Lunatic Experiments

I got the following query in one of my Google hits today: "pipeline.Invoke() "Read-Host" Cannot invoke this function because the current host does not implement it."

I believe that this query was in reference to the lack of host functionality in the default settings for a runspace in Windows Powershell. I don't recall ever actually taking much about this, yet I am known for having abstracted the runspace API for use as a multi threading interface in Powershell. Now is a good time to talk some about this.

A runspace in Powershell is a big blob of information that pertains to a particular shell within Powershell. The runspace has several components within it, such as the cmdlets, aliases, functions, providers, etc. The host component specificly is ment to be used as an abstract interface to the console. The default host object used by a runspace doesn't have much functionality, so you may encounter error messages like the one above when you are using a generic host object.

It is possible to tell Powershell what host object should be used when the runspace is initialized. I do know that version 1.0 of powershell.exe will use a host that writes to the console used by the powershell.exe process. Since most other instances of Powershell don't have a console the host object will often be the default host object, that doesn't provide any functionality on its own, or a very simple host object, using only implementing a few methods in the PSHostUserInterface class.

From the query above it looks like this googler was trying to use Read-Host within an asynchronous runspace. The easy solution to this is to just not do so. It's easier, in most cases, to simply pass the needed information into the asynchronous runspace from the parent runspace. However, there are still some cases where you must use Read-Host from an asynchronous runspace. In that case you'll have to code and compile your own host class, and use that when initializing the runspace.

I finally added support for GnuPG to Library-StringCrypto. The previous functionality to encrypt strings in process is still present and continues to work as expected. Not a couple more parameters have been added to support symmetric and asymmetric encryption using GnuPG.
The new parameters are 'gnupg', to enable use of gpg.exe, and 'recipient', to identify the person the encrypted message is for. When using GnuPG passwords/passphrases may be supplied in 'password' parameter or via the console to the gpg.exe process.

To use symmetric encryption, with GnuPG just add the gnupg switch parameter.

Write-EncryptedString message secret -gnupg

You can also omit the password from the command line and enter it interactivly.

Write-EncryptedString message -gnupg

To use asymmetric encryption, omit the password and use the recipient parameter.

Write-EncryptedString message -gnupg -recipient 'John Doe'

Write-EncryptedString returns the ASCII armored version of the ciphertext. Read-EncryptedString will be able to detect the ASCII armor and automatically process it using gpg.exe. Decryption should just work as expected. The password parameter can be used for both symmetric and asymmetric encrypted messages. Also the passphrase may be interactively entered via the console to gpg.exe.

Usage notes: The command 'gpg' is expected to resolve to gpg.exe, so you may need to add a path entry or alias gpg to wherever your copy of gpg.exe is.
When the password is given via the password parameter, it is passed to gpg.exe as the first line of its standard input. This means the password will not show up in its command line. This also means that passphrases are limited to one line. No check is performed to ensure the password is not longer than one line. If the passphrase is longer than one line then only the first line will be used as key material, the rest will appear at the start of the decrypted message.

Some cryptanalytic stuff: Using GnuPG via this script should be no less secure than using GnuPG by any other method in Powershell. However, because this involves communication with another process, using GnuPG does have a larger attack surface for side channel attacks than simply performing the encryption using the CLR. i.e. Either your installation of the .NET Framework or your installation gpg.exe may be compromised, but gpg.exe alone being compromised does not effect the .NET Framework.

Download Library-StringCrypto.ps1 here.

Every time I hear about ACTA I become violently sick. The fact that it continues to be "negotiated" in secret makes it a violation of the sovereignty of any government that would sign it. I dearly hope that it never goes into effect.

I recently decided to spend the money to buy a home server. (I got an Atom 330 and a 64GB SSD in case you were wondering.) In the name of security I decided to use Xen to separate the applications that would be running on it. So I installed OpenSSH to control it remotely. Then, I installed Xen. Finally, I initialized a new block device and installed an operating system to act as the first guest OS on the machine.
I booted up the guest OS and everything was working fine. That is, until after crond (the equivalent of the task scheduler if you only know Windows) started up. I saw the crond boot message and that was the last of it. Nothing after that. Not even the login prompt. While the reason to this seems obvious to me now, I became quite confused at that time.
So I asked Google to find a solution for me. It would appear that quite a number of people had the same problem. I read a few questions about it on forums but not many responses gave a working solution. I then found a couple of blog posts that did work, but I don't quite understand how they worked.

http://www.nulynx.com/xen-boot-hangs-at-crond/
http://shell.burgas.org/2009/06/debian-xen-domu-hangs-at-crond/

For a default installation of Debian 5, placing
into the guest's configuration file worked. Then it broke when I wanted to use a custom configured kernel. When I changed the kernel, I was back to the original problem.
That whole day I worked my brain to figure out what was wrong while I was at work. Why did the default installation not work? Why did that configuration change make it work? Why did it not work when I used a different kernel? I realized the simple truth is that the console you see in xm is not tty1. The Xen console it not a tty at all. It's a separate device called hvc0. The reason why I did not see a login prompt is because getty is only setup to for ttys, and my custom kernel must be interpreting those arguments in a dissimilar manner.
So the solution was to simply get getty to start up on the hvc0 device. That was something I knew how to do from experience. Edit the inittab file! Add this line:
That's the same line as is used for tty1 with the id and device name changed.
Now the system is setup explicitly to startup getty on the xen console, and no need for any hackish kernel arguments. The ttys are actually devoted to interacting with the virtualized frame buffer. If you are not using the vfb you may as well comment out the tty getty lines, but leave them in there if you do intend to use the vfb.

The hit counter for my blog has just the 10,000 hit milestone today. I had planed to release a comedic themed encryption library for Powershell that shows how some of the functions of GPG can be imitated in Powershell. However, I have not yet finished that library. Instead, I have decided I would release a virtual memory management library I wrote in C#.

One of the projects I'm working on right now required a better understanding of the CPU architectures used today. This inevitably lead me to want to be able to use ASM in C# code. So I decided to start studying NASM and ASM in general, and then found that the .NET heap has execution protection. I then found that I can control the protection bits by calling the virtual memory management functions in the kernel32.dll library. This library is a .NET wrapper for those functions.

The library is documented, but I don't have any example uses that I can release at this time. While I don't have any examples to release today I can say that this library is useful for executing either precompiled or dynamically generated native code.

The library is released under the GNU General Public License.
VirtualMemory.7z

On the topic of ASM: I have read a few negative comments in the past about how well the .NET Framework is able to optimize the native code result of an assembly, particularly in the use of SIMD instructions. I feel I should comment on my experience while developing this library. I tested the execution time of two algorithms written in both NASM and C#. The execution time of the first algorithm I tested was ~10 times faster in NASM than what I got from the C# version. On the other hand, the execution time of the second algorithm I tested was only ~10% faster in NASM than in C#, and only after a couple hours of work to optimize the NASM code.
According to my calculations, the speed result of the second algorithm in C# came very close the theoretical limit of my CPUs capacity, close enough that there would be no way to achieve that speed without the use of wide SIMD instructions. This indicates to me that the JITter in .NET Framework is capable of using SIMD instructions properly, while the same JITter may not always understand the algorithm being JITted. This is actually completely inline of my expectations for any compiler.