Elder Scrolls 6 won’t be here for a while, and that Starfield release date remains an elusive mystery, but those of you hungry for some RPG action can take solace in two new previews which have just launched on Xbox Insiders, bringing a pair of Bethesda classics to PC.
Elder Scrolls Legend: Battlespire and Elder Scrolls Adventures: Redguard are two lesser-known spin-offs, originally released all the way back in 1997 and 1998. Battlespire was originally intended as an expansion for Daggerfall, but was transformed into its own game, focusing on a battle with the Daedra, and a climactic trek into Oblivion. Redguard is the bigger of the two games, and has the distinction of being the only game in the whole Elder Scroll series where you play a predetermined character from a fixed, third-person perspective. The plot centres on Tiber Septim and the aftermath of his occupation of Hammerfell, and is even referenced in Skyrim – Redguard’s main character, Cyrus, is the subject of a song you can overhear in the bars and taverns.
Backblaze recently provided consumers with valuable data on what they can expect from their HDD investments. In their recent blog post, the company looked at data from the life expectancy of several brand-name hard disk drives that are seen in use on their servers. Companies that made the list are HGST, Seagate, Toshiba, and Western Digital.
Backblaze analyzes HDDs over ten years to see the trend in their life expectancy
Consumers should understand that the length of life across HDD brands can vary, even with the top-rated brands. With Backblaze's recent data, they looked at HDDs that range from 4 TB up to 14 TB. The hope the company has is to answer the question of the lifeline of a hard drive that a consumer is currently looking into investing in for the future.
Backblaze has tabulated their data analysis starting almost ten years ago — April 2013 to be exact — researched the company's hard drives in large quantities and applied the Kaplan-Meir life expectancy curve. The Kaplan Meier Curve offers a visual representation that shows the probability of an event at a particular time gap. The curve is expected to approach the actual survival life under the studied subject (in this case, hard disk drives). The most significant determining factor in the analysis is ensuring that the company had plenty of drive to apply the curve, and it appears they successfully answered several questions. Readers should note that some of the hard drives on the list did not make the life expectancy by the end of the culmination of data, which was March 31, 2022.
Let's look at the 4TB HDD analysis, where Backblaze looked at the HGST HMS5C4040BLE640 (known as the HGST MegaScale to clients) and Seagate's ST4000DM000 HDD. Before testing, HGST was acquired by Western Digital in 2012 but remained with the name on the analyzed HDDs. These two drives were utilized in 2013 and lasted a little over a few years.
Image source: Backblaze
The graph above shows that Seagate's 4TB HDD life expectancy drops significantly over 72 months. Eighty-one percent of Seagate's HDDs lasted during that period. However, HGST's drives lasted the same period with a much higher percentage — ninety-seven percent of the analyzed HDDs.
However, many more items go into a purchase decision outside of "shelf life." Consumers' thoughts such as performance, purchasing accessibility, and cost play a significant factor in deciding on investing in a dependable HDD.
From a cost perspective, HGST HDDs are almost 1.5 times more expensive than Seagate's equivalent drive. Seagate drives are also more convenient than HGST's drives to purchase in larger quantities. HGST's focused segment is the enterprise marketplace, meaning that potential buyers are looking for highly reliable drives, explaining the increased cost. Seagate's market for the 4TB HDDs is desktop PCs. Consumer PCs are expected to be more consumable, meaning they do not last as long and need upgrades or replacements at a higher rate.
Backblaze does consider other metrics in their analysis. For one, the typical consumer is quick to change out drives, and when looking at the research, Seagate drives showed that 4,200 HDDs more than HGST's drives during that period did not survive. The number of drives needing to be replaced each day — each year — adds up, especially when a technician must spend two-thirds of an hour replacing hard drives.
Image source: Backblaze
Two HDDs were analyzed again in the 8TB segment, but both were from Seagate. First the consumer-level ST8000DM002 and the ST8000NM0055, an enterprise-level HDD from the Exos sub-brand. In a surprising turn of events, the consumer level outlasted the enterprise level HDD, but only a tiny fraction during the six years. 95% of the consumer HDDs survived, while 93.6% of the enterprise drives lasted during the analysis period.
The 12TB HDD was the start of severe numbers from the analysis by Backblaze. The drives compared were from Seagate, with their Exos X14 (ST12000NM0008) and the Exos X16 (ST12000NM001G) HDDs along with one HGST model, the HGST HUH721212ALN604. The HGST HDD in this comparison may have the newly stickered "Western Digital" branding, but that is less of the point as WD utilized HGST's technology for their drives.
Image source: Backblaze
The above graph could be confusing, as the amount of time is reduced by a few years. The explanation is that the higher we go with capacity sizes, the less time these drives have been in the marketplace due to newer technology offering larger memory sizes. Also, HGST's drives cost much more for performance, so those consumers are getting their return on investment. The results show us that, once again, HGST and their preceding technology outlasted Seagate and their two Exos drives. Readers should note that the three drives also offered the same period for their warranty, which was five years for each drive.
Image source: Backblaze
Toshiba, Western Digital, and Seagate round out the last of the analysis with their 14 TB HDD offerings. Toshiba offered an enterprise HDD (MG07ACA14TA), Western Digital (WUH721414ALE6L4), and Seagate (ST14000NM001G) offered high-density HDDs. Every brand showed a 99% life expectancy, with Seagate falling behind compared to the other drives in the graph. However, that indicates that the company improved its technology over time and lost less life when it reached 14TB storage capacities. Again, we see a shorter time analyzed due to these drives not being on the market for over four years.
Toshiba's drive has a gradual decline past the two-year mark. The failure rate increased for the company's drive, so it is unsure why this could happen and if it will affect future drives. But, what the company projected for the hard disk drives in comparison to the actual life of the hard drives is enormous.
Image source: Backblaze
Throughout the testing, due to reliability, Western Digital drives were more favorable among customers than Seagate. However, cost also comes into factor, as shown in the 12TB and 14TB graph analysis failure rates.
AMD debuted its latest 22.7.1 Software Driver yesterday which touted some massive performance gains in OpenGL API with Radeon GPUs & Ryzen APUs. Now we are getting the first results from our own readers which confirm that the performance improvement is indeed real & its a massive one.
AMD 22.7.1 Software Drivers Tested, Showcase Huge OpenGL Performance Boost In Benchmarks With Radeon GPUs & Ryzen APUs
AMD was lacking a bit behind NVIDIA when it came to performance within the OpenGL API but the company has made several improvements and the latest driver is a testament to their hard work. A series of benchmarks have now been posted by our readers which showcase impressive uplifts in overall performance which even exceed the +92% figure AMD themselves published for Minecraft, yesterday.
The benchmarks come from our readers, PhazDelta, Kosiqq and It's a x-ma'am who used tested their hardware within Unigine Heaven and Basemark GPU benchmarks.
AMD Radeon RX 6900 XT New vs Old Driver OpenGL Performance:
We first have a result of the AMD Radeon RX 6900 XT in Unigine Heaven 4.0 which scored an average of 155.8 FPS with the older drivers but once the new drivers were installed, the graphics performance shot up to 196.2 FPS, an increase of 26%. PhazDelta also noted that the performance of the OpenGL API is better than the DirectX 11 API within the same benchmark now. In DirectX 11, he scored 244.5 FPS on average & with OpenGL API, he scored 251.7 FPS on average, marking a difference of 3%.
AMD Radeon RX 6800 Basemark GPU Benchmark New vs Old Drivers OpenGL Test #1:
2 of 9
AMD Radeon RX 6800 Basemark GPU Benchmark New vs Old Drivers OpenGL Test #2:
2 of 9
Next up, we have results within the Basemark GPU benchmark which uses the OpenGL 4.5 API. One test result shows 7759 points with the older and 17814 points with the new drivers on the AMD Radeon RX 6800 graphics card and the other shows 7496 points with the old and 16592 points with the new drivers on the same graphics card. That's an improvement of 2.3x which is simply insane.
It's not just the AMD Radeon GPUs that are witnessing a good boost in OpenGL performance but so are the Ryzen APUs that utilize RDNA 2 graphics architecture. As spotted by Videocardz, Twitterati Cary Golomb, ran a Ryzen 7 6800U at 10W with the new 22.7.1 Software Drivers and scored a 12% performance uplift. The older drivers delivered a max FPS of 31.9 while the newer drivers uplifted the performance to 35.7 FPS, scoring a perfect 900 points in Unigine Heaven 4.0. These are just a few examples of the OpenGL performance boost coming from the new drivers and if you happen to have noticed some big improvements while running an OpenGL app or game, do share with us in the comments below.
It's not just students and internet debaters who lean on Wikipedia in a pinch. MIT CSAIL researchers have conducted a study revealing that Wikipedia can influence the legal decisions of judges when there are articles covering relevant cases. The existence of a Wiki page for a case increased its citations by over 20 percent, the scientists said. The boost was pronounced when a case supported a judge's argument, and the language of the articles sometimes manifested in the decisions.
The team conducted the study by having law students write over 150 articles on Irish Supreme Court decisions. Half of the pieces were randomly chosen to be uploaded where judges, lawyers and clerks could use them, while the rest were kept offline to help understand what would happen in the absence of a Wikipedia article. The randomized nature showed a true causal link between articles and citations, according to lead researcher Neil Thompson.
CSAIL also noted that the Irish legal system was an ideal testing ground. Higher courts' decisions bind lower courts, as they do in the UK and US, but there aren't nearly as many articles on Irish Supreme Court decisions as there are for its US counterpart. The researchers increased the number of relevant articles "tenfold" just by writing examples for the study.
As to why people might turn to Wikipedia? It might come down to a simple matter of time. The spike in citations mainly came from lower courts (the High Court) rather than the Supreme Court itself or the Court of Appeal. To CSAIL, that suggested judges and clerks were using Wikipedia to cope with busy court dockets — it was easier to find precedent-setting cases through a quick online search.
The findings are potentially problematic. While the cases themselves might be sound, Wikipedia isn't always accurate. There's a risk that a judge might issue a ruling based on a flawed article, or that malicious actors could manipulate entries to skew a trial's outcome. Study co-author Brian Flanagan argued that the legal community should verify that any online analysis, whether it's from Wikipedia or elsewhere, is both comprehensive and comes from expert sources.
If you're looking to upgrade your entertainment setup, finding the best projector could be the perfect solution. Whether you’re into binge-watching shows, hosting outdoor movie nights or even leveling up your gaming experience, modern projectors can help you do it all. Some are fantastic for creating that full home-theater vibe, while others are so good they could even replace your TV, offering huge screen sizes, sharp image quality and built-in smart features.
And it’s not just about indoor fun. Many projectors are portable enough to take outside, making them great for BBQs, yard parties, or just enjoying a cozy movie night under the stars. With features like auto-focus for easy setup and wireless streaming, they’re more convenient than ever. Some are even designed for easy room-to-room transport, meaning you can switch up your viewing experience wherever you are. If you're thinking of stepping up your viewing game, we've tested some of the best projectors out there to help you find the right one for your needs.
As with previous updates, I’m dividing projectors into ultra-short-throw and long-throw categories. As mentioned, ultra-short-throw models have rapidly established themselves in the market due to the extra performance and convenience, and all manufacturers sell at least a couple of models. Within the ultra-short-throw category, We’ll compare two price categories: under $7,000 and $3,500, with three projectors each. In the long-throw category, we’re again looking at projectors under $1,000, $2,000 and $6,000, with three products in each range. Finally, we’ll take a look at the best portable projectors.
Best UST projectors under $7,000
More ultra-short-throw projectors under $7,000
Epson EpiqVision Ultra LS500
If you need the brightest possible image, Epson’s LCD-powered EpiqVision Ultra LS500 ($3,899) delivers. It’s rated at up to 4,000 lumens, making it one of the brightest ultra-short-throw projectors in any price range. It also supports HDR modes in HDR10 and HLG and is sold with both 100-inch and 120-inch ALR screens, making the price effectively lower. The main drawback is that it only offers double the pixels of 1080p, rather than four times like competing DLP tech. It also offers a relatively weak 10-watt built-in speaker system.
HiSense L9G
This is HiSense’s new $4,300 flagship UST that uses a tricolor laser to achieve high brightness (3,000 ANSI lumens) and an incredible 107 percent BT.2020 HDR coverage, topping even Samsung’s formidable LSP9T. It has a powerful 40W Dolby Atmos sound system and built-in Android TV with Google Assistant and Alexa. Best of all, that price includes a 100-inch ALR Daylight screen, or for an extra $500, you can get it with a 120-inch ALR cinema screen.
Best projectors under $6,000
More projectors under $6,000
Optoma UHZ65LV
Optoma’s $6,000 UHZ65LV also uses a long-lasting laser light source to deliver a 5,000 lumen image, much brighter than any lamp-powered projector. It also delivers true 4K resolution up to 60p, thanks to the TI 0.66-inch DLP chip. The extra brightness and contrast make it ideal for HDR10 or HLG content. It also comes with desirable features for a long-throw laser projector, like a 1.6x zoom and vertical lens shift.
LG CineBeam HU810PW 4K
Speaking of long-throw laser projectors, LG’s $3,000 CineBeam HU810PW is another excellent pick at a much lower price point. There are some compromises, as the laser light pushes out a lower 2,700 lumens (that’s still a lot), and it has a smaller 0.47-inch DLP chip that delivers slightly lower perceived resolution. However, it has dual blue and green lasers which help it deliver accurate HDR colors with an excellent 97 percent DCI-P3 coverage. It also offers a 1.6x zoom with lens shift and an HDMI 2.1 port that allows for 4K at 60p with up to 12-bit color depth. It comes with LG’s webOS, so it supports Amazon Prime, Netflix, Hulu and other streaming services without the need for a dongle.
Sony VPL-VW295ES
If you’re looking for a true, native 4K projector, Sony’s $4,500 VPL-VW295ES is the least costly option out there. It’s by far the sharpest 4K projector in this roundup, thanks to Sony’s proprietary 4K SXRD native DCI 4K (4,096 x 2,160) panels. It also delivers extremely accurate colors, with 100 percent DCI-P3 coverage and HDR10/HLG support. You also get niceties like a 2.06 zoom lens with powered zoom, lens shift and focus. The main drawback is a relatively dim 1,500 lumen brightness, but it’s a top pick if picture quality is paramount above all.
Best UST projectors under $3,500
More ultra-short-throw projectors under $3,500
Optoma CinemaX P2
Optoma’s CinemaX P2 made our list last year, but it’s one of the best projectors now because the price has dropped considerably. It delivers 3,000 lumen brightness, impressive contrast ratio and accurate colors with 80 percent DCI-P3 coverage. It’s not quite as sharp as the pricier projectors, as it uses TI’s 0.47-inch rather than 0.66-inch DLP tech, though you’ll still get a near-4K image.
The CinemaX P2 may also better match your living room decor, as it comes in white rather than dark grey like the P1. The 40-watt NuForce Dolby Digital 2.0 soundbar is one of the best on any ultra-short-throw projector, as well. On the downside, it does offer apps but they’re not as good as you’ll find on, say, Google’s Chromecast.
BenQ V7050i
BenQ’s first UST laser projector is at the top end of the price scale at $3,500, but it offers some impressive capabilities. Light output is a bright 2,500 ANSI lumens and it delivers a full 98 percent DCI-P3 coverage for as good an HDR experience as you can get on a projector. You also get a Filmmaker Mode to see colors as the directors intended. It’s powered by Android TV so you get all the streaming services and apps you want, along with apps, games and more. The downside is the lack of decent speakers, as it only offers dual 5-watt speakers with clear sound but limited bass.
