?

Log in

Dennis Gorelik
---
http://www.vesti.ru/doc.html?id=2880505
Похищенные номера банковских карт Селезнёв, как утверждает следствие, продавал на специализированных интернет-форумах. При этом цена продаж зависела от того, насколько пригодны карточки для дальнейших нелегальных операций. Номера с 95 % гарантией «годности», которые владельцы ещё не успели заблокировать, уходили по 20–30 долларов США. За номера с 65 % гарантией (так значилось в объявлении. – Ред.) просили не более 7 долларов. При этом все расчёты велись только через «теневые» онлайн сервисы, вроде печально известной Liberty Reserve, названной в своё время «главной платёжной системой криминального мира». Это позволяло и продавцу, и покупателям сохранять полную анонимность.
.....
сотрудники Секретной службы США, которые вели дело о компьютерных взломах, встретились в Москве с представителями ФСБ и «представили им подробные доказательства того, что обвиняемый занимается незаконным проникновением в компьютерные сети». На встрече американцы передали российским коллегам полный список ников, которыми пользовался подозреваемый на закрытых хакерских интернет-форумах, включая и наиболее часто используемый в то время – nCuX. Одновременно сотрудникам ФСБ был передан пакет собранной следователями информации, на основании которой они пришли к выводу, что настоящее имя этого человека – Роман Селезнёв, из Владивостока.

Уже через месяц, 21 июня 2009 года, как следует из материалов дела, «nCuX известил своих сообщников на многочисленных криминальных сетевых форумах, что он прекращает свою деятельность». Вскоре после этого nCuX действительно исчез из Интернета. Вместо него уже в сентябре 2009 года в Сети появились Track2 и Bulba, предлагавшие точно такие же услуги. После недолгого анализа активности «новых» пользователей американские правоохранители пришли к выводу, что за этими псевдонимами скрывается всё тот же Роман Селезнёв. А на сотрудничестве с российской стороной решено было поставить крест. В материалах следствия о мотивах этого решения говорится предельно откровенно: «Сознательная утечка информации, допущенная сотрудниками ФСБ, а также то, что отец Селезнёва известен своими связями в Правительстве России, побудило власти США заключить, что дальнейшие попытки координировать усилия с российскими представителями подвергают расследование слишком большому риску».
---

Originally posted at: http://dennisgorelik.dreamwidth.org/131052.html
 
 
Dennis Gorelik
21 April 2017 @ 07:37 pm
Couple of weeks ago we noticed that the same C# code executes differently under MSTest and in Visual Studio 2017.
In particular, Uri constructor crashed on invalid input in Visual Studio, but did not crash in MSTest.

Then, several days later, we found that ASP.NET allows to modify collection that we iterate through, but the same code crashes in a unit test with "System.InvalidOperationException: Collection was modified; enumeration operation may not execute".

We decided to investigate and found that the culprit is in different value of "httpRuntime targetFramework" attribute.

Bad naming and documentation
Microsoft .NET Framework team chose a terrible name for that attribute and wrote a misleading documentation:
---
https://msdn.microsoft.com/en-us/library/system.web.httpruntime.targetframework(v=vs.110).aspx
The version of the .NET Framework that the current web application targets.
---

When most developers (including me) read that - they think that targetFramework attribute defines what version of .NET framework would execute.

But actually that attribute has totally different meaning and should have been named either compatibilityTargetFramework or quirksTargetFramework.

What httpruntime targetframework actually mean
Fortunately, levibroderick wrote a clarifying blog post, that now is the first result for httpRuntime targetFramework search:
https://blogs.msdn.microsoft.com/webdev/2012/11/19/all-about-httpruntime-targetframework/

With new versions of .NET framework, Microsoft .NET team introduced some breaking changes (especially for .NET Framework 4.5).
So then they created "quirks" to fix these breaking changes.

So, targetFramework attribute pretty much defines what set of quirks to use (the older is the targetFramework version - the more quirks you would get).
The total number of quirks seems to be around 10 (could be a little bit more or less).

Practical impact
In the past, our Web.Config did not contain any mentioning of targetFramework in <httpRuntime> element.
That meant that we got all the quirks, so postjobfree.com did not break.
Then yesterday we turned off "legacy compatibility mode" by setting
<httpRuntime targetFramework="4.6.2" />
We lost all the quirks that way and, as a result, got two bugs:
1) "WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for 'jquery'. Please add a ScriptResourceMapping named jquery(case-sensitive)." crash on every page that contains <form> element.
2) Encrypted validationKey in <machineKey> element changed its meaning, so all users authentication cookies expired.
Several hours of research and development later - we fixed these issues and now our web site runs in a quirks-free mode.

What was your experience in converting legacy .NET app to the new .NET Framework versions?

