Latest posts of: f0dder -
HOME | Blog | Software | Reviews and Features | Forum | Help | Donate
Click here to
donate and join now!
Welcome Guest.   Make a donation to an author on the site March 29, 2015, 04:26:12 AM  *

Please login or register.
Or did you miss your validation email?

Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
Check out and download the GOE 2007 Freeware Challenge productivity tools.
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 ... 5 6 7 8 9 [10] 11 12 13 14 15 ... 350 Next
226  Main Area and Open Discussion / Living Room / Re: Flash Under Attack, Emergency Patch Issued on: February 09, 2013, 09:08:32 AM
Remember, kids: if you're not paranoid to fully block (or uninstall) plugins, at least activate "click2play" in your browser.

Also, for searchability: Adobe Flash Player Plugin (once again proves to be a steaming pile of manure).
227  Main Area and Open Discussion / General Software Discussion / Re: Avast Installs Chrome on: February 08, 2013, 09:16:30 AM
which make me wonder what incentives Google is offering to software authors that this is now happening.
It makes me wonder whether Google tolerates this behavior - that'd be piss-poor of them, and be a pretty damn clear violation of "do no evil".
228  Other Software / Developer's Corner / Re: Jeff Artwood, from StackOverflow/coding horror, tries to fix forum software on: February 08, 2013, 09:10:22 AM
- Tech stack is better; Rails + ember.js
You can't be serious - RoR better than ASP.Net? Now that's the best laugh I've had today cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy cheesy

- The team really understands communication, having made a big product in the area
They understand how to make a Q&A site work - and work extremely well. That's no guarantee they'll be as successful with forum software, it's quite a different goal.
229  Other Software / Developer's Corner / Re: Discourse - A discussion platform by StackExchange's Jeff Atwood on: February 08, 2013, 09:09:04 AM
I only mention the above because I think Discourse's proposed $19-$99/mo "small business" hosting price is a little on the steep side. Especially considering how I don't see that much else being put on the table that the current incarnation of Discourse has a sufficient enough USP to charge premium prices.
OTOH, that's a one-off price for hosting, whereas the $10 is per individual user on the Well?

Also, given that Discourse is open source, you can choose to host it yourself if you don't mind the hassle, and think you can do it cheaper?
230  Main Area and Open Discussion / Living Room / Re: Payphones - Thoughts? on: February 07, 2013, 07:31:55 AM
Anyone have any thoughts/memories about payphones?
Apart from sometimes finding forgotten change in them, and making prank calls to the police during lunch breaks? Nope.

Oh, and back in the late 70es, some nutjob planted pipe bombs in the phoneboots in Copenhagen - this resulted in the doors being removed from the phone boxes (this is the fun part of the story - the doors weren't numbered, and for whatever reasons there were differences from booth to booth, so eventually all the phoneboots had to be replaced cheesy).

Dunno if there's any English resources (lazyquick googling didn't turn up anything), but there's a Danish wikipedia article: Bombemanden fra Gladsaxe.

PS: does the "wiki" bb-tag support linking to different languages?
231  Other Software / Developer's Corner / Re: Discourse - A discussion platform by StackExchange's Jeff Atwood on: February 07, 2013, 07:23:05 AM
Looked at it yesterday and chitchatted a bit with mouser on IRC about it - but haven't looked at it enough to have any super well-formed opinion. Some ideas seem nifty, others perhaps less so. Not sure what to think of it being pageless - the idea that your "reading progress" is saved is nifty, but for really long threads you're going to have a veeeery tiny drag-selector on the scrollbar. OTOH, it's nice not having to do a page refresh (and losing contents of your edit box...) to read more - but that could be accomplished with AJAX in a paged environment as well.

Guess I'll have to play with it a bit more, and see what happens as it gets more polish. My initial impression is that it could work well for some sites, but I don't think it'd suit DoCo.

I also can't help but wonder how well it will scale because it's written using ROR.
I was pretty puzzled when I saw it was built on ROR, considering how well ASP.Net has worked for the StackExchange platform. But I guess it's a combination of only parts of the ASP.Net stack being open, and (perhaps more important) not being able to run ASP.Net gratis (you really do need to run it on Windows, MONO is not quite there yet).

Fans of Ruby often argue it's not Ruby itself that's the problem (as in sloooooow) - but the way people (who don't understand it well enough) code it.

Ruby itself is damn slow and doesn't support multithreading (there's projects like JRuby, but meh), and while Ruby is a sorta-kinda-OK language it's not really that special in and by itself... if it wasn't for Rails, it would still be a niche language most people hadn't heard about. And Rails is a big effin' rats nest of vulnerabilities - stay clear!

