Wikipedia:Reference desk/Archives/Computing/2015 February 17

Computing desk
< February 16	<< Jan | February | Mar >>	February 18 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

February 17

Need to pick someone's brain

So the last few days my computer has been acting strangely. First was a sudden freeze up of a StarCraft II mission, then is was it a generally slow to load and execute programs issue, so I ran everything I had looking for an issue - that means most recently updated versions of Malwarebytes, AVG antivirus on a dynamic setting that scans literally every file on the machine, spybot search and destroy, and CC cleaner to locate and securely delete every file from the net I've seen in the last month. Following this, I got nothing - no malicious spyware, malware or virus reports, so I went to reboot the machine and it would not start quite right. I ended up getting a message about not being able to load something else rather from port 2? or something like this. Google says it is a hard drive problem, which fits since my hard drive has been making scrapping like sounds and stop and go sounds on boot up for the last few months, and more recently I have been getting virtual memory too low messages. After rerunning all my protection programs and running defraggler I got an error message about a corrupt spybot file, but once again no reports of malware/spyware/viruses.

Now my question is, having gotten my computer back up and running, is this a malware/spyware/virus/hacking problem, or is it just that this 7+ year old computer of mine that is still running windows xp (sp3) is suffering from hard drive issues and those issues are becoming more pronounced? I really need to know which of the two issues someone thinks it is so I can decide how concerned about this I should be, because right now I don't know and the amount of concern I have is rising like the Apollo 8 space mission. TomStar81 (Talk) 04:41, 17 February 2015 (UTC)

I see nothing to suggest this is a malware problem, given that you've found nothing in scans and your original symptoms aren't typically caused by malware anyway. It probably is a failing hard drive. Don't use Defraggler, since it will only accelerate the hard drive failure if that is the problem. You could look at the drive's S.M.A.R.T. values with a utility like Speccy (which is made by the same company as Defraggler and CCleaner). -- BenRG (talk) 06:55, 17 February 2015 (UTC)

Thank you so much! As weird as this sounds, I've overjoyed to hear that its a hard drive failure on the computer, and not a hack or anything. Now if my baby would just hold out long enough for Microsoft to release Windows 9/10 I'd be even more grateful. :) Can I get Speccy off the filehippo.com site, or do I need to go elsewhere to find a copy? TomStar81 (Talk) 07:31, 17 February 2015 (UTC)

I'd advise getting it from the official site, but they link to FileHippo so I guess FileHippo is fine. -- BenRG (talk) 09:12, 17 February 2015 (UTC)

Ok, downloaded and the program says everything is running at or near expectations for a machine of my configuration. Next question: spybot's corrupt file alert is apparently for something named or titled "C:\$Mft". How series is that problem, and how can I fix/restore the file? TomStar81 (Talk) 20:48, 17 February 2015 (UTC)

See NTFS#Master File Table. It could be serious depending on what the corruption actually is, although NTFS is fairly robust with two copies of the MFT and journalling. Running scandisk and choosing the option to fix the partition, or chkdsk /f should fix the MFT problem. You'd need to run these from admin. (If you forget to fix it doesn't matter that much as you'd just be told problems were encountered but they couldn't be fixed.). BTW, I don't have much experience with speccy, but you may want to consider Speedfan's SMART tool which can submit the data online for comparison with other with the same HD (presuming there are enough submissions). It's also helpful if you had an older copy of the SMART data so you can see if anything has changed but I guess that's too late here. That said, SMART can be of limited effectiveness. As I think our article says, it's hardly uncommon a HD could have significant problems but still have acceptable SMART values. Your description above does sound like there's probably a problem. (I take it as a given you don't have anything on the HD you can't afford to lose, since this should always apply even if the HD isn't having known problems.) Nil Einne (talk) 14:36, 18 February 2015 (UTC)

Thanks for the reply. I ran the check disk utility, and it appears that the utility has fixed the problems with the drive for now. I appreciate the help. TomStar81 (Talk) 02:10, 19 February 2015 (UTC)

Fixing DNS Leak on OpenVPN Windows

On Windows, I have noticed that my DNS keeps leaking even when VPN is on. Anyone know how to fix DNS leaks on Windows? Thanks! TheCoffeeAddict talk|contribs 09:45, 17 February 2015 (UTC)

