Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • March 26, 2017, 02:34:58 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 360next
General Software Discussion / Re: LessPass password manager
« on: March 22, 2017, 02:35:35 AM »
Have they changed the core mechanics of how it works, or is it still 100% utterly useless?

Last time I looked at it, the design meant compromised master password == having to change each and every password you've used it for.

Also, what this guy wrote.

While VMs can be escaped, you should keep in mind that a VM escape is an extremely valuable 0day.

So, if you get a piece of "interesting software" containing a VM escape, there's basically two scenarios:

1) you're targeted by a nation-state, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT.
2) you're dealing with a potentially nasty piece of malware, but it's using publically-known escape techniques.

Keep your VM software up-to-date! And don't even think about using sandboxing/containerizing software for testing BadStuff.

PS: while you're not super likely to find VM-escape in the wild, it's a lot more common for malware to have VM detection - meaning it won't activate when running in a VM, so it lulls you into a false feeling of safety.

General Software Discussion / Re: Malwarebytes goes full Anti-Virus
« on: March 17, 2017, 07:26:40 PM »
What a shame :(

General Software Discussion / Re: Windows Explorer now has banner ads
« on: March 12, 2017, 12:07:31 PM »
Man, ads in your operating system... ugh.

I quite like Windows 10, it's pretty snappy - but I really don't like this direction. Meh. Thought Microsoft had wisened up with Natya Sadella and all, but... ugh.

all of systems we work on now have a licensed copy on Notepad++ installed.
Huh, there's licensed versions of Notepad++?  :huh: :huh: :huh:

Living Room / Re: What books are you reading?
« on: February 28, 2017, 04:55:47 PM »
Finally reading The Mythical Man-Month.
"Few books on software project management have been as influential and timeless as The Mythical Man-Month. With a blend of software engineering facts and thought-provoking opinions, Fred Brooks offers insight for anyone managing complex projects."

While I'm a developer and not a project manager, I've been told (and sorta agree) that it's one of the "really should read" books in the industry. It's probably a bit over-hyped, but nonetheless it's a good read so far (next chapter is "No Silver Bullet") - and it's amazing how little of it seems dated, even though the first edition is from 1975.

UFO Defense and Terror From The Deep were such great games - a shame that the series was never continued.

Steam used to bundle my bugfix loaders for the Collector's Edition Win32 port, but I believe they use DosBox these days... my loaders certainly aren't Win10 compatible, it seems.

So, the tool is basically a DNS switcher? Or switcher + null-routing with hosts file?

How does it prevent DNS leaks and tracks? Switching to a DNS server that claims doing this is not the same as actually preventing it.

The feature list seems a bit like false advertisement, if it's just a blocklist. While null-routing known malware hosts does prevent getting malware from those domains, that really doesn't qualify a product as "anti-malware".

How come it's hosted on sourceforge if the source is not available?

Also, a couple of things regarding DnsCrypt:
1) it doesn't encrypt DNS traffic, it cryptographically verifies that the replies haven't been tampered with.
2) using a DNS server that's listed as "supporting DnsCrypt" is meaningless, you don't gain anything unless you're running the DnsCrypt client yourself.

Developer's Corner / Re: Anyone tried the Nim language yet?
« on: February 24, 2017, 02:29:46 PM »
I skimmed half of https://nim-lang.org/docs/tut1.html , and the basic syntax doesn't look bad... but indentation based syntax is enough to put me off, especially when I don't see something that strikes me as a killer feature.

A powerful macro system with the ability to modify the AST might be interesting, but... dunno. I'm just not "feeling it" :)

Why on earth would anybody in their right mind join a thing like this?

Developer's Corner / Re: Windows Update Controller
« on: January 03, 2017, 03:37:06 PM »
Overall I really like Windows 10 (and it has some nice security and performance things under the hood!) - but Microsoft does seem hell-bent on enforcing a couple of things in ways I really don't like (telemetry, forced windows updates + boots).

I'll be kinda surprised if you get it to respect registry values!

While your traffic will be encrypted, there's no way to hide that your IP address is connected to and communicating with the destination IP address.
A VPN masks what you're communicating with - snoopers will only be able to see that you're communicating with the VPN concentrator. The destination host won't see your IP either, it will see the IP of the VPN concentrator.