Ruby follows the old crappy UNIX notion of "let's spawn a process per request! Processes are cheap! cheesy cheesy cheesy", so to get any kind of decent speed, you need a load balancer that dishes work off the one of several spawned Ruby processes (which need to be restarted every now and then because of memory leaks). There are hacks to reduce the impact of this, but... meh.

I really don't get why one chooses to do anything but prototypes in Ruby/Rails, really. You've already moved beyond the "Runs on every cheap-ass host" PHP and into the domain of having to pay at least a bit for the hosting, so why Ruby?

Go Scala - and if you need fast turnaround, go Play around (despite the name, it's ready for production use).
232  Main Area and Open Discussion / Living Room / Re: Legitimate app breaks popular encryption - EFS, BitLocker, TrueCrypt ... on: February 07, 2013, 07:03:10 AM
Oh deer... I left my laptop at the ___. What ever shall we do... Not to worry! It's [cue the super hero background music] Encryptified! Yeah!!!
Well, as long as you either don't use hibernation, or you use full-disk/system-partition encryption (and don't have firewire ports), you're safe. (OK, I'm not 100% sure about pagefile, but the key should be kept in unpagable memory).
233  Main Area and Open Discussion / Living Room / Re: Mp3 File Format Issue Split From Silly Humor Thread on: February 07, 2013, 06:57:34 AM
Fresh clean unmodified copy, with both .wav and .mp3 file extensions, loaded into the latest version of Trout.
That's pretty weird! But you can clearly see that it hasn't been able to parse the file as MP3, since bitrate, samplerate and channels are wrong. Perhaps it just directly feeds the file to a 3rd-party library, which then correctly parses the data as WAVE nonetheless?

Your FFmpeg screenshot mentions the file being created with GoldWave, which is not the sndrec.exe which shipped with Win95 that Tinman says he created the file in. I am guessing it was an older version of this app that he used.
Indeed - shouldn't really make much of a difference, though, any WAVE editor that supports the codecs available on the system would produce more or less the same output.

  Gee, I didn't mean to start such an ordeal over one lousy wav file.  Anyhow, I'm uploading the original (I do believe) codec that I installed.  This is a self-installing zip file, but you need to rename it back to .exe. (see attachment in previous post)
smiley - well, unless somebody has played tricks on you, that codec isn't the codec used to compress the Define.wav. That file is clearly TrueSpeech and not mp3-encoded... just tested on a clean XP VM, installing the l3codec above still doesn't enable me to open the file.

It also seems that the codec is decode-only (unless Audacity isn't able to use system codecs) - which is fine and well, since the compression-enabled codec iirc was commercial smiley

Meh, file formats and compression are just some of those fun things!  Kiss
Indeed - this was a fun bit of detective work smiley
234  Main Area and Open Discussion / Living Room / Re: Legitimate app breaks popular encryption - EFS, BitLocker, TrueCrypt ... on: February 07, 2013, 06:56:27 AM
Yup. Nothing new here. Although I'm guessing some wannabe hackboys just might end up with their wallets or Paypal accounts being  $300 lighter if they don't do their homework before reaching for their plastic.
To be fair, the product is probably more targeted at government agencies - those tend to like high pricetags and support and all that kinda stuff smiley
235  Main Area and Open Discussion / Living Room / Re: Legitimate app breaks popular encryption - EFS, BitLocker, TrueCrypt ... on: February 07, 2013, 06:36:06 AM
Yeah, nothing to see here, really.

This has been doable for quite a while, and even outside Sekrit Forensikz, there's freely available tools to do it. The Elcomsoft program just makes it a bit more convenient (even the Firewire-DMA attack that can be used on a computer that has been locked isn't new).

Also note that this doesn't recover your passphrase - it recovers the raw encryption key. That is obviously enough to get at your data, but in no way leads to disclosure of the passphrase itself smiley
236  Main Area and Open Discussion / Living Room / Re: Gummiboot restructured to allow Linux to work on SecureBoot systems on: February 07, 2013, 06:32:02 AM
So I guess my question really is, can the chip the UEFI software resides on be flashed, so as to POSSIBLY bypass a UEFI that does not allow turning SecureBoot off, or as a bonus, utilize the benefits of UEFI while not needing Microsoft-signed keys to get around SecureBoot?
Dunno if the UEFI standard says anything about where the code resides etc., but it'd be weird if it wasn't in flash-rom; after all, it "might need upgrading". The systems I've seen have had normal flash-rom.