Epson EpiqVision Ultra LS300W
If you’re okay with 1080p projection, Epson’s EpiqVision Ultra LS300W is a very interesting option because of the design, excellent sound, built-in Android TV and extreme 3,600 ANSI lumen brightness. That allows for a wide color gamut with no rainbow effect, excellent connectivity and very good sound without the need to buy a soundbar or surround sound system. Best of all, it’s priced at just $2,000, making it one of the cheaper short-throw projectors out there.
Best projectors under $2,000
More projectors under $2,000
Optoma UHD38
For extra brightness and speed for gaming, the answer is Optoma’s all-new, $1,600 4K-capable UHD38. It cranks the lumens up to 4,000 and like the Viewsonic PX701-4K, offers 240Hz gaming at 1080p with one of the lowest latency figures we’ve seen yet in a projector at 4.2 milliseconds. Otherwise, you can do 4K 60 Hz gaming with 16.7 milliseconds of lag, which is very quick for 4K. It’s optimized more for gaming than entertainment unlike BenQ’s HT3550i, but it can still handle HDR10 and HLG. It supports both zoom (albeit just 1.1x), but also vertical and horizontal lens shift.
Epson Home Cinema 4010 4K Pro
Epson’s $2,000 Home Cinema 4010 4K Pro is the Cadillac of under-$2K home projectors thanks to features like 2,400 lumen brightness, dynamic iris, and motorized zoom (2.1x), focus and lens shift. This Epson projector delivers in picture quality too, covering 100 percent of the DCI-P3 color space in cinema mode with both HDR10 and HLG. It also offers near-4K quality using 1,920 x 1,080 LCD image chips with pixel shifting. The drawbacks are lack of support for 60Hz 4K due to the HDMI 1.4 ports.
If you need that, want to pay a bit less and don’t care about the motorized focus, Epson’s $1,700 Home Cinema 3080 4K Pro is the way to go. It offers similar features like HDR10 and HLG, but supports 4K 60p thanks to the HDMI 2.0b ports. There’s no motorization and the zoom drops to 1.6x, but it supports generous tilt, shift and zoom ranges.
Best projectors under $1,000
More projectors under $1,000
BenQ HT2050A
For around $700, the BenQ HT2050A is still one of the best budget 1080p projectors. It delivers where it counts with the best contrast (ANSI 1,574:1) and color accuracy in its class, and is reasonably bright as well, with 2,200 lumens in "vivid" mode. On top of that, it comes with a 1.3x zoom and vertical lens shift option for maximum installation flexibility. The drawbacks include slightly excessive fan noise, rainbow effect and red-tinted 3D.
Optoma HD146X
If you’re looking to spend a little less on a budget projector, the Optoma HD146X is your best option. Using DLP tech, it delivers 1080p at up to 3,600 lumens with excellent brightness, color accuracy, contrast and black levels. You also get decent (16.4-millisecond) input lag for gaming. The drawbacks are a single HDMI port, 1.1x optical zoom and poor built-in audio.
Best budget portable projectors
More budget portable projectors
BenQ GS2
This $470 model is designed specifically for outdoor entertainment, so it’s battery-powered and splash and shock resistant – making it your best bet for backyard movie nights or for watching sports events, camping and more. It’s also one of the brightest portable projectors out there and has a battery life of up to three hours. This outdoor projector only delivers 720p resolution, but it does come with a streaming app in the form of Aptoide TV.
Anker Nebula Solar HD
This full HD projector has a pretty rich feature set considering the $600 price including a battery. This portable projector delivers 400 lumens for reasonably bright outdoor use, has a reasonably powerful 2x3W speaker system with Dolby Digital Plus, comes with Android TV and has a built-in stand for easy adjustment.
What to look for in a projector
Ultra-short-throw
Since the last time we updated our guide, ultra-short-throw projectors have become the hot new category, offering several benefits. You can mount them close to the wall like a TV, with no need to run wires through the walls and ceiling, but still get an immersive image as large as 120 inches — something that’s impossible with a TV unless you’re very rich. They use brighter lasers that never need to be replaced — and because laser light is collimated, focusing is eliminated.
They’re also physically less awkward to install than a ceiling-mounted projector, though that doesn’t mean installation is super easy. To get the perfect screen fit and alignment, you must place them an exact height and distance from your wall or screen. This can be quite a pain, as I’ve discovered.
You also need a perfectly flat wall or projector screen, because ultra-short-throw projectors beam up at an acute angle, so any imperfections will show as shadows. For that reason, you can’t use a roll-down screen because they have slight ripples.
For the best results, particularly with a lot of ambient light, you should use an ambient light-rejecting (ALR) screen. Those have small ridges that reflect light from below back to your eyes, but absorb any light (ie ambient light) that comes from above. For one of those, you’ll need to budget at least $450 and way up. Some projectors, including models from Epson and HiSense, come with ALR screens.
Brightness and contrast
Home theater projectors generally range in brightness between 2,000 to 4,000 lumens, but you'll need to take those figures with a grain of salt. Some models might actually hit 3,000 lumens or more, but cranking the lamp to that level will hurt the image quality and lifespan of your bulb. Also, some manufacturers tend to exaggerate maximum brightness.
As a point of reference, many 4K flat panel TVs nowadays can hit 1,000 nits of brightness, but the brightest consumer projectors only display between 100 and 150 nits from the screen. That’s not as big a deal as it might seem, because projector images are much larger and meant to be used in dark rooms, where your eyes will automatically adjust to the light and “brighten” the image.
Contrast is also substantially different on home theater projectors. Unlike OLED TVs, projectors don’t allow for zero black levels because of ambient light, reflections and other reasons. You also can’t have local dimming zones found on LED TVs for true blacks. Some projectors do have a dynamic iris to improve the contrast scene-by-scene, but those can often produce a “pumping” effect, with the image dimming or brightening in mid-scene.
Elite Starling
Mounting and fan noise
A big advantage of regular long throw projectors is that you can mount the projector and screen on the ceiling, using zero space in your room. If you plan to do that, don’t forget to budget for a mounting bracket and any necessary long cables, including extra power for Google's finicky Chromecast (though you could opt for a smart projector with built-in streaming apps instead). Also, keep in mind that it's easier to mount a lightweight home theater projector, and DLP models are usually lighter than those with LCD tech.
Some projectors are noisier than others, and usually the more you spend, the less noise you get. Many of the new 4K DLP projectors, when operating in 4K mode, are particularly noisy. There's one other (cool) thing: if you have a portable projector or even one that is relatively easy to take down and put up, you can take it outside for magical night screenings under the stars.
HDR and resolution
As related to projectors, these things could each take up an entire article. In fact, they have — for a deeper dive, take a look at Projector Central’s excellent takes on HDR and resolution.
On the resolution front, only expensive projectors have native 4K resolution; indeed, most movie theaters still use 2K projectors for various reasons. However, there are many relatively inexpensive DLP projectors that use pixel-shifting to attain 4K resolution. That system emits each pixel four times while moving it to the correct position for a 4K image, all in less than 1/60th of a second. As such, it puts as many pixels on the screen in the same amount of time as a 4K native projector — and visually, it performs nearly as well.
On the other hand, Epson's LCD “4K enhanced” projectors also have 1080p resolution, but the image is just shifted twice, not four times. So, those projectors are not 4K natively or otherwise, but do produce double the pixel count of a 1080p projector. If you really want a 4K native projector, you’ll have to pay: two of the cheapest ones are Sony's VPL-VW295ES ($5,000) and JVC's DLA-NX5 ($5,000).
HDR is a very different animal on projectors compared to TVs. As mentioned, projectors can’t produce anywhere close to the amount of light required (1,000 nits) to qualify as true HDR. Rather, they use a technique called tone-mapping to fit the entire HDR gamut into a lower brightness range.
For that reason, among others, almost all projectors only support HDR10. Only one uses Dolby Vision (the Xiaomi Laser Cinema 2, only available officially in China), and just a couple of models work with Samsung’s HDR10+ — and those are Samsung’s own Premiere 4K models. However, most support a wider 10-bit color gamut that allows for superior color reproduction.
Optics
If you're mounting a short- or long-throw projector between five and 25 feet, you might need to consider the zoom range and whether the projector has a lens shift option. A decent zoom range will make it easier to mount the projector where you want with the screen size that you want. If the projector has an auto focus feature, it will adjust the lens to create a sharper image by calculating the distance between your projector and the wall or screen.
Lens shift, meanwhile, is used if the projector is mounted higher or lower relative to the screen than recommended by the manufacturer (or any horizontal distance off center). That creates a trapezoidal shaped image, but by dialing in some lens shift, you can optically square it up. Otherwise, you might have to use a "keystone correction," which digitally stretches or shrinks part of the image, resulting in noticeable distortion or pixel artifacts. Digital correction might not work in gaming modes either, for some projector models.
Gaming
If you’re interested in a gaming projector, you’ll want to look up the refresh rate and input lag figures. Some new projectors from Viewsonic, Optoma and others offer up to 240 Hz 1080p refresh rates and input lag settings down to 4 or 5 milliseconds. When paired with a compatible projection screen, you can expect an immersive experience from your game console on the big screen. However, some projectors designed more for home entertainment have very poor input lag and refresh rates at just 60 Hz.
Portable projectors
Finally, portable projectors have become popular enough to merit discussion this year. They’re relatively cheap, compact and portable and can run on batteries – making them ideal for entertainment outside or while camping. These outdoor projectors are not nearly as bright as others, of course, but are more designed for a fun night of entertainment under the stars.
The technology: LCD and DLP projectors
Here are the basics: Traditional projectors generally use two types of technology, LCD and DLP. They’re fundamentally different systems, with their own advantages and drawbacks.
The rise of ultra-short-throw projectors and brighter long-throw models, meanwhile, has been powered by falling prices in laser illumination technology. Lasers are a far better solution than lamps, because they’re brighter and last far longer — up to 30,000 hours instead of 6,000. That’s essentially a lifetime of use (about 10 years).
Most projector manufacturers now use DLPs, or digital light processing units, manufactured nearly exclusively by Texas Instruments (TI). The heart of the tech is an optical semiconductor called a digital micromirror device (DMD) that contains millions of aluminum mirrors. Those tilt either toward the light source (on) or away from it (off) at up to 5,000 times per second.
Budget projectors like BenQ’s HT3550i use TI’s 0.47-inch DMD, while higher end models, like the Samsung Premium LSP9T use the 0.66-inch chip. Both use mirrors that tilt by +12 and -12 degrees for white and black, but TI recently unveiled a new 0.47-inch 4K-capable DMD with +/-17 degrees of tilt, which should enhance both brightness and contrast.
DLP projector makers include LG, Optoma, LG, BenQ and Panasonic. The benefits of the tech are portability (like Samsung’s The Freestyle 180-degree projector), high contrast, less fringing and cheaper projectors, especially 4K and ultra-short-throw models. The biggest drawback is the rainbow effect, or bright red/blue/green artifacts that affect some viewers more than others.
LCD tech, meanwhile, uses a prism to split a light source into red, green and blue beams. Those then pass through LCD displays containing the image and converge via another prism before passing through the projector’s lens.
Epson is the primary user of LCD tech, along with Sony, Sanyo and others. LCD projectors tend to be sharper, more efficient and more color accurate, but have lower contrast ratios and can experience image degradation over time. In general, they’re also more expensive.
Projector FAQs
Are 4K projectors better?
Yes, because higher resolution is more noticeable on larger screens, so 4K is particularly useful with projectors since they beam images up to 200 inches in size. That being said, brightness and contrast are more important.
Is a projector better than a TV?
Projectors can provide a more immersive experience thanks to the large screen, but they’re not necessarily “better.” Since you usually have to dim the lights with a projector, TVs are superior for everyday use.
Is 2000 lumens bright enough for a projector?
Yes, 2000 lumens is easily bright enough, even with some ambient light in the room. However, the image will still be hard to see with the windows open on a bright day.
Should I get a 4K or 1080p projector?
That depends on your budget and needs. If your budget is below $1,000, look for a 1080p projector with the best brightness and contrast. Between $1,000-$2,000, you’ll need to weigh whether brightness or 4K resolution is most important. Above that, choose the brightest 4K projector you can afford.
What are the best projectors in daylight?
The best projectors in daylight are ultra short throw (UST) models, as they have the brightest and sharpest image. However, they generally cost more than $2,000.
This article originally appeared on Engadget at https://www.engadget.com/home/home-theater/best-projectors-123004354.html?src=rss
Paul Sorvino, the accomplished actor behind crucial parts in "Goodfellas" and Baz Luhrmann's "Romeo + Juliet," died on July 25 at age 83, but director Martin Scorsese was quick to share his memories of the performer in the wake of his heartbreaking passing.
"Paul Sorvino was a brilliant actor. He was completely immersed in his craft, and his level of mastery could take your breath away. Look at his performance as Louis Fraina in 'Reds' by Warren Beatty. He found a wonderfully expressive voice for his character, and quite a unique body language: urgent, fervent, and impassioned. Watch it back to back with his performance as the televangelist in 'Oh God' by Carl Reiner. At first glance, it seems like a broad comic turn, a send-up of Jimmy Swaggart and Jerry Falwell. But when you really pay attention, you see that Paul is inhabiting the character completely. It's hilarious but it's also sobering and disturbing."
Two Greats Working Together
Sorvino's "Oh God" performance is what propelled Scorsese to cast him as Brooklyn crime family head Paulie Cicero in the now-iconic "Goodfellas," which propelled Sorvino to greater heights as a working actor. The filmmaker opened up further about what it was like to collaborate with the supporting actor in the beloved 1990 mobster feature in his statement.
"I loved working with Paul on that picture," the director added. "It wasn't always easy, but that's never the point to begin with. Paul was tireless — he never settled for less than a deeper emotional truth. I learned a lot from him. ... I remember one day, I was doing a few takes with him on a scene and it wasn't quite there. On about the third or fourth take, he said to me, 'Come away from the monitor and watch me.' That's what I did, and I could see it right away. It was a great lesson."
Saying Goodbye To The Goodfellas
Finally, the filmmaker reflected on losing not only Sorvino, but also "Goodfellas" leading man Ray Liotta this year. "I was really saddened to hear the news of his passing," Scorsese noted. "In part because it was so close to losing Ray Liotta. But it was also the loss of a great, generous soul, and an irreplaceable artist."
It's been a one-two punch for fans of the regarded mafia film over the last few months. Liotta died at age 67 on May 26, a passing that shook the film world and leaves us with several posthumous film and television releases to discover from him in the near future.
Sorvino was perhaps best known for his role in the Oscar-winning crime drama, but his legacy spans stage and screen. In 1972, he was nominated for a Tony Award for his performance in the play "That Championship Season," so his talents were truly all over the map. He is survived by his children, actors Michael and Mira Sorvino, and his wife, Dee Dee Benkie.
Microsoft is rallying other big-name cloud-computing providers such as Alphabet's Google and Oracle to press the U.S. government into spreading its spending on such services more widely, taking aim at Amazon's dominance in such contracts. From a report: The software giant has issued talking points to other cloud companies aimed at jointly lobbying Washington to require major government projects to use more than one cloud service, according to people familiar with the effort and a document viewed by The Wall Street Journal. Microsoft also approached VMware, Dell, IBM and HP said the people familiar with the effort. It hasn't yet asked Amazon to join the loose alliance, the people said.
