Recent Posts

2801

General Software Discussion / Re: Stop Windows from calling home

« Last post by f0dder on January 04, 2010, 06:49 PM »

Show me an exploit for the built-in Windows PF? Not saying it doesn't exist, I just haven't seen it.

Also, with proper software design, there's no reason that a 3rd-party software firewall can't be as secure as Windows' built-in... simply disallow configuration from non-elevated accounts, presto-done... as long as you don't write exploitable code, of course... and keep GUI and service separated.

2802

General Software Discussion / Re: Stop Windows from calling home

« Last post by f0dder on January 04, 2010, 06:38 PM »

Let's try to spell this out, then...

LAN has bunch of computers all without packet filters, and some OS with some 0day service exploit.

One computer gets infects with 0day malware - this can happen for a wide variety of reasons; I've seen the following reasons in real-life situations:

• Infected laptop is brought to school/work/friend's place.
• Moronic uneducated user clicks obviously bad email attachment.
• Uneducated user runs a video codec trojan.
• WLAN is breached - either with the purpose of infecting, or simply to leech internet access.
• User is hit by browser exploit - before blaming IE, consider that IE8 in UAC+Sandbox mode is pretty secure and that most holes are in flash or java.
• User is hit by intentionally inserted malware in warez.

There's a whole bunch of other possibilites as well, some of them more obscure than others, but these are reasons I've all witnessed. It takes one such slip to get an infected host on your LAN... and if that happens, your boxes aren't running PFs, and there's a service exploit... boom, game over. If you've ever tried bringing an XP box pre-SP2 on the internet without 3rd party PF or a NAT'ing router, you'll see how fast this happens with internet traffic.

Fortunately, service exploits aren't that common today - and even better, the PF differentiates between localhost, LAN and WAN... and has relatively reasonable defaults for what it lets get through to which services.

Now, for you a PF might not be of much use, especially if you don't run a WLAN, are the only user on your network, and don't have any friends. But throwing a blanket statement about PFs being useless is plain wrong.

2803

General Software Discussion / Re: Stop Windows from calling home

« Last post by f0dder on January 04, 2010, 06:12 PM »

You can not protect a machine from unauthorized access when running a prevention system on it!

-Tuxman (January 04, 2010, 05:59 PM)

See above:

3) what Josh said - besides the firewall gets the packets before passing them on to the application layer, which is... surprise surprise... the purpose of a firewall. As long as there isn't a severe bug in the TCP/IP stack or the firewall code, this is perfectly fine, even if you're silly and run your box DMZ.

-f0dder (January 04, 2010, 05:48 PM)

People who use limited accounts and/or the UAC prompt will, like, never have serious system failures caused by malware. They just don't need any extra protection anyway.

-Tuxman (January 04, 2010, 05:59 PM)

See above:

ever considered what can happen on a LAN or WLAN if one computer gets infected and there isn't a software firewall running on the individual hosts?

-f0dder (January 04, 2010, 05:48 PM)

Oh, I almost forgot: you've already spouted this nonsen.

-f0dder (January 04, 2010, 05:48 PM)

I was right.

-Tuxman (January 04, 2010, 05:59 PM)

You were - and are - wrong.

2804

General Software Discussion / Re: Stop Windows from calling home

« Last post by f0dder on January 04, 2010, 05:48 PM »

1) what Josh said
2) what Josh said
3) what Josh said - besides the firewall gets the packets before passing them on to the application layer, which is... surprise surprise... the purpose of a firewall. As long as there isn't a severe bug in the TCP/IP stack or the firewall code, this is perfectly fine, even if you're silly and run your box DMZ.
4) what Josh said
5) what Josh said

The Windows Firewall is a firewall, and it is useful - it guards you against automated service attacks. Which is useful even if you have a more sophisticated firewall device guarding WAN->LAN traffic; ever considered what can happen on a LAN or WLAN if one computer gets infected and there isn't a software firewall running on the individual hosts?

A firewall's main purpose is preventing access to the computer, not preventing the computer from reaching out - if your box is compromised, you're already Game Over^TM. Imho outbound protection is pretty much placebo; it can't be done 100% reliably per hosts, and if it's done at the LAN->WAN boundary you end up with really nazi rules... and can't do the useful "is this originating from a valid executable" check anyway.

Also, it's been a while since I've had a firewall popup, but iirc a limited user account on XP can't modify firewall rules, and on Vista/Win7 you get an UAC prompt? If I rememebr correctly, that pretty much rules out your "automate the click" theory.