Of course flashing could be locked down to require updates to be cryptographically signed, but we're not there yet. However, it's probably almost defacto impossible to flash something else due to the level of complexity of modern systems, and the vendors not being keen on releasing full chipset specs. (I havent' followed tianocore or coreboot/linuxbios, but was under the impression hardware support is relatively thin?).

Oh, btw, there are some systems where parts of firmware aren't stored in flash-rom but a harddisk partitions or the like. Mostly non-x86 systems I guess, haven't really come upon them myself. But iirc there's also been a few x86 vendors doing this in the dark & dirty past - perhaps Olivetti or COMPAQ? Dead harddrive, good luck getting that machine booting again.

Ya think? Or maybe just...
This is, arguably, insane, but so is the entirety of EFI so that's ok then.

Big grin smiley - if I understood that part correctly, though, it was a rant on the Linux kernel (using BIOS-specific E820 memory map as runtime rather than boottime data structure)?

Don't know enough about UEFI to comment on whether it's "insane", but it is big-corporation committee work, so... *rolleyes*. Idea of replacing BIOS with something more modern was good, though.
237  Main Area and Open Discussion / Living Room / Re: Futurama Icon Set: I think we can all agree that this is the best thing ever. on: February 06, 2013, 12:53:09 PM
Good news, everyone! Futurama icons that look like disembodied figuring heads!


238  Main Area and Open Discussion / General Software Discussion / Re: Looking for Free Linux DNS server on: February 06, 2013, 08:30:48 AM
Does having "enterprise" in the name make it any better, though?
It does when it's a 'free' rebuild of  RHEL. Grin

And commercial support for CentOS has been available for some time.
I knew about that - my point was more along the lines of if you're not getting the full support package directly from the vendor, how much value do you get from CentOS vs. "something else"? Most people I've heard running RHEL isn't so much because of RHEL itself, but for
1) the direct vendor support
2) direct vendor support for 3rd party licensed products (whOracle).

Of course if you really had a big pair, you could also do a complete custom solution based on Arch. That would muy Macho and good for serious bragging rights come next Friday over pizza with the geeks!
...and a "thanks for your time, you can go find a new job now" notice if you did it in an enterprise smiley

(Arch's a decent enough distro, I've ran it myself - but it's an "I like to fiddle" distro where things sometimes break. And if you really want the machismo, you'd be running Gentoo anyway... or LFS Wink).
239  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: February 06, 2013, 08:25:56 AM
I coaxed mouser into moving the "the word f***" wave/mp3 discussion to a new thread - thanks for the janitorial work, mousey! smiley
240  Main Area and Open Discussion / General Software Discussion / Re: Looking for Free Linux DNS server on: February 06, 2013, 07:47:34 AM
I'd be more inclined to stick with CentOS or something similar. Not exactly lightweight. But it was designed for things you want to do. All the security and stability issues were taken into consideration when they built it. It is a server distro. And it is intended for enterprise.
Does having "enterprise" in the name make it any better, though? Considering that it's community-driven and doesn't have commercial support?

Asking because I simply don't know, if I had any experience with CentOS I'd probably have added that to recommendations as well... but Debian is old, tried, tested, secure+stable and should be pretty fit for servers as well, IMHO smiley
241  Main Area and Open Discussion / Living Room / Re: Mp3 File Format Issue Split From Silly Humor Thread on: February 06, 2013, 07:11:25 AM
Thanks for your testing, app!

Since it doesn't work when you nuke the WAVE header, my guess is your version parses as .wav, regardless of the file extension. If you load the pristine copy into trout with .wav and .mp3 extensions, does it show the same information for both? It's weird that our versions (seem to!) handle things differently, as I couldn't find anything in the changelog that suggests file parsing has been changed between our respective versions.

Anyway, I get the following results:
Certainly seems to me as if trout tries to parse the file as .mp3 based on the file extension, but fails since it isn't mp3?

EDIT: just grabbed a copy of FFmpeg, which has built-in (rather than codec) support for TrueSpeech - it's able to play back the .wav file, and the player indeed also identifies it as TrueSpeech (and doesn't care about .wav vs .mp3 extension, so it's parsing the file contents).
242  Main Area and Open Discussion / General Software Discussion / Re: Looking for Free Linux DNS server on: February 06, 2013, 07:01:37 AM
So the question remains, what would be the best/most ideal light weight flavor of Linux/Unix to try labing this with? I want to be sure I can get it to work before suggesting anything.
Debian? There's probably more light-weight distros around, but Debian is known for being stability nuts... that also does mean you won't get bleeding edge updated versions of software in the repositories, but do you want to run corporate infrastructure on bleeding-edge? smiley

