avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday October 4, 2023, 6:59 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - wraith808 [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 24next
N.A.N.Y. 2023 / NANY 2023: Binance Test App
« on: January 01, 2023, 11:00 PM »
NANY 2023 Entry Information

Application Name Binance Test App
Short Description This utility is a start to satisfying a coding request for a Binance Notifier - testing the API. It allows you to see your balances, see all ticker prices, and query your orders
Supported OSes Any Windows version that supports .NET Framework 4.8 (tested on Windows 10/11)
Web Page to be added
Download Link
System Requirements.NET 4.8

I started working on a tray notifier for Binance, but have been unable to test it as I've been unable to verify. I didn't want to release that without testing, so am releasing my initial POC app in its stead.

You will have to sign up for Binance, and get an API Id and secret key in order to use it. The application will also ask you for the API url - for US clients.

Unzip to the place of your choosing. If you want to make it completely portable, then you will need to add a BinanceTestTool.config text file, otherwise it will create it in the AppData folder.

Run BinanceTrayTool.exe (it's still named for the app it will hopefully one day be)


Remove the files! Other than the possible config file in the Appdata folder, it will make no other changes to your system.

Screenshots and Minimal Instructions

This is the main screen you will be presented with. Press the settings button to start

In this screen you will enter your API Key, Secret Key and Endpoint


Then you should be able to use the functionality!

General Software Discussion / The End of the Atom Editor
« on: June 08, 2022, 08:14 PM »
I tried it back in the day, but didn't find anything better than Sublime Text... then I started using VS Code, and it was better than both. I guess a lot of people had similar experiences.

Today GitHub announced it will archive Atom and all projects under the Atom organization for an official sunset on December 15, 2022.

Did anyone else use Atom?

Developer's Corner / Searching and updating XML file in PowerShell
« on: March 22, 2022, 07:54 AM »
I have the following bit in a Powershell script:

Code: PowerShell [Select]
  1. [xml]$xmlConfig = Get-Content "odata.xml"
  2. $validNodes = $xmlConfig | Select-Xml -XPath '//variable' | %{$_ | ?{((($_.Node.Property.Name -eq "id") -and ($_.Node.Property.Value -eq "this-is-the-node")))}}
  3. if ($validNodes.Count -gt 0)
  4. {
  5.     $validNodes.development = $encryptedcredentials
  6. }

And it's not returning valid nodes, even though the node is there.

The XML file looks like the following:

Code: Text [Select]
  1. <configuration>
  2.   <variable>
  3.     <id>this-is-not-the-node</id>
  4.     <development>2</development>
  5.     <staging>0</staging>
  6.     <production>0</production>
  7.   </variable>
  8.   <variable>
  9.     <id>this-is-the-node</id>
  10.     <development>2</development>
  11.     <staging>0</staging>
  12.     <production>0</production>
  13.   </variable>
  14.   <variable>
  15.     <id>this-is-not-the-node-either</id>
  16.     <development>2</development>
  17.     <staging>0</staging>
  18.     <production>0</production>
  19.   </variable>
  20. </configuration>

I want to select the valid node, then edit the value for development under that node.

Any ideas what I'm doing wrong?

N.A.N.Y. 2022 / NANY 2022 Pledge: S3 Warp Transporter
« on: December 09, 2021, 09:41 AM »
NANY 2022 Entry Information

Application Name S3 Warp Transporter
Version None Yet
Short Description A way to easily transport files/text using S3 as an intermediary
Supported OSes Windows
Web Page Yes, it will have one
Download Link
System Requirements
  • Modern Windows
  • x86_64 architecture CPU
  • AWS S3 Bucket
  • .NET 5.0
Version History
  • 2022-01-02
    - Initial Release
Author wraith808

I started using Wormhole William, but there's a problem of the bandwidth for the nodes in the transfer. There are several transfer options for using S3 as a backing store, but all of them are pretty heavyweight. So I decided to roll my own- mostly because I'm doing AWS certification course right now, and it's a good way to keep the memories of the earlier lessons while I move on to the rest of the course.


