January 20, 2014 Leave a comment
I just published a paper entitled “Betrayed By Updates: How Negative Experiences Affect Future Security” (pdf) on the reasons people avoid software updates.
Bit of security, bit of privacy, and a bit of Kami
January 14, 2014
Excellent list of free ebooks on the R language and statistical analysis.
October 10, 2013 1 Comment
Goal: use WIX to schedule a task via the task scheduler. The task must run every 30 minutes after the computer starts, it must also run as the SYSTEM user.
<Product Id="*" Name="FooBar" Language="1033" Version="22.214.171.124" Manufacturer="Foo" UpgradeCode="GID"> <Package Id="*" InstallerVersion="200" Compressed="yes" InstallScope="perMachine" InstallPrivileges="elevated"/> ... </Product> <Fragment> <CustomAction Id="CreateScheduledTask" Return="check" Impersonate="no" Execute="deferred" Directory="TARGETDIR" ExeCommand=""[SystemFolder]SCHTASKS.EXE" /CREATE /SC MINUTE /MO 20 /TN "Foobar" /TR "[INSTALLFOLDER]\Foobar.exe" /RU "NT Authority\System" /RP /RL HIGHEST" /> </Fragment>
To schedule a task you need to create a custom action which calls the command line version of the Windows Task Scheduler (schtasks.exe). In the example above the task is being scheduled to run every 20 minutes starting from when the computer boots (/SC MINUTE /MO 20).
The tricky part is making the new scheduled task run as the SYSTEM user with the highest permissions possible (/RU "NT Authority\System" /RP /RL HIGHEST”). To do this the installer itself must run with elevated privileges AND the CustomAction must run with elevated privileges. To run the installer with elevated privileges I added InstallPrivileges=”elevated” to the Package element. To run the CustomAction with elevated privileges I added Impersonate=”no” and Execute=”deferred” to the CustomAction element. Aaron Stebner explains why deferring the action is necessary.
This solution works, but it is limited by the number of parameters schtasks will take in. So you can’t disable the AC Power requirement. Here is an explanation of how to do that.
Another issue is that a command prompt pops up briefly, there is a tutorial on solving that issue.
April 4, 2013 Leave a comment
Theoretical physicist Dirk Brockmann used the dollar bill tracking site Where’s George to see how money moves, and create new state boundaries based on our economies. The darker the blue lines, the less likely it is a dollar bill will have crossed it.
March 28, 2013 Leave a comment
I teach a class on Processing, which is a simplified version of Java designed to enable people to easy create graphics. My class focuses on data visualization. Below is my list of publicly available data sets which I encourage my students to use in their visualizations.
IMDB is a website that maintains a list of movies, actors, actresses, and information about them. They offer a set of downloadable information sets. The sets can be a bit challenging to parse though, so there also exists some Perl parsing scripts.
StackOverflow has a list of publicly available data sets.
March 25, 2013 Leave a comment
After re-installing Windows 7 on my Sony laptop I wanted to make my hotkeys (like volume) work again so I installed the Hotkeys utility by Sony. A few weeks later I got suspicious when several programs I opened had “Administrator:” in the title when I hadn’t approved any UAC. I checked my logs and the last program to ask for privilege elevation was the Hotkey utility.
I re-enabled UAC dialogs and re-booted the machine. I re-downloaded the utility from Sony, installed it, and was asked to approve a UAC dialog (so UAC was definitely enabled). Sony software asked that I reboot the machine to “finish installation.” Immediately after the Sony dialog appeared a balloon in the bottom right appeared with the following text: “You must restart your computer to turn off User Account Control.” Sony’s software was the only thing running and I hadn’t opened any User Account Control settings since restarting the computer.
I let the software reboot the computer. After the reboot Sony software continued to install itself. I opened the User Account Control settings panel and verified that UAC was disabled.
Sony’s software finished installing itself, theoretically requiring UAC to do so, and asks to reboot a second time. I allowed it to reboot the machine and after the second reboot I pulled up the UAC settings again to verify that they were still disabled. As can be seen below the settings stayed with UAC disabled after two reboots.
Turning off UAC dialogs without user notification is a very dangerous thing to do. My computer spent several weeks in a state where any program that wanted to install could just do so without my approval. My programs were running with “Administrator” in the title because they were running with Administrator privileges (I manually verified this for PowerShell). No well behaved software should ever change security settings on a computer without notifying the user.
A couple of limitations to consider