Jekyll2024-01-04T07:24:36+00:00https://abelcheung.github.io/rifiuti2/feed.xmlRifiuti2Windows Recycle Bin Analysis ToolAbel CheungRifiuti2 0.8 released2024-01-04T06:25:40+00:002024-01-04T06:25:40+00:00https://abelcheung.github.io/rifiuti2/release/2024/01/04/version-0-8-released<p>This is a major rewrite of everything except source code. The
whole thing was lying around for too long without dusting,
so major cleanup takes quite some time to complete.</p>
<h2 id="cmake-adoption">CMake adoption</h2>
<p>Migration away from <code class="language-plaintext highlighter-rouge">Autoconf</code> / <code class="language-plaintext highlighter-rouge">Automake</code> has been on radar since
last release, but nothing materialized until now. As expected, the
basic building infrastructure was not a problem, but rewriting test
suite in <code class="language-plaintext highlighter-rouge">CTest</code> proves to be a great challenge as expected.
Platform specific stuff, such as different encoding support of
<code class="language-plaintext highlighter-rouge">iconv()</code> in various platforms, is the major source of headache.</p>
<h2 id="migration-to-github-workflow">Migration to GitHub workflow</h2>
<p>One of the major source of security events during recent years is
building infrastructure and supply chain attack. GitHub has gone
through great pain in preventing token stealing and whatnot, but
not Appveyor and Travis-CI, so moving away from them is an obvious
step. Luckily <a href="https://github.com/msys2/setup-msys2">MSYS2 provides github action</a> so that
migration is a breeze.</p>
<h2 id="other-infrastructure-changes">Other infrastructure changes</h2>
<p>Being able to translate text UI is never a selling point of this
utility. In fact I always find it redundant when no translation
was contributed all these years, and <code class="language-plaintext highlighter-rouge">gettext</code> m4 support has
caused too many grievances over these years. Removing all that
feels like a burden off shoulder.</p>
<p>Manpage is similar. This is year 2024, not like 1994 where the
major source of documentation and help comes from offline ones.
It is sort of like another burden when one doesn’t use roff
macros in everyday work, and need to relearn them over and over
again in order to update manpage.</p>
<h2 id="live-system-inspection">Live system inspection</h2>
<p>The idea was already there long time ago, almost as old as the
utility itself, but not until recently did I take the effort.
Implementing on different platforms (native Windows, and
Subsystem for Linux) requires lots of code refactor, but not
a major obstacle though. Now only one roadblock left before
1.0 release.</p>Abel CheungAnnouncement for 0.8.0 release -- migration to CMake, etc.Guessing Windows version from artifacts2019-07-22T02:07:00+00:002019-07-22T02:07:00+00:00https://abelcheung.github.io/rifiuti2/internals/2019/07/22/guess-ver-from-artifacts<p>When investigators are given an index file, it is immediately apparent,
from its file name, for one to have a quick grasp of the coarse generation
of Windows. However, by “coarse” I mean it is <em>very,
very imprecise</em>. With a file name like <code class="language-plaintext highlighter-rouge">$I87kHp4.jpg</code> one can only conclude
it’s from Vista or above, no more or no less. Usually for real investigations
the Windows version is easily determined from other items (registry etc);
but on the rare case of only having recycle bin artifact available, one
must search for clue by directly peeking into the data.</p>
<h2 id="determination-for-recyclebin">Determination for <code class="language-plaintext highlighter-rouge">$Recycle.Bin</code></h2>
<p>With <code class="language-plaintext highlighter-rouge">$Recycle.Bin</code> folder the rule is very simple, yet still quite
limited in the sense that Windows versions are not that accurate:</p>
<figure class="center-block">
<img src="/rifiuti2/images/recycle-dir-logic.svg" alt="Diagram about how rifiuti2 determines Windows version for Vista or above" class="img-responsive img-rounded center-block" />
