Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »

Stephan Sokolow › Comments

Stephan Sokolow
Re: EU Commissioner Wants to Abolish Netflix-Style Geoblocking - https://torrentfreak.com/eu-comm...
"Yeah, fair pricing never seems to happen. Seriously, though. I've never said I'll pay for this stuff at a fair price because I've been boycotting the MPAA for roughly a decade now. However, for things I'm not boycotting, I do pay fair prices to actually own what I'm buying. I wouldn't use Steam if you paid me, but I own roughly 1600 games spread across GOG.com, Humble Store, Desura, ShinyLoot, and DotEmu, plus 22 indie films on GOG.com, and roughly 1300 print books lining the walls of my room. (And all this in spite of the fact that 99% of my entertainment these days comes from either YouTube, Blip.tv, or reading fanfiction.)" - Stephan Sokolow
Stephan Sokolow
Re: Steam Censors Kickass.to Mentions in Chat Client - https://torrentfreak.com/steam-c...
"Glad I could help. Also, about the same time you said that, I'd just run across something to keep in mind if you DO want a USB adapter for genuine Genesis or Atari 2600 controllers. eBay has dual-port Genesis and Atari 2600 adapters for about $20 each, but this thing is what I'd get: http://www.retronicdesign.com/... It's $30 and single-port, but it's open hardware (public-domain schematics, GPL2 firmware) and they offer firmware downloads that let you reflash it to support any of 24 different kinds of DE9-connected retro devices (22 joysticks plus Amiga and Atari ST mice/trackballs)." - Stephan Sokolow
Stephan Sokolow
Re: Pirate Bay Caught Up In a Hosting Whac-A-Mole - https://torrentfreak.com/pirate-...
"The first time you open a directory, it generates thumbnails of the images and stores them in Thumbs.db. From then on, it loads them from Thumbs.db to save time." - Stephan Sokolow
Stephan Sokolow
Re: Pirate Bay Caught Up In a Hosting Whac-A-Mole - https://torrentfreak.com/pirate-...
"Reading the header to determine a file's type means that you're determining its type using the same part that a program uses to load it. If you muck up the header, the file just won't load... so a header-based exploit is just an ordinary "exploit a weakness in the application" attack, not something special. (eg. The holes they keep finding and patching away in Adobe Reader, Flash, and the Java plugin)" - Stephan Sokolow
Stephan Sokolow
Re: Steam Censors Kickass.to Mentions in Chat Client - https://torrentfreak.com/steam-c...
"If you want the moral high ground, it's possible to buy the DRM-free Sega Genesis Classics packs from DotEmu and then use a 3rd-party tool to convert the ROMs embedded in their custom emulator to standard formats. http://pcgamingwiki.com/wiki/S... As for controllers, check eBay. (Filter for "Buy it Now" and sort by lowest cost+shipping) You can get USB-attached replica NES or SNES controllers, SNES-to-USB adapters, and pairs of replica SNES controllers for for $5-7 each. http://tinyurl.com/ebay-nesusb http://tinyurl.com/ebay-snesus... USB-attached replica N64 controllers are available for about $11 http://tinyurl.com/n64-nintend... Sadly, Genesis controller adapters are over $20 and replica genesis controllers are unsatisfyingly dinky little things. http://tinyurl.com/sega-genesi... Adapters for real Gamecube and N64 controllers ARE available for about $15 but be aware that, if use use the OS's USB HID drivers rather than installing the crappy 32-bit chinese drivers, only one of the..." - Stephan Sokolow
Stephan Sokolow
Re: Pirate Bay Caught Up In a Hosting Whac-A-Mole - https://torrentfreak.com/pirate-...
"It's a crappy hack to work around the "rename a file and accidentally render it up-openable" effect of relying of filename extensions rather than a resource fork (MacOS) or header detection (Linux, sometimes) to determine which application should open the file." - Stephan Sokolow
Stephan Sokolow
ssokolow on License stats for crates on crates.io - http://www.reddit.com/r...
"No, people use MIT/Apache-2.0 because: 1. Requiring all code to be under Apache 2.0 means that all contributors have to grant a license to any patents they hold which might cover the code they're contributing. 2. People who are using an Apache-incompatible license like "GPL 2 only" (as opposed to "GPL 2 or later") can still use it under the terms of the MIT license... they just don't get patent protection beyond "the Apache license probably scared away any contributors with malicious intent"." - Stephan Sokolow
Stephan Sokolow
Re: Steam Censors Kickass.to Mentions in Chat Client - https://torrentfreak.com/steam-c...
