Hey kids! Here's a great new feature in Windows 10
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
But since MS has already offered this OWIN self-hosted thing, which seems to be aimed squarely at this use case, who am I to say no?
Well apparently it doesn't fucking work, so why the fuck are you using it?
"I use broken shit that doesn't work but when the broken shit that doesn't work makes an OS feature work a bit strange, I bitch about the OS and not the broken shit that doesn't work!"
I obviously can not put myself in your brain because your brain is demented.
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
Run As AdministratorEliminating security is way easier.Yep, I bet you've turned off UAC and are running on an Administrator account too, aren'tcha?
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
@blakeyrat said in Hey kids! Here's a great new feature in Windows 10:
- edit protected text file, like
hosts
(eg. Notepad or similar)
You can say what you want about the ugliness of Total Commander but at least it implements a decent sudo-edit: when you press "Edit" and it detects that a file is read-only due to missing access rights, it'll automatically copy it to a temp file and open your favourite editor. When it closes it will copy the file back for you using a helper application which will prompt for UAC access after every x minutes of idleness.The way it does this is by having a plain user process which sends instructions to the elevated helper process, hence having no need to run the entire thing as an administrator.
EDIT: Wait, I seem to be merging two features in my head. I might need more sleep.
- edit protected text file, like
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
Run As AdministratorEliminating security is way easier.Yep, I bet you've turned off UAC and are running on an Administrator account too, aren'tcha?
Well, he wants to expose an elevated process directly to the Internet, so...
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Yep, I bet you've turned off UAC and are running on an Administrator account too, aren'tcha?
No. I'm being a good boy.
Well apparently it doesn't fucking work, so why the fuck are you using it?
"I use broken shit that doesn't work but when the broken shit that doesn't work makes an OS feature work a bit strange, I bitch about the OS and not the broken shit that doesn't work!"It's like you forget on which site you're on.
Well, in contrast to you, at least I start out appearing wise and then go downhill. Whereas you start out at the bottom and then try to actively go below that.
I'm persistent like that.
Seems to me that during the initialization of your app (based on the screenshot) your prefixes may be misconfigured or missing, or obviously your app hasn't been given the permission to listen on those interfaces (i.e. Firewall? Who knows, once again, I don't reinvent the wheel).
Nothing is misconfigured, as the service works in elevated mode. It's some kind of Windows security thing. Nothing I can do from within the app. Need to do that voodoo from the stack overflow article blakey posted, but that didn't work the last time I tried.
-
@JBert said in Hey kids! Here's a great new feature in Windows 10:
You can say what you want about the ugliness of Total Commander but at least it implements a decent sudo-edit: when you press "Edit" and it detects that a file is read-only due to missing access rights, it'll automatically copy it to a temp file and open your favourite editor. When it closes it will copy the file back for you using a helper application which will prompt for UAC access after every x minutes of idleness.
The way it does this is by having a plain user process which sends instructions to the elevated helper process, hence having no need to run the entire thing as an administrator.
No repro.
It just opens c:\Windows\System32\drivers\etc\hosts in the default editor, which is then unable to save (unless the editor is Notepad++, which has its own elevation system).
Maybe there's a plugin or setting I'm missing?
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
Note I'm serving on a non-reserved port (8000).
Try to run the app without elevating it
Try to debug the app without elevating Visual StudioSee what happens.
NFC what you're doing wrong.
Worked fine for me. With/Without admin privs, inside/outside the debugger.
Edit: Thanks for letting me know about this toolkit though, I was wondering how I was going to incorporate remote control functionality for something and this looks like an easy way to do it.
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
@JBert said in Hey kids! Here's a great new feature in Windows 10:
You can say what you want about the ugliness of Total Commander but at least it implements a decent sudo-edit: when you press "Edit" and it detects that a file is read-only due to missing access rights, it'll automatically copy it to a temp file and open your favourite editor. When it closes it will copy the file back for you using a helper application which will prompt for UAC access after every x minutes of idleness.
The way it does this is by having a plain user process which sends instructions to the elevated helper process, hence having no need to run the entire thing as an administrator.
No repro.
It just opens c:\Windows\System32\drivers\etc\hosts in the default editor, which is then unable to save (unless the editor is Notepad++, which has its own elevation system).
Maybe there's a plugin or setting I'm missing?
Maybe I'm just in need of sleep or coffee : I'm sure it has a helper process for privileged actions like copying, thus saving you from repeatedly having to grant UAC acces. The temp file thing could be when editing special filesystems like a zip file, and yet I seem to remember doing it once...
-
It's been briefly mentioned, but what sorts of security problems arise from allowing drag and drop between elevated and unelevated applications? Why is something as simple as drag and drop even a vector for attack anyway?
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Worked fine for me. With/Without admin privs, inside/outside the debugger.
Edit: Thanks for letting me know about this toolkit though, I was wondering how I was going to incorporate remote control functionality for something and this looks like an easy way to do it.Yes, you can serve it on localhost. But if you tried to open that from internet or local network, you'd find that it isn't visible.
Try changing
"http://localhost:8000"
to"http://*:8000"
and see what happens.
