avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • July 22, 2018, 06:05 AM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 363next
I prefer the original, non-stained color, to be honest.

The two color samples you're showing remind me of furniture in old people's homes - so dark and brooding :)

Left undisturbed, operational HDDs don't usually "suddenly fail", they tend to progressively fail in incremental fashion, all the meanwhile logging their gradual deterioration in their on-board SMART data accumulators. Analysis of HDD failure can be quite enlightening and can enable the user to predict HDD failure, when they avail themselves of SMART monitoring to detect when it is time to migrate from a failing drive, rather than risk blindly waiting till forced to recover from an already-failed drive.
That's not the experience I've had as a consumer.

In some cases, I've seen "reallocated sector count" or some similar stat go up before an eventual full breakdown - but mostly, it's been "worked fine yesterday, now I can't get my data". And I've had disks with reallocater sectors that kept trucking along for years without flaw, and just ended up being too small.

SMART is a mess. The values are opaque, and you can't really compare them between brands. There's no guarantee you'll get reported errors before a failure, and reported errors are no guarante of a failure. And, moving from spinning magnetic platters to solid state drives, failures tend to be "oops, logic board died, all data is lost".

From my experience, it can be really powerful, especially using inline assembler to optimize code- a feature that I've not seen so easily used in many IDEs.  I have nostalgia for it- from my first real development opportunity being in Delphi 1
I learned programming with Turbo Pascal 6 back in the day, and spent a lot of time with Borland Pascal 7 as well, before moving on. Back then, the Borland IDEs were second to none, the integrated context-sensitive help system was unmatched. And because compilers generally sucked back then, and the machines were slow, the inline assembly feature was pretty good. I moved onto C/C++, but the first couple versions of Delphi were interesting because they made Windows development easy.

But after that? The whole Borland -> Inprise -> Embarcadero mess was reason enough to abandon the language, IMHO. Other, more powerful, languages appeared, several of them without costly licenses. If you want easy GUI, it's hard to beat .NET.

And inline assembly is IMHO useless these days - if there's a substantial speed gain to be had these days, it's usually from writing a large chunk in assembly, enough that you're better off writing it in an external .asm module in a proper assembler. That, or use a language + compiler that has good assembly intrinsics.

Why is that bad news?  You either get a new license for a new year, or upgrade from what I'm reading your statement.
Because it makes the offering unusable? :)

It might be "the same as it was before", but that status quo is "at the mercy of Embarcadero". I wonder if they, deep down, really just want Delphi to die... there's a lot of legacy stuff written in it, but with terms like this, I can't see much reason to choose the platform. Sure, Object Pascal isn't a bad language, but there's so many other (and better, IMHO) platforms around.

Sorry for the silence. I’m okay. Just not as okay as I’d like to be yet.[ Invalid Attachment ]
That's a pretty rad undercut she's rocking now!

Could you enlighten me why it is bad to set/unset global environment? That it is bad you mentioned, the "because" is missing. Thanks in advance!
Sure thing :)

First, notice that the global environment is persistent. You shouldn't be making persistent changes to the user's system unless that is what the user directly expects. If there's a name clash, you're going to overwrite the user's own setting, and if your program crashes, you leave a garbage environment variable behind.

By using global environment, you get re-entrancy issues - if you launch multiple child processes simultaneously, you risk several children getting the parameters for one of them.

And then there's the issue of admin privileges necessary for setting system environment variables, which makes this unsuitable for a general mechanism.

Finally, you should generally strive to adhere to the principle of least surprise, and keep mutable state as local as possible - since that leads to fewer bugs, and has the bugs that slip past you be easier-to-debug ones.

Set wshSystemEnv = wshShell.Environment( "SYSTEM" )
Do. Not. Do. This.

You'll be setting a system-wide environment variable - this is a bad, bad, bad idea unless you're specifically aiming to do that. Fortunately, at least on modern Windows versions, vbscript isn't allowed to do this, unless you're running it with admin privileges.

If you need to use vbscript instead of a proper language, go for the solution that executes cmd /c "set foo=bar & mainexecutable".

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 18, 2018, 12:49 AM »
I am sorry, this option is gone. While developing/learning MMX it was possible. When i published it here it was possible to get code. Now the Crypt-Algo is already bound to another Application.
Why does that change anything?

I am pretty sure you have code anyway :-)
It would be easy enough reverse-engineering it - but it's not that I'm particularly interested in the algorithm. Sharing it would be for your own good, to learn from the discussion you could have with more experienced developers :)

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 17, 2018, 04:17 PM »
As Jibz say, I'm pretty direct ;)

Take it for what it's meant to be - honest advice, not an attempt at saying you're stupid or that what you've made is worthless. Jibz put it a bit more eloquently, and you should definitely take his advice to heart.

But let me elaborate a bit.

The "hard" thing first: your method is not secure, and it is not practical. Whether "secure" matters depends on your threat model, but there are many other solutions out there that are both convenient and offer hard cryptographic security.

And then on to some words of encouragement: playing around with crypto is fun. Try doing stuff on your own, see what other people have done. Optimizing is fun, and going assembly-level with interesting instruction sets even moreso. Don't stop being interested in these things!

