Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 24, 2017, 03:44 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 362next
1
"LEGACY" used to be a good word, a word you would be pleased to see.
Not in the world of software, Curt :-)

2
General Software Discussion / Re: ERROR after upgrading Windows
« on: September 07, 2017, 11:58 AM »
Keep and lock - shows the pattern and outs the spammers.

3
Wordpress does seem to be a target/recipient of attacks disproportionately, but i think having a single install, with minimal 3rd party extensions, which was kept always up to date, would be more secure than having a large number of different frameworks that were sporadically updated if ever..
Emphasis mine.

Either you figure out a way to always auto-update to the newest version, while not breaking anything... or you have to do this manually, figuring out if an update will break things, looking for CVEs to see if you have to zomgupdatenow or if you can keep it on a regular schedule. You'll also have to prevent users from installing just any plugins, since that's how mass-defacements usually happen.

If somebody wants Wordpress, I think they should be going for a managed solution at Wordpress rather than dealing with it themselves.

4
I understand your headaches wrt. maintenance and security, but...

It would be more restrictive in format (i.e. mostly uniform appearance of user pages), but that could also be an advantage in terms of consistency, and would have the advantage of sharing visitors and popularity and being able to have a shared news/release page, etc.
I'm not sure this is an advantage - this loses uniqueness of dcmembers pages, and you might as well run the member pages off donationcoder.com then?

5
Living Room / Re: For those with a CrashPlan...
« on: August 29, 2017, 01:24 PM »
Apparently it's hard to get straight answers from SpiderOak - at least on twitter. They're weazeling around the pretty simple question of "are you throttling uploads?" :-(

6
The filesize and website-like interface are probably both explained by the fact that it essentially is a website. So in order to be portable it has to bundle an HTML engine, JavaScript engine, etc, for the consistent look across all platforms.
I wish people would stop doing this.

It's OK if you use the webby stuff for core functionality anyway, but it's bloated and borderline insane to bundle so much crap just because you're lazy.

7
I mean, resurrecting this old thread
I believe the thread was actually resurrected by a spammer, and the spam post got removed. But not before f0dder posted his response. :Thmbsup:
Bingo, Deo! - Otherwise I wouldn't have seen it.

Unless you're old or orphans, one will always end up missing friends or family, making the endeavour pointless.

Now, let's forget this thread :-)

8
Anyone know of any good activities?
Drink until you forget the person.

9
Living Room / Re: For those with a CrashPlan...
« on: August 27, 2017, 03:19 PM »
Yes, Jibz, versioning (and retaining versions sanely!) is a very important part of backups for me as well. I don't view a product without versioning as a backup product.

Being able to set bandwidth limits is nice, I don't want a backup application to mess with my internet usage - but utilizing less than 10% of my pipe and taking forever to back up stuff is not optimal, either. And I do worry about how fast SpiderOak is able to restore...

I'm having a hard time finding a backup product that has a client (with a feature set) that I like, and the online storage (speed + cost) definitely is a hard thing to get right as well  >:(  >:(  >:(

10
Living Room / Re: For those with a CrashPlan...
« on: August 27, 2017, 10:37 AM »
Reading up on Backblaze, I'm not sure that's an option - the only restore option is download through a browser, not their client?!

Currently testing SpiderOak one. The UI is prettier than last time I tried it (but still custom stuff rather than system-native, *sigh*). It's slightly better memory-wise than Crashplan, but still weighing in at around 400 megabytes for the two running processes. And it's still ungodly slow - there's no network speed indicator in the application, but Windows task manager show between 2-3mbit/s. That's not terribly good usage of my 30mbit/s upstream.

Also, it seems that when you "Download" something from SpiderOak, if the files exist on the local machine, those will be copied rather than downloaded? My connection definitely can't do 300MB in a couple of seconds. This means I can't (easily) gauge how fast I'll be able to actually get my files in case of an emergency. Sigh.

11
Living Room / Re: For those with a CrashPlan...
« on: August 27, 2017, 03:41 AM »
I'm personally not really super interested in various cloud storage providers - that kind of stuff is interesting in its own right, but Crashplan was a backup solution. So I'm first and foremost looking for a new backup client that can fill the void... this does include online storage as part of the deal, whether the backup service's own or tight integration with some other provider.

Is Amazon's Glacier a proper backup destination, if it's your sole remote? I thought it was pretty slow + "expensive" to get stuff out of Glacier? One of the important things wrt. backups is testing your backup archives regularly, which doesn't seem to fit too well with Glacier's model...

