topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • February 24, 2020, 11:08 PM
  • Proudly celebrating 14 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - db90h [ switch to compact view ]

Pages: [1]
1
Living Room / Use a unique password for this site
« on: March 06, 2015, 10:58 PM »
If you logout or open an ingognito tab, you may notice the login prompt in the upper left.

What you don't see is any SSL encryption.

EDIT: Since SMF hashes on the client side using javascript, you're fine, though of course all your information is still sent to the server plaintext.

2
Congratulations on meeting (or nearly meeting) your fund raising goal!

I must admit that I am surprised by the generosity shown to DonationCoder. My experiences in the F/OSS world have shown me that a simple 'Donate' button doesn't do it. To get donations you must be truly engaged with those people in a pretty intimate way. I would be curious to know the frequency of 'large' donations, vs a bunch of small donations, but I know that's private info ;). It just amazes me.  It's contradictory to this mucked up capitalist world, and I have to give you credit for pulling it off and not compromising on your principles. Of course, I haven't compromised on my principles either, but I have had to charge a modest fee for extended capabilities of my software rather than solicit donations. I am not sure I would survive if I tried your approach - too few people like me on a 'personal' level ;p. The few who do like me I tend to drive away at some point or another.

Anyway, congratulations ... That's not a small number, at least not to me. It's an amazing number.

3
General Software Discussion / SMF v1.0 - END OF LIFE ANNOUNCEMENT
« on: April 03, 2012, 06:18 AM »
News, today.

SMF v1.0 is finally being EOL'd. That means no more security patches. See: http://www.simplemac...topic=472913.new#new

SMF v1.1 is ok.
SMF v2 is of course ok.

There have been multiple critical exploits in SMF over the years, so anyone using SMF v1.0 needs to work on upgrading immediately. Also, be sure to keep an eye out for SMF exploits. 0-day or unpatched exploits on forum and CMS software is perhaps the #1 way sites get breached (well, one of the top mechanisms anyway).

4
OpenDNS has been working on a new encrypted DNS service for the past 6 months or so. They've kept fairly quiet about it, though it has been mentioned on Slashdot and elsewhere. At first there were only OS X, BSD, and Linux clients available. However, a Windows client is now available for download at their GitHub repository. I am not sure if it is considered 'final' or not. I just noticed it was there, tried it out - and it works ;).

Why encrypt my DNS queries?

Even if you use HTTPS on every site you visit, your DNS queries are painfully obvious to anyone. Whether it is your ISP, or a local sniffer, if you want privacy, your DNS queries are a glaring hole in it. In some cases, encrypted DNS queries may get you around site blockers/firewalls too (though not all cases).

More at http://thepileof.blo...ith-windows-via.html  ...

5
What third-party components and code are used in Screenshot Captor and other utilities here? I know SSC has several, for image manipulation and such. Are these properly licensed? Many allow licensing for 'freeware', but is donationware freeware? I would hope everything is licensed ;o. Ah, I'm sure they are! After all, this is a business - not a traditionally run business, but it is a business since it has incoming revenue. Just looking out for DC, making sure everything is run as a business MUST be run by law (whether we like it or not).

DonationCoder supposedly has hosting costs of $450+ a month, which is ABSURD .. you can set up a cheaper dedicated server in no time at 1/4 the cost. Why pay so much? I estimate DC revenues to EXCEED $60k a year (at least) , with the fund raising and donations, which is NOT BAD AT ALL. Quite good actually, very good. Nice job mouser!

I would, however, request that since this site is 'open' and relies on 'donations', that we see the books and make sure these donations are not being misappropriated, and just how many donations there are. Then, when you beg for donations, we'll all know how bad you need, or don't need them.

Heck, at that level of success, maybe I'll open my own donation based site ;). Nice work. Great scheme, though I hate schemes ;p. I prefer the old fashioned way of doing business. You know, you pay for a good or service a reasonable price, and everyone is happy. Yea, I think I'll stick with my own traditional business. Still, it is amazing this site generates that kind of revenue.