The best thing you can do with this NANY entry is to share the code. Talk to other developers. Accept criticism, learn from it. There's a good chance you'll end up learning stuff about encryption as well as optimizing.

For fun, I've attached a couple of files from 1997 when I thought I had designed a super cool crypto scheme.

I got this "set -ua ..." off the www as a possible answer to my question.
-OptimalDesigns (July 17, 2018, 03:28 PM)
Where? Considering "u" isn't a valid argument to set, and "-" being the wrong argument specifier, that just seems like bad advice.

I write VB code and VBscript when necessary.
-OptimalDesigns (July 17, 2018, 03:28 PM)
VBScript (probably) requires the hack from your original post, VB should be able to use normal environment passing. Which language do you need the solution for? And if it's VB, is it old-school VB or VB.NET? And which version?

Anyone out there knows how to pass an environment variable from Windows?
-OptimalDesigns (July 17, 2018, 03:28 PM)
It's the seventh argument to CreateProcess ;)

General Software Discussion / Re: More Ads in Windows 10
« on: July 17, 2018, 03:28 PM »
This makes me question whether or not I really want to get myself too involved in Microsoft's ecosystem after all.
Don't. I have a feeling this is going to get even more ugly.

It's a damn shame, because in many ways, Win10 is the best OS that's out there - it's fast, it's stable compared to the shiny macOS, there's a lot of great under-the-hood security stuff baked in... but it's all fucked over by whatever department at Microsoft that believes embedding ads in the core OS is a good idea. That, and the telemetry you can't opt out of, and the forced updates and reboots that you can no longer control.

I'm seriously considering moving to Linux if they don't stop this crap, but there's a lot of stuff I'd miss from Windows :(

Since your post mentions "", I guess you're dealing with VBScript and not VB code?

In general, a parent process passes its environment down to a child process. At the operating system level, you can usually specify a new environment for the child process (e.g. to pass it data, like you want to). It doesn't seem like this is available in VBScript, though, so you're probably limited to the way you're currently trying to do it, prepending /set before the command you want to run.

A thing that springs to mind is you do "set -ua" - I don't know what the "u" parameter is supposed to do (not listed on my system with "set /?"), but more generally Windows uses forward-slash for arguments, not dash.

Here's a little cmd.exe session, which I hope will be instructive:

Also note that child environment is never propagated back to the parent process.

Instead of using environment variables, can't you use commandline arguments instead?

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt
« on: July 16, 2018, 12:09 PM »
So... what's the point? :-)

You don't support a passphrase, which means there isn't really any security.

You don't mention which encryption algorithm is used, making it hard to reason about the security if you implement key generation from passphrases later on.

Encryption a 4k text file full of 'A's makes it clear that you're using a 32-byte block size with no block chaining, which means that even if you use a decent encryption algorithm, your encryption as a whole can be broken.

So... this sounds like something that's probably a fun project, and where you might want to share the code with other people and learn from the experience.

But not a good idea to present it as a utility for other people.

Although it is more work, I would recommend to do a GitLab installation from the ground up. The Docker solution (or similar software) is decent, but I barely see how Docker is helping me for my particular use-cases.
Docker is pretty great, even if you don't plan to use it for scaling out. All setup and configuration is codified, so you don't miss a point in an install step, and getting an instance up and running is fast. The isolation it offers is pretty good as well - not as good as a full-blown VM, of course, but because of how lightweight it is, you can afford to containerize pretty much all the services you have running on a single machine.

And there's lots of other nice uses for it. Like, being able to create a Linux filesystem image (think custom RaspBerry Pi or custom device firmware) from a Windows or macOS machine, without booting up a VM and transferring files in and out of that. Or making sure everybody on the team has a similar runtime dev env for testing, regardless of host OS. Or being able to build <whatever_language>*<whatever_version> binaries without drowning in dependency hell on a single host OS.

While Docker for Windows is great for development work, I wouldn't run production stuff on it - it's simply not ready for that kind of prime-time yet. There's performance issues as well as bugs... we have a customer who insists on running stuff on Windows servers (because that's what their hosting company knows, and they use that hosting company because the CEOs are buddy-bros) - we have to restart the stuff because the current stable version has a bad leak in vpnkit. Ouch.

I am implying that the hostname of the upstream DVCS repository does not matter to anyone who even remotely understands his shiny plaything.
Yes, this detail doesn't matter that much - there's an inconvenience in getting all the references fixed, and that's it. That you're suggesting this is the issue is silly, though, since it's really about #2.

Like what? The issue tracker? Indeed, it is a rather dumb idea to sacrifice yourself to voluntary vendor lock-in - but that's not Microsoft's fault at all. As if Microsoft would endanger your precious bug reports...
Issue tracker, pull requests, wiki, github pages, discoverability, the social aspect. The integrated two-factor auth stuff... teams... stats... the commercial support... access control... vulnerability scanning... GitHub is a really well-working and polished product. It gives you loads of features you don't get with a bare "just a file storage bucket" repository.

