The Geese Family (1): The Philosophy of Eating

Hello! This is my family. Daddy, mommy, me, and 5 brothers and sisters. We just came to the world this week. Everything is new and interesting to me.


We walk with mommy and daddy, learn everything


such as looking for food


"Darling, I think we'd better teach our kids looking for NATURE food, shall we?"


"I'm just a bit hungry ... And, the bread tastes not bad."


Let me take a look!


"Daddy, why do people feed us, but mommy seems not happy about it?" "Well, this is a beautiful and harsh world. You have to learn why they give you food before you accept it."


"See, honey, I'm teaching our kids philosophy."

Two Homeless Cats

This morning, when pulling out my car from the garage, I saw a trail of little footprints on my windshield. I smiled and thought, perhaps my two cat-friends are doing OK.

Shortly after I moved into the apartment, I started to notice the existence of homeless cats. It was in early spring, still chilly in the morning, sometimes one could see frost on the windshield. It often went dark when I drove home. One day, while parking my car, I saw a pair of shining green eyes staring at me underneath my neighbor's car. It was a tabby cat with black and white patterns on the back. Seeing me got off the car and walked out of the garage, the cat quickly sneaked under my car... perhaps he wanted to get warmed by the engine. Thinking that life is not easy even for the little thing, I quickly walked away, pretending never noticed him, so that he could enjoy the "heater" at he liked.

As it's getting warmer, I didn't see the cat waiting for the "heater" any more. Then I almost forgot his existence.

Then my parents visited me. My mom still kept the habit of getting up early and practicing TaiChi. As a cat lover, she noticed the homeless cats in the neighborhood almost immediately.

According to her observation, there are two cats in the neighborhood, they often go together: one is the tabby cat I saw before, the other is a Siamese cat, with dirty brownish skin, much smaller in size. It seemed the Siamese cat has some skin problems, its fur looks dirty and ugly. They often jump into the garbage cans in early morning and searching for food. Since noticing their existence, my mom often saved some fish bones, meat soup in a small bowl, mixed with bread or rice, and brought to them when it's getting dark.

It's interesting to watch them eating. At the beginning we assumed that they would eat together, or first come first serve. But in fact, they always follow an interesting order. It's always the Siamese cat eats first, and the tabby cat waits and watches. After the Siamese cat finishes, the Tabby cat then moves towards the bowl and finishes the rest. What kind of relationship do they have? We never know. After a few days, we noticed that the Siamese cat has a limped leg, which limited her to move or jump swiftly. It doesn't matter what relationship they have, we were all touched by the kindness of the Tabby cat. So we always bring food enough for both them.

Later we found that we were not alone--some other neighbors also bring food for them. One can often see several containers in different shape and size were put against the garage wall, holding food and water...

About Software Keylogger

You can imagine keylogger as sort of tapping device to collect your computer keystroke and other info, and secretly send it to somewhere else. It can be either hardware, or a piece of software. Installing hardware based keylogger requires physical access to the compromised machine, while a software based keylogger can be installed remotely by some trojans. Nowadays, as more and more people use internet for financial related activities, such as on-line shopping, stock trading, and bank transactions, there is a trend that malicious hackers collecting consumer personal information, such as on-line bank account credentials by using keylogging trojans. Here we focus on talking about software based keyloggers.

To understand how software keylogger works, we have to know a little about how our computer operating systems handle keystrokes. Let's take Windows OS as an example. What happens when you hit a key, say, letter "s" on your keyboard? The keystroke signal generates an interrupt, telling the OS to invoke the keyboard driver to handle the signal corresponding to "s", which we call "scan code". Then what does the driver do? It checks the language layout settings of your OS, finds out what language you are using, and translates the device-depended scan code into device-independent code that is called "virtual-key code", then creates a message including scan code, virtual-key code, and other necessary info, and puts the message into the Windows system message queue.

You have multiple applications running in your Windows--say, a browser, the Outlook, and a notepad. Which application this keystroke is related to? Well, now let's imagine that Windows OS has component works like a postman. He looks into the system queue, gets the message, checks who will be the receiver, and sends it to message queues for each application thread. When the application got the message, it does the same thing, and posts it to the corresponding procedure that displays the letter "s" in its corresponding window.

Now, let's talk about keyloggers. Based on where they hook on, keyloggers can be categorized into hook-based and kernel/driver-based. To make it convenient for application programmers to monitor message queue and diagnose problems, Micro Soft provides Windows Hooks API. Hook-based keyloggers just take advantage of such API. In general, a hook-based keylogger comes with an .exe file to initiate the hook, and a .dll file that does logging function. Such files usually hide in the system32 directory, or the keylogger installation directory. While running, the keylogger can access all windows messaging information, and even more--including some info not through keyboard input, such as IE's AutoComplete user credentials. However, since many anti-virus programs monitor Windows Hook APIs, hook-based keyloggers can be detected relatively easy.

Kernel-based keyloggers go further. They change the OS kernel files or drivers that handle the keystrokes or translating the virtual-key code to characters. For example, Windows OS has an Interrupt Dispatch Table (IDT), which tells the system which type of hardware interrupt should be handled by which driver function. Some kernel-based keylogger can modify this table, and make the os use a compromised keyboard driver to handle keystrokes. Implementing kernel-based keylogger requires more thorough knowledge of OS, so it's more difficult. But as a kernel-based keylogger is usually loaded into system earlier than other application programs, also they can be compiled into the OS seamlessly, it's very difficult, or impossible to detect some kernel-based keyloggers. Nowadays, the technology of researching, developing, and detecting programs that can hide themselves in an OS (they are called rootkits) becomes a big arm race between hackers and security professionals.