Amazon dominates the cloud-infrastructure industry with a 39% share of the 2021 global market ahead of Microsoft at No. 2 with a 21% share, according to research firm Gartner Inc. Amazon looms even larger in the business of selling cloud services to governments. Amazon's cloud had a 47% share of the 2021 U.S. and Canada public-sector market orders, ahead of 28% for Microsoft, according to Gartner. The National Security Agency last year picked Amazon as the sole vendor for a cloud contract that could be worth potentially as much as $10 billion over the next decade, renewing an existing business relationship.
Hi,
I had a chance to test a nVidia GTX 970 card under DOS. My short tests led me to assumption that the VESA BIOS has the same bugs like on older GTX 670 - e.g. problems with Dark Debugger, crippled fonts in Keen Commander, a bit messy graphics in Partition Magic...
VESA mode list seems to be built dynamically according to attached monitor (it's EDID) trying to utilize a native resolution. I tried 2 LCD panels, my NEC via DVI-D with 1600x1200 - it was the max offered VESA mode, total 31 vmodes. Then I tried with Dell 1900x1200 via DP and the max offered VESA mode was 1900x1200, total 35 vmodes. The xfer speed in vesatest was cca 2,8GB/s same as with GTX 670. So there seems no differences in VBE implementation on this nvidia cards. Maybe it helps someone upgrading his system (GTX 9xx is the last line supported in WinXP-x86).
I thought it would be a fun to write a listicle about things in your house that are dirtier than your toilet, mostly because I wanted to make you feel bad about your housekeeping. I quickly discovered I was hardly the firstinternet-hack/list-artisttohavethisidea.
With the state of inflation the way it is, it’s not unlikely you’ve considered doing some unconventional things with your finances—and one unconventional way you can get more bang for your buck is by retiring abroad. There are quite a few financial incentives for spending your golden years overseas: Lower costs of…
Marvel Studios’ panel during San Diego Comic-Con delivered a sensational amount of news to the fandom, with studio head Kevin Feige revealing the lineup for Phase 5 and beyond.
One special treat for SDCC attendees was the first trailer for Ant-Man and the Wasp: Quantumania, and we introduce you to MODOK – the villain who made his MCU debut.
Directed by Peyton Reed and written by Jeff Loveness, Ant-Man and the Wasp: Quantumania features returning stars Paul Rudd, Evangeline Lilly, Michael Douglas, Michelle Pfeiffer, and more as the titular superheroes face-off against Kang the Conquerer and the Quantum Realm.
Marvel Studios’ Black Panther: Wakanda Forever | Official Teaser
BridTV
10944
Marvel Studios’ Black Panther: Wakanda Forever | Official Teaser
https://i.ytimg.com/vi/RlOB3UALvrQ/hqdefault.jpg
1060070
1060070
center
32600
Ant-Man 3 exclusive trailer
The general public has not seen the first trailer for Ant-Man and the Wasp: Quantumania yet, as the official first look was released as an exclusive to SDCC attendees.
Some details have been shared, however, including the latest look at Jonathan Majors’ Kang the Conqueror – returning after his debut in Loki Season 1.
Kang is set to be the next major villain in the MCU, following The Infinity Saga’s Thanos, but cybernetic foe MODOK will also have a hand in making waves for Scott Lang and Hope van Dyne in the Quantum Realm.
Photo by Buddhika Weerasinghe/Getty Images for Disney
Who is MODOK?
MODOK is an acronym, usually spelled M.O.D.O.K., and stands for Mental Organism Designed Only for Killing.
MODOK was created by technician George Tarleton whilst he was working for A.I.M. (Advanced Idea Mechanics) to develop the Cosmic Cube.
Tarleton ended up being mutated into a living, breathing computer by the Scientist Supreme, causing his cranium to increase due to his now superhuman intelligence.
With his body unable to support his now enlarged head, Tarleton was given a support machine called the Doomsday Chair to aid him.
Too many people going “Yeah a human face wouldn’t work”, just rubs me the wrong way a bit. Anyways ugly, weird, human faced MODOK>>> https://t.co/mcWkQUGKFl
— Mauricio | Browntable ? (@Browntable_Ent) July 26, 2022
As fans only have the comic version to go by for now, an image of the bizarre-looking villain has been left to the imagination.
Another fan pointed out the success that Crystal Dynamics’ video game Marvel’s Avengers had in creating a “menacing” design of MODOK, which the MCU will hopefully follow.
Marvel's Avengers literally gave the MCU a blueprint to achieving a menacing portrayal of MODOK without going too campy with his appearance. pic.twitter.com/OrkatZz5BE
In 1975, Steven Spielberg drenched Hollywood with a bloody wave by introducing audiences to a frenzied shark in "Jaws." Today, the violent nature of Spielberg's first worldwide hit has been largely overshadowed by his more popular family-friendly films. In the 47 years since the director made audiences scared to go back in the water, most of Spielberg's movies have explored childhood wonder and imagination with awe-inspiring films about dinosaur parks, lost aliens, and badass archaeologists. However, the transition from bloody waters to the idyllic shore of a kid's imagination wasn't always a smooth one.
Following the success of "Jaws," Spielberg wrote and directed "Close Encounters of the Third Kind," a film about an average guy who witnesses a UFO sighting, experiences strange visions, and becomes obsessed with explaining it. The movie ends with the protagonist hitching a ride into the cosmos on an alien ship. With Richard Dreyfuss' star power, a compelling score by John Williams, and a mysterious alien plot, this film was another Spielberg success that displayed his ability to communicate naive wonder and curiosity. Although the film was a hit and the beginning of Spielberg's most popular style of film, he's regretted the ending for decades. In a 2005 interview with Cinema Confidential, Spielberg discussed his remorse:
"I know that 'Close Encounters,' because I wrote the script, was about a man whose insatiable curiosity and a developing obsession and a kind of psychic implantation drew him away from his family and with only looking back once, walked onto the mother ship. Now, that was before I had kids. That was 1977. So I wrote that blithely. Today, I would never have the guy leaving his family and going on the mothership."
Over the years, Spielberg has released three different versions of the film attempting to soften the blow of Neary's abandonment.
The Problem With Roy Neary
Spielberg's career is full of obsessive protagonists who are willing to throw it all away to pursue their dreams. John Hammond sinks his fortune into a doomed dinosaur theme park, Indiana Jones constantly risks life and limb for ancient treasures, and Roy Neary loses his family, his sanity, and his entire living room along his journey to uncover the truth about aliens. Neary isn't the only Spielberg character consumed by their obsessions or the only one who harms other people in pursuit of them. Hammond throws his grandkids into a highly irresponsible tourist trap, and Jones regularly steals historical artifacts from other cultures, but it's Neary's abandonment of his family that the famed director regrets the most.
In the original theatrical release, "Close Encounters of the Third Kind," Neary checks out of daily life with his wife and kids and jumps headfirst into his obsession with UFOs and aliens. His wife, Ronnie (Teri Garr), tolerates his fixation for a while until he decides to build Devil's Tower in her living room using mud and sticks, at which point she packs up the kids and leaves. Instead of working to win his family back, Neary barely reacts to their absence and continues to throw all of his attention into extraterrestrials. Eventually, Neary tracks down the aliens, hitches a ride on their spaceship, and rides off into the sky without a single thought about his wife and kids.
The original version of Neary easily detaches from his wife and two children, who have no choice but to watch as their loved one is devoured by a strange fixation. Not exactly the heroic Spielberg character audiences fall in love with, so Spielberg gave us a slightly different version of Neary's story in 1980.
1980 Special Edition
In 1980, a Special Edition of "Close Encounters of the Third Kind" was released. According to Ray Morton in his book, Close Encounter of the Third Kind: The Making of Steven Spielberg's Classic Film, this version doesn't include the sequence where Neary builds the Devil's Tower in his living room. Instead, the audience is given a scene where the Neary, overwhelmed by his fixation and frustrated by the lack of answers, locks himself in the bathroom and breaks down. His wife breaks in, sees the state of him, and leaves with the kids.
This version could put Neary's obsession in a new light for some viewers. He's falling apart in the shower instead of gleefully making mud towers in the family room, which hints at the fact that his newfound fixation is hurting him too and that it isn't something he can control. This reframes his quest as an addiction that he can't break free from instead of a conscious choice he makes to devastate his family. Even if this scene makes certain viewers empathize with Neary, it probably disappears when Neary, yet again, boards the mothership and leaves Earth. Even after he finds answers to the questions that have plagued him, he still chooses to abandon his family.
The most controversial thing about this cut was the fact that it included a scene of the mothership's interior. The general consensus of this sequence seems to be that you either love it or hate it. Some fans enjoyed the glimpse into alien technology, while others believed it was better left a mystery.
This version earns momentary sympathy for Neary and offers a fleeting glimpse into a mothership, but it doesn't change the fact that the protagonist takes off on his family.
1998 Director's Cut
In 1998, another version of the classic was released, and the Devil's Tower regained its rightful place in Neary's living room. This version was closer to the original theatrical release, which included all of Neary's obsessive antics, and the bathroom breakdown, without the controversial glimpse into the spaceship. The fact that this cut includes the bathroom breakdown and Neary's living room tower makes this version the most interesting because the audience gets to see how the obsession affects everyone in the family. Neary is plagued by unanswered questions, his wife is frightened by the obsession, and his children are traumatized by the dissolution of their family. This version offers every side of the story, but none of them are a good look for Neary. No matter what changes Spielberg makes to the beginning or the middle, Neary still abandons his family in the end.
Like John Hammond and Indiana Jones, Roy Neary pursues his desires no matter what it costs others, even his family. It's understandable that Spielberg cringes at the abandonment ending, but riding off into space is Neary's dream, and Spielberg, like Hollywood itself, is in the business of making dreams come true.
It's impossible to overstate just how impactful Akira Kurosawa's body of work has been on cinema. Given how ubiquitous his influence is, it can be easy to forget the specific factors that made Kurosawa such a remarkable filmmaker. Kurosawa could do period pieces set throughout the history of Japan that still register as deeply relevant. Just as impressive was his willingness to explore a wide variety of genres from crime thrillers to intimate dramas to jidaigeki features and everything in between.
Perhaps most important of all is the quiet sense of hopefulness that courses through Kurosawa's work. His movies, especially the dramas set in modern Japanese society coping with the aftereffects of World War II, are quite aware of the brutalities of the world and the horrors man can cause. While some titles like "Ran" were wall-to-wall bleakness, many of his other projects depicted isolated samurais coming in to save the day, or doctors opting not to give up on the future even when everything looks hopeless. These are the 11 movies that made Akira Kurosawa a legend.
Rashomon
Kurosawa always had a gift for filming the organic world. Rolling hills, fields of grass, and vast skies always looked so expansive and stunning in his hands. "Rashomon" begins with protagonists Kikori (Takashi Shimura) and Tabi (Minoru Chiaki) sitting inside a dilapidated building while a deluge of rain comes down outside. The presence of rain is captured in a striking manner that conveys how these two characters are overwhelmed by everything around them — including the vastly different tales they've just heard about a samurai's murder and the rape of his wife.
These stories are the crux of "Rashomon" and prove why this movie has remained so influential. Any movie that opts to tell one story from multiple perspectives will forever be compared to "Rashomon." Even after so many imitators, the way "Rashomon" uses varying accounts of past events to reflect the individual personalities of the narrators is still impressive. Screenwriters Kurosawa and Shinobu Hashimoto (adapting elements from a pair of short stories by Ryunosuke Akutagawa) use this narrative structure to pursue larger ideas related to subjectivity and the dishonesty of humanity that so many of the film's imitators never attempt to explore. The cast excels in depicting constantly shifting versions of their characters, ensuring "Rashomon" lives up to its harrowing, rain-drenched opening sequence.
High And Low
Part of what makes "High and Low" such a compelling watch is the moral ambiguity ingrained into its characters. Exemplifying this trait is our protagonist, Kingo Gondo (Toshirô Mifune). Gondo is at the center of a hostage situation, with a gaggle of kidnappers trying to extort him for money. Rather than play Gondo as a straightforward victim, "High and Low" opts to depict him as a more complicated man. For starters, he's introduced as an executive concocting an elaborate and costly scheme to gain full control of the shoe company he works for. This plan isn't necessarily evil, but it does show Gondo as someone with a flawed agenda.
This moral complexity in our lead character is made further apparent once it's revealed that the kidnappers have not taken Gondo's son. Instead, the offspring of Gondo's chauffeur has been mistakenly snatched. Gondo has a chance to be the hero and pay the ransom to save the child, but he initially refuses. Instead, he resumes his plan to take over that shoe company. These details make "High and Low" feel like it's populated with real human beings, while the work of actors like Mifune helps to accentuate that authenticity. The tangible quality of the story is just as memorable as the visuals that include an unforgettable shot that shatters the feature's monochromatic color scheme to incorporate pink smoke.
I Live In Fear
The specter of nuclear anxiety loomed large over many of Akira Kurosawa's films. Rarely was this more apparent than in his 1955 film, "I Live in Fear." This film centers on Kiichi Nakajima (Toshirô Mifune), a man whose life is defined by fear of nuclear annihilation. His plans to prepare for such an event escalate from creating an elaborate bomb shelter to figuring out a way to get to Brazil, a country he believes will be the only place immune from the horrors of atomic war.
In the vein of other Kurosawa classics like "Drunken Angel," "I Live in Fear" has the filmmaker contemplating the best way to navigate an uncertain future. The characters of "I Live in Fear" embody differing approaches to tackling what's to come. Such approaches generally boil down to either ignoring potential horrors or becoming consumed by them. The latter mindset is beautifully captured in Mifune's lead performance, which hauntingly portrays Nakajima losing more and more of himself to his anxiety. Although it was released a decade after the bombings of Hiroshima and Nagasaki, "I Live in Fear" is a harrowing demonstration of how the horrors of the past can overwhelm the present.
The Hidden Fortress
Several of Akira Kurosawa's features are deep contemplations of the nature of existence. However, he was just as capable of creating an entertaining adventure film, which is what he delivered with his 1958 jidaigeki feature "The Hidden Fortress." That's not to say there isn't craftsmanship on display here or even that one couldn't interpret greater themes in this yarn. It's just that the goal of "The Hidden Fortress," first and foremost, is to deliver excitement and thrills. These elements come from a classic plot about a general Rokurota (Toshirô Mifune) and a princess Yuki (Misa Uehara) trying to keep their true identities secret while securing help from a pair of crafty peasants.
This storyline turns out to be a great way to create tense set pieces and offers up numerous opportunities for Kurosawa regular Mifune to shine. Mifune played a wide variety of memorable characters in Kurosawa's filmography, and his range is apparent in his portrayal of Rokurota juggling two disparate identities. However, the standouts are the two peasant protagonists, Matashichi (Kamatari Fujiwara) and Tahei (Minoru Chiaki). Their status as everymen who can never catch a break (it isn't long into the runtime before they're digging their graves, after all) makes them immensely relatable. With plenty of vivid characters and excitement, "The Hidden Fortress" stands out even when compared to thematically weightier Kurosawa titles.
