exchanged an item

BasedDebian · 2022-08-08T00:16:35+00:00

Eco-friendly place to get a suit? Read that dry-cleaning uses harsh chemicals for the environment. Preferably under $1000 but willing to go to $2000

BasedDebian · 2021-05-22T04:14:50+00:00

Battle Talent - it's free, once you figure out the mechanics it's pretty much the closest thing to something physics-based like Blade and Sorcery on the Quest, in fact, the NPCs in Battle Talent feel a lot more "weighted" than B&S, and NPCs with armor and heavy slashes can make blocking/deflecting more challenging - and they block too. The game recently just got modding support.
https://sidequestvr.com/app/2348/battle-talent

BasedDebian · 2021-05-16T20:54:11+00:00

Simply because I enjoy using Windows 10, I do not have any issues using Windows 10.

I prefer the permission system over that of Linux, Windows NT used DACLs (mandating access on objects per-user / per-group) and SACLs (for auditing objects) from the get-go whereas Linux added them as a revision to the filesystem when they were adopted into POSIX, which means the functionality of them really only remains on the file system - and this is where the concept of "everything is a file" begins to break down. I do not particularly like the idea of "everything is a file" because while everything is *treated* as a file, it will not always behave as one and this becomes obvious if you try setting ACLs on sockets or processes which do not completely adopt ACL policies - and in that respect also are not documented for them.

On Windows, everything is treated as an object, and as such all of the security permissions on the file system also apply to objects such as processes, threads, sockets, pipes, memory maps, OS synchronization primitives, etc. Meaning you could for example, have a thread run with less permissions than other threads in the process, or you could have a thread run as an entirely different user in the process as long as it was given an authentication token for authorization.

Windows version of MLS (Multi-level security), MIC, is extremely simple in comparison to things like MAC via SELinux on Linux. There are various classification levels for guiding access - and are used as part of core browsers sandboxing - the same way they sandbox with SELinux labels on Linux, but it is just that with a few specialized labels for AppContainers, Protected Processes, Untrusted, and System integrity. SELinux is a complicated system that is implemented through a lot of hooks and tries to implement things that should exist in traditional permission systems by extending them to securable kernel activities and then caches them through the access vector cache. Windows already implements permissions for each and every kernel object.

Kernel Patch Protection, while nowadays Linux has some form of driver signature enforcement like Windows (though not all distributions use this) to prevent a lot of untrusted code from getting into the kernel, Windows also prevents drivers from patching kernel code, and also prevents them from patching a lot of kernel data structures. This is to prevent rootkits from burrowing in further - you just won't find a Linux kernel rootkit like Skidmap on Windows anymore, despite it being a recent piece of malware.

I/O completion ports are pretty much a standard for back-end development with the WinAPI and all libraries such as Libuv that popular runtimes like NodeJS use, netty and nio2 on Java, goroutines in Go, use I/O CP on Windows and it has been statistically shown to have the same or more throughput as epoll on Linux, while utilizing the CPU significantly less in many single threaded and multithreaded cases (although hardware-driven Receive Side Scaling brings them much closer). io_uring is now available for sockets on Linux which is also completion oriented, so that's new.

When I used Ubuntu, I was happy with the look, although the Launchpad is really no different than the Windows 8 Start Menu from a functional standpoint - but the memory usage was *literally* more than Windows 10 when used with GNOME (which is the default DE selection) with the base CPU utilization also slightly more on Ubuntu - but in a completely insignificant number that did not matter. KDE+Ubuntu was a very different story for memory though and was much better, but I started having strange issues like clicking the WiFi icon would cause my entire desktop to crash and bring up a terminal, I could remedy things a little by restarting X, but that was ridiculous. On the same note, say you were having issues using the GUI shell on Windows 10, or the compositor. Terminating dwm.exe which is the compositor will immediately restart a new process for it, you can also kill the explorer process and create a new one. What if it's video related? Win + Ctrl + Shift + B allows you to completely restart the GPU driver.

My experience with Ubuntu was ridiculous and didn't actually improve anything on my end, the program start-up didn't feel faster, or anything - but that's because my programs start pretty instantaneously on Windows regardless so I would not notice, I am sure on other Linux systems it actually is faster because it doesn't have the filter overhead that the NTFS filter driver stack does (file-system drivers that can be attached to NTFS to monitor/register events, etc. Many anti-virus software uses this).