Just looking out for DC, as I don't think the owner gets that it is a business sometimes. You are also liable for taxes, which I hope you know!!! Else you'll find out and be in real bad shape.

As many know, I've given all the advice and help I can to the site, so I hope this doesn't sound accusatory or anything, just making sure all bases are covered. Finally got him signing his apps, instead of complaining about warnings. I probably saved him and the site from numerous false positives right there (seriously).

Best of luck to Donation Coder's continued thriving business!

6
General Software Discussion / SnagIt 11
« on: March 07, 2012, 01:57 AM »
I see SnagIt has updated again, supporting videocasting now. http://feeds.betanew...r/bn/~3/JX3AHLhM6wk/

7
Source: http://thepileof.blo...-status-vfolder.html  (one of my misc blogs)



I describe this all on my blog. Basically, the default Apache configuration includes mod_status (a 'base' module, meaning statically linked by default), and many server admins don't bother securing it. This means all client IPs, and their server requests, are being revealed in real time to anyone who wants it.

The concerns are for cases where:

1. There is sensitive info on the query string
2. Security through obfuscation - uniquely named files and folders
3. Privacy concerns since these stats can be polled/refreshed and a pretty good database of activity from the server can be formed.

Apache sets a bad example, with both Apache.org and PHP.NET both being wide open. hXXp://php(dot)net/server-status or hXXp://apache(dot)org/server-status . Wired is even open, at least some of its servers. It depends on which one you hit since they are load balanced. It seems about half of them are 'open', the other half properly secured.

8
One thing --- you have thoroughly corrupted my memory ;p. In Windows, by default, Alt+PrtScr captures the current window. In Screenshot Captor, Alt+PrtScr captures the entire work-space (at least by default). Therefore, when I'm speaking to someone, I have to double check myself, as I am now used to Alt+PrtScr capturing the whole workspace.

Of course, making such a change now might upset existing users. That said, they might be supportive of it, new users would like it better, it would jive with traditional Windows tips and tricks, and existing users would adapt with a little time.

9
RegMerge

This utility is in early alpha, so use with extreme caution. Do not use unless you have backed up your registry hives, and understand any and all risks are yours. This is an advanced utility, and as such, you can screw up your system if you don't know what you are doing. Please see full EULA when you run the program. There is no installer or shell integration set up, yet. 32-bit and 64-bit builds are separate at this time, though I will unify them into one distribution that runs the appropriate EXE.

RegMerge is a simply FREEWARE utility I developed a month or two ago, and have some updates pending for. I'll issue them as soon as I can. Mouser encouraged me to post about this program on this site. I do accept donationcoder credits here, as a supporter of this site.

DonationCoder support pledge: I have pledged to start issuing more freeware on this site when mouser gets the framework finished to facilitate the type of multi-author stuff I need, which isn't much now that I think about it -- but he has plans.

http://bitsum.com/regmerge.php

Here's what it does:

  • Import REG files Safely - Instead of wondering what a REG file will change, or if it is even different than your current registry, you can now see what it will change and selectively apply portions of it, or all of it.
  • Compare/Diff -You can export REG files (via RegEdit right-click), then compare your registry to that of another system, or an earlier state of your own system. By doing so you can determine likely causes of problems.
  • Load up multiple REG files - Load up all the REG files you want at once

The original goal was to simply not have people blindly importing .REG files found on the net in attempts to fix problems -- as you may cause more than you fix. However, it also has other uses, such as comparing your registry with that of another PC, or your own PC in an earlier state, to help diagnose problems.

REGMERGE IS INTENDED ONLY FOR ADVANCED USERS

regmerge.png

10
I have been a member of a malware working group at the IEEE of which almost ALL security vendors participate. I've therefore been in a position to create and propose this new Forum: http://falsepositivereport.com . This is only hours old, but one security vendor has agreed to take part. As the others wake, we'll see who will voluntarily take part in it. As long as Software Vendors take part, security vendors will eventually be forced to take part in order to respond.