I've not come across a DNS "leaking". What do you mean by this?--Phil Holmes (talk) 10:23, 17 February 2015 (UTC)

When connected through a VPN, only the VPN should be seen by the outside world. If you run a test and your server shows, then you have a DNS leak which is a privacy issue. You can run a test at https://www.dnsleaktest.com/. More info. How to fix.--  Gadget850 ^talk 10:31, 17 February 2015 (UTC)

Thanks! BTW never used this site, I used another site. TheCoffeeAddict talk|contribs 10:33, 17 February 2015 (UTC)

PHP form issues

I am making a simple html form with php, I need to make the php accept a password that will work regardless of case sensitivity. Example: the password is abc123, I want the code to except the password regardless of case sensitivity. If someone types in the password like: ABC123, Abc123, ABc123, abC123... and so on. How can I do this? I dont want to have to right out every single combination of abc123 in the php code. Web security is not an issue with this password so the easiest solution will be just fine. I have been searching google and other web resources for hours and I cant figure it out. — Preceding unsigned comment added by 204.42.31.250 (talk) 11:07, 17 February 2015 (UTC)

Convert the user's try (and, in case your password has mixed case, it too) to lower case, and then compare those:

if (strtolower($pass) === strtolower($try)){
  echo "match\n";
}
else {
  echo "no match\n";
}

-- Finlay McWalterᚠTalk 11:26, 17 February 2015 (UTC)

Be aware, of course, that this approach implies that the server has access to the password in plaintext; and in particular, that this bit of code may imply an implementation that transmits the password over the network in plain text. Both details are generally considered a security weakness for general-purpose web applications. A secure key exchange, such as Diffie–Hellman key exchange, allows the user client software to authenticate without ever telling the server what the password is. This kind of secure algorithm makes case-insensitivity quite difficult, unless you implement the password transformation entirely in the client, prior to key exchange (following a standard, such as "always using lower case").

Also be sure you are using HTTPS - no matter what other schemes you use - or else the secure key is sent in a way that is easy for a malicious eavesdropper to intercept and re-use. Nimur (talk) 21:59, 17 February 2015 (UTC)

RS-422/RS-485 Adaptor redux

I was directed here from the Teahouse & hope it's the right place! I purchased an RS-422/RS-485 Adapter as instructed by DELL to connect my telephone to my computer through a USB Port for Faxing! Obviously the wrong information as it doesn't work & I needed a dialup modem instead! I am a 66 year old Disabled American Veteran & would like to know what the Adapter is supposed to be used for in simple terms & should I keep it? Wikipedia is the only online site where I thought I could find an easy answer without all the confusing technical jargon. Thanks to anyone who can answer this for me!70.233.136.225 (talk) 14:36, 17 February 2015 (UTC)

Does this mean you've gotten the modem working? Or have you given up on faxing? Because if you haven't gotten the modem working and you still want to fax, it'll probably be more helpful to you to reply to the above questions first. Nil Einne (talk) 14:41, 17 February 2015 (UTC)

The USB to RS232 adaptor will allow you to connect an existing external (fax-)modem to a modern PC. The adaptor will appear (normally) as COM10 (10th serial communications port). LongHairedFop (talk) 16:04, 17 February 2015 (UTC)

Um, what? There's no standard "adaptor = COM10" scenario. I use tons of USB-serial adaptors, and on some computers, it shows up as COM1. Others, COM8. Others, COM17. --Wirbelwind(ヴィルヴェルヴィント) 20:45, 17 February 2015 (UTC)

Simply put:

