Recent Posts

3376

Living Room / Re: Firefox Personas - Can we get a Donationcoder one?

« Last post by f0dder on June 15, 2009, 06:12 PM »

What is it? A background bitmap for the toolbars?

3377

Living Room / Re: Recommend some music videos to me!

« Last post by f0dder on June 15, 2009, 10:12 AM »

Not sure what I think of the music, but the video is absolutely lovely

edit: if you liked the Kwoon video, you might also like this one:



Little Dragon - Twice

3378

General Software Discussion / Re: Help/Advice with TrueCrypt (and free space wiping)?

« Last post by f0dder on June 14, 2009, 06:53 PM »

Innuendo: I see your point

But even if you get the attention of The Man, I think it has to be the big man before they're bringing out electron microscopes to do magnetic residue analysis

3379

General Software Discussion / Re: Help/Advice with TrueCrypt (and free space wiping)?

« Last post by f0dder on June 14, 2009, 05:09 PM »

Innuendo: software won't be able to do anything about a zero-wiped drive. There might be hardware that can do something, but as 40hz said - if somebody with access to that kind of technology is after you, you're pretty much SOL already

wreckedcarzz: yeah, it's more secure in the sense that if somebody finds a fatal flaw in one of the encryption algorithms, your entire setup isn't broken. And it slows down bruteforce speed. But I find it pretty unlikely that an effective attack is found against AES anytime soon, and if somebody with enough computer power to bruteforce a 256bit AES key is after you... you're pretty much SOL already

3380

General Software Discussion / Re: Help/Advice with TrueCrypt (and free space wiping)?

« Last post by f0dder on June 14, 2009, 10:28 AM »

Yeah, don't bother with the silly "military grade" wiping, a simple single pass of zeroes will be fine

Also, why the chained encryption algorithm? There's not much point in using anything besides AES.

3381

Java / Re: Plz tell me how can i bring high quality to this Java code. it's urgent

« Last post by f0dder on June 14, 2009, 10:25 AM »

Pay more attention in class?

3382

Living Room / Re: Is UAC as bad as I think it is?

« Last post by f0dder on June 14, 2009, 09:38 AM »

So in any case, what is worse, to switch off UAC or to run as admin?

-urlwolf (June 13, 2009, 02:28 PM)

Both options are pretty silly when UAC is available

3383

Living Room / Re: IE to be removed from Windows 7 in EU

« Last post by f0dder on June 13, 2009, 08:57 AM »

MS definitely deserves anti-trust, but the whole "remove IE" thing is ridiculous. A web browser is an essential part of an operating system these days... going back to getting software via magazine cover disks is not something that appeals to me.

I'd like to see the EC going against Apple instead - they might not have the same marketshare as MS, but their practices are much more vile.

3384

Developer's Corner / Re: Accessor methods vs public variables

« Last post by f0dder on June 13, 2009, 08:51 AM »

Ok, so you never use public attributes in classes unless speed is absolutely vital?

-mnemonic (June 13, 2009, 04:55 AM)

You never use publicly accessible attributes, period. And forget the speed argument, compilers are pretty decent at inlining the calls so they end up with exactly the same machine code as direct access.

Heck, you should even use accessor methods in the class methods as well... for simple stuff it doesn't really matter, but for more complex code it allows you to introduce caching instead of re-computation etc.

3385

General Software Discussion / Re: What is your prefered source of registry tweaks?

« Last post by f0dder on June 13, 2009, 08:48 AM »

I've only really used Process Monitor (and regmon before that) to manually discover which registry keys were affected by changing settings. Boring manual labor, yes, but at least you know the information is accurate then... unlike so many of those system tweak guides that are based on urban legends.

3386

General Software Discussion / Re: How to find MAC address of 'invisible' hardware?

« Last post by f0dder on June 13, 2009, 08:46 AM »

Doesn't work with f0dder usually because he lives in a different plane of existence where there is no time.

-4wd (June 12, 2009, 07:58 PM)

Hah

<nitpick>PS: there's no such thing as a dos box on NT-based Windows. Call it a shell, command prompt, console, whatever - but please not a dos box.</nitpick>

3387

Living Room / Re: Is UAC as bad as I think it is?

