Recent Posts

1426

General Software Discussion / Re: How necessary is the UAC in Windows 7?

« Last post by f0dder on July 20, 2011, 05:06 PM »

Aaaah, there you've got your problem, then - DW have been running with administrative privileges all the time, which is why AW couldn't control it until you ran that with administrative privileges as well.

-f0dder (July 20, 2011, 04:13 PM)

I'm not sure I follow you.  Why do you say that DW has been running with administrative privileges all the time?

-cyberdiva (July 20, 2011, 04:48 PM)

As soon as you click "yes" on an UAC prompt, the application that's prompting is granted administrative privileges.

1427

General Software Discussion / Re: How necessary is the UAC in Windows 7?

« Last post by f0dder on July 20, 2011, 04:13 PM »

I should add, however, that with or without the elevated status, Dreamweaver still gets challenged by UAC every time I start it.

-cyberdiva (July 20, 2011, 03:10 PM)

Aaaah, there you've got your problem, then - DW have been running with administrative privileges all the time, which is why AW couldn't control it until you ran that with administrative privileges as well.

The thing to keep in mind is that UAC 'dumbs down' your administrative account pretty much to the level of a Limited User Account - so by default, applications don't have a lot of control.

Haven't used DW since version 2, but it was already fast becoming a monster back then. Dunno why it would require admin privs, can't think of a good reason for it, but as Stoic Joker says it could be (stupid) registry access, or it could be (stupid) attempts at accessing folders it really shouldn't be accessing

1428

Living Room / Re: FBI Arrests 12 in 'anonymous' raids

« Last post by f0dder on July 20, 2011, 02:11 PM »

But it sure does make nice headlines to say you've grabbed 12 members.

-f0dder (July 20, 2011, 12:03 PM)

hehe ...Yeah, especially when you leave out what a small percentage of the whole that is.

-Stoic Joker (July 20, 2011, 01:31 PM)

Indeed.

Now, if they had actually tracked down 'important people', then 12 could very well be a huge whopping percentage... I refuse to believe in this "zomg we're hyper-distributed like small terror cells!" mumbo jumbo, but it's hard getting to the rotten core when there is a big distributed net work of cannon fodder.

I liked the part where they said a computer was seized in the raid. o_O Seriously?!? A computer ... Who the fsck has a computer?

-Stoic Joker (July 20, 2011, 01:31 PM)

Apparently only one of the suspects? ;P

Depends on how you count, I guess. I've got a computer. And another. And yet a computer over there in the corner, playing a server. Do laptops count as well? Then I've got a laptop-computer to the left of me (for work), and another that I'm currently typing on. Oh, and that other computer in the corner, that's a computer of my brother's that I'm supposed to linux-up. :]

1429

General Software Discussion / Re: Acronis Saves the Day

« Last post by f0dder on July 20, 2011, 12:52 PM »

I've got shelves full of Windows tech tools and rescue disks. And I know how and when to use them. But I've often found trying to work on a clobbered Windows drive using anything that's Windows-based only compounds the problem if the drive is seriously "pooched." But maybe I'm just unlucky that way.  Your mileage will likely vary from mine.

-40hz (July 18, 2011, 09:33 AM)

If you work with the wrong tools, you'll definitely do more damage than you'll fix... anything that requires you mounting the partition read/write means instant fail rewards.

I've had moderate success with as simple an approach as just mounting a semi-hosed partition readonly from linux and salvaging files... but when partitions have gone bad enough that I need to rescue things from them, the best I've bumped into so far is the (Windows) program GetDataBack for NTFS from Runtime systems... but obviously you don't assign a drive letter to the bad partition when doing that, and you salvage to a separate physical disk.

1430

Developer's Corner / Re: md5 / sha1 hashes What's the point?

« Last post by f0dder on July 20, 2011, 12:35 PM »

I use hash files (mainly SFV files) to verify that my media collections do not get corrupted over time.  They also are great for verifying files after moving them from one computer/drive to another.

