avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • January 22, 2019, 10:14 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 364next
Living Room / Re: Interesting, low-effort, blackmail-esque spam
« on: August 01, 2018, 11:29 AM »
One of the newer trends of these sextortion scams is to use hacked/leaked passwords to make them appear more legitimate. Lots of people are falling for it...

A heads up that DC is still broken.
Use a browser instead of a semi-broken wannabe OS ball of mud ;)


But yeah, I actually think it would have looked nicer if the legs were closer to front and thus more visible.
I, on the other hand, find the look pretty great. Having the legs flush with the rest of the structure seems... blocky, I guess. Current placement is good :)

And I'm still unconvinced as to whether I chose correctly going with this lighter reddish/orangeish stain, instead of my normal dark brown stain, but that ship has sailed.
Oh, this is the light color I slammed on IRC? Looks a lot nicer on the finished product!

If you were to pick a darker tint, I think a deep chestnut kinda thing would have been nice in that setting.

I'm curious about the placement of the feet. I would expect them to be almost flush with the outside corners, and maybe an extra one or two near the center. Why did you choose to place them the way you did?
Better support and weight distribution?


Disabling updates is not an option. Making updates non-automatic might work, but is a poor option.
I don't want to have to remember to go and check for + install updates - I want it to be a fairly automatic process.

wraith808: that link is just Microsoft really, really, REALLY not getting what people are complaining about >_<

Any clue as to why it's happening - ransom, specifically targetting us, or being a collateral damage of colocation?

I believe the necessary policies only work on enterprise versions, not even pro versions >_<

Removing the task files are not enough, they get re-created. The same goes for setting all ACLs to deny access, Windows will eventually go "Lol, I'm LOCALSYSTEM, bitch, what are you gonna do about it?" and reset/recreate the ACLs.


This morning I woke up to a computer that was turned on - "oh great, Windows Update resumed from standby again, and even did it in spite of me turning off wake timers". That would have been a minor annoyance to start the day with, unfortunately it also turned out the image file backing my persistent ramdisk had been corrupted, and I had forgotten to add the folders on it I cared about to my backup set.

I'm sick and tired of the forced reboots in general, it's ******* bad attitude of Microsoft not allowing power users to turn them off, and that they're forced even when applications have unsaved data and tell Windows that they're not ready to shut down really ought to bring a class action lawsuit. Oh, and the

I could almost live with the forced reboots, except that windows update ******* resumes the device from standby in order to do the reboots. Yes, even though I've modified the power plan settings to not allow wake timers. This is... I mean, it's beyond contempt for us users.

I've tried several solutions in the past, like disabling orchestration services, deleting the UpdateOrchestrator task files, deleting the content of the task files and removing ACLs for even the SYSTEM user to the files, et cetera -they always get recreated at some point in time during a system update.

So... are there any existing solutions to bloody STOP this insanity from happening? Any gpedit policies (that don't require enterprise edition of Win10) and actually work?

Or do I have to write a tool that continually scan for the task files and delete them if they're re-added, check for the reboot dialog box and try to cancel it, etc?

Yeah, I guess Windows only resumes from standby, not poweroff - but I prefer standby for my desktop machine, so I can just pick up where I left off.

If this is something you're going to need often, you can look into XSLT - it lets you transform XML files in pretty flexibly ways.

It's pretty clunky to work with, though, so if you need a quick solution for a specific problem, there's probably easier ways.

Living Room / Re: Privacy (collected references)
« on: July 24, 2018, 04:45 PM »
Doesn't it help prevent tracking?
Not really, no. You have to consider that most people aren't on static global IPs, but will either have dynamic IPs, or even (a very large number) be behind cgnat. The tracking folks obviously want to be able to uniquely identify you even in spite of that, and across devices as well.

Trying to use VPN against that is absolutely useless.

You can avoid some of it if you use a combination of uMatrix (in whitelisting mode), conservative use of noscript, a decent adblocker like uBlock Origin, adding in HTTP Referer header control and Firefox Multi-Account Containers. But it's still not a 100% guarantee and it's a fair amount of work getting some sites to work the first time you visit them.

Living Room / Re: Privacy (collected references)
« on: July 24, 2018, 11:04 AM »
Please don't think a VPN is going to give you any form of privacy.

A VPN lets you access a remote network securely across an insecure line - this is the only thing it's guaranteed to do. It's the only thing you should be using it for. Stop spreading the damn misconception that it's useful for privacy.

