paran0id’s blog

If Saw II was far from being as good as the first one, Saw III is a complete failure. While the first movie of this series had an incredible mysterious, thoughtfull and well written argument, this last one is completly unappealing and dull. The movie has countless scenes of explicit horror/gore content which denotes how much money the previous movies have raised for the producers, but when it comes to the story it pretty much sucks.

Here’s a comment taken from imdb.com that pretty much describes what i think about this movie:

“The first few challenges were nothing more than a gore fest. The thrill and suspense of the challenges faced in the original Saw replaced with ideas designed to do nothing more than test how well you could hold onto your last meal. There was no rhyme, no reason, and paper-thin plots.

After enduring the first 20 minutes of blood and guts the storyline of the movie started to develop, but it was hard to actually connect with it as there was the constant fear that the next second another disembowelment or similar would jar you out of the storyline again.”

My latest Wordpress plugin. A simple and usefull one.

Read more here
Download [md5: 1f9526be2da53e32251758784b8469ae]

As promised, it’s here.

Main changes:

• IPs updated (auth was changed).
• added C4 beta, Beta auth, Euro and Highrates server.
• added tooltips with the description and rates of each server

Download

Yep! Summer is pretty much over and so are holidays so i decided to start developping again. Starting next week i’ll be working on the following:

• XML parser + Image Generator for Last.fm recently played tracks (working example here)
• Update L2World Server Status
• Maybe I’ll update the Calendar plugin. If i do so, i’ll probably rewrite it from scratch with much cleaner code and make it XHTML compliant.
• Might even consider developing one or two of the plugins requested @ SourceForge.net/wp-plugins (feel free to go there and post your ideas for plugins ;))

So, expect these updates (and perhaps a few more) in the next weeks!

So I was bored as shit the other day and decided to check on a few games. Some friend of mine ended up telling me about EVE online so i decided to give it a try.
The game is extremely complex, and it looks even more when you’re first looking at it. The rookie-tutorial takes over 2 hours to finish but it sure helps a lot. You get to know all the basic functions, tools and interface. The interface… I don’t consider myself as a game expert but EVE has the best interface i have ever seen. It’s simply perfect! It’s like, when you’re watching a Star Wars movie and you see all those neat monitors with awesome graphics and you’re like “wow, that’s so cool, i wish i had stuff like that on my computer”, well… wish no more! EVE beats all that.

The only down side of this game is that it’s Pay-to-Play. In order to play it you have to pay a monthly fee of 19.95$USD. I’m still on trial period (14 days) but i’m pretty sure that, after the trial period expires, i’ll gladly pay that monthly fee because it’s totally worth it.

I’ve been playing this for only 6 days now and i know i haven’t seen 1% of the game, but what i’ve seen so far made me droll. There’s also rumors that an expansion (free) is coming out, new ships, equipment, research and graphics! (better than this?!)
Here’s a few screenshots i took in these last days:

Well, if you are one, then this might be usefull to you.
Few days ago some dude made a post @ l2world suggestions forum about making a program that would tell you the current status of all servers.

Since i’m always up to code new stuff, i decided to actually code a small app that does exactly that.

You can download it here: L2WorldStatus.rar (aprox. 44Kb)

So yea, i got tired of those stupid websites where you got to maintain a 0.5-1.0 ratio or your account gets kicked. Not that i am a leecher but it’s pretty dumb to have that kind of policies when we’re talking about free peer-to-peer file sharing and, when you sign up on website like this, you always start by downloading (and not seeding) which puts you on a disadvantage. Also, on these websites, you can never upload torrents until you’re a ‘power user’ (which means: 1.0 ratio or above), so… all in all, even though ratio can be a good way to keep out those who only like to download, leechers, it can also be a pain in the ass for those who want to share but they can’t because the torrent has 500 seeders and 10 peers.

So, this settled, i figured a way to download the stuff without adding the ‘downloaded traffic’ to my ratio. :)
Basically, i download the torrent, let my client (Azureus) connect to like 40-50 (depending on the amount of existing seeders, obviously) and a few peers and then edit the torrent tracker URL to something like ‘http://no.track.er’ and voilá! i got my file and my ratio untouched. ;)

Then… of course, too boost a little bit your ratio you’d want to seed the torrent, right? So, you delete the torrent from your client (in Azureus: Remove -> Delete Torrent File); redownload the torrent and open it with azureus for seeding. (in Azureus: Open -> Torrent file… (for seeding)) and that’s it.

