XPost: alt.os.linux

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

Murray <noreply@hhhhh.com> writes:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

Ask the author?

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 2024-07-28 07:45, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

You are asking people on internet to run a unknown program which could
be a trojan?

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/28/2024 8:07 AM, Carlos E.R. wrote:

You are asking people on internet to run a unknown program which could
be a trojan?

That was my first thought. A file on Google Drive that someone
wants people to open and execute. Nothing about the post
makes sense...

Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/28/24 08:34 AM, Newyana2 wrote:

On 7/28/2024 8:07 AM, Carlos E.R. wrote:

You are asking people on internet to run a unknown program which could be a trojan?

  That was my first thought. A file on Google Drive that someone
wants people to open and execute. Nothing about the post
makes sense...

    Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)

How about the choo choo train that runs across the terminal screen.
--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-117-generic
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sun, 7/28/2024 1:45 AM, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.

Strawman checks. Plausible premise.

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen. System.Collections.Immutable.dll
System.Collections.dll
System.Console.dll
System.Diagnostics.StackTrace.dll
System.IO.Compression.dll
System.IO.MemoryMappedFiles.dll
System.Private.CoreLib.dll
System.Reflection.Metadata.dll
numbers.deps.json

and this detection in it:

Virtualization/Sandbox Evasion::System Checks [T1497.001]

System Checks T1497.001
reference anti-VM strings targeting Xen
reference anti-VM strings targeting VirtualBox
reference anti-VM strings targeting VMWare

( https://github.com/mandiant/capa-rules/blob/master/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml )

A table-of-numbers program would not need that kind of checking in it.

And it is sent to exactly two news groups. Am I using
a Windows Host and a Linux Guest, and a girl jumps out of a cake ?
Or is the package supposed to reject Linux Guest operation
and only run in a Linux Host and then some <unknown> thing happens
(my Windows dual boot is attacked) ?

What could it be ?

A Surprise Cake ??? A 12MB POC Surprise Cake ?

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

Paul <nospam@needed.invalid> writes:

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen. System.Collections.Immutable.dll
System.Collections.dll
System.Console.dll

That makes it a .Net program (and I think there’s an entire CLR runtime
in there). Not particularly common in the Linux world but not an attack signature in its own right.

System.Diagnostics.StackTrace.dll
System.IO.Compression.dll
System.IO.MemoryMappedFiles.dll
System.Private.CoreLib.dll
System.Reflection.Metadata.dll
numbers.deps.json

and this detection in it:

Virtualization/Sandbox Evasion::System Checks [T1497.001]

System Checks T1497.001
reference anti-VM strings targeting Xen
reference anti-VM strings targeting VirtualBox
reference anti-VM strings targeting VMWare

( https://github.com/mandiant/capa-rules/blob/master/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml )

A table-of-numbers program would not need that kind of checking in it.

A language runtime might well inspect details of the platform (to select optimizations, quirk workarounds, etc), but that’s nevertheless a lot
more suspicious.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sun, 28 Jul 2024 09:01:45 -0400, Paul <nospam@needed.invalid> wrote:
<snip>

What could it be ?

A Surprise Cake ??? A 12MB POC Surprise Cake ?

It is an ELF exectuable.
$ file numbers
numbers: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=6a2dbcf02501d226c1f4a63708dc055a48fc158b, stripped

Looking at "strings numbers", one of the error messages is
"Failed to initialize PAL layer", which based on what I can find in searches
is most likely due to a problem trying to flash the firmware on a pre uefi system.

Given that and the strings for error messages related to UEFI, combined with the With the vm blocking, it looks like a ploy to see if they can find any linux users dumb enough to install a root kit on their hardware.

I'm surprised they didn't bother encrypting the executable, not that it would help convince anyone to run the untrusted executable.

The user posting as Murry is either hoping for a few stupid readers dumb enough to run the program as root, or Murry is testing our response to AI generated malware.

The strings output does have some stuff that looks like AI generated filler.

My guess is Murry asked an AI to generate a linux root kit with a size specified.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/28/2024 8:41 AM, Big Al wrote:

     Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)

How about the choo choo train that runs across the terminal screen.

