Once when I was a kid I played a Chuck E Cheese game that wasn't working right, it was giving out 50 tickets a play instead of 5. I'd better start packing my bags and buying that ticket to Canada now.:(
In fact, if this was considered malware... perhaps marginally, although it has no serious effects... it isn't a virus because it doesn't replicate itself and spread. The guy who wrote it is obviously a wannabe hacker... you know, the kind who use pre-built tools without a clue how they work. Except this guy couldn't even find tools so he used a game creation system. Lame.
Re:Other important (non)-feature..
on
PSP-Slim Hands On
·
· Score: 0
I don't have a PSP, but I'm fairly sure Sony thought those were locked down pretty well too.
Or are you referring to some specific new anti-homebrew feature?
Hey, that reminds me, you know those guys that take a picture of the wall or whatever behind their monitor then set that as their wallpaper to make it look like you can see through the monitor? We need a monitor that accepts an 8-bit alpha channel and does that in real time or something!:D
I read this fascinating article (probably a/. story) about how anti-computer forensics (the art of manipulating computer records and files and any and all data to hide evidence or forge false evidence) can beat computer forensics every time, because the whole idea of computer forensics is to trust what the computer says as truth. The only problem is, someone with enough knowledge of a computer can easily change any and all data... and leave no evidence of tampering. Date and time stamps can easily be manipulated with free tools or even just by changing the system clock time. Files can be encrypted, or overwritten multiple times with random data to be completely lost. The article writer believed that computer forensic evidence should be deemphasized over the much harder to tamper with physical evidence. I concur with his assessment.
Basically... people who don't know how to do this anti-computer forensic stuff... computer forensics can be a huge evidence gathering tool. But the problem is the people who know how to cover their tracks, or even worse decide to forge evidence to frame someone else. I personally already know how to disable Shadow Volume Copy and Instant Search... the options are just in the Windows GUI somewhere (not sure what Transactional NTFS is, but if I cared enough I could probably figure that out too with a quick Wikipedia trip).
I suppose what I'm trying to say is that this will only change things for the computer users or the computer clueless... not for those who already practice anti-computer forensics, or even just use such techniques to ensure their privacy.
I assume by "wipe out" you mean "use a multi-pass file corrupter and eraser solution" because simply doing a DEL on the file won't keep it from being undeleted.
Now, TrueCrypt is the perfect software for keeping secrets. You can even make a hidden partition that not even TrueCrypt knows exist unless you provide the correct password. Otherwise there is no way for TrueCrypt (or anyone) to see it. Not to mention you have a DIFFERENT password unlock a "dummy" partition where the hidden one resides in, with no evidence that it even exists.
About a page up, someone mentions that the NoScript Firefox extension can block Java applets, which is probably a more convenient choice rather than disabling Java all together.
Or you can append a tag onto your e-mail. IE name@domain becomes name+sometag@domain. Then if it gets sent around as spam you know who did it... plus you can filter it out!
IE problem, but also Firefox problem.
on
Firefox Quickies
·
· Score: 4, Informative
Firefox will warn you if a program tries to use other protocols. It will allow you to suppress the warning, however, which can cause the same problem as IE, but at least you can't say you weren't warned. So from this POV, it is IE's problem moreso than Firefox's, especially when it's considered that the URLs can't do anything from WITHIN Firefox, and that (I haven't checked this, just heard it somewhere) the protocol was requested by MS for some Vista compatibility thing or some such nonsense. Not sure if there's anything to that.
However, on the flip side, anyone who implements a protocol needs to be aware any web page can invoke the protocol at will, without the consent of the user (well, thanks to IE's "standards"). This results in being able to do things like this. This webpage redirects the browser to steam://open/main, which will open the main Steam window. The user never sees the actual url. This could work with the firefoxurl protocol as well. Here are some other things that can be done, some of the uglier ones have confirmation screens I believe, but launching a game or connecting to a server does not. Note the first one which promises that it can redirect command line arguments, just like firefoxurl... however I cannot get that to work (I tried -shutdown and it just focused the main window like my current sample does). Also note the hackish steam://openurl/, which is designed to allow Steam's built-in IE browser to invoke the computer's default browser. Theoretically this could be used to bypass a popup blocker.
