Messages

26

General Software Discussion / Re: How to REALLY stop ******* Windows Update on Win10?

« on: July 25, 2018, 01:28 PM »

I believe the necessary policies only work on enterprise versions, not even pro versions >_<

Removing the task files are not enough, they get re-created. The same goes for setting all ACLs to deny access, Windows will eventually go "Lol, I'm LOCALSYSTEM, bitch, what are you gonna do about it?" and reset/recreate the ACLs.

27

General Software Discussion / How to REALLY stop ******* Windows Update on Win10?

« on: July 25, 2018, 01:04 PM »

Hi,

This morning I woke up to a computer that was turned on - "oh great, Windows Update resumed from standby again, and even did it in spite of me turning off wake timers". That would have been a minor annoyance to start the day with, unfortunately it also turned out the image file backing my persistent ramdisk had been corrupted, and I had forgotten to add the folders on it I cared about to my backup set.

I'm sick and tired of the forced reboots in general, it's ******* bad attitude of Microsoft not allowing power users to turn them off, and that they're forced even when applications have unsaved data and tell Windows that they're not ready to shut down really ought to bring a class action lawsuit. Oh, and the

I could almost live with the forced reboots, except that windows update ******* resumes the device from standby in order to do the reboots. Yes, even though I've modified the power plan settings to not allow wake timers. This is... I mean, it's beyond contempt for us users.

I've tried several solutions in the past, like disabling orchestration services, deleting the UpdateOrchestrator task files, deleting the content of the task files and removing ACLs for even the SYSTEM user to the files, et cetera -they always get recreated at some point in time during a system update.

So... are there any existing solutions to bloody STOP this insanity from happening? Any gpedit policies (that don't require enterprise edition of Win10) and actually work?

Or do I have to write a tool that continually scan for the task files and delete them if they're re-added, check for the reboot dialog box and try to cancel it, etc?

Yeah, I guess Windows only resumes from standby, not poweroff - but I prefer standby for my desktop machine, so I can just pick up where I left off.

28

General Software Discussion / Re: How to extract tree hierarchy in xml?

« on: July 25, 2018, 12:49 PM »

If this is something you're going to need often, you can look into XSLT - it lets you transform XML files in pretty flexibly ways.

It's pretty clunky to work with, though, so if you need a quick solution for a specific problem, there's probably easier ways.

29

Living Room / Re: Privacy (collected references)

« on: July 24, 2018, 04:45 PM »

Doesn't it help prevent tracking?

-Deozaan (July 24, 2018, 02:10 PM)

Not really, no. You have to consider that most people aren't on static global IPs, but will either have dynamic IPs, or even (a very large number) be behind cgnat. The tracking folks obviously want to be able to uniquely identify you even in spite of that, and across devices as well.

Trying to use VPN against that is absolutely useless.

You can avoid some of it if you use a combination of uMatrix (in whitelisting mode), conservative use of noscript, a decent adblocker like uBlock Origin, adding in HTTP Referer header control and Firefox Multi-Account Containers. But it's still not a 100% guarantee and it's a fair amount of work getting some sites to work the first time you visit them.

30

Living Room / Re: Privacy (collected references)

« on: July 24, 2018, 11:04 AM »

Please don't think a VPN is going to give you any form of privacy.

A VPN lets you access a remote network securely across an insecure line - this is the only thing it's guaranteed to do. It's the only thing you should be using it for. Stop spreading the damn misconception that it's useful for privacy.

If you want to watch Netflix content from a different region, fine, VPN will let you do that, but morally you might was as well then be torrenting the content.

If you're doing something shady and want to hide your tracks, a VPN is not what you want. Not even one of the paid ones. Not even one of the "WE DON'T LOG ANYTHING AND WE VALUE YOUR PRIVACY". Stop it. There's a few threat models where a VPN can be a viable solution, but for those you should be running it yourself on a cloud instance somewhere. If you don't know how to do that, or think it's too much bother, you shouldn't be doing something shady in the first place - or you're not doing something that warrants that use of VPN, and should just not be doing it.

And stay entirely away from the ones that don't require payment, the market is shady as fuck and they've been doing all sorts of nasty stuff.

