Recent Posts

301

Official Announcements / Re: DonationCoder Major Upgrades - Progress Report Thread

« Last post by f0dder on August 12, 2015, 03:30 PM »

I have a feature request: Ignore all topics (current & future) started by a certain user.

-Deozaan (August 01, 2015, 12:29 PM)

I'm not a fan of that kind of functionality here - it does run the risk of fragmentation (especially if extended to "ignore everything from <user>" later on), and I think it kinda clashes with my idea of DC as a friendly and respectful place where nobody needs to block anybody; I reckon your interest in the feature is from "I'm just not interested in that stuff" rather than "zomg, that dude is such a jerk", but still

302

General Software Discussion / Re: Windows 10 Announced

« Last post by f0dder on August 12, 2015, 03:21 PM »

I cannot believe what I just read about the Win 10 start menu and "all apps" view (plus search!):
http://arstechnica.c...-the-bugs-get-fixed/

In Windows 10, it's... different. Windows creates a per-user database containing all the entries that are in Start, both the live tile portion and the All apps portion. This database is (inexplicably) maintained by a system service running as the super-privileged SYSTEM identity. And at the time of writing, this database has the oh-so convenient feature of being limited to around 500 entries.

Holy shit, it shipped like that!?!?!? What. The. Actual. Fuck!?

-JavaJones (August 06, 2015, 04:04 PM)

Ho humm - moving to a database might make sense for really fast lookups (especially if that part of the codebase is shared between desktop and mobile devices). Sounds a bit weird to limit this database (at least that much), though, since lookups should be that much faster. And it seems insane to make the indexing run as SYSTEM when it really only should require your local user privileges - the arstechnica article certainly makes that part of Win10 sound broken

303

General Software Discussion / Re: Windows 10 Announced

« Last post by f0dder on August 12, 2015, 03:10 PM »

Apparently I just needed to RTFM ... It was a legacy setting that had gotten reset when I flashed the BIOS a few weeks back.

-Stoic Joker (August 02, 2015, 04:59 PM)

"Remap memory" setting in the BIOS, eh?

Kinda sucks that flashing a new BIOS reset all settings - it would be nice if settings-reset was an option you got after flashing (in case you were flashing because of FUBAR, and FUBAR was caused by bad settings).

304

General Software Discussion / Re: Windows 10 Announced

« Last post by f0dder on August 12, 2015, 03:09 PM »

He-he. Windows 10's "automated installation in the background" bluescreened me while trying to update my AMD driver...

-Tuxman (August 11, 2015, 06:41 AM)

AMD.

305

Living Room / Re: Security: Stagefright Vulnerability (Android)

« Last post by f0dder on July 31, 2015, 06:21 AM »

People still use MMS?
Why?

-Tuxman (July 30, 2015, 04:13 AM)

Because it's a way to send/receive pictures for people who aren't on social media sites and don't use instant-messaging platforms?

Also, remember that just turning off MMS isn't enough to protect you from this exploit, it can be triggered in-browser as well. One of the worst exploits in a while...

306

Mini-Reviews by Members / Re: Not-so-mini review of CrashPlan backup software

« Last post by f0dder on July 31, 2015, 06:13 AM »

Using Amazon Glacier or Google Nearline is cost prohibitive, but they're getting there. I would love to see a service using Nearline with some deduplication and a lean client. I have nothing against Java per se, but CrashPlan clearly hasn't optimized their client for memory usage.

-jaden (July 29, 2015, 01:18 PM)

Kinda impossible to do for Java. You need to reserve a heap that's large enough to handle your largest theoretical load, plus some extra for garbage collection bookkeeping. This can be grown dynamically, but I don't think the JVM ever shrinks the operating system allocated heap. Makes sense for server loads, isn't always a nice feature on client machines though.

307

Non-Windows Software / Re: Thoughts on "next generation" forum systems? (Discourse, nodeBB, etc.)