"For classic games remastered for modern OSes, here's my list of DRM-free site recommendations, sorted by how useful they are: 1. GOG.com (The #1 source of classic games, guaranteed to work on systems listed as supported or your money back within 30 days.They also rival Steam for how often they have sales and how high the discount percentage can rise.) 2. DotEmu (Most of their catalog is stuff GOG does a better job of offering, but they do seem to have an exclusive on DRM-free versions of the IREM Arcade Classics and Sega Genesis Classics bundles... as well as un-bundled individual titles from them and special genre/theme-oriented rebundles.) 3. Humble Bundles (Mostly indie or Steam-only titles, but you want to watch them because they sometimes include DRM-free retro games in the bundles... like when I picked up a pack of all the classic X-Com games. Plus, they have sliders so you can choose to direct $0 to the games with only Steam keys.) 4. ShinyLoot (Indie store with a rule that at..." - Stephan Sokolow
Stephan Sokolow
Re: “Canada Remains A Safe Haven For Online Piracy” - https://torrentfreak.com/canada-...
"Sadly, back in the early 2000s, the Progressive Conservative Party and the Reform Party merged, with the Reform party taking dominance of the new combined "Conservative Party of Canada" and producing a party which was basically "Republican North". Because the right-wing vote was no longer split but the left-wing vote is still split between the Liberal Party (left-wing lite) and the New Democratic Party (further left), they've been winning elections ever since... and they've currently got a majority government with less than 1/3rd of the popular vote, no thanks to our First Past the Post voting system. Now for the kicker: Prime Minister Steven Harper said back in 2006 that, when he was done with the country, we wouldn't recognize it... something that has been coming to pass ever since. (At the moment, they're trying to push through a bill which would basically give our equivalent to the NSA carte blanche to spy on citizens in response to the revelations that they're already doing it..." - Stephan Sokolow
Stephan Sokolow
ssokolow on My first Rust program, how did I do? - http://www.reddit.com/r...
"Read up on bitwise operations. Use bitwise OR to set bits Use bitwise AND to mask bits so you can test things Use complement to invert a mask For example, in Python you'd do something like this. FLAG_A = 1 FLAG_B = 1 << 1 # 2 FLAG_C = 1 << 2 # 4 FLAG_D = 1 << 3 # 8 FLAG_E = 1 << 4 # 16 flags = 0 # flags is now set to 0000 0000 flags |= FLAG_E # bitwise OR equivalent to "flags = flags | FLAG_E" # flags is now set to 0001 0000 flags |= FLAG_C # flags is now set to 0001 0100 if flags & FLAG_C: print("FLAG_C is set. Unsetting it.") flags &= ~FLAG_C # Using bitwise AND with the complement of a flag forces it to zero while # leaving all of the other flags untouched. You can also produce combined flags using something like this SHOULD_SHAKE_HANDS = FLAG_HAPPY | FLAG_KNOWS_IT for character in characters: if character & SHOULD_SHAKE_HANDS: pass # TODO" - Stephan Sokolow
Stephan Sokolow
ssokolow on I made too many Rust-lang stickers and will send you one for free :) - http://www.reddit.com/r...
"Your form is confusing. It says " United States/North America only please" rather than "Continental United States", which suggests you're willing to ship to both U.S. overseas territories and non-U.S. parts of North America like Canada, but then it insists that the Zipcode field be both present and purely numeric. (Canada uses British-style `A1B 2C3`-style postal codes)" - Stephan Sokolow
Stephan Sokolow
ssokolow on modern web browsers are the emacs of this decade - http://www.reddit.com/r...
"At the moment, they're focusing on PDF and Flash since those are the biggest obstacles the average person would complain about if they switch their internal plugin whitelisting mechanism to "ask by default" too early. However, replicating the "offer the plugin as a fallback when encountering known problematic opcodes" approach [PDF.js](https://en.wikipedia.org/wiki...) and [Shumway](https://wiki.mozilla.org/Shumway) take could quickly bring something like [Doppio](http://badassjs.com/post...) to prominence once they shift their focus." - Stephan Sokolow
Stephan Sokolow
ssokolow on modern web browsers are the emacs of this decade - http://www.reddit.com/r...
"They're working on it. Most notably, by working to phase out plugin APIs altogether. (For example, Firefox and Chrome both now come with their own JS+SVG-based PDF renderers and both are working on solutions to retire Flash in the long run, resulting in only one JavaScript engine that needs to be secured.)" - Stephan Sokolow
Stephan Sokolow
ssokolow on modern web browsers are the emacs of this decade - http://www.reddit.com/r...
"Firefox and Chromium include a lot of things that Midori depends on as external packages. How many lines of code is Midori + GTK + GTKWebKit + LibXML2 + SQLite3 + libsoup? (I suspect just adding GTKWebKit alone will put you into the same ballpark. A modern browser engine is not a trivial thing.)" - Stephan Sokolow
Stephan Sokolow
ssokolow on modern web browsers are the emacs of this decade - http://www.reddit.com/r...
"Firefox is working on it... they just have a massive boat-anchor around their necks called "if we break extension compatibility in the process, everyone will leave for Chrome"." - Stephan Sokolow
Stephan Sokolow
ssokolow on modern web browsers are the emacs of this decade - http://www.reddit.com/r...
