Posts made by Matches
-
RE: Hey kids! Here's a great new feature in Windows 10
@cartman82 that's happening because you're trying to bind to all domains on that port. Limit it to localhost and that works just fine without elevating permissions.
Later comments indicate you know this, so here's follow up.
You can open the admin prompt and net add the user to be allowed to bind to that port, and it stays forever until removed. There local host bind is explicitly a security setting so apps can't arbitrarily make content from non elevated accounts available on the web for general consumption. Your use case is non standard (bit one i use a lot) because most web services are intended to be used with a provider, iis, Apache, whatever. Most localhost stuff that you're showing tends to be a privilege escalation abuse program.
I work a lot with api, and do a lot so i don't have to install a bunch of shit on friends computers. Just drop an exe and go, but include oauth support.
-
RE: WTF Bites
@cartman82 I think that google trend can be better explained by
- There was no product called 'Docker'
- There was a product called 'Docker' and it's had some mentions by big names including google/microsoft in terms of support.
-
RE: Firewatch: I love narrative games, but this one is annoying as shit [CAUTION: Spoilers]
@blakeyrat I think it's just the typical teenager review. I'm actually amazed he responded after his original post.
-
RE: Firewatch: I love narrative games, but this one is annoying as shit [CAUTION: Spoilers]
@fuckimangry boy did you wander into the wrong side of the internet. Next time just leave a steam comment.
-
RE: Why is polygamy illegal?
@anonymous234 something something fraudulent marriage, something something.
But i sympathize, i actually had to drop out of college because my dad had a house fire, and maxed his credit cards with repair bills, and two years of student loans maxed what i was eligible for without parent cosign.
What's really fucked are fafsa rules about who is a minor.
-
RE: Arbitrary code execution: Package Manager edition
@error it's only an order of magnitude more difficult if both scenarios apply, and in 99%of cases, it won't.
- The user sees the image, and understands what it's for, and knows what the expected image is
- The user actually bothers to validate the image
-
RE: Arbitrary code execution: Package Manager edition
Full circle, how the fuck is the end user supposed to know what is and isn't right for the picture, when you're talking about people who don't notice a typo?
Images can also be spoofed, so you can create near identical ones if you're not being assigned an image from the package manager itself. Unless the image is true random, it would also be vulnerable to targeted attacks that generates similar images, which is exactly the same attack a typo package uses. You just raise the difficultly one notch.
Or tl;dr
When distributing software in a generic way, you can't protect those who don't give a shit.
-
RE: Arbitrary code execution: Package Manager edition
@ben_lubar The concept is that the intended use isn't happening, and a malicious one is occurring instead. If you went to 'bankoamerica' and it offered a desktop app / mobile app you could install, and you blindly installed it - it absolutely could run arbitrary code on your machine for as long as you have it installed for.
When you run a package manager, you are doing the equivalent of going to the hosts site, downloading an exe / msi (or w/e your poison is for packaged content) - you are trusting it to download JUST relevant files, and install ONLY safe content.
You, the end user, are explicitly saying 'Hey, give me this thing, I want it' - and the computer obliges, because it assumes you are not randomly requesting shit.
This is a problem between the keyboard and the chair in most cases, where digital signing can help - the publisher can tell you what the signature should be, and you should verify the signature before installing - but fuck that noise right? That's a hassle. I'll just take my chances by not having typos. By extension, if you ever copy the command from a tutorial site and run it without though you're trusting THAT person to not have typos, and only refer to safe packages.
-
RE: Arbitrary code execution: Package Manager edition
This really isn't a vulnerability so much as a generalized phishing attack, which you also commonly see with big business/banks. IE: bank of america might have a phishing site like 'bankoamerica' or any variant. It gets put up on the web and randoms go there, maybe enter un/pw that attackers can now go to the real BOA and log in.
The small difference is that sites tend to get reported, and taken down with varying degrees of speed. Package managers really don't have any cleanup because there's really no authoritative manager to enforce rules / go after people in the courts.
tl;dr;
This exists everywhere, in every industry where people are relying on user input to get the right end product.
-
RE: debugging a crash in someone else's code
@ben_lubar can you not just add an unhandled exception handler so that fatal application errors can go to the handler where you've conveniently added writing the error stack trace to disk, which includes a line number and file of the offending code?
It's like 8 lines of code.
-
RE: In other news, the Florida Panthers allegedly copied an artist's work for their summer promo
@Polygeekery I was giving credit for the arms and part of the legs/shorts.