Sanjuro
Toshirô Mifune reprises his role from "Yojimbo" to headline the appropriately titled "Sanjuro." Fortunately, the film doesn't attempt to turn "Yojimbo" into the first piece of an epic saga but aims to deliver another satisfying standalone samurai adventure. Here, Sanjuro gradually becomes swept up in helping a group of nine men fight back against a corrupt superintendent. These ramshackle warriors are far from experts in combat, but the presence of Sanjuro may give them more than a fighting chance against their enemies.
"Sanjuro" is no retread of "Yojimbo," but it does continue to emphasize the intellectual power of the Sanjuro character. Sanjuro has brains to spare and can do things like get his enemies to unwittingly signal his allies to attack, even if he's (literally) all tied up. Sanjuro's cleverness is matched by the movie he inhabits. "Sanjuro" also demonstrates sharpness in depicting the realistically ragged rapport between the samurai and the collection of plucky people he's taken under his wing. Taking on an enormous task doesn't automatically turn them all into friends, and that kind of complexity makes the story extra engaging. Bringing back Sanjuro for further adventures could've resulted in diminishing returns. However, "Sanjuro" is one of the all-time great sequels that's entertaining even if you haven't seen its predecessor.
Throne Of Blood
"Ran" wasn't the only time Akira Kurosawa adapted a classic William Shakespeare play. Decades before, he reinterpreted "Macbeth" for 1957's "Throne of Blood." As to be expected of a filmmaker of Kurosawa's creative caliber, "Throne of Blood" is not just a hollow rehash of "Macbeth," it's a vision that stands on its own, particularly in the striking cinematography of Asakazu Nakai. You don't need to be a Shakespeare scholar to appreciate either the masterful use of wide shots or the outstanding employment of fog in its most critical sequences.
"Throne of Blood" is anchored by lead performances from Toshirô Mifune and Isuzu Yamada as the film's stand-ins for Macbeth and Lady Macbeth. Mifune is perfect in his portrayal of the deterioration of his character, Taketoki Washizu. Washizu initially comes across as normal, but his quest for power shatters his mind. By the end, Mifune makes it hard to believe this is the same man from the beginning of "Throne of Blood." This transformative performance encapsulates the film's grim exploration of how deceit and greed can transform even the noblest human beings.
Yojimbo
"Yojimbo" begins with a ronin named Sanjuro (Toshirô Mifune) walking into a small town. This is no ordinary town, though, as it's controlled by a pair of crime syndicates. These opposing forces are terrorizing the innocent townspeople, inspiring the crusty Sanjuro to step in and help. Rather than be a superhero who springs in to make everything right instantly, Sanjuro plays the long game. What follows is a series of intellectual exercises that pit the two organizations against each other.
While "Yojimbo" revolves around Sanjuro using his intellect for games of deception, elegant simplicity is the name of the game. Watching Sanjuro constantly one-up crooks without these gangsters realizing they're being played is immensely enjoyable, especially when such sequences incorporate delightful instances of dark humor. The whole enterprise is further enhanced by the presence of Mifune in the lead role. Mifune lends an incredible amount of believability to the samurai who's lived a life rich with experience and difficulty. We don't need to see a prologue to understand the events that have shaped Sanjuro or the experiences that have given him the knowledge to take down the crime syndicates. Mifune communicates decades of experience through his physicality. This lead performance alone makes it clear why "Yojimbo" has endured as one of Kurosawa's most celebrated films.
Drunken Angel
One of the many striking visual details in "Drunken Angel" is a sump located in the village that Dr. Sanada (Takashi Shimura) calls home. A result of Japan getting bombed in World War II, this hideous, filthy water is a reminder to Sanada of the grotesqueness of the world. Conscious of these horrors, Sanada descends into alcoholism, but that doesn't mean he's abandoned all hope for the future. Most notably, he's become insistent on helping save the life of Matsunaga (Toshiro Mifune), a young man who's destined to die from tuberculous if he doesn't make some drastic changes.
"Drunken Angel" sees Kurosawa in a grounded mode as he explores the lives of a pair of deeply complicated human beings and their vastly different approaches to life. Through the messy interactions between Sanada and Matsunaga, "Drunken Angel" reveals its true colors as a haunting saga about the dangers of looking for easy solutions to life's pain. We're meant to empathize with the reasons for Sanada and Matsunaga's respective fixations on drinking and grisly vengeance. However, we're also supposed to realize these aren't the best ways to cope with the complexities of life. These existential elements, coupled with "Drunken Angel's" simultaneous tug-of-war between an optimistic and pessimistic outlook, culminate in one of the most poignant endings in cinema history. It's a perfect capper to an extraordinary movie.
Seven Samurai
Trying to write something new about "Seven Samurai" feels like as much of a fool's errand as finding a bad performance from Takashi Shimura. You don't need me to tell you that "Seven Samurai" is a special and impactful movie. Just look at how its influence has inspired everything from "The Magnificent Seven" to "The Mandalorian." The entire landscape of global cinema has been shaped by this film about seven men who must train a village to fight back against a horde of bandits. Yet, even with its pop culture legacy, it's still worth talking about the ways "Seven Samurai" excels.
The blocking and staging of "Seven Samurai" are extraordinary. With so many characters to juggle, it could've been easy for the film's leads to be derivative of one another or get lost in the shuffle of the narrative, but in any shot in which they're all together, Kurosawa's blocking speaks volumes to the distinct personalities of the individual characters. The long runtime is a boon to getting to know each member of the ensemble cast. Those climactic deaths of key characters wouldn't work as well as they do if we weren't invested in these people. "Seven Samurai" still stands as a towering achievement in filmmaking.
Ran
When plays are adapted for film, a common complaint is that these adaptations never feel big enough. Some just seem like they're recorded performances of stage plays. Even the most cynical viewer would never be able to level such criticism at "Ran," Akira Kurosawa's 1985 adaptation of William Shakespeare's "King Lear." "Ran" is an epic told with expansive battle sequences, massive castles, and sprawling vistas that could never be replicated on a stage. Kurosawa took the skeleton of "King Lear" and placed it into a body that takes full advantage of everything that cinema has to offer.
It's also a feature that stands out in the director's filmography for its incredible use of color. "Ran" is the apex of Kurosawa's use of bright vivid hues. Red, yellows, and especially purples look incredibly vibrant on the screen while the bright white of Ichimonji Hidetora's (Tatsuya Nakadai) outfit becomes more and more striking as the world around him succumbs to chaos. With its scope and color palette, "Ran" is a visual feast, but it's especially impactful as a commentary on the innately destructive nature of humanity. Unforgettable lines like "Men seem to enjoy suffering more than peace" lend a haunting aura to "Ran's" avalanche of eye candy.
Ikiru
To be the greatest movie ever directed by Akira Kurosawa also means being one of the greatest movies ever made. Such words may seem like hollow hyperbole, but in the case of "Ikiru," it's appropriate. Released in 1952, "Ikiru" follows Mr. Watanabe (Takashi Shimura), an older man who has few meaningful connections in his life. From the beginning, "Ikiru" ensnares the viewer emotionally by depicting Watanabe's life as relatable. Obligations and responsibilities come first as all of life's little nuances get drowned out by the noise of these commitments.
Watanabe's stagnant life is thrust into chaos when he learns that he has stomach cancer and will die within a year. From there, "Ikiru" uses its relatable set-up as a springboard for a fascinating exploration of what defines a fulfilling life. Kurosawa maintains a sense of realism by refusing to shy away from the brutal aspects of existence. The cognizance of all of life's heartbreak makes the tiny victories and poignant moments in the story all the more impactful. Meanwhile, Shimura, always a welcome presence in Kurosawa's work, delivers the performance of his career as "Ikiru's" protagonist. Just one haunted stare from this man can crush your heart and convey decades of anguish. "Ikiru" is a standout in even Kurosawa's stacked filmography.
366 Weird Movies may earn commissions from purchases made through product links.
DIRECTED BY: Travis Betz
FEATURING: Ward Roberts, Jeremiah Birkett, Sarah Lassez
PLOT: Justin uses a spell book to summon the infernal spirit Lo to help him see his dead girlfriend once again, but the demon uses every trick possible to avoid fulfilling the command.
COMMENTS: There have been many movies about demonic possession, but few about demonic summoning… and no other, that I can think of, where almost the entire movie plays out from inside the safety of a pentagram. (Lo‘s closest competition for time spent inside a thaumaturgic circle might be Viy.) For the first five minutes we watch Justin, in a pitch black room lit solely by candles, painstakingly (if clumsily) construct this magical barrier, following the instructions etched on the yellowed parchment of an ancient grimoire, christening the ritual with his own blood. He then speaks the magic incantation and successfully summons the demon Lo, a pathetic yet powerful devil with a partly exposed brain and useless crushed legs which force him to painfully drag himself from out of the inky blackness towards his summoner, angry and defiant but unable to cross the enchanted barrier and devour Justin’s soul. The spell Justin cast compels a boon from this creature. You see, he saw a demon drag his girlfriend off to Hell, and now he wants her back—or at least to see her one last time. And Lo must meet Justin’s demand—although, in classic Mephistophelian fashion, the spirit isn’t above resorting to temptations, tricks, half-truths, and twisting Justin’s requests in any way he can.
The way Lo achieves its aesthetic aims on a minimal budget is nothing less than magical. Darkness is an ally; the set is a essentially black box, props are minimal, and only the demon costumes consume a significant amount of dollars. The flashbacks that supply the backstory are told through reenactments on a stage Lo conjures in Justin’s darkened apartment. There are red curtains, applause, visible stagehands, and comedy and tragedy masks that react to the proceedings. For additional color, Lo also summons a fuzzy green demon rat, a lizard-headed Nazi demon, a pair of damned silhouettes who press against a saran wrap wall as they describe the torments of Hell, and a couple of (mediocre, but welcome) musical numbers.
The story advances almost entirely through the antagonistic dialogues of the demon and his summoner. Chances are good that you will guess the twist ending early on; but it’s such a perfect construct that it doesn’t detract from the poignancy of the reveal. Who can’t relate to falling in love with the wrong person, a love that might be mutual and true, but which fate and circumstance dictates must be temporary? And who can’t relate to the compulsion to understand the true reasons behind a disappearance, however horrible the answer might be? As breakup movies go, Lo supplies a real, mythic catharsis.
With all that it has going for it, I would love to nominate Lo for our supplemental Apocryphally Weird list. Is it ingenious? Definitely. Engaging? Undoubtedly. Passionate? Sincerely. Recommended? You know it. Weird? Ah, here is where the favorable adjectives falter. Lo is well off the beaten path of the average filmgoer—the one who doesn’t frequent this site. What we see in Lo, though, isn’t so much weird as offbeat, rare, counter-Hollywood: unusual in its approach, by necessity, but not so far out-there that it makes us question our notions of reality, or if what a film can and should be. So, despite the fact that we give Lo a high rating, we won’t be adding it to our List. That doesn’t mean we’re giving you a pass to skip it.
(This movie was nominated for review by Kat, who argued “I’m a little surprised not to see Travis Betz’s Lo (2009) on the suggestion list. Like Ink, its imitations and inspirations are pretty obvious– but I personally think it outstrips Ink in a few key areas, never over-stepping its budget. I found it a little more bizarre, too, in the way it takes a simple trope of a premise and reels continually between drama and dark comedy.” Suggest a weird movie of your own here.)
When Marvel Studios returned to the hallowed halls of San Diego Comic-Con this year, True Believers were expecting some massive announcements, and they certainly weren't disappointed as producer Kevin Feige pulled back the curtain on the roadmap for the newly christened Multiverse Saga. Among those announcements was the official confirmation that Charlie Cox would suit up as the Devil of Hell's Kitchen once again in the 18-episode series "Daredevil: Born Again." However, before the character goes off on another solo adventure, we also learned that he'll be donning the horned helmet (this time in the classic red and yellow) in "She-Hulk: Attorney At Law."
Feige was joined on stage in Hall H by directors Kat Coiro and Anu Valia, head writer Jessica Gao, and stars Tatiana Maslany, Ginger Gonzaga, and Jameela Jamil to drop a brand new trailer for the highly anticipated show about Bruce Banner's cousin who fights crime as a superhero and a lawyer. And at the very end of this preview, a mysterious figure leaps over Jennifer Walters and poses like he's ready to fight. Of course, fans recognized the character's batons as Daredevil's signature weapons immediately. Although, considering some of the obscure characters appearing on the show, some people (like me) entertained the idea that it might not be Matt Murdock's vigilante alter-ego in the trailer. What if it was actually D-Man, the D-list hero that looks like a mash-up of Wolverine and Daredevil?
Thankfully, we can now confirm that this character is, in fact, Charlie Cox's Daredevil.
'We Thought We Were Being Pranked'
In an interview with Collider, "She-Hulk: Attorney At Law" creator and head writer Jessica Gao revealed one of the biggest challenges faced by the writers' room on this project: The interconnectivity of the Marvel Cinematic Universe. The creative team behind the Jade Giantess faced some issues when they wanted to use a certain character, but they ended up not being available. She said that often they would have to "scrap everything and start over" when there were already plans elsewhere for a character or idea. But when they got word that Daredevil would be available, they jumped at the opportunity to include him in their show:
"I can't remember how, [but] we got wind that he was coming back and that it was Charlie Cox, and we were like, 'Wait, does that I mean we can use him? Are we allowed?' And when they told us yeah, I mean, we couldn't believe it, we thought we were being pranked. We just kept writing him in, and we kept rolling with the story just thinking like, 'Okay, any moment now they're going to tell us we can't use them. They made a mistake. They actually don't have the rights.' But it just kept [becoming] more and more real. And it was so hard to keep that secret!"
Now the secret is officially out, and the short-lived plague of D-Man has evaded us ... for now. With this confirmation, it's hard not to get excited to see how Daredevil fits into She-Hulk's world. I mean, yes, he's also a lawyer, but how does the superhero side of him get roped into this? And will he also come face to face with other characters like Wong, Emil Blonksky, or the Hulk? Luckily, we won't have to wait too long for these answers.
"She-Hulk: Attorney At Law" debuts on Disney+ on August 17, 2022.
I ran across an interesting post recently regarding blinding EDR on Windows systems, which describes four general techniques for avoiding EDR monitoring. Looking at the techniques, I've seen several of these techniques in use on actual, real world incidents. For example, while I was with the Crowdstrike Overwatch team, we observed a threat actor reach out to determine systems with Falcon installed; of the fifteen systems queried, we knew from our records that only four were covered. We lost visibility because the threat actor moved to one of the other eleven systems. I've also seen threat actors "disappear from view" when they've used the Powershell console rather than cmd.exe, or when the threat actor has shell-based/RDP access to systems and uses a GUI-based tool. EDR telemetry includes process creation information, so we might "see" a GUI-based tool being launched but after that, no new processes are created based on whatever options the threat actor chose, or buttons they pushed, so without some other visibility (file system, Registry, network telemetry) we'd have no visibility into what they were doing.
I know this sounds pretty simplistic to some, but I really don't get the impression that it's commonly understood throughout the industry, and not just with customers.
I've previously discussed EDR bypass in this blog. Anyone who's been involved in a SOC or SOC-like role that involves EDR, including IR engagements where EDR is deployed, has seen many of the same conditions, such as incomplete deployment or roll-out of capabilities. A while back, for some products, EDR monitoring did not natively include the ability to block processes or isolate systems; this was a separate line item, if the capability was available. We see customers purchase the capability, and then complain when it didn't work...only to find out that it hadn't been deployed. I've seen infrastructures with 30,000 or 50,000 endpoints, and EDR deployed to only 200 or fewer systems.
