Welcome Guest.   Make a donation to an author on the site December 21, 2014, 05:25:34 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2011! Download 30+ custom programs!
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 ... 6 7 8 9 10 [11] 12 13 14 15 16 ... 350 Next
251  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: February 02, 2013, 05:41:35 AM
So I wrote Agnitum, because:

Quote from: ZDNet
So what can you do in the meantime? Just keep that firewall up once and for all against UPnP traffic.

We've survived UPnP until now, maybe all this is not extremely urgent...
I hope for an answer no later than Monday.
1) the threat isn't attacks against your computer, it's attacks against various other devices.
2) (totally unrelated to this story, but good general security practice) don't forward UPnP traffic from your router to your LAN.
252  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: February 02, 2013, 05:37:01 AM
By "it seems to work just fine", I meant that it is accepting incoming connections. As I generally host anything I download for a day or so...and there is usually quite a bit of activity considering I cap the upstream at 10Mb (my fiber connection is 40Mb symetrical).
How can it possibly do that if you're NAT'ed, have disabled UPnP and haven't manually set up a port forward?

Now, if your torrent client has made and outbound connection to a peer in order to grab data from it, and that peer only had partial data (ie., is still downloading) and the TCP connection is kept, sure - it'll still be downloading from you. But how would you get an inbound TCP connection if you had no port forward?

Also: fiber? bastard! smiley
253  Main Area and Open Discussion / Living Room / Re: Mp3 File Format Issue Split From Silly Humor Thread on: February 02, 2013, 05:30:18 AM
I forgot, I have all of my .wav files l3enc encoded.  It keeps them in the wav format, but they're crunched down using MPEG Layer-3.  That's why it's so small.  With XP, you can open it in the default Windows .snd player (sndrec32.exe) and select "Properties", then "Convert Now".  Click the "Save As", give it a name, then "OK" and "OK" again and it will restore it back to a normal huge .wav.  Sorry bout dat.   embarassed
Out of curiosity: why keep them in .wav instead of native .mp3? You lose ID3 tag support, and need specific codecs in order to play those .wavs, and not all software that can handle .wac supports chunks that aren't raw pcm audio.
254  Main Area and Open Discussion / General Software Discussion / Re: 2013 Version: Browser Wars on: February 02, 2013, 05:23:41 AM
monitoring, memory leaks, insecurities ?
Nice one cheesy
255  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: February 01, 2013, 03:25:54 AM
Just because neither one of us can think of a way to do it doesn't mean it can't be done. Not to mention that most people have many more exploitable (Java/Flash/Adobe Reader) options. Anything that affords the ability to just drive by, pop open a port, and setup shop is a definite risk.
True that there's likely things that can be done even if we can't think of a way to do it - I'm not arrogant enough to think otherwise :-). But I'm still of the opinion that if something is already running on the inside of my LAN, being able to open an incoming port is the least of my worries, and pretty much inconsequential, the damage is already done. And since I'm not paranoid enough to deal with the hassle of outgoing port filtering on the router side, well...

Here's a thought. If it really is too much of a PITA to log into a router to open a port...then it's safe to assume that you'll not login to close one either ... So how many port do you really have open, and what are they exposing access to?
I'm running NAT'ed, no "forward all traffic to this host" - for a few well-defined services (http, ssh, minecraft) I have static forwards in the router; that's not too bad a hassle, as it's long-running set-up-once services.

But for short-lived stuff, or things like a torrent client that (for security reasons) randomized it's port on each startup? Nah, can't be bothered. I could live with it if I felt there were any hard security concerns in having UPnP on my home network, but I really don't think so.

Oh, and I'm pretty sure p3lb0x appreciates it as well where he's living - for whatever nazi reasons, our mum doesn't want to give him the router password, so no chance of him adding incoming rules himself :-)

I'm not a gamer so I can't really speak to that but I've never forwarded any ports to my torrent client yet it seems to work just fine.
Well, as long as you're only interested in leeching, and are dealing with well-seeded torrents, sure. But if you want to give a bit back, or are dealing with something where you need the protocol's "tit-for-tat" to kick in effect, you really do want to be able to accept incoming connections, not just initiate outgoing.

Keep in mind I'm only talking small home networks here - I definitely wouldn't want UPnP on a business network or something connecting a public wifi hotspot.
256  Main Area and Open Discussion / Living Room / Re: Gadget WEEKENDS on: February 01, 2013, 03:17:26 AM
But for kitchen messes, not having to use your hands is a great benefit.
How do you open it then? I assume there's some sensor you need to trigger?