31

General Software Discussion / Re: Software for planning wood bookcases/cabinets/tables etc?

« on: July 22, 2018, 05:10 AM »

I prefer the original, non-stained color, to be honest.

The two color samples you're showing remind me of furniture in old people's homes - so dark and brooding

32

Living Room / Re: Windows 7 update stuck on constant "need to restart" - end of my tether

« on: July 21, 2018, 05:55 PM »

Left undisturbed, operational HDDs don't usually "suddenly fail", they tend to progressively fail in incremental fashion, all the meanwhile logging their gradual deterioration in their on-board SMART data accumulators. Analysis of HDD failure can be quite enlightening and can enable the user to predict HDD failure, when they avail themselves of SMART monitoring to detect when it is time to migrate from a failing drive, rather than risk blindly waiting till forced to recover from an already-failed drive.

-IainB (July 21, 2018, 02:38 PM)

That's not the experience I've had as a consumer.

In some cases, I've seen "reallocated sector count" or some similar stat go up before an eventual full breakdown - but mostly, it's been "worked fine yesterday, now I can't get my data". And I've had disks with reallocater sectors that kept trucking along for years without flaw, and just ended up being too small.

SMART is a mess. The values are opaque, and you can't really compare them between brands. There's no guarantee you'll get reported errors before a failure, and reported errors are no guarante of a failure. And, moving from spinning magnetic platters to solid state drives, failures tend to be "oops, logic board died, all data is lost".

33

Developer's Corner / Re: Delphi for free? YES!! Delphi Community Edition is out!

« on: July 19, 2018, 03:38 PM »

From my experience, it can be really powerful, especially using inline assembler to optimize code- a feature that I've not seen so easily used in many IDEs.  I have nostalgia for it- from my first real development opportunity being in Delphi 1

-wraith808 (July 19, 2018, 03:08 PM)

I learned programming with Turbo Pascal 6 back in the day, and spent a lot of time with Borland Pascal 7 as well, before moving on. Back then, the Borland IDEs were second to none, the integrated context-sensitive help system was unmatched. And because compilers generally sucked back then, and the machines were slow, the inline assembly feature was pretty good. I moved onto C/C++, but the first couple versions of Delphi were interesting because they made Windows development easy.

But after that? The whole Borland -> Inprise -> Embarcadero mess was reason enough to abandon the language, IMHO. Other, more powerful, languages appeared, several of them without costly licenses. If you want easy GUI, it's hard to beat .NET.

And inline assembly is IMHO useless these days - if there's a substantial speed gain to be had these days, it's usually from writing a large chunk in assembly, enough that you're better off writing it in an external .asm module in a proper assembler. That, or use a language + compiler that has good assembly intrinsics.

34

Developer's Corner / Re: Delphi for free? YES!! Delphi Community Edition is out!

« on: July 19, 2018, 01:51 PM »

Why is that bad news?  You either get a new license for a new year, or upgrade from what I'm reading your statement.

-wraith808 (July 19, 2018, 12:12 PM)

Because it makes the offering unusable?

It might be "the same as it was before", but that status quo is "at the mercy of Embarcadero". I wonder if they, deep down, really just want Delphi to die... there's a lot of legacy stuff written in it, but with terms like this, I can't see much reason to choose the platform. Sure, Object Pascal isn't a bad language, but there's so many other (and better, IMHO) platforms around.

35

Living Room / Re: Simone Giertz, Building bad robots, making videos, and coping with a brain tumor

« on: July 18, 2018, 04:03 PM »

Sorry for the silence. I’m okay. Just not as okay as I’d like to be yet.[ Invalid Attachment ]

-https://twitter.com/SimoneGiertz/status/1015350393902002177

-Deozaan (July 07, 2018, 01:10 AM)

That's a pretty rad undercut she's rocking now!

36

General Software Discussion / Re: How to -connect- Windows Visual Basic Apps with Windows Batch files?

« on: July 18, 2018, 04:02 PM »

Could you enlighten me why it is bad to set/unset global environment? That it is bad you mentioned, the "because" is missing. Thanks in advance!