But as already mentioned, it's not foolproof and there's way to unmask you.

In short, a VPN can be a very secure tool for the right people in the right circumstances, but it's not a cure-all for everything malevolent on the internet.
Again: securely using the internet from an insecure location (hotel, café, whatever). Nothing more, nothing less.

If you're doing malevolent stuff and think a VPN will do anything for you, prepare for some jail time :-)

Living Room / Re: grab urls
« on: December 27, 2016, 10:16:42 AM »
I gave Downthemall a try, but is there a way to make the downloads delay every x seconds so that I won't abuse the server???
You can configure concurrent downloads and downloads-per-server in DownThemAll - that really should be all you need to to avoid "abusing" anything :)

I guess "MDC WiFi" means the WiFi network on your college?

If you get HTTPS certificate errors while connected to it, your college sysadmins are probably some misguided fools that are doing nasty man-in-the-middle shit on your connections.

General Software Discussion / Re: alternative to filehamster?
« on: December 27, 2016, 09:49:59 AM »
Git, Mercurial or even SVN should be used when versioning is necessary.
For source control style versioning, sure.

But for backup-style versioning? Nope, nope and nope. What you need in that situation is very different from the history-from-the-beginning-of-time versioning style that source version control systems offer.

fSekrit / Re: Fsekrit fails to run Thai text searches
« on: December 19, 2016, 02:21:52 PM »
You're thinking of file encoding, though :)

Notepad (on NT derived Windows versions) uses the Unicode APIs. I just took a quick look at Ted Notepad, and it's a Unicode application as well. I haven't looked deeply at Ted, but Notepad internally uses a "Rich edit control", which (even on Win9x) internally uses Unicode. It's when interacting with the rest of the system you run into ANSI/Unicode issues - Win9x has an extremely limited Unicode support, which is the reason fSekrit is an ANSI application.

The issue is here :) - I could probably get away with just local modifications to that file to get Unicode search support, before doing the proper rewrite of the whole application.

A VPN connection is useful for securely accessing LAN machine across the internet (corporate use), or securely using the internet from an insecure location (hotel, café, whatever). Nothing more, nothing less. If you think you're getting "protection" or "anonymity", think hard about what you're doing and which consequences it could have; while it will be sufficient to hide you from a nosey neighbour, it doesn't take a nation-state adversary to decloak.

Stay the hell away from the "free" offerings, unless you have the technical skills (and spare time) to routinely inspect all the network traffic - there's been some "free" proxy and vpn software doing very, very, very dodgy things.

And even for the paid ones, even if the "we do not keep any logs" and "we are definitely not a NSA honeypot" statements are true, there are things that can be done without the VPN company coöperating, from hacking concentrator nodes to analyzing traffic at the datacenter.

There are uses for VPNs, but anonymity (especially combined with "anything worse than petty crime") is definitely not a safe use.

Developer's Corner / Re: Recommendations for where to get SSL Certificates?
« on: December 19, 2016, 12:53:47 PM »
In this day and age, I would definitely go for LetsEncrypt for HTTPS certificates unless hard pressed to use something else. Self-signed certs aren't really appropriate for a public-facing website, even though they're technically more secure.

Dunno about code signing - aren't the options relatively limited?

Community Giveaways / Re: TIS-100, a programming game
« on: December 19, 2016, 12:45:06 PM »
TIS-100 is basically Human Resource Machine's older and veeeeery geeky brother :-)

fSekrit / Re: Fsekrit fails to run Thai text searches
« on: December 19, 2016, 12:44:23 PM »

There's a pretty good chance that you are correct - fSekrit uses the ANSI rather than Unicode APIs for text searching. I didn't bump into this problem myself, since Danish is simple enough to fit into an OEM codepage. More complex languages like Thai will probably fail.

Plans for "version next" (which still doesn't have a timeline) is dropping Win9x support and being fully Unicode. It's going to be a while before I get around to doing that, but I might be able to add Unicode search as a minor upgrade to the 1.x line. I currently don't have a development environment on my home machine, though, and I'm waiting for Visual Studio 2017 to be released before I go through the trouble of setting it up.