The take-away here is that when it comes to EDR, finding a blind spot isn't really the profound challenge it's made out to be, particularly if you understand not only the technology but also the business aspect from the customer's point of view.
All that being said, what does this have to do with "rods and cones"? Okay, just bear with me for a moment. When I was an instructor in the military, we had an exercise for student Lts where we'd take them out at night and introduce them to the nuances of operating at night. Interestingly, I learned a great deal from this exercise, because when I went through the same school several years previously, we didn't have this exercise...I assume we were simply expected to develop an understanding ourselves. Anyway, the point is that the construction of the human eye means that the cones clustered around the center of the eye provide excellent acuity during daylight hours, but at night/low light levels, we don't see something when we're looking directly at it. Rather, for that object to come into "view" (relatively speaking), we need to look slightly to one side or the other so that the object "appears" to us via the rods of the eye.
What does this have to do with EDR? Well, assuming that everything else is in place (complete deployment, monitoring, etc.), if we are aware of blind spots, we need to ensure that we have "nearby" visibility. For example, in addition to process creation events, can we also monitor file system, Registry, and network events? Anyone who's dealt with this level of telemetry knows that it's a great deal of data to process, so if you're not collecting, filtering, and monitoring these events directly through EDR, do you have some other means or capability of getting this information if you need to do so? Can you retrieve/get access to the USN change journal and/or the MFT, to the Registry (on a live system or via triage retrieval), and/or to the Windows Event Logs? The fact is that while EDR does provide considerable visibility (and in a timely manner), it doesn't 'see' everything. As such, when a threat actor attempts to bypass EDR, it's likely that they're going to be visible or leave tracks through some other means which we can access via another data source.
An analogy I like to use at this point is that when walking by a pond, if someone throws a rock into the pond, we don't actually have to see them throw the rock, nor do we have see that a rock broke the surface of the pond, to understand what's happened. We can hear the splash and see ripples against the shore, and know that something happened. When it comes to monitoring endpoints, the same is true...we don't always have to 'see' an action to know that something happened, particularly something that requires a closer look or further investigation. Many times, we can observe or alert on the effect of that action, the impact of the action within the environment, and understand that additional investigation is required.
An additional thought regarding process creation is that process completion is a "blind spot" within some EDR products. SysMon has a process termination event (event ID 5), but most EDR tools only include process creation telemetry, and additional access and analysis are needed to validate whether the process executed completely, or if something occurred that prevented the process from completing normally. For example, many SOC analysts have likely seen threat actors use the Mp-Preference Powershell module to impact Windows Defender, and made statements in tickets and incident diaries to that effect, but what happens if Windows Defender is not enabled, and some other security control is used instead? Well, the command will have no effect; using the Mp-Preference module to, say, set exclusions in Defender will not result in Registry entries or the corresponding Windows Event Log records if Defender is disabled.
So, keeping in mind that for something bad to happen on a system, something has to happen, the take-away here is that EDR by-passes or blind spots are something to be understood, not feared. Many times, we can get that "good harvest from low-hanging fruit" (quote attributed to David Kleinatland), but sometimes we need a bit more. When we employ (or deploy) one tool, we need to understand both it's strengths and shortcomings, and come up with a plan to address any gaps. When considering EDR, we have to understand the impact of coverage (or lack thereof), both on the endpoint as well as across the infrastructure; we have to understand what it can and cannot 'see', how to properly configure it, and how to use it most effectively to "find bad". Sometimes, this may mean that we'll get a signal that something may be amiss, rather than something that clearly jumps out to us as "this is BAD!!!" Sometimes, we may rely on the impact of the action, rather than directly identifying the action itself.
Stray (PS5), Little Noah: Scion of Paradise (Switch), Spider-man Miles Morales (PS5), Man of Medan (PS5), Borderlands 3 (PC), Passifist Tense, your emails, and more!
Amazon is raising prices for its Prime subscription service in the U.K. and across Europe as the e-commerce giant grapples with the effects of rising inflation. CNBC reports: In the U.K., Amazon is set to hike the annual price of a Prime membership to 95 pounds ($114), up from 79 pounds, representing a 20% jump. The changes will take effect Sept. 15. The company is enforcing even steeper price increases in European markets. In France, the price of an annual Prime membership is going up to 69.90 euros ($70) from 49 euros, a 43% increase. German Prime members can expect a 30% hike in their annual Prime prices to 89.90 euros, up from 69 euros.
Amazon blamed the price rises on "increased inflation and operating costs," along with higher expenses tied to faster delivery and content production for its Prime Video streaming service, Reuters reported. The company is scheduled to report second-quarter earnings Thursday. The move follows similar price hikes Amazon announced in the U.S. earlier this year. In February, the company said it would raise the price of its annual Prime membership for Americans to $139 from $119.
There's been quite a commotion in the Nier fandom the last few days. Following several video posts from one player, other Nier: Automata players are now on the hunt for a secret church area.
The discovery lit up this week, but actually started a while ago. Reddit user u/sadfutago posted to the Nier subreddit two months ago, asking how to "open the church" in Nier: Automata. And in follow-up posts, sadfutago asked more, providing more details and images. And then, what really blew up, was the video of it.
This might seem banal, but the thing is, this church is not a known area. No one playing Nier: Automata knew what sadfutago was talking about. This door just seemed to appear for this player, during the A2 section of the game, and led to quite a startling locale.
As user u/xxk_ shares on the Nier subreddit, the modding community has been looking into this for a while. But the most recent post, combined with word of mouth on social media, brought on a swarm of attention.
The community currently has a few points to go on, as sadfutago says they are playing a 1.0 copy of Nier: Automata, on a PlayStation 4 that has been disconnected from the internet since starting the game.
The hunt for Nier church
As xxk outlines, modders have not discovered any evidence this exists. There hasn't been a successful attempt to replicate it, as of this writing, and assets like these also don't exist. The church pews and first door in the Copied City, for example, are not found elsewhere. And existing geometry at the location doesn't indicate it would support a door.
That said, if this is a mod, Nier modders say this would be the first time anyone has managed to do something like this. They say it would be a "relatively IMMENSE undertaking for a single individual" to accomplish.
In essence, we have a band of players and fans feverishly hunting for a scene that may or may not actually exist. And adding onto the pile, new footage was released today, showing a cutscene (albeit with recycled voice-over) and some easy speculation fodder.
So yes, this has essentially consumed the Nier fandom. The Nier modding Discord has seen an influx of new users looking for the latest updates. Modders are attempting various means of recreation and experimentation while also trying to get more info from the elusive original poster. And speculation runs rampant as to what the church could mean, what these assets could be, or how this is all happening in the first place.
Today, even the Nier development team started commenting on it. Producer Yosuke Saito tweeted about it, saying "Eternal mystery..." And director Yoko Taro quote-tweeted a video of the section, referring to his Twitter profile.
His Twitter profile, by the way, says "I can't answer about any products. Please ask publisher." (We have reached out to Square Enix to ask about the secret church door.)
This has spurred on theories of this being an elaborate marketing scheme or ARG, possibly around Nier: Automata's Switch debut this coming fall.
At this point, just about anything's possible. It could be an elaborate hoax, or some incredibly obscure development relic, or some viral marketing scheme. I'm not ready to count out anything, especially with a developer like Yoko Taro. The wheels are far enough off the tracks that a fake-out in the community Discord spun up a heated chat spam, ending in a Rick Roll. At this point, the sheer fervor is just as entertaining as the possibility of new discoveries.
Either way, it's a great reminder that Nier: Automata is an extremely good game. So good, in fact, that players can still be whipped into a frenzy over a secret church door years after its release.
THE REEF: STALKED l RLJE Films & SHUDDERMost shark horror movies operate based on a pretty simple concept: put a group of characters into a body of water, add a shark, and let the terror begin. Within the subgenre, there are plenty of attempts to be as creative as possible with that concept, sometimes stretching it so far beyond the realm of believability that it becomes a parody of itself. Other films stick to the basics, doing their best to wring as many scares as possible from the fear of what’s lurking underneath the ocean’s surface. Writer-director Andrew Traucki’s THE REEF: STALKED opts for the latter strategy, hoping that its characters are engaging enough and its shark-y scares are frightening enough to carry the film’s simple premise. Though it’s not the best of the subgenre and pales in comparison to its predecessor, 2010’s The Reef (which was also written and directed by Traucki), THE REEF: STALKED still succeeds, providing an effective bit of aquatic horror that should satisfy fans looking for new scares during Shark Week.
The film opens with a group of friends diving in the ocean: Jodie (Ann Truong), Lisa (Kate Lister), and sisters Cath (Bridget Burt) and Nic (Teressa Liane). Once they finish their excursion and part ways, Cath’s boyfriend Greg (Tim Ross) murders her by drowning her in their bathtub. (Forgive the whiplash: this transition is slightly less abrupt in the film, though not by much. It’s clear from the brief interactions we see between Cath and Greg that he is abusive, but the film moves fairly quickly to set up Nic’s trauma.) Nic, summoned by a distressing text from Cath, finds her sister’s body and endures one of far too many flashes of what Cath’s final moments must have been like: we see quick cuts of Cath flailing underneath the water and then staring up lifelessly.
Nine months later, Jodie, Lisa, and Nic decide to reunite for a kayaking trip in honor of Cath’s memory. Nic’s other sister, Annie (Saskia Archer), joins them, though she is far less experienced in the water than the others. Their trip takes a terrifying turn when a huge shark targets them and — as the title suggests — stalks them as they attempt to make it safely to shore.
Movies that spend so much time on a small, core group of characters live and die by the cast’s chemistry. Fortunately, the women all have an easy camaraderie that gets the viewer invested quickly in their friendships and their survival, and there’s a touch of The Descent in their resourceful attempts to stay alive. Wisely, the tension between Nic and Annie is never overplayed. Nic left town right after Cath died, leaving Annie to pick up the pieces with their grieving mother as Nic traveled the world, and the guilt, grief, and resentment between them make for a heartbreaking dynamic, particularly when Nic must work to protect Annie from the shark. Cath’s death hangs over all the characters like a shadow, giving THE REEF: STALKED a sense of melancholy that works well with the lurking threat of the shark. However, it missteps in its depiction of Nic’s trauma.
Since Cath’s death is the inciting incident, there’s no need to flash back to it as often as the film does. Every single character, and every single viewer, is well aware of the tragedy of her murder and the effect it had on Nic. By flashing back to Cath’s violent death several times — particularly in such a disorienting way, one that may bother photosensitive viewers — it becomes a spectacle rather than a source of psychic pain. Though Cath’s underwater thrashing is clearly meant to parallel the women’s struggles against the shark (and, if we stretch the metaphor close to breaking, Greg himself — and the trauma he represents — is meant to parallel the predatory beast stalking and ultimately destroying its prey), the film should trust the viewer enough to understand the similarities without shoving Cath’s death in our faces over and over.
Now to what is perhaps the most vital part of any shark movie: the shark scenes. Though it gets repetitive near the end, THE REEF: STALKED mines a lot of tension from its characters scanning the ocean’s surface; their panicked vigilance will raise the viewer’s pulse as the characters realize the giant, hungry animal hunting them could be absolutely anywhere. Many of the scenes unfold in real-time, accompanied by Mark Smythe’s ominous score, and the agonizing search for a glimpse of the shark is just as tense as the moments when its fin breaks the surface and approaches the women’s kayaks. Equally terrifying is a heartstopping aerial view of Jodie paddling as the shark’s shadowy figure trails behind her, along with the moments when the women’s vulnerable limbs dangle underwater, only to make it to the surface seconds before the shark’s jaws clamp around them.
When you’re in the ocean, the only thing worse than seeing a shark fin is seeing it disappear, and THE REEF: STALKED makes highly effective use of this knowledge. While there are better shark movies out there, its engaging characters and startling scares make it an enjoyable piece of aquatic horror. If you’re looking for teeth and blood, this may not be the movie for you, but if you have an appetite to see women banding together to survive, THE REEF: STALKED is a nice stretch of ocean to visit.
The film will be released In Theaters, on Digital/VOD, and streaming on Shudder on July 29, 2022.
Our recent Backup Awareness Survey showed that 61% of Americans who own a computer and back it up are not very confident that all of their data is being backed up. That just goes to show how complicated some backup solutions are.
And what good is a backup service if it’s hard to get your data back when you need it?
The Backblaze Computer Backup client is designed to stay out of the way and back up your data, while making restoring that data a walk in the park. One of the popular ways of enhancing our backup service is a feature called Extended Version History. But, we’ve found that some people still don’t quite understand what it does. With that in mind, I wanted to write an overview of the feature, how it works, and why it’s useful for anyone that uses our Computer Backup service, whether it’s for personal use or for their company or family group.
Extended Version History Explained
First, we need to define two key terms, “retention” and “version,” to help explain Extended Version History.
What Is Retention?
In simple terms, retention is how long something in your backup is kept backed up.
What Is a Version?
It seems simple enough, but it’s worth explaining what we mean by a “version.” Without getting in the weeds, whenever a file is added or created on your computer, that is a version. Whenever you change a file on your computer, whether you add more lines to a spreadsheet or edit your recent vacation photos, those changes also create another version of the file.
When you understand what retention is and what a version is, it’s easy to understand Extended Version History. It’s a feature that allows you to set a retention timeframe that specifies how long all the older versions—the version history—of your files should be kept as part of your backup.
How Long Is Backblaze’s Retention?
The standard Backblaze Computer Backup service comes with 30 days of Version History for the files that are backed up. This means that you can go back in time (using our roll back time feature) and access older versions of files for 30 days from the date they were last changed or deleted. After that 30-day mark, the version of the file that’s 30 days old will leave your backup, but any newer files will remain.
Note: If you last changed or added a file more than 30 days ago, but have not made any changes to it, it will remain in your backup as long as it remains on your computer (or is unchanged). If it gets removed or changed, that’s when the 30-day retention period starts.
What Does Extended Version History Do?
With Extended Version History, you can increase that 30-day period to one year or even forever. This essentially increases the duration for which you can roll back time when going to access your data.
A Very Simple Example (With Babies!)
As a new uncle, I have babies on the brain. Let’s say that a baby was born on July 1st and our family creates a spreadsheet to chart the growth of the baby. Every single day, we add a row to the spreadsheet to add in the baby’s weight, height, and maybe a cute note. The previous rows don’t get deleted, and so the spreadsheet grows by one row every single day.
On July 30th, our spreadsheet will have 30 rows (one per day). If that spreadsheet was being backed up by Backblaze, I could go back in time to July 1st and get a copy of that spreadsheet from the very first day, with just a single row of baby information. However, if I tried to do that on July 31, that original version would be gone, but I could go back and get a copy from July 2nd, the version with the first two rows of baby data. If I tried to go back on, say, August 30th, I could get a copy from August 1, which would have all of July’s rows of baby data.
To illustrate the point, here’s me as a Soviet baby.
With Extended Version History, using that same example, I have more time (a year or forever) to go back and retrieve that original copy of the spreadsheet created on July 1 with just the first row.
Why would you want the spreadsheet with just one row? Who knows, it’s an example!
Why Extended Version History? Because Mistakes Happen!
Our Backup Awareness Month survey found that 67% of respondents have reported accidentally deleting a file. 44% reported losing data, or access to data, because a shared or synced drive or folder was deleted. Having Extended Version History turned on for your Backblaze backup helps avoid data loss because of accidental deletions.