Of course it would appear that Steam at least can't run arbitrary programs and is limited to it's own folder in terms of effects (I could force you to join my UBER LAME COUNTER STRIKE SERVER but that's about it).
I think both Microsoft and Mozilla need to take steps to fix this problem. Microsoft needs to improve external protocol handling to at least what Firefox does (Firefox could even secure its own handling more, but that might detract too much from the flexibility. Not that that's stopped anybody before). Mozilla should remove this silly firefoxurl bit. I can't think of any legitimate reason for it (anyone have any clue?).
As for Valve with Steam... steam://openurl/ is a bit much I think. It's expected for users who don't know what MSHTML or ActiveX are to think it's a bug that external windows open in IE, but us devs know that, internally, IE is just spawning a new window for a page. Since when were you browsing the web in IE and click on a link and it popped open in Firefox? I wouldn't want that to happen if I preferred IE! (Yeah... firefoxurl is definitely useless.) I mean, can't Valve say that because Steam uses Internet Explorer internally for the Store, all launched webpages will appear in Internet Explorer and there's no way around it? Eh probably not. The technically inclined probably think everything is great now and wouldn't care if anyone told them Valve used a hackish and possibly unsafe solution.
Although at the least they could use a whitelist for urls to use for openurl... IE steampowered.com and whatever other sites they link to... although considering the number of third party games being added it could be a largish list.:(
Perhaps steam could kick the steam:// thing entirely, but the only alternative I can think of is an Internet Explorer BHO (ick, not worth the trouble IMO), unless they can do something fancy with javascript or java or flash or something.
Here's a bonus for reading all this: You can see what available protocols Windows / Internet Explorer can use (Firefox too, although it has its own extras like about: and data:) by checking HKEY_CLASSES_ROOT in regedit. Search for Values with the exact name of "URL Protocol" and the keys you find (or maybe it's in the default value?) are the protocol names. With a look it can be easy to figure out how
My peeve is that the nVidia drivers can't do full screen command prompts. Well I got it to work once but then the driver hung or something and I had to reboot.
It comes bundled on some PCs--my church PC had it--which automatically degrades it down to the level of slime in my eyes, regardless of whether or not it is a good product. It was quickly uninstalled.
This is starting to get surreal. I'm half-expecting them to come out claiming they hold a patent on ALL music, thus all production of music by non-RIAA approved people must cease immediately.
Also JavaScript cannot retrieve information from remote sites (using AJAX) EXCEPT the server that served the script itself. This prevents lots of ugly cross-site scripting problems, but there is still nothing to prevent iframes and forms from going to any website with any data. Even reading back data might not be too much of a problem with iframes (iframe object has a contentDocument method).
The floating box has sliders on it which you can pull to adjust the number of comments that are hidden, closed, and fully displayed. If I pull the top slider/tab up, I will move my fully displayed comments threshold up by +1. The bottom controls the closed comments threshold.
It's called backwards compatibility. When you have something that is better (at least you say/think it is), you emulate the functionality of the existing, older standards.
Tablet PCs have done this... forever. The mouse cursor moves to and clicks wherever the user touched. The browser will probably do something like this, and as for handling multitouch... use it for zooming or whatever, but for normal cursor operations, ignore it! Problem solved.
With onmouseover/out stuff, they would be triggered immediately before the click event. Of course, this is just the obvious, simple solution to the problem, although it ideally would display a cursor to explain otherwise curious looking mouseover highlights caused by an invisible cursor... and using a cursor seems to go against the UI design if I read the summary correctly.
I'm sure there are other, more creative ones, and even in my solution there are several variants which allow for normal mouse usage (but which make it far more complex to be worth sharing). But this one at least isn't likely to cause compatibility problems, imo.
Slashdot Mirror
Once when I was a kid I played a Chuck E Cheese game that wasn't working right, it was giving out 50 tickets a play instead of 5. I'd better start packing my bags and buying that ticket to Canada now. :(
Then don't license it...
From the articles linked, it appears to be nothing more than a GameMaker "game" which adds registry entries which cause shutdown.exe and logoff.exe to be called when you log in.