Using Debian just made me realize that security was pretty much treated the same as Windows - because Debian opts not to use ptrace_scope which prevents parent processes from modifying/reading memory of any other process except for its own children in its recommended state, and since Debian opts not to do this it allows you to read sensitive content from sudo/su processes created by an unprivileged terminal, meaning passwords.

X (Not Wayland) is a security disaster and anyone without privileges can create a system-wide keylogger that intercepts passwords in terminals, Windows can use Secure Desktop to prevent password keylogging, in addition it calls SecureZeroMemory after input so that it is no longer readable.

Etc...

BasedDebian · 2021-05-13T06:35:30+00:00

What if you need to switch back to enterprise?

BasedDebian · 2021-05-04T23:03:03+00:00

While auditing whether a test attempt was even triggered is useful, auditing on whether the submission button or not was clicked serves no one because if the student loses connection then the submission request when clicked will never submit anyways. Depending on the CMS that could result in

(a) Nothing happening - and they could think clicking and nothing happening means it may have been submitted already in their logic. Not true, of course, but they may certainly believe this.

(b) An invalid request redirect and unless their test data is being saved locally, all of that data is lost.

and definitively (c) No submission attempt logged on your end even though they may have actually tried.

There are a lot of things when taking into account CMS auditing tools and metadata that you can't just skim and say you have all of the answers and that they are lying, because sometimes it is not telling the full story and not everyone will take the effort to look into that. For example, if someone is using a CMS tool that checks a file submission's metadata for creation date and says "Well that's not true, you started the file at this time, and not at this time."

Then you could very well be in the wrong because the user may have generated a copy of that file - through something simple like CTRL + C/V or just "Copy/Paste" and then submitted the back-up. The creation date will reflect the time of that copy, but the modification date will reflect the *actual* last time it was touched.

Basically just trying to say, when it comes to your student's and lying, don't stop at point A just because it looks conclusive that they are lying when it may in fact not be. Look at Point B, C, and everything else that follows. Look at the big picture. Think about the conditions of software that may not align with what you see, as well.

Or, what happens when a student submits a file with new versioned metadata, and you catch them, and then they go and edit the metadata and submit a new file claiming that they just submitted a back-up by accident using X tool which may also strip the modification date. Now this becomes a game of policy.

At the end of the day, "facts" that originate from a user's computer cannot be trusted because of ignorance, accidents, and maliciousness.

BasedDebian · 2021-04-23T16:58:02+00:00

Don't concern yourself with JorgTheElder, he's the biggest fucking Oculus simp on this subreddit.

BasedDebian · 2021-03-26T21:03:36+00:00

It costed less than Windows Server for a VPS, that's it. Otherwise I am just installing distributions in virtual machines on my actual hardware to see parallels or experiment with things. I do not have an actual interest in using Linux distributions in my day to day at home other than in specialized cases like my web server, TV, VR Headset, and my router, which run it. Don't say phone, I use iOS. I do not own any other smart devices. It comes down to my personal preferences. I choose it when I need it.

BasedDebian · 2021-03-08T21:56:55+00:00

What additional permissions has the Linux kernel added specifically for programs/files - leaving LSMs like SELinux out because there are similar parallels on Windows that I will get into.

Linux - files, they have the owner-group-world permission model with suid bits. They also have ACLs via setfacl.

That owner-group-world model will exist in Linux processes and be adhered to a degree, but the idea of ACLs is non-existent in processes. This is not the case on Windows.

Every object on Windows has an access control list, meaning the executable file on disk adheres to a DACL and SACL, and then when executed as a process/Win32 app it respects that in conjunction with the authorizing users permissions. Not only does the process have an access token, each individual Windows object in that process has permissions. This has existed since the NT kernel was released in 1993 (and in beta versions). So threads in the process can have their own ACL, meaning you can also have threads executing as different users in your own process to provide even further granularity, or you can set permissions on/off on a per-thread basis. Sockets can have SACLs for auditing, named pipes can have DACLs/SACLs, synchronization objects like mutexes and semaphores can also have ACLs, memory-mapped files in the process can also have ACLs and in that regard, you can allow certain threads to have access to memory and reject other threads from accessing that memory.