(Also, would you want to run corporate infrastructure on BIND? Hmm.)
243  Main Area and Open Discussion / Living Room / Re: Gummiboot restructured to allow Linux to work on SecureBoot systems on: February 06, 2013, 06:37:58 AM
Ah, thanks for clearing that up.  I had assumed that since UEFI was a replacement for BIOS, it was a similar implementation, and I saw NOTHING in all my random web surfing research that suggested anything else.
BIOS is software as well smiley

I'm honestly a bit fuzzy on BIOS vs. UEFI, but... my understanding is something along the lines of this:
1) you have some really core code that does initial CPU and chipset setup, and you have the menu configuration stuff ("BIOS menu") - neither of this really has to be "BIOS vs. UEFI" (although on an UEFI system the menu config might be an "UEFI shell"? - haven't studied it closely enough!).
2) then there's the boot stuff, and this is where changes are radical. "Legacy BIOS" and UEFI boots are very different in nature (even for UEFI without Secure Boot). Both with regards to how additional boot code is loaded, but also the services the firmware exposes. BIOS exposes old 16bit code with a whole lot of legacy that no modern OSes use. UEFI is proper protected-mode APIs.

Any system that supports "legacy boot" in effect has a full BIOS.

UEFI in and by itself isn't a bad thing, it's good to get rid of some of the legacy junk - and boy do UEFI systems boot fast (not sure if this would be possible with a normal BIOS-only system... I still legacy-boot my Win7, but on an UEFI capable system, and this is very fast as well). UEFI is probably a bit over-engineered and bloated, and Apple have had some quirks that almost smell like intentional harassment.

But while we're on the subject, if UEFI is a software thing, can it be replaced with something less nefarious?  My mention of TianoCore/Coreboot was the only things I could find that was insinuated as any sort of a replacement.
Theoretically, yes - problem is that motherboard vendors only ship a full package with the CPU+chipset initialization, config menu and BIOS/UEFI booting, they don't ship just initialization + config menu. This means that any alternative project needs to implement every from scratch, and goot luck getting your hands on detailed chipset specifications.
244  Main Area and Open Discussion / Living Room / Re: Mp3 File Format Issue Split From Silly Humor Thread on: February 06, 2013, 06:11:19 AM
Well, it works both ways in Trout, for me. I am a little behind on the updates (1.0.4 build 93), if that makes any difference.
Could you try the most recent version? If that still works, could you try using a hex editor (HxD is pretty nice if you don't have on lying around) to overwrite the "WAVE" header string with something else, and see if it still works? Also, is this a freshly re-downloaded version of Define.wav, or have you had it open in any other application after changing extension to .mp3?

Perhaps we can get Skwire to comment on how he parses files... and perhaps we can get mouser to cut all the file-discussion from this thread and put it into a new one :-)
245  Main Area and Open Discussion / Living Room / Re: Futurama Icon Set: I think we can all agree that this is the best thing ever. on: February 05, 2013, 05:23:37 PM
Those are cute, but...

I'm not sure I would call them icons? Sure, they might come in (high-res) icon dimensions, and even in .ico files, but... I dunno, am I being overly pedantic?
246  Main Area and Open Discussion / Living Room / Re: Mp3 File Format Issue Split From Silly Humor Thread on: February 05, 2013, 05:16:15 PM
I had no troubles getting Trout to play it as MP3.  Wink
Doesn't work for me, neither with .wav nor .mp3 extension (trout v1.0.6). With .mp3 extension, it does seem to try to parse it as mp3 rather than wav (given that bitrate, sample, channels and length are all wrong), the specs for the .wav version look sane - but can obviously not be played since I don't have the codec installed.
247  Main Area and Open Discussion / Living Room / Re: Gummiboot restructured to allow Linux to work on SecureBoot systems on: February 05, 2013, 04:43:52 PM
@f0dder -thx for the link. I knew about that one. But AFAIK Microsoft nothing to do with it. And it is a very inelegant hack at best.
It's signed by Microsoft. The $99 mentioned in that reply doesn't go to Microsoft (it's for the code signing certificate, and it's my understanding that cash goes to Verisign, not MS).

I also don't see how the shim is an inelegant hack. I haven't tested it, so I might have misunderstood how it works, but it's my understand that the first time you boot with it, you have to do the somewhat kludgy key enrollment process (which, AFAIU, only enrolls the key with the shim, not the UEFI keystore) - after that, you can autoboot Grub (or whatever you've chosen). That's the standard pre-compiled shim - a linux distribution that's willing to shell out the $99 for a signing cert can build a version that has their own key embedded, and thus avoid the first-time kludge.