My kitchen trash can is old-fashioned... hands-free foot-pedal smiley
257  Main Area and Open Discussion / General Software Discussion / Re: MS Office Subscriptions Now on: January 31, 2013, 03:12:02 PM
SaaS? Kill it with fire. Then roast the inventors over a slow fire. Then torch the term out of existence.
258  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: January 31, 2013, 03:04:48 PM
Don't look into the eyes of another man…
Cool
259  Main Area and Open Discussion / General Software Discussion / Re: DVCS ? (All about Git, Mercurial-Hg and the like...) on: January 31, 2013, 11:07:28 AM
Aaaaand there's a sweet little Channel9 video on the topic, ~7min.
260  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: January 31, 2013, 10:59:07 AM
I know Wraith and Tinman will get this joke, but not so sure about many others... If you do get it, it's one of the best! cheesy
I tend to yell that whenever I cross the street! \m/
261  Main Area and Open Discussion / General Software Discussion / Re: DVCS ? (All about Git, Mercurial-Hg and the like...) on: January 31, 2013, 01:47:02 AM
I was glad to see there is something like libgit2 that can be used for stuff like this, because quite frankly the half-baked msys smells-like-posix-spirit on top of Windows bash scripts all over the place official git is an abomination on Windows.
Yeah, nice to see that indeed!

It's IMHO insane to start a project like Git, pretty much knowing what scope you want, and then do it as a mess of C and shell scripts. I could almost understand it if this had been 10+ years ago, written by somebody with no prior DVCS experience (and not much experience in general)... but Linus? Ugh. If you start a project like that, you build it as a proper library + commandline client (client of the library!) from day 1.
262  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: January 31, 2013, 01:30:59 AM
I read in the past that it's better to leave it off, and if you need to set up a device just start it manually through Services, let Windows configure, then turn it back off.
That only takes care of the Windows end, though - my impression was that this DHS warning was more about all the embedded devices it's present in.
263  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: January 31, 2013, 01:28:46 AM
Universal Plug and Pray...since I am not into prayer, I have been disabling it in everything, since the WinME days. Since I can get along quite well without it, I have never had a need to turn it back on for anything, not even for a little while.
Was it introduced already back then? I had the impression it was much later, closer to XP?

(Doesn't help that it's a retarded name, given there was already PnP which has pretty much nothing to do with UPnP).
264  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: January 31, 2013, 01:22:19 AM
An educational broadcast about the "F" word.....
Is that what I think it is? (I'm in a train right now, so can't listen to it) - if it is, one word: MARVELLOUS! Thmbsup
265  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: January 30, 2013, 03:44:51 PM
It's still a pointlessly dangerous protocol IMO. Because anything that shows up on/from a web page is already on the LAN, and this "service" is just begging to be exploited. How many people really need to open a port that often?? Damn few I'd suspect.
Show me how to do nefarious things with UPnP via JavaScript, and I'll reconsider smiley (not saying it can't be done, you can - after all - do AJAX requests from JS... just haven't seen/heard about it).

Need to open a port? Whenever I start my torrent client, actually (randomized port range). Often when installing a game or some application. The crappy web-based GUI of my router is bad enough that I take the lazy way... and for "normal" people, who don't set MAC-based IPs and are tech illiterates, it's a wonderful protocol - even if has security implications smiley
266  Main Area and Open Discussion / General Software Discussion / Re: DVCS ? (All about Git, Mercurial-Hg and the like...) on: January 30, 2013, 03:06:45 PM
Who is His Screwyouness?
Linus Torvalds - he tends to flip people off and call them nasty names and such - and now Evil Inc. is taking his baby and putting it into one of their big, nasty producst? Uh oh! smiley
267  Main Area and Open Discussion / General Software Discussion / Re: DVCS ? (All about Git, Mercurial-Hg and the like...) on: January 30, 2013, 02:22:40 PM
Interesting to see MS adopt Git as an official first-rate citizen.

And it's going to be interesting to see what "His Screwyouness" has to say about this ;p
268  Main Area and Open Discussion / Living Room / Re: Open Letter to Skype on: January 30, 2013, 12:09:38 PM
But who in their right minds would do their terrorist bomb planning, drug deal scheduling, kidnapping details or secret evil megacorp plans on something not opensource?

Of course, there aren't a lot of people who are in their right minds. I remember there was a guy in Florida who walked into a police station - to report that somebody stole his cocaine... For somebody like that, maybe Skype is a step up in security. Wink
We've had that in .dk as well, so it's not just an urban legend smiley
269  Main Area and Open Discussion / Living Room / Re: Homeland Security: Disable UPnP on: January 30, 2013, 10:49:05 AM
Right, that article doesn't really give much info on what the problem is. I suspect you people's general remarks are focused on UPnP in general, especially in the context of corporate world - but for a lil' ol' home network, it makes life a lot easier... and if you're at the point where somebody could poke an incoming rule into your router via UPnP, well, they're already in your LAN and you're shit outta luck.

Now, the article specifically mentions libupnp, so I guess we're not talking the generic "zomg upnp is bad!" mindset here, but an actual exploitable bug. I wonder if this is something to worry about - if it's not reachable from the internet side of things, it's a fart in a cup of water imho.