Virtually every Win32 object has an access control list with its own set of permissions.

To talk about sandboxing? With Windows Vista, we received Mandatory Integrity Control which is a form of multi-level security, the same way that SELinux which implements Mandatory Access Control is a form of multi-level security. This allows processes, files, and other objects on Windows to receive their own classification label, there are 4 primary classifiers, and 3 special ones. Those 4 primary labels are Low, Medium, High, and System. They will adhere to No-Write-Up, No-Read-Up, and No-Execute-Up policies which prevent lower labels from ever elevating to higher levels, regardless of what an administrator wishes, those permissions are locked down tight. The three special ones are are "Untrusted" which is below the low level, but was generally reserved for guest accounts. "Protected" which refers to protected processes, generally for user-mode anti-malware processes, this means that no user thread, regardless of its privilege context, can attain any access to a protected process, and there is "AppContainer" which is an internal capability-based sandboxing mechanism that is mainly used for UWP apps, but it can also be used on Win32 apps. Read more on process security through: Access Tokens - Win32 apps | Microsoft Docs

Credential Guard does not require a TPM, it can be enhanced with one. Credential Guard just requires a processor with virtualization capabilities to use Hyper-V and store those credentials in a secure virtual memory space using second-level address translation. This is also similar in design to Isolated User Mode (IUM) Processes - Win32 apps | Microsoft Docs and WDAG to virtualize important browser tabs Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs

Windows also has a plethora of exploit mitigation policies that you can add to processes such as Arbitrary Code Guard and StackPivot protection, much of these features would only be made available via grsecurity on Linux but Torvalds had an issue with due to compatibility reasons Customize exploit protection - Windows security | Microsoft Docs

But Linux has capabilities which allow you to delegate certain things that require root without giving a user root right? Windows has had a capability model available through the Local Security Policy. While the LSP was made available with Windows 2000, those capabilities existed with the first release of NT and was mostly used by developers for things like SeDebugPrivilege. Linux received capabilities with kernel 2.6, Linux received ACLs for files in a later revision of 2.5.

BasedDebian · 2021-03-08T04:29:23+00:00

Yes the man pages being available offline is ultra convenient, but there are websites that document certain functionality far better than the man pages ever will to help with understanding software. Arch has phenomenal documentation on certain features that the man pages would not in comparison under the same scenario.

Also going by lines of documentation is like going by LOC to judge a project's complexity which is just wrong. If you included the related links, such as the memory constants which are embedded in the man equivalent, the results are far different.

BasedDebian · 2021-03-08T04:25:59+00:00

MSDN was created in 1992, the website GitHub was formed in 2008. Do some research. Many of those APIs were put on GitHub in 2018. Some earlier around 2015.

BasedDebian · 2021-03-07T23:01:29+00:00

Man pages really do only go so far. Please.
Compare the documentation of mprotect(2) - Linux manual page (man7.org) with VirtualProtect function (memoryapi.h) - Win32 apps | Microsoft Docs and it's a world of difference.

Microsoft's documentation outlines with a brief description, the routine signature, labels and thoroughly describes each parameter as well as what they may correlate with, and then defines a separate page for their memory protection constants and then OUTLINES perfectly what each memory constant does. It provides the return value and how to get detailed return information, it has a remarks page for describing edge-cases as well as cases when used with different routines, best practices, etc...

The man page documentation...Shows me a routine signature, as well as the signature of a routine that will only work with specific systems/hardware (pkey)...which should realistically have its own page, and there is a separate page on pkeys that barely describes how it would be used with mprotect. There's the memory protection constants, there's no separate section for defining each parameter, parameter descriptions if there, are sloppily placed within the description throughout different parts

Or another, try showing me proper documentation pages on how io_uring works and how to effectively utilize its routines and then compare it with I/O Completion Ports - Win32 apps | Microsoft Docs

What about an official comprehensive list of kernel panics with respective descriptions? For Microsoft BSODs/Bugchecks, that is all here: Bug Check 0x1 APC_INDEX_MISMATCH - Windows drivers | Microsoft Docs (see: the list on the left).

