Category Archives: Misc

Internal Error 2755 caused by folder encryption

I was attempting to install some software recently (a few hours ago, actually) and I kept getting a message saying “The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755.” while installing the software. So I searched the internet for an answer and came up with all sorts of links:

Anyway, most seemed to suggest that the problem lay with incorrect permissions being set on the file system. So, I went through the file system and checked the permissions as per the Microsoft knowledge base article detailing the problem with the Office 2000 installation. Everything set correctly, I tried again. No luck.

I burned the MSI file to a CD and it worked (CDs don’t use NTFS and its permission system). So, it was something definitely to do with the permission sets.

I downloaded FileMon from the SysInternals website so have a look further at what it was doing. I discovered that it was getting an Access Denied on a file in the Temp directory. (The setup program dumped an MSI file in the temp directory during installation) The problem was, it appeared to be attempting to open the file as NT_AUTHORITYSYSTEM. That account has more rights than the Administrator account, it basically is an Access All Areas account… And it was being denied access!

After some further experimentation, including restoring a system checkpoint back a couple of days, it still wasn’t working. Then I noticed that the temp folder was green which indicates that the contents were encrypted. (I experimented with file encryption a few months ago and had since forgotten about it).

To cut a long story short, I removed the encryption flag on the Temp directory (and spent a couple of minutes waiting for it to decrypt everything) and tried the installer again. It worked!

I don’t know why the fact the folder was encrypted had anything to do with it, but it worked once decrypted. Weird….

NOTE: This entry was rescued from the Google Cache. The original date was Sunday, 15th October, 2006.

Tags:

Original comments:

Windows Installer works in two phases – an ‘immediate’ phase in which it generates a script for what to do, and a ‘deferred’ phase in which it actually does the installation. The immediate phase runs under the launching user’s credentials, but the deferred phase is run by the Windows Installer service, which runs as LocalSystem.

If the script is written into an encrypted folder, it will be encrypted using your encryption key. The service, running as LocalSystem, will not have this key, or the recovery key (which is owned by the administrator) and will be unable to read the script.

10/15/2006 12:16 PM | Mike Dimmick

12 Steps to Better Code

I just read this article by Joel spolsky on 12 steps to better code. I particularly like item 7: Do you have a spec? Don’t make me laugh – Do I have a spec? Ha, ha, haa!

Item 9 also contains a very amusing story:

At my last job, the system administrator kept sending me automated spam complaining that I was using more than … get this … 220 megabytes of hard drive space on the server. I pointed out that given the price of hard drives these days, the cost of this space was significantly less than the cost of the toilet paper I used. Spending even 10 minutes cleaning up my directory would be a fabulous waste of productivity.

NOTE: This was rescued from the Google Cache. The original date was Sunday 26th November 2006.

Tags:

Claiming my blog in technorati

Now that I’ve moved to this new blog I want to claim it with technorati. My previous blog was claimed relatively easily as I recall. However this time there is a new “Quick Claim” feature. I don’t want to use the “Quick Claim” feature because it requires that I tell technorati my blog’s user name and password and quite frankly I don’t care about their assurances in their privacy policy I’m not handing over that information.

If companies start asking for usernames and passwords to other services a person uses it will desensitise them to the practice and make social engineering easier for the fraudsters. There was a study done about a year ago that showed that many people will hand over passwords for a bar of chocolate. So, perhaps the damage is already done.

Curiously, when I go to make my claim it asks me to chose between different methods of making a claim. Sounds okay. But it only offers me one option. And that is “Quick Claim”.

Any which way you want to look at it. I ain’t handing over that information for what ever reason. Not even for a bar of chocolate.

Tags:

DDD4 and Grok Talk

Well, I’m back from DDD4 (Developer Day 4) in Reading. It was a fabulous day with some very intersting speakers. I particularly enjoyed Daniel Fisher’s presentation on Data Access Layers and Ben Lamb’s session on “How to write crap C# code”. Joanna Carter also gave a very interesting presentation on reflection performance – her solution was curious and I’ll have to follow it up although I would probably put it into the unorthodox category as I would never have thought of using lightweight code generation to generate some IL then execute it in order to compensate for some speed problems with creating an object through reflection.

I also did a 10 minute Grok Talk on the subject of Mock Objects. I’m in the process of putting this up on my website and it will be available at some point in the next few hours.

I’m also in the process of putting together some photos of the event. You can see them here. More photos will get added shortly.