-KodeZwerg (July 18, 2018, 03:38 PM)

Sure thing

First, notice that the global environment is persistent. You shouldn't be making persistent changes to the user's system unless that is what the user directly expects. If there's a name clash, you're going to overwrite the user's own setting, and if your program crashes, you leave a garbage environment variable behind.

By using global environment, you get re-entrancy issues - if you launch multiple child processes simultaneously, you risk several children getting the parameters for one of them.

And then there's the issue of admin privileges necessary for setting system environment variables, which makes this unsuitable for a general mechanism.

Finally, you should generally strive to adhere to the principle of least surprise, and keep mutable state as local as possible - since that leads to fewer bugs, and has the bugs that slip past you be easier-to-debug ones.

37

General Software Discussion / Re: How to -connect- Windows Visual Basic Apps with Windows Batch files?

« on: July 18, 2018, 11:13 AM »

Set wshSystemEnv = wshShell.Environment( "SYSTEM" )

Do. Not. Do. This.

You'll be setting a system-wide environment variable - this is a bad, bad, bad idea unless you're specifically aiming to do that. Fortunately, at least on modern Windows versions, vbscript isn't allowed to do this, unless you're running it with admin privileges.

If you need to use vbscript instead of a proper language, go for the solution that executes cmd /c "set foo=bar & mainexecutable".

38

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt

« on: July 18, 2018, 12:49 AM »

I am sorry, this option is gone. While developing/learning MMX it was possible. When i published it here it was possible to get code. Now the Crypt-Algo is already bound to another Application.

-KodeZwerg (July 17, 2018, 08:18 PM)

Why does that change anything?

I am pretty sure you have code anyway :-)

-KodeZwerg (July 17, 2018, 08:18 PM)

It would be easy enough reverse-engineering it - but it's not that I'm particularly interested in the algorithm. Sharing it would be for your own good, to learn from the discussion you could have with more experienced developers

39

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt

« on: July 17, 2018, 04:17 PM »

As Jibz say, I'm pretty direct

Take it for what it's meant to be - honest advice, not an attempt at saying you're stupid or that what you've made is worthless. Jibz put it a bit more eloquently, and you should definitely take his advice to heart.

But let me elaborate a bit.

The "hard" thing first: your method is not secure, and it is not practical. Whether "secure" matters depends on your threat model, but there are many other solutions out there that are both convenient and offer hard cryptographic security.

And then on to some words of encouragement: playing around with crypto is fun. Try doing stuff on your own, see what other people have done. Optimizing is fun, and going assembly-level with interesting instruction sets even moreso. Don't stop being interested in these things!

The best thing you can do with this NANY entry is to share the code. Talk to other developers. Accept criticism, learn from it. There's a good chance you'll end up learning stuff about encryption as well as optimizing.

For fun, I've attached a couple of files from 1997 when I thought I had designed a super cool crypto scheme.

40

General Software Discussion / Re: How to -connect- Windows Visual Basic Apps with Windows Batch files?

« on: July 17, 2018, 03:41 PM »

I got this "set -ua ..." off the www as a possible answer to my question.

-OptimalDesigns (July 17, 2018, 03:28 PM)

Where? Considering "u" isn't a valid argument to set, and "-" being the wrong argument specifier, that just seems like bad advice.

I write VB code and VBscript when necessary.

-OptimalDesigns (July 17, 2018, 03:28 PM)

VBScript (probably) requires the hack from your original post, VB should be able to use normal environment passing. Which language do you need the solution for? And if it's VB, is it old-school VB or VB.NET? And which version?

Anyone out there knows how to pass an environment variable from Windows?

-OptimalDesigns (July 17, 2018, 03:28 PM)

It's the seventh argument to CreateProcess

41

General Software Discussion / Re: More Ads in Windows 10

« on: July 17, 2018, 03:28 PM »

This makes me question whether or not I really want to get myself too involved in Microsoft's ecosystem after all.

-Deozaan (July 05, 2018, 03:54 PM)

Don't. I have a feeling this is going to get even more ugly.