Installing S3 Warp Transporter is simple- just unzip the archive where you want it installed. You will also have to set up your own S3 Bucket on AWS and Create an IAM with AccessKey/SecretKey. This was intended to solve a problem that I had in using Clipboard Fusion and other clipboard sharers, so it's not exactly non-tech-savvy user friendly.

The first thing I'll cover is the recommended settings for the S3 bucket - I'd recommend that it not be public. You can find simple rules for setting up one at The bucket does not need to be public for the application to use it. If you're using it as I am, I'd suggest not making it public.

I also set up lifecycle rules on my bucket, so I don't have to worry about cleaning it up - it's just meant for ephemeral storage as I move things from one computer to another. My settings for my bucket are below:

Step 1: Create the lifecycle rule and apply it to all objects in the bucket

Step 2: Adjust the rule action to expire current versions of objects after 7 days

Step 3: Review the rule - it should look like the below image

Next, we need to create the IAM user. You can find steps on creating one at https://binaryguy.te...m-user-to-access-s3/

Two notes on creation.

Note 1. Make sure to make the user use an access key for programmatic access

Note 2: The easiest policy to use is the canned one for AmazonS3FullAccess

You can get more granular and give the user access to only that particular bucket, and only listobjects, putobject, putobjectacl, getobject, getobjectacl, and headobject, permissions, but that's a more advanced operation. I might detail that a bit later in the more formal user guide.

Download the credentials, and note the region you created the bucket in, and the bucket name- you'll need those in the next step.

After getting everything set up, you're ready to run S3WarpTransporter.

First Run

When you first run the application, it will put a taskbar notification icon of a little rocket (thanks to Paul Davey aka Mattahan).

Right click on that icon, and a menu will show up:

Choose settings - this is where you will enter your bucket info and the directory you want objects downloaded into (it will be a bit less blurry, of course)


After entering your settings, you'll be in business. To go back to the menu image and explain:

  • Upload File - Opens a file dialog for you to select what file to upload. After it is uploaded, you will be given the key for the item, and it will be copied to the clipboard
  • Upload from Clipboard - If you have a filepath on the clipboard, that will be uploaded. If it is not a filepath, it will be uploaded as text.
  • Download Key from Clipboard - if you copy the key of a previously uploaded file to the clipboard, it will download that object
  • Settings - We went through that on first run, though if you need to change them, this is the place
  • Exit - Close the icon

Future enhancements

Better documentation, about box, and web page- being sick for much of December, I got a late start on this, so don't have that set up.
Better handling of file extensions on download - when I upload an object, I get the mime type from the extension. However, extensions to mime types are a different story, as they map to a large list- for example, text/plan has 8 different extensions in the apache mime type table. When querying those, they come back in alphabetical order- and the first one is 'conf'. I need to make my own implementation of this, and restrict it to common file types so I have a better chance of getting them right. Or even better, I'll store the original file name in the metadata for the object.
More settings - run at startup would be a nice addition.
Dialog to enter the Key. The clipboard is nice and convenient for my use, but I know that it might be inconvenient to copy the key to the clipboard. Maybe. I haven't thought this through completely.

Developer's Corner / 'Trojan Source' bug
« on: November 02, 2021, 10:52 AM »
From Krebs on Security (https://krebsonsecur...ecurity-of-all-code/)

Researchers with the University of Cambridge discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard Unicode, which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis).

Specifically, the weakness involves Unicode’s bi-directional or “Bidi” algorithm, which handles displaying text that includes mixed scripts with different display orders, such as Arabic — which is read right to left — and English (left to right).

But computer systems need to have a deterministic way of resolving conflicting directionality in text. Enter the “Bidi override,” which can be used to make left-to-right text read right-to-left, and vice versa.

“In some scenarios, the default ordering set by the Bidi Algorithm may not be sufficient,” the Cambridge researchers wrote. “For these cases, Bidi override control characters enable switching the display ordering of groups of characters.”

