Recent Posts

6801

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 25, 2011, 08:20 PM »

@steveorg - I tried something like Swype as Swype wasn't available (only OEM), but it didn't help me much. Yeah... A tad faster, but still mind-numbingly painful to type on a keyboard designed for the fingers of 8-year old girls. I have big thumbs and they cover everything so I can't see what I'm trying to hit.

I wish that phones would allow the use of a stylus. That would solve my problem better.

6802

General Software Discussion / Re: Logging out of Facebook is not enough

« Last post by Renegade on September 25, 2011, 11:30 AM »

So does that mean that everyone knows that the site I visit most after DC is Vivid.com? (Just kidding - it's NSFW.)

6803

General Software Discussion / Re: Logging out of Facebook is not enough

« Last post by Renegade on September 25, 2011, 09:51 AM »

Just because you can, doesn't mean you should, but it does mean that someone will...

I wonder if cookie blockers will make a comeback...

6804

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 25, 2011, 09:46 AM »

To help drive this point along, in many installers there is the bit about disabling your AV software.  I used to work at a company where we had a pretty tight licensing system, that used an implementation of a third-party licensing component.  I had to write a lot of code to get it to work and integrate with the product.  But apparently some AV programs looked at the licensing as virus-like activity.  In that case, would it not have been the company that was affected and so the company that should have a right to pursue remedies, instead of waiting for the developers of the licensing component?

-wraith808 (September 25, 2011, 08:58 AM)

Good point about installers recommending that people turn off AV software. (I don't think it should be necessary, but that's just what I think.)

In the past, most of the problems I've had with false positives have been rooted in either compression or encryption. Was the licensing issue you had due to network traffic or encryption/compression?

6805

Developer's Corner / Re: How To Write Unmaintainable Code

« Last post by Renegade on September 25, 2011, 05:24 AM »

You could always hire a certain someone I know. Lovely person to talk to. She handles web projects for her employer - who thinks she's a wizard. She's the living embodiment of the 'stream of consciousness' school of programming...

-40hz (September 22, 2011, 09:45 AM)

Actually that style worked pretty well for web programming for the longest time, since http is a)linear and b)amnesiac. The industry is full of people like that who managed quite well on the server side programming.
It's harder in our days of ajax, html5, rich interfaces in javascript, flash and silverlight etc.

-iphigenie (September 25, 2011, 03:17 AM)

It can be extremely difficult sometimes when you're working with umpteen trillion different technologies.

In 1 portion of 1 project, this is what I need to deal with:

C#
VB.NET
ASP.NET
X/HTML
CSS
XML
TXT
HTTP
JavaScript
2 Frameworks
4 Components
1 Database
6 Projects
4 Web applications (3 are also projects)
? APIs... I don't feel like counting...

I'm sure I'm forgetting some things, but whatever. Point is, it takes a lot of effort to keep each section separate and clean and working well with every other part. It's easy to see why some things turn into complete disasters. (I've been taking my time to make certain that things are as maintainable as possible. e.g. TONS of comments in code with everything as atomic as possible.)

In some ways, you're kind of like a conductor when you're programming -- it's up to you to orchestrate everything and "make music".

6806

Living Room / Re: Question to Everyone: Setting aside the technical meaning, does Donationware...

« Last post by Renegade on September 25, 2011, 01:15 AM »

Good question. My initial thoughts are that "Pay What You Want" are more likely to motivate me to cough up.

6807

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 25, 2011, 01:12 AM »

In the 3 hours I had it installed, I noticed that apps that were not 'in focus' were marked as suspended in task manager.
Well, I like everything running, not to be suspended when it is in the background.

-GHammer (September 25, 2011, 01:04 AM)

This is a form factor issue for the platform.

All mobile platforms that I've seen use an OnForeground and an OnBackground event for the application.

The purpose for the OnBackground is for you to save any settings and dispose of any resource intensive resources or processes.

The OnForeground event is for you to resume your application.

These are needed due to the limited CPU, memory, and battery life of mobile devices.

As far as the desktop is concerned with Metro, my guess is that people would be sticking to convention there for the time being, and later on when the platform is released, developers will then check to see where the app is running and deal with things more comprehensively.

These are still very early stages for the platform, so there will be issues like that.

6808

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 25, 2011, 12:46 AM »

That is not a functional part of the software though, it is a functional part of your business. The software would run just the same if there was no adware in the installer.