OFFICIAL SITE:  http://falsepositivereport.com

I would like to congratulate Microsoft as the one company who takes the conservative approach, making their false positive rate the lowest in the industry. Kudos to them. All security companies should act that way! Causing collateral damage to innocent businesses/families is simply unacceptable. It will sometimes accidentally occur, but clearly not enough is being done to prevent this problem, as it has only gotten worse.

---------------------------------

Accountability. Transparency. Communication. Prevention.
Helping to prevent false positives and mis-rating of web sites, instead of merely retroactively addressing them

This is a new effort to help slow (and expose) the plague of false positives and mis-rated web sites that are destroying hundreds or thousands of small businesses every year. Some security companies do better than others, but never before has there been a place where false positives and mis-rated sites can be publicly reported. The security companies can then respond, fix the issue, then determine why it happened and work with the vendor to avoid it in the future. After all, once a false positive happens, the damage is already done. Some security companies will not even respond to reports of false positives and mis-rated sites, much less work to avoid them in the future. Other companies DO act much more responsibly.

This is NOT about crucifying security companies. They do have a terribly hard job. Still, many of them can and should do better. This site is about showing which companies are doing the best to avoid collateral damage. It is also intended to facilitate the mitigation of collateral damage when it occurs, and, through communication, help prevent collateral damage (FPs) from recurring. For instance, why did the FP or misrating occur? What can be done to avoid it in the future?

Ironically, malware authors are hardly affected by these aggressive tactics. After all, if these tactics really worked, why would there be so many malware infestations?

Also remember, public transparency and accountability will let consumers know which security companies care about the collateral damage they inflict. Is this not important in your purchasing decision? If not, it should be ;). By choosing carefully with whom you spend your money, YOU can force companies to start behaving ethically.

As always, the power is in the hands of the consumer. Choose carefully who you spend your money with and you can force these corporations to act ethically and responsibly.

At this site you can:

1. Report false positives and mis-rated sites in REAL TIME to a CENTRAL LOCATION. At this central location, companies will know where to find false positives and mis-rated sites, if they care to look.
2. You can then see which companies care to fix these issues, and how fast. You can also see which companies are interested in AVOIDING them in the future.
3. Communicate with security companies to fix these issues, and help avoid these problems from recurring.
4. Provide historical stories about damage inflicted to your innocent business and/or family.
5. Communicate with other software vendors with similar concerns and troubles.

http://falsepositivereport.com

11
I'm surprised this one has never caught on. I imagine it's only due to a lack of people taking the time to let others know of it. So here it is..

This utility integrates a command prompt window within explorer that stays synchronized with the folder you're viewing in explorer. It includes macro support which is a wonderful extension to the command prompt.

It works through some API hooks combined with normal shell extension interfaces. For the most part, it works well. This project could use a new maintainer though. It doesn't work under x64 at the moment, it needs some modifications in the API hooking code.



Download and source code: http://www.codeproject.com/csharp/CommandBar.asp

12
Hehehe...

http://www.shoutwire.com/comments/16341/Bush_Hid_The_Facts

<excerpt>

This isn't really an editorial, but it's cool nonetheless. I'm sure it'll start some interesting discussion.

For those of you using Windows, do the following:

1.) Open an empty notepad file
2.) Type "Bush hid the facts" (without the quotes)
3.) Save it as whatever you want.
4.) Close it, and re-open it.

Is it a cover up? Is it a government conspiracy? Or is it just a really weird bug?

</end>

Yes, this actually works.

.... Stop reading here... Try it out... Be sure not to add a new line (though maybe it works with a new line too).

You conspiracy theorists might be going crazy now, but it seems to be nothing more than a weird bug. It's probably something to do with notepad trying to auto-detect UTF8 or UTF16 (unicode) files, if I had to guess.