Oh, I almost forgot: you've already spouted this nonsen.

2805

Mini-Reviews by Members / Re: XYplorer File Manager

« Last post by f0dder on January 04, 2010, 05:40 PM »

Getting started with Total Commander was a brilliant idea

-TucknDar (December 31, 2009, 06:00 PM)

Yes, without its ugly UI I had never dug for better file managers. 

-Tuxman (January 04, 2010, 04:22 PM)

2806

Living Room / Re: Are my EBook Reader dreams going to be answered in 2010? A full size reader?

« Last post by f0dder on January 04, 2010, 02:29 PM »

nod5: that's obviously a 3D render and not a live photo, but damn it looks good

Ideally I'd probably want something that's a mix of e-ink "paper" and a smallish TFT screen... e-ink for the crisp and wonderful text display, and the TFT for interactive purposes like annotation, searching, selecting crop/zoom stuff. TFT would be turned off most of the time, for regular next/prev page and features like that, buttons on the reader device would suffice.

2807

Living Room / Re: What annoys you to no end?

« Last post by f0dder on January 04, 2010, 02:09 PM »

Install programs that DO NOT put an uninstall link in the start menu!

-Josh (January 04, 2010, 02:07 PM)

Amen to that - or, well, I can live without uninstall links in the start menu as long as the program appears under add/remove programs. Samarost is an example of something that did neither... of course you only have to delete it's files to uninstall since it's flash based, but when it comes with an installer and not just a zip... this feels wrong.

2808

Site/Forum Features / Re: Should we experiment with google ads on the site for 1 month?

« Last post by f0dder on January 04, 2010, 08:22 AM »

i must admit that most of why i am curious is just plain ordinary curiosity, the same reason a kid sticks his fingers in a fan.  maybe an apt metaphor

-mouser (January 04, 2010, 08:13 AM)

Considering what slowmaker posted, probably not a bad metaphor at all.

Personally I wouldn't mind the google ads (if done in a way that's not too ugly) and I'd even turn off AdBlockPlus specifically for DonationCoder.com... don't expect clicking on any, though, as advertisements almost never catch my interest - even when relevant. But as pointed out previously, advertisements confuse (and possibly even "enrage") new users... so if running the experiment, perhaps it should be opt-in for existing users, and disabled by default, included guest visitors?

That would probably render the experiment pretty useless, though

2809

N.A.N.Y. 2010 / Re: NANY 2010 Final Release: Leap of Faith

« Last post by f0dder on January 04, 2010, 05:59 AM »

Assassin's Creed is very pretty, but the PC version is unbearably unstable - I had to give up playing it. Also, I suspect that it would have gotten rather repetitive... the fighting wasn't all that interesting, and some review I stumbled by a while ago mentioned that the game ended up feeling like a bit of a tech-demo with the main premise of "it's gotta have cool jumping and climbing!"

2810

N.A.N.Y. 2010 / Re: NANY 2010 Final Release: Leap of Faith

« Last post by f0dder on January 04, 2010, 04:27 AM »

Win7, 64bit: non-ascii is a problem here as well. Other than that, it works fine (it's not supposed to have sound, is it? )

2811

General Software Discussion / Re: Aren't all _on_ events JavaScript?

« Last post by f0dder on January 04, 2010, 04:16 AM »

First, it's not just JavaScript but any kind of script your browser supports - JS is the most common and it's probably a dumb idea to use anything else unless for very specific projects... but theoretically you could use any scripting language.

Second, she's probably confused because this is generally called DHTML - the acronym looks like it's just another form of HTML, while it specifically means mixing HTML with client-side scripting.

Third, the On* events are part of the HTML specs, yes... but what would they execute, apart from script code? She might want to look at official docs

2812

N.A.N.Y. 2010 / Re: NANY 2010 Release: Create Dummy File

« Last post by f0dder on January 04, 2010, 04:06 AM »

Sorry, but isn't it a bit pointless trying to stop viruses this way?

First, it wouldn't be hard for a virus to change the registry setting - if a virus is designed to spread through USB infection, it might very well do this.

Second, on your home computer you'll obviously have disabled autorun for USB drives and you might even be running antivirus software - you should't be infected in the first place, and even if your USB drive gets nasties while elsewhere, it won't bite you when at home.

Third, "when elsewhere" you probably won't be on an account with administrative privileges, and thus can't flip the registry switch... and probably shouldn't...