-Jibz (September 24, 2011, 02:53 PM)

Whether it's OC or DevExpress or Infragistics or whatever, they all just seem like components to me. They all have a purpose. Saying that it's not a functional part of the software is only expressing an opinion on what level of utility one perceives in it.

To be the Devil's Advocate:

* Help files aren't a functional part of software because they describe the software. i.e. Descriptions are not functions.

* Playlists in my MP3 player aren't a functional part of the player because I don't use them, and get no value out of them.

* Graphic embellishments and decorations that make a program look nice aren't functional parts of the program because they don't "do" anything.

* A GUI is not a functional part of the software because anything that you can do through a GUI can be done through a command line. (Oh god... can you imagine how difficult some software would be with no GUI? Nightmarish...)

While some of those may seem utterly silly, they are just following down that slippery slope to one degree or another.

Basically, it boils down to whether or not you "like" or "want" or "use" some set of functionality.

...there is a difference between components used in software, and adware bundled with it.

-Jibz (September 24, 2011, 02:53 PM)

The word "bundle" is interesting as it can mean a few things. I think that we'd all agree that "bundle" implies packaging together several discrete pieces of software that do not interact with each other in any meaningful way, and that those pieces of software are not related in the way that a piece of software is related to a component/library.

I don't think that "adware" is really relevant. Whether you're bundling a toolbar, or a browser, or a pro version, or a related product, or a 3rd party product, or whatever, a bundle is a bundle.

What I'm NOT clear on though, is whether or not facilitating a download and installation constitues "bundling".

For example, say you download the ACME Web Browser. They bundle in the ACME Browser Switcher toolbar for other browsers that lets you seamlessly switch from another browser into the ACME Web Browser. So that's a bundle... But, if they also include an option in the installer for you to download and install the ACME MP3 Player, then is that bundled? It's not "in" the installer, and you have to download it still... I'm thinking that I'd have to say "no" for traditional standalone installers, and that the question then moves on to what constitues a bundle in a connected world with web installers... There I think I'd have to say "yes".

Also, just for the record, writing good signatures for malware is not as easy as it may seem .

-Jibz (September 24, 2011, 02:53 PM)

I'm quite certain writing signatures for malware is very difficult.

But we don't excuse doctors for killing people on the operating table because they misdiagnosed a cough for brain cancer. Oh... Ooops... Yes we do. But whatever.

It seems to me that labeling an innocent piece of software as malware is libelous.

http://en.wikipedia.org/wiki/Defamation

Defamation—also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words)—is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image. It is usually a requirement that this claim be false and that the publication is communicated to someone other than the person defamed (the claimant).

To prove libel:

The person first must prove that the statement was false.
Second, that person must prove that the statement caused harm.
Third, they must prove that the statement was made without adequate research into the truthfulness of the statement.

In the context of db90h's definition of false positive, these conditions are all met.

1) By definition, this is satisfied (false positive).
2) Again, this is trivially true.
3) It is well known that signatures can have multiple matches, so making a claim without verification satisfies this condition.

I suppose that I'm surprised that the AV companies haven't been sued more, because they're obviously guilty. If they have, I'm unaware of those suits.

The purpose of this project is to identify and address the issues of false positives. It is not to identify and address issues with misclassifications. We are going to stay focused on false positives. We are not going to address misclassifications unless a website is misclassified as containing something it does not.

-app103 (September 24, 2011, 03:48 PM)

I think the general issue would be better served by a less highly-focused approach to the technical side of signatures with multiple matches. But I suppose you do what you can.



For the record -- No offense take here. This is just a case of two different understandings of what "false positive" means.

Which is a general problem in a lot of discussions. And especially with acronyms... Quite often my eyes just glaze over when reading some materials where an author starts off using some acronym and never expands it for clarity.

6809

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 24, 2011, 02:27 PM »

@wraith808 - Thanks for the voice of support. Greatly appreciated.

6810

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 24, 2011, 02:23 PM »

You are comparing libraries and software components to installer bundles? Come on ... Components/libraries have a FUNCTIONAL PART of the software, installer bundlers are SEPARATE products that are there to get installed into the PC as a separate product (and for commercial purposes, that is why you get paid). 

-db90h (September 24, 2011, 01:46 PM)

We're not going to see eye-to-eye on this.

Yes. They have a functional part. It's called putting food on the table.

As an independent software vendor (mISV), I have to look at the big picture. I don't have the luxury of looking at one very tiny isolate part.

If my software is labeled malware, for whatever reason, that's a very real problem for me. It's a kind of steak vs. ramyen problem.