1. Nobody here has any clue why DELL would recommend that you buy the RS-422/RS-485 adaptor. It has nothing whatever to do with faxes, telephones or anything like that. There seems to be no conceivable way in which it would help you. As far as you're concerned, it's a paperweight. I would recommend sending it back and getting a refund if you can. If you feel particularly aggrieved (and I would be!) then send the stupid DELL service tech a particularly nasty email explaining in some detail that he's a complete idiot and that he cost you $30 in buying useless equipment. It probably won't help, but you may feel better afterwards!
2. Your existing modem may or may not be able to send and receive faxes (I'd give it a 60/40 chance)- and even if it can, if it's an antique then it may or may not work with the Windows-7 software (I'd give it a 50/50 chance) - and even if it does, it's not entirely obvious that anyone here would be able to tell you how to hook it up and trouble-shoot the results (I give that a 10% chance of success)....so the odds of getting it working are about one in 50. To be honest - I think you should forget that option.
3. As I pointed out before, for $12 you can buy this: http://www.ebay.com/bhp/usb-fax-modem-windows-7 - a USB fax modem, that's specifically designed for Windows 7. That is about as cheap as any solution you can imagine. No Windows-7-era computer should lack a spare USB port. The gizmo should come with instructions for getting it working...and the odds are pretty good that you'll plug it in and it'll "Just Work" by the magic of plug-and-prayplay. It is by far the simplest way to achieve your goal. You can probably get one from OfficeMax for maybe twice that price if you're in a hurry...still probably half as much as you paid for the RS-244/RS-485 adaptor!

Conclusion: Buy the gizmo from eBay and your problems are over. Try to do anything else and you're in a world of hurt. I've been a professional software engineer for over 40 years - and I can tell you that I would absolutely spend those $12 rather than struggling to get something else working. Do it! Do it now!!

SteveBaker (talk) 18:19, 17 February 2015 (UTC)

Spoilsport! --Stephan Schulz (talk) 18:31, 17 February 2015 (UTC)

But a modem that is about 15 years old or less should also be plug and play and would also likely supporting faxing. It sounds like the OP solved this in another way, but as I said above, no one is suggested the OP spend a lot of time on this, but getting their existing modem to work could easily take about the same amount of time it takes to buy the new modem from eBay. Your chances of success to be blunt don't seemed to be based on any actual knowledge or experience of modems or faxing on Windows. (I'd give about 99% chance of succcess a counter, presuming the modem is less than 15 years old. May be 80% chance of success if the modem is 20 years old, but that's only presuming the OP has a working serial port which I admit is not that likely.) Probably the biggest risk to the OP is not that it won't work because of compatibility issues, but that the modem will be somewhat dead after sitting around for so long. Nil Einne (talk) 04:59, 18 February 2015 (UTC)

Secret disk sectors for malware only?

I was reading http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html :

"Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware platforms, “Equationdrug” and “Grayfish.”

The report said Equation has knowledge of the drives that goes way beyond public documentation released by vendors.

Equation knows sets of unique ATA commands used by hard drive vendors to format their products. Most ATA commands are public, as they comprise a standard that ensures a hard drive is compatible with just about any kind of computer.

But there are undocumented ATA commands used by vendors for functions such as internal storage and error correction, Raiu said. “In essence, they are a closed operating system,” he said.

Obtaining such specific ATA codes would likely require access to that documentation, which could cost a lot of money, Raiu said."

Is this accurate? Is it really considered reputable for a hard drive manufacturer to put a way to secretly store a virus into its hard drive, sell the key to using it to malware makers, and deny the information about how to test for or remove it (short of destroying the hard drive) to the user? Are there other manufacturers that offer open source hard drives, or at least, put their customers and virus writers on an even footing? Wnt (talk) 14:53, 17 February 2015 (UTC)

Many components inside your computer are trusted systems. This means that all your software security models assume there are no holes in the security of said components. Naturally, if you cannot control the manufacturer of each system, this is a faulty assumption.

It is perfectly conceivable that a major manufacturer of a hard drive has "undocumented" functionality. It is perfectly reasonable to believe that these features constitute a security hole. I think it is a stretch to believe that the manufacturer placed these features for the purpose of aiding a malware-writer - but while this is improbable, it is not impossible; and it would be very difficult to prove motive from a technical standpoint.

This concept isn't new. Reflections on Trusting Trust (1984) discussed a security vulnerability in hardware microcode and presented a thought-experiment, plus pseudocode, that could transparently replace the login prompt with a maliciously-compromised version. The very same trick could be played using the file system, or the hard disk hardware/firmware/software; or, really, almost any other piece of hardware that you trust. Can you rely on SSL when your keyboard-firmware is the man-in-the-middle of the proverbial attack? Only if you type a pre-encrypted input!