Also, nice little Carbonite burn from the Backblaze offer ;-)
Quote
There are no extra charges and no limits on the size of your files — no matter how many videos you want to back up.

12
Yes, using a program based on stolen source code, with binaries compiled by an unknown party - what could possibly go wrong?  :huh: :huh: :huh:

13
Living Room / Re: For those with a CrashPlan...
« on: August 26, 2017, 06:14 AM »
I logged on to DoCo today for this reason as well.

Pretty shitty decision by the Code42 folks - sure, it's easier dealing with companies than regular plebs, but they could have kept the service running, and focused their marketing drones on recruiting companies.

What are the alternatives these days? I need something that offers me control over what to backup (preferably folder-based and with regex, or at least extension-based exclusions), a good amount of online storage, and ability to do simultaneous local backup is a plus. E.g. basically the CrashPlan feature set - something that's not Java-based and thus uses less memory would be nice.

I like SpiderOak's zero-knowledge philosophy, but their UI is quirky, and last time I used it (several years ago), it was both very CPU-intensive, as well as having really slow speed to their backup servers, from my location in Denmark.

I haven't checked if Carbonite suits those needs, but from the website it seems to be very focused on simple end-users.

14
I much prefer ssh for transport protocol for my VCS, since it allows me to do public-key based authentication instead of HTTPS user/password wank. It's the sane default choice.

15
It is a apparent that this is one of those things, like religion and politics, that people adhere to and have their own opinions on
That's what people who use filthy spaces would have you believe - us tabbers have the objective facts, obviously.

;)

16
Someone mistyped a . for a /  :huh: (they are quite close together on a US keyboard layout :P)
Yes, yes! That was... definitely!... what happened ;P

17
I don't do much with Python.  However it does seem much more natural to type a block by hitting Enter, then Tab rather than holding down the shift key and hitting a curly brace.  At the end of the block you hit backspace to back off the indentation rather than again holding down the shift key and hitting another curly brace.  I didn't find it all that problematic when using an editor that knows Python.
I don't find adding braces is much bother, and it removes ambiguity - if a language uses indentation for semantic purposes, you run a higher risk of stupid bugs. Especially if you copy/paste snippets of code from the intarwebs, and who doesn't these days? :-)

Quote
You're either using a very, very narrow monitor (for professional development I've been on 120 columns with plenty of real estate for an IDE for 5+ years), or having crazy amounts of indents.
I guess you don't use end of line comments much.
Indeed, I don't.

I find that when I use proper variable and function names - which requires extracting well-defined, single-purpose functions - I don't need end-of-line quotes for anything. The code reads pretty naturally, and when I need comments, it's usually a larger block describing why somethign is done in a special way, performance considerations, external API/service quirks, whatever.

So use an editor that has a hard tab/spaces option.  I don't get the controversy.  But for people who may type in the < 30 wps range hitting shift brace combinations is distracting and causes a lot of lint since it is easy to get a bracket when you want a brace.  Also I notice many IDEs, at least in free tools, lack a reformatting indentation parser(such as Tidy.)  When I used Delphi 5 I found it liberating to just type in the code all messy and hit the function key for Delforex to indent and capitalize according to rules etc..  If everything lined up chances were good I did not have any typos.
The controversy is a people thing, and it's already mentioned above. Tabs means flexibilty, spaces means people shoving their preferred indentation size down your throat.

18
As Deozaan says, it also means that you (you special snowflake!) is trying to dictate how wide my indents are supposed to be, instead of letting that be up to my editor settings. Editor settings that probably vary depending on whether I'm on a machine with big monitors, or editing in Vim through SSH.
Not really.  If that's what the team decides on, then that's what the team does as a rule.  And when others come into the team, they adhere to the standard.  Right?
It sucks if the team has made the misguided decision to use spaces, but yes.

19
I consider languages insisting on indentation for semantics (like Python) to have made a really bad choice in that regard. The intention might have been to make program structure clearer, but it's dictatorial "we know better" that doesn't belong in a language, and it ends up causing more troubles than it solves.

I hate it when source wraps to the next line or kicks in the horizontal scrollbar just because there were a few nested blocks generating a bunch of white space.
You're either using a very, very narrow monitor (for professional development I've been on 120 columns with plenty of real estate for an IDE for 5+ years), or having crazy amounts of indents.