What most of us were hoping was that any computer owner could elect to permanently disable UEFI/SecureBoot and still have Windows 8 function the same way it does on a non-UEFI machine. That would allow users who wish to dual-boot (or simply not use WIndows at all) to sidestep this entire issue and continue working as they did before.
Dunno if there's anything in Win8 that (currently!) doesn't work if Secure Boot is disabled - one could expect potential DRM nastyness. But as long as UEFI implementations allow you to do your own key management, and there's alternate solutions like the Shim loader, there's no need to panic.

I really do believe that Secure Boot isn't necessarily a bad idea in and by itself - it does offer an additional level of protection against resilient malware. It might be broken, we'll see about that (given how complex a beast UEFI is, there'll probably be a way), but it's going to be one additional barrier that an attacker has to penetrate.

Heck, I even think it's possible that the engineers that came up with the idea actually did have security in mind.

On the other hand, I am cynical enough to know that there's bound to be a lot of slimey creeps in MS that are waiting for the right opportunity to use it for ultimate vendor lock-in... so I am weary & wary about the whole thing. But I'll still rather keep my eyes open and discuss things rationally and wait a bit before I cry wolf.
248  Main Area and Open Discussion / Living Room / Re: Gummiboot restructured to allow Linux to work on SecureBoot systems on: February 05, 2013, 03:00:18 PM
Or blame the linux kernel driver developer?
Nope. Cardinal rule of the kernal team is: you do not ever break userland. The changes that resulted in the bricking were not made by them. I put the responsibility squarely on the manufacturer's shoulders.
Well, I haven't dug into the issue, but the H-Online article says "[...]it appears to be caused by a kernel driver for Samsung laptops." - I take it that "kernel" means "Linux kernel", otherwise it should've been "firmware driver" or "UEFI driver". Also, firmware isn't exactly userland tongue

So it could be Samsung that implemented something screwy, or it could be the kernel drivers that misundestood the UEFI specs (or simply had bugs in their code), or it could be a combination of the two. Stuff like that reaaaaaally shouldn't happen, but when you're writing ring0 code, bugs can have pretty fatal consequences.

Microsoft already signed the Shim that will allow you to boot anything

News to me. Hadn't seen that they had. If so, I'm a much happier camper. Could you post a link? smiley
Sure, here you go smiley

Also, while I haven't looked at Secure Boot enabled laptops, my impression is that the motherboards you can get for building your own boxen tend not only to allow you to disable Secure Boot, but allow full key management. It's understandable that Linux distros don't want to depend on this, since it signigicantly raises the difficulty of installing, and it might not be available everywhere - hence the signing pact with the devil.

But by the same token, Microsoft has a long and documented track record of breaking agreements and engaging in exceedingly aggressive and willfully deceptive business practices. Whenever they think they can get away with something, more often than not, they'll try to do so.

Is knowing that about them being paranoid, cynical - or simply realistic? Wink
A mix of all three, I'd say - hence why I think we should be on the watch, and remain skeptic. But it helps noone to spread FUD, which some people are doing (not pointing fingers here at DoCo, but there's craploads of incorrect (dis)information out there on the interwebs).
249  Main Area and Open Discussion / Living Room / Re: Would a 41 megapixel camera get you to buy a Windows 8 phone? on: February 05, 2013, 02:39:34 PM
Note: in this case, they did use a much larger sensor - disadvantage there being that the phone is a lot thicker because the lens has to be further from a larger sensor.
Those results aren't really comparable, then smiley

The main advantage of more MP's with final image @5mp is the zoom capability.
Ho humm - digital zooming. I've honestly never really seen good results from that - and if one of the marketing pitches is "we use the insane mpix to resize down to acceptable quality and doing noise filtering stuff", doesn't that imply your image will get noisier and noisier the more you zoom?

Also, is there anybody clever around who knows if there's some big differences between zooming digitally, and the physical-world stuff that happens when you do it through optics?
250  Main Area and Open Discussion / General Software Discussion / Re: How much have I downloaded? on: February 05, 2013, 10:52:39 AM
My Netgear CG3000 gateway doesn't tell how much is coming or going.
Hm, you have no way to logon to the router? (Wouldn't be surprised if TDC or one of their subcompanies locked down the router... they definitely do it for business lines, and tend to insist on DKK800 to make adjustments Cool ).

But oh, yeah, YouSee is cable and not ADSL - forgot that. I guess they might count TV and Data separately, then.
Pages: Prev 1 ... 5 6 7 8 9 [10] 11 12 13 14 15 ... 350 Next | About Us Forum | Powered by SMF
[ Page time: 0.059s | Server load: 0.03 ]

submit to reddit