<figcaption><p>Figure: How <code class="language-plaintext highlighter-rouge">rifiuti2</code> determines Windows version for Vista or above</p>
</figcaption>
</figure>
<p>The check is very simple: just scan for version number, and violà. However,
unlike <code class="language-plaintext highlighter-rouge">INFO2</code> format which has undergone frequent changes, <code class="language-plaintext highlighter-rouge">$Recycle.Bin</code>
index format is very stable, so that’s no way of pinpointing the exact
Windows version unfortunately.</p>
<h2 id="determination-for-info-and-info2">Determination for <code class="language-plaintext highlighter-rouge">INFO</code> and <code class="language-plaintext highlighter-rouge">INFO2</code></h2>
<p>On the other hand, pre-Vista artifacts need relatively more complex logic,
and in some place heuristical technique is needed. Yeees, some people may say
it’s possible to guess from filename itself (<code class="language-plaintext highlighter-rouge">INFO2</code> only occurs since Win98),
but I’d rather play safe as files can be renamed easily.</p>
<figure class="center-block">
<img src="/rifiuti2/images/recycle-INFO2-logic.svg" alt="Diagram about how rifiuti2 determines Windows version for 95 – 2003" class="img-responsive img-rounded center-block" />
<figcaption><p>Figure: How <code class="language-plaintext highlighter-rouge">rifiuti2</code> determines Windows version for 95 – 2003</p>
</figcaption>
</figure>
<p>Essentially it means:</p>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th>Step</th>
<th>Check</th>
<th>Extra notes</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>Version number</td>
<td>Result can be determined unless version = 5</td>
</tr>
<tr>
<td>2</td>
<td>Record size</td>
<td>Must be Windows ME if size of each record is 280 bytes, otherwise continue to next step</td>
</tr>
<tr>
<td>3</td>
<td>Unicode path</td>
<td>Heuristically scan for junk data in trailing padding area after unicode path. Windows 2000 if found, otherwise XP/2003 <sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote" rel="footnote">1</a></sup></td>
</tr>
</tbody>
</table>
</div>
<div class="footnotes" role="doc-endnotes">
<ol>
<li id="fn:1" role="doc-endnote">
<p>If recycle bin has been emptied (no record is present), it’s entirely
impossible to determine OS result. In such case <code class="language-plaintext highlighter-rouge">rifiuti2</code> only displays
Windows 2000-2003. Another hypothetical possibility of misidentification
occurs when padding area contains no junk data, wrongly treating <code class="language-plaintext highlighter-rouge">INFO2</code>
generated by Win2K as from 2003/XP; however no real world
evidence has been encountered yet. <a href="#fnref:1" class="reversefootnote" role="doc-backlink">↩</a></p>
</li>
</ol>
</div>Abel CheungThe logic of determining which Windows version generated a given recycle bin item. Both `INFO2` and `$Recycle.Bin` included, covering whole range of Windows.Site revamp and documentation2019-07-13T04:38:13+00:002019-07-13T04:38:13+00:00https://abelcheung.github.io/rifiuti2/site/2019/07/13/site-revamp-and-doc<p>Visitors should have noticed the site has been undergoing a major facelift, replacing
archaic theme with a more responsive, mobile friendly one. I start feeling like more
into Jekyll and web development instead of doing any work on <code class="language-plaintext highlighter-rouge">rifiuti2</code> now. ☺</p>
<p>But there is a missing piece in website content which I always wished to write about:
the slight variations between different <code class="language-plaintext highlighter-rouge">INFO</code>/<code class="language-plaintext highlighter-rouge">INFO2</code> formats supported by generations
of Windows. The <code class="language-plaintext highlighter-rouge">$Recycle.Bin</code> format is relatively clean and clear, but the subtleties
in <code class="language-plaintext highlighter-rouge">INFO2</code> format was not very well known, or forgotten in history of internet.</p>
