Recent Posts

476

General Software Discussion / Re: Data Execution Prevention notes

« Last post by f0dder on March 20, 2013, 02:44 PM »

Hm, with EMET 3.0 you should be able to set your system DEP to "Always On", but configure individual apps to not have it - not sure if that'd work for a printer driver (would most likely be a DLL loaded into the printing process' address space?) - but should work for other stuff.

Don't think I've ever run into crashing apps because of EMET - I've got DEP always-on, SEHOP app opt-out and ASLR app opt-in. Haven't seen it protect me from malware either, but in case anything should ever slip by my panzered firefox, at least it's an extra layer of mitigation

477

DC Gamer Club / Re: Bastion's dev announce a new game!

« Last post by f0dder on March 20, 2013, 02:34 PM »

Hm, heavily pushed? Yeah, you switch to new weapon immediately when you pick it up, which kinda sucks - they should've either made an armory very close to each new weapon so you could switch back, or there should've been some special game mechanics on the level requiring the new weapon...

But other than that "very special thing" at the very last level, you weren't really forced nor heavily pushed to use the new weapon?

478

Living Room / Re: Can you inagine a world without any personal privacy? Because it's here.

« Last post by f0dder on March 20, 2013, 09:20 AM »

I'll start it off with this one from Business Insider in that other thread and start the bidding at TWENTY!

-TaoPhoenix (March 20, 2013, 06:18 AM)

I'm only seeing Ghostery block 6 on their front page - perhaps because of RequestPolicy?

479

Living Room / Re: When it comes to EA, it just keeps getting better - or worse...

« Last post by f0dder on March 20, 2013, 02:46 AM »

Now there's news of a verifiable security flaw in EA's Origin platform can facilitate local vulnerability exploits on Origin user's PCs.

-40hz (March 19, 2013, 09:35 PM)

At first I was "meh, local exploit - whatever". Decided to take a look anyway, flipped through the ReVuln PDF (linked to from the Vimeo site), and turns out it's slightly more interesting - allowing you to launch arbitrary processes on systems that have Origin installed, if you can get it to launch an URL. It's still fairly boring technically, but could actually be dangerous.

Now, how much and what kind of REALLY BAD DRUGS does somebody need to come up with to design a system that launches local games by installing a custom URL handlers Wtf is wrong with these people?

480

DC Gamer Club / Re: Bastion's dev announce a new game!

« Last post by f0dder on March 20, 2013, 02:38 AM »

I really liked Bastion.

True, gameplay is pretty much same old same old all way through, but atmosphere & aesthetics was what kept me glued to it. A lot of the late-game weapons are pretty crappy and boring (so I went for relatively early highly-upgraded ones), and I'm not super fond of the last one or two levels - other than that, I felt it was well worth playing through, though. And it had a reasonable length for my attention span

So if the devs can make another game that's as polished and atmospheric, I'm all over it.

481

General Software Discussion / Re: ironshield antivirus

« Last post by f0dder on March 19, 2013, 04:12 AM »

  And if your using Open Source Code, don't that open a channel for hackers to figure out how to bypass it?

-Tinman57 (March 18, 2013, 08:33 PM)

It's somewhat easier to hunt for juicy bugs if you've got the source code - but there's some very powerful binary analysis programs available as well (though not to the general public).

At any rate, it's a moot point - both the Windows and Linux kernel have had stuff like 10-year outstanding local privilege escalation exploits, and you can be sure they still both do - just not (publicly) known yet. And closed vs. open doesn't matter that much, since there's serious money in malware these days. If it's there, they will find it.

Linux does have the advantage of getting bugs patched faster once they're found - but there's also been reeeeal oopsies like Debian getting rid of proper SSH randomization because a developer didn't understand Valgrind properly (why does a person like that deal with security-crucial code?)

482

Living Room / Re: Advice needed re: locking windows kernel in RAM

« Last post by f0dder on March 18, 2013, 07:40 PM »

I have plenty of RAM on my desktop PCs (6 and 8 Gb respectively), so my question was academic and your responses anticipated. This topic is kinda in the same category of " should I use a RAM disk?"