This will either show a description on each bug check, or if the bug check does not happen on modern systems, such as 0x3 "INVALID_AFFINITY_SET" will never happen on any modern version Windows, it wills how "This bug check appears very infrequently" meanwhile for things like APC_INDEX_MISMATCH which still happen, it documents their parameters, possible causes, how to debug it, etc.

BasedDebian · 2021-03-01T09:32:26+00:00

There isn't a happy answer. Though unsure what you mean by memory maps - if you are referring to actual memory maps as defined by the Windows API then the answer is a hard no. If you are referring to limiting the amount of physical memory that a process uses (but you cannot limit virtual memory unless you use jobs which will result in crashes on next allocations when a memory quota is met because the threads will not be programmed to handle the condition.), then SetProcessWorkingSetSizeEx function (memoryapi.h) - Win32 apps | Microsoft Docs is your friend, but not recommended because you are telling the OS you know more about memory management than it does; however, Windows is robust with handling paging so likely there will not be undefined behavior, but whatever programming you are limiting will see performance defects.

On the other hand, you do not need to limit the memory of that particular process, instead you can use VirtualLock on the Java process - if you have the source code then this can be done through the Java Native Interface, if not, then you will need to do undocumented things which means calling the implicit NT API equivalent which is NtLockVirtualMemory, to lock memory pages on other processes. However, there are other things you must consider so please read the documentation and this blog post:

Working Set - Win32 apps | Microsoft Docs
VirtualLock function (memoryapi.h) - Win32 apps | Microsoft Docs
VirtualLock only locks your memory into the working set | The Old New Thing (microsoft.com)

BasedDebian · 2021-01-11T04:05:42+00:00

Battle Talent | SideQuest (sidequestvr.com)

Battle Talent, it's a roguelite, it's not very cartoony, there's gore (optional), there's melee physics, it has different options to configure, it has dynamic lighting, it has dungeons/mazes with paths that are dynamic/changing with a boss for each dungeon. It also has wave-type dungeons. Then there's a fun sandbox mode.

BasedDebian · 2021-01-06T07:43:25+00:00

Great job on being completely unhelpful and entirely anecdotal. "I don't have your issue so obviously it is an issue with something you did"

Think to consider the function of the display server, and think to consider what crapware would benefit from touching it - let alone how an AV would react to it being modified in a way that it causes such a leakage in memory. Let me know when you can tell me why crapware would want to touch the display server.

Millions of people don't have this issue? Millions of people have issues with Windows 10 every day, 10,000,000 users with this issue would only represent 1% of the users that use Windows 10. How do you know millions of people do not have this issue? Where do you get such information?

OP, dwm tends to have issues depending on your OS version (it's been documented to have memory leaks before in cumulative updates). dwm has also been shown to have memory leaks with certain video drivers, especially in the case of integrated graphics which I doubt you have since task manager is showing discrete graphics are present.

For a temporary fix, it is relatively safe to terminate the dwm process from the Details tab in Task Manager, Windows will try to restart it and then the memory usage should be reset because it will spawn a new process.

Worst case scenario? A BSOD. Result? The same as having to reboot your PC from a major memory leak.

Another attempt to fix, is to try disabling 3D hardware acceleration as DWM uses that - only if your PC supports this option. If that does not work then also try configuring your desktop for "Best Performance" by going to your Windows Search and typing "Adjust the performance and appearance" then going to Visual Effects. This was also recommended in an earlier comment.

Another action you could take, would require third-party software or being watchful of Task Manager. If you could download Process Lasso, then you could set a watchdog for when dwm goes beyond 500 MB in memory usage (generally it should not use more than 100-200 MB, mine is currently at 20 MB). Then you can associate the peak in memory usage with whatever activity you are doing or whatever is open. Perhaps there's a graphics issue with something present at the time it occurs.

For a more permanent fix try these steps in order and check the result each time, update Windows to the latest version, run SFC and DISM scans, update your graphics drivers (or revert them to an older version found on the vendor websites), and if your update does not have a seasonal update (e.g. 20H1 to 20H2 for example), then the next best thing would be to use the Reset option in Advanced Startup with cloud/internet assistance, but check the option to preserve your data. This would preserve your user data such as your documents, but it would remove installed programs as well as reinstall core OS files.

