Recent Posts

6426

General Software Discussion / Re: Did NSA Put a Secret Backdoor in New Encryption Standard?

« Last post by f0dder on November 20, 2007, 10:46 AM »

This was the case during WWII. The Allies had the Japanese codes through almost the entire war, and the German codes for most of the second half. But if we took advantage of knowing all their plans, they would realize we had the codes, and we wouldn't have the benefit when we really needed it. So we had to pretend frequently that we were ignorant. It must have been very painful for the decision makers to let people die, knowing that an attack was coming but needing to preserve the pretense of surprise (and this is part of the backstory in the novel I mentioned, Cryptonomicon).

-CWuestefeld (November 20, 2007, 10:32 AM)

Yeah, evacuate the important people from pearl harbor, let a bunch of not so important people die. Wasn't just about not letting the enemy know that their messages were being intercepted, it was also to convince the american population that the world and it's war was something they should care about.

Anyway, the whole carnivore system goes beyond just logging your traffic, it's a whole big frigging associative massively cross-referenced database. Blog posts, communities, medical records - you name it.

6427

Living Room / Re: Laptop or Desktop — which are you?

« Last post by f0dder on November 20, 2007, 10:41 AM »

Hm, I find laptops to have crummy keyboards and uncomfortable working positions - and I much prefer a 17" or 19" TFT to laptop-size displays (I'd find a 17", and probably even a 15", way too cumbersome to be decently portable).

6428

General Software Discussion / Re: ghacks post: "Why I decided to uninstall my Antivirus software"

« Last post by f0dder on November 20, 2007, 09:49 AM »

I've been meaning to try out Sandboxie and/or altiris svs... seem like nice ideas, but I just haven't bothered yet. I wonder if either of those are good alternatives to using a fullblown vm for testing shareware apps etc. (ie., lighter on resources, less bother, but still enough encapsulation that you can entirely remove the stuff again).

Just remember that even things like sb/svs aren't 100% foolproof, afaik there's been exploits for both... but generic exploits probably won't target that kind of stuff.

6429

Living Room / Re: New MSM Messenger Trojan

« Last post by f0dder on November 20, 2007, 09:13 AM »

Hm, contains code that targets VMs...

From changelogs, I gather that it's theoretically possible to break out of at least some versions of vmware... but I suspect "target VMs" simply means it alters behavior when run inside a VM, to make analyzing harder for the malware researchers.

Anyway, I stick to www.miranda-im.org to avoid potential msn-protocol exploits (haven't heard of any though), and I obviously don't blindly click attachments.

6430

Living Room / Re: Traffic Growth Could Choke 'Net by 2010

« Last post by f0dder on November 20, 2007, 09:06 AM »

Humm, traffic grows and it does so at a pretty fast rate, but I don't really see a problem - capacity increases as well. And I bet the two largest quantities of traffic would be spam/DDoS and warez.

For warez, DVD-R movies weigh in at ~4gigs a whop, games are between 4-10gigs, and then there's those insane hd-dvd/bluray releases at 20gig. It's not uncommon to see home users with 10mbit or faster lines (20/1mbit adsl is quite affordable in .dk, for instance). If you sum up all the warez activity on the net, I wouldn't be surprised if it was in the multi-gigabytes per second range. Constantly. Today even the public p2p torrent tracker communities have several "seedboxes" with 10/10 or even 100/100 mbit lines. Back in early 2000, 100/100 private servers wasn't uncommon for the so-called "scene" oh-so-private ftp servers, and today I guess the top-topsites are on gigabit links.

And yet that doesn't affect my access to donationcoder.com or other sites - only thing that tends to limit my web browsing experience would be a site on a shared host with an overloaded database server.

People are painting the devil on the wall, yelling that on-demand HDTV broadcasting will kill net bandwidth etc... but it won't. You'll receive your content from your ISP on your fiber line (remember that each individual fiber strain can do at least 1gbit/s full-duplex, and they bunch a lot of those together), and that traffic doesn't need to go through the internet backbone and take up traffic, it goes through your ISPs internal way-high capacity backbone. And do remember that all the warez traffic, generating insane amounts of traffic, is routed on the internet, without without too much trouble.