Bidi overrides enable even single-script characters to be displayed in an order different from their logical encoding. As the researchers point out, this fact has previously been exploited to disguise the file extensions of malware disseminated via email.

Here’s the problem: Most programming languages let you put these Bidi overrides in comments and strings. This is bad because most programming languages allow comments within which all text — including control characters — is ignored by compilers and interpreters. Also, it’s bad because most programming languages allow string literals that may contain arbitrary characters, including control characters.

“So you can use them in source code that appears innocuous to a human reviewer [that] can actually do something nasty,” said Ross Anderson, a professor of computer security at Cambridge and co-author of the research. “That’s bad news for projects like Linux and Webkit that accept contributions from random people, subject them to manual review, then incorporate them into critical code. This vulnerability is, as far as I know, the first one to affect almost everything.

The research paper, which dubbed the vulnerability “Trojan Source,” notes that while both comments and strings will have syntax-specific semantics indicating their start and end, these bounds are not respected by Bidi overrides.

Emphasis mine. More at link.

Has anyone heard of it? It's been many years since I've worked with anything at this low a level, so I can't really comment on how serious it is.

A while ago, I invested in a Netgear Orbi, in large part because it was an affordable mesh system, and Netgear had been good to me.

We moved a bit ago, and had the same base + 2 satellite hookup, and everything was fine. We had an absolutely ridiculous number of devices hooked up when my wife was running a pandemic pod, and it worked from one end of the house to another, with no drop in speed.

Fast forward to earlier this week. With no change in devices, locations of satellites, or pretty much anything, the satellite in my wife's office stopped giving her good performance. Some times it would just cut out totally. That's when I looked past the good reviews and found something rotten underneath.

Looking into people with the same problem, I found out about backhaul- or the intermediate links in a mesh network. For some reason, mine was always showing as poor now, even though the satellites never changed position. I tried moving them everywhere, and no joy. I tried resyncing, and nothing. I found places that said you had to have your satellites at least 30 feet from each other, and realized from that, maybe my system for the larger house was too much, and dropped a satellite. Nothing. I found out that each satellite actually had a dashboard, and it said it was too far from the base, so I moved it. Then I found places that said you shouldn't have more than two rooms. And about overlapping channels and you shouldn't use auto, you should use 1,6,or 11. And that perhaps someone had a new device, and I should get a wifi sniffer- so I checked Netspot, and tried to analyze and find the best channel for both 2.4 and 5Ghz. I saw there was new firmware- some said don't upgrade, and others said upgrade. I figured I had nothing to lose... so upgraded, and it seemed better.

... for a day. I added back in both satellites, and one has good (most of the time) and the other poor (most of the time)- which is better than both Poor. Looking deeper into the problem, trawling the Netgear boards, and even springing for support, the only thing I found was that this happens with Orbi routers, and no amount of time spent with tech support helps.

Hopefully, replacing them will make things better.


Amazon plans to enroll many of its hardware devices that are operated in the United States, including many Echo devices and Ring Spotlight and Floodlight Cams, into its Amazon Sidewalk system on June 8, 2021.

Amazon Sidewalk is a shared network. According to Amazon, it is used to make devices work better, e.g. by extending the working range of devices, keeping devices running even if outside the range of the wireless network of the home, or finding pets.

One of the ideas behind Sidewalk is that devices may continue to operate even if they lose access to the local wireless network; this works best in neighborhoods with lots of Amazon devices in the vicinity that all share some of their bandwidth.

Another key element of Amazon Sidewalk is that it creates a network for roaming devices, e.g. devices similar to Apple AirTags, that Amazon could utilize to provide the functionality.

Amazon explains:

Amazon Sidewalk uses Bluetooth, the 900 MHz spectrum and other frequencies to extend coverage and provide these benefits.
Each device, called Sidewalk Bridge by Amazon, shares up to 80kbps with the Sidewalk server when the feature is active. Amazon notes that the total monthly bandwidth is capped to 500 Megabytes for an account.