<p>For example, following is a sample comparison of 95 / 2003 INFO2 header broken down
into 4-byte group:</p>
<div class="table-responsive">
<table class="table table-striped table-responsive">
<thead>
<tr>
<th>Offset</th>
<th>Meaning</th>
<th>95 sample</th>
<th>2003 sample</th>
</tr>
</thead>
<tbody>
<tr>
<td><code class="language-plaintext highlighter-rouge">0x00</code></td>
<td>Version</td>
<td><code class="language-plaintext highlighter-rouge">0000 0000</code></td>
<td><code class="language-plaintext highlighter-rouge">0500 0000</code></td>
</tr>
<tr>
<td><code class="language-plaintext highlighter-rouge">0x04</code></td>
<td>???</td>
<td><code class="language-plaintext highlighter-rouge">0B00 0000</code></td>
<td><code class="language-plaintext highlighter-rouge">0000 0000</code></td>
</tr>
<tr>
<td><code class="language-plaintext highlighter-rouge">0x08</code></td>
<td>???</td>
<td><code class="language-plaintext highlighter-rouge">1000 0000</code></td>
<td><code class="language-plaintext highlighter-rouge">0000 0000</code></td>
</tr>
<tr>
<td><code class="language-plaintext highlighter-rouge">0x0C</code></td>
<td>Record size</td>
<td><code class="language-plaintext highlighter-rouge">1801 0000</code></td>
<td><code class="language-plaintext highlighter-rouge">2003 0000</code></td>
</tr>
<tr>
<td><code class="language-plaintext highlighter-rouge">0x10</code></td>
<td>???</td>
<td><code class="language-plaintext highlighter-rouge">0000 2C00</code></td>
<td><code class="language-plaintext highlighter-rouge">0000 0000</code></td>
</tr>
</tbody>
</table>
</div>
<p>Few people would talk about offset <code class="language-plaintext highlighter-rouge">0x04</code>, <code class="language-plaintext highlighter-rouge">0x08</code> and <code class="language-plaintext highlighter-rouge">0x10</code> (all marked with ???), as
they were only used in 95 and NT4. Those fields were from the era when <code class="language-plaintext highlighter-rouge">INFO2</code>
doesn’t keep purged records at all, and developers decide to only keep a tally count
of recycled items. The 3 fields correspond to:</p>
<ul>
<li>Total items still inside recycle bin</li>
<li>Total items ever been recycled</li>
<li>Total cluster size of all available items</li>
</ul>
<p class="callout callout-info"><strong>Trivia:</strong> the 32 bit size guarantees that recycle bin can’t ever
exceed 2GB. Not that 2GB hard drive existed during that dynasty …</p>
<p>They were ignored probably because 98 / ME / 2000 filled those bytes with seemingly
random data. Faintly recalled that those are in fact memory chunks on system, and
can potentially leak sensitive information (unencrypted file contents, credentials,
you name it). I really want to document all these stuff clearly, as few people
would ever be knowledged in such ancient and minor file format.</p>Abel CheungRandom babbling about this site and TODOs. Feels like I'm more into web development …Rifiuti2 0.7.0 released2019-05-08T13:02:22+00:002019-07-13T04:03:48+00:00https://abelcheung.github.io/rifiuti2/release/2019/05/08/version-0-7-0-released<p>Another prolonged “hiatus” passed before this update.
Quite a lot was done recently; right now there aren’t
many features left before its completion in my opinion. <sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote" rel="footnote">1</a></sup></p>
<h3 id="character-display-fix">Character display fix</h3>
<p>Perhaps the most time spent on this release is handling various character
sets, and have them display correctly; it was always a headache battling
with various character conversion implementations, and there’s another
hurdle with displaying characters correctly under older Windows’ archaic
console (it gets significantly better since Windows 10). Right now the
later part is not complete yet; error messages would still be garbled
if one changes console code page, which would (hopefully) be addressed soon.</p>
<h3 id="95--nt-support">95 / NT support</h3>
<p>Other than the usual bug fixes,
this release is more like one for archaeological and research purpose.
