Latest posts of: f0dder - DonationCoder.com
Welcome Guest.   Make a donation to an author on the site August 04, 2015, 08:55:04 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the full one-year retrospective report on DonationCoder.com.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: [1] 2 3 4 5 6 ... 353 Next
1  Main Area and Open Discussion / Living Room / Re: Security: Stagefright Vulnerability (Android) on: July 31, 2015, 06:21:49 AM
People still use MMS?
Why?
Because it's a way to send/receive pictures for people who aren't on social media sites and don't use instant-messaging platforms?

Also, remember that just turning off MMS isn't enough to protect you from this exploit, it can be triggered in-browser as well. One of the worst exploits in a while...
2  News and Reviews / Mini-Reviews by Members / Re: Not-so-mini review of CrashPlan backup software on: July 31, 2015, 06:13:11 AM
Using Amazon Glacier or Google Nearline is cost prohibitive, but they're getting there. I would love to see a service using Nearline with some deduplication and a lean client. I have nothing against Java per se, but CrashPlan clearly hasn't optimized their client for memory usage.
Kinda impossible to do for Java. You need to reserve a heap that's large enough to handle your largest theoretical load, plus some extra for garbage collection bookkeeping. This can be grown dynamically, but I don't think the JVM ever shrinks the operating system allocated heap. Makes sense for server loads, isn't always a nice feature on client machines though.
3  Main Area and Open Discussion / Non-Windows Software / Re: Thoughts on "next generation" forum systems? (Discourse, nodeBB, etc.) on: July 27, 2015, 03:19:42 PM
I really, really, really dislike the "endless scrolling" method. It never really seems to work with how I want to use a site, it tends to get progressively slower (not sure if it's database access or too much crud in browser memory), and it's hard to search. I haven't checked discourse in a while, so it might have gotten better - but it sucked in this regard last time I checked it smiley
4  Main Area and Open Discussion / General Software Discussion / Re: AV testing: Is your antivirus app doing its job? on: July 27, 2015, 03:03:30 PM
even legit sites that you'd keep whitelisted might be compromised
As the manager of a web development team, this is something that I'm always paying attention to, much to the annoyance of some partners and even customers. You might be surprised how many third parties want us to directly reference js code that lives on somebody else's servers (for example, to show fancy interactive product info from the manufacturer).
I wouldn't be surprised, given I deal with both front- and backend code these days smiley

My position is that my users have agreed to trust *me*, but they don't even know that they'd be implicitly trusting *you*. I don't have the authority to transfer my users' trust like that, so I simply will not allow your code to run in my site.

We've made a couple of sort-of exceptions. If they'll give us the code to verify ourselves, and host on our own servers, it's much less of an exposure. At least I can still have control over the stuff that I have responsibility for, rather than just abdicating that security consciousness.
I'm opposed to pulling in just any random external link, but sometimes clients have desires that you just have to be pragmatic about. I don't much mind pulling in stuff from the google CDNs - if they get hacked, things are bad on so many other levels. You do have to consider *where* you pull in stuff, though, as referencing the google CDN serves as a tracking beacon even though you're just grabbing jQuery or Angular.

For most other stuff, I want a local copy, checked into the project's version control system. Better for security, and for project longetivity given how fickle a thing web development is.
5  Main Area and Open Discussion / General Software Discussion / Re: AV testing: Is your antivirus app doing its job? on: July 27, 2015, 02:56:27 PM
It's more important to avoid (or at least click-to-play) Java + Flash plugins than keeping JS disabled. The diagram it ignores the fact that Chrome has a special and somewhat-safer implementation of Flash, it ignores the smaller amount of malware targeting OSX, it ignores the browser used, and it ignores user behavior.

I do believe OSX has worse security holes than Windows, but given the combination of available malware and user behavior, I don't agree in the short-circuit. And fringe OSes are extremely unlikely to be infected with anything even with javascript turned on.
6  Main Area and Open Discussion / General Software Discussion / Re: AV testing: Is your antivirus app doing its job? on: July 27, 2015, 02:30:06 PM
Tuxman, that flowchart is not only elitist, it's also not very correct smiley
7  Main Area and Open Discussion / General Software Discussion / Re: AV testing: Is your antivirus app doing its job? on: July 27, 2015, 02:14:04 PM
You have to ask yourself what you're trying to protect against, and choose product accordingly.

Nothing whatsoever is going to be a 100% guarantee against 0days, not even behavioral monitoring. But most people aren't 0day targets, anyway; the biggest risk for ordinary people is accidentally surfing by one of the automated exploit kits, and those normally use relatively old exploits - but a whole bunch of them.

I personally can't be arsed with anything beyond MSE. I'm not arrogant enough to think I'd discover it if I were explicitly targeted with an APT, and while one might argue that my browser panzering + "don't run unknown shit outside of VMs" would probably be fine, I still keep MSE around in case I poke around on an external harddrive or the like.