Neighbors will see the approximate location of Amazon Sidewalk devices, and not the street address.

Amazon Sidewalk will be enabled by default by Amazon on supported devices on June 8, 2021 in the United States. Amazon customers who operate Echo or Ring devices, need to opt-out of the program if they don't want their devices to join the shared network and spend some of the home bandwidth.

More at link above.

This reminds me of xfinity/comcast enabling it on their routers- didn't like it then, don't like it now.

For completing my renegade NaNoWriMo project, one of the items I received was a Scrivener coupon. I was saving it in case it would help me on the upgrade to Scrivener 3, but it gives me the exact same discount. Active users (registered before today, active on the forums at my discretion) can post below, and I'll randomly select a winner on April 16th. The coupon is good until November 1st, 2021.


It requires a bit of information and an agreement that they will contact you, but I figured some might be interested

N.A.N.Y. 2021 / NANY 2021: Wox Rolz Die Roller Plugin
« on: December 31, 2020, 02:31 PM »
NANY 2021 Entry Information

Application Name Wox Rolz Die Roller Plugin
Version 1.0.0
Short Description Plugin for the Wox launcher that uses to roll dice and show the results.
Supported OSes Windows on any version that Wox is supported on
Web Page
Download Link https://u.pcloud.lin...Mr7aafRwEpQANm1yot0X
System Requirements: Same as Wox
Version History
  • 2020-12-31 - 1.0.0 - Initial Release
Author wraith808

I just started using the Wox Launcher, and think it might be my new launcher of choice. I use a lot for rolling dice for RPGs, and figured that a good project for a plugin was to allow the use of the API from within Wox Launcher.

Either download the plugin package from my site and drag it onto the search screen or install it directly from search by typing

Code: Text [Select]
  1. wpm install Rolz Roller

The plugin page can be found at

How to Use
The keyword for the roller is rolz, and it uses the same syntax shown on Click the result to copy the text to the keyboard. A sample query is shown below:

Rolz Roller Screenshot.png

DC Gamer Club / Story Synth - web tool for card-driven roleplaying
« on: November 25, 2020, 10:16 AM »
One of this year's Golden Cobra winners was a web-based tool enabling remote play & card driven setups. This would work great for rapid-prototyping deck & oracle based games (first example off the top of my head would be The Quiet Year). Setup is done by dropping a list of cards into a google doc and then passing a link to the doc into the website; this also creates a persistent link for everyone, bypassing the need for a screenshare.

Some fancier formatting in the sheet can display different prompts as time passes (including different prompts to different players - already thinking how this could be used for a Murder Mystery Dinner Party),

I'm sure there would be all sorts of other uses, including perhaps prototyping board games, so passing it along!

Demo game & spreadsheet

General Software Discussion / VSCodium
« on: November 18, 2020, 10:06 PM »

Has anyone taken a look at this?  I've been using VS Code a lot (it's taken over from Sublime Text) and saw mention of this.  From the site:

Why Does This Exist
Microsoft’s vscode source code is open source (MIT-licensed), but the product available for download (Visual Studio Code) is licensed under this not-FLOSS license and contains telemetry/tracking. According to this comment from a Visual Studio Code maintainer:

When we [Microsoft] build Visual Studio Code, we do exactly this. We clone the vscode repository, we lay down a customized product.json that has Microsoft specific functionality (telemetry, gallery, logo, etc.), and then produce a build that we release under our license.

When you clone and build from the vscode repo, none of these endpoints are configured in the default product.json. Therefore, you generate a “clean” build, without the Microsoft customizations, which is by default licensed under the MIT license
The VSCodium project exists so that you don’t have to download+build from source. This project includes special build scripts that clone Microsoft’s vscode repo, run the build commands, and upload the resulting binaries for you to GitHub releases. These binaries are licensed under the MIT license. Telemetry is disabled.

If you want to build from source yourself, head over to Microsoft’s vscode repo and follow their instructions. VSCodium exists to make it easier to get the latest version of MIT-licensed VSCode.

Just wondered if anyone had seen/used it.

General Software Discussion / WoX Launcher
« on: November 18, 2020, 09:40 PM »
Tuxman introduced WoX (stands for something- I saw it somewhere, but I can't find it right now) in the Listary 6 thread, and I started to look into it.  I'm running it and FARR right now, and I like features from both.

FARR has more options for customizing your search heuristics and such.  It also has everything built into the application, and you don't need any dependencies.  WoX needs .NET (not a big deal as everyone on Windows has it), Python, and Everything.

Both of them have a lot of options in regards to interface design, so that's a wash between the two.  Both can be portable or installed.

The plugin syntax for WoX just makes more sense to me, but I'm sure it is a matter of developer preference.  WoX is faster at searching, but this is because WoX farms out a lot of its search capabilities to Everything.  FARR allows more customization of the heuristics and search behavior, which is a definite plus- the only nod to this functionality that WoX provides is the ability to pin a search result to the top of the search, so that the next time you search, it will be favored.  Not ideal.  But in its favor is the fact that WoX is open source- this makes it easier for me to understand things about the software, which is a bonus.

It's definitely not an instant win for either which is a surprise- I've given other launchers a try, but WoX is the first one that I've seriously considered.  I'm running both in parallel, so I guess I'll make a choice as time moves on.

Facebook tries to block tool aimed at promoting transparency around political ads

Facebook has told researchers at New York University to stop using a digital tool that tracks how people are targeted with political ads ahead of the Nov. 3 election.

The demand, sent last week and confirmed by NYU on Friday, centers on the academics’ use of a web browser plug-in that gives Facebook users a way to share specific political ads they are seeing on the site.

Political advertisers primarily target their ads to specific demographic groups, so the NYU tool — which collects roughly 16,000 ads each week — allows researchers to see how campaigns and other groups are crafting messages to voters based on race, age, location or other criteria.

In its notice to NYU, Facebook said that the use of the plug-in broke the company’s terms of service, and ordered the academics to stop using the tool by Nov. 30 or face “additional enforcement action." NYU said it will not take it down.

“We’re not going to comply with it,” Laura Edelson, an NYU researcher who is part of the project, told POLITICO. “What we are doing is perfectly legal and is in the public interest.”

More at link

Living Room / Studios can now own movie theaters
« on: October 17, 2020, 01:20 PM »
This ruling hasn't been widely reported, and is only tangetial to things here, but I thought it worth discussing.

There Are No More Laws Preventing Studios from Owning Movie Theaters. Now What?

For more than 70 years, most big movie studios have been banned from owning movie theaters thanks to a ruling in a federal antitrust case. That's no longer true.

The Paramount consent decrees were established by a landmark Supreme Court ruling in 1948 in U.S. v. Paramount Pictures. The decrees banned major studios of the day from owning and operating movie theaters. Last Friday, a federal judge in the Southern District of New York ended the decrees, according to court documents.

More at the link.  Note that this happened just recently.  Not bad timing at all, right?

One of the quotes from the article:

"The 77-year-long law has allowed movie theater chains to build a wealth of screens across the country ... and if studios wanted to compete with those numbers, they have a lot of catching up to do," DiGaetano says.

"I don't think there's a lot of real estate for movie theater operations out there," he adds. "I'm not gonna say we're over-screened but there are a lot of screens out there."

Yes, there are a lot of screens out there.  And with the news out of Regal and AMC, they will be ripe for the taking.

DC Gamer Club / Bundle for Racial Justice and Equality
« on: June 06, 2020, 12:05 PM »
Itch is selling a bundle.  Starting price $5 with over 700 games in the collection!

Buy the bundle, get good games, support the NAACP Legal Defense and Educational Fund and Community Bail Fund

Living Room / 3D Printing - General Discussion
« on: May 27, 2020, 01:49 PM »
So, I'm getting into this sometime soon.  I figured I'd make a thread for people to discuss their own forays into it, and collect some knowledge.

A few videos I started with to see Resin vs Filament (I've decided to go filament- toxic waste as a material doesn't appeal to me)

Some of those are old, but all went into the selection of filament for my printer selection.

I've also decided on a printer- I really should have gotten it while Amazon had it in stock, but decided to wait.  Hopefully it won't be too long.

Sovol SV01 3D Printer

My reasons for waiting
1. I don't have the models that I want yet
2. The person that's been helping me the most on it said that it was up priced $60 right now on Amazon (probably because a lot of people are buying them being at home with time on their hands).
3. I need to get the Silent board too, and wasn't ready to spent even more yet.
4. The things that I want to print haven't been released yet, so was hoping it would be back in stock by the time that I had the STL files.

Living Room / Keybase bought by Zoom
« on: May 08, 2020, 03:25 PM »
Oh well... have to decide if this is going to mean that I uninstall it or not.


Some interesting print and plays and other books on there.  Of note is the Frosthaven (successor to Gloomhaven) offer, and the Osprey offers.

Mini-Reviews by Members / Mini-Review: GIFExplainer
« on: March 25, 2020, 10:20 PM »
GIF Explainer Review
DISCLAIMER: Note that I was given a review copy of GIF Explainer in exchange for an unbiased, honest review.

Basic Info

App NameGIFExplainer
App Version Reviewedv1.1
Test System SpecsWindows 10 64-bit
Supported OSesWindows 7/10
Support MethodsRegistered users:  Sales support: [email protected]
Upgrade Policy
Trial Version Available?Yes, adds watermarks.  You have to give your e-mail address to get trial link.
Pricing SchemeLifetime license: $149.00.  Subscription Price: 29.95USD
Author Donation Linkwraith808

I must admit starting off, I went into GIF explainer with certain preconceived notions.  When I see GIF Explainer, I think that it's going to record video and turn it into a GIF for sharing.  That brings to mind certain questions- how about audio?  How large are these things going to be?  We've all seen the huge many megabyte GIF files that struggle to load in the browser as they download the image.

I'm happy to say that this isn't that.

If you've seen programs like ScreenSteps or Clarify, this is a similar concept- it documents processes in steps.  Once these processes are documented, it saves them to a GIF image instead of a PDF.

Who is this app designed for
I could see this being useful to explain a series of steps to someone remotely instead of a screenshare or a screen recording.

The Review
GIF Explainer 1.png

The first screen you're treated to after you install the program is this one.  It immediately made me question what I'd thought, and open my mind to what it is.

I'll take the documentation for one of my own programs, and recreate it in GIF Explainer to see how straightforward it is.

The first step is to Start a new project, so I clicked the link, and the following dialog appeared.

GIF Explainer 2.png

So it looks like the project will start with a tabbed dialog wizard- the first thing I did was set the width and height to a size that I thought would encompass the pages.  I left everything else at their defaults, and moved to the next tab.

GIF Explainer 3.png

Some basic information about the settings of the slides- appears pretty straightforward, and without other notice, I assume that the time scale is in seconds (at least I hope so).

There are several options for effects in the drop down.

GIF Explainer 4.png

I choose slide in from left.  What I didn't notice until later that the default for the transition duration is 0, and so it won't show up.  It would be nice if you selected an effect, it changed that, as it is easy to miss.

GIF Explainer 5.png

I didn't realize you'd actually be adding the slides in the wizard.  The button on the highlighted line allows you to select a single file, or the Add files button allows you to select more than one at a time.  I choose that way and end up with this.

GIF Explainer 6.png

It seems as if there would be some interface here to rearrange other than deleting and adding, but trying to drag and drop only opens the file selection dialog.  I hope that it's there later...

GIF Explainer 7.png

Some standard GIF optimizations- I choose none of them and click OK.

GIF Explainer 8.png

The slides appear, but there's no way to drag and drop them.  I see that there is a button to allow arrangement of a single slide at a time.  A bit clunky, but it works.

You can also add files, but only one at a time in this view, and add blank slides or screen shots.

The large area below is just to show you what your main background will look like.

I'm actually not sure what the Screenshot tab is for.  I do know that when I try to do anything with the interface at this point, it is non responsive- Seems to be a problem with the rect clipping?  But I can click the tabs so go quickly to the next one.

GIF Explainer 9.png

This tab allows you to edit your image and add callouts or other images or other graphical enhancements to the image.  I add a callout arrow, and click on it which allows me to add text to it.  There's quite the variety of different graphical artifacts to add to the image.

GIF Explainer 10.png

The next tab is a text tab which is a full featured text processing implementation, complete with tables and equation editing and the ability to insert more images.  However, the one thing that it's missing that would be nice for a text based slide is the ability to vertically justify the text.  Maybe the text is automatically justified to the center of the slide?  I guess we'll see.

GIF Explainer 11.png

There are several options as to what you can do- create a GIF of course, but you can also export your images from the project, create a PDF, and create several a couple of different wrappers for your GIF.  You can also export the slide's image or screenshot.  Not sure what each if these is... I export the image and it seems to allow me to save it to a file, but doesn't enforce a type, so I'd guess it was the same format as the image itself?  But the size of it is a lot larger than the image; the image was 35k and the exported slide is 1.6MB(!) 

When I export it, even though the program is registered, it has a watermark that says Unregistered. 


Exporting a screenshot throws an error.  I suppose that those functions need a bit of clarification.

I created the final GIF, and it weighs in at 524KB- reasonable. The PDF of the same process was 1.15MB originally.. the exported PDF comes in at 1.14MB- so right about the same as the original!


Taking a look at the GIF, I notice that the swipe transitions that I put in aren't there- and it's because of the transition duration above.  I ended up making the images differing sizes beceause I had to chop up a page- and those images are centered vertically.  The text I put on the new slide is not centered vertically.

How does it compare to similar apps
I'm not sure that there really is a similar app.  In concept, it's quite similar to ScreenSteps or Clarify, but the implementation is quite different as it is an autoadvancing presentation.  It's also a lot smaller (at least on my limited sample) than a comparable PDF.

It is a simple application with a simple purpose- but it packs quite a punch into the implementation of that purpose.  It could use a bit of polishing in the user experience area, but it gets the job done ably.  I've gone through the trouble of documenting steps for clients for a simple task- and the overhead in doing this seems quite smaller.  I can also host this in a web page or just send a link to a gif that opens in a browser rather than being concerned about their capabilities to view it.  If you have a need for something like this, it will prove useful.  However, the use case that I put it to is not the best use case for it- it won't replace documentation, and though one of the stated uses was for guides, I don't think it would be meant for that with the static transition times.  The target audience will either be waiting for the next slide, or won't have enough time to digest it.  I'm also a bit confused on the licensing option- it appears that the $29.95 license is for a perpetual license with expiring updates, and the $149.00 license is a lifetime license with lifetime upgrades.  But the mentions of subscriptions is a bit offputting.  If it is true that the license key is perpetual, I think that it could be stated more plainly, as subscription has certain negative connotations.  At $29.95 for a license with 1 year of upgrades, I think it's a fair price.  However, if that's a subscription, I'm a bit more skeptical.


'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc
from The Register

The short version here:
A new vulnerability has been discovered in Intel's Converged Security and Manageability Engine (CSME), the embedded system that oversees management of Intel system chipsets (not processors, this time). The vulnerability is a DMA race that potentially allows hostile code to overwrite memory in the embedded management engine before the management engine enables memory protection on its own memory space. Key to the vulnerability is the fact that this memory protection is disabled by default until and unless the management engine enables it — i.e, it is unsafe by default, and fails unsafe.

During that timing gap, other hardware – physically attached or present on the motherboard – that is able to fire off a DMA transfer into the CSME's private RAM may do so, overwriting variables and pointers and hijacking its execution. At that point, the CSME can be commandeered for malicious purposes, all out of view of the software running above it.