Almost nobody uses ancient Windows (95, NT 4.0 etc) for work and personal
computing purposes now. I can only generate recycle bin artifacts for those
systems <a href="https://forums.virtualbox.org/viewtopic.php?t=9918">using virtual machines</a>. But still, they provide an interesting
historical insight on how the recycle bin features change over time.</p>
<h3 id="network-share-support">Network share support</h3>
<p>Another feature I find exciting is setting up recycle bin on network shares.
Though there was wide claim that such thing can’t be done, somebody has
managed to enable it for any mapped and even unmapped network drives!</p>
<p>See: <a href="https://social.technet.microsoft.com/Forums/windows/en-US/a349801f-398f-4139-8e8b-b0a92f599e2b/enable-recycle-bin-on-mapped-network-drives?forum=w8itpronetworking">Enable Recycle Bin on mapped network drives</a></p>
<p>Personally I use a more simplistic approach <a href="https://forums.mydigitallife.net/threads/tip-network-recycle-bin.16974/">based on an older article</a>,
that is, move personal folders to a
<abbr title="Universal Naming Convention" class="initialism">UNC</abbr>
path. It surprised me on how far
this feature is dated back; Windows ME and 2000 was verified to work!
Windows 98 would ask for permanent deletion of personal files in UNC path
though.</p>
<h3 id="others">Others</h3>
<p>Last but not least, there are a few important changes in bundled Windows
binaries:</p>
<ul>
<li>It doesn’t work on Windows XP/2003 anymore, due to <a href="https://gitlab.gnome.org/GNOME/glib"><code class="language-plaintext highlighter-rouge">glib</code> library</a>
(the underlying library <code class="language-plaintext highlighter-rouge">rifiuti2</code> relies heavily on) breaking
XP compatibility by using Vista-only API at certain point.</li>
<li>File output is always in UTF-8 encoding now (without
<abbr title="Byte Order Mark" class="initialism">BOM</abbr>).
Users are expected to open it with UTF-8 capable text editors.</li>
<li>32 and 64 bit binaries are bundled as separated zip files. On the
surface it means less bloat, though this change actually arised from
need of compromise for Windows building platform (Appveyor, that is).</li>
</ul>
<div class="footnotes" role="doc-endnotes">
<ol>
<li id="fn:1" role="doc-endnote">
<p>Given current technology trend, similar artifact carving tools may not be
very relevant now. ☹ Actually it was already the case for like 10
years ago, when people started relying on web services and mobile communication. <a href="#fnref:1" class="reversefootnote" role="doc-backlink">↩</a></p>
</li>
</ol>
</div>Abel CheungAnnouncement for 0.7.0 release, some important features and changes like 95/NT support, network shared recycle bin support, Windows binary requirement etc.Porting effort2015-06-14T03:46:35+00:002019-07-13T03:58:10+00:00https://abelcheung.github.io/rifiuti2/development/2015/06/14/porting-effort<p>Porting <code class="language-plaintext highlighter-rouge">rifiuti2</code> to Solaris is proven to be the most problematic
of all so far. Effort spent on FreeBSD and NetBSD are trivial; they
almost work instantly except incompatibility of tools used in some
test cases. Time spent on Solaris is more than the other platforms
combined, partly due to fruitless effort to make Sparc64 emulation
under Qemu work, and remaining time is spent on struggling with Solaris
implementation of <code class="language-plaintext highlighter-rouge">iconv()</code>. <del datetime="2019-07-13T12:01:20+0800">
It is utter crap too limited to be
useful for rifiuti2; while containing lots of IBM code pages, it
lacks support for many Windows code pages, which would be necessary
for rifiuti2.</del></p>
<p><del datetime="2019-07-13T12:02:25+0800">