-kyrathaba (March 18, 2013, 05:36 PM)

I used to do this back in the days when I didn't have enough RAM to disable the pagefile entirely.

Now, the following quite from Ath makes sense logically:

And forcing the kernel into RAM on a low memory system, so it's even more busy swapping the currently active application in and out of memory, instead of some kernel code you're not using (much) at the moment?

-Ath (March 18, 2013, 03:55 PM)

...but the real-world effect was a system that ran somewhat more smoothly. With DisablePagingExecutive enabled, Windows "recovered" faster (with lots less page-in activity) after, say, exiting a memory-hungry game. And I never ran into any adverse effects by having the setting enabled.

Dunno if there'd be any idea of doing it when you've running without pagefile. While there's nothing to page-out to, perhaps the setting could influence whether unmodified code sections are discarded and later page-in'd? *shrug* - not like I'm ever running low on memory on my current rig

But on old systems with limited RAM and slow harddrives? It's worth checking out - depending on how you're using the system, it might be a performance increase.

483

General Software Discussion / Re: ironshield antivirus

« Last post by f0dder on March 18, 2013, 10:02 AM »

Given the kind of results google returns, this seems pretty fishy.

484

General Software Discussion / Re: MagicRAR Drive Press - worth anything?

« Last post by f0dder on March 18, 2013, 09:42 AM »

Interesting development - thanks for the info, Zatronium, and thanks to mouser for the extra bit of investigation. So... SimonKing probably didn't write a single line of code, but just rebranded Comprexx? Cute.

I agree that one should not be using the gung-ho NTFS compression on an SSD - already written it in previous posts, but it doesn't hurt repeating

485

Living Room / Re: The Evil Empire being sued by... a former-Lucas property?

« Last post by f0dder on March 16, 2013, 02:11 PM »

So, a former property of the creator of a fictional Evil Empire is suing an Evil Empire... love it!

-wraith808 (March 16, 2013, 11:49 AM)

486

Living Room / Re: Google Reader gone

« Last post by f0dder on March 14, 2013, 05:02 PM »

feeddemon is gone too

http://nick.typepad.com/blog/

-flamerz (March 14, 2013, 01:27 PM)

Yeah, again - https://www.donation....msg320765#msg320765 .

487

Living Room / Re: Google Reader gone

« Last post by f0dder on March 14, 2013, 11:39 AM »

There's already discussion about the subject here - perhaps mouser could splice the posts from there to here, since this is probably a better place to have the conversation?

488

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 14, 2013, 07:42 AM »

Nope, not forging now, blocking - if I were forging, all sites would be connecting to the one forged referrer (btw, when I say "forge" I mean "forge with a custom string", not "forging to site base address" which is RefControls (somewhat badly chosen, IMHO) definition of "forge").

Most of the bubbles (probably 90%) on the above screenshots are sites I've actually visited - a few being legitimate external requests that I've let through RequestPolicy. I haven't done any thorough tests, but I think that any requested site, cookies or not, ends up generating a node. Edges obviously represents referrers.

I block 3rd-party cookies, but other than that I do allow them, and I don't wipe them after sessions have terminated. There's a lot of places where cookies are required or just pretty darn convenient. Dunno if there's much use in being über-watchful of cookies once you disallow 3rd-party ones? Especially with all the other filtering being done by extensions?

489

Mini-Reviews by Members / Re: Google Reader - Mini-Review

« Last post by f0dder on March 14, 2013, 07:33 AM »

Well, if you ain't payin', you ain't a customer.

Software as a Service - gotta love it

Also, yay at Nick for simply killing FeedDemon instead of doing something crazy like, you know, perhaps open-sourcing it.

490

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 13, 2013, 05:14 PM »

Ah, already liking RequestPolicy!