Made out of punctuation marks, I suppose? How did I miss
something like that? Sometimes I feel my life has been wasted
on boring trivia when I could have been really living.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sun, 7/28/2024 8:34 AM, Newyana2 wrote:

I've seen dumber Linux programs.
(The eyes that follow the mouse animation.

That never happens :-)

[Picture]

https://i.postimg.cc/s2sSnJS9/xeyes-are-watching.gif

Give that a couple more years, and you won't be able
to do that any more. Enjoy it while you can.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

Murray <noreply@hhhhh.com> wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

You are trying to install or run a Linux program on Windows (and not in
a VM running Linux using a VMM that runs on Windows)?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/28/2024 1:20 PM, Paul wrote:

On Sun, 7/28/2024 8:34 AM, Newyana2 wrote:

I've seen dumber Linux programs.
(The eyes that follow the mouse animation.

That never happens :-)

[Picture]

https://i.postimg.cc/s2sSnJS9/xeyes-are-watching.gif

Give that a couple more years, and you won't be able
to do that any more. Enjoy it while you can.

Yeah... well... It's not for me to judge how you get
your kicks. :)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

I didn't find any tables on my machine!

<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>

I just ran the program without entering any parameters. Are there any parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.

If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.


On 28/07/2024 06:45, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sun, 7/28/2024 3:33 PM, Newyana2 wrote:

On 7/28/2024 1:20 PM, Paul wrote:

On Sun, 7/28/2024 8:34 AM, Newyana2 wrote:

I've seen dumber Linux programs.
(The eyes that follow the mouse animation.

That never happens :-)

    [Picture]

     https://i.postimg.cc/s2sSnJS9/xeyes-are-watching.gif

Give that a couple more years, and you won't be able
to do that any more.   Enjoy it while you can.

  Yeah... well... It's not for me to judge how you get
your kicks. :)

That's like GLXGears. It's a test case.

Once X11 is kicked to the curb, there will be
no more little Eyes to follow you around.
Wayland is unlikely to have much silly-string demos.

GLXGears is popular with people, because it is
available more often, and it works. There are
other purpose-built benches that bail (refuse to
run after sniffing the graphics revision), and don't
work.

GLXGears examples:

WSLg 800 FPS (obviously an unaccelerated graphics stack) <=== where picture taken
Wayland 12000 FPS (assumes a good graphics card)
X11 20000 FPS (assumes same good graphics card and driver)

GLXGears is likely "saturated/non-linear" above 20000,
so it is dangerous to assume linearity above 20000, or
that there could even be a card at 40000. I've never
seen a table, a bake-off of expensive cards.

ATI made a 3D demo for their Linux driver, and that
one is a rotating cube like DxDiag, except with a
little more complex motion. You remember the DxDiag
test cases, right ? The simple tests, are the
ones that tend to run.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 2024-07-28 15:01, Paul wrote:

On Sun, 7/28/2024 1:45 AM, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.

Strawman checks. Plausible premise.

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen.

You can write Linux native programs that use the wine libraries. This
allows you to program thinking of Windows, but actually writing Linux
native code.

It is not the same as running a program.exe in wine. That's a windows
native program running under an emulator in Linux.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Mon, 7/29/2024 10:10 PM, Carlos E.R. wrote:

On 2024-07-28 15:01, Paul wrote:

On Sun, 7/28/2024 1:45 AM, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.

Strawman checks. Plausible premise.

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll  <=== Yes, in a Linux program. Seems "plausible". Could happen.

You can write Linux native programs that use the wine libraries. This allows you to program thinking of Windows, but actually writing Linux native code.

It is not the same as running a program.exe in wine. That's a windows native program running under an emulator in Linux.

How would this look in the output of "ldd" ?
Are the WINE libraries statically linked, or dynamically linked ?

The dynamic libraries for the ELF (as listed by ldd) are
pretty spartan. Consistent with a simple program that prints
out numbers. But there is way way too much junk-in-the-trunk.

ldd ./numbers

libpthread.so.0 <==== I just copied the list from Virustotal for now libdl.so.2
libz.so.1
libm.so.6
librt.so.1
libgcc_s.so.1
libstdc++.so.6
libc.so.6
ld-linux-x86-64.so.2

Name: numbers
Size: 13,425,417 bytes (12 MiB)
SHA256: 1D8295C889E87AB90356239C06DE59F6A4B3F0961E386408866904A52E2662FA

https://www.virustotal.com/gui/file/1d8295c889e87ab90356239c06de59f6a4b3f0961e386408866904a52e2662fa/details

For some reason, these can be seen, even though the program is stripped.