You can't avoid vendor lock-in unless you go for an on-premise solution. It's been a while since I checked out GitLab (but they do both cloud and on-prem, right?) - but I've worked a fair bit with Atlassians Stash/BitBucket. It can run on-prem, but it's not open-source, and while it's a good product, it's lagging quite a bit behind what GitHub offers.

And sure, Git is a DVCS. But in and by itself it's not super effective for collaboration, especially when you're outside a single team or company... you need an additional layer on top of the raw DVCS. If everybody runs different systems, collaboration gets harder.

Every centralized repository is a single point of failure. IMO, the sanest approach is C's: You'll just get your headers/libs from your OS vendor.
You've got to be joking.

There's so much wrong with this idea that I don't even know where to start - that'll be for tomorrow :)

(Although I wonder why most people ignore the fact that they are mad about their preferred "DVCS" hoster being bought... Git's target audience does not seem to be the brightest of all.)
Are you implying they're silly because "it's DVCS, they can just move elsewhere"?

In that case, please keep in mind that the repository hosting is the smallest part of what GitHub offers - it's all the stuff built on top and around that makes it worthwhile.

Also, many projects and even programming languages (talking to you, Go!) natively integrate GitHub as their package repository. That means that not only the official source would be gone for a while - large parts of the software world wouldn't even compile anymore. That's a bad sign.
Same goes for the JVM world and the main maven repository, the node.js hipsters and npm, et cetera.

Is there any language/ecosystem that has a nice package repository without a single point of failure?

Why don't they just stop?  That's insane!
Indeed, it is.

And I generally stay away from games protected by Denuvo and similar insanity. I don't want to support the idiots who believe these ham-fisted schemes are justifiable.

I was about to make an exception for Far Cry 5, but then realized it requires Ubisofts shitty Uplay shit, even when purchased on Steam... so that became another no-purchase.

General Software Discussion / Re: What's going on with Java?
« on: July 15, 2018, 01:12 PM »
So, about the Java issue...

It's a bit chilling. But it's nothing new, whOracle has always restricted access to older versions of their software to paid subscribers.

It's a shitty move for Java, though, since older software still used by people might not always work with the newest versions. That happened a lot for JRE6, and we're going to see it with JRE8 again, because (among other things) of the module system changes introduced with JRE9.

There's some other musings in Oracle to charge for Java from Jan 2019 - I believe the title is a bit alarmist, unless I've misunderstood something you can still run stuff on JRE8 for free... it's just that you won't be able to download it without having commercial support. Unless I've misunderstood something, which is quite possible, because whOracle are evil.

General Software Discussion / Re: What's going on with Java?
« on: July 15, 2018, 01:00 PM »
Excuse my ignorance but is Java used that much any more? I have advised everyone I know that uses OpenOffice to move to LibreOffice and remove Java from their system.
-Carol Haynes (April 30, 2018, 08:56 AM)
Hm, I thought LibreOffice was developed in Java - certainly runs sluggishly enough that it could be using one of those crappy GUI toolkits.

But there's more megabytes of *.py than *.jar in the version 6.0 I've currently got installed.

What's it written in these days? Natively-compiled Java, C++, ...?

Also, Java is still used a lot on the server side. Both the language itself, but also all the other languages running on top of the JVM, like Clojure, Scala, Kotlin...

Living Room / Re: Abusing Emoji on your computer filesystem
« on: July 15, 2018, 07:38 AM »
I wonder what kind of files are stored in the "🍑🍆" folder :P

I'm a bit late to the party, but...

^^ Good link. Thanks. And the author is right - it is FUD, and generally, wherever one finds FUD, one will usually find an accompanying $commercial and/or a political motivation, if not simply an "ulterior" motive.
The warnings about Spectre and Meltdown weren't FUD.

As Jibz said, the prime target isn't end-user machines, but stuff running in the cloud. Thing is, more and more stuff is being moved to cloud infrastructure - email, the ecosystems for software updates on everything from phones to server and desktop operating systems, payment processors, social media, every-friggin-thing. Being able to freely dump memory of other tenants on the infrastructure? TERRIBAD!

Fortunately Meltdown was "fairly easy" to fix, and without adding that big overhead... depending on workload and whether the CPU is recent enough to support the "Process Context ID" feature.

Spectre on the other hand? It's a can of worms where the lid has just been popped off. It's a class of bugs that's very hard to totally fix, because of the way modern CPUs work - unless we're willing to give up a lot of speed. I expect we're going to see a game of whack-a-mole for a while.

Spectre is a lot harder to abuse, and doesn't give the full, well, meltdown as Meltdown did. But it's still a serious issue, and it was exploitable by Javascript code running in browsers - i.e., something that can be used to target end-users.

This was not a case of cry wolf. It was a case of "we need to fix shit, now, before people outside the NSA, GRU and GCHQ start
abusing these flaws".

Haven't used it, wouldn't touch it with a red hot poker.

"LEGACY" used to be a good word, a word you would be pleased to see.
Not in the world of software, Curt :-)

General Software Discussion / Re: ERROR after upgrading Windows
« on: September 07, 2017, 11:58 AM »
Keep and lock - shows the pattern and outs the spammers.

Pages: [1] 2 3 4 5 6 ... 363next