It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
timppu: God damn it. Again some yet-to-be-fixed critical Adobe Flash Player vulnerability, which some web page ads are already exploiting?
Are Java, Flash etc. designers so incompetent that there are such problems, or is this just the way it is, and always will be? Is it impossible to design those things to be fully secure, they will always be insecure in different places? Or is it user's fault somehow?
Thank you very much! I was guessing what the hell was happening with my PC when services open link full of ads. It starts on 26-Jan-15 the day my Flash Player was updated. Hope for the best and fast fix soon.
avatar
gunsynd: WARNING DO NOT READ IF LOSING A PET UPSETS YOU...

I am sorry for lumbering our sadness on the people here,but I feel it's a small tribute to our much loved Jessie...
RIP Jessie 2002-2115 We miss you so much....
I'm with you here. I've had a very good and lovely Persian cat. He was not castrated (I insisted to preserve his masculinity advocating his balls like my own) and it was a daily routine to get off his urine smell off my flat (I failed a lot). For the first 5 years I had to defend myself from sudden attacks in a night sleep, and those sharp as razors claws during a play time with him. Endured weeks howling and calling for a cat lady for hours in a row. His name was Umka. He was the best and good looking Persian cat in the world for me. After 16 years he had to be put down by a doctor, because of the liver and other organs damage during intoxicating (something about specific tumor opening into the blood stream). I will never forget the pain of losing such a tender all-loving cat. I remember him always meowing, licking my hands, getting cozy around me and purring. His overgrowing hair all over the place, his noble spirit.
After a few years I still can't think of bringing another animal in my life, even the thought of it is unbearable. Perhaps some day.
avatar
Soccorro: I really hate wallowing in self pity. But i really need to vent.

Lets start with my CV. its crap. Its a chaotic accumulation of non related jobs, voluntary stuff and huge gaps.

Age: yep, it is a thing. Im old. I have given up applying for universities and now im looking for job training possibilities, so i can have some qualifications before i turn 30. most students will have their Masters degree with 23. im not going to attend uni just to be around 18 year old kids.

i have been trying to apply for a degree, that i might not even like.

Surgery: is going to be painful, physically and financially. its going to eat up all my savings.

Also, im extremely depressive lately, and stressed 24/7. I sleep much longer than im actually awake. My voice has become monotone and my vision is greyed out. I used to play games, when i felt like this in the past but i cannot do that now. i do have euphoric moments but those are rare.

I should have started studying something right away. I have wasted 3 years.

Im about to snap. Sometimes I just start laughing out of the blue. I must have gotten crazy already.
Welcome to the club. I'm having mostly the same issues here. But I'm a bit older. In 30 years I felt the same way, like the world is finished on me and I have no place to go. Stupid advises from friends to workout a lot have not helped me to get through my growing depression. And suddenly I realized that I can't take it anymore. I just can't feel bad for my past, which may not be rewritten (there is no time-machine for me). And you know what? It helped a bit. Then I admitted my faults to myself (all), and to my friends and relatives. The more I spoke of it, the less I felt depended on my past. That was the first step to overcome my difficulties. But without proper psychiatrist you may or may not get far. In Russia it's a common thing to seek help elsewhere, like in church for God. Just know this, self pity is a tricky mechanism for personality destruction. All you need to do is to embrace yourself with all your bad and good qualities. You have to love yourself no matter what, it's really important. And it's not 100% your fault. Playing games (alcohol and drugs) can kill the depression for a short period of time. But to actually find yourself you need to get attention from the others. You need to feel needed, to raise you self-esteem first. Only after that you may continue on with education / job.

Short version, step-by-step:
1. cut off the past from your thoughts | also cut off all your previous goals (they are not worth it right now)

2. embrace the now with open heart and gratitude (yes, exactly with gratitude, it's important)

3. set yourself on *prosperity* future (if step 2 is done, you will not need to do anything - this will be enabled automatically in time, even that you don't have desired skills | education | work | salary - you need to feel like you actually do, again it's kinda important)

First 3 steps will reduce your anxiety | jealous | fear and dissatisfaction - those most dangerous enemies against your bright future. In other words it should change your emotional approach or thinking pattern, a barrier between you (in the past) and your better self (now).

4. with calm mind think of your new goal | wish, think what you really want (money is not worth it, but money for buying house or car is much better, still you can find something more appropriate for yourself like super-mega degree or master skill in money gaining >>> I personally suggest skills / perks over cash and items)

5. act!

6. ???

7. profit! :)))

Just in case, it's my opinion only, so don't feel offended.
Post edited February 04, 2015 by Cadaver747
avatar
gunsynd: WARNING DO NOT READ IF LOSING A PET UPSETS YOU...