So in the end decision is made to simply ignore Solaris <code class="language-plaintext highlighter-rouge">iconv()</code>
and require glib2 compiled with GNU libiconv instead. <a href="https://www.opencsw.org/">OpenCSW</a>
packages fit for such purpose, as well as the (now deprecated)
<a href="https://www.sunfreeware.com/">SunFreeware</a>. Though <a href="https://unixpackages.com/">UnixPackages</a> is the successor
of SunFreeware, paying subscription service just for testing a rare
use case (using <code class="language-plaintext highlighter-rouge">rifiuti2</code> on Solaris) does’t justify the cost,
so this is the status quo.</del></p>
<p class="callout callout-info"><strong>4 years later</strong>: Turns out it’s just my ignorance, <code class="language-plaintext highlighter-rouge">iconv()</code> from
Solaris is fine to use, just that the extra encodings are not installed
by default (at least on some Solaris spin-off, say <a href="https://illumos.org/">Illumos</a>). Besides
it was actually hard to find <code class="language-plaintext highlighter-rouge">glib2</code> package linking with external iconv
library; it’s an exception rather than the norm.</p>Abel CheungThe (painful) journal of porting rifiuti2 to Solaris...Rifiuti2 0.6.1 released2015-05-28T06:08:51+00:002019-07-13T04:05:43+00:00https://abelcheung.github.io/rifiuti2/release/2015/05/28/version-0-6-1-released<p>This is a bug fix release addressing 3 issues:</p>
<ol>
<li>Big-endian systems have been ignored for all these days, as
very few people belong to such user case. Most users would:
<ul>
<li>Either directly run <code class="language-plaintext highlighter-rouge">rifiuti2</code> on Wintel systems (little endian), or</li>
<li>Take snapshot of file system and extract files on Linux for
further inspection (also most likely little endian)</li>
</ul>
<p>But there is actually no reason not to fix it — especially original
<code class="language-plaintext highlighter-rouge">rifiuti</code> already coped with big-endian systems from the start.</p>
<p>So made up my mind and set up a <a href="https://people.debian.org/~aurel32/qemu/powerpc/">Qemu PPC Debian virtual machine</a>.
Hopefully this is enough for addressing any big-endian issues in future.</p>
</li>
<li>
<p>For tab-delimited output, use the old <code class="language-plaintext highlighter-rouge">YY:MM:DD hh:mm:ss</code> date/time format
again. This would hopefully ease problem of having spreadsheet programs
(like MS Office and OpenOffice) not recognizing the format. Although
the question of addressing ISO8601 format in Excel has been discussed
in some places (<a href="https://stackoverflow.com/a/4896796">like this StackOverflow answer</a>), it is always better
to let users handle the data as efficient as possible.</p>
</li>
<li>Timezone value for places using <a href="https://en.wikipedia.org/wiki/Daylight_saving_time">Daylight Saving Time</a> was wrong —
it was not tested as rigorously as it should be, and the support for date/time
in Windows C runtime library <a href="/rifiuti2/development/2015/05/18/pain-in-timezone-support/">turns out to be shaky</a>. Recent testing
indicates <a href="https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/ftime-ftime32-ftime64"><code class="language-plaintext highlighter-rouge">Windows _ftime()</code></a> to be unreliable for use. In particular,
<code class="language-plaintext highlighter-rouge">_timeb.dstflag</code> does not respect <code class="language-plaintext highlighter-rouge">TZ</code> environment variable and always use
control panel setting, so users modifying <code class="language-plaintext highlighter-rouge">TZ</code> variable would see wrong
result.</li>
</ol>Abel CheungThis is a bug fix release addressing 3 issues: endianness, date time format and timezone value.Pain in timezone support2015-05-18T01:05:29+00:002019-07-13T04:12:22+00:00https://abelcheung.github.io/rifiuti2/development/2015/05/18/pain-in-timezone-support<p>Haven’t anticipated the addition of timezone info has caused so much