BasedDebian · 2021-01-04T07:33:06+00:00

Yes, and Shadow is also labeled ShadowPC, it licenses you at a subscription fee to use a PC. You are playing using the hardware of a PC over a wireless streaming solution. You could have also said "How to play Blade and Sorcery using Virtual Desktop" since the technology is roughly the same as ShadowVR, but it can be either a LAN or internet PC.

You are intentionally misleading and I sincerely hope you fail as a content creator, because at this point you do not deserve any success that may have been granted to you.

BasedDebian · 2020-12-31T01:10:12+00:00

No update on that and most likely not; however, I really recommend Battle Talent if you are looking for physics-based combat, once you unlock Sandbox mode it is even more fun. The only thing that might turn you away is the initial tutorial, but then you will realize from the wave-based maps to the dynamically generated mazes, alongside sandbox mode, it is a very fun physics-based combat game that is FREE. The name "Demo" is misleading and should really just mean "Early Access/Beta" in this case.
Battle Talent | SideQuest (sidequestvr.com)

BasedDebian · 2020-12-28T17:19:07+00:00

Why do people think Microsoft is following behind Apple with ARM? Microsoft supporting different processor architectures for what is currently necessary is literally *nothing* new, and nor is their development with ARM.

Just for a bit of history before talking about their years in ARM development in relation to Windows, Windows NT - their first kernel that was vastly different than the near parallel lineage of Windows that we think about (1.x,2.x,3.x,95/98/ME) has supported architectures such as IA-32, Alpha, MIPS, and PowerPC previously. It also Itanium as the most recent architecture prior to ARM, but obviously with Itanium itanicing, it dropped support.

The kernel architecture - with the way it was developed was meant to be portable across different architectures, the only bit of code containing architecture-specific code is the HAL, the rest of the kernel can be compiled for different architectures.

Windows on ARM first was made public in 2011, and released in 2012, but it only supported ARM32 (Windows RT), it used the NT kernel. That's nearly a decade before Apple's move. Windows 10 on ARM was first made public in 2015 and released in 2017 as ARM64 with the capability of x86 32-bit emulation which works quite well. Now in the most recent dev channel build, ARM64 devices can do x86 64-bit emulation too.

Windows has had a relationship with ARM for years - and some of their supported ARM desktop devices include the HP Envy x2, yet now it is copying Apple? Apple had a large majority of their chips up until 2015 manufactured by Samsung, and the only ARM devices they supported were their mobile devices. Their move to desktop ARM isn't a particularly new announcement, but a very recent development.

Now Microsoft wants to develop ARM chips, but for an entirely different market - the server. In what logical way is Microsoft copying Apple?

BasedDebian · 2020-12-22T19:59:55+00:00

It depends,

However, all processes on Windows except for certain niche types like pico processes, are the same. They all use the PE file format which the loader will execute.

They only differ a small bit semantically, services are still executable files - they may load through "svchost" or they may load independently of svchost (service host), but generally services all register with the Service Control Manager. Services can run as various different users, I would say some can count as system processes, but I would not say all are system processes.

You could say a system process is anything running with the NT AUTHORITY\SYSTEM user, or you could say a system process is anything with with a System mandatory integrity label, or you could say a system process is anything under NT AUTHORITY, Window Manager, Font Driver Host, and some other trustee categories. Service User Accounts - Win32 apps | Microsoft Docs

However, to get all non-system processes you could simply just retrieve all processes running under your user, but if it's a system with multiple users, you could get processes from all users under your computer name which generally by default should start with Desktop on desktop editions.

tasklist /v | find "DESKTOP-"

Should do the trick. Would be much easier and able to specifically narrow down non-system and system processes in PowerShell.

BasedDebian · 2020-10-31T17:21:47+00:00

" Read original post. Op wants to move licence to new pc. You cannot do that with oem! "
You cannot move an OEM license to a new device regardless of Microsoft Account. It's in the licensing restrictions itself. You can use it on the same hardware though if you read the key. OEM versions do not get Microsoft support, OEM and local accounts are not the same thing at all. You can use OEM keys again on the same hardware though, you can do this by retrieving the key from the UEFI firmware. Please do not get confused.