So, to address your questions directly: I don't think we can assess the technical claims in the article Wnt linked unless we spend a lot of time conducting independent evaluation. It will be even harder to assess claims about motive. An open-source implementation might help catch honest mistakes, or exploitable code in naively-implemented "debug features,", but this process only if you can trust the vendor... and if the vendor had motive to emplace malware, why would you trust his provided source-code is accurate and complete?

Nimur (talk) 16:06, 17 February 2015 (UTC)

It's not very clear what secret storage the article is referring to. It was already well known well before this that you can set capacity of the disk with manufacturer tools you can easily obtain from them. I don't know if the commands to do this were explicitly made public, but they weren't secret. If you do that, most tools won't see the extra capacity or touch it in any way. Similarly, bad sectors are reassigned to the spare sectors available (until you run out). These bad sectors are generally not accessible, but I don't think it's particularly surprising if manufacturers have a way to check and access them (as they likely due it while refurbishing drives). It was also known that the password for password protected hard disks (which is a standard part of ATA [1]) is stored on the hard disk so that you can't just swap circuit boards to unlock such a password protected HD [2]. I'll be honest, I suspect most of these secret ATA codes aren't really that secret, e.g. they're probably known by professional HD data recovery services (the kind with clean rooms and that may charge $2000 or so for recovery). The primary reason they aren't more public is probably precisely because the hard drive manufacturer were targeting security by obscurity, as you can probably do a lot worse with them than hide malware. The fact that it's only coming to light now and in this fashion (rather than reports of hard drives rendered useless even if you don't care about the malware) suggests they were largely successful, whatever you think of that. Nil Einne (talk) 16:52, 17 February 2015 (UTC)

I'd presume that issuing the commands to create these hidden sectors and to read and write them would require making system calls or writing to hardware registers that user-space programs shouldn't be able to invoke without root/Admin access. Once a virus has that level of security clearance, there is really nothing you can do to stop it because it can rewrite the operating system itself, kill off virus-protection software, etc. No sane operating system will let normal user-code do this kind of low-level stuff. Once the malware has hidden all of that 'stuff' on the hard drive, it's still going to require an admin-privilaged custom-written program to extract it again...and that program can't be hidden. So I'm not convinced that this is a particularly serious vulnerability. SteveBaker (talk) 17:56, 17 February 2015 (UTC)

By this logic, Steve, you place the Operating System inside the zone of trusted software. That's a legitimate choice - but not one that everybody on the planet can agree with. For example, if you were building a nuclear missile launch control computer, it would not be satisfactory or sufficient to say that you trusted Microsoft to deliver a secure operating system. Nor would it be satisfactory to say that "those guys who made Linux" did the job satisfactorily, either. Nimur (talk) 19:00, 17 February 2015 (UTC)

---

Hard drives have firmware, and support firmware updates, just like many other peripherals. I think the updatable firmware is stored on the disk platter itself instead of the flash RAM of other peripherals, so it is stored in "hidden sectors", though that doesn't really matter. I suppose this is what the PC World article is talking about. Other articles like this one say that this malware targeted hard drive firmware. -- BenRG (talk) 22:28, 17 February 2015 (UTC)

The targetting firmware bit was actually mentioned by Wnt's article as well. It also mentioned the ATA command but it's unclear what it's referring to. (It did mention something abouve even flashing new firmware may not be enough, but I didn't look that carefully and I'm unclear how or why new firmware would still be affected by the malware regardless of whether it was present, except for bugs in the firmware or other software.) Nil Einne (talk) 04:48, 18 February 2015 (UTC)

The fact that K found this exploit suggest to me, that readily available Open Source forensic software should be able to find such secret sectors. The task (for the cracker) would be to inject a virus, which can go-on later and modify the firmware of the HHD. We all know how poor security can be in practice. Sooner or later, an admin with super user rights will be logged on and the virus can infect the firmware. From there, it can create a sector which does not appear to the average engineer -because he is not looking for it. --Aspro (talk) 22:33, 17 February 2015 (UTC)

How do I plug in speakers?