-skwire (July 20, 2011, 10:14 AM)

I've been doing that too - but lately I've been pondering if it wouldn't be a better idea to use PAR files instead... then you might be able to fix corruption rather than just detect it.

As for anti-tampering, this has already been touched on, but
for linux/bsd distros, the .iso files are hosted on a lot of different mirrors, and the links + hashes are hosted on the main site. To successfully violate a distribution, you'd need to hack both the main site as well as a number of mirrors (people downloading these things wouldn't be fooled by bad links). Some distributions even cryptographically sign the images.

If you want real security, you sign the package to get cryptographic blahblah on your side. Or maybe you can just sign the hash. I'm unsure, to be honest.

-worstje (July 20, 2011, 03:34 AM)

You're always signing a hash, as it'd be computationally unfeasible running public-key algorithms on a DVD image... whether you're signing the hash of the md5sum file or the hash of the DVD-image is a different matter, though :p

but any good installer checks its contents for this before installing

-justice (July 20, 2011, 03:26 AM)

Installers work differently, though. For OS distributions, you don't generally check the entire media before installing - especialling considering you're often running from an optical media, that would be extremely slow... and considering you don't install 100% of the packages on the media, it would also be stupid. Better to let users offline-verify the ISO hash, and then online-verify the individual packages being installed.

1431

Living Room / Re: FBI Arrests 12 in 'anonymous' raids

« Last post by f0dder on July 20, 2011, 12:03 PM »

I wonder if they got anybody important, or just a handful of guys running LOIC.

Probably nobody important, just like last time. But it sure does make nice headlines to say you've grabbed 12 members.

1432

General Software Discussion / Re: How necessary is the UAC in Windows 7?

« Last post by f0dder on July 20, 2011, 12:01 PM »

cyberdiva: DreamWeaver shouldn't need to run with admin privs, it should only be necessary to run ActiveWords with those elevated privileges. IMHO it makes a lot of sense that only elevated programs should be able to try and control the other applications running on the system...

1433

General Software Discussion / Re: Browser CPU - the Firefox perplexity - Chrome threading architecture

« Last post by f0dder on July 20, 2011, 11:42 AM »

Firefox separated out the processes on extensions to a separate plugin-container.exe . I think that means that if an extension goes haywire .. you can kill the process (or it can kill itself) and your Firefox windows stay up.

-Steven Avery (July 20, 2011, 05:52 AM)

AFAIK that process is only for plugins (flash, java, adobe reader), not addons.

Chrome uses a different architecture, I think each window open gets a thread under the windows OS as you see in task manager.  That is nice (especially if you could see what the thread is doing) for killing one aberrant CPU window, it also is Task Manager clutter.  An interesting approach.

-Steven Avery (July 20, 2011, 05:52 AM)

Process, not thread - a process is what you see in task manager, and those can have multiple threads running. Yes, an interesting approach, but also one that means Chrome sucks up a lot of memory, and wastes a bit of time (though not that much) on inter-process communication. Newer versions of Internet Explorer use an interesting hybrid: it runs multiple processes, but each process is responsible for more than one tab. That does mean one hanging website can take out a few others, but it's better performance-wise.

Now I wonder why CPU goes so haywire in Firefox (memory usage can also go very high, like 500K .. but that can be reduced with Cleanmem and is not much of a problem anyway).  CPU usage will slow the system tremendously.

-Steven Avery (July 20, 2011, 05:52 AM)

Bad addons, usually. Memory leaks and whatnot. A tool like CleanMem is snake oil, it doesn't really free up memory, and it does nothing the Windows memory manager can't do it self.

However, isn't the internet architecture supposed be stateless .. nothing is really supposed to be happening with open windows .. they are just "there".

-Steven Avery (July 20, 2011, 05:52 AM)

Sites can be running client-side JavaScript. The usual problem is Flash, though - it just sucks up CPU time like there's no tomorrow. Get in the habit of blocking flash apps by default, and allowing them only to run when you need them... helps prevent against drive-by exploits as well.