You may not always realize right away (or within 30 days) that you deleted a file accidentally. Or you may not regularly check that shared drive until it’s too late and your older versions are gone. With Extended Version History, you can go back in time up to a year later or forever later and get those files back.
How to Get Extended Version History?
I encourage everyone I know to enable Extended Version History as soon as they install Backblaze on their computer.
Step 1: Click “Upgrade.”
Step 2: Select how long you want to keep files—one year or forever.
One thing to keep in mind is that simply turning on Extended Version History won’t automatically extend the “life” of your files retroactively. For example, if you open your account on July 1 and enable Extended Version History on July 28, only the versions from July 28 onward will have Extended Version History, not the versions created between July 1 and July 28. Once enabled, any new or changed files will have their retention rate increased, which is why doing so when you first install Backblaze is the best policy.
Consider Extended Version History as getting additional “mistake insurance” for your data. If something happens, or you lose access to shared files and that goes unnoticed, we’ll have your back!
The Marvel Cinematic Universe has no shortage of villains. Some of these figures are just everyday people like Justin Hammer (Sam Rockwell) in "Iron Man 2" or Dreykov (Ray Winstone) in "Black Widow." They are Earthbound human beings who get their power through money and influence rather than superpowers, but then there is the bevy of foes across the various movies and TV shows in this saga who have way more going on than normal human beings. Some of them aren't even human beings at all. Although they range from purple aliens to immortal crime lords, these are the most powerful villains in the MCU — the ones who can wipe out heroes and even whole planets without blinking. They're appropriately grandiose threats for the over-the-top superheroes who populate this universe.
Ranking the most powerful MCU foes certainly isn't easy, especially since their goals and personalities vary so greatly. It can feel weird trying to rate them against one another. However, it's also a fulfilling exercise that allows viewers to appreciate the various ways tension has been generated across these movies as well as the devastatingly imposing adversaries the superheroes have foiled over the years. The MCU isn't wanting for villains, and it's certainly not lacking in villains whose power will linger in your memory long after the credits have rolled.
Ronan The Accuser
Ronan the Accuser (Lee Pace), the first villain the Guardians of the Galaxy faces, gets a grand entrance. He's introduced rambling on about the horrors the people of the planet Xandar inflicted on his people, the Kree. This creature's first sequence isn't all talk and no action, though. Ronan declares his refusal to cooperate with a peace treaty between the Xandarians and Kree by slaughtering a member of the Nova Corps. From there, Ronan rarely appears without killing somebody, even Thanos's powerful right-hand man, the Other.
Ronan's penchant for murder is enough to make him a memorably powerful foe, but then he opts to wield the might of an Infinity Stone for his own plans at the start of "Guardians of the Galaxy's" third act. He does this to defy his master, Thanos (Josh Brolin), bellowing out a plan to viciously murder the purple alien once he's laid waste to Xandar. Pace's passionate line deliveries make it believable that Ronan could go toe-to-toe with Thanos as a formidable threat. Ronan doesn't get to convey that intimidating aura for long, as the Guardians of the Galaxy eventually defeat him. However, in the screentime he does have, Ronan the Accuser has no problem registering as a commanding cosmic threat.
Ultron
With Ultron (James Spader), Tony Stark (Robert Downey Jr.) wanted to create "a suit of armor around the world." What Stark with instead was a genocidal entity convinced that planet Earth would be better off if humanity were destroyed. It was bad enough that Ultron was so fixated on violence, but to make matters worse, he was a persistent foe. An artificial intelligence, Ultron proved difficult to defeat, as he could simply transfer his consciousness to a new robotic body if he were damaged.
Ultron used his durable nature to live long enough to nearly execute his plan to transform the city of Sokovia into a meteor to be dropped on Earth in a bid to wipe out all its inhabitants. Many comic book movie villains want to destroy the human race, but how many base their plans on the way the dinosaurs went out? One of the more tenacious foes the Avengers faced, Ultron was a chilling symbol of what happens when Stark's ambitions go unchecked.
Hela
Hela the Goddess of Death (Cate Blanchett), gets one of the most distinctive entrances in the history of Marvel Cinematic Universe villains. Sauntering on-screen, she approaches the formidable Thor (Chris Hemsworth) and Loki (Tom Hiddleston) as if they're nothing. Her every movement exudes grim confidence. As if all that weren't enough, Hela cements her status as a force to be reckoned with by shattering Thor's hammer, Mjolnir. With this astonishing move, it's apparent that Thor is about to face a villain like no other.
As seen by her ruthless attack on Asgard, Hela's might goes beyond just destroying hammers. She singlehandedly wipes out whole armies of Asgardian soldiers while a flashback sequence shows her slaughtering all of Valkyrie's comrades and her girlfriend. Then, there's her climactic fight with Thor in which she rips out the God of Thunder's eye. The Goddess of Death is not an adversary to take lightly and "Thor: Ragnarok" constantly reminds viewers that Hela is a foe for the ages. Even her defeat reinforces her power since it takes the full might of Surtur to take her down.
He Who Remains
At the end of "Loki's" first season, Loki and Sylvie (Sophie Di Martino) finally encounter the man they've been searching for. They arrive at the domicile of He Who Remains (Jonathan Majors), the figure responsible for creating the Time Variance Authority. He Who Remains is also tasked with keeping the primary timeline of reality clear. If he were to die or abandon his duties, chaos would unfold and various timelines would begin to collapse on one another.
Unlike most Marvel Cinematic Universe adversaries, He Who Remains is not much of a fighter. Once Sylvie decides to commit to her violent plan for revenge, she dispatches him with ease. The power of He Who Remains comes not from his physical strength but from the responsibilities he holds for the multiverse. Plus, there are all the potential powers in versions of He Who Remains audiences haven't even seen yet. Like all beings, He Who Remains has countless variants across alternate dimensions. One particularly notable alternate form is the formidable Kang the Conqueror, who is teased in the final moments of "Loki's" first season. Who needs a cavalcade of weapons when you're He Who Remains, a figure whose influence and might can stretch across countless dimensions?
Agatha Harkness
The incredibly catchy "WandaVision" tune "Agatha All Along" concisely sums up the various ways that the witch Agatha Harkness (Kathryn Hahn) stealthily used her magical prowess throughout the show. Her devious acts include brainwashing a random man name Ralph Bohner (Evan Peters) to pose as Pietro Maximoff, Wanda Maximoff's deceased brother, and killing her kids' dog, Sparky. Harkness controls much of this show without either Maximoff or the viewer knowing. The sort of powers that Wanda (Elizabeth Olsen) is often terrified by is something that Harkness relishes using at every opportunity.
Deceitful behavior isn't the only trick up Harkness's sleeve. She uses the powers of the Darkhold, a mystical book full of evil, and as seen in a flashback, she previously killed a coven of witches, including her mom. Of course, she's no match for Maximoff once the Avenger taps into her powers as the Scarlet Witch. Still, Harkness is an immensely powerful figure whose use of dark magic adds further chaos to the mayhem Maximoff inflicts on the town of Westview. You certainly don't need a peppy song to realize that, but the ditty works as a helpful reminder.
Gorr
The might of "Thor: Love and Thunder" antagonist Gorr (Christian Bale) is evident from his full name: Gorr the God Butcher. Armed with the cursed Necrosword, Gorr dedicates himself to wiping out the gods. This plan isn't just a nebulous ambition either. A quick shot in "Thor: Love and Thunder" makes it apparent that Gorr's quest for revenge spans multiple planets and results in the death of countless gods.
In "Thor: Love and Thunder," Gorr only becomes more powerful once he sets off to visit the cosmic wish-granting being Eternity. While many Marvel Cinematic Universe foes have failed at even coming close to realizing their nefarious plots, the same cannot be said for Gorr. While fighting Thor (Chris Hemsworth) and the Mighty Thor (Natalie Portman), Gorr uses his might to achieve the impossible and reach Eternity. Gorr's arc in "Love and Thunder" concludes with a note of sentimentality, as he chooses to use his wish to revive his daughter rather than slaughter all of the remaining gods. However, before that moment of redemption, Gorr is a tremendously impactful villain with godly blood on his hands and a successful track record of fully realizing his wicked plans.
Arishem
The Eternals can live for centuries and have powers that can move mountains, but even they have to answer to a higher power. These superheroes work for the Celestial lifeform Arishem, a gigantic being from the farthest reaches of the cosmos. Sersi (Gemma Chan) later finds out that Arishem created each of the Eternals. She and her cohorts are all synthetic lifeforms designed to wipe out planets to help birth new Celestials. Arishem wipes these horrific acts from the memories of Sersi and her comrades once their jobs are finished.
Before "Eternals," the might of the Celestials was seen in films like "Guardians of the Galaxy." However, the terrifying presence of Arishem in "Eternals" makes the imposing nature of the Celestials even more apparent. This nature is crystallized in the closing scene of "Eternals," in which Arishem towers over Earth while confronting a handful of surviving Eternals that have defied his orders. In the large pantheon of enormously powerful cosmic foes in the Marvel Cinematic Universe, Arishem looms large.
Ego
Arishem isn't the only prominent Celestial in the Marvel Cinematic Universe. There's also Ego (Kurt Russell), the father of Peter Quill (Chris Pratt). This figure is an all-powerful creature that has created a planet around himself. This domicile appears to be friendly on the surface but contains plenty of skeletons from the past (literally) within. Ego is also prone to lengthy boasts about how he's capable of creating life and has been to countless planets across the galaxy. Always yearning to expand his reach even further, Ego has tremendous power at his disposal and isn't afraid to slaughter those who stand in his way.
Just the fact that Ego crafted an entire planet (one that occasionally bears his face) should provide an indicator of just how powerful this Celestial truly is. The staggering number of corpses he's left behind, including Quill's mother, also offers up a chilling reminder of how Ego isn't interested in using his magnificent powers to improve the cosmos. His ability to regenerate his human form no matter how many times it's blasted out of existence further solidifies Ego as a threat like no other.
Scarlet Witch
In the final moments of her last non-violent confrontation with Doctor Strange (Benedict Cumberbatch) in "Doctor Strange in the Multiverse of Madness," Wanda Maximoff gives the Sorcerer Supreme an ultimatum: If he does not hand over America Chavez (Xochitl Gomez) by sundown, he and anyone who protects her will not face the wrath of Maximoff. Instead, they will be confronted by the full might of the Scarlet Witch. Maximoff constantly uses her magical powers to destroy anyone who gets in her way and to inhabit the bodies of other versions of herself in alternate dimensions.
Nowhere is the overwhelming strength of Scarlet Witch made more apparent than when the character encounters the Marvel Cinematic Universe version of the Illuminati. Here, the likes of Black Bolt (Anson Mount), Mr. Fantastic (John Krasinski), and Captain Carter (Hayley Atwell) are all decimated by the Scarlet Witch. Even Professor X (Patrick Stewart) gets his neck snapped after reaching out to try and talk some sense into Scarlet Witch. As seen when she destroyed Vision (Paul Bettany) to save the world in "Avengers: Infinity War," Maximoff has always been a powerful figure, but "Multiverse of Madness" see's her taking her abilities to the next level by embracing the Scarlet Witch persona. In the process, she becomes one of the most formidable villains in multiple universes.
Loki
Many powerful Marvel Cinematic Universe villains are physically imposing. Loki is an interesting departure from that norm. Loki lacks a super muscular physique and resembles more of an average (albeit weaselly) man, but that's part of what makes him such an extraordinarily powerful foe. He's the last being you'd suspect to be the supervillain equivalent of a cockroach, an unkillable creature who keeps coming back.
Throughout his various Marvel Cinematic Universe appearances, Loki uses his wits to cheat death on countless occasions. By evading death, Loki has managed to exert power over others in the MCU as exemplified by his reign of terror on Earth in "The Avengers" or his time posing as King Odin (Anthony Hopkins) at the start of "Thor: Ragnarok." Even in hand-to-hand combat, he's still a powerful figure. The God of Mischief may not seem like a force to be reckoned with at first glance but just wait. Sooner or later, Loki's self-serving impulses and his ability to endure — no matter the challenge — will remind you why he's a villain to be feared.
Thanos
For many of his earliest Marvel Cinematic Universe appearances, it seemed like all Thanos did was sit around in a big golden chair. "Avengers: Infinity War" and its opening scene established Thanos as a threat to be taken very seriously. At the beginning of "Avengers: Infinity War," Thanos and his loyal Black Order minions wipe out a ship of Asgardians. The purple menace proceeds to clutch Thor by his hair to get Loki to reveal where an Infinity Stone is. After tossing the God of Thunder around like a ragdoll, Thanos then engages Hulk in a fight, a duel he manages to win despite the green giant's considerable strength.
Thanos wields his incredible might, enhanced by the powers of the various Infinity Stones he scores, to make life miserable for the superheroes. This reaches its apex at the end of "Infinity War" when Thanos technically loses once Wanda Maximoff sacrifices Vision. In the wake of this seemingly definitive defeat, Thanos uses the Time Stone to reverse time and beat Maximoff. It's not just that Thanos is physically imposing and can take on the likes of Thor and Hulk in a fight, he's also dangerously clever, using the Infinity Stones to his advantage.
Wenwu
As "Shang-Chi and the Legend of the Ten Rings" opens, viewers are treated to a prologue set centuries earlier in which Wenwu (Tony Leung Chiu-wai) uses ten magical rings to destroy his enemies. Though the origin of these rings is shrouded in mystery, the way Wenwu uses them to devastate anyone unfortunate enough to cross his path is legendary. With the rings by his side, this crime lord expands his empire beyond anyone's wildest dreams. Wenwu reaps many benefits from the rings, including his ability to live for centuries without aging.
Even when Wenwu is unwittingly manipulated by monstrous forces, his power remains evident. Who else but Wenwu would have the strength to shatter a barrier that keeps an army of flying monsters enclosed? Wenwu's cunning intellect, a trait entirely divorced from the powers of the Ten Rings, makes him even more of a threat. Tony Leung Chiu-wai conveys an unmistakable aura of authority. His work grabs your attention, even when Wenwu is just talking at a dinner table. Wenwu may not be a god or hail from the stars like other Marvel Cinematic Universe baddies, but his lengthy legacy of destruction makes him the most powerful adversary in the saga.
Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little is generally known about how attackers leverage the IIS platform as a backdoor.
Malicious IIS extensions are less frequently encountered in attacks against servers, with attackers often only using script web shells as the first stage payload. This leads to a relatively lower detection rate for malicious IIS extensions compared to script web shells. IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target applications, and they follow the same code structure as clean modules. In most cases, the actual backdoor logic is minimal and cannot be considered malicious without a broader understanding of how legitimate IIS extensions work, which also makes it difficult to determine the source of infection.
Typically, attackers first exploit a critical vulnerability in the hosted application for initial access before dropping a script web shell as the first stage payload. At a later point in time, the attackers then install an IIS backdoor to provide highly covert and persistent access to the server. Attackers can also install customized IIS modules to fit their purposes, as we observed in a campaign targeting Exchange servers between January and May 2022, as well as in our prior research on the custom IIS backdoors ScriptModule.dll and App_Web_logoimagehandler.ashx.b6031896.dll. Once registered with the target application, the backdoor can monitor incoming and outgoing requests and perform additional tasks, such as running remote commands or dumping credentials in the background as the user authenticates to the web application.