<Main>$ <<Main>$>g__print_odd|0_0 <<Main>$>g__print_even|0_1

This is a double byte string, with every second byte removed.

#Hello Newsgroups!#The time now is: G#The numbers are: -The even Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short exercise . . . **/##### Bye for now #####

Do you know whether WINE can run Metro.Apps ? Or Universal Windows Programs ? Even Windows can't always run the latter ones :-)

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 2024-07-30 06:21, Paul wrote:

On Mon, 7/29/2024 10:10 PM, Carlos E.R. wrote:

On 2024-07-28 15:01, Paul wrote:

On Sun, 7/28/2024 1:45 AM, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>

All  get is a bunch of numbers without anything else such as sum,
product etc etc.

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.

Strawman checks. Plausible premise.

It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.

numbers.runtime
config.json
numbers.dll  <=== Yes, in a Linux program. Seems "plausible". Could happen.

You can write Linux native programs that use the wine libraries. This allows you to program thinking of Windows, but actually writing Linux native code.

It is not the same as running a program.exe in wine. That's a windows native program running under an emulator in Linux.

How would this look in the output of "ldd" ?

I don't know if I have a program doing this currently, to have a look.

Are the WINE libraries statically linked, or dynamically linked ?

Can be both, I think. Same as any other Linux binary.

The dynamic libraries for the ELF (as listed by ldd) are
pretty spartan. Consistent with a simple program that prints
out numbers. But there is way way too much junk-in-the-trunk.

ldd ./numbers

libpthread.so.0 <==== I just copied the list from Virustotal for now libdl.so.2
libz.so.1
libm.so.6
librt.so.1
libgcc_s.so.1
libstdc++.so.6
libc.so.6
ld-linux-x86-64.so.2

Name: numbers
Size: 13,425,417 bytes (12 MiB)
SHA256: 1D8295C889E87AB90356239C06DE59F6A4B3F0961E386408866904A52E2662FA

https://www.virustotal.com/gui/file/1d8295c889e87ab90356239c06de59f6a4b3f0961e386408866904a52e2662fa/details

For some reason, these can be seen, even though the program is stripped.

<Main>$ <<Main>$>g__print_odd|0_0 <<Main>$>g__print_even|0_1

This is a double byte string, with every second byte removed.

#Hello Newsgroups!#The time now is: G#The numbers are: -The even Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short exercise . . . **/##### Bye for now #####

Do you know whether WINE can run Metro.Apps ? Or Universal Windows Programs ? Even Windows can't always run the latter ones :-)

I don't know.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/30/2024 12:21 AM, Paul wrote:

#Hello Newsgroups!#The time now is: G#The numbers are: -The even Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short exercise . . . **/##### Bye for now #####

This is a shame. I could have used some extra numbers.

Do you know whether WINE can run Metro.Apps ? Or Universal Windows Programs ? Even Windows can't always run the latter ones :-)

I worked with the WINE people very briefly, looking into adapting
Windows VB6 software to WINE. The redirect Windows calls (Shim?
Some kind of shepherding? I don't understand that part.) Over the
years the WINOs have adapted specific Win32 API calls to coorelate
WINE libraries. Unfortunately, it's not a 1-to-1 correlation. One user32 function might be in one library while the next one is in another
library. And of course, no docs to speak of. Real coders don't speak
English.

I didn't last long with the WINE people because they had no interest
in sharing information about how I could code to accommodate WINE.
They only wanted me to test my software and report bugs. Then I was
to be in charge of that bug until it was resolved by WINO lackeys --
temporary college student coders. (I had no idea that geeks were so
often paramilitary in their social structures.)