Everyone is happy. Well… not everyone but, who cares.

A notícia foi dada pela SecurityFocus ontem, dia 16, e relata uma falha de segurança extremamente simples na maneira como as redes ad-hoc são manipuladas em sistemas Microsoft.

Mark Loveless writes:
“An attacker can attach to the ad-hoc SSID and either manually assign an IP address in the 169.254 class B or simply DHCP and await a time-out that assigns the attacker’s laptop an IP address via a Link-Local configuration. After passively sniffing and waiting the usual NetBIOS traffic and/or by running a ping sweep, the victim’s IP address can be discovered. The attacker can then perform the various probes and attacks to gain access to the system.”

O artigo completo pode ser encontrado aqui, e o documento de Mark Loveless pode ser visto aqui.

Interessante.

É impressionante como em, pouco mais de 1 ano, sites como os referidos no título deste post, evoluíram e se tornaram em autênticas fábricas de dinheiro. Sim, fábricas de dinheiro, porque se pensam que alguém dá espaço gratuito para vocês enfiarem as vossas fotografias, músicas e terem conversas de xáxa, andam muito enganados. Reparem que todos estes sites tem publicidade, seja ela de que tipo fôr. (desde banners e popups a links camuflados no conteúdo da página). Coisas que parecem insignificantes à primeira vista mas que, se pensarmos que estes sites são visitados milhares e milhares (eu arriscaria mesmo a dizer milhões) de vezes por dia, percebe-se logo o quão rentável o négócio é.

Mas enfim, não é isso que me impressiona. As pessoas tem que ganhar a vida de alguma maneira e essa é sem dúvida uma maneira inteligente de o fazer. O que me impressiona mesmo é a quantidade de gente que utiliza esses sites para as mais variadíssimas razões. E acreditem que há de tudo: sites pessoais decentes e interessantes, sites de teor erótico/pornográfico, galerias de imagens, foto blogs (uma variante dos blogs tradicionais), etc.
Por exemplo, o hi5. Serei eu o único a achar aquilo uma palhaçada? Eu acredito, sinceramente, que aquilo possa ter utilidade para determinadas pessoas mas pelo que vejo no geral, a maioria usa aquilo para fazer amigos virtuais, para meter conversa com pessoas que, apesar de frequentarem os mesmos sitios que elas, não tem coragem de ir falar pessoalmente ou então simplesmente para uma terem grande rede de amigos (friend’s network) da qual se possam gabar quando a mostram a alguém. É incrivel a maneira como certas pessoas se dedicam e viciam naquilo. Há pessoas, que frequentam as mesmas aulas que eu, que passam 99.9% do tempo a navegar nas páginas do hi5/blogspot/myspace. Sinceramente, ir a uma aula para estar o tempo todo agarrado ao computador a passear por sites desse género, mais vale é não ir e ficar em casa a dormir.

Toda esta onda de sites que promovem a amizade virtual (e real também, ainda que em pouca dose), o envio e partilha de fotos e mesmo experiências de vida não só me surpreende como também me dá uma certa vontade de rir.

Mas paciência, cada um sabe de si e usa o tempo como quer e bem lhe apetece!

No passado dia 28 de Dezembro a SF publicou um aviso sobre esta vulnerabilidade que já é considerada a mais grave de todos os tempos, em que o exploiter consegue ganhar privilégios de Admin e, assim, ter total controlo do computador da vítima remotamente.

A Microsoft, contudo, não parece estar muito preocupada com o problema e decidiu nao lançar uma a correcção para os milhões de utilizadores do seu sistema operativo Windows, até dia 10 de Janeiro.

Contudo já existe uma série ferramentas para verificar se o sistema está vulneravel a esta falha, bem como ’security fixes’ não oficiais, sendo um deles um leak da correcção oficial que irá ser lançada pela Microsoft.

Mais informações em:
Pre-release WMF patch leaked to Web
Patch for WMF bug slated for next week
Windows 0-day exploit found on Web.
-
Hotfix download (não oficial)