It's a damn shame, because in many ways, Win10 is the best OS that's out there - it's fast, it's stable compared to the shiny macOS, there's a lot of great under-the-hood security stuff baked in... but it's all fucked over by whatever department at Microsoft that believes embedding ads in the core OS is a good idea. That, and the telemetry you can't opt out of, and the forced updates and reboots that you can no longer control.

I'm seriously considering moving to Linux if they don't stop this crap, but there's a lot of stuff I'd miss from Windows

42

General Software Discussion / Re: How to -connect- Windows Visual Basic Apps with Windows Batch files?

« on: July 17, 2018, 11:36 AM »

Since your post mentions "oShell.run", I guess you're dealing with VBScript and not VB code?

In general, a parent process passes its environment down to a child process. At the operating system level, you can usually specify a new environment for the child process (e.g. to pass it data, like you want to). It doesn't seem like this is available in VBScript, though, so you're probably limited to the way you're currently trying to do it, prepending /set before the command you want to run.

A thing that springs to mind is you do "set -ua" - I don't know what the "u" parameter is supposed to do (not listed on my system with "set /?"), but more generally Windows uses forward-slash for arguments, not dash.

Here's a little cmd.exe session, which I hope will be instructive:


Also note that child environment is never propagated back to the parent process.

43

General Software Discussion / Re: How to -connect- Windows Visual Basic Apps with Windows Batch files?

« on: July 16, 2018, 12:11 PM »

Instead of using environment variables, can't you use commandline arguments instead?

44

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt

« on: July 16, 2018, 12:09 PM »

So... what's the point? :-)

You don't support a passphrase, which means there isn't really any security.

You don't mention which encryption algorithm is used, making it hard to reason about the security if you implement key generation from passphrases later on.

Encryption a 4k text file full of 'A's makes it clear that you're using a 32-byte block size with no block chaining, which means that even if you use a decent encryption algorithm, your encryption as a whole can be broken.

So... this sounds like something that's probably a fun project, and where you might want to share the code with other people and learn from the experience.

But not a good idea to present it as a utility for other people.

45

General Software Discussion / Re: Microsoft to buy GitHub in $7.5B all-stock deal

« on: July 16, 2018, 12:07 PM »

Although it is more work, I would recommend to do a GitLab installation from the ground up. The Docker solution (or similar software) is decent, but I barely see how Docker is helping me for my particular use-cases.

-Shades (July 15, 2018, 10:17 PM)

Docker is pretty great, even if you don't plan to use it for scaling out. All setup and configuration is codified, so you don't miss a point in an install step, and getting an instance up and running is fast. The isolation it offers is pretty good as well - not as good as a full-blown VM, of course, but because of how lightweight it is, you can afford to containerize pretty much all the services you have running on a single machine.

And there's lots of other nice uses for it. Like, being able to create a Linux filesystem image (think custom RaspBerry Pi or custom device firmware) from a Windows or macOS machine, without booting up a VM and transferring files in and out of that. Or making sure everybody on the team has a similar runtime dev env for testing, regardless of host OS. Or being able to build <whatever_language>*<whatever_version> binaries without drowning in dependency hell on a single host OS.

While Docker for Windows is great for development work, I wouldn't run production stuff on it - it's simply not ready for that kind of prime-time yet. There's performance issues as well as bugs... we have a customer who insists on running stuff on Windows servers (because that's what their hosting company knows, and they use that hosting company because the CEOs are buddy-bros) - we have to restart the stuff because the current stable version has a bad leak in vpnkit. Ouch.

46

General Software Discussion / Re: Microsoft to buy GitHub in $7.5B all-stock deal

« on: July 15, 2018, 04:56 PM »

I am implying that the hostname of the upstream DVCS repository does not matter to anyone who even remotely understands his shiny plaything.

-Tuxman (July 15, 2018, 04:33 PM)

Yes, this detail doesn't matter that much - there's an inconvenience in getting all the references fixed, and that's it. That you're suggesting this is the issue is silly, though, since it's really about #2.

Like what? The issue tracker? Indeed, it is a rather dumb idea to sacrifice yourself to voluntary vendor lock-in - but that's not Microsoft's fault at all. As if Microsoft would endanger your precious bug reports...