An example: I had used a quick hack in the ChooseColor function.
I'd never had any use for the color pallette that could be saved at
the bottom left of the colorpicker window. The lpCustomColors member
of the CHOOSECOLOR structure is supposed to take an array of long
integers to represent 24-bit colors for the grid. For whatever reason,
VBers were using an array of string pointers, which worked fine on
Windows if the custom colors were never used. In WINE those
details got lost in translation and the string array cause a crash.
The WINOs were adamant that I shouldn't code such things better.
They didn't want me to strain my little brain. They actually didn't want
me to unsderstand.They just wanted me to keep track of bugs until
a coder fixed them on the Linux side.

I don't claim to be able to program anywhetre near the level of
low-level detail that those people can, but they could have cooperated.

WINE is mostly geared toward running Photoshop and video games.
The WINOs wanted Microsoft games. Which is an important point. It
was never about bringing Windows software to Linux. The primary
motivation was to bring video games and maybe MSOffice to Linux geeks.

They'll take up the
challenge of whatever interests them. Then they have a chart showing
not how well the WinAPI is supported but rather the quality of support
for specific software. Put Cortana in a tight, transistor-festooned
bodysuit and hose her down, then put her in a Metro app,
and you can bet you'll get more WINE Metro support. Or at least
more WINE Cortana-all-wet-in-a-bodysuit support.

When I tried WINE maybe 15 years ago it was very spotty. For
example, Irfan View worked OK but had gaps in the GUI. Just
missing window areas. Odd glitches. Years later it seemed more polished,
though I tried my own software and WINE couldn't see subclassed windows
at all. I have an editor with a system richedit window and the richedit
just doesn't show up. On Windows there's also notable difference
between versions of richedit, with various little things. So you can
imagine how WINE would do it. They'd give you a Linux equivalent
and map some or most of the richedit messages to the Linux window,
with a shoehorn if necessary.

So the Windows version needs to be thoroughly orthodox, the
specific APIs used must be supported, and a Linux equivalent must
be adequate as a substitute for the Windows function. Thus, WINE might
support all sorts of things, such as .Net and Metro, but will likely
never support any of them fully.

I imagine you probably know all this, but it's an interesting topic
and probably most people haven't looked into how WINE works.
I ended up deciding that any idea of moving to Linux without leaving
behind favorite software was not realistic and never would be realistic. (Lately I've had enough trouble just adapting richedit50 to what I
expect from richedit20. So how could I expect WINE to match the
expected behavior in the Linux equivalent?)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 30/07/2024 in message <v8an4k$11id8$1@dont-email.me> Newyana2 wrote:

I have an editor with a system richedit window and the richedit
just doesn't show up. On Windows there's also notable difference
between versions of richedit, with various little things. So you can
imagine how WINE would do it. They'd give you a Linux equivalent
and map some or most of the richedit messages to the Linux window,
with a shoehorn if necessary.

Although I have one Linux box I tend to live in Windows, specifically in
Visual Studio and C#. I have my own RTF editor and asked in a Windows
forum if anybody could tell me what key functions were standard in a RichTextBox and the only answer I got was "it differs between versions".

Did you ever find any definitive documentation for the differences between versions?

--
Jeff Gaines Dorset UK
Thanks for teaching me the meaning of plethora, it means a lot.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/30/2024 9:27 AM, Jeff Gaines wrote:

Although I have one Linux box I tend to live in Windows, specifically in Visual Studio and C#. I have my own RTF editor and asked in a Windows
forum if anybody could tell me what key functions were standard in a RichTextBox and the only answer I got was "it differs between versions".

Did you ever find any definitive documentation for the differences
between versions?

That's a tough one. And the versions are all over the place.
At one time there were 3 completely different richedits, all with
the same version, that could be distinguished only by file size!

I have docs somewhere that I've downloaded that detail updates,
such as find backward being added in RE 2, if I remember right.
VB6 RichTextBox is actually based on RE1, but I'm using msftedit.dll,
which is richedit50w. Then there are separate versions involved with
MSO. It's very nutty. I've also read that some people think RE2
is faster/better than RE5. I haven't found that to be true. In tests
of RE2 and RE5 on the same computer, I've found that RE5 is generally
about twice as fast, but that the two were comparable in some cases.
As near as I can tell, RE2 is slower processing complex richtext encoding,
but as it gets simpler the two show less difference.