Originally posted at: http://dennisgorelik.dreamwidth.org/130665.html
 
 
Dennis Gorelik
17 April 2017 @ 05:43 pm
Rich kids compete for our attention too:
https://www.instagram.com/p/BQi2HijlG3M/

Originally posted at: http://dennisgorelik.dreamwidth.org/130491.html
 
 
Dennis Gorelik
16 April 2017 @ 12:59 pm
14 years 2 monts 10 days in LJ
Posts created - 518
Comments posted - 29k
Comments received - 8943


Thanks to zveriozha.

Originally posted at: http://dennisgorelik.dreamwidth.org/130100.html
 
 
Dennis Gorelik
14 April 2017 @ 06:36 pm
Denise posted a nice summary of a team behind DreamWidth in an email newsletter.

Here's a piece that explains why my DreamWidth account was suspended:
---------
http://dw-news.dreamwidth.org/38065.html
* We get rid of accounts that were just created for spam purposes, whether that's "leaving spam comments" (if you get one, delete it and check the "mark this comment as spam" checkbox; our anti-spam team will handle it from there!) or "posting links to other sites in order to boost those sites' search engine rankings". (If you see what you think is one or more of those, open a support request in the Anti-Spam category with a link to the journal(s), and our anti-spam team will take a look.) It's okay to use DW to host the blog for your small business where you tell your customers what you've been up to lately, for instance, but it's not okay if your account exists only to post those bite-sized, auto-generated things stuffed with keywords and links that exist only for gaming search engines. There's obviously some human judgement involved here, and occasionally we mistakenly suspend an account that wasn't a spambot or a SEO-bot (and then we apologize and fix it!), but most spam accounts are very much a case of "you know it when you see it".
---------

Originally posted at: http://dennisgorelik.dreamwidth.org/129883.html
 
 
 
Dennis Gorelik
13 April 2017 @ 02:33 pm
Several weeks ago one guy called me and asked me for information about one already closed premium account on PostJobFree.com

Somehow it was important for him, but I still could not understand how.
I thought that he would disappear, but it looks like he managed to hire a lawyer who sent a subpoena for that information to PostJobFree Inc.

Here it is:
Subpoena for the case of "State of Mariland vs Levi Williams"


Subpoena Duces Tecum


Certificate of Service



Unfortunately, unlike Subpoena from FBI, this one did not contain email address.

So I called to the Circuit court for Baltimore City.
A nice, but unenthusiastic country clerk answered the phone.
She was NOT eager to verify that the subpoena is, actually, for their county court and recommended to contact the lawyer who actually sent the subpoena to me.
She refused to give me any advice about what would happen if I simply ignore the subpoena: "I am just a county clerk and cannot give you a legal advice".
So I called the legal office of Ryan L. Burke.
This time I was welcomed by Desiree - a secretary of Ryan Burke.
Desiree was more enthusiastic, quickly understood who I am and asked me to send them information that I have.
I asked for her email address, sent her test email, got reply and then emailed some records I found related to Infinity Recruiting Group, LLC.

I also asked Desiree how that information can be useful for them, but she said that I should ask Ryan L. Burke that.
There is a good change I would never find an answer to that question ...

Originally posted at: http://dennisgorelik.dreamwidth.org/129738.html
 
 
Dennis Gorelik
Start of the struggles here.

Update 1:
1) I was able to make audio work.
So "Multimedia Audio Controller" disappeared from this list:


2) I installed bluetooth drivers (looks successful, but I did not test if it actually works).

3) I was NOT able to make wireless network adapter work.
I successfully installed Intel® Wireless Adapter Driver for Intel® NUC Kits NUC7i[x]BN from Intel® NUC Kit NUC7i3BNH.

4) I updated NUC's chipset device software.

5) When rebooting after installing Windows Server updates ("Cumulative Update for Windows Server 2016 for x64-based Systems (KB4015438).") -- NUC is showing "We couldn't complete the updates. Undoing changes" message.
Then after couple of reboots that cumulative update is gone, but suggests to install itself again.

So, overall impression of "Windows Server 2016 on NUC7i3BNH" is poor.
I do not really want to spend too much time on troubleshooting these silly issues, introduced by greedy sales managers.

I do not really want to work with Windows 10 either, so I consider returning this NUC7i3BNH and possibly buying "older" and more expensive NUC version: NUC6i7KYK ("NUC Skull") because NUC Skull does officially support Windows Server OS.

What would you recommend me to do?


Update 2: rezkiy and yatur suggested ulterior motives to explain Intel's decision to not support Windows Server for most of their NUCs. The overall direction of these explanations seem right, but some details seem to be missing.
What do you think?

Originally posted at: http://dennisgorelik.dreamwidth.org/129339.html
 
 
Dennis Gorelik
I bought NUC7i3BNH.
Then I tried to install Windows Server 2016 Standard on that NUC.
Windows Server installation itself was successful, but several drivers, including Network Adapters(!) and "Multimedia Audio Controller" - did not install.