"To be fair, that's not entirely true. I was introduced to vim and emacs in university and I still use vim because, even with the plugins I need, it's lighter, less cluttered, and/or more stable than any of the alternatives I've tried." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"And yet, as we've detailed on the GOG forums for their benefit, there are various ways that are as simple or simpler to implement and do a better job of handling stupid people. (For example, using a custom extension and file header so it doesn't even get reconized as RAR, just like the old InnoSetup installer BIN files. That's a matter of editing a single string constant in their source they use to build their custom `unrar.dll` and using one line of Python (which I provided) or equivalent to apply the change after compressing.) Simpler, smaller downloads since there's no encryption overhead, and faster compression and decompression." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"To be fair, they were only applying this to really big, fairly new games and those tend to be the ones that tend to cost from $15 to $60 at regular price." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"The GOG installer is digitally signed. The password was an embarassingly ignorant attempt to reinvent the "EXE validates the BIN files" stage without having to re-read and re-hash each 4GB BIN file after just appending a few kilobytes of changed data." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"Something to do with ancient MPEG-1 video files. By the time I got broadband, that stuff had already fallen out of favor so I don't know the details." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"Whoever came up with it thought that malware bundlers would be stymied by having the password generated using an algorithm stored as compiled machine code inside a custom `unrar.dll`." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"The GOG installers are digitally signed as coming from GOG so Windows won't yell "Untrusted!". As I understood what Gowor was saying in the original thread, the RAR passwords were an "I'm not as smart as I think I am" attempt to reinvent the process of the EXE file verifying the authenticity of the BIN files so the "This comes from GOG!" message in the Windows properties dialog couldn't be deceptive." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"So you can use the data files with something like ScummVM without having to go through the entire install process just to copy them out and uninstall again. (For example, if you want to play the game on your Android phone or your Linux box or on Windows with an enhanced engine rewrite like EDuke32 that GOG doesn't bundle.)" - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"Apparently the RAR password part was an "I'm not as smart as I think I am" attempt to ensure that the RARs bundled with a GOG installer EXE were authentic." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"As I understand it, whoever thought this was a good idea was using the "secret password calculated by MD5ing the GOG game ID" **as** the ".exe *should* then verify the .bin files" step because it didn't require storing hashes within the EXE file itself which need to be completely recalculated every time your "code, compile, test, revise" loop changes one tiny thing. Hence my suggestion over on the GOG forums to store a digitally-signed manifest of expected contents (full of per-file hashes) inside the RAR which can easily be changed." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"They switched to RARs because a "code, compile, test, revise" process for debugging the installer scripts is slow and awkward if you have to rebuild multiple DVDs worth of installer after the tiniest change and pure InnoSetup forces that. Storing a hash inside the installer puts you back to square one because you have to re-read and re-hash the giant BIN files after small changes that could just be append-based during the development process. The proper solution is to use a digitally signed manifest of expected contents stored in the RAR (it can be changed along with the RAR but is verified by a key stored in the signed EXE) but that takes more work. I'm guessing that whoever designed this didn't know much about crypto and thought they'd found a free lunch." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"The GOG installer is digitally signed so Windows won't yell "Untrusted!" but the RARs aren't. If they don't come up with a protection measure (one that actually works, like the old non-RAR one did), then you can inject malware into a RAR-based GOG installer and Windows will still say "This came from GOG!" (They switched to RARs because a "code, compile, test, revise" process for debugging the installer scripts is slow and awkward if you have to rebuild multiple DVDs worth of installer after the tiniest change and pure InnoSetup forces that.)" - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"The GOG installer is digitally signed so Windows won't yell "Untrusted!" but the RARs aren't. If they don't come up with a protection measure (one that actually works, like the old non-RAR one did), then you can inject malware into a RAR-based GOG installer and Windows will still say "This came from GOG!" (They switched to RARs because a "code, compile, test, revise" process for debugging the installer scripts is slow and awkward if you have to rebuild multiple DVDs worth of installer after the tiniest change and pure InnoSetup forces that.)" - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"I suspect I might be one of those "Two whiny GOG users" so let me just say that I raised a stink as soon as I became aware of it. Only about 30 games out of the entire GOG catalog got this treatment so far and I hadn't tried any of them yet. As for the part about the "actual power users", they learned how to generate the passwords by poking around inside the `unrar.dll`. I wasn't aware that to be an "actual" power user, you had to understand assembly language and debuggers well enough to write a keygen for a warez group." - Stephan Sokolow
Stephan Sokolow
ssokolow on GOG plan to change TOS forbidding reverse engineering and disassembling even to their own tools and services - http://www.reddit.com/r...
"They've responded. It's good news. https://www.reddit.com/r..." - Stephan Sokolow
Other ways to read this feed:Feed readerFacebook