-
@LB_ said in Hey kids! Here's a great new feature in Windows 10:
It's been briefly mentioned, but what sorts of security problems arise from allowing drag and drop between elevated and unelevated applications? Why is something as simple as drag and drop even a vector for attack anyway?
If you allow any possible interaction between a non-elevated process and an elevated process, you have an attack vector. Drag/Drop is just one of the potential interactions that's blocked.
for instance, if the code handling drop events in the target elevated program is broken, dropping a maliciously formed snippet could buffer overflow or whatever and exploit the program.
-
@JBert said in Hey kids! Here's a great new feature in Windows 10:
Maybe I'm just in need of sleep or coffee : I'm sure it has a helper process for privileged actions like copying, thus saving you from repeatedly having to grant UAC acces. The temp file thing could be when editing special filesystems like a zip file, and yet I seem to remember doing it once...
If it has, it doesn't work for me. I get UAC prompt when doing administratory shit and Edit just opens the file. No fancy temp magic.
It DOES use temp files when editing something through FTP or messing with archives, though.
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
Try changing "http://localhost:8000"to "http://*:8000" and see what happens.
Already discussed, you're not allowed to bind on other interfaces by default, and the idiot DLL that is OWIN apparently doesn't know how to ask for permission to do so.
Edit: FFS apparently my firewall has been changed by the sysadmins and I can't grant exceptions to it, but if I could open that port in it I'm sure I'd be fine.
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Already discussed, you're not allowed to bind on other interfaces by default, and the idiot DLL that is OWIN apparently doesn't know how to ask for permission to do so.
Therefore, I have to run this as Administrator during development.
Therefore, if I want to debug it, I have to run VS as administrator.And there we go, that was my whole complaint.
BTW, next time I have to deal with this (if ever), I might try setting up a reverse proxy and exposing my localhost app to the world through that.
-
@cartman82 If you're needing to do too many complicated steps do to a simple thing (like serve something over an http port), I have to agree with blakey it's broken shit that doesn't work.
I just dunno if the broken shit is windows or owin
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Edit: FFS apparently my firewall has been changed by the sysadmins and I can't grant exceptions to it, but if I could open that port in it I'm sure I'd be fine.
Telling you dude. It's not the firewall.
-
@Tsaukpaetra And here's an interesting find, mentioned in an article:
You will need proper URL ACLs set to listen on any address other than localhost.
So in other words, since Elevated processes override security, that's why it works. Other apps have to ask for access, which OWIN isn't doing.
So, instead of OWIN doing the right thing and prompting Window Firewall to add an exception automatically, you have to do it by hand:
-
Hmm, this actually works now:
netsh http add urlacl url=http://*:8000/ user=everyone
I wonder if it will stick through restarts (probably not).
I think what happened here was,
HTTP.sys
only used to prevent non-privileged apps from binding to ports 80 and 443. Then with Windows 8, they expanded this to ban ALL ports.I'm not sure why the netsh incantation didn't work the last time I tried. Could have been something to do with Win 8. Either way, it seems to work now on Win 10.
Cool, TIL!
-
@Tsaukpaetra Just for kicks and giggles I did this on a machine I actually have permissions on, and what do you know, adding the urlacl thing worked!
So, where is due: It's not the Windows Firewall, technically, congratulations.
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
It's not the Windows Firewall, technically, congratulations.
Technically right: the best kind of tight.
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
I'm not sure why the netsh incantation didn't work the last time I tried.
Yes, apparently the damn urlacl parameter must match exactly otherwise it don't work.
Whatever, OWIN should still be handling this and UAC prompting to fix it automatically.
-
@Tsaukpaetra OWIN is hipster shit coming from the new open source initiatives.
It's all open source-y.
That's why shit don't work.
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Whatever, OWIN should still be handling this and UAC prompting to fix it automatically.
Then again, OWIN is supposedly expecting to run as a service anyways, so asking for elevation wouldn't work at all even if it tried.
I guess TRWTF is OWIN being used outside its intended purpose: If you wanted an externally-accessible web application, MS says you should be using full-blown IIS.
Whatever, side-track completed.
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
Whatever, OWIN should still be handling this and UAC prompting to fix it automatically.
For extra credit: try it with bare HTTP or TCP listener and see what happens.
-
@LB_ said in Hey kids! Here's a great new feature in Windows 10:
The updater launches it as administrator
-
@cartman82 said in Hey kids! Here's a great new feature in Windows 10:
run self-hosted web server during development or actual usage (eg. Visual Studio)
Doesn't need elevation to bind ports.
-
@sloosecannon said in Hey kids! Here's a great new feature in Windows 10:
Doesn't need elevation to bind ports so long as you only bind to LocalHost or equivalent.
FTFY, as we discovered in this thread.
-
@Tsaukpaetra said in Hey kids! Here's a great new feature in Windows 10:
@sloosecannon said in Hey kids! Here's a great new feature in Windows 10:
Doesn't need elevation to bind ports so long as you only bind to LocalHost or equivalent.
FTFY, as we discovered in this thread.