« Last post by f0dder on June 12, 2009, 01:30 PM »

Something that could be done is to set up a timer in which you are admin without more prompts.

-urlwolf (June 12, 2009, 04:13 AM)

you can't. otherwise malicious software might launch a trusted program, requiring elevation. You would then get an "elevated permission" cookie for enough time to let the malicious program to perform an administrative tasks without asking again for your consent.

-NoWhereMan (June 12, 2009, 01:16 PM)

Pretty good point, embarrassing I hadn't thought about that

3388

Developer's Corner / Re: Non MSDN online WinAPI reference?

« Last post by f0dder on June 12, 2009, 01:27 PM »

Depends on how you look at it, and what you need to use the information for.

If you just need to display the version, sure, it would be nice just getting a string back. But this isn't a very common task, compared to the much more common: checking if you're running on a supported platform. It's much easier bitshifting and checking than it is to convert a string or floating-point value... besides, with the following code snippet in MSDN, what's the worry?

[Select]

#include <windows.h>
#include <stdio.h>

void main()
{
    DWORD dwVersion, dwMajorVersion, dwMinorVersion, dwBuild;

    dwVersion = GetVersion();
 
    // Get the Windows version.

    dwMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));
    dwMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion)));

    // Get the build number.

    if (dwVersion < 0x80000000)             
        dwBuild = (DWORD)(HIWORD(dwVersion));
    else                                      // Windows Me/98/95
        dwBuild =  0;

    printf("Version is %d.%d (%d)\n",
                dwMajorVersion,
                dwMinorVersion,
                dwBuild);
}

3389

Developer's Corner / Re: Non MSDN online WinAPI reference?

« Last post by f0dder on June 12, 2009, 12:35 PM »

Bitshifting is hardly rocket science

But use GetVersionEx with the OSVERSIONINFOEX structure, then?

3390

Post New Requests Here / Re: IDEA: Laptop Security - Lock system/send keystroke unless key pressed in n sec

« Last post by f0dder on June 12, 2009, 11:45 AM »

Nod5: you beat me to it

Get a cellphone with bluetooth and an application like floAt's mobile agent (can't remember if MyPhoneExplorer has the capability) that can lock the system when the device is out of range.

3391

Living Room / Re: Is UAC as bad as I think it is?

« Last post by f0dder on June 12, 2009, 10:03 AM »

I find UAC somewhat annoying when setting up a system right after a fresh installation - but you can just disable it temporarily while doing that (although that might affect the whole shadow copy junk that Vista introduced - that I'm not a fan of). But in daily operation? Nope.

Even though NortonUAC does file hashing (reassuring to hear!) I still don't think it's a super good idea. I can't help but think that
1) it might be exploitable, leading to backdoors.
2) it's probably hooking the system in somewhat shady ways.

3392

Living Room / Re: Is UAC as bad as I think it is?

« Last post by f0dder on June 12, 2009, 07:19 AM »

UAC is fine, and I don't find it popping up all the time when I'm doing normal stuff. If you get lots of popups, either you're doing stuff wrong or running some very badly-behaved applications... which you should nag the software developers about. For dealing with badly designed apps, you can often amend it by setting some NTFS permissions (yes, obviously regular users don't know about that kind of stuff).

Win7's "improved" UAC is actually a problem since it's a gaping security hole - you need to ramp it back up to Vista level as one of the first things you do after system install.

I do agree that timed elevation would be a nice thing, but "always allow this" or application whitelisting is a really bad idea. Really, developers need to fix their shitty code.

PS: if you open an elevated cmd.exe, applications you start from that should be elevated as well?

3393

Developer's Corner / Re: Non MSDN online WinAPI reference?

« Last post by f0dder on June 12, 2009, 07:06 AM »

edit: ok, I got it.  After masking off the hi byte I needed to shift right 8
Wish they'd just return a damn floating point number like 6.1!!  Jeez!

-MilesAhead (June 11, 2009, 08:21 PM)

Floating-point is evil and imprecise, fixed-point is precise and easy-peas

3394

Found Deals and Discounts / Re: PowerArchiver 2009 at 50% discount on BdJ (2009-06-10) : worth it ?