Any string in a specific format causes this behavior.

.........

A lesson to not read the shoutwire comments:

Those idiots on shoutwire have some screwy opinions. Some believe its a conspiracy.

One guy called it an easter egg, and was so sure of himself. "Guys, this is what you call an easter egg". No, this is what you call a bug in the auto-detection of the encoding.

One guy who guessed right (the only guy?) wanted encoding information stored in a text file. Nice idea, but it'd break compatibility with a file format (if you want to call it that, since it really has no header) that's been around longer than he has.

The MAC people take this opportunity to say, "Yea, that's why you should use a MAC. You don't have to worry about viruses, trojans, or a generally bad OS".

Then it turns into a discussion on fat americans and obesity.



13
Developer's Corner / The fear of change
« on: February 19, 2006, 03:04 PM »
A fear of change is natural for any person, as change is stress (by definition), work, and uncertainty. Programmers are no exception to this rule, but have the unfortunate luck of being in an industry that changes constantly.

Indeed, there is no stopping evolution and innovation in technology. Change seems to be inherent in any modern technology, as technology is a means to improve efficiency, and improvements to technology further improve this efficiency. Market forces themselves will always drive change in technology.

There is no escape for the programmer. He (or she<cough>) is forced to deal with change or find their skillsets in a state of perpertual decline in need by the market, in usefulness to the consumer, and in support for by complimentary technologies.

Yet so many programmers don't seem to recognize their own aversion to change and instead curse new technologies with irrational arguments whose true root is in the fear they have of change.

But technology evolves so quickly with so many fads that it is impossible for even the most diligent programmer to stay up-to-speed with all emerging technologies. Therefore, a programmer must choose carefully which new technologies he or she commit to learn. So, resisting change is good up to a certain point, as it reduces the liklihood of wasting time on technological fads.

Its when this resistance to change prevents programmers from ever evolving, leaving them stuck in some war against innovation itself, that it becomes detrimental to the programmer, and society at large.

A good example is the fanatic x86 assembly language programmer who refuses to admit that assembly language programming is of increasingly less viability. Such a programmer stands firm on their irrational arguments, refusing to admit that a good C/C++ compiler will out-optimize the vast majority of their efforts.

How many times have we C++ programmers cursed Visual Basic guys. Sure, they are all lamers, but the fact is that they often fulfill the requirements of a project in less time and effort than the same project done in C++. Languages that make programming easier, despite the merits (or lack there-of), are so often condemned just for making things easier for new programmers. This says something itself about our human nature, but I digress...

And now .NET is on the horizon. Its been here for a while actually, and is constantly improving. It has its advantages and disadvantages, as does any programming platform, but managed code in general, and .NET in particular, has proven itself to not be some fad. Its clearly the future, and we need to embrace it instead of fear and resist it.

What we've worked so hard for so many years to learn will eventually become antiquated; this is an unstoppable market force. We can fight it, but we can't stop it. In the end, its best to take what we've learned and use it in the pursuit of mastering the latest programming technology.

Fortunately for us old unmanaged programmers not all is lost. C++ is still C++, even if its .NET. VB is till VB, even if its .NET.

The market makes our transition to new technologies as easy as possible, since this is in the best interest of the work-force at large. But no matter what the particular situation, change will always seem more difficult and scarier than it actually is.

A good programmer must be ready to learn new technologies and abandon previous technologies. He must accept change as an unstoppable force, embracing it for the increases in efficiency it provides, instead of condemning it with irrational arguments that only thinly mask the fear of change.

14
Unfinished Requests / irc client filter
« on: July 13, 2005, 11:15 PM »
I hear of someone wanting to protect themelves from the extremely foul language used on some irc channels on efnet. They need it for xchat. U got xchat code already, right mouser? Not sure who it is that has such incredibly bad language as to mandate an actual censor ;p.

I'm sure they'd appreciate it ;).

Thanks,

Pages: [1]