« Last post by f0dder on July 27, 2015, 03:19 PM »

I really, really, really dislike the "endless scrolling" method. It never really seems to work with how I want to use a site, it tends to get progressively slower (not sure if it's database access or too much crud in browser memory), and it's hard to search. I haven't checked discourse in a while, so it might have gotten better - but it sucked in this regard last time I checked it

308

General Software Discussion / Re: AV testing: Is your antivirus app doing its job?

« Last post by f0dder on July 27, 2015, 03:03 PM »

even legit sites that you'd keep whitelisted might be compromised

-f0dder (July 27, 2015, 02:14 PM)

As the manager of a web development team, this is something that I'm always paying attention to, much to the annoyance of some partners and even customers. You might be surprised how many third parties want us to directly reference js code that lives on somebody else's servers (for example, to show fancy interactive product info from the manufacturer).

-CWuestefeld (July 27, 2015, 02:51 PM)

I wouldn't be surprised, given I deal with both front- and backend code these days

My position is that my users have agreed to trust *me*, but they don't even know that they'd be implicitly trusting *you*. I don't have the authority to transfer my users' trust like that, so I simply will not allow your code to run in my site.

We've made a couple of sort-of exceptions. If they'll give us the code to verify ourselves, and host on our own servers, it's much less of an exposure. At least I can still have control over the stuff that I have responsibility for, rather than just abdicating that security consciousness.

-CWuestefeld (July 27, 2015, 02:51 PM)

I'm opposed to pulling in just any random external link, but sometimes clients have desires that you just have to be pragmatic about. I don't much mind pulling in stuff from the google CDNs - if they get hacked, things are bad on so many other levels. You do have to consider *where* you pull in stuff, though, as referencing the google CDN serves as a tracking beacon even though you're just grabbing jQuery or Angular.

For most other stuff, I want a local copy, checked into the project's version control system. Better for security, and for project longetivity given how fickle a thing web development is.

309

General Software Discussion / Re: AV testing: Is your antivirus app doing its job?

« Last post by f0dder on July 27, 2015, 02:56 PM »

It's more important to avoid (or at least click-to-play) Java + Flash plugins than keeping JS disabled. The diagram it ignores the fact that Chrome has a special and somewhat-safer implementation of Flash, it ignores the smaller amount of malware targeting OSX, it ignores the browser used, and it ignores user behavior.

I do believe OSX has worse security holes than Windows, but given the combination of available malware and user behavior, I don't agree in the short-circuit. And fringe OSes are extremely unlikely to be infected with anything even with javascript turned on.

310

General Software Discussion / Re: AV testing: Is your antivirus app doing its job?

« Last post by f0dder on July 27, 2015, 02:30 PM »

Tuxman, that flowchart is not only elitist, it's also not very correct

311

General Software Discussion / Re: AV testing: Is your antivirus app doing its job?

« Last post by f0dder on July 27, 2015, 02:14 PM »

You have to ask yourself what you're trying to protect against, and choose product accordingly.

Nothing whatsoever is going to be a 100% guarantee against 0days, not even behavioral monitoring. But most people aren't 0day targets, anyway; the biggest risk for ordinary people is accidentally surfing by one of the automated exploit kits, and those normally use relatively old exploits - but a whole bunch of them.

I personally can't be arsed with anything beyond MSE. I'm not arrogant enough to think I'd discover it if I were explicitly targeted with an APT, and while one might argue that my browser panzering + "don't run unknown shit outside of VMs" would probably be fine, I still keep MSE around in case I poke around on an external harddrive or the like.

For normal people, MSE would also be my suggestion. You just can't expect regular non-technical John Does to run NoScript, and even legit sites that you'd keep whitelisted might be compromised. MSE tends to suit those needs, it's less resource intensive than many competitors, it's gratis, and the people that manage to get infected anyway are basically helpless

312

Developer's Corner / Re: Syntax in Different Programming Languages

« Last post by f0dder on July 27, 2015, 01:26 PM »

How useful is a site like HyperPolyglot, though?