The vulnerability is exploitable whenever the chipset is starting up. The chipset is vulnerable from the time the CSME boot ROM first initializes the memory page direvctory, up until the IOMMU (Input/Output Memory Management Unit) is turned on. Critically, this occurs not only at system boot time, but every time the CSME or the IOMMU resets.

What this means is that every time the CSME comes out of sleep mode, or any time the CSME is reset, it is briefly vulnerable to attack.

The CSME provides, among other things, something called Enhanced Privacy ID, or EPID. This is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation. The engine also provides TPM functions, which allow applications and operating system software to securely store and manage digital keys for things like file-system encryption. At the heart of this cryptography is a Chipset Key that is encrypted by another key baked into the silicon, and you can't do too much damage, it seems, until you can decrypt the Chipset Key.

If someone manages to extract that hardware key, though, they can unlock the Chipset Key, and, with code execution within the CSME, they can undo Intel's root of trust on large swathes of products at once, we're told.

"To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.

"However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.

"When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

Living Room / Router Scam
« on: January 24, 2020, 08:11 AM »
Well, the article is actually entitled "Reddit Router Scam", but the "Reddit" part is just for clicks.

A couple of days ago one Reddit user had the misfortune to return home and discover something rather interesting hooked up to their router, placed there by their roommate. A cross between a multi-level marking scam and hardware malware, the malicious board had been put into a position that allowed it to harvest every bit of available data from their local network.

“Roommate has come home and stated they found the person on Facebook and installed the device a few days ago. They were told they’d receive $15 a month through direct deposit and all the device will do is run ads for other people when they visit roommates Facebook page…

…well it has been a long night but I’ve finally got all my passwords reset and bank cards cancelled. I have no way of knowing what data was taken as it is not stored on the device. Only thing left to do is grill my roommate for information regarding the person/company that gave them this and decide if I have enough to go to the police.”

Looking at the picture of the board itself, it appears to be an off-the-shelf Friendly ARM NanoPi NEO single-board computer. Built around an Allwinner H3 processor, a quad-core ARM Cortex-A7 running at 1.2GHz with 256MB of RAM, the board has a 10/100Mbps Ethernet jack, and a micro SD card slot. That’s a specification that provides more than enough horse power to snoop in on any traffic going across the local network.

More at link... but it goes downhill from there.  As someone else said in the comments, I'd be room mate shopping at that point. 

Someone else also said that if you could  sign up and get the free NanoPis without connecting them or giving them real account information...  They'd already have too much information at that point IMO.

Living Room / Google Chrome Will Support Windows 7 After End of Life
« on: January 10, 2020, 12:27 PM »
Google has officially stated that they will continue to support the Chrome browser in Windows 7 to give businesses more time to migrate to Windows 10.

On January 14th, 2020, Windows 7 will reach End of Life, which means that unless you purchased Extended Security Updates licenses, Microsoft will no longer provide vulnerability or bug fixes for the operating system.

For businesses, migrating to a new operating system can be a long and arduous task and while some may argue that organizations have had enough time to do so, many factors could come into play that delays this migration.

This means that many businesses will continue to utilize Windows 7 even after it has reached End of Life and no longer receives critical security updates.

For organizations that rely on Google Chrome for their web applications or SaaS apps, Google has stated that they will continue to fully support Chrome on Windows 7 through at least July 15th, 2021.

More at Bleeping Computer


Google Removed Over 1.7K Joker Malware Infected Apps from Play Store

Roughly 1,700 applications infected with the Joker Android malware (also known as Bread) have been detected and removed by Google's Play Protect from the Play Store since the company started tracking it in early 2017.

At least one series of such malicious apps did manage to get into the Play Store as discovered by CSIS Security Group security researchers who found 24 apps with over 472,000 downloads in total during September 2019.

"Sheer volume appears to be the preferred approach for Bread developers," says Google. "At different times, we have seen three or more active variants using different approaches or targeting different carriers. [..] At peak times of activity, we have seen up to 23 different apps from this family submitted to Play in one day."

More at Bleeping Computer.

Pages: [1] 2 3 4 5 6 ... 24next