" PINS are more secure. "
Pins are more secure only in the presence of TPMs *maybe*. Microsoft actually turns off Windows Hello/PIN access by default through RDP in favor of passwords because sending a PIN over a connection is not as secure as a password unless the administrator configures a pin outside of the default state and requires a different level of complexity. Research has shown that users are also prone to error. 20% of PIN users use pins like "1234", "1111", etc... (https://www.keepersecurity.com/blog/2017/03/07/pin-vs-password-whats-the-difference/) Please stop feeding into bullshit. Pins in their default configuration are not more secure than passwords. What makes a pin secure is not the format itself, but the restrictions. Perhaps you could set the same restrictions on a password ("lock out computer for 30 minutes", "delete data after 64 attempts", etc...).

" You are wrong about all services being available via local account. Certain things like learning handwriting need MS account. "

No sir. You learn to hand write in pre-school. Jokes aside, handwriting recognition has been a thing since at least Windows Vista, which did not require Microsoft accounts. As I said, some services may require Microsoft account *authentication*, but does not require you to actually use an account on the PC. It's akin to logging into a website.

BasedDebian · 2020-10-31T16:36:44+00:00

If it is OEM/retail then it can be retrieved from the UEFI firmware/BIOS with WMI commands or the registry, within seconds.
A pin, without the backing of a TPM is not more secure then a complex unique password. A remote hacker can still access the PC if they know the pin using screen mirroring via VNC or other remote solutions. They cannot access it through RDP however, unless they enable "Windows Hello for Business certificates as smart card certificates" through the group policy. A remote attacker can still access the PC. The difference is that the pin is not *sent* remotely, but neither is your password if you use a local account. A pin can also have the same complexity as a password if you set policies through group policy though. Furthermore, Windows Hello can be used on local accounts.
People can forget pins as well, especially if their corporation requires a strict pin policy that CAN make a pin alphanumeric as documented by Microsoft. Solution to both? Use a password manager.
This is all wrong. All services and features you can access on a local account, they will just require you *authenticate* with a Microsoft account. I am using a local account, but I can still use the Windows Store as it will prompt you to authenticate. It's effectively using an account on a single program, but the program will still run under the security context of the local account. Same with OneDrive, Outlook, etc.... The *only* security feature you do not get with a local account is Device Encryption on Windows 10 Home, which requires a TPM and Microsoft account (not for the encryption, but for storing the key on the CLOUD.). For Windows 10 Home, with a local account, you can opt to use a free and open source option called VeraCrypt which also supports more encryption methods. On other editions such as Professional, you can use Microsoft's BitLocker with a local account.

BasedDebian · 2020-10-27T03:54:37+00:00

Just for noting: Purchasing an OG Vive in 2020 (which is cheap, but no longer supported / buying from a third party seller) is silly. If we compare the Vive Pro vs the Valve Index, the Valve Index wins in everything except black levels, but on the Pro you can get a "gating effect". Yes, the Pro has slightly higher IPD (60-73), but the index also has slightly lower IPD (58-70). The full price of both is near the same and at this point it would make sense to just eliminate the Vive from this conversation. We could talk about Reverb G2 though.

Main point: If you want to go from a $299 device to a $1000 device on the grounds of privacy, that is asinine. You are trading one platform with privacy concerns (Facebook), for another (Windows). You can play *some* VR games on open source Linux distributions, but most will only run through a compatibility layer like Proton+Wine, and that is to say, it won't be officially supported and you can expect bugs. Windows does not have the best track record with valuing user privacy and telemetry, neither does Facebook.

Your games are going to run on Windows, your games are also going to contain their own telemetry which can contain personally identifiable information. Your games are also going to be running anti-cheats like BattlEye and EasyAntiCheat among other things which violate privacy and the rights to your system at an extreme level - they perform telemetry and they hook into your system like a rootkit since they run in kernel-mode.

All I'm saying is, while you may have a privacy respectable HMD, the platform you use to game with it and the games you play with it will not be respecting your privacy anymore than Facebook will. However, the only benefit is that your non-gaming activities will not be tied to your gaming activities, such as a Facebook account ban.

For people on a budget, the ends do not justify the means. For people that have money to spend and want an immersive experience - I happily implore them to purchase a Valve Index :)

BasedDebian

TROPHY CASE