time I wrote about 32-64 bits. Last week because of a small Java development at work I became aware of the differences between the Java Platform and .Net in their approach to the 32/64 bits management.

The first and quite noteworthy difference is that in the .Net world when you install the .Net framework in a 64 bits machine you get installed both a 64 and 32 version, while that in the Java Platform you have different downloads/installations for the 32 and 64 JRE's and JDK's. Of course you can install them side by side, but well, at a global level you have to decide which one is the default (I mean by this the one added to the PATH and the JAVAHOME).

As we know a normal .Net (I'm not talking about the kind of ngen scenarios) and JVM applications get compiled to bytecodes for a Virtual Machine. These bytecodes and VM's are high level enough to abstract us from the 32 or 64 bits architecture underneath, so in theory our .Net or Java applications should run the same on a 32 or 64 environment (performance differences aside). This is true unless that we are loading in our process native components (dll's/so's or COM components) via P/Invoke or JNI. In that case, as I explain in my first linked post, our application will have to stick to the bitness of that component, as a process and the dll's it loads have to be of the same bitness. So it seems necessary to be able to indicate to the OS that our application needs to run under a certain bitness or that it does not care.

In .Net when you compile your application you specify in the resulting .exe or .dll (in the PE header) if it needs to run as 32, 64 or as any (the anyCPU setting), and the OS will do accordingly creating a 32 or 64 bits process. So if you don't use native components or you don't have specific performance needs, you'll compile as anyCPU and the application will run as 32 or 64 depending on the OS. In the Java Platform (I'm talking about any language that can be compiled for a JVM: Java, Scala, Groovy...) the .class files generated when compiling your JVM language lack of any 32 or 64 bits flag. This means that it's your responsability to start a JVM with the correct bitness. So if you use a .bat to launch it, you'll have to point there to the Java.exe corresponding to the 32 or 64 JRE.

I prefer the .Net approach, it feels more clear to me to have the bitness indicator directly in the file that contains the compiled code than having it in a launcher .bat that somehow needs to point to the right JRE (which is not so easy, cause as I said above, the java.exe in your PATH could be pointing to the JRE with the wrong bitness.

Saturday, 10 December 2016

Remote Execution

Executing an application on a remote machine without opening a remote terminal or a remote desktop is a pretty powerful feature that probably is not widely known. I had done it in a [from Windows to Windows] scenario many years ago, and I've needed it lately in a [from Windows to Linux] scenario. I'll give an overview of how the thing goes.

Windows to Linux

All you need is SSH. Assuming that you have an ssh server installed on your Linux machine, you can leverage the ssh client software on you local machine to open a connection, run some code and exit in just one go. Using the plink application that comes with putty you just do:

plink.exe -ssh -2 -pw myPassword myUser@myRemoteMachine -m commands.txt

Here I'm passing as parameter a file containing the commands to run (commands, the command line for launching a script/application...). In principle if it's just a command you could directly type it there:

plink.exe -ssh -2 -pw myPassword myUser@myRemoteMachine 'ls -la /tmp'

But I don't know why it is not working on my system.

You'll get the remote standard output on your local machine, so you can imagine how powerful this is. In some scenarios it can save you writing and deploying a server application on the remote machine. You just copy a few scripts/applications there, launch them remotely and get their output. The remote scripts/applications have to be present on the remote machine, plink is not copying them there, just running them. If you have a one shot scenario (run once and that's all, leaving no traces). You could run a squence of:
pscp to copy the code
plink to run it
plink "delete the remote script that I have just coopied"

Windows to Windows

For this you just need the so powerful Sysinternals psexec tool. Maybe you have used this tool to do a sort of advanced "run as" providing the password as parameter, so you can automate stuff not being prompted for typing the password (of course this use of psexec poses risks). The thing is that you can also use it to run a remote application (or to open a remote command line! sort of getting a telnet without having a telnet server installed!). The amazing thing is that you don't need to install anything on the remote machine, but you need to be an admin there, and have the Windows sharing ports opened, so that psexec can do its magic).

What happens when you type: psexec \\target -u adminuser -p passw some_executable is pretty well explained here:

The PSExec utility requires a few things on the remote system: the Server Message Block (SMB) service must be available and reachable (e.g. not blocked by firewall); File and Print Sharing must be enabled; and Simple File Sharing must be disabled.