I don't see abnormal CPU usage with the FireFox installs I have, but I do see lots of memory leaks because of addons. I've kinda learned to live with it

1434

General Software Discussion / Re: How necessary is the UAC in Windows 7?

« Last post by f0dder on July 19, 2011, 03:30 PM »

Personally I leave it switched on - the one positive is it is much less irritating than it was in Vista.

-Carol Haynes (July 19, 2011, 02:33 PM)

If you haven't cranked UAC to the maximum setting, you might as well almost just turn it off - unless Microsoft have been a-fixing things, it's pretty easy to turn it all the way off programmatically.

The only time I install an anti-malware app is when I suspect I've been too trusting to something I shouldn't have, or if I just want to make sure I've got a clean slate.

-wreckedcarzz (July 19, 2011, 02:47 PM)

That's too late - if you've already got a nasty bugger, anti-malware might not be able to detect it. Be proactive!

Anyway, as to what UAC does: it doesn't stop stuff from running on your computer; it prevents stuff from going form LUA (Limited User Account) privileges to full administrative privileges. Not all malware needs admin privs to be effective - but the stuff that's nastiest to detect & remove does. And of course there's been a few privilege escalation exploits in Windows, letting you bypass UAC. Needless to say, bugs like that have a pretty high fixing priority.

Thus, UAC isn't an end-all-be-all. It's a mitigating factor (just like Windows Firewall and Windows Defender, and the various kernel enhancements that been added from 2003-server until Winy), and you'll want as many mitigating factors as there is (within performance reasons, of course).

It's a pity that Microsoft hasn't been able to devise a better tool after all this time.

-cyberdiva (July 19, 2011, 03:04 PM)

It's a pity 3rd party developers are ***hats who don't want to follow official programming guidelines - if they did, we wouldn't need administrative privileges (and thus an UAC popup) nearly as often.

As for the ActiveWords problem, that's a bit curious. But one added part of security is restricting how programs can interact with eachother - there's all sorts of attacks you can do by messing with other applications, so you generally DON'T want a low-privilege application messing with a high-privilege one. Is DreamWeaver, by any chance, started with administrative privileges? Even if it isn't, try starting ActiveWords with administrative privileges.

1435

Living Room / Re: Post Your Funny Videos Here [NSFW]

« Last post by f0dder on July 19, 2011, 11:30 AM »

Edvard: doping cats with PCP is not fair :-O

1436

Living Room / Re: 64 Bit OS - When to Switch ?

« Last post by f0dder on July 19, 2011, 11:26 AM »

I prefer isolated components, little black-boxes I can juggle around as I want. They need a bit more window nesting depth than the 64-bit edition gives...

-vlastimil (July 19, 2011, 04:25 AM)

The times I've bumped into the issue it has either been because of using way too many controls to simulate something that should have been done as a single custom control - or because of too-recursive message sending (which there's usually sensible ways around).

Might have worked under 32bit versions, but redesigning means the stuff runs on x64 as well as being less sluggish on x86.

1437

Living Room / Re: 64 Bit OS - When to Switch ?

« Last post by f0dder on July 18, 2011, 06:42 PM »

Here is the catch: the amount of memory available for the stack is the same in 32-bit and 64-bit Windows, but the stack entries are twice as long on 64-bit Windows. Hence the usable window hierarchy depth is halved. And if you think that you can avoid the problem by using 32-bit edition of the affected application on 64-bit Windows, that is not the case. The problem is in the 64-bit kernel. The worst thing is that Microsoft refuses to consider this a bug and fix it (unless they changed their mind since the last time I checked).

-vlastimil (July 08, 2011, 04:06 AM)

I've run into that issue with some of my C# code, and speaking from experience, I can say the following:

that will only ever be an issue with very badly designed code. If you run into this issue, you're doing things wrong - massively wrong.