Anyway, time to inspect the horse's mouth.

EDIT: done - yep, it's specific vulnerabilities. Rapid7 even has a scanner for it. My router isn't "detected" from it's WAN IP, and on my LAN only the router shows up (as detected, not vulnerable). So I'm keeping UPnP on smiley
270  Main Area and Open Discussion / Living Room / Re: Open Letter to Skype on: January 30, 2013, 10:30:07 AM
From a comment on the Schneier blog:
People rely on Skype for secure communications? Who are these people? They're using a communications tool freely given to them by a giant multinational corporate with close ties to the US government and known to implement a buggy proprietary security protocol and expecting to get secure and private communications? What world are these people living in?
That.

Discussing lolcats pictures, minecraft adventures, calling your parents, sexchatting midgets, whatever - that's all fine on Skype and similar services. But who in their right minds would do their terrorist bomb planning, drug deal scheduling, kidnapping details or secret evil megacorp plans on something not opensource?

No, I don't like the (pretty much official) .gov backdoors, but I had no illusions of Skype being secure before the Microsoft buyout, and anybody who did were naïve.
271  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: January 30, 2013, 10:09:20 AM
Just zip it up.
^--- NSFW.
272  Main Area and Open Discussion / Living Room / Re: I did not realize how bad Google has become on: January 30, 2013, 10:04:50 AM
I haven't used any Google products since they became public back in 2004, when their bread and butter was spying and selling your information to marketers and the government....
What do you use instead, then? And do you delude yourself that <whoever> aren't doing even more nefarious things?
273  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: January 29, 2013, 03:49:03 PM
Emoticons........'ASSICONS?'
It's been a while since I've seen asscii fart!

(OK, that was lame Sad).
274  Main Area and Open Discussion / General Software Discussion / Re: sublime text: some innovative text editor! on: January 29, 2013, 09:57:31 AM
Firstly, goto anything, or more specifically, the way it uses lazy matching to let you go to anything -- it is literally like having the power of FARR inside your editor. You can switch between projects, between files in a project, and jump around symbols in a file using lazy match lookup.

Secondly, multiple selections, which is a bit like search and replace on steroids. You can do most of what it does with regexp search and replace, but having the visual feedback from live editing is so nice, plus you don't have to go to a separate dialog and start thinking about regexp.
Those were big features for me as well.

A few more:
- the plugin system being Python, with a healthy community around.
- a nice dark color scheme out of the box.
- search/replace that doesn't get in your way, and shows what will be affected while you type in your regexps.
- a very smooth and polished feel - not just being pretty fast (which it is), but well-done minimalistic (sublime, really tongue) animation and small touches like that... for instance, the cursor not just being on/off blinking, but doing a bit of fading.

Regarding pricing, to me he is passing the point of reasonable for something that is "just an editor", no matter how efficient it may be. But if you read the forums, it feels like there is a bunch of devs standing in line to throw money at him, so it will probably work.
It's a shame, really. If he had instead lowered the pricepoint to, say, $50, I probably wouldn't have minded a paid upgrade per year. But $70 combined with his release/version handling? Hmmmmmmmmmm.

I'd actually rather have yearly upgrades (at a reasonable price) rather than arbitrary major-version bumping.
275  Main Area and Open Discussion / General Software Discussion / Re: 2013 Version: Browser Wars on: January 29, 2013, 07:09:09 AM
I've been through so many browsers that I couldn't list them even if I tried to.

These days, it's FireFox as main browser on my workstation - it's fast, it has addons, and it's Panorama/TabGroups + LazyLoad is invaluable for the way I use a browser. And even if I didn't surf shady areas of the web (which I almost don't do), I still wouldn't surf without the "panzering". I don't like to be tracked, EOD, and even legitimate sites can have their banner-server hacked to serve malware. I use Chrome as my secondary browser when I need Flash content, and for Java content (which is limited to the retarded Danish NemID) I fire up a linux virtual machine.

On my work laptop, I tend to use Chrome more - it simply has better tools for webdev than firefox, IMHO. I keep the "persistant" stuff (JIRA, Confluence, various other work-related webapps) in FireFox, some other browsing/reference stuff as well, but the flurry of "in progress" stuff tends to happen in Chrome. I used to have gmail (yup, we use that corporate-wide) open in FF, but have moved it to Chrome - having it open for extended periods of time causes a lot of stutter in the fox.

Other than that, I open IE (including old versions in virtual machines, *sigh*) for compatibility testing, or when I need to log on to Citrix (again, *sigh*) - and can't really be bothered to use other browsers. There's no reason to do so for me, and compatibility-wise IE+FF+Chrome already covers the three most widely used rendering engines.
Pages: Prev 1 ... 6 7 8 9 10 [11] 12 13 14 15 16 ... 350 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.044s | Server load: 0.09 ]