2813

Living Room / Re: A list of things to know when time-traveling to the past

« Last post by f0dder on January 03, 2010, 10:39 AM »

it's a piece of art, f0dder.

-mouser (January 03, 2010, 09:23 AM)

Yep, but the layout still sucks

2814

Living Room / Re: A list of things to know when time-traveling to the past

« Last post by f0dder on January 03, 2010, 08:20 AM »

Pretty cute thing, but damn I hate the layout

2815

Developer's Corner / Re: micropayments - how are the filesharing people making it work?

« Last post by f0dder on January 02, 2010, 01:48 PM »

Why on earth would you use them for that, when there's already reputable download+indexing sites like download.com and friends? Pay people to harvest files from other sources and put them on rapidshare, which is used for... well, what exactly, apart from warez and sending the random file to a friend? O_o

2816

Developer's Corner / Re: micropayments - how are the filesharing people making it work?

« Last post by f0dder on January 02, 2010, 01:43 PM »

but I don't know whether it would bother your average freeware hunter or not

-slowmaker (January 02, 2010, 01:38 PM)

Please don't use the term "freeware" for warez.

2817

General Software Discussion / Re: SUPER © updated, download from Major Geeks

« Last post by f0dder on January 02, 2010, 12:01 PM »

Site definitely has exceedingly crappy design - and it took four clicks and a lot of scrolling to get to the download link. Fortunately, I didn't need to read all the crapcrapcrapcrap, it was pretty fast to just scan for hyperlinks... but still. Somebody needs to drag their current web designer out back and shoot him, and find somebody new to set up their site

2818

Living Room / Re: Ten Words You Need to Stop Misspelling

« Last post by f0dder on January 02, 2010, 10:10 AM »

app103: I learned the a/an rule with an excellent example: it's "a feast" - but "an excellent feast" food is good, food helps you remember. Oh, there's one thing I'm not 100% certain about, though: is the rule for choosing "an" that there's a vowel, or a "vowel-sound"? Iirc it's the latter.

2819

Developer's Corner / Re: “Is PayPal good for your microISV business?” A short PayPal horror story

« Last post by f0dder on January 01, 2010, 01:22 PM »

Newzbin catalogs binary content posted on Usenet. Some of the content could be considered illegal, but a lot is indeed legal. I'd rather download *anything* off Usenet when the only official way to get some programs is through torrents (some Linux distros and other stuff).

-Innuendo (January 01, 2010, 12:16 PM)

Hm, I feel quite the opposite way - torrents are efficient (multi-sourced, built-in integrity check, error handling) and transfers in binary. Things might have improved since I used binary usenet ages ago , but back then binary resources required text encoding (even yenc has some overhead - back then it was uuencode which was nasty). Also, how are you sure you're getting from a verified source? Afaik it's not hard spoofing usenet posts? Harder to hack a server and post a modified .torrent file.

2820

Living Room / Re: Ten Words You Need to Stop Misspelling

« Last post by f0dder on January 01, 2010, 09:48 AM »

Nice

2821

General Software Discussion / Re: Good google toolbar (for Firefox) alternative?

« Last post by f0dder on December 31, 2009, 03:41 PM »

What does google toolbar do that firefox default doesn't?

Search with google and highlight should be there... translate is so rarely used and so quick to do that... whell, who cares if it takes a few clicks.

2822

Living Room / Re: What's the best registry cleaner? Ask Leo says: none

« Last post by f0dder on December 31, 2009, 03:29 PM »

Turn off UAC? How lame :-s

Won't work if you run them with admin privs?

2823

Developer's Corner / Re: “Is PayPal good for your microISV business?” A short PayPal horror story

« Last post by f0dder on December 31, 2009, 03:29 PM »

Isn't newzbin merely a warez aggregator?

Not saying that it's OK for paypal to do what it's doing, just saying that some of the people having trouble are doing shady things.

2824

General Software Discussion / Re: Make Firefox startup faster.

« Last post by f0dder on December 31, 2009, 01:11 PM »

I think "Undocumented API" is on just about everyone's list of oxymorons.

-MilesAhead (December 31, 2009, 12:19 PM)

- which is why you can't really call it an API anyway. Just because something is exported from a DLL doesn't make it an API.

2825

Living Room / Re: Something on computer is fubar

« Last post by f0dder on December 31, 2009, 01:10 PM »

nite_monkey: those are the settings - if ALL of the controllers are in UDMA mode, then it's not the dma->pio failure, and probably (though not guaranteed!) a failing drive.

If the freezes only happen while playing a game, it could be your GPU overheating...