If you want to watch Netflix content from a different region, fine, VPN will let you do that, but morally you might was as well then be torrenting the content.

If you're doing something shady and want to hide your tracks, a VPN is not what you want. Not even one of the paid ones. Not even one of the "WE DON'T LOG ANYTHING AND WE VALUE YOUR PRIVACY". Stop it. There's a few threat models where a VPN can be a viable solution, but for those you should be running it yourself on a cloud instance somewhere. If you don't know how to do that, or think it's too much bother, you shouldn't be doing something shady in the first place - or you're not doing something that warrants that use of VPN, and should just not be doing it.

And stay entirely away from the ones that don't require payment, the market is shady as fuck and they've been doing all sorts of nasty stuff.

I prefer the original, non-stained color, to be honest.

The two color samples you're showing remind me of furniture in old people's homes - so dark and brooding :)

Left undisturbed, operational HDDs don't usually "suddenly fail", they tend to progressively fail in incremental fashion, all the meanwhile logging their gradual deterioration in their on-board SMART data accumulators. Analysis of HDD failure can be quite enlightening and can enable the user to predict HDD failure, when they avail themselves of SMART monitoring to detect when it is time to migrate from a failing drive, rather than risk blindly waiting till forced to recover from an already-failed drive.
That's not the experience I've had as a consumer.

In some cases, I've seen "reallocated sector count" or some similar stat go up before an eventual full breakdown - but mostly, it's been "worked fine yesterday, now I can't get my data". And I've had disks with reallocater sectors that kept trucking along for years without flaw, and just ended up being too small.

SMART is a mess. The values are opaque, and you can't really compare them between brands. There's no guarantee you'll get reported errors before a failure, and reported errors are no guarante of a failure. And, moving from spinning magnetic platters to solid state drives, failures tend to be "oops, logic board died, all data is lost".

From my experience, it can be really powerful, especially using inline assembler to optimize code- a feature that I've not seen so easily used in many IDEs.  I have nostalgia for it- from my first real development opportunity being in Delphi 1
I learned programming with Turbo Pascal 6 back in the day, and spent a lot of time with Borland Pascal 7 as well, before moving on. Back then, the Borland IDEs were second to none, the integrated context-sensitive help system was unmatched. And because compilers generally sucked back then, and the machines were slow, the inline assembly feature was pretty good. I moved onto C/C++, but the first couple versions of Delphi were interesting because they made Windows development easy.

But after that? The whole Borland -> Inprise -> Embarcadero mess was reason enough to abandon the language, IMHO. Other, more powerful, languages appeared, several of them without costly licenses. If you want easy GUI, it's hard to beat .NET.

And inline assembly is IMHO useless these days - if there's a substantial speed gain to be had these days, it's usually from writing a large chunk in assembly, enough that you're better off writing it in an external .asm module in a proper assembler. That, or use a language + compiler that has good assembly intrinsics.

Why is that bad news?  You either get a new license for a new year, or upgrade from what I'm reading your statement.
Because it makes the offering unusable? :)

It might be "the same as it was before", but that status quo is "at the mercy of Embarcadero". I wonder if they, deep down, really just want Delphi to die... there's a lot of legacy stuff written in it, but with terms like this, I can't see much reason to choose the platform. Sure, Object Pascal isn't a bad language, but there's so many other (and better, IMHO) platforms around.

Sorry for the silence. I’m okay. Just not as okay as I’d like to be yet.[ Invalid Attachment ]
That's a pretty rad undercut she's rocking now!

Could you enlighten me why it is bad to set/unset global environment? That it is bad you mentioned, the "because" is missing. Thanks in advance!
Sure thing :)

First, notice that the global environment is persistent. You shouldn't be making persistent changes to the user's system unless that is what the user directly expects. If there's a name clash, you're going to overwrite the user's own setting, and if your program crashes, you leave a garbage environment variable behind.

By using global environment, you get re-entrancy issues - if you launch multiple child processes simultaneously, you risk several children getting the parameters for one of them.

And then there's the issue of admin privileges necessary for setting system environment variables, which makes this unsuitable for a general mechanism.

Finally, you should generally strive to adhere to the principle of least surprise, and keep mutable state as local as possible - since that leads to fewer bugs, and has the bugs that slip past you be easier-to-debug ones.

Set wshSystemEnv = wshShell.Environment( "SYSTEM" )
Do. Not. Do. This.