The Admin$ share must be available and accessible. It is a hidden SMB share that maps to the Windows directory is intended for software deployments. The credentials supplied to the PSExec utility must have permissions to access the Admin$ share.

PSExec has a Windows Service image inside of its executable. It takes this service and deploys it to the Admin$ share on the remote machine. It then uses the DCE/RPC interface over SMB to access the Windows Service Control Manager API. It turns on the PSExec service on the remote machine. The PSExec service then creates a named pipe that can be used to send commands to the system.

and here

psexec connects to \\target and authenticates as adminuser.
If this does not work, psexec will show an error message and exit.
Next psexec copies psexesvc.exe to \\target\Admin$ and launches it as a temporary service.
If this does not work, psexec will show an error message and exit.
psexesvc on \\target launches some_executable.
psexec and psexesvc use pipes to handle keyboard input and screen output.
Once some_executable finishes, psexesvc will terminate, too, and remove itself from the services list.
psexec will exit.

This is rather impressive, at first it sounds a bit like magic, but well, it's not that they are using any hacking techniques, they just use standard windows features, but features that are not so well known to many. In principle, one can think that to install a Windows Service on a remote machine and start it you would have to open a telnet/ssh/RD session, but as you see it's not like that, you can connect remotely to the Service Control Manager, not only to start/stop services, but also to install them, i.e:
sc \\remotecomputer create newservice binpath= C:\Windows\System32\Newserv.exe start= auto obj= DOMAIN\username password= pwd
I guess things like this explain why it's not so common to have a telnet or ssh server installed on a Windows machine. For certain common tasks you can get by without it, and for others you already need a GUI and hence Remote Desktop.

This other site mentions something very interesting:

When you specify a username the remote process will execute in that account, and will have access to that account's network resources.

If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system.

This is all related to the double-hop issue. If you pass your current credentials (meaning that you are using the authentication that you have already done on your local machine), the remote machine can not pass those credentials to a third machine. If you pass the user and password, the remote machine will use them to obtain the credentials, and then it will be able to pass those credentials to a third machine.

Notice that you can use this option:
-c Copy the program (command)to the remote system for execution.

so in one go you can install the remote service (psexecsvc), copy a local application there and tell the service to start this freshly copied application. I guess when the application is finished it will get removed (as the psexecsvc service)

Thursday, 8 December 2016

Portraits d'Artistes

Last september during one Saturday away in Bordeaux ("la belle endormie", gorgeous, charming French city) I chanced upon a pretty nice Library/Cafe La Zone du Dehors. It's a rather bobo (I use this calificative with a positive connotation, I don't mix it up with "hipster" stupidity) place located close to St Michel, a very interesting area (typical old neighbourhood that got populated by maghrebian immigration and now also hosts "alternative types" and some very nice cafes, like "La mere Saint Michel", that boasts one of the most stylist toilets I've ever seen!). One could maybe compare it to Arnaud Bernard in Toulouse, but A.B is rather less pleasant (way much more racaille scum...)

They had a pretty good selection of Art books, and among them this one particularly caught my eye (and my credit card...) This second edition of "Street Art, Portraits d'Artistes" is a real must for anyone interested in Street Art. An excellent guide to 50 of the best street artists in the world, portraying some of their works and providing interesting bios.

There are long and interesting sections devoted to icons like Banksy and Shephar Fairy. Blek le Rat (probably the "father of everything") has also a long and very informative section. Obviously Os Gemeos, Blu and ROA could not be absent, and their pages add value to the book. Of course I was delighted by the pages for the French genious of C215 (I would say he's currently my favorite artist, amazing works and one of the best attitudes one could think of)

I also felt lucky to discover the Parisian artist JR and be remembered of the genious of Miss Van (she's originally from Toulouse, and comes back on occasion to gift us with some piece of her art, so well, she has a status in town).

Another amazing French artist that I've discovered through this book is Hopare, really beautiful creations.

And for sure the "Norwegian Banksy", Dolk, has a more than well deserved section.

The only flaw that I find in this book is that the Berlin scene is rather unrepresented. There are only 2 Berliners in the book (one of them, Evol, is pretty amazing with his "plattenbau homeage" works). It's odd not to find entries for Bocho, Alias, Alice or Lake to name just a few. Anyway, these 200 pages are an excellent piece of beauty.