In fact, if this was considered malware... perhaps marginally, although it has no serious effects... it isn't a virus because it doesn't replicate itself and spread. The guy who wrote it is obviously a wannabe hacker... you know, the kind who use pre-built tools without a clue how they work. Except this guy couldn't even find tools so he used a game creation system. Lame.
I don't have a PSP, but I'm fairly sure Sony thought those were locked down pretty well too.
Or are you referring to some specific new anti-homebrew feature?
Hey, that reminds me, you know those guys that take a picture of the wall or whatever behind their monitor then set that as their wallpaper to make it look like you can see through the monitor? We need a monitor that accepts an 8-bit alpha channel and does that in real time or something! :D
Good to see you read the title. You should go back and read the summary. What you describe as taking you a while is the EASY part.
I read this fascinating article (probably a /. story) about how anti-computer forensics (the art of manipulating computer records and files and any and all data to hide evidence or forge false evidence) can beat computer forensics every time, because the whole idea of computer forensics is to trust what the computer says as truth. The only problem is, someone with enough knowledge of a computer can easily change any and all data... and leave no evidence of tampering. Date and time stamps can easily be manipulated with free tools or even just by changing the system clock time. Files can be encrypted, or overwritten multiple times with random data to be completely lost. The article writer believed that computer forensic evidence should be deemphasized over the much harder to tamper with physical evidence. I concur with his assessment.
Basically... people who don't know how to do this anti-computer forensic stuff... computer forensics can be a huge evidence gathering tool. But the problem is the people who know how to cover their tracks, or even worse decide to forge evidence to frame someone else. I personally already know how to disable Shadow Volume Copy and Instant Search... the options are just in the Windows GUI somewhere (not sure what Transactional NTFS is, but if I cared enough I could probably figure that out too with a quick Wikipedia trip).
I suppose what I'm trying to say is that this will only change things for the computer users or the computer clueless... not for those who already practice anti-computer forensics, or even just use such techniques to ensure their privacy.
I assume by "wipe out" you mean "use a multi-pass file corrupter and eraser solution" because simply doing a DEL on the file won't keep it from being undeleted.
Now, TrueCrypt is the perfect software for keeping secrets. You can even make a hidden partition that not even TrueCrypt knows exist unless you provide the correct password. Otherwise there is no way for TrueCrypt (or anyone) to see it. Not to mention you have a DIFFERENT password unlock a "dummy" partition where the hidden one resides in, with no evidence that it even exists.
I don't know Java, but it looks like .next() returns an object, which can't be implicitly cast to an ImageReader.
About a page up, someone mentions that the NoScript Firefox extension can block Java applets, which is probably a more convenient choice rather than disabling Java all together.
Another point for Firefox! Against IE at least.
Or you can append a tag onto your e-mail. IE name@domain becomes name+sometag@domain. Then if it gets sent around as spam you know who did it... plus you can filter it out!
Firefox will warn you if a program tries to use other protocols. It will allow you to suppress the warning, however, which can cause the same problem as IE, but at least you can't say you weren't warned. So from this POV, it is IE's problem moreso than Firefox's, especially when it's considered that the URLs can't do anything from WITHIN Firefox, and that (I haven't checked this, just heard it somewhere) the protocol was requested by MS for some Vista compatibility thing or some such nonsense. Not sure if there's anything to that.
However, on the flip side, anyone who implements a protocol needs to be aware any web page can invoke the protocol at will, without the consent of the user (well, thanks to IE's "standards"). This results in being able to do things like this. This webpage redirects the browser to steam://open/main, which will open the main Steam window. The user never sees the actual url. This could work with the firefoxurl protocol as well. Here are some other things that can be done, some of the uglier ones have confirmation screens I believe, but launching a game or connecting to a server does not. Note the first one which promises that it can redirect command line arguments, just like firefoxurl... however I cannot get that to work (I tried -shutdown and it just focused the main window like my current sample does). Also note the hackish steam://openurl/, which is designed to allow Steam's built-in IE browser to invoke the computer's default browser. Theoretically this could be used to bypass a popup blocker.
Of course it would appear that Steam at least can't run arbitrary programs and is limited to it's own folder in terms of effects (I could force you to join my UBER LAME COUNTER STRIKE SERVER but that's about it).
