Month: November 2020

Bloomberg’s Millions

I wonder if the lesson from Mike Bloomberg’s 2020 election investments might be “dumping money into advertisements has limited benefit”. A hundred million dollars to fund groups driving people to polls. Or free public transport rides on election day. Or groups helping people navigate voter registration (possibly including fees and transportation to where-ever non-driver photo IDs are issued). Maybe those would have been more productive ways to blow a hundred mil.

Pre-Hatched Ideas

I’ve got two working story-lines to end the reality-TV-presidency. Trump steps down next week, Barr pushes through a bunch of cases against him and he’s found innocent (or guilty and Pence pardons him). Lacks pizazz. Also doesn’t sort the state charges — my memory is that SCOTUS has held there’s no double jeopardy because you’ve violated the federal law *and* the completely separate (even if it’s the same thing) state law.
 
The one I like better – Trump kicks off a I didn’t really lose tour / airing of grievances across the country, culminating in oversea visits to the troops. While visiting Incirlik, he defects and stays in Turkey. Plot twist — all of the QAnon folks follow him and shore up Erdoğan’s support in the 2023 election. But the same QAnon folks get Trump into the National Assembly, and he wins the 2028 general election to replace Erdoğan.

Using Process Monitor To Troubleshoot Applications

SysInternals used to produce a suite of tools for working with Microsoft Windows systems — the company appears to have been acquired by Microsoft, and the tools continue to be developed. I used PSKill and PSExec to automate a lot of system administration tasks. ProcessMonitor is like truss/strace for Windows. Unlike the HFS standard, Windows files end up all over the place (plus info is stashed in the registry). Sometimes applications or services fall over for no reason. Process monitor reports out

When you open procmon, you can build filters to exclude uninteresting operations — there’s a default set of exclusions (no need to log out what procmon is doing!)

Adding exclusions for specific process names can eliminate a lot of I/O — I was looking to troubleshoot a problem on a Domain Controller that had nothing to do with AD specifically, so excluding activity by lsass.exe significantly reduced the amount of data being logged. If I’m using a browser to troubleshoot the problem, I’ll exclude the firefox.exe or chrome.exe binary too.

From the filter screen, click “OK” to begin grabbing data. The easiest thing I’ve found to do is stop capturing data when the program opens (use ctrl-a followed by ctrl-x to clear the already logged stuff). Stage whatever you want to log, use ctrl-e to start capturing. Perform the actions you want to log, return to procmon and use ctrl-e to stop again.

You’ll see reads (and writes) against the registry, including the specific keys. Network operations. File reads and writes. In the “Result” and “Detail” column, you can determine if the operation was successful. There are a lot of expected not found failures — I see these in truss/strace logs too, programs try a bunch of different things and one of them needs to work.

I’ve had programs using a specific, undocumented file for a critical operation — like the service would fail to start because the file didn’t exist. And seeing the path and file open failure allowed me to create that needed file and run my service. I’ve wanted to find out where a program stashes data, and procmon makes that easy to identify.