I've been using tab-is-4-spaces indenting for some 15+ years, but I'm considering changing that to oldschool 8, since it forces you to reduce indentation - preferably by splitting your code into shorter, coherent functions.

20
Using spaces for indentation is stupid.

It's treating a semantic piece of information as visual formatting, and that by itself should be enough to disregard space-formatting.

As Deozaan says, it also means that you (you special snowflake!) is trying to dictate how wide my indents are supposed to be, instead of letting that be up to my editor settings. Editor settings that probably vary depending on whether I'm on a machine with big monitors, or editing in Vim through SSH.

I've never seen indentation be a problem for VCS (any of the modern ones, anyway - pre-subversion days don't count), unless you've got non-team-players that insist on reformatting files instead of sticking to the project standard.

The only place where you might need "consistency" is if you have tabular data represented as code - and that's easily solved by tabs-for-indent, spaces-for-alignment, which is a fine compromise until everybody is using automagical IDEs that don't care about source representation and do on-screen format based on language rules :-)

21
Quote
The administrative shares that have been part of Windows for a long time have been a staple for remote file management for IT pros.
s/pros/skiddies.

Sure, they're useful for legit admin actions, but they're one of the first things I disable after I install Windows :)

22
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 01:13 PM »
I disagree.  By insisting on funky characters that make you shift mode on touch keyboards they can always say you made a typo when entering.  Even if they are the ones who changed what you typed.  It amounts to asking the service provider for permission to use your own account.
What on earth are you on about? :huh: :huh: :huh:

23
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 10:21 AM »
Of course the above is simplistic, and you can do things like uppercasing and other character manipulations - but an extended alphabet will always require (quiiiite a bit) more effort for a string of the same length.
I'm sure that technically you have foundation for your argument(s).  But people live day to day fine with getting home from work and using a house key to get into their house/condo/apartment.  It does not stress them that a guy with a couple of battery powered drills can drill out the front door lock in about 30 seconds if he has practiced the procedure.  But the owner/renter can get in his own place in the most likely event terrorists are not waiting inside.
I'm sorry, but that is a silly attempt at an analogy.

Getting your credentials leaked is a very real risk - just look at the monster breaches various big sites have had over the last few years. You really should consider your password hashes to have been breached, and better hope you haven't used any sites negligent enough to use weak hashing (or no hashing at all, or reversible encryption instead of hashing).

So you need to pick your passphrases under the assumption that it will be suffering an offline attack.

There's a balance point past which the customer exists to serve the service instead of the other way around.  We have already tipped the scales in many areas.
Password hygiene has nothing to do with "customer serving the service", but you're right that there's a balance - that balance is between how much effort you put into securing credentials for Site X vs. how much it would hurt if that set of credentials are breached.

For most people, getting facebook or their primary email account taken over can lead to a lot of hurt.

Using a password manager to have unique, strong passwords per-site really isn't much of a hassle. Adding 2-factor authentication is a minor annoyance, but it's worth doing for "primary" accounts like mail, facebook, github and the likes.

24
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 02:44 AM »
My point was that although passwords that are made of actual words were more vulnerable than those "secure" generated ones, if you do not limit the number of attempts at cracking them then nothing is secure.  Also the same thing applies to hijacking the encrypted database.  If the brute force method can be applied offline then just because the passwords have no vowels and some numbers and symbols sprinkled in that will not long delay the cracking.
That is wrong, though - and it all comes down to the number of guesses you have to make.

Assuming a dictionary of ~171k enlighs words and stringing five of them together (one more word than XKCD's Correct Horse Battery Staple) gives 171000^5 permutations. I don't know what the average word length is, but let's be (very) generous to the string-words-together method and compare to a 20-character random string of base64 alphabet - which gives 64^20 permutations. That's 9.091.152.181 times as many password attempts.

Of course the above is simplistic, and you can do things like uppercasing and other character manipulations - but an extended alphabet will always require (quiiiite a bit) more effort for a string of the same length.

Seems to me setting delays on IPs and domains generating invalid logon attempts would be more secure.
False dilemma - using secure passphrases doesn't remove rate limiting. And while rate limiting definitely should be implemented, it only protects against remote bruteforcing of the lamest of lame passwords. Strong passwords guard against offline attacks.

25
For video encoding, if you're not worried about temperature, just setting the encoder process to a low priority should still keep the machine usable, though.

Pages: [1] 2 3 4 5 6 ... 362next