As for compatibility, I jumped onto the x64 bandwagon relatively early with XP64. At my first attempt, drivers were a problem (blame Creative) and I had to go back to XP32... at my second attempt, I never looked back. Yeah, you can no longer run 16bit apps (neither DOS nor Windows) without an emulator, and some older 32bit apps come with 16bit installers... but generally I've had very little trouble. x64 is slightly faster sometimes (and for some tasks, a lot), it's somewhat more secure, and it lets me use all my memory. It's good.

1438

General Software Discussion / Re: Virtual cd/dvd drive software (2011)

« Last post by f0dder on July 18, 2011, 06:32 PM »

I've been using MagicDisc for a while, since it's simple and no-nonsense and works. But with the GPL violations and senseless new-image-format crap mentioned by Lashiec above, perhaps it's time to reconsider :/

I've used SlySoft's VirtualCloneDrive as well, and it was pretty good - it had problems when I initially moved to Win7, though, and iirc it was only controllable through an Explorer Shell extension... and it only installed the x64 version on my system, meaning I couldn't configure through my 32bit copy of explorer^2. Other than that, excellent app.

Stay away from Daemon-tools and the like. There's been adware in the DT installers, and there's a whole crapload of copy-protection defeating stuff running in kernel mode that you don't really want unless you need that kind of thing.

1439

General Software Discussion / Re: Will facebook ever be the same?

« Last post by f0dder on July 18, 2011, 06:05 PM »

I hope this doesn't catch on.

Getting datamined up my ************** by facebook is bad enough - letting google add the final missing pieces of information they need? Thanks, but no thanks. If people end up ditching facebook and move to G+, I'll be seriously considering cutting down my relations with people to the old-fashioned kind.

1440

Developer's Corner / Re: The Yii PHP Framework

« Last post by f0dder on July 17, 2011, 07:51 PM »

Thanks for those two URLs - it looks mostly sane, but...

'joinType'=>'INNER JOIN',
...
'order'=>'posts.create_time DESC'

(which looks a lot like RoR AR) hints that it's probably a very thin layer above SQL... There's two reasons this makes me go 'meh':

1) magic constants are bad, especially strings. And it {w,sh}ouldn't have been hard incorporating ascending/descending in the fluent API (LINQ does it).
2) a thin layer above SQL is likely to not add optimizations that a proper expression tree API can do... which leads to fine performance for toy applications, but having to resort to hand-written (and vendor-specific) SQL when you hit medium-sized sites, rather than being able to use a fluent API well into the medium-size sites.

Note that the performance comment is just an educated guesstimate - Yii's AR implementation could easily be better, haven't looked at it

1441

fSekrit / Re: 2011 status report

« Last post by f0dder on July 17, 2011, 07:40 PM »

With advent of computing power, maybe consider 1024 bit encryption...

-kilves76 (July 04, 2011, 03:37 AM)

Key sizes larger than 256 bits currently tends to mean public/private key based encryption (Like, RSA) rather than symmetric-cipher encryption (like, AES). That's a simplification, but the general idea is that larger bitsize doesn't necessarily mean more secure, especially not if comparing ciphers types that are very different.

maybe combined with "random" encryption variations from user's password or even user selectable (a combination of rol, ror, xor etc mangling stuff, for example pw_letter/mod_3 = use rol/ror/xor).

-kilves76 (July 04, 2011, 03:37 AM)

That sounds fancy, but wouldn't add much real security - I believe in the mathematicians and cryptographers more than the marketing people - and I sincerely belive that if somebody had the capacity to break AES, adding a few ROR and ROLs would only make them LOL

Please note that i am not a crypto expert so don't actually know if this would be a security risk instead of an improvement!    But it's an idea that's been in my head for ages, thank you for letting me steam it out.

-kilves76 (July 04, 2011, 03:37 AM)

Thanks for the ideas - I'm by no means an expert myself... so I let the experts do the hard mathy stuff, and follow their advise

1442

Living Room / Re: Post Your Funny Videos Here [NSFW]

« Last post by f0dder on July 17, 2011, 07:02 PM »

That's a classic, tomos

Related: http://www.youtube.c.../watch?v=72liVSG4fRU - part 2 is where it gets funny

1443

General Software Discussion / Re: Deduplication, encryption, security and... Dropbox

« Last post by f0dder on July 17, 2011, 06:43 PM »

If you are going to store data online always encrypt it locally first in your computer, never trust a third party service like Dropbox or Hushmail with your data even if they tell you they can’t access it and that everything is fine, the bottom line here is that they have access to the decryption key.