grief for me, though lots of “fun” are uncovered during the
process.</p>
<p class="callout callout-info"><strong>Four years later:</strong> <a href="https://developer.gnome.org/glib/stable/glib-GDateTime.html"><code class="language-plaintext highlighter-rouge">GDateTime</code> structure</a> will be used to simplify cross
platform handling of such date / time issue. Let’s see how far it can go.</p>
<h3 id="strftime-is-not-very-platform-neutral"><code class="language-plaintext highlighter-rouge">strftime()</code> is not very platform neutral</h3>
<p><a href="https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strftime-wcsftime-strftime-l-wcsftime-l"><code class="language-plaintext highlighter-rouge">strftime()</code> on Windows</a> is less capable then the Unix ones. For
compatibility, the date / time format would need to be expressed as
<code class="language-plaintext highlighter-rouge">%Y-%m-%d %H:%M:%S</code> in place of just <code class="language-plaintext highlighter-rouge">%F %T</code> (supporting ISO C89
standard but not C99); nor does it print numerical time zones.</p>
<h3 id="tz-environment-variable-on-windows-is-crap"><code class="language-plaintext highlighter-rouge">TZ</code> environment variable on Windows is crap</h3>
<p>Nowadays systems don’t use <code class="language-plaintext highlighter-rouge">TZ</code> variable for common purpose anymore. <sup id="fnref:1" role="doc-noteref"><a href="#fn:1" class="footnote" rel="footnote">1</a></sup>
Linux / BSD make use of <a href="https://en.wikipedia.org/wiki/Tz_database">Olson time zone database</a> which
automatically handles GMT offset and
<abbr title="Daylight Saving Time" class="initialism">DST</abbr>,
while <code class="language-plaintext highlighter-rouge">TZ</code> can also be set in well-defined manner to temporarily override
system setting. Windows users would be familiar with Control Panel settings
instead. But <code class="language-plaintext highlighter-rouge">TZ</code> variable in Windows is arbitrary and there is no
rigorous checking <sup id="fnref:2" role="doc-noteref"><a href="#fn:2" class="footnote" rel="footnote">2</a></sup>, resulting in hilarious scenarios:</p>
<ol>
<li>
<p>For example, I can happily use the value <code class="language-plaintext highlighter-rouge">ABC123XYZ</code> as timezone and it
would be accepted as a timezone having <em>-123 hours offset from UTC</em>.
The letters are merely junk — except that using 4 letters (like
<code class="language-plaintext highlighter-rouge">EEST</code> which is a valid timezone in Istanbul) would cause functions
utilitizing <code class="language-plaintext highlighter-rouge">TZ</code> variable to wreak havoc.</p>
</li>
<li>
<p>Compare these 2 commands:</p>
<p><kbd>set TZ=</kbd><br /><kbd>set TZ= </kbd></p>
<p>The first line unsets TZ variable as expected, so that Windows would
retrieve regional setting from control panel. But with an extra space
in 2nd line, timezone is set to <strong><em>UTC with Daylight Saving Time
forcefully turned on</em></strong>!!! It costs me days of head scratching and several
faulty “fixes”.</p>
</li>
</ol>
<h3 id="_timeb-structure-does-not-respect-tz-variable"><code class="language-plaintext highlighter-rouge">_timeb</code> structure does not respect <code class="language-plaintext highlighter-rouge">TZ</code> variable</h3>
<p>The DST value returned from <code class="language-plaintext highlighter-rouge">_timeb</code> structure is faulty, in that it
only respects the timezone setting from Control Panel and not <code class="language-plaintext highlighter-rouge">TZ</code>
variable. That’s one of the bug addressed in 0.6.1 version.
