From the installation log of the driver for a REINER SCT smart card reader:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </subdirectories "C:\ProgramData\REINER SCT\*" /grant="S-1-1-0"=F>

Um. Come again? S-1-1-0 is Everyone.

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls ctf_bdr.rsct
ctf_bdr.rsct Everyone:(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             BUILTIN\Users:(I)(RX)

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls .
. Everyone:(OI)(IO)(F)
  Everyone:(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  BUILTIN\Users:(I)(OI)(CI)(RX)
  BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

The files are “transfer files” according to the (rather pointless) file type registration. They look encrypted. I suspect they are some kind of firmware.

Why would anyone in their right mind set a directory full of firmware for a smart card reader to be world writable?

The next line in the log file is this:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers" /grant="S-1-5-19"=F>

NT AUTHORITY\LOCAL SERVICE. Probably also not a good idea; I think this is left from before there were virtual service accounts.

Time to ask the company.

• Weichenlaufkettensperrmelder

How to remove a systemwide installation of Fusion 360

"Fusion 360 Client Downloader.exe" --globalinstall -p uninstall

Ach du lieber Deutschlandfunk.

Fall 1: »Jetzt muss Sessions gehen. Nachfolger wird aber nicht sein Stellvertreter, sondern Trumps Stabschef Matthew Whitaker.« Äh, nein, Whitaker ist/war nicht Trumps Stabschef, sondern Sessions’.

Fall 2: »Was man auch erzählen muss, weil es vermutlich bei der Geschichte eine Rolle spielt: die Bahira-Mitarbeiterin, die das Erlebnis hatte, ist nicht irgendwer. Das ist Pinar Cetin, die Ehefrau, des früheren Moscheevorsitzenden Ender Cetin, der im Dezember 2016 überraschend aus diesem Amt entfernt wurde. Auch sie selbst war in der Moschee und bei Ditib schon in wichtigen Ämtern bekleidet.« Wieso, sind Frauen in Moscheen und bei Ditib normalerweise unbekleidet?

https://www.deutschlandfunk.de/y.807.de.html?dram:article_id=431030

Und manchmal erscheint ihr neben ihrer Tochter auch noch ihre große Schwester Adelheid, oder wie?

You know, Google, one of these things is far more likely to be what I was looking for than the other.

Nice try, though.

Let’s have another (little) Python packaging rant. It’s been a while.

I just made a mistake. I thought I had told my deployment software to remove a Python installation, when I had actually only removed one third-party package that I had repackaged as MSI. Then I deleted the whole installation directory (which I believed had only leftover bits).

Oops. How do I clean this up?

Well, let’s just install the whole thing again, from the original – shudder – burn bundle.

Won’t work. Takes but a second, then claims success. No wonder, all the metadata is still there; for the bundle it looks like all its little constituent parts are already installed.

So we uninstall the bundle? Error 1603.

So we repair it? Gets up to pip (having done nothing to the actual file system), then fails, “no installation detected”. You don’t say.

Fix? Download the whole set of MSIs, install them in an order that works, uninstall them in reverse order, then install the bundle and uninstall it again.

Ceterum censeo: This mess would have been avoided had I thought before typing. OTOH, it also would have been avoided by using MSI as the distribution package format because then a repair installation would have actually worked.

Currently converting a Django project that was using ZPT via Chameleon to Django’s own template language.

No, I don’t think this is a good idea.

Unfortunately, Django’s developers make it increasingly difficult to generate XHTML, and recent versions have essentially made it impossible without rewriting a good bit of the framework itself.

For some reason, the Django project has decided to embark upon a crusade against XHTML, and my poor little ZPTs are its victims.

Honestly now. Which is better?

This:

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:tal="http://xml.zope.org/namespaces/tal"
      xmlns:metal="http://xml.zope.org/namespaces/metal">
...
<body>
<h1 tal:content="section"/>
<p tal:repeat="item items" tal:content="item.label"/>
...

Or this:

<!DOCTYPE html>
<html>
...
<body>
<h1>{{ section }}</h1>
{% for item in items %}
<p>{{i item.label }}</p>
{% endfor %}
...

When done adequately, ZPT are well-formed XML. When done correctly, they are valid XHTML (the templates themselves, not just [but also!] their output).

Django templates, on the other hand, are line noise when done completely wrong, and still line noise when done “right”.

Imagine you work in a support call center, and right now have to try and make yourself understood to callers over the earsplitting speakers above you –

Bong! Bong! Attention! Attention! An incident has been reported within the building. Please wait for further announcements.

Over, and over, and over again, all the time.

If this is not difficult to imagine, because you are living it right now, then you work at Bloomberg.

I’m tempted. My current face is getting a bit worn out.