NOTE: This post was rescued from the Google Cache. The original date was Monday, 4th December, 2006.

Additional note: The Grok Talk presentation on Mock Objects is available.

Tags:

Here's something you don't see every day

Here is something you don’t see every day: An error for a program running on a PC that was written in Fortran.

Visual Fortran RunTime Error

And here was me thinking that Fortran was limited to mainframes and engineering systems running on Unix varients.

NOTE: This post was rescued from the Google Cache. The original date was Friday, 22nd December, 2006.

Spam Scams

Today I received an email apparently purporting to be from the “The UK. Natioal Lottery” (I think they meant “National”). However, I didn’t pick up that it was a scam immediately from the subject and name (I didn’t spot the obvious spelling error immediately). Normally that sort of thing would have raised my suspicions immediately. However, not today. Today is the last EuroMillions lottery before Christmas. Normally I don’t normally enter the lottery at all. I pay a pound a week to the office syndicate and that is it. But I do enter the lottery at Christmas time for a bit of a laugh. I know the odds are stacked heavily against me which is why I only enter once per year.

Back to the scam. There are a number of things that you can look out for in a scam email. Bad spelling is just one of those things. But there are cultural markers too.

However, there are some things that make it seem genuine. The address is given as “The U.K. National Lottery, Online Lottery Promo Dept., Customer Service., PO Box 1010, Liverpool, L70 1NL United Kingdom.” and if you look on the internet you’ll see that this is, more or less, the real address.

The date of notification is one the date of a lottery draw. It talks about an online lotto draw. And Friday’s draw is indeed an internet draw.

It gave some results numbers, presumably to make it appear genuine.

Luckily there are pointers to show that it is a fake.

For a start the email arrived before the actual draw took place.

Next it talked about “online lotto draw” – but Friday’s draw is the “EuroMillions” draw.

It also said the draw was “conducted from an exclusive list of 50,000 e-mail addresses of individual and corporate bodies picked by an advanced automated random computer search from the internet.” Why would it pick email addresses from the internet? You have to pay to enter a lottery draw. You don’t just get entered randomly.

It goes on to tell you your prize – and if you read the National Lottery’s real guide they will tell you that they will never tell you that you’ve won in an email, let alone the actual prize amount.

When it talks about money it says “Great British Pounds” but it isn’t a term I’ve ever heard used. There is of course the standard abbreviation “GBP” that is used in text only financial systems but if you were to say the name of the currency in full in a formal document you’d give it the proper title. (“Pounds Sterling” – if you didn’t already know)

Then there is some fluff about the history of the prizes giving various fake names such as the “Big Game Mega Millions”. Curiously the amounts it gives as highest and lowest historical winnings are wildly out. Obviously the person putting together the scam didn’t do enough research.

They then tell you that “For security reasons, be advised to keep your winning information from public notice until your claims is processed and your prize money remitted to you as required in this grand category “B’ terms and conditions of claims. This is a part of our precautionar y measure to avoid double claiming and unwarranted abuse of this program by non winners.”. So more bad spelling, punctuation and even American spelling to show this one up. The more interesting thing here is that “for security reasons” don’t tell anyone about this until we’ve scammed you. Nice!

Then it goes on to tell you how to contact “Phil Smith” to process your claim. E-mail: ph_smith@post.com

For more information about how to spot fraudulent emails purporting to be from the UK National Lottery look at this guide to spotting a fake from the National Lottery website. They also tell you in the FAQ on the site what the actual procedure for making a claim is.

Bottom line is, if you didn’t enter a lottery, then you can’t win it. As the advert for the real National Lottery goes “You’ve got to be in it to win it!”

For your delight and reading pleasure here is the full text of the email:

The U.K. National Lottery
Online Lottery Promo Dept.
Customer Service.
PO Box 1010
Liverpool
L70 1NL United Kingdom.

Date of Notification: 22-12-2006

Ref N0: KPL/09-002/JA.

Attn: Winner.

We happily bring to your notice the results of the
U.K. National Lottery annual draw held on the 20th
December 2006 in London. The online lotto draws was
conducted from an exclusive list of 50,000 e-mail
addresses of individual and corporate bodies picked
by an advanced automated random computer search from
the internet.

Congratulations!

Your e-mail address attached to the Batch N0:P2/0056
with Serial number: 06/1055 drew 20th of December 06
[5] [11] [13] [17] [14] [48] [25], which subsequently
won you a prize in the category "B". You have
therefore been approved to claim a total sum of
?1,500,000.00 (One Million , Five Hundred Thousand
Great British Pounds) in cash credited to file Ref N0:
KPL/09-002/JA.