I think both Microsoft and Mozilla need to take steps to fix this problem. Microsoft needs to improve external protocol handling to at least what Firefox does (Firefox could even secure its own handling more, but that might detract too much from the flexibility. Not that that's stopped anybody before). Mozilla should remove this silly firefoxurl bit. I can't think of any legitimate reason for it (anyone have any clue?).
As for Valve with Steam... steam://openurl/ is a bit much I think. It's expected for users who don't know what MSHTML or ActiveX are to think it's a bug that external windows open in IE, but us devs know that, internally, IE is just spawning a new window for a page. Since when were you browsing the web in IE and click on a link and it popped open in Firefox? I wouldn't want that to happen if I preferred IE! (Yeah... firefoxurl is definitely useless.) I mean, can't Valve say that because Steam uses Internet Explorer internally for the Store, all launched webpages will appear in Internet Explorer and there's no way around it? Eh probably not. The technically inclined probably think everything is great now and wouldn't care if anyone told them Valve used a hackish and possibly unsafe solution.
Although at the least they could use a whitelist for urls to use for openurl... IE steampowered.com and whatever other sites they link to... although considering the number of third party games being added it could be a largish list. :(
Perhaps steam could kick the steam:// thing entirely, but the only alternative I can think of is an Internet Explorer BHO (ick, not worth the trouble IMO), unless they can do something fancy with javascript or java or flash or something.
Here's a bonus for reading all this: You can see what available protocols Windows / Internet Explorer can use (Firefox too, although it has its own extras like about: and data:) by checking HKEY_CLASSES_ROOT in regedit. Search for Values with the exact name of "URL Protocol" and the keys you find (or maybe it's in the default value?) are the protocol names. With a look it can be easy to figure out how
Except that I've found it usually complains about essential Windows services or programs I use all the time and can't live without. Not very helpful.
Er, in Vista that is, their XP drivers work fine for me.
My peeve is that the nVidia drivers can't do full screen command prompts. Well I got it to work once but then the driver hung or something and I had to reboot.
It comes bundled on some PCs--my church PC had it--which automatically degrades it down to the level of slime in my eyes, regardless of whether or not it is a good product. It was quickly uninstalled.
Read the title of this page CAREFULLY. He's the FINAL BOSS of the WHOLE GAME.
This is starting to get surreal. I'm half-expecting them to come out claiming they hold a patent on ALL music, thus all production of music by non-RIAA approved people must cease immediately.
Are you SURE they'll want to keep him in the jail? The other inmates might complain about a corpse.
I can see it now:
Also JavaScript cannot retrieve information from remote sites (using AJAX) EXCEPT the server that served the script itself. This prevents lots of ugly cross-site scripting problems, but there is still nothing to prevent iframes and forms from going to any website with any data. Even reading back data might not be too much of a problem with iframes (iframe object has a contentDocument method).
GET isn't the problem. It's not requiring authentication for delete actions!
http://worsethanfailure.com/Articles/The_Spider_of _Doom.aspx
Maybe this is in preparation for Linux-based GoogleOS? We can only hope.
The floating box has sliders on it which you can pull to adjust the number of comments that are hidden, closed, and fully displayed. If I pull the top slider/tab up, I will move my fully displayed comments threshold up by +1. The bottom controls the closed comments threshold.
It's called backwards compatibility. When you have something that is better (at least you say/think it is), you emulate the functionality of the existing, older standards.
Tablet PCs have done this... forever. The mouse cursor moves to and clicks wherever the user touched. The browser will probably do something like this, and as for handling multitouch... use it for zooming or whatever, but for normal cursor operations, ignore it! Problem solved.
With onmouseover/out stuff, they would be triggered immediately before the click event. Of course, this is just the obvious, simple solution to the problem, although it ideally would display a cursor to explain otherwise curious looking mouseover highlights caused by an invisible cursor... and using a cursor seems to go against the UI design if I read the summary correctly.
I'm sure there are other, more creative ones, and even in my solution there are several variants which allow for normal mouse usage (but which make it far more complex to be worth sharing). But this one at least isn't likely to cause compatibility problems, imo.