As we expect attackers to continue to increasingly leverage IIS backdoors, it’s vital that incident responders understand the basics of how these attacks function to successfully identify and defend against them. Organizations can further improve their defenses with Microsoft 365 Defender, whose protection capabilities are informed by research like this and our unique visibility into server attacks and compromise. With critical protection features like threat and vulnerability management and antivirus capabilities, Microsoft 365 Defender provides organizations with a comprehensive solution that coordinates protection across domains, spanning email, identities, cloud, and endpoints.
In this blog post, we detail how IIS extensions work and provide insight into how they are being leveraged by attackers as backdoors. We also share some of our observations on the IIS threat landscape over the last year to help defenders identify and protect against this threat and prepare the larger security community for any increased sophistication. More specifically, the blog covers the following topics:
IIS is a flexible, general purpose web server that has been a core part of the Windows platform for many years now. As an easy-to-manage, modular, and extensible platform for hosting websites, services, and applications, IIS serves critical business logic for numerous organizations. The modular architecture of IIS allows users to extend and customize web servers according to their needs. These extensions can be in the form of native (C/C++) and managed (C#, VB.NET) code structures, with the latter being our focus on this blog post. The extensions can further be categorized as modules and handlers.
The IIS pipeline is a series of extensible objects that are initiated by the ASP.NET runtime to process a request. IIS modules and handlers are .NET components that serve as the main points of extensibility in the pipeline. Each request is processed by multiple IIS modules before being processed by a single IIS handler. Like a set of building blocks, modules and handlers are added to provide the desired functionality for the target application. In addition, handlers can be configured to respond to specific attributes in the request such a URL, file extension, and HTTP method. For example, Aspnet_isapi.dll is a pre-configured IIS handler for common .aspx extensions.
Creating custom managed IIS modules
To create a managed IIS module, the code must implement the IHttpModule interface. The IHttpModule interface has two methods with the following signatures: Init() and Dispose().
Figure 1. IIS module skeleton
Inside Init(), the module can synchronize with any number of HTTP events available in the request pipeline, listed here in sequential order:
BeginRequest
AuthenticateRequest
AuthorizeRequest
ResolveRequestCache
AcquireRequestState
PreRequestHandlerExecute
PostRequestHandlerExecute
ReleaseRequestState
UpdateRequestCache
EndRequest
PreSendRequestHeaders
PreSendRequestContent
The newly created extension should then be mapped with the target application to complete the registration. Generally, there are several methods that can be used to map managed modules for legitimate purposes. On the other hand, we observed that attackers used the following techniques to register malicious IIS extensions during attacks:
Register with global assembly cache (GAC) PowerShell API: Every device with Common Language Runtime (CLR) hosts a device-wide cache called the global assembly cache (GAC). The GAC stores assemblies specifically designated to be shared by several applications on the device. GacInstall() is a PowerShell API to add modules into the global cache. Once installed, the module is available under the path %windir%\Microsoft.NET\assembly and is mapped to IIS (w3wp.exe) using appcmd.exe.
Figure 2. Attacker command using the GAC PowerShell API
Register using appcmd.exe: Appcmd.exe is the single command line tool for managing IIS. All critical aspects, such as adding or removing modules and handlers, can be performed using the utility. In this case, the attackers drop the malicious extension in the target application’s /bin folder and map it using the add module command.
Figure 3. Attacker command using appcmd.exe
Register using gacutil.exe: Gacutil.exe is a Visual Studio shipped .NET GAC utility. The tool allows the user to view and manipulate the contents of the GAC, including installing new modules using the -I option.
Figure 4. Attacker command using gacutil.exe
Register using web.config: After dropping the module in the application’s /bin folder, attackers can also edit the web.config of the target application or the global config file, applicationHost.config, to register the module.
Figure 5. Malicious web.config entry
Upon successful registration, the module is visible inside the IIS manager application.
Figure 6. Installed module visible in the list
Attack flow using a custom IIS backdoor
Between January and May 2022, our IIS-related detections picked up an interesting campaign targeting Microsoft Exchange servers. Web shells were dropped in the path %ExchangeInstallPath%\FrontEnd\HttpProxy\owa\auth\ via ProxyShell exploit.
After a period of doing reconnaissance, dumping credentials, and establishing a remote access method, the attackers installed a custom IIS backdoor called FinanceSvcModel.dll in the folder C:\inetpub\wwwroot\bin\. The backdoor had built-in capability to perform Exchange management operations, such as enumerating installed mailbox accounts and exporting mailboxes for exfiltration, as detailed below.
Command runs
PowerShDLL toolkit, an open-source project to run PowerShell without invoking powershell.exe, was used to run remote commands. The attacker avoided invoking common living-off-the-land binaries (LOLBins), such as cmd.exe or powershell.exe in the context of the Exchange application pool (MSExchangeOWAAppPool) to evade related detection logic.
Figure 7. Using PowerShDLL to run remote commands
Credential access
The attackers enabled WDigest registry settings, which forced the system to use WDigest protocol for authentication, resulting in lsass.exe retaining a copy of the user’s plaintext password in memory. This change allowed the attackers to steal the actual password, not just the hash. Later, Mimikatz was run to dump local credentials and perform a DCSYNC attack.
Figure 8. Mimikatz usage
Remote access
The attackers used plink.exe, a command-line connection tool like SSH. The tool allowed the attackers to bypass network restrictions and remotely access the server through tunneled RDP traffic.
Figure 9. Bypassing network restrictions
Exfiltration
The attacker invoked the IIS backdoor by sending a crafted POST request with a cookie EX_TOKEN. The module extracts the cookie value and initiates a mailbox export request with the supplied filter.
Figure 10. Attacker-generated POST request
The value decodes to: ep,06/21/2022,06/21/2022,C:\Windows\Web,Administrator, where ep is the command to initiate the mailbox export request with filters determining the start and end dates followed by the export path. The final command has the following syntax:
The table below details all the commands found in the backdoor:
Command
Description
test
Attempts to load Exchange Management Shell (EMS)- Add-PSSnapin Microsoft.Exchange.Management.Powershell.SnapIn
box
List all UserPrincipalNames-foreach ($name in Get-Mailbox -ResultSize unlimited){ Write-Output $name.UserPrincipalName}
ep
Run New-MailboxExportRequest cmdlet with supplied mailbox name, start and end date, and export path as filters.
gep
Get the task ID associated with the export request
ruh
Tamper with Exchange logs
Types of IIS backdoors
Reviewing the malicious managed (.NET) IIS extensions observed over the past year, we grouped these extensions based on various factors such as similar capabilities and sources of origin, as further detailed in the below sections.
Web shell-based variants
Web shells like China Chopper have been widely used in numerous targeted attacks. As China Chopper’s usage increased over the years, so did the detections. As a result, the attackers evolved and added IIS module-based versions of these web shells that maintain the same functionality. The module uses the same eval() technique that’s used in the script version for running the code. While most antivirus solutions would detect the one-liner web shell, such as < %@page language=js%><%eval(request.item(<password>),”unsafe”);%>, embedding the same code in an IIS module generates lower detection rates.
In the module version, the attacker-initiated POST request contains the code along with the arguments in parameters z1 and z2, like the script-based version.
Figure 13. China chopper IIS module – version 1Figure 14. Attacker generated POST data – version 1
In a different version, the module has the backdoor logic hardcoded inside the DLL and only waits for parameters z1 and z2. The parameter kfaero has the command exposed as sequential alphabets from ‘A-Q’.
Figure 15. China chopper IIS module – version 2
Like the script version, the IIS module has similar capabilities, such as listing and creating directories, downloading and uploading files, running queries using SQL adaptors, and running commands. To run commands, the attacker-initiated POST request contains the command “M” along with the arguments.
Figure 16. An example of an attacker generated POST data – version 2
Antsword is another popular web shell widely used in various targeted attacks. Custom IIS modules inspired from the web shell’s code have been observed in the wild, which include similar architecture and capabilities. Interesting new features of these malicious modules include fileless execution of C# code and remote access via TCP socket connection.
Figure 17. Antsword IIS module code snippet
Based on the request, the module can take one of the two code paths. In case of /server-status, a socket connection is initiated from values in the custom header Lhposzrp.
Command
Description
FSoaij7_03Ip3QuzbIhvuilKIsoM9a48DTkvQKdwtKNA
Socket connection
8CDztbQb4fsQeU5AAuBs9OmRokoyFJ7F5Z
Close connection
31FKvk8VDcqZMA3iAq3944wjg
Send data
TU_LDzOsv
Receive data
For any other URL, the module follows a China Chopper-style architecture of commands, ranging from “A” through “R”. The additional “R” command allows the attackers to run C# code reflectively.
Figure 18. Command “R” to invoke code reflectively
Open-source variants
GitHub projects on creating backdoors for IIS have been available for some time now. Though mostly shared to educate the red team community, threat actors have also taken interest and lifted code from these projects. Using a public project that has been actively leveraged by attackers as an example, the original code includes the following capabilities:
Command
Implementation
cmd
Run command via cmd.exe /c
powershell
Run powershell via RunspaceFactory.CreateRunspace()
shellcode
Inject supplied shellcode into userinit.exe
In this case, the in-the-wild variants change the cookie names, keeping the rest of the code intact:
Figure 19. Side to side comparison of code from an open-source project (left) and code used by attackers (right)
On supplying a whoami command to the backdoor, the generated cookie has the following format:
Cookie: BDUSS=P6zUsk/1xJyW4PPufWsx5w==
The backdoor responds with an AES encrypted blob wrapped in base64. The decoded output has the following format:
Figure 20. Decoded response from the server
IIS handlers
As mentioned earlier, IIS handlers have the same visibility as modules into the request pipeline. Handlers can be configured to respond to certain extensions or requests. To create a managed IIS handler, the code must implement the IHttpHandler interface. The IHttpHandler interface has one method and one property with the following signatures:
Figure 21. IIS handler skeleton
Handlers can be registered by directly editing the web.config file or using the appcmd utility. The handler config takes a few important fields like path, which specifies the URL or extensions the handler should respond to, and verb, which specifies the HTTP request type. In the example below, the handler only responds to image requests ending with a .gif extension:
Figure 22. Malicious web.config entry
The handler is visible in the IIS manager application once successfully installed:
Figure 23. Installed handler visible in the list
Most of the handlers analyzed were relatively simple, only including the capability to run commands:
Figure 24. IIS handler running commands via cmd.exe
Interestingly, the response Content-Type is set to image/gif or image/jpeg, which presents a default image when browsing the image URL with the output hidden in <pre> tags. A possible reason for this could be to bypass network inspection since image files are generally considered non-malicious and are filtered and identified based on extensions.
Credential stealers
This subset of modules monitors sign-in patterns in outgoing requests and dumps extracted credentials in an encrypted format. The stolen credentials allow the attackers to remain persistent in the environment, even if the primary backdoor is detected.
The modules monitor for specific requests to determine a sign-in activity, such as /auth.owa default URL for OWA application. On inspecting the request, the module dumps the credentials in a .dat file. The contents are encrypted using XOR with a hardcoded value and wrapped with base64 encoding. The below image depicts a decoded sample output:
In another variant, the module looks for common placeholder variables for passing credentials used in different ASP.Net applications. The dumped credentials are AES encrypted and wrapped with Base64 encoding, located in %programdata%\log.txt.
Figure 27. Backdoor looking for common credential placeholder variablesFigure 28. Sample decrypted entry
Improving defenses against server compromise
As we expect to observe more attacks using IIS backdoors, organizations must ensure to follow security practices to help defend their servers.
Apply the latest security updates
Identify and remediate vulnerabilities or misconfigurations impacting servers. Deploy the latest security updates, especially for server components like Exchange as soon as they become available. Use Microsoft Defender Vulnerability Management to audit these servers regularly for vulnerabilities, misconfigurations, and suspicious activity.
Keep antivirus and other protections enabled
It’s critical to protect servers with Windows antivirus software and other security solutions like firewall protection and MFA. Turn on cloud-delivered protection and automatic sample submission in Microsoft Defender Antivirus to use artificial intelligence and machine learning to quickly identify and stop new and unknown threats. Use attack surface reduction rules to automatically block behaviors like credential theft and suspicious use of PsExec and Windows Management Instrumentation (WMI). Turn on tamper protection features to prevent attackers from stopping security services.
If you are worried that these security controls will affect performance or disrupt operations, engage with IT professionals to help determine the true impact of these settings. Security teams and IT professionals should collaborate on applying mitigations and appropriate settings.
Review sensitive roles and groups
Review highly privileged groups like Administrators, Remote Desktop Users, and Enterprise Admins. Attackers add accounts to these groups to gain foothold on a server. Regularly review these groups for suspicious additions or removal. To identify Exchange-specific anomalies, review the list of users in sensitive roles such as mailbox import export and Organization Management using theGet-ManagementRoleAssignment cmdlet in Exchange PowerShell.
The distinctive patterns of server compromise aid in detecting malicious behaviors and inform security operations teams to quickly respond to the initial stages of compromise. Pay attention to and immediately investigate alerts indicating suspicious activities on servers. Catching attacks in the exploratory phase, the period in which attackers spend several days exploring the environment after gaining access, is key. Prioritize alerts related to processes such as net.exe, cmd.exe originating from w3wp.exe in general.
Inspect config file and bin folder
Regularly inspect web.config of your target application and ApplicationHost.config to identify any suspicious additions, such as a handler for image files—which is suspicious itself, if not outright malicious. Also, regularly scan installed paths like the application’s bin directory and default GAC location. Regularly inspecting the list of installed modules using the appcmd.exe or gacutil.exe utilities is also advisable.
Hardik Suri Microsoft 365 Defender Research Team
Appendix
Microsoft Defender Antivirus detects these threats and related behaviors as the following malware:
Backdoor:MSIL/SuspIISModule.G!gen
Backdoor:MSIL/SuspIISModule.H!gen
Backdoor:MSIL/SuspIISModule.K!gen
Backdoor:MSIL/OWAStealer.B
Backdoor:MSIL/OWAStealer.C
Behavior:Win32/SuspGacInstall.B
Endpoint detection and response (EDR)
Suspicious IIS AppCmd Usage
Hunting queries
To locate malicious activity related to suspicious IIS module registration, run the following queries:
Suspicious IIS module registration
DeviceProcessEvents
| where ProcessCommandLine has “appcmd.exe add module”
| where InitiatingProcessParentFileName == “w3wp.exe”
DeviceProcessEvents
| where InitiatingProcessFileName == “powershell.exe”
|where ProcessCommandLine has ” system.enterpriseservices.internal.publish”
| where InitiatingProcessParentFileName == “w3wp.exe”
DeviceProcessEvents
|where ProcessCommandLine has ” \\gacutil.exe /I”
| where InitiatingProcessParentFileName == “w3wp.exe”
Warning: This article contains major spoilers for Jordan Peele's "Nope."
Jordan Peele's third film "Nope" is a slow-burn UFO suspense-thriller. There are brutal moments for sure, but Peele's coy camera has much in common with the methodical M. Night Shyamalan. Coincidentally, Shyamalan followed his first two hits with a similarly suspenseful alien creature feature in "Signs." "Nope" also borrows from Steven Spielberg movies like "Jaws" as two Hollywood horse trainers risk it all to capture proof of a flying saucer. "Nope" is a movie about making movies, and about the seemingly universal hunger for viral fame. The enigmatic nature of UFOs stands in for the contest to capture public attention.