For the specific example that I gave that you deleted in your forums, no software is "installed". (We've gone over that issue here in some other thread, and I don't believe that execution is equivalent to installation.)

Also, you took my one, non-applicable quote.. thanks for that. That was why I first removed them, but then it became clear how problematic it would be to allow, after long discussions about the issue.

-db90h (September 24, 2011, 01:46 PM)

I'm not sure what you mean there.

These are the rules. You have the freedom to start your own site. I mean no offense.

-db90h (September 24, 2011, 01:46 PM)

You can have whatever rules you want at your site. I don't have any problem at all with that. Heck, I think that you can do some very real good.

You've simply limited the discussion to a very narrow band, and I'm just not interested in things that narrow on the topic.

What you're doing is a good thing. But you're simply excluding people in my position. Not that there's anything wrong with that. It's just that I don't really have anything to add to that discussion. I'm more interested in the bigger picture.

And as for starting my own site, that won't happen. I've not found time for it in the last few years, and I doubt that I will any time soon.

Good luck with things. I hope that you can get the AV companies to stop dropping the ball so much.

6811

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 24, 2011, 02:09 PM »

It would be far more productive in the long run if 1000 developers of 1000 different products would stick to reporting false positives in their products and not reporting a false positive in some 3rd party bundled product like OC.

Because it is a single false positive and the problem is with OC and not 1000 false positives with the 1000 different products.

It would be far better for those 1000 developers to bang on OC's door and complain about it, then let OC handle the issues with their product.

You, as the developer of one of the 1000 products bundling some 3rd party adware are not in the position to make any changes to that 3rd party software to comply with any requirement that might be needed to resolve the issue (other than removing it from your installer), while OC is in a position to change their product and resolve it. They are the ones that should be complaining if they are upset by what they believe to be a false positive.

And I do not see something containing OC being detected as Adware:Win32/OpenCandy as a false positive. It was identified correctly as OpenCandy. If it were being identified as a Trojan:Win32/Vundo, that would be a FP.

-app103 (September 24, 2011, 01:40 PM)

Whether it's OC or whatever is completely irrelevant.

For a bunch of customers to start bugging a component vendor because an AV vendor is incompetent is simply idiotic.

Why further the component vendor's burden when they are already getting screwed by the AV company?

Inform them? Sure. Bitch and cause problems for them? That's counterproductive.

It's much better to have those 1,000 software authors screaming to the AV vendors for their incompetence.

Quite frankly, it's the AV companies that are dropping the ball here. They are the ones that need to be screamed at.

Sure, I'll email a component vendor to let them know that an AV company is incompetent and accusing them of something that they're not guilty of, but I'm sure as hell not going to bitch at them because of something that's not their fault.

The fault lies ENTIRELY with the AV vendors. THEY are the ones that are in error.

Classification is irrelevant to me.

At the end of the day, it's the AV companies that are the guilty parties here.

And I quite frankly don't care about their problems all that much. Yes. I know that it's a hard job. But there's just no excuse for screwing me when I don't want to get screwed.

The more I think about this, the angrier I get.

I've been screwed by the AV companies with false positive across the entire spectrum of *whatever* you want to call a false positive. The end result is the same. I get screwed. I don't like that. Getting screwed is bad.

My sympathy levels for the AV companies is only dropping now... The more I think about it, the more I see that they are simply incompetent, and that they have NO excuse.

It's not that hard to take a detection, quarantine it, and then inform the user that they have a possible infection, and that a more thorough check is being done... Please stand by... We'll return to the regular programming momentarily...

But they don't do that.

If something is detected, sure. Quarantine it. False positive or otherwise. Play safe. But also take into account that you *could* be wrong and do some due diligence.

6812

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 24, 2011, 01:41 PM »

I'm going to try to be short here.

I was informed the company we were discussing (Open Candy) likes to sue people. I got freaked out, removed the posts. Sorry... The new policy is: NO DISCUSSION OF BUNDLED PRODUCTS.

-db90h (September 24, 2011, 11:39 AM)

I think this is very short sighted.

There is little software out there that doesn't incorporate other software. They're called libraries or components. They help enable different functionality. At the extreme end of the argument there, there isn't any software at all that doesn't incorporate other software.

To me, the line you seem to be drawing there for components appears to be rather arbitrary. I'd say that leaving it at the installer level or installed level is best. (I don't expect that we'll ever see eye-to-eye there though.)

As far as suits go, I am not aware of any from OC (SweetLabs now). I have a good relationship with them, and wouldn't expect them to sue me for anything that I'd written there. I know their community evangelist very well.

BTW, this is FALSE, because they detected OpenCandy as OpenCandy. It is a classification issue, which is different than a false positive. We can NOT get into classification debates, period.

-db90h (September 24, 2011, 01:10 PM)

I went on at length about this in a post that you'd deleted.

I understand (I think) what you want to limit the discussion to. For misidentification, that's one thing, but I still think that "false positive" implies any identification of innocent software as malware.

Yes. I know you want to rule that out. Perhaps terminology is a problem, and that will only create red herrings unless rectified. Perhaps some more specific terminology would help.

I still think that you're basically going to make most software irrelevant though. Just for example, you're ruling out Screenshot Captor (a favorite program of mine).

Screenshot Captor includes other software components. If it or any part of it is identified as "malware" (or whatever), the practical upshot is that mouser gets screwed by that. I know that mouser has had to deal with false positives in the past.

Thinking about it again, it seems to me that you're trying to be extremely technical. I don't think that approach will be very productive though. It might make sense to techies and gearheads, but it would probably be more useful to think about the user perspective, because that's what really matters in the end.

As far as I'm concerned, if any AV software detects an installer as threat/malware (or whatever), that's a false positive to me. I see the debate about components/libraries as a non-issue.

There is a lot of software out there that incorporates defunct or non-maintained software or abandonware. In those cases there's, as you've defined, there is NOBODY to stand up and tell the AV companies to fix their **** ups.

I'll give you an example...

One of my favorite pieces of software is from Infralution. It uses a component for graphing, but it's no longer maintained. So what happens there?

Anyways...

I'm going to bow out of this discussion. I'm simply not interested in the extreme end of the spectrum.

6813

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 24, 2011, 11:34 AM »

I sure hope this anti-FP action will go well. 

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.

-Curt (September 24, 2011, 05:00 AM)

Thanks, and do not worry, all accounts and posts will be moved... we use SMF, so will the new forum.. easy migration. I indicated this, but it may have been missed (or not believed ;p).

-db90h (September 24, 2011, 10:29 AM)

Was that what was happening? I saw 2 of my 3 posts were removed, so I got pissed at being censored, deleted my remaining post and deleted my account.

6814

Developer's Corner / Text Effect in Flash and Silverlight

« Last post by Renegade on September 24, 2011, 10:25 AM »

I've been looking for some help in doing text effect in C#, and happened across this:

http://www.shinedraw...egories/text-effect/

It's kind of pointless to post screenshots as things are mostly animations and would look like, well, text...

But have a look. It shows identical solutions to problems in Flash and Silverlight.

6815

Developer's Corner / Community Content on MSDN

« Last post by Renegade on September 24, 2011, 09:44 AM »

Has anyone *EVER* seen any actual community content in the MSDN docs?

6816

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 24, 2011, 09:19 AM »

So this technology is definitely has it's pros that surpasses minor cons.

-mahesh2k (September 24, 2011, 09:01 AM)

+1 there!

Now what's in it for developers ? I mean we're talking about how upcoming technology on this platform is going to help non-developers. But as developer i think i would like to see if some of our tasks are minimized in VS or any other MS dependent technology.

-mahesh2k (September 24, 2011, 09:01 AM)

If MS takes cues from any of the other vendors, they'll have SR/STT built into Metro with APIs for them. (And in .NET and not just C/C++ only APIs.)

I'm crossing my fingers... I just hope that we don't end up with the sucky closed APIs that some mobile OS vendors have... To some degree it's ok as it affords protection for users, but where it doesn't protect the user, I don't want shielded APIs.

6817

General Software Discussion / Re: Help me pick the right name for my software

« Last post by Renegade on September 24, 2011, 09:15 AM »

I would love to participate, but please have a look at my software names. You'll quickly see that I have nothing worthwhile to contribute.

And searchability is the bottom line i think when looking for a new name.

And that is the largest part of why my software names suck. Well, for search engines they are tasty, but that's about it.

The only thing that I can possibly suggest is something like:

<company name> <product name>

or

<product name> for <purpose>

Slick names are great if you have a marketing department that can push stuff for you. Sucky names that are search engine friendly are for poor little developers that have to do it all themselves.

6818

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 24, 2011, 07:09 AM »

Android has an app for DNS(dragon naturally speaking) so it is taking off already. There is also an app for google search with voice on android. So slowly but surely it is taking up. My point is that - few years back in my early twenties i used to do some searches via typing keyword, i can comfortably do the same in future ( for ahm) at home for obvious reasons not using speech recognition. But the point is, i can't imagine future generation holding the same conservative thoughts like me. Unless i do some fundamental brainwashing, there is no way they're going to pick those conservative thoughts and feel awkward for the same. (Hmm, current teen generation liking lady gaga and Justin bieber says it all about our doomsday).They may do weird actions while using the paper displays or holograms in future or shout some swear words to program their tablets and mobiles to execute some of their tasks.

-mahesh2k (September 24, 2011, 05:25 AM)

Hmmm... You got me thinking... Would it be better if your computer could read lips? No noise.

I've actually got 4 mics on my desk here at home... So, SR/STT would really make my life somewhat easier for some things.

But with 2 webcams as well, reading lips would be, well, nah. Just easier for me to speak. But I can see a use for it. Like of like "hands free gestures".

6819

Living Room / Re: A Religion for the 21st Century!

« Last post by Renegade on September 24, 2011, 02:50 AM »

Rumor has it that the Catholics got it wrong... Suicide lets you take it with you... Really, Steve, really...

6820

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 23, 2011, 09:41 PM »

You're both describing what actually happens. People in public yabber on their phones forever. I think I'm describing *almost* the same thing, i.e. People in public will yabber TO their phones forever.

-Renegade (September 23, 2011, 08:42 PM)

Oh god... We. Are. So. Fucking. Screwed...

-Stoic Joker (September 23, 2011, 09:17 PM)

Buy stock in noise canceling earbuds/headphones NOW~!

6821

Living Room / Re: Social Media's Hidden Truth

« Last post by Renegade on September 23, 2011, 08:44 PM »

Hehehe. Very cute!

6822

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 23, 2011, 08:42 PM »

I'm with Carol on this one. Social Issue (Meh...) no. Educational issue ... definitely getting warmer.

-Stoic Joker (September 23, 2011, 11:35 AM)

I think you guys are being idealistic. What happens when you give people rope? They hang themselves. Same deal here. Give people a new way to do anything, and they will. Throw a handgun into monkey cage at the zoo and you're in for some real entertainment. The first one loses his own head. The second one, well, that's where the black humor really starts...

This behavior isn't rude ... It's retarded.

-Stoic Joker (September 23, 2011, 11:35 AM)

And you expect what from the sheeple?


I don't talk on the phone much at all. Once every few days maybe. But looking around me, everyone else does. A lot. Give them voice commands for their mobile devices and there won't be a car on the road where anyone has their mouth shut. I don't think that will change outside the car either.

Face it. People love to hear the sound of their own voice.

Here's a little experiment. The next time you have a conversation with someone, be quiet as much as possible. I bet there won't be any silence no matter how hard you try to zip it. Throw in the odd "yeah" or "mm-hm" for dialectical lube, and whoever you're talking to will likely ramble on forever.

You're both describing what actually happens. People in public yabber on their phones forever. I think I'm describing *almost* the same thing, i.e. People in public will yabber TO their phones forever.

Hell... I think that the ELIZA program will make a comeback just so that people can keep yacking!

6823

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 23, 2011, 10:54 AM »

Google has some SR/STT for their search engine:



It's limited, but for short, focused speech, it works ok.

If Metro has decent STT built in with an API for it, that would rock. Most mobile OSes have some kind of STT in them, so I'll be disappointed if Metro doesn't... Does anyone know?

6824

General Software Discussion / Re: Couldn't be more disappointed in Windows 8 :(

« Last post by Renegade on September 23, 2011, 10:06 AM »

Except that it drives everyone else nuts

-Carol Haynes (September 23, 2011, 09:54 AM)

That's a social issue, and those rules change in different places. Still, I don't think that it will prevent anyone from doing using their mobile devices with voice when it is finally "there". People do it now anyways. Let's face it -- nobody cares about anyone else, and being demure or polite is so last millennium.

6825

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by Renegade on September 23, 2011, 09:15 AM »

NICE~!

Let me add 1 there to your table:

Symantec	https://submit.syman....com/false_positive/
Microsoft Anti-Malware	http://www.microsoft...rtal/isv/fpform.aspx
Bit Defender	http://forum.bitdefe...ex.php?showforum=138
AVG	http://forums.avg.co...;act=show&id=395
Kaspersky	http://forum.kaspers....php?showtopic=13881
McAfee	https://community.mcafee.com/thread/2016
Comodo	http://www.comodo.co...-security/submit.php
NOD32	http://kb.eset.com/e...ntent&id=SOLN141

I got hit with a NOD32 false positive. Not very happy with that.