Resolved

The information I provided in previous reference desk questions was HP Pavilion KT369AA-ABA a6512p Intel Pentium Dual CPU E2200 @2.20 Ghz, 4 GB RAM, 64 bits. Windows is 89583-OEM-7332157-00061.

My original monitor had speakers but it was an added complication to plug them in and I didn't like how noisy the speakers on the same computer were in the store. The old monitor went bad and I got a simple one to replace it. But my cousin got me speakers and I don't remember where they were supposed to be plugged in. Whatever owner's manual or guide to setting up the computer I had 6 years ago has disappeared.— Vchimpanzee • talk • contributions • 19:19, 17 February 2015 (UTC)

Usually there's a thin green circular coaxial plug, which goes into a hole with a green ring around it on the back of the computer, labeled something like "Speakers", "Audio Out", "Line Out", "Headphone", or maybe just having a headphones icon. Do your speakers have some other type of plug, or perhaps two plugs (for L and R channels). If the speakers have two plugs, you will need an adapter to combine them into one. You can get those at many stores, for around $5. StuRat (talk) 21:00, 17 February 2015 (UTC)

There seems to be a single green plug (the same color as the smaller wings of a Titanacris albipes), but I don't see anything labelled to plug into.— Vchimpanzee • talk • contributions • 21:57, 17 February 2015 (UTC)

PC System Design Guide#Color-coding scheme for connectors and ports shows the color codes. --  Gadget850 ^talk 22:06, 17 February 2015 (UTC)

Could be lime green.— Vchimpanzee • talk • contributions • 22:14, 17 February 2015 (UTC)

Well, if nothing is labeled or colored that green, you could just try all the circular holes that size. The others might be audio in/microphone in. I don't see it causing any problem if you accidentally plug your speakers in there, just nothing will happen. So, keep trying until you find the right one. Also note that some PCs have a flip-open panel to get to some of the plugs, particularly if they put them in front, so look for that. StuRat (talk) 05:23, 18 February 2015 (UTC)

Since this is a resonably modern computer and after Intel High Definition Audio, it probably doesn't really matter that much which port your plug it in particularly on Windows. You should be able to easily assign the port to be whatever you want it to be. Your audio device software may even ask. In any case, I wouldn't worry too much about the precise shade of green as there should be no other green coloured 3.5mm TRS socket. Nil Einne (talk) 14:39, 18 February 2015 (UTC)

Well, there could be a different green for a component video cable. It's not exactly the same plug, but it's close enough that it could cause confusion. I suspect that's why they went with light green instead, for the audio cable. StuRat (talk) 18:11, 18 February 2015 (UTC)

I was on a library computer when I read all this. After getting back home I took my Titanacris albipes colored plug and found a set of places to plug it in with all the colors of the rainbow. One of them was Titanacris albipes, and when I turned my computer on, it startled me. I'm used to not hearing anything, so when Internet Explorer came up I made sure to turn the sound OFF. I'll only use it if I have a specific reason to.— Vchimpanzee • talk • contributions • 20:44, 19 February 2015 (UTC)

Glad we could help ! BTW, if the speakers have their own volume control, that's usually quicker to use and more reliable than the Windows volume control. StuRat (talk) 06:13, 20 February 2015 (UTC)

Resolved

How to get PHP to read POST data from an HTML form ?

Google Chrome won't display any POST (or GET) data I send to PHP from HTML forms. I also tried IE, and it didn't even seem to recognize the PHP file (it asked if I wanted to open it in a folder, instead of running it). Chrome at least runs the PHP file, but doesn't display the POST or GET data. To demonstrate the problem, here is a basic example I copied from a web page, to make sure I hadn't messed anything up:

welcome.htm:

<html>
<body>
<form action="welcome.php" method="post">
Name: <input type="text" name="name">

E-mail: <input type="text" name="email">

<input type="submit">
</form>
</body>
</html>

welcome.php:

<html>
<body>
Welcome <?php echo $_POST["name"]; ?>

Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>

The web site I copied from is here (and everything runs properly on their web server):

http://www.w3schools.com/php/php_forms.asp

So, is there a security setting I need to change, something I need to install, or what ? Thanks in advance !