-
RE: In other news, the Florida Panthers allegedly copied an artist's work for their summer promo
@lucas1 It's black in the same way that anime characters are asian instead of white.
-
RE: In other news, the Florida Panthers allegedly copied an artist's work for their summer promo
@xaade Agreed - but how the comments read I suspect this is more of a 'everybody dicked around and didn't have any real paperwork or agreement in place for work done' and as usual the content creator gets dicked. But that's also what happens when you create fan art (which this essentially is, since it was put on deviant art according to twitter)
-
RE: In other news, the Florida Panthers allegedly copied an artist's work for their summer promo
@JazzyJosh Stole seems a bit... overreaching. There is significant changes between the original and the promo, the only similarity is the head/hands. The shirt changed, shoes, stick, helmet, pose, etc.
Overall I'd say 20-30% of the image is similar, which imo falls under fair use because they would have had to extrapolate the character.
That being said, who owns what is messy, but their promo probably falls under fair use.
It's also why you don't give quality work to companies before they've paid for the draft. Use escrow, watermarks, low quality, etc. so they can see before they buy.
-
RE: Guess that topic owner!
re @cartman82
What's your excuse for this? Plenty of screen real estate here
-
RE: Guess that topic owner!
@anonymous234 Any phone that supports air gestures can probably do it. AFAIK that's available on any android if you use a compatible app.
-
RE: Guess that topic owner!
@cartman82 that's just it though, there is plenty of space above or under the avatar, next to the title, and in the lower right corner.
-
Guess that topic owner!
So, without knowing people's avatars, how do i know who made the topic? Yes, it matters, i purposely avoid some of you.
-
RE: laptop choice for developers
Or go with the one with shitty battery, and buy a $30 battery that isn't shit.
-
RE: .net Schedulers
@boomzilla no idea, would have to hunt it down once i got to work, probably reasonably safe guess would be a version from at least a few years ago
-
RE: .net Schedulers
@Weng we use an aws 8xlarge ec2 for SQL server (writes for scanning loops, website, forums, etc), and execution takes about 50ms of cpu time. Negligible as a general impact, but still, it's a fucking polling scheduler. That is ultra micro making a number impact.
-
RE: .net Schedulers
@Weng talking about 15000+ polls within 3s
Granted at least part of that is a lot of jobs, but when you're comparing a couple hundred or so jobs the schedule should have at least some minimal knowledge of what it's polling is doing, or an option on how to consolidate/cache polling. There's really no reason for a quartz job that has a timer of a day to poll every second a dozen times.
Most of our jobs are hour/day level, but the polling is constant for all jobs, instead of a single job that polls fast to trigger the jobs that are ready.
In my head it makes more sense to say
- 1 running poll thread
- Job ready
- Delegate execution call to execute job
- Job sleeps when done
You don't need 500 threads polling to see if the job is ready after 1s if the job is scheduled to sleep for a day. Just tie your update method to trigger the job if the schedule changes, but even that should be picked up by the single poll thread.
-
RE: .net Schedulers
@blakeyrat Quartz is shit for anything even remotely advanced. We're trying to purge it from our codebase for all new development, we have top entries on our db for tens of thousands of quartz polls since it doesn't do any type of batching, and has no concept of sleep timers / events.
-
RE: Nintendo Entertainment System?
I like this one :
Retro-Bit Retro Duo Twin Video Game System NES and SNES V3.0 - Black/Red https://www.amazon.com/dp/B0012NZK8G/ref=cm_sw_r_other_awd_38cixb80PSHPS
If you want on the cheap go with an emulator+controller. A lot of the new systems have ports of older games, but often they are just bad selections across various platforms.
-
RE: HDMI fun with the PS4
I've found this little guy extremely handy. Handles HDCP flawlessly.
-
RE: Joking about ISIS can get expensive
@Lorne-Kates said in Joking about ISIS can get expensive:
@Lorne-Kates Wait nevermind, that piece of shit got purchased by Google, and shut down.
And then folded into Google Wallet.
Which is also being shut down.
Google wallet is shutting down? What happens to funds in wallet? (I got a gift card for google wallet when I purchased my previous phone, $50, which I've only used like $12 of in the last couple years...)
Also, how would the android app store (google play) take payments?