Last week I was dealing with an odd problem that's typical. I have
a Find function that selects the found word. In RE2 the word
stays selected with focus on my Find window. With RE5 the selection disappeared. Not goo. But I finally found a simple solution: I use the EM_HIDESELECTION message just after selecting the found word. But
looking up the MS docs it said hiding the selection was the default action. They don't mention that it's only a recent change.

Another glitch in RE5: When pasting text, the caret gets moved willy
nilly after all operations are ceased. That doesn't happen in RE2. The
solution I found was to track EN_SELCHANGE and put the caret back
after the RE is done screwing around.

So I might be able to offer help on specific things but I don't have
any exhaustive list of issues. I also don't use .Net, so I don't know which
RE you're using. I'm creating it directly from msftedit.dll
and subclassing it. Interestingly, it produces RTF files that say
richedit20 in the header. But spy++ recognizes it as richedit50w. (There's
no A version in richedit50, as I understand it, so I've had to rework
string functions.)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 30/07/2024 in message <v8b52c$1439r$1@dont-email.me> Newyana2 wrote:

That's a tough one. And the versions are all over the place.
At one time there were 3 completely different richedits, all with
the same version, that could be distinguished only by file size!

[snipped but copied to my help file!]

Many thanks, that's more than I've ever found anywhere else :-)

NET is only a wrapper round the API and some of the controls are garbage -
the ListView being worst because it paints itself every time anybody looks
at it so flickers like mad.

--
Jeff Gaines Dorset UK
Indecision is the key to flexibility

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 7/30/2024 2:41 PM, Jeff Gaines wrote:

Many thanks, that's more than I've ever found anywhere else :-)

NET is only a wrapper round the API and some of the controls are garbage
- the ListView being worst because it paints itself every time anybody
looks at it so flickers like mad.

I'm glad if it helps. A few more tidbits that might save you some hair
and time:

Here's the link for the docs. They're old, but they go up to RE 4.1. riched20.dll on Win10 is RE v. 3.1. Riched32 is RE v. 1. Msftedit.dll
is v. 5 but on older systems it's v. 4.1. Then the specialized
versions with MSO or other software go up to 7 or 9 or some such.

https://learn.microsoft.com/en-us/windows/win32/controls/about-rich-edit-controls

riched20 can do backward search. The FR_* FINDTEXT
constants used for options with EM_FINDTEXT just drop 1
for backward search So forward FR_WHOLEWORD, for example,
should be 3, then drop it to 2 for backward search. If I remember
correctly, 2 was originally forward search. So it's a bit tricky.

RichEdit from at least 4.1 can handle UTF-8. The way I do it is to
use a short function to look for UTF-8 bytes in a file. If they're
found then I load it as UTF-8. But if I remember correctly, that was undocumented or the docs were wrong.
Here's what I have for handling it:

Public Sub LoadFile(ByVal sFile As String, AsRTF As Boolean, AsUTF8 As
Boolean)
Dim hFile As Long
Dim TS As EDITSTREAM
Dim LRet As Long, LType As Long
On Error Resume Next


hFile = CreateFile(sFile, GENERIC_READ, 0, ByVal 0, OPEN_EXISTING, 0, 0)
If (hFile <> 0) Then
If (AsRTF = True) Then
LType = SF_RTF
Else
LType = SF_TEXT
End If
If AsUTF8 = True Then LType = LType Or SF_USECODEPAGE Or
CP_UTF8_HIGH
TS.dwCookie = hFile
TS.pfnCallback = AddressOfPointer(AddressOf StreamInCallBack)
TS.dwError = 0
' The text will be streamed in though the LoadCallback function:
LRet = SendMessageLongW(hRTB, EM_STREAMIN, ByVal LType, VarPtr(TS))
CloseHandle hFile
End If

End Sub

Public Sub SaveFile(ByVal sFile As String, AsRTF As Boolean, AsUTF8 As
Boolean)
Dim TS As EDITSTREAM
Dim OF1 As OFSTRUCT
Dim hFile As Long
Dim LRet As Long, LType As Long
On Error Resume Next
hFile = CreateFile(sFile, GENERIC_WRITE, 0, ByVal 0, CREATE_ALWAYS, 0, 0)
If (hFile <> 0) Then
If (AsRTF = True) Then
LType = SF_RTF
Else
LType = SF_TEXT
End If
If AsUTF8 = True Then LType = LType Or SF_USECODEPAGE Or
CP_UTF8_HIGH
TS.dwCookie = hFile
TS.pfnCallback = AddressOfPointer(AddressOf StreamOutCallBack)
TS.dwError = 0
LRet = SendMessageLongW(hRTB, EM_STREAMOUT, ByVal LType, VarPtr(TS))
CloseHandle hFile
End If
End Sub

