Wednesday, January 1, 2020

the moral superiority.

the smugness.

the hypocrisy.

it's all of the things i hated about conservatives for years....

my opposition to elizabeth warren is primarily rooted in the reality that she's a market fundamentalist, which is the branch of conservativism that i've spent my whole life most opposed to. i will frame my arguments in those terms.

but, she really is incredibly annoying, and i hope a few more people take her to task and embarrass her on stage before this is done with.
maybe liz thinks those massively popular edm parties are full of republicans.

...or maybe the truth is that the republican is actually elizabeth warren.
who was spinning at the wine cave, anyways?

maybe somebody should tell liz that expensive bottle service is what young people nowadays call a party.

meanwhile, there are reports that warren is having trouble raising money.

i do not like either of them, and would not vote for either of them, but there's something satisfying about warren's hypocrisy coming back to bite her.

https://abcnews.go.com/Politics/pete-buttigieg-raised-247-million-q4-candidates-set/story?id=68000913
every year i say something about the weather, and you tell me i'm stupid and don't know what i'm talking about.

i may post some peer reviewed articles to back myself up from time to time, but that's no match for a badly produced report from msnbc or the guardian in the minds of you idiots.

then, every year, it turns out that i'm basically right - and that i usually beat the forecasts by a good amount.

it's the story of my life, actually. this is just one example...it won't be the last one....
so, i slept all day again.

i'm out of the shower and potentially ready to get started on something i'd rather be done by now, and i can see that something is already trying to update the system, despite doing everything i possibly can to completely disable the update process. it really demonstrates the point - you don't actually have admin control over your windows machine. you can disable it a dozen different ways on the running system, you can dismantle it in a group policy and you can even delete the service outright, along with all of the services you need to run the service itself, and even delete the local files on the machine, and it still tries to update - then locks you out when it can't. you just can't turn this off...

but, i have two promising signs.

the first is a log file that is telling me that my system has been tampered with, which is true - i tampered with it. the second is a database error file in the catroot directory that is telling me that it can't compile the update files (hooray!), and giving me a general "catastrophic error" message.

these errors are both good things - it means that whatever process is trying to update the system (which is clearly against my will. and, i am the owner of this computer. i make these choice, not the government and not microsoft.) is unable to do so.

the concern is that i'm going to get another lock screen, of course.

i was able to eliminate the lock screen at one point by deleting the rpcremote file, but it just killed my keyboard functionality. maybe there's a workaround to that.

for now, i'm going to try to avoid rebooting the machine for a while to avoid dealing with it and try to do two things tonight:

1) i need to do a show review lookahead for january. i don't expect much.
2) i need to start posting for december, 2013, which should be faster than before.
they're almost certainly trying to push down the update because the tracking software needs an update to dot net or something. why else would they be so persistent?

so, as frustrating as this is, it probably suggests that i'm winning.
if you think your mac or iphone doesn't have similar backdoors, you're being very naive.

the thing about linux is that the kernel is shared. that's what makes a linux distro a linux distro. so, it's harder to say, but it shouldn't be distribution specific.

if i can convince myself that i don't really have admin control over this, and that i'm dealing with some hard-headed cops that won't listen when i tell them that the updates break the machine by design, then i'm just going to have to get used to reinstalling over and over again.
so, i got distracted and still haven't started yet. i wanted to see if i could manage to actually delete all of these weird files from memory, and i did succeed by changing the acl on them to me and only me, but then i started noticing that the catroot was updating, that there were windows update logfiles, and i got my lock screen pretty quickly.

so, i formatted the drive again, did a clean reinstall and copied over it with my known good image. i hope the cops like pushing that boulder up the hill...

i've added a few more entries to the firewall and group policy, so hopefully it's that much harder to get through the defenses this time. all i can do is make progress....

but, i'm getting a better understanding of what's happening.

while i was sorting through the process, i noticed that the weird files are actually present immediately in a completely clean install, but they had slightly different names. so, i may have been approaching this a little bit wrong - rather than try to delete these files, i should have been trying to replace them. the files have been replaced with the ones from the clean install.

oddly, the files in the clean install do not have an owner and seem to run in stealth, attached to every process in the gui - explorer.exe, firefox, notepad, even the taskbar. it's anything that you can load in the gui. so, if i shut down explorer.exe, i can delete them, but they come back when i reload explorer.exe. so, fucking windows, right?

see, here's the problem, bill - i don't know what the fuck is going on. these files show up on a clean install, but they aren't copyrighted to microsoft. they seem to look and act like a trojan. so, is my disc infected, then? is the rootkit able to survive a five-pass format? or is this some kind of microsoft spyware, perhaps in collusion with law enforcement?

it's really one or the other; this is obviously spyware. so, i'm either infected with a trojan, or i'm reverse engineering windows spyware. and, it really seems like the latter....

the files are present in a lot of peoples' computers, and a lot of people seem to have questions, but nobody seems to know what they actually do. sometimes, viruses use them, but we can see why, and that doesn't mean the files are infected, a priori. they seem to have something to do with the right-click context menu, or at least are using that as a sneaky way to launch. so, they have something to do with the file system, which is as consistent with a shell handler as it is with a root kit! so, the internet isn't helping - they may be utilized by a virus, but that doesn't mean they are one.

in fact, virustotal consistently says they're clean. if that's true, then that would suggest that microsoft is essentially dropping trojans.

it doesn't seem like i can stop them from regenerating, or at least if i can i don't know how to. sfc is completely dismantled on this machine. as mentioned, i've got the firewall turned up a little higher, in an attempt to block them from communicating with the internet via normal system processes. i deleted some legacy protocols, as well - things like netbios that appeared to be listening. but, all i can do is wait to see if it's better or not.

what's happening, then, seems to be that the files are coming in through firefox as a windows update package and replacing the default windows spyware. i am strongly leaning towards this being law enforcement essentially commandeering some built in windows spyware. and, the os seems to get very upset when you try to turn it off.

let's hope the firewall holds and that's enough.

for now, i'm going to take that shower, and we'll see if i can stay up much longer. baby steps....i think i'm making progress...
while i never thought i'd make it to 2020, i don't have anything particularly insightful or worthwhile to say about it, either.

i just want to get some work done tonight.
so, i should be done this by now, but i haven't started yet.

i essentially slept all day. i was up briefly in the afternoon, and the machine rebooted again, so i had to take a closer look at what was happening and found some funny clsids that weren't there before. i can't figure out exactly what these things are, but they're not registered to any major company and they're coming up on boot-up.

virustotal says they're fine, which essentially confirms it's a law enforcement thing. files that are not registered to anybody at all and that load on boot without your permission are never harmless. if the antivirus companies won't flag them, it's because it's the state that's put them there, and they've been asked not to.

i've been able to get rid of some of them, and have been having a harder time with others. but, i'm going to stop to get to a first run, before i hit the shower with the sunrise.

this is a smaller document. i should get most of it done.