Peele's other genre twist is that this flying saucer is actually a ravenous monster itself. It's a supernatural apex predator that sucks up its prey with a whirling vortex. The alien eats its victims alive and spits out the rest. The director takes his time getting to this reveal to envelop you in the story of three Hollywood hangers-on who see little green men from beyond as their ticket to earthly attention. This is also the first horror movie shot on IMAX cameras and it looks incredible. Peele tapped Christopher Nolan's go-to large format shooter Hoyte van Hoytema ("Interstellar," "Dunkirk") as the film's cinematographer. IMAX captures the beauty of the Agua Dulce desert outside of Los Angeles, even at night, like nothing you've ever seen. It also gives immense scale to the brutal force that is both hunting humans from above, and savaging the selfie-taking culture.
Mysterious Objects Falling From The Sky
The first death in a good horror movie should pose a question about the nature of the evil at work. Legendary Hollywood horse trainer Otis Haywood Sr. (Keith David) is saddled up at his sprawling California desert ranch. He's the descendant of the first movie star, of sorts, the Black man riding a horse in the historical series of photos from 1878. Otis' son, OJ Haywood (Daniel Kaluuya), looks on as suddenly a hail of objects starts falling from the sky. OJ is unharmed, but when he looks over, his father's horse is wandering off course and the family patriarch is unresponsive.
Cut to a frantic car ride to the hospital. Otis is leaning against the passenger window covered in blood as OJ tries to keep him conscious. Next, there's a quiet shot as OJ sits solemnly next to a body on a hospital gurney. The room is bright and there are no doctors working away. When the X-ray image comes on-screen, there is a U.S. nickel embedded in Otis' brain. Then it's the money shot, and it is brutal. The coin entered Haywood's eye. He never had a chance. At one point viewers can also see a key embedded in the hide of Otis' horse. OJ is told all this refuse fell from a plane, but as he says, "That never made sense to me." Jordan Peele's script hooks you instantly with this brutal and mysterious death.
The Bloody House
Jordan Peele layers on topical themes that will keep you thinking about his movies, but he also conjures up some equally memorable images. In the final act, the flying saucer monster is dubbed Jean Jacket by OJ, named after a horse the viewers learn was meant to be Emerald Haywood's (Keke Palmer) first horse when she was a kid. That's how the Haywoods come to understand and contend with this monster from beyond. They treat it like a temperamental stage animal because that's what they know best.
OJ and Emerald's plan to capture the "Oprah shot" of this alien and save their ranch hits a stormy patch when Jean Jacket has a gruesome bout of indigestion. The creature has just had a particularly big meal, but inorganic matter doesn't suit this beast. That's when it unleashes a flood of blood and keys and more coins right on top of the Haywood home. The entire ranch looks like a gruesome crime scene as blood drips down the white wood, pouring down the banisters and front porch. It's an iconic image harkening back to the similarly brutal and bloody elevator shot in Stanley Kubrick's "The Shining." This sequence is unnerving, but it also plays a part in figuring out a crucial weakness the alien has. Peele leans heavily on "Jaws" as a reference, but unlike that indiscriminate man-eating monster, Jean Jacket has a delicate tummy, which may be the key to bringing it down.
Gordy The Murderous Chimp
"Nope" is a horror movie about making a horror movie as sibling horse trainers try to capture the impossible shot: genuine, clear photographic proof of a real UFO. The film is full of cameras, filmmaking, and filmmakers. Given how meta this story is, it's fitting the film's chilling and effective opening shot is of something gone horribly wrong on a studio set. There's a woman prostrate on her back, but the view of her and the disordered room is obscured. She's partially behind a couch but one of her shoes is strangely turned up and standing on a point in one of the film's ominous "bad miracles." That's when Gordy the chimp emerges. He's wearing a bright yellow sweater and both the garment and his face are covered in blood.
Later the audience learns this was the set of a '90s family sitcom "Gordy's Home" with a form factor a little like "Alf." During one episode, "Gordy's Birthday," some balloons trigger the overworked animal, and he snaps. He bludgeons the female lead of this show half to death and then leans in and eats her face off camera. It's not until the end viewers learn the film's opening shot was actually the vantage of the sitcom's child star as he hid from the killer primate. Once again, Jordan Peele doesn't show us too much. The brutality is mostly done by implication, and it's all the more gruesome in fans' imaginations.
Gordy's Disfigured Second Victim
The Gordy subplot seems to have been inspired by a real chimp mauling in 2009. A Connecticut couple raised Travis the chimp in their home almost from birth until he snapped in a hideous display of primal strength. Travis attacked a woman, ripping off her nose, gouging out and eating her eyes, tearing off her fingers, and nearly an arm. Somehow she survived but was hideously disfigured. Audiences don't initially know the extent of Gordy's rampage, but from the opening shot, you suspect there are more victims.
Steven Yeun plays Ricky "Jupe" Park. He's the "Gordy's Home" child star who survived the attack, all grown up. He runs a wild-west theme park based on his other well-known child-star role, but now he's marginally famous at best. The real jewel of his empire is a macabre museum to the Gordy incident. But now, the UFO sightings have turned his wild west act into a viewing exhibition for the visitor from beyond. During Jupe's stage show, he introduces his former costar, Mary Jo Elliot. She played the teenage daughter on "Gordy's Home," and now her fate has been revealed. She's sitting quietly in the bleachers, wearing a large hat with an attached veil, completely obscuring her face. The implication is clear. When the alien does appear it blows up her veil as the wind picks up, and the tragic truth is clear: Gordy didn't eat cake on his birthday episode; he ate Mary Jo's face.
Gordy's Death
In the real case of Travis the chimp eating a woman's face, there were warning signs. Travis lived in the home of a Connecticut couple and was treated as a human member of the family. He watched TV and even had his own pet cat. He was also a local celebrity so when he took off his seatbelt in traffic one day and chased after a pedestrian in a defiant incident that lasted hours, authorities somehow decided he wasn't a danger. Things really changed when Travis' adopted father died in 2004. The chimp was badly bereaved and would turn photos of his adopted father face down. Travis slept in the bed of his adopted mother and was even known to drink wine and Xanax was later found in his system, apparently given to him to calm his nerves. It was five years later he snapped and tore off a woman's fingers and face. When police arrived they shot Travis four times at point-blank range, ultimately killing the chimpanzee.
Gordy's end is similarly dramatic. After the rampage on the set of "Gordy's Home," Gordy notices young Jupe hiding under a table. He approaches slowly and reaches out his fist. Terrified, Jupe reaches back to perform their familiar fist bump. Just before they touch, a shot rings out and blood spatters the table cloth between the two friends, with some of the gore landing on the child's face. It's an effectively sudden end to a suspenseful subplot that lasts the length of this film.
The Death Of TMZ
During the climactic showdown with the man-eating flying saucer Jean Jacket, a mirage appears in the California desert that nails down writer-director Jordan Peele's primary theme in "Nope." It's a TMZ-style reporter on an electric motorcycle. He's gotten wind strange things are blowing over the skies of the Haywood ranch and wants the scoop via the DLSR and smartphone mounted to one overstuffed gimbal. He's also faceless in an eerily reflective helmet. Mirrors are a trope in "Nope," as they reveal what so many people are most obsessed with, but they spook the animals, too.
The anonymous TMZ reporter is the culture encroaching on OJ and Emerald's desert discovery. Initially, he tries to ambush-interview Emerald. She warns him to leave but the reporter guns it toward Jean Jacket. Everyone here is willing to risk their lives for content. Jean Jacket happens to also be something of a flying EMP. He eats humans whole and effectively shuts down their little content machines. Everything electric in its path goes dead. That's inconvenient for chasing viral videos, but also for the reporter going 60 MPH on an electric bike. As he approaches, his wheels lock up and he's hurled over the handlebars in a bone-crunching fall. Emerald tries to save him, but hilariously, the TMZ guy wants a selfie in his mangled state first. This delay is his doom. Peele doesn't drown the audience in brutal gore, but his pet themes are layered on thick.
The Death Of The Director
Pugilistic prankster and video maker Logan Paul went viral for his negative review of "Nope," which hilariously misses the theme. Many were quick to point out the irony considering Paul, of suicide forest fame, is known for the exact content-beast culture "Nope" is satirizing. On this theme some were also mystified by the death of the director character, Antlers Holst, played by the irreplaceable Michael Wincott, in his juiciest role since "The Crow." He's in charge of the film the Haywoods are fired from in the opening act when the crew refuses to listen to OJ's warnings about how to behave around the stage horse, causing the animal to lash out. However, Holst is an obsessive auteur who spends his days going over old footage of a boa constrictor successfully subduing a full-grown tiger. Talk about an impossible shot! When he hears about OJ and Emerald's plan to get something even more elusive on film, he shows up ready to roll with a hand crank camera.
In the final scene, Holst captures the shot from under the safety of a camouflage tarp but this Captain Ahab-type can't help himself. He grabs his camera and runs up the mountain towards Jean Jacket. As the creature's vortex sucks him aloft, Holst cranks away, shooting his feet floating above the ground, and then, gets a shot directly into the belly of the beast. This is the ultimate impossible shot, and not one he survives. It's also Jordan Peele's climactic statement on the value of content in today's culture: It's worth more than life itself.
If you or anyone you know is having suicidal thoughts, please call the National Suicide Prevention Lifeline by dialing 988 or by calling 1-800-273-TALK (8255).
Post-credits scenes are all the rage now thanks to the Marvel Cinematic Universe, with most of them serving to set up future sequels (sometimes at the expense of the film at hand). These days, though, my personal favorites are the post-credits scenes that subvert your expectations, be it by adding to the ambiguity of the movie's ending or paying off an earlier plot point or running gag. In a way, these cases harken back to the original idea behind post-credits scenes, which was to reward patient audience members with a little treat for hanging around after the movie was over — even if that "reward" was merely a character telling those still present to go home already.
Thankfully, it didn't take long for the MCU to start toying with moviegoers with its post-credits teases. "The Avengers" was the first to really do this in 2012 with its now-famous scene of Earth's Mightiest Heroes looking exhausted as the chow down on some shawarma. "Iron Man 3" and "Guardians of the Galaxy" followed suit in 2013 and 2014, delivering last-minute punchlines to previous moments or elements in the movies (Tony Stark's voiceover and the destruction of the Collector's archives, respectively). But it was 2017's "Spider-Man: Homecoming" that took this trend a step further.
Throughout the movie, Peter Parker's amusingly checked-out high school gym teacher Coach Wilson (Hannibal Buress) forces him and his classmates to watch a series of PSA videos featuring Steve Rogers (Chris Evans) in his full Captain America regalia. (At one point, Wilson casually remarks that Steve is technically a "war criminal" before showing his students one of the videos anyway.) The film's credits would later revisit this thread with a scene that, as it turns out, was largely improvised by Evans.
'How Many More Of These?'
While it was far from the first movie to include a post-credits scene, John Hughes' classic 1986 high school comedy "Ferris Bueller's Day Off" was certainly one of the most famous films to do this prior to the MCU (with 2016's "Deadpool" even going so far as to pay direct homage to the movie's post-credits gag). In a 2018 interview with Entertainment Weekly, Marvel Studios head honcho Kevin Feige confirmed that Hughes' film helped pave the way to the MCU's own parade of post-credit treats:
"It was the greatest thing in the world. I thought it was hilarious. It was like a little reward for me for sitting through the credits."
The influence of Hughes' movie is all-too-apparent in the post-credits scene for "Spider-Man: Homecoming," in which Steve Rogers cheekily talks up the value of patience before asking off-camera, "How many more of these?" Sure enough, Feige described this extended gag as the MCU's "homage to John Hughes and going back to the first Ferris Bueller one," telling EW, "We had Chris [Evans] ad-lib that conversation to the camera when we were filming his little cameos for Spider-Man."
For the most part, however, the MCU has moved away from these types of winking jokes since "Homecoming" in favor of more story-driven post-credits scenes that tee up future movies. In a sense, this shift makes sense. Were the franchise to go overboard with the post-credits gags, it could lead to a backlash from audiences. On the other hand, Marvel Studios' constant fixation on the future has led to (frankly, valid) criticisms that certain MCU films act as little more than bridges between other movies, so perhaps a slide back to more joke-y after-credits scenes is in order? It's something to think about, anyway.
China tried to build a network of informants inside the Federal Reserve system, at one point threatening to imprison a Fed economist during a trip to Shanghai unless he agreed to provide nonpublic economic data, a congressional investigation found. From a report: The investigation by Republican staff members of the Senate's Committee on Homeland Security and Governmental Affairs found that over a decade Fed employees were offered contracts with Chinese talent recruitment programs, which often include cash payments, and asked to provide information on the U.S. economy, interest rate changes and policies, according to a report of the findings released on Tuesday. In the case of the economist, the report said, Chinese officials in 2019 detained and tried to coerce him to share data and information on U.S. government policies, including on tariffs while the U.S. and China were in the midst of a trade war. The report doesn't say whether any sensitive information was compromised. Access to such information could provide valuable insights given the Fed's extensive analysis of U.S. economic activity, its oversight of the U.S. financial system, and the setting of interest-rate policy.
The Republican-led investigation said the Fed failed to mount an adequate response. The report's findings show "a sustained effort by China, over more than a decade, to gain influence over the Federal Reserve and a failure by the Federal Reserve to combat this threat effectively." Fed Chairman Jerome Powell strongly disputed the report's findings and called its characterizations of some employees unfair. "Because we understand that some actors aim to exploit any vulnerabilities, our processes, controls, and technology are robust and updated regularly. We respectfully reject any suggestions to the contrary," he wrote in a letter to Sen. Rob Portman of Ohio, the committee's top Republican.
An anonymous reader writes: In the quest to retain workers, companies are sharpening their focus on a very specific common goal: 90 days. Hold on to an employee for three months, executives and human-resources specialists say, and that person is more likely to remain employed longer-term, which they define as anywhere from a year on in today's high-turnover environment. That has led manufacturing companies, restaurants, hotel operators and others to roll out special bonuses, stepped-up training and new programs to prevent new hires from quitting in their first three months on the job. Heating and air-conditioning company Carrier Global began pairing new hires with a more experienced "buddy" in its manufacturing facilities after discovering most attrition happened before an employee hit the three-month mark, said Chief Executive David Gitlin.
Executives at Minneapolis video software company Qumu have retooled training and onboarding processes partly around the goal of reducing what the company calls "quick quits," or departures within three months, said Mercy Noah, Qumu's vice president of human resources. Some franchisees for McDonald's, Wendy's and others advertise new-hire bonuses of hundreds of dollars, many payable after 90 days; CVS Health gives warehouse workers at some of its facilities a $1,000 bonus if they stay on the job for three months. This summer's labor market is among the tightest in decades, and finding enough workers, let alone desirable workers, remains so difficult that companies are increasingly motivated to retain new hires. Three months has traditionally been considered enough time for employees to begin to prove themselves, veteran human-resources executives say. Many companies also still enforce 90-day probationary periods, with some withholding benefits like health insurance in the meantime. Just as it can take weeks of consistent effort to develop an exercise habit that sticks, employers have found that 90 days is typically enough time for workers to get into a steady routine of a new job. This can be particularly important for hourly employees in higher-turnover industries like hospitality or manufacturing, executives say, where workers have plenty of options.
![[Movie Review] THE REEF: STALKED](https://i0.wp.com/www.nightmarishconjurings.com/wp-content/uploads/2022/06/TheReef_1080X1600_THT.jpg?resize=640%2C948&ssl=1)