Been browsing around for a couple of hours (since the last post, basically), and have probably visited more unique sites than I had before the previous Collusion graph I posted... and yet this is the result:



Also, pageloads generally seem a bit snappier - no wonder, there's plenty less HTTP requests, plenty less data being transferred, and plenty less USELESS JavaScript being executed. And I'm talking useless as in "stuff that doesn't affect my experience", not useless as in "js is a useless language" :-)

491

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 13, 2013, 02:31 PM »

Sounds brilliant ... really secure browsing ... painfully slow and almost no functionality beyond plain text and pictures

-Carol Haynes (March 12, 2013, 06:58 PM)

Painful to set up, perhaps, but after that it should be faster than regular browsing...

RequestPolicy seems like a decent extra for the security minded - probably covers some of the stuff I want(ed) in RefControl. I'm sure their functionality could be combined and UX-improved, though . Anyway, going to take RequestPolicy for a spin, thanks for mentioning it, Ehtyar!

492

Living Room / Re: Judge skeptical of "torrent chaser" law firm's antics. Jail time threatened.

« Last post by f0dder on March 13, 2013, 02:19 PM »

Judge Wright took the bench, grim and stentorian and bow-tied, and immediately commenced to take absolutely no shit from anybody.

-40hz (March 12, 2013, 11:03 PM)

493

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 12, 2013, 05:19 PM »

4wd: I think I've figured out why I get the Collusion behavior I do. Instead of blocking referrer by default, I had it said to spoof to a google.com address. I normally hit google.dk, so while referrer links pointed to www.google.com/somethingsomething, I had never actually visited that address. I think that could explain why Collusion shows a bubble for each site, but pointing to nothing.

After I visited google.ae (to make sure it existed) and set the spoofed referrer to hxxp://google.ae/search?q=midget+nazi+porn , all visited sites after that link to (surprise surprise) google.ae. This does look quite festive, but it also means Collusion is extremely slow - and the graph isn't very useful for spotting actual referrer problems. I guess it
would be saner to block by default rather than spoofing, but... spoofing is funnier

Or perhaps what I really want is an "advanced" mode that lets me do some regex matching

-f0dder

That'd be nice....I look forward to "f0dder's Referer Mangler"  

-4wd (March 11, 2013, 03:34 PM)

I think I already have some ideas for improvements, but I'm already spread pretty thin, and have never looked at extension development before. And I'd hate forking an extension, making some changes, and then not keeping it up to date. I also kinda think some of the ideas I have would be too large in scope for the RefControl author wanting to include it in his pretty lightweight plugin.

I'll mull a bit over this

EDIT: just reset Collusion and changed default RefControl action to block, visiting new sites pops up the individual bubbles again. I think I'll keep the setting at block - easier to see connections that way. And while Collusion slows to a crawl even with just the individual bubbles, adding edges (and the "node pull" that incurs) makes it even slower

494

Living Room / Re: Reach Into Transparent Computer, Grab Content

« Last post by f0dder on March 12, 2013, 12:47 PM »

Touch screens better than T9 texting? That made me almost laugh - but instead I just snorted cynically.

Anyway, me asking a guy at the office if he had preordered the Leap Motion ended up with his preorder increasing to 5 units , so... going to be funny to see whether that's just going to end up as an expensive dust-gathering toy

495

General Software Discussion / Re: waiting for Task Host window to close

« Last post by f0dder on March 11, 2013, 11:10 AM »

Even though a process might not have a visible window you can see, "windows" are used by Windows for more than just showing windows - and even each visible window is usually constructed from mutiple smaller "window objects" :-P

Yep, the above was meant to confuse!

So, even programs that don't have any visible windows might still use a "window object" - "what good is that!", you might ask? And this would be a fine question indeed. A window object, even if invisible, has an associated Message Queue, which is one of Windows' ways for letting programs communicate with each other; some APIs require this, and thus you might see even console applications have these hidden windows.

If, for some reason, a program stops processing messages from it's message queue, Windows will deem that program "unresponsive". This can happen for various reasons, including bugs in the program itself, as well as 3rd party code. Various "system enhancers" that use windows hooks can do a lot of mischief!

That was a bit of background story, which might not bring you any closer to a solution. It sounds like you returned after a longer time period, which puzzles me a bit - I thought the shutdown process ended up doing force-kill after a few minutes or so.