This prize is from a total cash prize of
?4,500,000.00 (Four Million, Five Hundred Thousand
Great British Pounds) shared amongst the first Three
(3) lucky winners in this grand category 'B'. This
year Lottery program Jackpot is the largest ever for
the UK National Lottery. The estimated ?35,000,000.00
(Thirty Five Million Great British Pounds) jackpot
would be the sixth-biggest in the U.K. history next
year (2007).

The Lowest was the ?4,000,000.00 (Four Million Great
British Pounds) jackpot that was shared between Four
(4) lucky winners in January 2005 draw of the Big
Game Mega Millions' predecessor.

For security reasons, be advised to keep your winning
information from public notice until your claims is
processed and your prize money remitted to you as
required in this grand category "B' terms and
conditions of claims. This is a part of our
precautionar y measure to avoid double claiming and
unwarranted abuse of this program by non winners.

Please note that, your lucky winning number: [5] [11]
[13] [17] [14] [48] [25] falls within our European
Booklet representative office in London as indicated
in our play Coupon. In view of this, your
?1,500,000.00 (One Million, Five Hundred Thousand
Great British Pounds) would be released to you by our
affiliate bank.

Our approved agent, Mr. Phil Smith will immediately
commence on the processing of your claims, to
facilitate the release of your Winnings to you as
soon as you make contact with him.

Please be advised as follows: To file for your claim,
kindly contact our certified and accredited claims
agent with the information below:

***********************************************
Name: Phil Smith
E-mail: ph_smith@post.com
Claims processing agent
For: The U.K National Lottery.
***********************************************
You are advised to provide him with the following
information:
Names:
Telephone/Fax number:
Nationality:
Age:
Occupation:

Note that, all claims processes and clearance
procedures must be duly completed early to avoid
impersonation and or double claiming.

To avoid unnecessary delays and complications, please
quote your Reference and Batch numbers in any
correspondences with our designated agent.

Congratulations once more from all members and staff
of the UK National Lottery Promo.

Yours Faithfully,

Mrs. Patricia Spencer.
Online Co-ordinator
UK National Lottery Promo

NOTE: This entry was rescued from the Google Cache. The original date was Saturday, 23rd December, 2006

Here are the original comments for this entry:

i just got that e-mail, i had mixed views on it i thought it was to good to be true but also thought that maybe it was the real thing, so i went searching anyway this information was easy to find now i know its a fake, any1 out there plzz don’t get involved in it.

12/27/2006 4:05 PM | sukhy

That guys thinks that everyone is a fool. I receive the same letter today. Thanks God we can search to find information like these.

We have to be carefully on these days of such frauds.

Queen fron El Salvador

3/20/2007 9:28 PM | Delcy

I got too.
what is this e.mail?
it,s a fake?
plz tell me more.
thanks a lot.

5/8/2007 1:25 PM | A

Additional: I was actually surprised that people commented thanking me for telling them it was a fake. I would have thought it was obvious. But I guess not, which is why many people still get taken in by this kind of thing.

Just remember the golden rule: If it sounds too good to be true it most probably is.

Tags:

Not the Way to Complain About a Bank

I recently read a blog post from a guy that was irritated with the customer service from his bank. And that is a fair thing to blog about. If you don’t think you are getting a good service from a company, blog about it, let the world know. Others with a similar experience will probably comment and share their experience. This publicity can often be the start of a very bright and uncomfortable light shining on the organisation in question which can lead to improved customer service.

However, if you are going to post such a thing, or comment on someone else’s blog post then please do not post copies of letters you sent to the bank containing all your financial details. That way madness (and identity fraud) lies.

If you think I’m making this up then go and read this: http://www.arjunprabhu.com/blog/archives/2005/04/27/icici-bank-a-bad-experience-for-many/

If that is their attitude to their own financial safety and security then I just hope none of these people are responsibly for any of my off-shored financial information.

NOTE: This post was rescued from the Google Cache. The original date was Wednesday, 27th December, 2007.

Trying to improve a Tarnished Reputation

A few days ago I blogged about the comments a person had received on their blog when they complained about a particular bank. I was shocked by the indiscriminate nature of the information these people were publishing about themselves and I posted a comment to express my incredulity at the situation.

