Messages

1

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 15, 2020, 07:41 AM »

I just downloaded and ran both, no objections from Windows so far...

-brotherS (November 14, 2020, 01:49 PM)

Hm, so it doesn't sound like it's the compression itself that Defender is complaining about, at least that's something (and consistent with Defender not complaining for me either).

Sounds like 4wd was right:

Maybe it's just that the encrypted contents of the file now match the file pattern of Trojan:Win32/Wacatac.C!ml

-4wd (November 10, 2020, 03:01 PM)

Not much I can do about badly chosen, too short patterns in AV software matching encrypted data

2

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 14, 2020, 11:54 AM »

Thanks a lot, Stoic Joker!

brotherS: it would be nice if you could check if Windows Defender moans about a fresh 1.40 download from the dcmembers site, as well as SJ's uncompressed build

3

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 12, 2020, 06:40 PM »

So, to build an uncompressed version of fSekrit 1.x that's similar to the released version...

I think I still have the vc2003toolkit installer somewhere, which will hopefully work on Win10... Iirc that also includes the header files and import libraries.
And then there's the issue of using SCons for building – if I can still find a matching version of Python and the SCons distribution that'll work.

This is yet another occasion I'm embarrassed work on 2.x got stranded 

4

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 12, 2020, 11:33 AM »

Seems like anything packed with UPX makes AV go squirrel shit.

-Stoic Joker (November 11, 2020, 05:40 AM)

Sigh.

fSekrit uses PECompact and not UPX, but same same

I did ponder a bit whether to continue using executable compression – one of the points of fSekrit is to be tiny, but the savings might not be worth it compared to hassle from shitty AV software... And the 1.40 exe would still be < 100kb without compression.

5

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 11, 2020, 03:03 AM »

Before heading off to work (yep, after 6+ months of f'ing lockdown, we've been back to an office for a couple of months now!):

Does this also happen with a freshly downloaded copy of fSekrit, or only the one with your encrypted data? If it's the latter, 4wd has a point... and somebody needs to get their shit together and do more precise signatures

6

fSekrit / Re: fSekrit 1.40 quarantined by Windows 10

« on: November 10, 2020, 11:40 AM »

Hi, just a quick message to say I've seen your post!

For what it's worth: my own local copy of fSekrit isn't flagged (Win10 19041.572, and recent Defender definitions, (I hope)). I have to head off the see some friends and running a bit late, but will hopefully have time to look at this tomorrow!

7

Living Room / Re: For those with a CrashPlan...

« on: July 28, 2019, 12:00 PM »

Apparently the space is counting all old versions of files, and so the culprits of space use are likely files that have many copies, but I can't figure out how to find such files..  Painful.

-mouser (July 26, 2019, 04:10 PM)

I believe versions are going to get reclaimed automatically (but probably are counted against the limit).

Deleted files, however, do not get deleted automatically - this pretty much got me locked out of my account. The client will not connect properly when you're above your quota, and the web interface is bloody useless... doesn't show totals for folders, so it's near impossible to hunt down what's taking up space. And with the amount of files I had (because versions), it was also painfully slow. Not that the local client is much faster, when I got access again by contacting support and getting some extra gigabytes quota temporarily assigned, clicking around some of the large folders would take several minutes.

(The knowledge base articles on cleaning up versions and trash via commandline didn't work either - you literally can't clean up with the client if you're above your quota. And that you have to shut down the GUI, if running, before being able to run command line actions is... bloody stupid).

Anyway, deleted files end up in a "trash" folder you have manually empty now and then, might be your issue as well, mouser?

8

General Software Discussion / Re: Stop using LaTeX!

« on: July 20, 2019, 09:54 AM »

LibreOfffce Writer is mentioned in the article. I used to use Scribus for such purposes. Now I use LibreOffice Writer to produce desktop publishing-ready PDFs.

-Arizona Hot (July 19, 2019, 07:52 PM)

Hrm, I don't find that Libreoffice output quality comes anywhere near LaTeX.
It's OK if you just need to do typical office or school work, but publish-ready quality? Nope.

It's very easy to use, allows you to flow text around pictures and if you use the "Hybrid PDF" option (see screenshot below) you can re-edit the pdf later in LibreOffice Writer.

-Arizona Hot (July 19, 2019, 07:52 PM)

Why would you do that?
PDF should be thought of as an export, read-only format. Keep your documents in source form for editing!

9

General Software Discussion / Re: Fun and Games with 2fa Lockout Problem

« on: July 18, 2019, 01:10 PM »

So... now, after reinstalling the Authy app on their new phone. They cannot add the site to the authy app - to get access to the site - without scanning a QR code from the site, that is apparently only on the site, that they cannot access... Did you just think of a word that rhymes with firetruck??? I did.

-Stoic Joker (July 17, 2019, 12:58 PM)

Erm... I don't know how Authy works, but that sounds pretty normal for TOTP-style 2FA. You need your phone/whatever authenticator to give you a time-based key in order to access the site. If you lose that (and recovery codes, which you've hopefully stored somewhere safe), you're f*cked, as well as you should be. "Scanning the QR code" would be adding a *new* phone, with a new seed for the time-based transform.