Err, no? IntelliJ binds to 0.0.0.0 on any port (assuming it's not already bound of course) perfectly happily without elevation....
-
@sloosecannon said in Hey kids! Here's a great new feature in Windows 10:
Err, no? IntelliJ binds to 0.0.0.0 on any port (assuming it's not already bound of course) perfectly happily without elevation....
You're either wrong. or it's doing something tricky.
-
@sloosecannon It's not just binding ports. The port 80 is binded to some windows service, and you ask to permission to answer to a path in the URL to this service.
-
@fbmac said in Hey kids! Here's a great new feature in Windows 10:
@sloosecannon It's not just binding ports. The port 80 is binded to some windows service, and you ask to permission to answer to a path in the URL to this service.
Ooooh.
Yeah if you're doing that "open port via IIS" thing that might require elevation. Which... sucks for .Net web devs I guess.
AFAICT though, there's no elevation required to just open a random port if you're not using that IIS thing
-
This post is deleted!
-
-
@FrostCat "I'm Homer Simpson"
-
@blakeyrat said in Hey kids! Here's a great new feature in Windows 10:
If the program has to be elevated to run, it's already broken.
Two counter-examples.
Elevated Notepad (or Textpad or Notepad++) in order to edit
%windir%/System32/Drivers/Etc/hosts
Requiring elevation Is A Good Thing. It sucks that I can't drag hosts.txt onto Notepad, and instead have to File - Open - browse all the way to%windir%/System32/Drivers/Etc
and open Hosts. But better thangoogle.com 66.66.66.66
being injected (where 66.66.66.66 is a Russian Chinese Hacking Hijack site).Visual Studio. Because even though it is the greatest and one true IDE (no sarcasm, literally the best IDE), it has so many house-of-cards foibles that the only way to get it to work reliably is to run as Administrator. Which is OK for an all-powerful dev tool that needs to do crazy shit like modify file systems and attach to random processes.
The downside to VS being run as admin is adding existing files to a project. No drag and drop. Have to use Add -> Existing Item. Blerg.
-
@FrostCat said in Hey kids! Here's a great new feature in Windows 10:
You lie more than @mikeTheLiar
-
@Lorne-Kates FWIW, my goto editor (EmEditor) elevates only on save, meaning I only get a UAC prompt when I try to save something. It does mean I have a UAC prompt when I save anything requiring elevation, but it's a much better UX IMO.
Especially when I open hosts in a non-elevated Notepad instance, make my change, then go needs elevation frack!
-
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
-
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
Congratulations Drax Lubar.
-
@sloosecannon said in Hey kids! Here's a great new feature in Windows 10:
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
Congratulations Drax Lubar.
I am G
root
-
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@sloosecannon said in Hey kids! Here's a great new feature in Windows 10:
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
Congratulations Drax Lubar.
I am G
root
Ooh that's.. uh... kinda clever actually. Well played.
-
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
Not anymore. Hillary shut down her server.
-
@ben_lubar said in Hey kids! Here's a great new feature in Windows 10:
@Lorne-Kates said in Hey kids! Here's a great new feature in Windows 10:
where 66.66.66.66 is a Russian Chinese Hacking Hijack site
New York Roadrunner residential IPs are used by Russian Chinese people?
Given how many residential Internet users don't run AdBlock: Yes. Almost certainty yes it's being used by Russian Chinese hackers.
-
@blakeyrat said in Hey kids! Here's a great new feature in Windows 10:
A web server doesn't need to run elevated. Visual Studio includes IIS Express.
So cute. Some of us have to use proper IIS.
-
@lucas1 said in Hey kids! Here's a great new feature in Windows 10:
Some of us have to use proper IIS.
Because...?
-
@blakeyrat Because the software we are running requires it. A lot of larger CMS systems just don't run properly on IIS Express.
Also I have to have other webservices running that need to be installed locally and running all the time. IIS Express is alright if you have some noddy MVC site that just looks at a local DB.
-
@lucas1 said in Hey kids! Here's a great new feature in Windows 10:
Because the software we are running requires it. A lot of larger CMS systems just don't run properly on IIS Express.
So it's broken.
@lucas1 said in Hey kids! Here's a great new feature in Windows 10:
Also I have to have other webservices running that need to be installed locally and running all the time.
Well if they're running all the time, put them in IIS. Duh?
@lucas1 said in Hey kids! Here's a great new feature in Windows 10:
IIS Express is alright if you have some noddy MVC site that just looks at a local DB.
I don't know what "noddy" means.
-
@blakeyrat said in Hey kids! Here's a great new feature in Windows 10:
I don't know what "noddy" means.
For the purposes of understanding, use “shitty and simple-minded” as a substitute phrase. You'll get the right idea…
-
@dkf seems appropriate for the character too, Noddy and BigEars were pretty shitty and simple minded.
-
@Arantor said in Hey kids! Here's a great new feature in Windows 10:
Noddy and BigEars were pretty shitty and simple minded.
http://www.newsbiscuit.com/wp-content/uploads/2010/09/noddyandbigears.jpg
If Blakey feels that this is all utterly passing him by, he should feel lucky. Some things are best not recalled in depth…