-Tuxman (July 15, 2018, 04:33 PM)

Issue tracker, pull requests, wiki, github pages, discoverability, the social aspect. The integrated two-factor auth stuff... teams... stats... the commercial support... access control... vulnerability scanning... GitHub is a really well-working and polished product. It gives you loads of features you don't get with a bare "just a file storage bucket" repository.

You can't avoid vendor lock-in unless you go for an on-premise solution. It's been a while since I checked out GitLab (but they do both cloud and on-prem, right?) - but I've worked a fair bit with Atlassians Stash/BitBucket. It can run on-prem, but it's not open-source, and while it's a good product, it's lagging quite a bit behind what GitHub offers.

And sure, Git is a DVCS. But in and by itself it's not super effective for collaboration, especially when you're outside a single team or company... you need an additional layer on top of the raw DVCS. If everybody runs different systems, collaboration gets harder.

Every centralized repository is a single point of failure. IMO, the sanest approach is C's: You'll just get your headers/libs from your OS vendor.

-Tuxman (July 15, 2018, 04:33 PM)

You've got to be joking.

There's so much wrong with this idea that I don't even know where to start - that'll be for tomorrow

47

General Software Discussion / Re: Microsoft to buy GitHub in $7.5B all-stock deal

« on: July 15, 2018, 04:20 PM »

(Although I wonder why most people ignore the fact that they are mad about their preferred "DVCS" hoster being bought... Git's target audience does not seem to be the brightest of all.)

-Tuxman (June 04, 2018, 01:56 PM)

Are you implying they're silly because "it's DVCS, they can just move elsewhere"?

In that case, please keep in mind that the repository hosting is the smallest part of what GitHub offers - it's all the stuff built on top and around that makes it worthwhile.

Also, many projects and even programming languages (talking to you, Go!) natively integrate GitHub as their package repository. That means that not only the official source would be gone for a while - large parts of the software world wouldn't even compile anymore. That's a bad sign.

-Tuxman (June 05, 2018, 12:57 AM)

Same goes for the JVM world and the main maven repository, the node.js hipsters and npm, et cetera.

Is there any language/ecosystem that has a nice package repository without a single point of failure?

48

DC Gamer Club / Re: Denuvo 4.9 cracked... and with a startling realization of how bloated it is.

« on: July 15, 2018, 04:04 PM »

Why don't they just stop?  That's insane!

-wraith808 (July 07, 2018, 02:28 PM)

Indeed, it is.

And I generally stay away from games protected by Denuvo and similar insanity. I don't want to support the idiots who believe these ham-fisted schemes are justifiable.

I was about to make an exception for Far Cry 5, but then realized it requires Ubisofts shitty Uplay shit, even when purchased on Steam... so that became another no-purchase.

49

General Software Discussion / Re: What's going on with Java?

« on: July 15, 2018, 01:12 PM »

So, about the Java issue...

It's a bit chilling. But it's nothing new, whOracle has always restricted access to older versions of their software to paid subscribers.

It's a shitty move for Java, though, since older software still used by people might not always work with the newest versions. That happened a lot for JRE6, and we're going to see it with JRE8 again, because (among other things) of the module system changes introduced with JRE9.

There's some other musings in Oracle to charge for Java from Jan 2019 - I believe the title is a bit alarmist, unless I've misunderstood something you can still run stuff on JRE8 for free... it's just that you won't be able to download it without having commercial support. Unless I've misunderstood something, which is quite possible, because whOracle are evil.

50

General Software Discussion / Re: What's going on with Java?

« on: July 15, 2018, 01:00 PM »

Excuse my ignorance but is Java used that much any more? I have advised everyone I know that uses OpenOffice to move to LibreOffice and remove Java from their system.

-Carol Haynes (April 30, 2018, 08:56 AM)

Hm, I thought LibreOffice was developed in Java - certainly runs sluggishly enough that it could be using one of those crappy GUI toolkits.

But there's more megabytes of *.py than *.jar in the version 6.0 I've currently got installed.

What's it written in these days? Natively-compiled Java, C++, ...?

Also, Java is still used a lot on the server side. Both the language itself, but also all the other languages running on top of the JVM, like Clojure, Scala, Kotlin...