I don't know whether this will make sense as VB6. It's using the inherent RE functions to open and save. They're incredibly fast but must be used
with a callback. Note the line "If AsUTF8..." I'm testing the text first
with a
small function to look for utf-8 markers.

Then I track whether that file is UTF-8. If it is then I use the
UTF-8 flag
with open and save. It works flawlessly, but some operations can be
tricky. For example, when I do a cut or paste I track the end for the
caret position:

new selstart should be selstart + length paste. A cut or paste of richtext
may be, say, 60 characters, while the plain text is, say, 46. The RE tracks visible characters. So to check how much you've pasted you need to know
the plain text string length, not the richtext string length.

Private Const SF_TEXT = &H1
Private Const SF_RTF As Long = &H2
Public Const SF_USECODEPAGE = &H20&
Public Const CP_UTF8_HIGH = &HFDE90000

Finally, the selchange event, in case you don't have that. This is
sent to the parent window as a WM_NOTIFY message. So it
needs to be in a subclass of the parent window. You have to
check the first part to see if it's an EN_SELCHANGE message.
If so then you read the whole SELCHANGE structure. This is
returning sel-st, sel-end and sel-type.

Case WM_NOTIFY '-- get selection change event.
CopyMemory NM, ByVal lParam, Len(NM)
If (NM.code = EN_SELCHANGE) Then
CopyMemory SC, ByVal lParam, Len(SC)
RaiseEvent OnSelChange(SC.chrg.cpMin, SC.chrg.cpMax,
SC.seltyp)
End If

Then in the OnSelChange event for the RE window I've
been tracking what the selstart SHOULD be after a paste.
So if that value is not 0 then I set the selstart to that value
and then set it to 0. That way I'm only acting after the
caret changing bug has aleady happened. I couldn't make it work
any other way. Whatever causes the glitch is happening after
I've already done a paste and set selstart. Then the RE changes
the selstart by a cause I haven't figured out. But that, then,
triggers an OnSelChange event that's happening after I'm done
pasting and have set the tracking value.

Somewhat confusing, probably, but it should make sense if
you read it through.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 30/07/2024 in message <v8blsu$16ubt$1@dont-email.me> Newyana2 wrote:

On 7/30/2024 2:41 PM, Jeff Gaines wrote:

Many thanks, that's more than I've ever found anywhere else :-)

NET is only a wrapper round the API and some of the controls are garbage
- the ListView being worst because it paints itself every time anybody >>looks at it so flickers like mad.

I'm glad if it helps. A few more tidbits that might save you some hair and >time:

[shipped]

Somewhat confusing, probably, but it should make sense if
you read it through.

Many thanks again :-)

I will use it as the basis for a test app and see how I get on!

--
Jeff Gaines Dorset UK
Tell me what you need, and I'll tell you how to get along without it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 2024-07-28, Newyana2 <newyana@invalid.nospam> wrote:

On 7/28/2024 8:41 AM, Big Al wrote:

     Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)

How about the choo choo train that runs across the terminal screen.

Made out of punctuation marks, I suppose? How did I miss
something like that? Sometimes I feel my life has been wasted
on boring trivia when I could have been really living.

The package "steam-locomotion" exists to prank you when you type "sl"
instead of "ls".

--
Jasen.
🇺🇦 Слава Україні

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sun, 7/28/2024 12:42 PM, Newyana2 wrote:

On 7/28/2024 8:41 AM, Big Al wrote:

     Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)

How about the choo choo train that runs across the terminal screen.

   Made out of punctuation marks, I suppose? How did I miss
something like that? Sometimes I feel my life has been wasted
on boring trivia when I could have been really living.