« Last post by f0dder on June 10, 2009, 10:53 AM »

I consider switching because I need a backup on DVD burning that handles spanning & diff or incremental modes.

-MerleOne (June 10, 2009, 09:56 AM)

Why not simply use WinRAR (or w/e) in split mode and manually burn the files? Sure, it's an extra step, but buying a new compression app just for that slight amount of ease?

3395

General Software Discussion / Re: Recreate files but without content to target drive

« Last post by f0dder on June 10, 2009, 08:32 AM »

Ooooh, you use an external tool to create the zip instead of constructing it directly? No wonder it's slow then

(Since you're only dealing with 0-byte files, creating the zip manually from code shouldn't be that big a deal, since you only need to deal with the logical zip structure and not compression of data).

3396

Post New Requests Here / Re: IDEA: Laptop Security - Lock system/send keystroke unless key pressed in n sec

« Last post by f0dder on June 10, 2009, 07:43 AM »

I'm asking because it's not clear which scenario you're really trying to guard against.

If we're talking being mugged in a park, the screensaver approach would be quite sufficient imho - the thieves need to get away with your machine before they can start looking at it. And common thieves aren't interested in snooping around on the machine anyway, they just want to trade it in for cash.

The only situation I can think of where the screensaver setup I described above isn't adequate is when someone can get forceful physical access to your machine and don't need to run away with it. And in those cases, you're pretty much so SOL that your approach isn't going to help anyway

3397

General Software Discussion / Re: Recreate files but without content to target drive

« Last post by f0dder on June 10, 2009, 07:20 AM »

Some further thoughts. The test zip file i created has 18,375 files and weighs in at 3.27 MB. That must mean that the filenames storage takes up that much space. And that zips don't optimize that part? or something else?

-vixay (June 10, 2009, 07:10 AM)

Indeed they don't - it would make reading the zip folder structure much slower, and to achieve any kind of reasonable compression you'd need to compress just the filenames... which would mean quite a restructure of the file format, and require either unpacking all the filename information at once, or some "somewhat interesting" code.

Scanning for files was slower than everything/locate, i don't know how they do it, but they can scan filenames super fast. just a thought, to see if it could be sped up. Since you don't actually need to touch the file, and just need the information from the MFT.

-vixay (June 10, 2009, 07:10 AM)

Locate builds an efficient index file, which can be read faster than the MFT (and doesn't have security-check overhead either). Everything, as far as I can tell, scans the MFT directly (which is why it requires administrator privileges).

The date/time is not preserved for filenames. This was not an original requirement but when i think about it, it's better to have that information preserved  (not required though). If it will make the program slower then it should not be there (or maybe as an optional thing).

-vixay (June 10, 2009, 07:10 AM)

It shouldn't make the zip-creation slower, since you also get file dates when scanning for files.

PS: you could try zipping the generated zipfile, might be able to shave off a little of the filenames.

3398

Post New Requests Here / Re: IDEA: Laptop Security - Lock system/send keystroke unless key pressed in n sec

« Last post by f0dder on June 10, 2009, 06:57 AM »

What exactly are you trying to guard yourself against - common thieves or the cops/whatever?

All this keystroke-timeout-fumbling seems like the wrong way to approach the problem. Set a screensaver, check "on resume, display logon screen" (you obviously are using a password for your user account, and of course you're running with a limited account without administrator privileges). Then, you set a system policy that disallows changing the screensaver settings. TrueCrypt has an option to dismount volumes not just when logging off, but also on screensaver activation.

As for trying to keep processes running through usermode watchdogs - not going to work. You can spawn a few hundred and poll every few milliseconds (which is going to put a heavy load on your system, mind you!) but it's still not a guarantee that your processes won't get nuked. A better approach is adjusting the process permissions and removing the SeDebugPrivilege. Since when have common thieves started doing something like this, anyway?

3399

Living Room / Re: What's your favorite drink?

« Last post by f0dder on June 09, 2009, 05:57 PM »

Kool-Aid

-Deozaan (June 09, 2009, 05:47 PM)

3400

Living Room / Re: Baby Cody Plushie is born

« Last post by f0dder on June 08, 2009, 05:03 PM »

Absolutely wonderful!