6431

General Software Discussion / Re: Did NSA Put a Secret Backdoor in New Encryption Standard?

« Last post by f0dder on November 20, 2007, 08:56 AM »

CWuestefeld: problem is that although encryption is done on one's own machine, there's usually some handshaking going on, and if there's a man in the middle, well... *boom* - he can intercept as well as augment data stream. Lots of protocols are vulnerable that way.

PGP encrypted emails don't fall under this category, as long as you're 100% sure you have the right pubkeys, but then social engineering or good old hacking can be employed - I wouldn't be surprised if NSA/friends often know about 0-day exploits at the same time or before the blackhats.

Carnivore is very real, and the us government is doing some really massive-scale data mining with it. Try applying for a .mil security related job and you'll see...

6432

General Software Discussion / Re: File synchronization: moving away from incremental backup (HELP!)

« Last post by f0dder on November 20, 2007, 07:59 AM »

NTI Shadows seem to do what you are looking for :
http://www.ntius.com/shadow.asp

-MerleOne (November 20, 2007, 07:44 AM)

Does NTI do the filter driver thing?

6433

Living Room / Re: Your Tin Foil Hat Will Not Save You Now

« Last post by f0dder on November 20, 2007, 07:57 AM »

I was thinking the white snorting rather than the brown drinking kind, though

(iirc the drinking kind has pH close to stomach acid levels?)

6434

General Software Discussion / Re: SyncBackSE vs. SuperFlexible

« Last post by f0dder on November 20, 2007, 01:46 AM »

Okay, not handling "Comments" mean that MirrorFolder doesn't handle ADS on non-"raid" sync... I just verified that they are handled as soon as the filter driver is involved, though.

Across the whole range of software, ADS handling is sporadic at best. Can't blame software devs for it, as you have to resort to mostly undocumented stuff to get at them.

I assume that when changing "comments" in xplorer^2, exactly the same is done as in normal explorer.exe, since x^2 uses the shell namespace and COM stuff, so it's not x^2's fault that jpegs themselves are modified, blame Microsoft or whoever wrote that explorer shell thingy

6435

Living Room / Re: About Rudeness in Forums

« Last post by f0dder on November 20, 2007, 01:34 AM »

Hell, you guys even tolerate my Linux posts!

-zridling (November 20, 2007, 01:23 AM)

You're pretty moderate about the stuff, not the typical gpl-zealot anti-ms attitude... and I tend to agree with a lot of your points as well, even though I don't see linux as a real alternative to windows (and that to the point where lots of people would classify me as anti-linux ).

6436

Living Room / Re: Your Tin Foil Hat Will Not Save You Now

« Last post by f0dder on November 19, 2007, 11:01 PM »

Hm.

Almost small enough to make putting RFID tags in coke viable... keeping track of your clients, eh?

6437

Developer's Corner / Re: It's A "Must Read" - Static Versus Dynamic Typing (A great overview)

« Last post by f0dder on November 19, 2007, 10:51 PM »

Why did this post topic reply notification come up with a https:// prefix instead of http:// ?

6438

General Software Discussion / Re: Did NSA Put a Secret Backdoor in New Encryption Standard?

« Last post by f0dder on November 19, 2007, 07:24 PM »

Yeah, one-time pads are the only really-really secure form of encryption that exists today (although they say quantum computing will bring new wonders - that's a bit into the future, though). But it does require that you don't f*ck up and re-use the pad. If you search history books, you'll see people forget about this, even for very important stuff.

I still don't believe NSA has the computing power to brute-force 256bit keys. If they can break 256-bit encryption, imho it's not by bruteforcing, but rather some backdoor, or fancy mathematics that the rest of the world doesn't know about... and something of that scale would be extremely hard to hide.

So... really... I think what you should be most worried about is the snooping that goes on all over the internet, automatically, all the time. If even one "hop" on your data stream's route from you to your target has a sniffer, most encrypted/secure protocols of today break. SSL, SSH, TOR, ... . And wouldn't an obvious place to install a carnivore client be at every ISP?

6439

General Software Discussion / Re: Visual Studio 2008 has gone RTM - free Express downloads, too

« Last post by f0dder on November 19, 2007, 07:00 PM »

Afaik they've made optimizer improvements (as always ), as well as fixing some obscure C++ bugs that should only really bite you if you're writing insane code.