I am sorry for lumbering our sadness on the people here,but I feel it's a small tribute to our much loved Jessie...
RIP Jessie 2002-2115 We miss you so much....
avatar
Cadaver747: I'm with you here. I've had a very good and lovely Persian cat. He was not castrated (I insisted to preserve his masculinity advocating his balls like my own) and it was a daily routine to get off his urine smell off my flat (I failed a lot). For the first 5 years I had to defend myself from sudden attacks in a night sleep, and those sharp as razors claws during a play time with him. Endured weeks howling and calling for a cat lady for hours in a row. His name was Umka. He was the best and good looking Persian cat in the world for me. After 16 years he had to be put down by a doctor, because of the liver and other organs damage during intoxicating (something about specific tumor opening into the blood stream). I will never forget the pain of losing such a tender all-loving cat. I remember him always meowing, licking my hands, getting cozy around me and purring. His overgrowing hair all over the place, his noble spirit.
After a few years I still can't think of bringing another animal in my life, even the thought of it is unbearable. Perhaps some day.
Yes,it's hard and Thanks..
avatar
blakekl: As a developer, I can tell you that there will ALWAYS be vulnerabilities.
I kinda know, but still... damn. Someone who knows the ins and outs of e.g. Flash Player and this particular case could possibly explain what was the feature containing the vulnerability, was it a stupid mistake by the developer or something which would have been very hard to get right the first time, etc.

I guess I am more venting about the idea that merely visiting some (even respectable) web site or trying to watch a video can cause your whole system being taken over by someone else. Something feels completely broken with such paradigm. I get it better that if I willingly install some software myself and it turns out to be malware, it is partly my fault (I was too trusty; that's why by default I don't trust e.g. pirated software, or lots of freeware offers). But most people don't expect the same from merely visiting a web site, which happens to have some infected ads of which the site maintainer might not be aware either.

Besides going full walled-garden approach where the user can do nothing (hence malware can't either), would it be possible for e.g. Flash Player to run in a completely contained temporary box, where it can't affect the rest of the system? A bit like that I don't have to be afraid that a MS-DOS era malware (virus) running inside DOSBox would somehow take over my whole Windows PC, or an Amiga virus running in WinUAE?

Or is that the whole point of Flash Player, that it can freely do and change anything it wants in the OS? Just so that I can see some stupid banner ads, pop-ups and watch videos online?

I just like to put security far above extra features (especially features which are there to benefit someone else but the user (collecting information about the user to the service provider etc.)). Maybe I am venting for nothing, but I feel something is amiss.

PS. I don't think I've been affected by this vulnerability, this is just general venting. Now I am unsure which web sites are safe to visit, now that we are waiting for Adobe to deliver a fix. GOG.com is safe, I hope. :) At least they don't have third-party ads I think. Or maybe the best thing then would be to uninstall Adobe Flash, at least for now. I'd like to do that for Jave too.
Post edited February 05, 2015 by timppu
avatar
timppu: Besides going full walled-garden approach where the user can do nothing (hence malware can't either), would it be possible for e.g. Flash Player to run in a completely contained temporary box, where it can't affect the rest of the system? A bit like that I don't have to be afraid that a MS-DOS era malware (virus) running inside DOSBox would somehow take over my whole Windows PC, or an Amiga virus running in WinUAE?
I think there are some programs out there that effectively make a copy of your computer, and you can run stuff in that as a sandbox. Anti-virus companies use tools like that to help examine potential and confirmed viruses. I don't know much more than that, and I don't know if there are free tools, but I know that such things exist.
avatar
Bookwyrm627: I think there are some programs out there that effectively make a copy of your computer, and you can run stuff in that as a sandbox. Anti-virus companies use tools like that to help examine potential and confirmed viruses. I don't know much more than that, and I don't know if there are free tools, but I know that such things exist.
Actually there are rootkits that move your whole system into a virtual machine. They have total access on your system and are almost impossible to detect (since they are "outside"). Creepy, but real.
avatar
timppu: I kinda know, but still... damn. Someone who knows the ins and outs of e.g. Flash Player and this particular case could possibly explain what was the feature containing the vulnerability, was it a stupid mistake by the developer or something which would have been very hard to get right the first time, etc.
Here you go. More or less a secondary thread that works on memory that gets shared doesn't properly clear all references to said memory. Searching the CVE number in a few days should give you more info, since it does take some time for the CVEs to be publicly explained.
avatar
Bookwyrm627: I think there are some programs out there that effectively make a copy of your computer, and you can run stuff in that as a sandbox. Anti-virus companies use tools like that to help examine potential and confirmed viruses. I don't know much more than that, and I don't know if there are free tools, but I know that such things exist.
Yeah, I could run whole Windows in a virtual machine for example (VMWare or VirtualBox), but I was thinking more that the whole Flash Player would always run in some kind of sandbox by default (without me having to install whole Windows in a sandbox myself), so that that insecure piece of shit wouldn't be such a disaster all the time, but still offer the functionality it is supposed to offer.