We made extensive usage of "curses" and GOTOXY back when
in my computing project. The network status screen I made
for keeping an eye on network problems, it was full of GOTOXY
because the screen was an array needing "random access" to
update status. If you simply repainted the screen with 24*80
characters, that would have been slow as blazes, and ugly.
(Terminals connected via RS232 or some other slow standard.)

I'm surprised you did not go through such a phase while programming.
Today, you can position widgets in your window at random locations,
without any expensive protocol to do it :-)

GOTOXY is a protocol that a 24x80 terminal understands. It was
originally a target for programmers, because that's all we had.
We did not have a frame buffer and a graphical subsystem for the
computer. The result is, when you wanted to do animations or
clever things on an ADM3 say, you would squirt out a GOTOXY(23,79)
and a putchar() or equivalent. The terminal took that sequence
as an instruction on where to place the cursor for the next character(s).

Later, when graphics showed up, the Terminal session, there was a $TERM
or equivalent (a declaration of the terminal type emulated in the session).
If a GOTOXY was emitted, it still worked. There are other effects
available today, such as colored text for making a royal mess of
a terminal session (selecting a royal blue color perilously close to black).

So when the notion of a Terminal session came along,
some of our toys continued to work.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Sat, 8/3/2024 2:24 PM, vallor wrote:

On Mon, 29 Jul 2024 01:20:44 +0100, MR <MR@invalid.invalid> wrote in <v86npc$5hb7$1@dont-email.me>:

I didn't find any tables on my machine!

<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>

I just ran the program without entering any parameters. Are there any
parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a
malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.

If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.


On 28/07/2024 06:45, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/

view?usp=sharing>

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

I hope you're kidding. If not:

Tiger-team your installation, then read the newsgroup
thread about how this is someone trying to get you
to run malicious software.

Never, ever run software from untrusted sources, unless
you know precisely what you're doing: sandbox it and
isolate it for starters. Better yet: don't run it,
but use a disassembler (objdump will do it) to see what
it's trying to do.

Heck, I don't even know if drive.google.com gives file owners
statistics on who is downloading their files...so I won't even
download it.

Be more paranoid!

So far, the best summary of the program is via "readELF".

https://man7.org/linux/man-pages/man1/readelf.1.html

It seems to show this is a Linux program, with statically added dotNET
library. However, it still does not explain the Windows manifest file
apparent near the end of the 12MB file (mentions "numbers.dll"), and
how could that be part of the compute path, when there is no sign
of WINE libraries.

At least the exercise is allowing me to see what toolage exists
for analysis. Even if I can't figure out how the program works.
Parts of it are stripped of symbols, other parts not so much.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On Mon, 29 Jul 2024 01:20:44 +0100, MR <MR@invalid.invalid> wrote in <v86npc$5hb7$1@dont-email.me>:

I didn't find any tables on my machine!

<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>

I just ran the program without entering any parameters. Are there any parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.

If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.

On 28/07/2024 06:45, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/ view?usp=sharing>


I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

I hope you're kidding. If not:

Tiger-team your installation, then read the newsgroup
thread about how this is someone trying to get you
to run malicious software.

Never, ever run software from untrusted sources, unless
you know precisely what you're doing: sandbox it and
isolate it for starters. Better yet: don't run it,
but use a disassembler (objdump will do it) to see what
it's trying to do.

Heck, I don't even know if drive.google.com gives file owners
statistics on who is downloading their files...so I won't even
download it.

Be more paranoid!

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G
""Scotty, beam us aboard." "Aye, sir. Will a 2x4 do?""

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 03/08/2024 19:24, vallor wrote:

On Mon, 29 Jul 2024 01:20:44 +0100, MR <MR@invalid.invalid> wrote in <v86npc$5hb7$1@dont-email.me>:

I didn't find any tables on my machine!

<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>

I just ran the program without entering any parameters. Are there any
parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a
malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.

If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.


On 28/07/2024 06:45, Murray wrote:

Does anybody know what could be wrong with this Linux Program?

<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/

view?usp=sharing>

I have unzipped the program and in terminal I type:

./numbers

The author says it should provide a table of sums.

I hope you're kidding. If not:

Tiger-team your installation, then read the newsgroup
thread about how this is someone trying to get you
to run malicious software.