For normal people, MSE would also be my suggestion. You just can't expect regular non-technical John Does to run NoScript, and even legit sites that you'd keep whitelisted might be compromised. MSE tends to suit those needs, it's less resource intensive than many competitors, it's gratis, and the people that manage to get infected anyway are basically helpless smiley
8  Other Software / Developer's Corner / Re: Syntax in Different Programming Languages on: July 27, 2015, 01:26:58 PM
How useful is a site like HyperPolyglot, though?

If you're at a proficiency level with the target language that you need to site, will you be able come up with something useful by looking at a cheat sheet? I don't think a"mechanical translation" like that wouldn't end up would result in good code, unless that languages are extremely similar (Java <> C#, for instance).

I think something that would be valuable would be samples of how to write ideomatic code in the target languages (requiring the user to be familiar with basic syntax) - but it's hard to do that with side-by-side comparisons, since different languages tend to solve different problems.
9  News and Reviews / Mini-Reviews by Members / Re: Not-so-mini review of CrashPlan backup software on: July 27, 2015, 11:23:32 AM
So clearly CrashPlan is doing something wrong, wrong, wrong.
Java? :-)

I'm fairly certain there are more effective approaches, such as using the NTFS file table to look for changed files, doing active file system monitoring (performance considerations?)
If I were to design a backup solution, I'd definitely use a combination of USN Journal scanning, if available, on program start-up, combined with filesystem notification events.
10  News and Reviews / Official Announcements / Re: DonationCoder Major Upgrades - Progress Report Thread on: July 27, 2015, 10:43:37 AM
Ok so those of you who use "unread since last visit" -- you click on the text link near your avatar, is that right? (see attachment in previous post)
And not the "UNREAD POSTS" button on the button bar, right (as that one is not "since last visit")?
Yep!

When I go to DC, it's either directly to that URL from a LaunchBarCommander shortcut, or by a notification email, followed by a click on the link-to-the-right-of-avatar-image once I'm done interacting with the posts from the notification email.
11  News and Reviews / Official Announcements / Re: DonationCoder Major Upgrades - Progress Report Thread on: July 26, 2015, 04:31:39 PM
Nice new goto menu at top of form:
Hopefully doesn't replace the one-click "Show unread posts (since last visit)." link?
12  Main Area and Open Discussion / General Software Discussion / Re: Chrome Portable in a RamDisk = decadence? on: April 30, 2015, 06:26:10 AM
I personally can't see much advantage of putting the browser executables on a ramdisk - they're small enough to load fast even on a mechanical HDD, and (for most people's usage patterns) once the browser is loaded, it stays loaded most of the day.

What can make sense is storing the browser cache on a ramdisk (I wouldn't disable it even if I had a 100mbit connection - latency and throughput to a local disk is a lot faster than any network connection) and, even more so, the firefox profile. Firefox does a fair amount of small reads and writes all the time while you're browsing to various SQLite databases (cookies, browsing history, website offline storage, et cetera).

I would recommend SoftPerfect RAM disk - it's fast(*), free, stable and no-nonsense. It supports persisting the contents to disk, and doing so at regular intervals, making it optimal both for %TEMP%(**) and for keeping data around.

(*): yes, there's noticable speed differences between ramdisk products.
(**): some installers expect %TEMP% to be persistant across reboots...

Hopefully applications know enough to check available disk space before trying to park giant temp files, like for m2ts muxing.  smiley
They generally don't smiley - if you want %TEMP% on a ramdisk, you should dedicate a sizable chunk, and be prepared to do one-off reverts especially for installers. 1gig works pretty OK for me, additionally storing firefox profile and WebSiteWatcher bookmarks.

[/quote]
The problem is it handles a huge amount of memory just to display the pages. The engine is inefficient and it leaks like there's no tomorrow. To be fair, it was even worse.
"Leaks like no tomorrow" hasn't been true for quite a while, leaks are mostly caused by poorly written addons. The engine isn't inefficient either, but there's tradeoffs... Firefox can get unresponsive if you're trying to load a zillion tabs at once, since it happens in one process, whereas Chrome launches a new process for each tab. So yeah, Chrome is more responsive in that scenario, but also ends up using a heavy chunk of memory.