If you're at a proficiency level with the target language that you need to site, will you be able come up with something useful by looking at a cheat sheet? I don't think a"mechanical translation" like that wouldn't end up would result in good code, unless that languages are extremely similar (Java <> C#, for instance).

I think something that would be valuable would be samples of how to write ideomatic code in the target languages (requiring the user to be familiar with basic syntax) - but it's hard to do that with side-by-side comparisons, since different languages tend to solve different problems.

313

Mini-Reviews by Members / Re: Not-so-mini review of CrashPlan backup software

« Last post by f0dder on July 27, 2015, 11:23 AM »

So clearly CrashPlan is doing something wrong, wrong, wrong.

-JavaJones (May 17, 2015, 07:46 PM)

Java? :-)

I'm fairly certain there are more effective approaches, such as using the NTFS file table to look for changed files, doing active file system monitoring (performance considerations?)

-JavaJones (May 27, 2015, 02:30 PM)

If I were to design a backup solution, I'd definitely use a combination of USN Journal scanning, if available, on program start-up, combined with filesystem notification events.

314

Official Announcements / Re: DonationCoder Major Upgrades - Progress Report Thread

« Last post by f0dder on July 27, 2015, 10:43 AM »

Ok so those of you who use "unread since last visit" -- you click on the text link near your avatar, is that right? (see attachment in previous post)
And not the "UNREAD POSTS" button on the button bar, right (as that one is not "since last visit")?

-mouser (July 26, 2015, 09:47 PM)

Yep!

When I go to DC, it's either directly to that URL from a LaunchBarCommander shortcut, or by a notification email, followed by a click on the link-to-the-right-of-avatar-image once I'm done interacting with the posts from the notification email.

315

Official Announcements / Re: DonationCoder Major Upgrades - Progress Report Thread

« Last post by f0dder on July 26, 2015, 04:31 PM »

Nice new goto menu at top of form:

-mouser (July 23, 2015, 09:59 PM)

Hopefully doesn't replace the one-click "Show unread posts (since last visit)." link?

316

General Software Discussion / Re: Chrome Portable in a RamDisk = decadence?

« Last post by f0dder on April 30, 2015, 06:26 AM »

I personally can't see much advantage of putting the browser executables on a ramdisk - they're small enough to load fast even on a mechanical HDD, and (for most people's usage patterns) once the browser is loaded, it stays loaded most of the day.

What can make sense is storing the browser cache on a ramdisk (I wouldn't disable it even if I had a 100mbit connection - latency and throughput to a local disk is a lot faster than any network connection) and, even more so, the firefox profile. Firefox does a fair amount of small reads and writes all the time while you're browsing to various SQLite databases (cookies, browsing history, website offline storage, et cetera).

I would recommend SoftPerfect RAM disk - it's fast(*), free, stable and no-nonsense. It supports persisting the contents to disk, and doing so at regular intervals, making it optimal both for %TEMP%(**) and for keeping data around.

(*): yes, there's noticable speed differences between ramdisk products.
(**): some installers expect %TEMP% to be persistant across reboots...

Hopefully applications know enough to check available disk space before trying to park giant temp files, like for m2ts muxing.  

-MilesAhead (April 29, 2015, 07:05 AM)

They generally don't - if you want %TEMP% on a ramdisk, you should dedicate a sizable chunk, and be prepared to do one-off reverts especially for installers. 1gig works pretty OK for me, additionally storing firefox profile and WebSiteWatcher bookmarks.

[/quote]

The problem is it handles a huge amount of memory just to display the pages. The engine is inefficient and it leaks like there's no tomorrow. To be fair, it was even worse.