StuRat (talk) 19:29, 17 February 2015 (UTC)

StuRat, PHP needs to run on a PHP server. None of the major web browsers will evaluate PHP scripts from a source-file. Perhaps you are confused because other languages - like JavaScript - are commonly implemented via client-side script environments and run (entirely) in the user's web-browser environment (with no external parts). PHP is not designed to work like that - especially if you intend to use HTTP-specific features like the POST variable.

What you are seeing is that some web browsers will try to display any file; they are treating these files as pure HTML; and they are ignoring tags that are not standard HTML tags (including the PHP script content). The PHP code is not running - it's being completely ignored. At least Internet Explorer had the good sense to inform you that the file you tried to open is not recognized as a valid document!

If you wish to use PHP, you need to install a PHP processor, which is typically embedded inside an HTTP (web) server.

Read the PHP installation and configuration chapter. There are no "shortcuts" - you really, really, really do need a server - even if it's running on your local machine. Nimur (talk) 19:40, 17 February 2015 (UTC)

Thanks. So could I use JavaScript to do what I want, instead (read and display POST data sent from an HTML form) ? StuRat (talk) 20:42, 17 February 2015 (UTC)

No, you could use JavaScript to run scripts in a browser. If you intend to use forms, and intend to POST that data, that inherently implies POSTing to an HTTP server.

There are alternative technologies that you can investigate; you can, for example, use Node.js - a JavaScript-compatible technology - to manage the end-point without running as an HTTP server. When you use that kind of approach, though, you need to write a host application that receives the posted data. Nimur (talk) 21:51, 17 February 2015 (UTC)

POST is an HTTP verb, and if you're using file: URLs then you're not using HTTP. I suppose in principle browsers could support this in some form, but I doubt any do since it seems pointless.

Empirically, in Windows Firefox, if you delete the method="post" attribute or change it to method="get", it will append a query string to the file: URL, and ignore it when actually loading the file, and you can then access it from Javascript through window.location.search. But if you're going to process the data with Javascript I think it would make more sense to put that Javascript on the same page as the original form and forget about the round trip to the "server".

By the way, W3Schools is not a great way to learn web design. I gather it's improved somewhat since the old days but there's really no reason to use it except that it's somehow always at the top of the Google results. -- BenRG (talk) 22:08, 17 February 2015 (UTC)

That's too bad, because I really liked the teaching method there. Give a simple example, then let the student play with it. This is the 2nd instance of them giving somewhat misleading info, though. They probably should have warned me that "This won't work on your PC unless you first install a PHP server". Maybe they did, and I just missed it. StuRat (talk) 22:56, 17 February 2015 (UTC)

As an aside, if you use Microsoft Windows, then Microsoft Internet Information Services Express is free. IIS Express is limited to four simultaneous requests, but is otherwise fully featured. For non-MS-Windows PCs, there are several to chose from. Most are free, and Apache2 is the default choice. Apache does run on MS-Windows. LongHairedFop (talk) 09:10, 18 February 2015 (UTC)

How can you convert html5 to Flash?

Programs like AdSense only allow you to embed ads into Flash, and not hmtl5. If you have an html5 game, how can you convert it into Flash? Is there a tool that would accept hmtl5 as input and output Flash? Or, do you have to re-build the game from scratch? Is there any possibility that you create a Flash wrapper with the html5 game embedded?--Fend 83 (talk) 21:29, 17 February 2015 (UTC)

It would be very, very difficult to automatically convert HTML5 (plus all the other stuff that goes into a typical game: JavaScript, CSS, canvas, SVG, whatever...) into efficient Flash. I doubt that it's possible. You wouldn't have to start completely from scratch though - your art, sound effects and the basic ideas behind the game wouldn't have to be re-developed, so it should be much easier the second time around. SteveBaker (talk) 04:46, 18 February 2015 (UTC)

Yep. The short answer is you can't. One solution to the actual problem is adding ads to the HTML. AFAIK that's allowed per AdSense policies as long as the ads are not too close to the game areas (due to concerns of misclicks). ☃ Unicodesnowman (talk) 10:19, 19 February 2015 (UTC)