The comment I left was this:

I was shocked when I read some of the replies to this post. You people are crazy! There are many posts here where people have posted chunks of their financial history complete with addresses, account numbers, dates and so on. Such a lax and cavilier attitude to your own personal financial information makes me very worried for any financial information my bank has offshored.

Various people commented after I added my comment and for 10 days no-one picked up the issue that I raised. Then eventually this comment was added:

Ref: 482. Colin | December 21st, 2006

Hi Colin,

I completely agree with your observation. If somebody doesn’t have sense to protect his/her own information, how do you expect them to protect others’?

Friends,

This a space where you post your opinion to make your issue public, but that doesn’t mean you will publish your vital information e.g. account number/card number/telephone mumber/fax number. This way you are inviting trouble from the identity thieves. Here we are breakling our head to secure information and you are giving it out willingly ???

If you ever have noticed posts from ICICI bank, they always ask you to write them with details to a certain email address. Have you ever pondered why they just don’t pick that up from your post and do the needful? So ICICI will not take your information from the post, then think who could get benifit from your personal financial information?

Friends, please make use of your common sense and be alert. I understad we all are fraustrated over ICICI bank but it not going to help you by publicizing your personal information. Please take care to safeguard yourself.

Colin is correct and if everybody starts thinking likewise, just imagine how many people in the offshoring industry will loose their job. Not only that, we will loose our reputation and all avenues for new business will be closed.

Friends, Please be alert.

At least someone has a sensible head on their shoulders. Now, just to try and get that message into the head of the 400+ other people that responded to that blog post. I hate to think of what is happening to my personal information that has been off-shored.

NOTE: This post was rescued from the Google Cache. The original date was Monday, 1st January, 2007.

PayPal Sucks (in my opinion)

I just got a friendly reminder from Flickr that my account is up for renewal. Okay, I’ll just do that now, while I remember. So it takes me to PayPal for payment. I’ve not used my PayPal account for about a couple of years so I couldn’t remember my log in details. No matter what I tried for the password recovery it wouldn’t give me the information. I tried just about every email address I’ve ever had and it just sits there and says that its sent an email to that account – no it hasn’t!

So then I try a different tactic and just pretend I don’t have a paypal account and just pay with my credit card. No can do! My credit card is tied to a paypal account I can’t access and it won’t let me pay until I log in.

So, unless Flikr accept any other form of payment then my account will expire in two weeks and I’ll be looking for somewhere else to post my photographs.

Looking at this from an optimistic point of view, I should be thankful that the security should deter any would-be phisherman. It’s so secure even the account owner can’t access it!

NOTE: This entry was rescued from the Google Cache. The original date was Tuesday, 6th February, 2007.

The Conditional attribute in .NET

One of the odd thoughts that shoot across my brain today was how does Debug.Assert() work? I mean there are not separate debug and release builds of the .NET Framework so how does it know what sort of build it is?

A quick look in reflector revealed that Debug.Assert is defined as:

[Conditional("DEBUG")]
public static void Assert(bool condition, string message)
{
    TraceInternal.Assert(condition, message);
}

Interesting… I don’t recall having ever come across the Conditional attribute before.

What this actually does is tell the compiler to only call the method when the supplied preprocessor symbol is defined. The method will still be compiled and will still exist in the assembly. So, in a debug build a program that looks like this:

static void Main(string[] args)
{
    Debug.Assert(true, "This condition must be true");
}

will still look like that, but when compiled in release mode, will look like this:

private static void Main(string[] args)
{
}

But what about more complex code. What happens if the method call includes calls to other methods. Like this:

static void Main(string[] args)
{
    Debug.Assert(GetTheCondition(), GetTheMessage());
}

So be careful – If the calls made as parameters into a method such as Assert modify the state of the object then that won’t happen in release mode. For example, if the whole program looks like this:

class Program
{
    static int someState = 0;
    static string someOtherState = "123";

    static void Main(string[] args)
    {
        Debug.Assert(GetTheCondition(), GetTheMessage());
        Console.WriteLine("SomeState = {0}", someState);
        Console.WriteLine("SomeOtherState = {0}", someOtherState);
        Console.ReadLine();
    }

    private static string GetTheMessage()
    {
        someOtherState += "abc";
        return someOtherState;
    }

    private static bool GetTheCondition()
    {
        someState++;
        return (someState!=0);
    }
}

Then the output from a release build will be different from a debug build.

This is the debug output:

SomeState = 1
SomeOtherState = 123abc

And this is the release output:

SomeState = 0
SomeOtherState = 123

Tags: