Recent Posts

8651

General Software Discussion / Re: a backup solution that uses winRAR

« Last post by f0dder on May 17, 2006, 03:01 PM »

I am currently using Acronis "True Image" http://www.acronis.com/
I Love it.

-thunder7 (May 17, 2006, 02:54 PM)

I'm pretty fond of it myself for drive imaging (sure beats the crudd Ghost has become, even if older Ghost versions are still decent), but for the ~12-client installation at my work, the file-based backup of TrueImage is not appropriate.

Sometimes, files that aren't (or at least shouldn't have been) modified are backed up - resulting in some way too huge incremental datasets. I will need to upgrade the diskspace in the backup server soon, partly because of this. Also, sometimes the daily backups aren't done - and it's hard to troubleshoot why. And there isn't a cleanup/rotation setting for the incremental backups, which means I have to hand-trim the datasets every now and a while.

Genie Backup (discussed in numerous threads around here) seem to be more capable at file-based backup, even if it uses the inefficient ZIP file format. I haven't tested it thoroughly yet, but my initial impressions are that I purchased the wrong backup software (Acronis) for the cheery ol' folks :/

8652

General Software Discussion / Re: Article: Inside the Spyware Scandal -- Part 2

« Last post by f0dder on May 17, 2006, 12:29 PM »

DRM is ugly. If companies have their way, I would no longer be able to rip my legally paid-for CDs to lossless format -- which makes life *so* much easier instead of having to go and change discs in my cdplayer every hour or so. And what about getting music from your legally paid-for CD to your mp3 player? Nope, you'll have to use some DRM-enabled crap that watermarks the audio files "inaudibly" (yeah right).

It's okay to make money, but I want to support the artists - NOT the greedy record companies . And no matter what the greedy bastards come up with, the pirates will always be able to make their copies, so in the end only us legitimate users are hurt.

Bloody great.

8653

General Software Discussion / Re: Article: Inside the Spyware Scandal -- Part 2

« Last post by f0dder on May 17, 2006, 12:21 PM »

Sorry, couldn't help it.

8654

General Software Discussion / Re: Article: Inside the Spyware Scandal -- Part 2

« Last post by f0dder on May 17, 2006, 12:01 PM »

F-Secure are evil! They're reverse engineering commercial software and violating EULAs!!!111! one one. 

8655

Living Room / Re: Skype users: beware

« Last post by f0dder on May 17, 2006, 12:00 PM »

This isn't about trusting big brother, this is about self appointed watch dogs who find nothing wrong with destroying someone elses property.

Exactly what are the people behind the PDF destroying? They're helping repair, before real damage is done and hell breaks loose.

If you feel your on such solid ground then how bout emailing the owners of Skype and asking them how they feel about it?
Give em your name and point em to the link? Explain to them about the "favor" that was done for em?

I doubt they would answer, and I'm pretty sure they're already aware of the PDF. And it's not exactly doing them a favour (doing them a favour would be contacting them with specific details and give them 30 days to fix before public disclosure). It's doing end-users a favour, though, by pointing out that there's severe security flaws in the Skype software.

But I guess you wouldn't mind the root DNS servers being taken down, or your online banking system being exploited.

8656

General Software Discussion / Re: a backup solution that uses winRAR

« Last post by f0dder on May 17, 2006, 09:48 AM »

Hm, it uses an external copy of WinRAR... so you'll need both this copy + preferably a registered WinRAR version. WinRAR itself is a pretty solid piece of code, but I wouldn't recommend it for backup jobs as such - it does have some in-use-file support, but... meh.

For backing up my source code, I used to use two batch files. One for a weekly "full" backup, and one for a daily "incremental" backup.

FULL: c:\programs\winrar\rar a -os -tsm,c -agYYYYMMDD-HHMM -ac -k -m5 -md4096 -r -rr5p -s \\server\backup\[email protected] *
INCREMENTAL: c:\programs\winrar\rar a -os -tsm,c -ao -agYYYYMMDD-HHMM -ac -k -m5 -md4096 -r -rr5p -s \\server\backup\[email protected] *

But IMHO, backup solutions that depend on a normal generic-purpose archiving software are going to have shortcomings of one form or another.

8657

Living Room / Re: Skype users: beware

« Last post by f0dder on May 17, 2006, 09:39 AM »

My position is that the unauthorized hacking of someone else's software/property is theft. Theft is theft, no matter what country your in.

If the reverse engineering (not hacking - hacking means breaking into websites) is done to "register" software in an unauthorized way or to steal trade secrets, I agree with you. That's not what's being done in this case, though.

Apparently you have no concept of this and have been practicing your rationalizations for a long time.

Whose sh** are you buying into? Let me guess, Guru H****?

I wish everybody trusted Big Brother as much as you do, we'd have a nice totalitarian Orwellian society 

8658

ProcessTamer / Re: Ghost Recon Advanced Warfighter v1.06 - cannot tame :(

« Last post by f0dder on May 17, 2006, 04:39 AM »

yeah but then how could the other taming tool be working?

-mouser (May 17, 2006, 04:35 AM)

Good question. If it hooks CreateProcess (or the lower-level native API version), it could do at-startup-time priority adjustments before the protection code runs.

Buuuut, there's probably some more likely explanation.

8659

Living Room / Re: Skype users: beware

« Last post by f0dder on May 17, 2006, 04:23 AM »

There are already tools out there to test applications for bandwidth usage and memory leaks etc. without ripping someones code apart in violation of the EULA.

Sorry, but you don't really have a clue what the PDF I linked to was about, do you? Checking *just* the bandwidth usage (amount of bytes/second transferred) as well as unmatched allocations/deallocations can be done trivially, yes. But this is NOT what this is about.

This is about detecting whether Skype is trojanizing your system, exactly what information it is relaying when it should be idle, and getting buffer overflows fixed so that evil people can't zombify your machine. To do this, sorry to break your illusions, Reverse Engineering has to be applied.

You should really be thankful that it's the good guys that found out this information first, before the bad guys were able to trojanize all the Skype clients in the world.

And do realize that the PDF has nothing to do with "Hacking" or "Cracking". It doesn't remove any copy protection or license scheme (because Skype doesn't have any). It's Reverse Engineering, and it has uncovered a very grave problem with the Skype software. I don't think you realize just how bad those flaws are.

He like a few others believe that they can do as they please with other peoples property.

Not really. But I do believe that somebody has to make sure the software companies aren't pulling dirty tricks behind our backs, and I think it's nice that there's white/grey-hat security analysts rather than just the virus/malware fringe who reverse engineer. Otherwise you'd be victimized a lot more often by the spammers and scammers... there will always be bad people trying to attack any piece of software they can, simply because they can profit from it. Software companies don't have the time and motivation to go through their entire million-lines of sourcecode, but you can bet your ass that some hacker in russia or china will.

I still think it's wrong that the PDF was disclosed before SKype had been notified and given due time to fix their bugs. A more tactful approach would have been posting "Skype users beware: you are highly exploitable. Skype has been notified, and in 30 days we will do full disclosure."

PS: US-based security companies reverse engineer code all the time too, regardless of the DMCA. They have to.

8660

ProcessTamer / Re: Ghost Recon Advanced Warfighter v1.06 - cannot tame :(

« Last post by f0dder on May 17, 2006, 04:08 AM »

Might be protection related - some games (at least World Of Warcraft) do various tricks to make OpenProcess fail... dunno if that's the deal with GRAW, though.

8661

General Software Discussion / Re: Process Explorer V10.11

« Last post by f0dder on May 16, 2006, 04:56 AM »

It does steal a few clock cycles, yes. Even the previous versions without multigraphs could cause some problems, but only really in extreme situations - like a test app creating a thousand threads

8662

Living Room / Re: Skype users: beware

« Last post by f0dder on May 16, 2006, 04:55 AM »

Cpilot, I think you're missing the bigger picture here.

Malicious people will try to break into any software they can, permission or not, for malicious deeds. This could be for installing botnets that can be used for DDoS and spamming, it could be to empty your account, or whatever. Even if it was just to pop up a note every 3 hours saying "you should take a rest", I doubt you'd like any unauthorized software installed on your machine. And obviously, these bad guys don't care about the law.

Without people doing disclosure, public or not, a bad guy could have a botnet with five hundred thousand zombies without anybody knowing. This would be *bad*, considering that skype is used in all kinds of places, and some with a lot of bandwidth. Lots of bandwidth and *very* wide distribution would make it *very* hard to stop an attack... I assume that even if your own machine wasn't affected, you wouldn't be too happy if the root DNS servers of the internet were taken down.

If you bother to look through the PDF, you will realize that it contains enough information to show that there are serious security holes, but there's nothing that can be copy-and-pasted to make an exploit. Thus, no kiddie attack waves.

I think this disclosure is good, but I think it would have been better to give Skype a month to fix the bugs and migrate users before releasing. As it is now, Skype will be battling the clock to get a fix out before somebody does something terrible. I'm glad I don't personally run Skype.

Even if there wasn't any exploit, I think the analysis is an interesting read - if you're a network administrator, knowing that Skype "steals" your bandwidth, generates random traffic, and tries to overcome firewalls is good knowledge.

PS: many EULAs contain statements that are conflicting with existing law, and you also have to realize that American law does not cover the entire globe, whether you like it or not.

8663

Living Room / Re: Unprotected Wireless Lans?

« Last post by f0dder on May 16, 2006, 04:43 AM »

:huh:Don't understand why anyone with wireless would not secure it. dumb...... dumb.....
Thank gawd mine is secured.

-dancin39 (May 16, 2006, 12:30 AM)

Because wireless today is so easy to setup that any Joe User can do it... but the accesspoints usually come without preconfigured security, because that would make them harder to set up. And well, once connected and working, why would Joe User need to read further in the manual?

8664

Developer's Corner / Re: MOANTS Database Design

« Last post by f0dder on May 15, 2006, 12:08 PM »

May I toss in www.sqlite.org ? Free+OpenSource, fast, ACID, used by the military, client-only (no need to install servers), relatively small, et cetera. Doesn't support all of the SQL spec, but usually enough. Binary (fast) databases. Portable across a wide range of OSes and CPUs (and iirc big/little-endian databases are interchangable between big/little-endian systems).

Oh yes, and it has a no-nonsence license - can be used with open- as well as closed-source programs.

8665

Backup Guide / Re: Question re the verification process speed at the beginning of a Genie Backup

« Last post by f0dder on May 15, 2006, 12:04 PM »

I can second your problems with on-demand virus scanners. I tend to turn them off temporarily when doing defrags or backups, it can speed up things TREMENDOUSLY. BitDefender (work) and NOD32 (home) are notoriously bad wrt. this.

Kaspersky is pretty good if you enable it's "NTFS streams" features, because it uses those streams to keep a cached "is this file good" check, boosting speed quite a bit. Unfortunately, KAV uses rootkit-like techniques to hide the presence of those streams, so using SysInternals Rootkit Revealer you'll get an insane amount of file discrepancies - I wish KAV had chosen a single central database instead.

At work, on-demand scanning isn't disabled... but the cheery ol' people there don't really notice it

8666

General Software Discussion / Re: Process Explorer V10.11

« Last post by f0dder on May 15, 2006, 11:58 AM »

I can't remember totally right, Mr f0dder,
pls take a look into the thraed i have mentioned above,
there is the answer !

-AbteriX (May 15, 2006, 11:05 AM)

DOH!, I hadn't realized the thread was multiple pages

8667

Living Room / Skype users: beware (silver needle in the skype)

« Last post by f0dder on May 15, 2006, 06:43 AM »

Finally, some skilled people have taken the time to disassemble SKYPE - quite a task, since it's heavily obfuscated and encrypted.

The PDF is an interesting read, but for normal users the most interesting point is that it quite seems like Skype is exploitable for arbitrary code execution. This means: DANGER WILL ROBINSON!

EDIT 2013-Jan-25: added "(silver needle in the skype)" to thread title so it's more searchable.

8668

General Software Discussion / Re: Process Explorer V10.11

« Last post by f0dder on May 15, 2006, 05:34 AM »

Yeah, the EXE is a bit fat... using a resource editor to remove the binary resources isn't too bad, the problem is... which entries to remove?

8669

Living Room / Re: Too Funny

« Last post by f0dder on May 13, 2006, 02:36 PM »

Well, I know several people who have worked at helpdesks. And I've once sat myself with quite a puzzled expression on my face when I realized I couldn't attach physical objects to an email (yeah, that was one EARLY morning).

I prefer the helpdesk story about the user who couldn't insert disk #2... because he hadn't taken out disk #1 first

8670

Living Room / Re: Too Funny

« Last post by f0dder on May 13, 2006, 02:13 PM »

Wow, sorry for commenting 

8671

Living Room / Re: Too Funny

« Last post by f0dder on May 13, 2006, 01:59 PM »

Heh, pretty old one. Must be a fake, can't believe anybody could be that stupid.

8672

Living Room / Re: Reinstalling Windows XP ... how big is yours?

« Last post by f0dder on May 13, 2006, 01:49 PM »

Alternative to TreeSize that has "pretty pictures" ^_^ - http://windirstat.sourceforge.net/ .


My XP+Programs is at 4.52GB, including vs.net 2003 - but excluding MSDN. I got an old CHM version stripped to my needs weighing at ~50megs... if I need any of the recent (xp/2003) API information, I go online.

My system drive ias at 12gig with 5gig used, so there's a few other things there as well - but no hibernation nor paging. With 2 gigs of ram, both would be silly (I don't run adobe apps, otherwise paging would be necessary I guess).

8673

Living Room / Re: KPL - Kids Programming Language

« Last post by f0dder on May 10, 2006, 07:10 AM »

I heard about it a while ago, but it was not until your post that I thought "Duh! this might be the thing to throw at my brother." - he's currently playing with HTML+JavaScript, which isn't really the best way to learn to program (bad syntax checks etc.)

I had thought about C/C++, but well... he wants to play around with graphics, and to do that in C/C++ I'd have to write up a whole little framework for him - 

8674

General Software Discussion / Re: Find Robot key locked the program and froze my pc

« Last post by f0dder on May 08, 2006, 05:17 AM »

Hmm, I can't see how pasting the license key into F&RR could cause a system lockup.

*except* if some other buggy program was running on the machine, and you're using win9x. On win9x, the clipboard API (especially hooking/notification) is *extremely* sensitive, and even the slightest of errors can cause some pretty nasty bugs.

8675

General Software Discussion / Re: better than using an unistaller? Altiris SVS

« Last post by f0dder on May 07, 2006, 12:12 PM »

That sounds pretty scary, skywalka!

Have you run chkdsk lately on your partitions? Sometimes even small errors can give strange problems, and when installing custom filter drivers (like Altiris SVS is), I bet things can become even stranger...