Anyway, as the working space used by Firefox approaches to 10 figures (in bytes), just occupying that large a space becomes a burden on the CPU. Hence we have the unresponsive Firefox problem.
That sentence makes no sense smiley
13  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 28, 2015, 10:19:33 AM
What do you get for WRITE speed on your corsair?  btw, it is rated quite highly online.  Can you crack 100MBps?
Did a Windows reinstall the other day (now running Win8.1, yay!) and used the Coprsair for the install files - got a steady 50MB/s for the ~27gig vmware image I was restoring, that's decent enough write speed for a thumbdrive.
14  Main Area and Open Discussion / General Software Discussion / Re: Ad blocking add-ons in Pale Moon 25 on: April 19, 2015, 10:16:32 AM
Also would be nice for some of that ublock drama to die down as well.
Yes, indeed smiley
15  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 19, 2015, 10:07:23 AM
check that...I'm rereading your response.  Correct me if I'm wrong, but you are talking about 2.5 disks, not thumbdrives right?  If you have a thumbdrive that is consistently getting over 50MB/s, i need the model!
My first post has benchmarks of a SanDisk (50MB/s) and a Corsair (200MB/s) thumbdrive, my 2nd post is a 2.5" WD harddisk smiley
16  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 18, 2015, 08:11:00 PM
superboyac: well, "this guy tested it"... no, sorry.

I'm not a fan of USB myself, the protocol is a hackjob - as I mentioned before with firewire400 vs usb480. But it does work in practice, at least on recent systems... and the right ports. USB3 speed is a guesswork, "blue" ports on my motherboard seems irrelevant.

Quote
your corsair thumbdrive, i assure you, is getting nowhere near 200 MB/s.  reading is fine, nobody really has issues with reading speeds.  i'm willing to bet you're not even really getting over 50 MB/s sustained.
The results I've posted are from HDTune - it's real. Those are repeatable, sustained speeds. And we're talking old-fashioned megabyte/sec, not megabit or mibibiwhatever. Write speeds are obviously different, especially for flash memory, and I haven't timed those.

So...

I'll exclude all the externally powered devices from my conclusion - they perform way too well, anyway. So: the USB3-self-powered passport disk does 52MB/sec min, 116MB/s maxx. I have three of those, and one of them has two platters. I haven't transferred a petabyte to them yet, but it's close.

My experience:
eSata: joined too early, (reproducable) random disconnects due to buggy firmware - nice speed
usb2: lame, slow speed, instability due to drivers

usb3 has nice speed - but it requires host compatibility.
17  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 18, 2015, 06:00:09 PM
superboyac: weird.

USB isn't a super swell protocol, especially USB2 was bad - FireWire400 routinely beat the crap of out the 480mbit/s USB2, for various reasons. And I've seen my fair share of connectivity issues in the days of USB2. But I think it's been an issue of controllers and firmware - not drivers or protocol.

The last several years, I haven't had connectivity issues (apart from a few flashdrives frying). I've had devices connected and transferring for 10+ hours without problems (zeroing out a new drive or transferring data) for externally-powered USB2. My corsair USB3 flashdrive is fast (haven't timed writes, but even though it's slower than the ~200MB/s listed above, it's way faster than USB2 xfer speed).

A 180gig Intel SSD in (externally powered) USB3 docking station easily does 150MB/s, and the (self-powered) USB3 2.5" WD Passport 2TB has been stable as well, and performs pretty much as I expect a raw drive to do:
[attachthumb=#]

18  Main Area and Open Discussion / General Software Discussion / Re: Comodo Internet Security -- a cautionary tale? on: April 18, 2015, 01:10:58 PM
Generally this is very good advice *except* for when one has a need to see what outgoing connections are being made with your machine. The built-in Windows firewall can block incoming connections with the best of them, but there's no mechanism to interactively allow and block outgoing connections. Most people don't need or even care about this functionality, though.
Indeed, and I haven't seen any good reason for wanting that functionality. If you're paranoid, the built-in firewall can be toggled to whitelisting mode. If you need only specific applications blocked, you can blacklist those. If you're worried about malware, well, they can just exfiltrate data through an allowed process. If you're worried/curious about new software, you should be running that in a VM along with Wireshark. I really can't find a good usecase for 3rd party firewalls - they're too confusing for Regular Joe, and they don't add anything really worthwhile for the advanced user, IMHO... just noise.

Then, my good sir, I must respectfully believe that you have not been looking very hard. MSE has done horribly in independent testing for the last couple years, never scoring more than 60-65%. Most testing sites do not even take MSE seriously as an anti-malware solution and have stated they only include the results as a baseline. Microsoft themselves have stated that MSE has been moved to the back-burner a long time ago.
Have those independent test become reputable? The last time I took a look at a couple of them, the way scores were weighed was very, very suspicious and had me pondering whether it was completely independent of cash from the AV vendors. Haven't bothered to look at them for a while, but if you have a recent link to something reputable, please entertain me smiley - a link to MS stating MSE has been put on the backburner would also be nice. (I don't necessarily see that as a problem, anyway - there's no need for a whole lot of new features, as long as signatures are kept up to date).
19  Main Area and Open Discussion / General Software Discussion / Re: Ad blocking add-ons in Pale Moon 25 on: April 18, 2015, 12:37:34 PM
Just decided to check out Adblock Latitude and it is perfect. The "show acceptable ads" toggle has been removed, but....and I quote..."Can still show acceptable ads if you wish it and wish to support the Internet economy, by enabling the relevant filter (under subscriptions) manually."
That's still the old AdBlock engine though, isn't it? The advantage of ublock is it's new engine with higher performance and lower memory footprint - not a mostly irrelevant "show acceptable ads" checkbox :-)