The following table shows how the values of <code class="language-plaintext highlighter-rouge">_timeb.dstflag</code> and
<code class="language-plaintext highlighter-rouge">tm.tm_isdst</code> vary with <code class="language-plaintext highlighter-rouge">TZ</code> and Control Panel settings (undesirable
values <span class="bg-danger">marked in red background</span>):</p>
<div class="row">
<div class="col-sm-6">
<table class="table text-center">
<caption><code>_timeb.dstflag</code> value</caption>
<thead>
<tr>
<th colspan="2" rowspan="2"> </th>
<th colspan="2">Control Panel</th>
</tr>
<tr><th>Use DST</th><th>No DST</th></tr>
</thead>
<tbody>
<tr>
<th rowspan="3"><code>TZ</code></th>
<th>(unset)</th>
<td>1</td>
<td>0</td>
</tr>
<tr>
<th>UTC</th>
<td class="danger">1</td>
<td>0</td>
</tr>
<tr>
<th>PST8PDT</th>
<td>1</td>
<td class="danger">0</td>
</tr>
</tbody>
</table>
</div>
<div class="col-sm-6">
<table class="table text-center">
<caption><code>tm.tm_isdst</code> value</caption>
<thead>
<tr>
<th colspan="2" rowspan="2"> </th>
<th colspan="2">Control Panel</th>
</tr>
<tr><th>Use DST</th><th>No DST</th></tr>
</thead>
<tbody>
<tr>
<th rowspan="3"><code>TZ</code></th>
<th>(unset)</th>
<td>1</td>
<td>0</td>
</tr>
<tr>
<th>UTC</th>
<td>0</td>
<td>0</td>
</tr>
<tr>
<th>PST8PDT</th>
<td>1</td>
<td>1</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>It is immediately apparent that <code class="language-plaintext highlighter-rouge">_timeb.timezone</code> ignores <code class="language-plaintext highlighter-rouge">TZ</code> completely.
OTOH <code class="language-plaintext highlighter-rouge">tm.tm_isdst</code> consults both settings, so is reliable enough for use
in <code class="language-plaintext highlighter-rouge">rifiuti2</code>.</p>
<h3 id="nice-stuff-info-file-stores-utc-time-since-95">Nice stuff: <code class="language-plaintext highlighter-rouge">INFO</code> file stores UTC time since 95</h3>
<p>Enough Windows bashing. Actually, Microsoft developers are surprisingly
forward-thinking in some aspects.
The <code class="language-plaintext highlighter-rouge">INFO</code> file (in Win95, predates <code class="language-plaintext highlighter-rouge">INFO2</code> used in Win98) already uses
<a href="https://support.microsoft.com/en-us/kb/188768">64-bit <code class="language-plaintext highlighter-rouge">FILETIME</code></a>, when 32-bit systems were still not mature yet.
And this <code class="language-plaintext highlighter-rouge">FILETIME</code> stores UTC time, not local time which is still dominant
in system time of current Windows. That saved lots of headache when
constructing event timeline.</p>
<hr class="short" />
<div class="table-responsive small">
<table class="table table-condensed">
<thead>
<tr>
<th>Date</th>
<th>ChangeLog</th>
</tr>
</thead>
<tbody>
<tr>
<td><code class="language-plaintext highlighter-rouge">2015-05-28</code></td>
<td>Add description about problem in <code class="language-plaintext highlighter-rouge">_timeb</code></td>
</tr>
<tr>
<td><code class="language-plaintext highlighter-rouge">2019-06-04</code></td>
<td>Use of <code class="language-plaintext highlighter-rouge">GDateTime</code> to replace the whole mess</td>
</tr>
</tbody>
</table>
</div>
<div class="footnotes" role="doc-endnotes">
<ol>
<li id="fn:1" role="doc-endnote">
<p><code class="language-plaintext highlighter-rouge">TZ</code> variable used to be a common mechanism to
<a href="http://science.ksc.nasa.gov/software/winvn/userguide/3_1_4.htm">set time zone for Windows 3.1</a>. Same applies to ancient Linux
systems. <a href="#fnref:1" class="reversefootnote" role="doc-backlink">↩</a></p>
</li>
<li id="fn:2" role="doc-endnote">
<p>Format of <code class="language-plaintext highlighter-rouge">TZ</code> variable is <a href="https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/tzset">documented in <code class="language-plaintext highlighter-rouge">_tzset()</code> function</a>.