Which for me...begs the question: Is this kind of idiotic catch 22 level circle jerk "normal" for these (security theater fad) 2fa authentication schemes?!?

-Stoic Joker (July 17, 2019, 12:58 PM)

TOTP-based 2FA is probably one of the best things you can do security-wise today (that still isn't too much hassle) - it's definitely not security theatre.

Unless it's done wrong by the site, and you can just call and social-engineer them, of course.

10

Developer's Corner / Re: Interesting article discussing how C on modern architectures is convoluted

« on: July 18, 2019, 01:04 PM »

Intel processors certainly do.  For example, here's a KB article from Microsoft describing an update that contains microcode to fix a Spectre vulnerability: https://support.micr...el-microcode-updates

-mwb1100 (January 01, 2019, 04:04 AM)

Neither the Intel nor AMD x86 processors can be fully redefined with Microcode, though. The companies don't want to provide much information on what is possible, and the firmware blobs are undocumented, encrypted and digitally signed - but the general idea is that some of the more complex things can be tweaked, whereas a lot of the more common stuff is pretty hardwired.

11

General Software Discussion / Re: Firefox 67 upgrade issues

« on: July 18, 2019, 12:52 PM »

So, I ended giving up finding a "proper" solution.

Instead, I ended up installing the new Firefox, and creating a blank profile. Then (without Firefox running) I copied all the files from the root of the old profile that had been modified during the last month.

The I made a guesstimate of which folders I ought to copy - e.g. skipping stuff like "cache2" and "OfflineCache", but including stuff like "browser-extension-data" and "storage". (Worth noting: session state, like open tabs, are not in "sessionstore.js" anymore - when Firefox is closed it's written to "sessionstore.jsonlz4", and there's lz4-compressed backups in "sessionstore-backups"... as well as periodically flushed current session state in "recovery.baklz4").

With semi-cleaned-up profile, I was able to start Firefox and have everything working again, yay!

It would be nice to know wtf caused the problems, but there's so many files and folders in a Firefox profile that I can't stomach the detective work. But obviously it's files that haven't been modified for a month that's still being read and causing issues. There's files in my old profile folder that haven't been modified since 2007...

It would have been nice to be able to do an export/import kind of thing instead of the manual copying, there's still probably old crud in the fixed-up profile that's not necessary. But hey, at least things work now!

12

General Software Discussion / Re: Firefox 67 upgrade issues

« on: June 29, 2019, 07:36 AM »

firefox supports multiple "identities" -- you could try starting it with a different identity profile:
https://developer.mo...ox/Multiple_profiles

-mouser (June 29, 2019, 06:59 AM)

Yeah, I did try starting with a new, blank profile, and that works - hence my guess that my current profile might be semi-corrupted or something.

And that could definitely be used to try and identify files that have addon configuration, and manually copying them over, but... ugh

13

General Software Discussion / Re: Firefox 67 upgrade issues

« on: June 29, 2019, 05:57 AM »

I wonder if one of the disabled plugins could still be responsible..

-mouser (June 29, 2019, 03:35 AM)

Dunno, I would think they're supposed to be disabled when they're disabled - and FF67 works fine on my work laptop. I guess my profile on this machine might be partially corrupted or something, but the behavior certainly is weird.

Backing up and restoring addon data on a fresh install (profile) would probably be the best option, but I dunno how to do that - and the idea of tracking down the files manually seems so tedious, even if it's probably just uMatrix, uBlock and NoScript I need. Well, and the standard Firefox options.

14

General Software Discussion / Firefox 67 upgrade issues

« on: June 29, 2019, 03:30 AM »

Hey folks,

When I upgrade from Firefox 66 to 67 (which is a pretty good idea because of security issues and stuff), the browser seems to lose internet connectivity. It starts up and tries to restore my tabs, but all of them are blank and in the "loading" state. If I go to "Help -> About", even the "checking for updates" seems unable to connect.

I've tried disabling all my addons, but that doesn't make a difference. There's no proxy configuration or other network trickery. If I reinstall FF 66, stuff works again.

Does anybody have an idea what could be wrong? Or, alternatively (and perhaps better in general), how I can export and re-import all addon settings in a fresh installation? I have a whole bunch of uMatrix and NoScript configuration that I'd really, really hate to redo.

15

General Software Discussion / Re: Gmail complaint, fixed

« on: June 12, 2019, 11:11 AM »

Option one: "Stylish" is a firefox addon which lets you apply CSS to a page.

-ayryq (June 11, 2019, 12:56 PM)

Have they stopped adding malware to that addon?

16

N.A.N.Y. 2019 / Re: This is an entry for NANY 2019 - SCrypt

« on: May 23, 2019, 02:12 PM »

I hope your "NumOfBytes" is badly named, and is really "NumOfInt64Blocks" :-)

Unless your "//      NextKey := *removed*" fetches a value from a One-Time-Pad with the same length as the data you're encrypting, that you're never re-using the OTP, and that you have a guaranteed non-surveilled channel for getting the OTP to the other side... then this is pretty useless.