Looking forward, though.

6440

General Software Discussion / Re: Did NSA Put a Secret Backdoor in New Encryption Standard?

« Last post by f0dder on November 19, 2007, 06:57 PM »

I doubt that "NSA has enough terraflops on tap to bypass any encryption almost instantly." - either there's some unknown backdoors in things like Rijndael, or they have much more advanced quantum computing device than anybody else... but I doubt both of those. (They're much more likely to use the carnivore system to employ man-in-middle attacks and log your encrypted data streams. And no, carnivore/echelon isn't just paranoia.)

I dunno if this possible ECC backdoor is on purpose... it seems unlikely that they'd oversee such a thing. But on the other hand it also seems unlikely that NSA would be stupid enough to have an obvious backdoor, they know there are some pretty skilled people left they haven't yet employed

6441

General Software Discussion / Re: ghacks post: "Why I decided to uninstall my Antivirus software"

« Last post by f0dder on November 19, 2007, 06:53 PM »

I've run with antivirus for long periods of time, and I've run without for long periods of time. Currently I run without. It's either completely without, or completely with (including always-running on-access scanning, but no scheduled full system scans, those are silly).

Eóin, you're almost 100% right in that "if someone can get malware to run on my pc then the battle is already lost", this is the argument I use against outward firewalls... Thing is, you can't guard yourself 100% against os/browser security holes, even if you use a NAT router etc. But the kind of malware that can creep in through such a relatively narrow hole is relatively limited in size, so should be able to be caught by decent on-access antivirus (especially something that also has behavioral blocking).

The nasty stuff that attacks your firewall and antivirus products tends to be those big malware bundles that people get through clicking olsen_sisters_nude.scr...
 
Since I don't have anybody using my computer regularly, and I pay a lot of attention to what happens on my system, I feel safe enough about running without antivirus software.

EDIT: but I wouldn't run without antivirus if it wasn't for adblock. Why? here's why.

6442

Living Room / Re: About Rudeness in Forums

« Last post by f0dder on November 19, 2007, 06:46 PM »

I've voted "very rarely" - perhaps once a month or a bit less frequently I see a post and think "this might offend somebody, but not me" because of political/religious/sexual content (obviously very very little of it since it's not moderated away, but we all know how touchy some people are).

I can only recall one heated/nasty discussion on this forum community, it's a quite magical place to be

6443

General Software Discussion / Re: SyncBackSE vs. SuperFlexible

« Last post by f0dder on November 19, 2007, 06:41 PM »

nosh: what do you mean, "doesn't handle comments"? What kind of comments? The stuff that's on file properties/summary pane, stored as alternate NTFS streams?

I know where you're coming from wrt. the windows task scheduler, I used to feel that way too... but I've come to the realization that it's idiotic that each app that wants to schedule actions have to use it's own scheduler - plain retarded. But since every app seems to do this, I don't have any experience with windows task scheduler, so I don't know if it works properly >_<

Btw., did you use MirrorFolder in "RAID mode" (ie., filter driver), or just used it for "regular" syncing?

6444

General Software Discussion / Re: compare text files

« Last post by f0dder on November 19, 2007, 06:38 PM »

I fail to see why people think SlickEdit is such a great editor :-s

It falls somewhere between IDE and Editor, I'd rather use a full-fledged IDE or a more lightweight editor. But perhaps I just fail to see it's glory

6445

General Software Discussion / Re: Maybe Vista doesn't suck?

« Last post by f0dder on November 19, 2007, 06:36 PM »

Ahhh, you're on Mac OS

Mac universal binary is actually an "archive" format, which contains multiple executables - one for each of the supported platforms. Which means that they are, as the wikipedia links says, fat.

It also means that each executable inside the fat binary is built specifically for the platform it targets, and that of course means the source code needs to be portable. So there's no magic, really.

6446

General Software Discussion / Re: Maybe Vista doesn't suck?

« Last post by f0dder on November 19, 2007, 09:45 AM »

Generic-use registers don't need to be wider than 64bit, this is quite sufficient (as long as there's CPU instructions that make working with arbitrarily large numbers easy enough) - for SIMD, they might very well get wider (and iirc SSE-something-soon will move from 128bit to 256bit). But for address space and general registers? I daresay 64bit is enough.