Never, ever run software from untrusted sources, unless
you know precisely what you're doing: sandbox it and
isolate it for starters. Better yet: don't run it,
but use a disassembler (objdump will do it) to see what
it's trying to do.

Heck, I don't even know if drive.google.com gives file owners
statistics on who is downloading their files...so I won't even
download it.

Be more paranoid!

Linux is the most secure Operating system around. Top 500 Super
Computers are using Linux but I'm still a Windoze user!!.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux

On 2024-07-30 14:43, Newyana2 wrote:

On 7/30/2024 12:21 AM, Paul wrote:

#Hello Newsgroups!#The time now is: G#The numbers are: -The even
Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short
exercise . . . **/##### Bye for now #####

This is a shame. I could have used some extra numbers.

Do you know whether WINE can run Metro.Apps ? Or Universal Windows
Programs ?
Even Windows can't always run the latter ones :-)

   I worked with the WINE people very briefly, looking into adapting Windows VB6 software to WINE. The redirect Windows calls (Shim?
 Some kind of shepherding? I don't understand that part.) Over the
years the WINOs have adapted specific Win32 API calls to coorelate
WINE libraries. Unfortunately, it's not a 1-to-1 correlation. One user32 function might be in one library while the next one is in another
library. And of course, no docs to speak of. Real coders don't speak
English.

  I didn't last long with the WINE people because they had no interest
in sharing information about how I could code to accommodate WINE.
They only wanted me to test my software and report bugs. Then I was
to be in charge of that bug until it was resolved by WINO lackeys -- temporary college student coders. (I had no idea that geeks were so
often paramilitary in their social structures.)

  An example: I had used a quick hack in the ChooseColor function.
I'd never had any use for the color pallette that could be saved at
the bottom left of the colorpicker window. The lpCustomColors member
of the CHOOSECOLOR structure is supposed to take an array of long
integers to represent 24-bit colors for the grid. For whatever reason,
VBers were using an array of string pointers, which worked fine on
Windows if the custom colors were never used. In WINE those
details got lost in translation and the string array cause a crash.
The WINOs were adamant that I shouldn't code such things better.
They didn't want me to strain my little brain. They actually didn't want
me to unsderstand.They just wanted me to keep track of bugs until
a coder fixed them on the Linux side.

  I don't claim to be able to program anywhetre near the level of
low-level detail that those people can, but they could have cooperated.

  WINE is mostly geared toward running Photoshop and video games.
The WINOs wanted Microsoft games. Which is an important point. It
was never about bringing Windows software to Linux. The primary
motivation was to bring video games and maybe MSOffice to Linux geeks.

   They'll take up the
challenge of whatever interests them. Then they have a chart showing
not how well the WinAPI is supported but rather the quality of support
for specific software. Put Cortana in a tight, transistor-festooned
bodysuit and hose her down, then put her in a Metro app,
and you can bet you'll get more WINE Metro support. Or at least
more WINE Cortana-all-wet-in-a-bodysuit support.

  When I tried WINE maybe 15 years ago it was very spotty. For
example, Irfan View worked OK but had gaps in the GUI. Just
missing window areas. Odd glitches. Years later it seemed more polished, though I tried my own software and WINE couldn't see subclassed windows
at all. I have an editor with a system richedit window and the richedit
just doesn't show up. On Windows there's also notable difference
between versions of richedit, with various little things. So you can
imagine how WINE would do it. They'd give you a Linux equivalent
and map some or most of the richedit messages to the Linux window,
with a shoehorn if necessary.

  So the Windows version needs to be thoroughly orthodox, the
specific APIs used must be supported, and a Linux equivalent must
be adequate as a substitute for the Windows function. Thus, WINE might support all sorts of things, such as .Net and Metro, but will likely
never support any of them fully.

  I imagine you probably know all this, but it's an interesting topic
and probably most people haven't looked into how WINE works.
I ended up deciding that any idea of moving to Linux without leaving
behind favorite software was not realistic and never would be realistic. (Lately I've had enough trouble just adapting richedit50 to what I
expect from richedit20. So how could I expect WINE to match the
expected behavior in the Linux equivalent?)

I think I knew about this, but probably because you mentioned it before
on another post :-)

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)