You'll be setting a system-wide environment variable - this is a bad, bad, bad idea unless you're specifically aiming to do that. Fortunately, at least on modern Windows versions, vbscript isn't allowed to do this, unless you're running it with admin privileges.

If you need to use vbscript instead of a proper language, go for the solution that executes cmd /c "set foo=bar & mainexecutable".

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 18, 2018, 12:49 AM »
I am sorry, this option is gone. While developing/learning MMX it was possible. When i published it here it was possible to get code. Now the Crypt-Algo is already bound to another Application.
Why does that change anything?

I am pretty sure you have code anyway :-)
It would be easy enough reverse-engineering it - but it's not that I'm particularly interested in the algorithm. Sharing it would be for your own good, to learn from the discussion you could have with more experienced developers :)

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 17, 2018, 04:17 PM »
As Jibz say, I'm pretty direct ;)

Take it for what it's meant to be - honest advice, not an attempt at saying you're stupid or that what you've made is worthless. Jibz put it a bit more eloquently, and you should definitely take his advice to heart.

But let me elaborate a bit.

The "hard" thing first: your method is not secure, and it is not practical. Whether "secure" matters depends on your threat model, but there are many other solutions out there that are both convenient and offer hard cryptographic security.

And then on to some words of encouragement: playing around with crypto is fun. Try doing stuff on your own, see what other people have done. Optimizing is fun, and going assembly-level with interesting instruction sets even moreso. Don't stop being interested in these things!

The best thing you can do with this NANY entry is to share the code. Talk to other developers. Accept criticism, learn from it. There's a good chance you'll end up learning stuff about encryption as well as optimizing.

For fun, I've attached a couple of files from 1997 when I thought I had designed a super cool crypto scheme.

I got this "set -ua ..." off the www as a possible answer to my question.
-OptimalDesigns (July 17, 2018, 03:28 PM)
Where? Considering "u" isn't a valid argument to set, and "-" being the wrong argument specifier, that just seems like bad advice.

I write VB code and VBscript when necessary.
-OptimalDesigns (July 17, 2018, 03:28 PM)
VBScript (probably) requires the hack from your original post, VB should be able to use normal environment passing. Which language do you need the solution for? And if it's VB, is it old-school VB or VB.NET? And which version?

Anyone out there knows how to pass an environment variable from Windows?
-OptimalDesigns (July 17, 2018, 03:28 PM)
It's the seventh argument to CreateProcess ;)

General Software Discussion / Re: More Ads in Windows 10
« on: July 17, 2018, 03:28 PM »
This makes me question whether or not I really want to get myself too involved in Microsoft's ecosystem after all.
Don't. I have a feeling this is going to get even more ugly.

It's a damn shame, because in many ways, Win10 is the best OS that's out there - it's fast, it's stable compared to the shiny macOS, there's a lot of great under-the-hood security stuff baked in... but it's all fucked over by whatever department at Microsoft that believes embedding ads in the core OS is a good idea. That, and the telemetry you can't opt out of, and the forced updates and reboots that you can no longer control.

I'm seriously considering moving to Linux if they don't stop this crap, but there's a lot of stuff I'd miss from Windows :(

Since your post mentions "", I guess you're dealing with VBScript and not VB code?

In general, a parent process passes its environment down to a child process. At the operating system level, you can usually specify a new environment for the child process (e.g. to pass it data, like you want to). It doesn't seem like this is available in VBScript, though, so you're probably limited to the way you're currently trying to do it, prepending /set before the command you want to run.

A thing that springs to mind is you do "set -ua" - I don't know what the "u" parameter is supposed to do (not listed on my system with "set /?"), but more generally Windows uses forward-slash for arguments, not dash.

Here's a little cmd.exe session, which I hope will be instructive:

Also note that child environment is never propagated back to the parent process.

Instead of using environment variables, can't you use commandline arguments instead?

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 16, 2018, 12:09 PM »
So... what's the point? :-)

You don't support a passphrase, which means there isn't really any security.

You don't mention which encryption algorithm is used, making it hard to reason about the security if you implement key generation from passphrases later on.

Encryption a 4k text file full of 'A's makes it clear that you're using a 32-byte block size with no block chaining, which means that even if you use a decent encryption algorithm, your encryption as a whole can be broken.

So... this sounds like something that's probably a fun project, and where you might want to share the code with other people and learn from the experience.

But not a good idea to present it as a utility for other people.

Pages: [1] 2 3 4 5 6 ... 364next