I'm sorry if "useless" seems like a harsh word, but it's true nonetheless. If there's any reason to use crypto at all, use proper crypto. A scheme like this is definitely not good enough for "a crypted Chat-Session" - if you're discussing sensitive matters you need a whole lot more (there are perfectly good reasons Signal has a complex protocol), if you're not... well, who cares, send plaintext or use a HTTPS connection. Doesn't matter much if NSA knows when you're gonna hook up with your girlfriend, or what groceries you need to pick up on your way home from work :-)

Also, the code is pretty slow - no loop unrolling, and EMMS'ing for every block? Ouch!

17

fSekrit / Re: FSekrit 1.40 Error Saving File

« on: May 23, 2019, 05:32 AM »

Sorry for the late reply

FWIW I've run into the same issue on Win 10 Pro 64 but only intermittently. 'Save As' and then replace the original version was a work-around.

-cranioscopical (September 18, 2018, 07:29 AM)

Hm, I haven't seen any issue like this, and I'm running Win10 Pro x64 as well.

Intermittent problems are darn annoying, they're difficult to solve - even more so when they don't happen for me. And yeah, I still use fSekrit regularly myself

18

fSekrit / Re: LATEST VERSION: fSekrit 1.40 shrinkwrapped!

« on: May 23, 2019, 05:27 AM »

I happened to find a similar(actually i think the same) program Text-2-EXE

-chashnniel (February 15, 2019, 03:37 AM)

Ugh, missed forum reply notifications for this one!

At first glance, this seems to be a very clear ripoff of fSekrit (although with internationalization added?). The maxa-tools site seems to be down at the moment (Domain Status    On-hold (redemption Period)), but it seems the tool has been shared to a bunch of sites (portablefreeware, softpedia, heise, ...).

I've taken a quick look at the text2exe.exe downloaded from Heise in a hex editor, and... it looks like it's a Visual Basic application. So, not a hackjob that's just replacing resources, and not somebody doing a few modifications to the open-source version of fSekrit... but doing pretty much a reimplementation?

The mind, it boggles

19

Living Room / Re: Interesting, low-effort, blackmail-esque spam

« on: August 01, 2018, 11:29 AM »

One of the newer trends of these sextortion scams is to use hacked/leaked passwords to make them appear more legitimate. Lots of people are falling for it...

20

Living Room / Re: DonationCoder website under ddos attack this morning

« on: July 29, 2018, 06:34 AM »

A heads up that DC is still broken.

-Tuxman (July 28, 2018, 09:55 AM)

Use a browser instead of a semi-broken wannabe OS ball of mud

21

General Software Discussion / Re: Software for planning wood bookcases/cabinets/tables etc?

« on: July 27, 2018, 06:03 PM »

But yeah, I actually think it would have looked nicer if the legs were closer to front and thus more visible.

-mouser (July 27, 2018, 04:52 PM)

I, on the other hand, find the look pretty great. Having the legs flush with the rest of the structure seems... blocky, I guess. Current placement is good

And I'm still unconvinced as to whether I chose correctly going with this lighter reddish/orangeish stain, instead of my normal dark brown stain, but that ship has sailed.

-mouser (July 27, 2018, 04:55 PM)

Oh, this is the light color I slammed on IRC? Looks a lot nicer on the finished product!

If you were to pick a darker tint, I think a deep chestnut kinda thing would have been nice in that setting.

22

General Software Discussion / Re: Software for planning wood bookcases/cabinets/tables etc?

« on: July 27, 2018, 03:51 PM »

I'm curious about the placement of the feet. I would expect them to be almost flush with the outside corners, and maybe an extra one or two near the center. Why did you choose to place them the way you did?

-Deozaan (July 27, 2018, 03:27 PM)

Better support and weight distribution?

23

General Software Discussion / Re: How to REALLY stop ******* Windows Update on Win10?

« on: July 26, 2018, 06:02 PM »

Right,

Disabling updates is not an option. Making updates non-automatic might work, but is a poor option.
I don't want to have to remember to go and check for + install updates - I want it to be a fairly automatic process.

wraith808: that link is just Microsoft really, really, REALLY not getting what people are complaining about >_<

24

Living Room / Re: DonationCoder website under ddos attack this morning

« on: July 25, 2018, 03:29 PM »

Any clue as to why it's happening - ransom, specifically targetting us, or being a collateral damage of colocation?

25

General Software Discussion / Re: How to REALLY stop ******* Windows Update on Win10?

« on: July 25, 2018, 01:28 PM »

I believe the necessary policies only work on enterprise versions, not even pro versions >_<

Removing the task files are not enough, they get re-created. The same goes for setting all ACLs to deny access, Windows will eventually go "Lol, I'm LOCALSYSTEM, bitch, what are you gonna do about it?" and reset/recreate the ACLs.