-kyrathaba (May 29, 2011, 07:38 AM)

Good advice if you use a crap service like DropBox - unnecessary if you use something that incorporates client-side security (SpiderOak).

1444

Living Room / Re: Anyone here using a standing desk?

« Last post by f0dder on July 17, 2011, 06:41 PM »

"1 in 3 Americans is obese".

And that has everything to do with sitting rather than standing, and nothing to do with the kind of food being eaten and other lifestyle choices, right?

1445

Living Room / Re: PORTAL 2 AVAILABLE NOW FOR PRE-ORDER

« Last post by f0dder on July 17, 2011, 06:30 PM »

Not to sidetrack this thread, but why has OpenGL never really seen wide adoption?

-Josh (May 15, 2011, 09:33 AM)

Because it kinda sucks compared to DirectX?

It used to have the upper hand, but at DX9 the tables definitely got turned. OpenGL might have extensions a bit faster then DX, but then a developer has to use different vendor-specific extensions to use all the new stuff - and wait a LONG time for the committee to accept it as a standard... with DirectX, you have to wait a bit longer before using the new features, but then it's one API (the thankfully did away with the caps system).

I remember seeing OpenGL as a driver option when playing duke nukem 3d back in the early 90s.

-Josh (May 15, 2011, 09:33 AM)

Original duke3d definitely didn't, you must have either found a 3d-card-vendor specific versions (which I kinda doubt - Quake was the first time that seemed to go mainstream), or have found a dedicated Windows port for it.

1446

Living Room / Re: What's Your Internet Speed/Reliability SATISFACTION?

« Last post by f0dder on July 17, 2011, 05:58 PM »

I agree. Nobody needs such speed.

-wr975 (June 27, 2011, 09:41 AM)

I disagree - if enough people had that kind of internet speed, interesting new software could be developed. Like, distributed backups fast enough to be usable...

1447

Developer's Corner / Re: Google Go

« Last post by f0dder on July 17, 2011, 05:46 PM »

steeladept: even around 2007-2008, iirc online MSDN documentation was just fine - it's built-in search used to be very very sucky, though. To the point where I'd use google when searching for API information, and tack on a "site:msdn.microsoft.com"

Once you're "in there", it's always(*) been easy enough to navigate around, though.

(*): always in the developer sense, meaning ~5 years or whatever

1448

Developer's Corner / Re: The Yii PHP Framework

« Last post by f0dder on July 17, 2011, 05:36 PM »

Now there is nothing to stop you from doing low level efficient manual database querying, so you can always drop down to that when you need it.. Yii does use some fancy lazy-loading functionality which an be helpful -- but again it makes it hard to know how many queries are happening behind the scenes, etc.

-mouser (July 17, 2011, 08:10 AM)

Does it have any diagnostics (like RoR) that shows generated SQL sentences and time spent executing queries?

And what's it's ActiveRecord querying like? Fluent OOP PHP calls, limited functions, or something string-based?

1449

Living Room / Re: Nifty Gmail feature

« Last post by f0dder on May 03, 2011, 07:48 AM »

Thunderbird has similar heuristics.

-f0dder (May 03, 2011, 07:37 AM)

I've been using Thunderbird for many years. Can't remember ever having seen that. But then I never read the help file

-phitsc (May 03, 2011, 07:39 AM)

I've definitely had it say something along the lines of "hey, did you forget an attachment?" before sending mails

1450

Living Room / Re: Nifty Gmail feature

« Last post by f0dder on May 03, 2011, 07:37 AM »

Thunderbird has similar heuristics.

Can be done with a client-side javascript check btw, so doesn't necessarily mean "google reads your emails" (though of course they do datamine heavily).