-eleman (April 29, 2015, 07:15 AM)

"Leaks like no tomorrow" hasn't been true for quite a while, leaks are mostly caused by poorly written addons. The engine isn't inefficient either, but there's tradeoffs... Firefox can get unresponsive if you're trying to load a zillion tabs at once, since it happens in one process, whereas Chrome launches a new process for each tab. So yeah, Chrome is more responsive in that scenario, but also ends up using a heavy chunk of memory.

Anyway, as the working space used by Firefox approaches to 10 figures (in bytes), just occupying that large a space becomes a burden on the CPU. Hence we have the unresponsive Firefox problem.

-eleman (April 29, 2015, 07:15 AM)

That sentence makes no sense

317

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 28, 2015, 10:19 AM »

What do you get for WRITE speed on your corsair?  btw, it is rated quite highly online.  Can you crack 100MBps?

-superboyac (April 20, 2015, 02:59 PM)

Did a Windows reinstall the other day (now running Win8.1, yay!) and used the Coprsair for the install files - got a steady 50MB/s for the ~27gig vmware image I was restoring, that's decent enough write speed for a thumbdrive.

318

General Software Discussion / Re: Ad blocking add-ons in Pale Moon 25

« Last post by f0dder on April 19, 2015, 10:16 AM »

Also would be nice for some of that ublock drama to die down as well.

-Innuendo (April 19, 2015, 09:59 AM)

Yes, indeed

319

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 19, 2015, 10:07 AM »

check that...I'm rereading your response.  Correct me if I'm wrong, but you are talking about 2.5 disks, not thumbdrives right?  If you have a thumbdrive that is consistently getting over 50MB/s, i need the model!

-superboyac (April 18, 2015, 09:31 PM)

My first post has benchmarks of a SanDisk (50MB/s) and a Corsair (200MB/s) thumbdrive, my 2nd post is a 2.5" WD harddisk

320

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 18, 2015, 08:11 PM »

superboyac: well, "this guy tested it"... no, sorry.

I'm not a fan of USB myself, the protocol is a hackjob - as I mentioned before with firewire400 vs usb480. But it does work in practice, at least on recent systems... and the right ports. USB3 speed is a guesswork, "blue" ports on my motherboard seems irrelevant.

your corsair thumbdrive, i assure you, is getting nowhere near 200 MB/s.  reading is fine, nobody really has issues with reading speeds.  i'm willing to bet you're not even really getting over 50 MB/s sustained.

The results I've posted are from HDTune - it's real. Those are repeatable, sustained speeds. And we're talking old-fashioned megabyte/sec, not megabit or mibibiwhatever. Write speeds are obviously different, especially for flash memory, and I haven't timed those.

So...

I'll exclude all the externally powered devices from my conclusion - they perform way too well, anyway. So: the USB3-self-powered passport disk does 52MB/sec min, 116MB/s maxx. I have three of those, and one of them has two platters. I haven't transferred a petabyte to them yet, but it's close.

My experience:
eSata: joined too early, (reproducable) random disconnects due to buggy firmware - nice speed
usb2: lame, slow speed, instability due to drivers

usb3 has nice speed - but it requires host compatibility.

321

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 18, 2015, 06:00 PM »

superboyac: weird.

USB isn't a super swell protocol, especially USB2 was bad - FireWire400 routinely beat the crap of out the 480mbit/s USB2, for various reasons. And I've seen my fair share of connectivity issues in the days of USB2. But I think it's been an issue of controllers and firmware - not drivers or protocol.

The last several years, I haven't had connectivity issues (apart from a few flashdrives frying). I've had devices connected and transferring for 10+ hours without problems (zeroing out a new drive or transferring data) for externally-powered USB2. My corsair USB3 flashdrive is fast (haven't timed writes, but even though it's slower than the ~200MB/s listed above, it's way faster than USB2 xfer speed).

A 180gig Intel SSD in (externally powered) USB3 docking station easily does 150MB/s, and the (self-powered) USB3 2.5" WD Passport 2TB has been stable as well, and performs pretty much as I expect a raw drive to do:

322

General Software Discussion / Re: Comodo Internet Security -- a cautionary tale?