My guess is it's a buggy 3rd party program that messes up the shutdown sequence, but it's not a super easy thing to debug - you're in a situation where you can't start any new programs to diagnose the problem, and any previously-loaded diagnostic programs would have already been shut down

496

Living Room / Re: "Half of our users block ads. Now what?"

« Last post by f0dder on March 11, 2013, 09:36 AM »

Anyone interested can look up LRPS (long range penetration strain). It's not a new idea and has been around for decades.

-Renegade (March 11, 2013, 08:55 AM)

Sounds painful!  

497

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 11, 2013, 09:22 AM »

But I think I've nailed the point. (I really meant that stuff above -- it's coming.)

-Renegade (March 11, 2013, 09:03 AM)

Oh, I didn't mean worry as in "I'm worried if it will start happening", but "I'm worried what the implications are" - I know the bastards are already being bastards. Which is why I try to reduce my footprint a bit - though not going to an all-out-paranoid level

498

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 11, 2013, 08:02 AM »

Renegade: yep, it's outside the browser - which is a good reason I don't use customer loyalty cards. Theoretically that kind of tracking can be done through my credit card debit card, but I believe that's illegal here in .dk - or perhaps it's "just" a violation of ISO/PCI compliance. Obviously doesn't stop the PET from x-ref'ing my purchases for stuff that can be used to make bombs or drugs, and it doesn't stop those records from being sent to .us intelligence (all transactions get dumped on a daily basis).

While the browser isn't the only way of collecting data, it's by far the easiest to harvest from - and I reckon that for most people, it's also where the most compromising/embarassing/whatever kinda data could be extracted from. So it makes sense to panzer your browser

What worries me most about all this Big Data stuff is companies selling or swapping data. I don't really mind Amazon giving me offers based on my browse/purchase history at amazon, but I don't want that data going anywhere, and I don't want any outside data effecting those suggestions.

4wd: default Collusion settings under 'filters' is "show cookie-based connections" and "show non-cookie-based connections" both enabled - for me, that shows a node for every site I've visited (and 3rd party sites those sites have pulled resources from...) - the only edge at the moment is DoCo<>PayPal, though. Before adding RefControl (and resetting Collusion), I had an insane amount of edges within a few couple of days, and after a week or so the Collusion UI ran at less than 1fps . It's already super slow now, and showing Collusion in a separate browser window slows down the rest of firefox massively - it's only really useful to open it in a tab, look a bit at the graph, and close the tab again.

Also, I wish RefControl were a bit more flexible - "3rd-party requests only" should be changed to a dropdown with that option and "1st-party requests only". That way the default could be block/forge, a very few trusted sites would be "normal", and some of the pesky sites would have "1st-party only normal" which would handle their internal referrer checking, but block referrer for 3rd party sites. Or perhaps what I really want is an "advanced" mode that lets me do some regex matching

499

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 10, 2013, 06:29 PM »

Well, I'm giving RefControl a go - it's either full-gungho whitelisting or nothing at all, can't see much point in middle ground . So far I'm setting it up to always set http://www.google.com as the referrer, as that's kinda plausible (well, except you'd probably usually have a query string, but... whatever ).

Btw, how'd you get the collusion graph entirely black? Normally it shows the sites you've visited?
(First whitelist - DoCo wants referrer when you post :-))

500

Living Room / Re: Amazon creepy ...

« Last post by f0dder on March 10, 2013, 06:03 PM »

Tried that - even with noscript, adblock and ghostery, it gets reaaaaally big and messy (and unusably slow) really fast

-f0dder (March 10, 2013, 12:04 PM)

You forgot to block/forge Referers also - I've had them forged for almost three months and Collusion has been completely blank since then.

-4wd (March 10, 2013, 04:29 PM)

Hm, you're probably right - not sure how much data gathering is done via referrer, but it's a data point at any rate.

I wonder how much stuff would break and need whitelisting? NoScript isn't too bad, but much more hassle than that and it's too bothersome. Ah well, I guess I'll give RefControl a try - considered installing it back when I read the Collusion thread, but decided not to based on some of the user reviews. Ah well, here we go