9 posts • joined 20 Aug 2016
Q: If Pesky Pepper had a peek at patient papers, at how many patient papers did Pesky Pepper peek? A: 231
Wikipedia's use of Whois
Part of my recent rummaging in Wikipedia is figuring out whether to recommend a block on editing by IP addresses that repeatedly vandalize. To do this right, it's important to find out whether the IP is assigned to a large ISP (so probably an individual customer) or to something like a school or public library (so you are likely blocking innocent users of a public terminal, for example). Whois is the tool of choice for finding out.
Does this change mean that Wikipedia self-appointed cops and nags will have less information to go on?
I agree with statements above that there is no excuse for shipping these bugs, or for violating "it ain't broke don't fix it" by changing signed to unsigned without good reason... but I do understand the instinct. Since I first encountered K&R v1, I wondered why the hell the authors made strlen return a signed integer. I could only assume they were too lazy to type the (too-long) word "unsigned". Or was unsigned not in the first version of the language? - frankly I forget.
It just makes large parts of my brain hurt when an integer that can never represent a negative quantity (string or array length being the canonical examples) is declared signed. It's sad that "signed" is the default because I'd be so bold as to say that most of the integers I declare can never go negative.
Ahhh... memories of the time I subverted the normal approval process and persuaded certain engineers to remove the toys, media player, and "take a tour!" from Windows Server 2003 OOB experience, which was about to launch looking just like XP OOB. Looks like they have re-learned the lesson.
74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+
Re: "the SMB server bug is the result of a buffer overflow in Microsoft's code. "
"Remember when MS claimed they'd spent $Bn training their devs to not write insecure code and totally re-written the code base to eliminate these flaws?"
Never claimed to have rewritten the codebase. Everyone was made to own, and responsible for reviewing, part of the old crufty code, some of which was years old. So someone's name it on this. But these 16/32/64 confusions, and (especially) the byte/char confusion when moving from the ASCII to the Unicode days, are incredibly difficult to spot. During the NIMDA (I think) attack, their security bods posted the offending code and even then most people couldn't see it until it was explained.
Why connect to the killswitch server?
One thing I don't understand about the kill switch. It seems to look up the garbage name, and then connect to the server to see it it's responding. But since the key action seems to be registering the name, then surely having DNS return a valid IP address should be enough to say "stop". There would be no need to go on with a connection; the server itself could be clogged (the more successful the spread of the malware, the more likely that it), or down for a while, so the success of the kill would be flaky.
Or is the idea that, even after the name is registered, the kill switch can be turned back on by just shutting the service down?
Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell
Re: "On Linux we’re just another shell"
It's an open secret that when MS converted the Hotmail front-ends from BSD to Windows 2000 (what, over 15 years ago) and post-mortemed the project, one (among several) clear shortcoming was the scripting capabilities. Geoffrey was already toying with an interpreted, scriptable .NET language, and the HM experience was one of the drivers to make it into a product. Take the existing shells, superset them and apply to Windows.