« Last post by f0dder on April 18, 2015, 01:10 PM »

Generally this is very good advice *except* for when one has a need to see what outgoing connections are being made with your machine. The built-in Windows firewall can block incoming connections with the best of them, but there's no mechanism to interactively allow and block outgoing connections. Most people don't need or even care about this functionality, though.

-Innuendo (April 18, 2015, 10:52 AM)

Indeed, and I haven't seen any good reason for wanting that functionality. If you're paranoid, the built-in firewall can be toggled to whitelisting mode. If you need only specific applications blocked, you can blacklist those. If you're worried about malware, well, they can just exfiltrate data through an allowed process. If you're worried/curious about new software, you should be running that in a VM along with Wireshark. I really can't find a good usecase for 3rd party firewalls - they're too confusing for Regular Joe, and they don't add anything really worthwhile for the advanced user, IMHO... just noise.

Then, my good sir, I must respectfully believe that you have not been looking very hard. MSE has done horribly in independent testing for the last couple years, never scoring more than 60-65%. Most testing sites do not even take MSE seriously as an anti-malware solution and have stated they only include the results as a baseline. Microsoft themselves have stated that MSE has been moved to the back-burner a long time ago.

-Innuendo (April 18, 2015, 10:52 AM)

Have those independent test become reputable? The last time I took a look at a couple of them, the way scores were weighed was very, very suspicious and had me pondering whether it was completely independent of cash from the AV vendors. Haven't bothered to look at them for a while, but if you have a recent link to something reputable, please entertain me - a link to MS stating MSE has been put on the backburner would also be nice. (I don't necessarily see that as a problem, anyway - there's no need for a whole lot of new features, as long as signatures are kept up to date).

323

General Software Discussion / Re: Ad blocking add-ons in Pale Moon 25

« Last post by f0dder on April 18, 2015, 12:37 PM »

Just decided to check out Adblock Latitude and it is perfect. The "show acceptable ads" toggle has been removed, but....and I quote..."Can still show acceptable ads if you wish it and wish to support the Internet economy, by enabling the relevant filter (under subscriptions) manually."

-Innuendo (April 18, 2015, 11:59 AM)

That's still the old AdBlock engine though, isn't it? The advantage of ublock is it's new engine with higher performance and lower memory footprint - not a mostly irrelevant "show acceptable ads" checkbox :-)

(ublock seems to work in Pale Moon, but doesn't show up on the toolbar... so you can't use the pick-and-block functionality, and will be limited to using existing filter files).

324

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 18, 2015, 03:51 AM »

Oh, and I'm annoyed with the way some manufacturers advertise speed. My 32GB SanDisk UltraFit is advertised as "up to 130MB/s read", but only does 40MB/s. It's stupid that they let their marketing goons be so deceptive... it's almost a 100MB/s difference, and 40MB/s is impressive for such a tiny thing, anyway.


For comparison, my 32GB Corsair Voyager GT 3.0 does 203MB/s - installs are preeetty fast from this one

325

Living Room / Re: Kingston USB 3.0 for ISO usage

« Last post by f0dder on April 18, 2015, 03:41 AM »

I've been using USB flash drives for OS installs for years, even USB2 tends to outperform optical media. A 20x DVD drive can theoretically read 26MB/s, but that's at the outer rim of a pressed DVD - the reading speed starts out closer to 1X, and you don't tend to hit 20X for home-burnt media, and any random I/O kills performance totally... so a USB2 flash that can do 20MB/s easily beats your optical drive, and since USB3 ones can easily read 100+MB/s, I haven't touched opticals for ages

As for ruggedness, I really dunno. It's been a while since I've had a flashdrive die on me, but when they do, it tends to be from one day to the next, without any warning, and without a lot of use. I don't trust those things, and use the solely for installs or data transfer, not for long-time storage of data.