-
RE: Cross platform desktop app
@cartman82 I suspect the clean way to do this:
Mono the backend processes - expose everything as a dll to a OS specific front end. (Primary OS, windows/mac/linux - don't try to target specific distro)
Or you could just make the mono backend an http listener, and make an html front end... because when you're talking about comparability in UI layer between all the various systems, html is basically the only thing mostly similar.
Otherwise you're stuck with QT, and have fun with that.
Electron is great for windows, but on linux it gets iffy on the advanced stuff.
-
RE: SysAdmins are not flawless... a.k.a. my biggest screw-up ever
@YellowOnline And the fact that powershell supports actual c# scripts...
-
RE: SysAdmins are not flawless... a.k.a. my biggest screw-up ever
@YellowOnline Protip:
try { throw new Exception(@"Test!"); ...Normal code } catch(Exception ex) { .... }
Throw instead of comment out if you want to test your catch blocks.
-
RE: The state of Ubuntu on Windows
@bp_ would you mind linking to how to install, or give some quick pointers? I installed a redstone iso on fast build to virtualbox and couldn't find the ubuntuness.
-
RE: Surrogate vs natural primary keys
I'll throw my two cents in, because my day to day job involves managing billions of new rows daily over ~30 tables, one being a primary insert only table.
An identity field (int/bigint, serial/auto increment) should be used when the data may be altered in row, but you need to keep a reference to the row in another table. So in the case of a user table having a serial fields let's you maintain a user fact table which says between date a and b (or on date) user changed name from Jim to Bob. The row impacted is user table, id 5867.
Why is this important? It depends. If you don't care what a user is called it doesn't matter. The serial field is actually garbage, and is actually worse for the table because it fucks your clustering. This can be mostly mitigated with a unique index, but it will never perform as well. Depending on the size of your table, it might not matter. (A few million rows with a good unique index means basically instant access.)
If on the other hand you have a group that monitors user orders, audits purchase history and address changes, they may want to review the meta data for a specific user to look for fraud. Knowing when a name changed and being able to associate it to a single person in a coherent unbroken chain an id field will allow you to query for a user easily, instead of tracking each name a user has had in your system.
An auto increment id is the throw away solution to tracking things across the database and simplifying foreign keys, but if you don't use it for that purpose it's a dead field. It will allow you to build out the system later (probably), so unless you have a specific reason not to use them, you should.
Reasons to not use them:
- Your data is massive. Specifically, your data rows approach or exceed INT.MAXVALUE
-- and you need to frequently query the raw, unaggregated data, potentially in multiple looks, for (raisins)
tl;dr;
Id fields are for system creators to create easy access to data, but when your primary use is reads, and the data is enormous identity fields are no longer the correct method, and you should use a derived key instead.
- Your data is massive. Specifically, your data rows approach or exceed INT.MAXVALUE
-
RE: Livestreaming
@RaceProUK yeah, but what's stopping you from registering as a us account? It's not like they ask for a ssn. The calling is for us only unless you buy minutes, but if you're just using it as a throw away for YouTube...
-
RE: Livestreaming
@Lorne-Kates Google voice just comes with a number I think? I don't know that you actually have to be from the usa, if you make a throw away Google account registered to usa?
Shrug, idk. You can always try the creative section of twitch and see what happens, assuming sfw content. Twitch has been experimenting with new stuff on the creative tag, where you say you're playing creative, and use #tags in your title for what you're doing.
Just be willing to accept shutdown if you go that route.
-
RE: Livestreaming
@Lorne-Kates try ustream.tv?
Going to admit I've never looked into them, but... Maybe?
But I don't know if it's free to broadcast, or just a trial...
After looking at it... You're really better off using YouTube. Can you register with a Google voice free number?
-
RE: Livestreaming
@Lorne-Kates twitch is only for video games and creative works right now (ie: drawing, music), everything else is YouTube.
-
RE: Windows Subsystem for Linux... Not an April Fools Day joke, even.
@loopback0 I've been trying to find and install it since it was announced. No dice yet, but this would fit a use case I've been trying to solve for the past couple years perfectly. Let me know if you find out how to install it, even through Windows store!
I tried downloading a redstone iso and virtualbox it, but didn't see it there.
-
RE: Why can't I rename a folder?
@Yamikuronue you can also open in administrator mode, which often resolves lock issues. It even works for file explorer to let you drag folders into visual studio =D
Often with web stuff a browser tab is open that accesses an image or file, or a notepad is open.
Your error also says fully qualified error, so try using a quoted fully qualified path. It might not understand you have a local folder old, because you're using a backslash instead of forward slash.