Page 3 of 3 FirstFirst 123
Results 31 to 38 of 38

Thread: The Today I Learned... Thread

  1. #31
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    It's too bad simplix is not creating these packs for all other operating systems. At least XP and 7 should be updated.

    @anon
    What would be the best way to update XP? nLite to slipstream for sure but how do you get all the updates from SP3 until preset? I don't want t download them one by one...
    Last edited by Master Razor; 25.07.17 at 13:13.
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

  2. #32
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    33,621
    Activity Longevity
    12/20 19/20
    Today Posts
    5/5 ssss33621
    Quote Originally Posted by Master Razor View Post
    @anon
    What would be the best way to update XP? nLite to slipstream for sure but how do you get all the updates from SP3 until preset? I don't want t download them one by one...
    Oops, I didn't notice this edit until now. The answer is nLite, of course. Just go to xdot.tk to get a batch file that downloads all updates released after Service Pack 3, obtain the XP version of KB4012598 manually from Microsoft's Update Catalog, then add all of them to your list of slipstreamed updates, sorted by date in ascending order. Also get Pale Moon 26.5.0, Chromium 49 or Opera 12.18 to replace Internet Explorer 8 (which is obsolete for everyday usage, so an alternative browser can almost be considered another update). I would actually evaluate removing IE and the MSHTML rendering engine altogether.

    Do this, all of it, and run the resulting update in the post-install phase to update all the revocations and trusted CAs (this is important and not the same as just running rvkroots). Apply the following registry tweaks to make things a bit less insecure more secure.

    Code:
    REGEDIT4
    
    ; Disable Autorun for everything, everywhere
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutorun"=dword:000000ff
    "NoAutorun"=dword:000000ff
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    @="@SYS:DoesNotExist"
    
    ; TCP/IP stack hardening
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
    "DeadGWDetectDefault"=dword:00000000
    "DisableIPSourceRouting"=dword:00000002
    "EnableDeadGWDetect"=dword:00000000
    "EnableICMPRedirect"=dword:00000000
    "PerformRouterDiscovery"=dword:00000000
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ; Only support TLS 1.0 on Internet Explorer (or anything using its engine)
    "SecureProtocols"=dword:00000080
    ; "Check for server certificate revocation" by downloading CRLs
    "CertificateRevocation"=dword:00000001
    
    ; Warn if CRL download doesn't succeed; see https://pkisolutions.com/ie-crl/
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
    "iexplore.exe"=dword:00000001
    
    ; Handle undefined name constraints like Windows 7; see http://unmitigatedrisk.com/?p=198
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\root\ProtectedRoots]
    "Flags"=dword:00000020
    
    ; Disable insecure ciphers, hashes and protocols in Schannel
    ; Leaves TLS 1.0 with 3DES, SHA1 and either DHE or RSA key exchanging as the only two cipher suites
    ; Sub-optimal, as 3DES provides no FS and servers are phasing it out, but it's the most that can be done
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "Enabled"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
    "Enabled"=dword:00000000
    
    ; Don't store WDigest credentials as plaintext in memory; see https://support.microsoft.com/kb/2871997
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
    "UseLogonCredential"=dword:00000000
    
    ; Disable DCOM to close port 135, 1025 and others
    ; May break some things, the comments tell you how to undo the changes if required
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
    "EnableDCOM"="N"
    ;"EnableDCOM"="Y"
    "EnableRemoteConnections"="N"
    ;"EnableRemoteConnections"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc]
    "DCOM Protocols"=hex(7):00,00
    ;"DCOM Protocols"=hex(7):6e,63,61,63,6e,5f,69,70,5f,74,63,70,00,00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
    "UseInternetPorts"="N"
    ;"UseInternetPorts"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
    "TransportBindName"=""
    ;"TransportBindName"="\\Device\\"
    
    
    ;


    Today I learned that you can "[s]et up an environment variable called SSLKEYLOGFILE that points to a writable flat text file. Both Firefox and Chrome (relatively current versions) will look for the variable when they start up. If it exists, the browser will write the values used to generate TLS session keys out to that file."
    "I've seen the future and I leave it all behind."
    Reply With QuoteReply With Quote
    Thanks

  3. #33
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    As a coder, I am amazed at how much the dash character is used in naming filenames and naming language constructs such as classes, functions, variables... .
    It is a know fact that the recommended delimiter is a underscore. Besides the aesthetics, it also treats multiple words as one (double-click selection). However, when used in webAPI, the delimiter should be a dash. Web crawllers indexes dashed words as separate words.
    I have never named any file with a space or a dash. Always use underscore for everything.