Search for drivers brought me to:
http://www.intel.com/content/www/us/en/support/boards-and-kits/intel-nuc-boards/000005628.html
where to my amazement I discovered that most of NUCs do NOT support Windows Server OS.

Further research pointed me to a hack that allows to manually use Windows 10 drivers on Windows Server 2016.
It goes like this:
1) Open C:\install\LAN_Server2016_64_22\PRO1000\Winx64\NDIS65\e1d65x64.inf
2) From this section:
[Intel.NTamd64.10.0.1]

copy these 3 lines:
===
%E15D8NC.DeviceDesc% = E15D8.10.0.1, PCI\VEN_8086&DEV_15D8
%E15D8NC.DeviceDesc% = E15D8.10.0.1, PCI\VEN_8086&DEV_15D8&SUBSYS_00008086
%E15D8NC.DeviceDesc% = E15D8.10.0.1, PCI\VEN_8086&DEV_15D8&SUBSYS_00011179
===

into this section:
[Intel.NTamd64.10.0]

3) Then turn off drivers checks:
bcdedit /set LOADOPTIONS DISABLE_INTEGRITY_CHECKS
bcdedit /set TESTSIGNING OFF
bcdedit /set NOINTEGRITYCHECKS ON

4) And finally install the driver:
pnputil.exe -i -a C:\install\LAN_Server2016_64_22\PRO1000\Winx64\NDIS65\e1d65x64.inf

After that Network (and Internet) started working on my new NUC.


But I do not understand - why Intel does not allow these drivers under Windows Server 2016 by default?

Update: Windows Server 2016 on NUC7i3BNH struggles - part 2.

Originally posted at: http://dennisgorelik.dreamwidth.org/129240.html
 
 
Dennis Gorelik
05 April 2017 @ 05:32 am
========
From: "LiveJournal" <accounts@livejournal.com>
Subject: LJ account with Professional package of service Extension
--------
6 months of account with Professional package of service time have been added to your LiveJournal account [dennisgorelik].
========

Другие мнения:
1) juan-gandhi: "требуют, чтобы я какое-то соглашение новое подписал, с признанием ихних цензур и законов".
2) Как удалить аккаунт без продажи души.
3) yostrov: "У меня платный акаунт в ЖЖ. Подписывать новое соглашение я не хочу. Как выбивать оставшиеся деньги? Никто коллективный иск не готовит?"
4) novich-ok: "Я не собираюсь делать блог в ЖЖ неполитическим и буду, пока не забанили, сохранять его проукраинскую и антипутинскую тематику."
5) reytsman: "с удовольствием почитаю их заявку в Интерпол на экстрадицию."
6) sorhed: "никуда переезжать не буду, обойдётесь".

---
http://www.dreamwidth.org/stats/stats.txt
newbyday 2017-04-01 278
newbyday 2017-04-02 198
newbyday 2017-04-03 1327
newbyday 2017-04-04 22331
---

Update:
7) zveriozha: "удивительно, что даже уехав хз куда, советский в душе человек продолжает ссаться и трястись от пары каких-то словечек про законы РФ".
---
http://zveriozha.livejournal.com/905348.html
Так называемое новое "соглашение" - это не соглашение вовсе. Это метод психологического давления на блогеров, дабы они самовыпиливались или занимались самоцензурой.

Лучший способ реагирования - поставить галочку и далее вести свой блог, как и раньше. По-моему, это абсолютно очевидное решение. Но при этом даже умные с виду люди приняли другое решение - именно то, которого от них хотели желающие их попугать.

Для меня это оказалось гораздо более неприятным фактом, чем это "соглашение". Таки да - советского и постсоветского человека не нужно сажать или расстреливать. Достаточно с умным видом написать ему про какие-то законы РФ, и он все сделает сам - быстро сдрыснет.
---
8) Лукьяненко свалил из ЖЖ:
====
http://zveriozha.livejournal.com/904713.html?view=11062281
Я не собираюсь коллективно отвечать за каждый коммент.
... ищите меня на фейсбуке.
====

Originally posted at: http://dennisgorelik.dreamwidth.org/128962.html
 
 
Dennis Gorelik
===
https://www.amazon.com/Puppet-Masters-Robert-Heinlein-ebook/dp/B00APA1EN2
Masters (extraterrestrial slugs) are turning humans into slaves and the world is divided. Problem is that even in the "free" territory only relationships Heinlein could imagine are master : slaves relationship. Love interest of our hero is intelligent woman and when she marries him, she turns into obedient slave with very limited vocabulary ("yes, dear"). The boss of our hero (and his father) is his master until the moment they switch the roles and afterwards he's just a slave. Etc. I started wondering why they're so dead set against those slugs. :(

This novel really hasn't aged well.
===

Download "The Puppet Masters"

Originally posted at: http://dennisgorelik.dreamwidth.org/128540.html