I expect it to be a pretty easy fix, but will probably break Win9x support - something I wanted to avoid doing for version 1.x.

fSekrit / Re: FSekrit 1.40 Error Saving File
« on: November 24, 2016, 02:51:50 PM »
Good to hear the source of the issue was found, but damn - that's pretty nasty, and a somewhat convoluted workaround. It seems like the issue has been introduced with some (late-ish) Win7 update? That would explain why I haven't run into it, since I've been running Win8 and now Win10 for a while - at least those versions haven't been plagued.

I wonder if there's anything I can do programmatically against this. The SuperUser thread mentions "several minutes delay", so doing a couple of tries with a short delay between (as is done elsewhere) is not an option.

fSekrit / Re: FSekrit 1.40 Error Saving File
« on: November 23, 2016, 03:49:26 AM »
Hi, sorry for the late reply.

The problem sounds a bit strange - you've been using fSekrit for years, and suddenly this error appears, without making any changes to the system? That the problem disappears in safe mode hints to me that the problem is with software, not NTFS permissions, and my guess would have been antivirus software. But you say there has been no changes, and that you even uninstalled Avira.

fSekrit works by copying itself to a temporary location and using that as the "editor" executable, to be able to write to the "document" executable (it's not possible to write to the executable file of a running program without doing some very dirty tricks). Under normal operation, this means the editor executable is in %TEMP%, unless you have a file called fSekrit.portable in the same folder as the document executable.

When saving, fSekrit starts by writing to a temporary file, then it deletes the document.exe, and finally moves the temporary file to the document.exe name. The fSekrit 1.40 codebase doesn't check for errors deleting document.exe, so that's probably the step that fails.

I'm not sure why that happens, as it's not something I've seen under normal operation (I'm running Win10 these days, but fSekrit 1.40 has been running on pretty much every version from Win9x). But something is probably keeping the document.exe open - this could be backup software, antivirus software, or even explorer.exe. I would suggest grabbing Sysinternals' Handle and see if it reports some other program keeping the document.exe open.

Found Deals and Discounts / Re: Vopt 9 defragger free
« on: August 13, 2016, 07:10:40 PM »
I notice some defraggers have an "SSD mode."  I wonder if it is merely marketing though.
Yes and no :-)
Just like everybody added "32" and "64" to their application names when those platforms were new, adding "SSD" to disk/filesystem utilities is a thing.

There's some valid things a defragger could do with SSD in mind, though. Like being less aggressive in consolidating fragments - it's not as necessary on SSDs as HDDs, and you want to minimize writes. Not sure if applications can control TRIM or if that's solely handled by the filesystem drivers, but that might be a thing as well.

Yep, pure speculation :)

I wonder if that is because it would have taken work to get it to the point where it could be released as such.
Good point.
While there might not be a lot to be embarassed at at that point in life, there could be 3rd-party code with licenses that aren't OS-friendly. A code dump without 3rd-party stuff that doesn't compile could be useful in and by itself, but it would require work to do... and that's probably not what you want to spend your final days on.

Found Deals and Discounts / Re: Vopt 9 defragger free
« on: August 13, 2016, 02:45:36 AM »
Too bad he didn't go all the way and made it open-source, not just gratis :)

Of course, with SSD hard disks most of the above has become a moot point, accessing fragmented or defragmented files on a SSD hard disk hardly makes any difference in time and are much faster than on a standard spinning hard disk anyway.  Still, the added bonuses from strictly separating files are still valid.
Would be interesting to see some benchmarks on this. I guess that if the fragments aren't smaller than the SSDs page size, you won't be able to measure a speed difference.

Clipboard Help+Spell / Re: CHS more colourful default?
« on: August 02, 2016, 04:13:51 PM »
Tastes differ - I find the "Save.Me" screenshot to look pretty gaudy, and prefer applications to use the Windows system skin unless there's a very good reason to look different. Which there isn't, for 99% of the software out there :)

General Software Discussion / Re: Firemin: reduce FF memory usage
« on: August 02, 2016, 02:10:15 PM »
I don't have much patience anymore with AddOns that aren't zero configuration.
Great power and flexibility requires a bit of effort - I'm impressed how easy uMatrix is to use, considering what it does.

Pages: [1] 2 3 4 5 6 ... 360next