Or is that not feasible, Flash Player is of no use unless it can let any code (including malware) run rampant on your system, for merely visiting a web site? You just have to trust that whatever Flash Player decides to display on some web site, will not destroy your PC and wipe everything clean?

avatar
JMich: Here you go.
Interesting, that page mentions:

This particular vulnerability can be exploited via all major browsers (Internet Explorer, Firefox, and Chrome); however Chrome users are protected by that browser’s sandbox for its Flash plugin, protecting end users from any attacks
Sounds exactly what I was looking for! Maybe I should become a Chrome user after all. Or whatever that spyware-free variant of it was called. How come I wasn't aware of this sandbox in Chrome? Or maybe I had heard, but forgotten...

And why the heck other browsers are not using the same method for protecting their users?
Post edited February 05, 2015 by timppu
avatar
JMich: Here you go.
avatar
timppu: Interesting, that page mentions:

This particular vulnerability can be exploited via all major browsers (Internet Explorer, Firefox, and Chrome); however Chrome users are protected by that browser’s sandbox for its Flash plugin, protecting end users from any attacks
avatar
timppu: Sounds exactly what I was looking for! Maybe I should become a Chrome user after all. Or whatever that spyware-free variant of it was called.
You are looking for a sandboxed browser. IE Protected Mode is one, and Chrome is another. I'm not sure if Chromium and SRWare Iron are also sandboxed, since I think it does have to do with Chrome's Native Client. Firefox did lack that feature last I checked, but it may have been implemented since.

And you can always use Sandboxie to sandbox any program, though I haven't used it and can't comment on how effective it is, or what alternatives you may find.
avatar
Bookwyrm627: I think there are some programs out there that effectively make a copy of your computer, and you can run stuff in that as a sandbox. Anti-virus companies use tools like that to help examine potential and confirmed viruses. I don't know much more than that, and I don't know if there are free tools, but I know that such things exist.
avatar
toxicTom: Actually there are rootkits that move your whole system into a virtual machine. They have total access on your system and are almost impossible to detect (since they are "outside"). Creepy, but real.
Well that's comforting. The attackers steal the idea and start using it against us. :S

On reflection, I'm not sure why I'm this surprised. Maybe I'm not quite cynical enough yet.
avatar
Soccorro: I really hate wallowing in self pity. But i really need to vent.

Lets start with my CV. its crap. Its a chaotic accumulation of non related jobs, voluntary stuff and huge gaps.

Age: yep, it is a thing. Im old. I have given up applying for universities and now im looking for job training possibilities, so i can have some qualifications before i turn 30. most students will have their Masters degree with 23. im not going to attend uni just to be around 18 year old kids.

i have been trying to apply for a degree, that i might not even like.

Surgery: is going to be painful, physically and financially. its going to eat up all my savings.

Also, im extremely depressive lately, and stressed 24/7. I sleep much longer than im actually awake. My voice has become monotone and my vision is greyed out. I used to play games, when i felt like this in the past but i cannot do that now. i do have euphoric moments but those are rare.

I should have started studying something right away. I have wasted 3 years.

Im about to snap. Sometimes I just start laughing out of the blue. I must have gotten crazy already.
You're not wallowing in self-pity. It's your brain telling you that life is hard.

Feelings of regret, monotone, oversleeping and stress are signs that you are deeply depressed. This makes everything else overwhelming such as education and indeed, what would normally be every day tasks. So until you address the depression, things are unlikely to improve.

I would start with two things: Talk to one person you know and trust about how you feel. Go and see a doctor with a list of all your symptoms.

There is also the third option of looking for support from this forum. Judging from past threads on Gog, you're likely to get lots of support and good advice. You really aren't on your own so give yourself a break and don't feel bad for expressing how you feel.

All the best.
Liquid was coming out of my butt today. I guess it's not as bad as would be solids coming out of my penis.
avatar
timppu: snip
I understand your frustration, but your complaints are caused by the same stuff that makes (or made) flash and java applet's cool. Flash has become nothing more than ad/video player at this point, but you can write full web applications in it. As such, it has access to the file system, which is what most of these vulnerabilities exploit. Software is cool, but it can always be used in ways the creator never intended or even dreamed of, so it is nearly impossible to make something completely secure.

Even your DOSBox example isn't really all that safe. You still have access to the entire file system through it, and can still execute scripts from within it too. It's unlikely that someone would waste their time writing a windows virus that executes through DOSBox,. but it is possible.
avatar
justanoldgamer: Liquid was coming out of my butt today. I guess it's not as bad as would be solids coming out of my penis.
That's one step away from the old South Park episode where they were shoving food up their butts and crapping out of their mouths. I do NOT envy you, sir. I can only suggest that your condition was brought on by either a hex or a demon of some sort.