(ublock seems to work in Pale Moon, but doesn't show up on the toolbar... so you can't use the pick-and-block functionality, and will be limited to using existing filter files).
20  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 18, 2015, 03:51:04 AM
Oh, and I'm annoyed with the way some manufacturers advertise speed. My 32GB SanDisk UltraFit is advertised as "up to 130MB/s read", but only does 40MB/s. It's stupid that they let their marketing goons be so deceptive... it's almost a 100MB/s difference, and 40MB/s is impressive for such a tiny thing, anyway.
[attachthumb=1]

For comparison, my 32GB Corsair Voyager GT 3.0 does 203MB/s - installs are preeetty fast from this one smiley
[attachthumb=2]
21  Main Area and Open Discussion / Living Room / Re: Kingston USB 3.0 for ISO usage on: April 18, 2015, 03:41:11 AM
I've been using USB flash drives for OS installs for years, even USB2 tends to outperform optical media. A 20x DVD drive can theoretically read 26MB/s, but that's at the outer rim of a pressed DVD - the reading speed starts out closer to 1X, and you don't tend to hit 20X for home-burnt media, and any random I/O kills performance totally... so a USB2 flash that can do 20MB/s easily beats your optical drive, and since USB3 ones can easily read 100+MB/s, I haven't touched opticals for ages smiley

As for ruggedness, I really dunno. It's been a while since I've had a flashdrive die on me, but when they do, it tends to be from one day to the next, without any warning, and without a lot of use. I don't trust those things, and use the solely for installs or data transfer, not for long-time storage of data.
22  Main Area and Open Discussion / General Software Discussion / Re: Comodo Internet Security -- a cautionary tale? on: April 17, 2015, 01:28:06 PM
Well, here's a wrinkle: In ublock, I can't get it to block Chessbase's embedded live-blitz frame, but it's blocked on Adblock Latitude. (I am really sensitive to moving things on a page!)
chessbase dot com, the live chessboard in the top right column?

Was pick-and-blockable with uBlock Origin 0.9.4.2 in Chrome... my FireFox has enough panzer that I'd have to disable some of it to even see the board smiley
23  Main Area and Open Discussion / General Software Discussion / Re: Comodo Internet Security -- a cautionary tale? on: April 17, 2015, 01:17:44 PM
It appears to be uBlock Origin in Chrome now after some sort of kerfuffle (as reported here by ghacks), fwiw.
Ugh, Google.

Also, the split between "uBlock Origin" and "uBlock" is a bit ho-humm. As I understand, the original author (gorhill) got overwhelmed by all the requests demands from users - which can indeed be overwhelming when you're doing something as a hobby project. Seems like the new maintainer (chrisaljoudi) might not have handled his responsibilities super well ("made with love and care by Chris." + donate button, not even mentioning gorhill on his site), so... meh.

This drama and uncertainty is disheartening, since the ublock engine has substantial advantages compared to the older adblock.
24  Main Area and Open Discussion / General Software Discussion / Re: Comodo Internet Security -- a cautionary tale? on: April 17, 2015, 07:40:26 AM
Btw, for FireFox it's important to install µblock from the GitHub link I posted, it's not updated anywhere near regularly from the official addon repository.
-does this mean, f0dder, that you are recommending the beta versions?
Perhaps not beta versions, but definitely from GitHub rather than the Mozilla repository - I'm on 0.9.3.0 for my FireFox install.

Pardon my French, I think uBlock is youBlock, not microBlock.
Hm, it seems you are right - it's "uBlock" in both Chrome and FireFox and now. Definitely used to be µblock.
25  Main Area and Open Discussion / General Software Discussion / Re: Comodo Internet Security -- a cautionary tale? on: April 17, 2015, 03:25:58 AM
Use a decent ad-blocker (the really nice µblock is available for firefox now as well!)...
I haven't heard of uBlock before. I just installed it.
Heh is there any problem running both uBlock and AdBlock at the same time?
They both use the same filter lists, so at best the blocker that runs last will do nothing.

µblock simply has a better engine than the adblock core, and uses less memory and CPU - so disable adblock and see if you run into any issues, you can always uninstall (or reenable) later smiley. Btw, for FireFox it's important to install µblock from the GitHub link I posted, it's not updated anywhere near regularly from the official addon repository.
Pages: [1] 2 3 4 5 6 ... 353 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.053s | Server load: 0.03 ]


Share on Facebook
submit to reddit