<em>However</em>, it doesn’t mention the behavior if supplied value does
not satisfy documented format. In fact virtually infinite randomly
invented values would be accepted. <a href="#fnref:2" class="reversefootnote" role="doc-backlink">↩</a></p>
</li>
</ol>
</div>Abel CheungThe bitter fight against Windows timezone support …Rifiuti2 0.6.0 released2015-05-16T00:03:24+00:002019-07-13T04:27:09+00:00https://abelcheung.github.io/rifiuti2/release/2015/05/16/version-0-6-released<p>Quite a long time since previous release (6.5 years). Actually I have thought
about abandoning the software before, but some anonymous users persuaded me
to keep it up by submitting patch for Windows 10 format. There was no way
to get any info for this bug reporter (not even email address, it was
mangled inside Google Code), but still I would want to say thank you to
this anonymous user!</p>
<p>Version 0.6.0 <a href="https://github.com/abelcheung/rifiuti2/releases/tag/0.6.0">available for download here</a>, with pre-compiled Windows binary
and several formats of source archives (tarball, zipball, tar/xz archive).</p>Abel CheungA release originally wouldn't have existed, if it were not receiving patch from enthusiastic users fixing support for Windows 10.Reason for abandoning MSYS 1.02015-05-15T03:26:02+00:002019-05-31T06:02:48+00:00https://abelcheung.github.io/rifiuti2/development/2015/05/15/reason-abandon-msys1<p>There are multiple reasons for abandoning MSYS 1.0 as supported compile
platform, in favor of <a href="https://www.msys2.org/">MSYS2</a>.</p>
<ul>
<li>Testsuite is guaranteed to fail. There are 2 issues here:
<ol>
<li>MSYS 1.0 bash simply won’t work with non-ASCII path, which
is listed as a test case in <code class="language-plaintext highlighter-rouge">rifiuti2</code>. All such paths are treated
as ‘No such file or directory’. Same problem has been
observed on MSYS2 until <a href="https://developer.gnome.org/glib/stable/glib-Windows-Compatibility-Functions.html#g-win32-get-command-line"><code class="language-plaintext highlighter-rouge">g_win32_get_command_line()</code></a> call is used.</li>
<li>Some test cases mysteriously fail, but the difference of result inspected
with bare eye seems identical. Apparently there is some discrepancy
of new line characters at work — it is not an issue on Linux / Unix,
but problem will be very observable on Windows.</li>
</ol>
</li>
<li>There was no more update for MSYS / MinGW32 since 2012. Not a fatal sin,
but if there is any problem, I have to maintain everything and fix
manually. And that’s not a reproduceable development environment.</li>
<li>No 64-bit support. It is possible to compile both 32 and 64-bit binaries
with MSYS2, but old version is 32-bit only.</li>
</ul>
<p class="callout callout-info"><strong>Four years later:</strong> Looks like MinGW + MSYS <a href="https://osdn.net/projects/mingw/">has a new home</a> and moving
again (e.g. 64-bit support) since 2018, but it’s too little too late now.</p>Abel CheungThere are multiple reasons for abandoning MSYS 1.0 as supported compile platform, in favor of MSYS2.Site is up2015-05-15T03:00:00+00:002015-05-15T03:00:00+00:00https://abelcheung.github.io/rifiuti2/site/2015/05/15/site-is-up<p>Finally get the <a href="https://pages.github.com/">Github page</a> set up done with <a href="https://jekyllrb.com/">Jekyll</a>, instead of
simply using <code class="language-plaintext highlighter-rouge">README.md</code> as a boilerplace webpage. Some learning curve is
involved, but luckily not steep.</p>
<p>Hope more about the analysis of different recycle bin formats can be
written up later, in particular the less common Windows versions. So
far nobody has covered the format used in Windows 10 (only slightly
different from Vista though), as well as the <code class="language-plaintext highlighter-rouge">INFO</code> format used
in Win95.</p>Abel CheungFinally get the Github page set up done with Jekyll, instead of simply using README.md as a boilerplace webpage. Some learning curve is involved, but luckily not steep.