    Still I'd like to know why this is. Why does an OS treats lorem_ipsun as a whole while lorem-ipsun as separate? Is this an OS setting, a character set limitation/feature, or what?
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

  4. #34
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    I just found out that Windows 10 v1703 is the only version/edition of windows that supports RDNSS. The RFC was made in 2010 yet they implemented it in 2017, DIE MICROSOFT!!!! DIE!!
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

  5. #35
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    33,621
    Activity Longevity
    12/20 19/20
    Today Posts
    5/5 ssss33621
    Quote Originally Posted by Master Razor View Post
    I just found out that Windows 10 v1703 is the only version/edition of windows that supports RDNSS. The RFC was made in 2010 yet they implemented it in 2017, DIE MICROSOFT!!!! DIE!!
    They also implemented a robust dual TCP/IP stack which was responsible for single-handedly increasing IPv6 adoption all around the world, and half a decade before that was trendy... but hey, fuck Microsoft, fuck the system

    Note I'm not counting the IPv6 previews that were available for Windows XP, 2000 and even 98, because those were a mess.
    "I've seen the future and I leave it all behind."
    Reply With QuoteReply With Quote
    Thanks

  6. #36
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    They also implemented a robust dual TCP/IP stack which was responsible for single-handedly increasing IPv6 adoption all around the world, and half a decade before that was trendy... but hey, fuck Microsoft, fuck the system
    Yes but you forgot to mention something: that was then, this is now. If you look closely, no RFCs are followed anymore by microsoft. There are huge delays in any implementation if any. Windows is a mess.
    Last edited by Master Razor; 12.10.17 at 19:05.
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

  7. #37
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    A long time ago I learned that windows create a separate boot partition 100mb/200/mb/350mb/whatever the fuck has w10 now... on any drive that doesn't have a active partition bit set. I other words, if you format the drive from the windows setup, and select install, it will always create a separate boot partition. The documentation of microsoft doesn't specify (what a shock) that this behaviour applies to unattened setups as well.
    For instance, in a unattend.xml is set create partition 1 and partition 2. Now if you configure it to only create one partition and leave the rest unpartitioned, it will correctly use the C drive as boot and recovery. If you set it to create two partitions, it will set all your boot files on D drive.

    Also learned that windows 10 security is severely crippled when installing updates. Most AV suites stop working (again, what a shock) when updating from a previous build to a newer one. Basically, anything that gets deep in windows and integrates with it, like an av for instance will not work correctly. So does large software suits such as adobe or autodesk. Performance issues all around.

    And I also have a theory. I know that microsoft gives out parts of its windows source code to any country that refuses to use it unless is verified as safe. Now, the chinese and russians have had all windows source codes since the year 2000. The russians have control over the popular av suite kaspersky. Everything is tracked, either via microsoft or antiviruses. I suspect at the first sign of war many windows machines will stop working. A timebomb can come from anywhere.


    That microsoft is so...
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

  8. #38
    Elite Master Razor's Avatar
    Join Date
    21.07.08
    Location
    Bucharest, Romania
    Posts
    1,448
    Activity Longevity
    9/20 18/20
    Today Posts
    1/5 sssss1448
    Today I learned that a remote desktop connection will automatically adjust to your main screen. If you want it to adjust to a different screen, you have to manually match the Display resolution in Display tab, Display Configuration to your monitor's display resolution. As far as I know, there is no other solution to this.
    Enjoy! (!@#$! microsoft, can't do anything right)

    So, I configured my self these, which you will find them in the attchment:
    image_4.png
    Attached Files Attached Files
    Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain.
    ... and since I can remember, I've always been different that others, and I've never been on the majority side.
    I am the one and only Master Razor... lost in a world of billions of people.
    Reply With QuoteReply With Quote
    Thanks

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126