6447

General Software Discussion / Re: Maybe Vista doesn't suck?

« Last post by f0dder on November 19, 2007, 09:31 AM »

Imho ILP64 is the better choice, since "int" ought to be the "native int size", for performance reasons (okay, using 32bit ints isn't that bad on x86-64 because of how that architecture was hacked together, but still...)

Kernel and drivers need to be recompiled for 64bit. It would be possible to construct a thunking layer, but you don't want that for performance reasons. And it would take quite some work, since 32bit drivers obviously can't use 64bit pointers.

And some usermode apps on a 64bit os do need to be 64bit, or at least be 64-bit aware - as soon as memory addresses or sizes are involved.

nontroppo: when you download a "single binary that supports all platforms", it's probably 32bit. And that's doable on windows as well, since x86-64 natively supports running 32bit code (at the expense of not running 16-bit code in long mode). lots of code, both on windows and lunix, don't port cleanly to 64bit mode, because of st00pid programmers (NO, you CANNOT always fit a void* in an int).

You use an "int" when you want native integer size, you use "size_t" when you want address-space-size, ptrdiff_t when dealing arithmethically with pointers, etc. If you specifically need 32- or 64-bit integers (for file formats etc.), you use sint32/uint32/sint64/uint64 typedefs, specifically. It's not as complicated as some people want you to think, but you have to do this from the ground up, not as an afterthought.

For usermode code, there's a 32<>64 thunking layer, it's the most sane way to handle things.

Here's a bunch of links:

http://www.gamedev.n...cles/article2419.asp
http://www.viva64.co...it_Applications.html
http://www.viva64.co...our_egg_is_laid.html
http://www.viva64.co..._Windows_64-bit.html

6448

General Software Discussion / Re: Maybe Vista doesn't suck?

« Last post by f0dder on November 19, 2007, 07:44 AM »

I didn't say they should drop 32-bit support - just not make a 32bit version. In the same sense that 32bit versions of 9x and NT don't have 16-bit versions, but can still run 16-bit apps through WOW.

This would still mean having to maintain 32-bit wrappers-to-64bit-native-calls and a few other things, but that's a whole lot less than a full 32-bit version of the OS...

6449

General Software Discussion / Re: Maybe Vista doesn't suck?

« Last post by f0dder on November 19, 2007, 07:04 AM »

Still, it's a shame that almost all new versions of major software are betas. Doesn't anyone test this crap before they release it anymore?!!

-zridling (November 18, 2007, 10:11 PM)

Sure thing, but then you make a tiny little last-minute change, just a little innocent code reorganization, and... *b00m*. Of course that never happened to me, and certainly not with the fSekrit 1.3 release. *cough*.

I think some of this could have been cured if Microsoft would have only sold Vista in 64-bit versions, which would have forced anyone who wanted it to [effectively] buy a new system to run it.

-zridling (November 19, 2007, 04:21 AM)

Hear ye, hear ye!

I think it was a stupid move of MS to do a 32-bit version of Vista. Almost as bad a move as releasing WinMe instead of focusing exclusively on Win2k/NT5 - makes adaption take longer, spending more time on drivers, testing, etc.

Of course there's so many other things wrong with Vista that this isn't my biggests complaint, but still...

6450

General Software Discussion / Re: pls recommend a good benign keylogger

« Last post by f0dder on November 18, 2007, 01:26 PM »

People who like to compose things in an editor and then paste into their browser before sending may be interested in It's All Text. Of course, you'll need Firefox (but most of you probably are using that by now anyway). I'm not sure if there's something similar for IE.

-Nighted (May 12, 2007, 02:09 PM)

Finally got my act together and installed It's All Text... and I must say, what a nice little extension. Sure easier than realizing "oh, that's going to be a bit too long", then going through a Ctrl+A, Ctrl+C, Win+R, Notepad++<Enter>, Ctrl+V ...edit stuff... Ctrl+A, Ctrl+C, Alt+Tab, Ctrl+V sequence, which is what I used to do

Perhaps I should grab one of those BBCode editors as well, and use instead of NP++...