• The Old New Thing

    Coffee machine or assault weapon?


    Coffee Machine Assault Weapon
    AK-47   X
    M-90 Automatic X  
    KF550-BK X  
    XM15-E2S   X
  • The Old New Thing

    Beware the hash reset attack


    There are a variety of message digest algorithms out there, MD5 being a particularly popular one. These generate a "message digest" (essentially, a hash) so you can detect whether somebody has tampered with a file, the theory being that it's hard to tamper with a file without changing its hash.

    But make sure you record the file size as well as the digest.

    Not that collisions are necessarily easy to create by mistake. (I've heard a rumor that the deployment team has seen an MD5 collision, but it's just a rumor. I have no evidence. Heck, maybe what really happened was that somebody on the deployment got their MR2 into a car accident...)

    Anyway, the possibility of a "reset attack" makes collisions trivial to create.

    Hash generators typically operate on a stream. The hash engine maintains some state. The file to be hashed is broken up into chunks, and each chunk is combined with the engine's state variables in some complex way. When you have passed all the data through the engine, you push a button on the engine and out pops the hash value (which is typically a copy of the state variables, or possibly a subset of them).

    Now suppose somebody came up with a way of "resetting" the engine; that is, returning it to the initial state. Here's how they can make any document match your digest:

    First, create an alternate message and send it through the hash engine.

    Next, generate the bytes necessary to "reset" the engine.

    Finally, append the original message.

    In other words, the fake file looks like this:

    [alternate message][garbage][original message]

    where "garbage" is the reset.

    This fake file has the same hash as the original message, since the "garbage" resets the hash engine to the initial state, at which point the replay of the original message regenerates the hash.

    Result: A file with the same hash as the original, but with different content!

    In a proper attack, of course, the "alternate message" would be crafted so the garbage and original mesage would be ignored. You might end it with a marker that means "Ignore everything after this point." (For HTML, you can just say <NOFRAMES> and everything after that point will be largely ignored by all modern browsers.) Many other file types encode the expected file length in the header, in which case you can append whatever garbage you want without having any effect.

    But if you also store the file size with the hash, then the reset attack fails, because a reset attack always generates a file bigger than the original. To create a collision, they would have to create a shorter alternate message than the original, and then fiddle with the extra bytes to get the desired target hash to come out. This is significantly harder than just resetting.

    (I'm not aware of anybody who has successfully been able to reset MD5, mind you. This is a protective measure: If somebody figures out how to reset MD5, a small bit of work on your side will prevent you from falling victim.)

  • The Old New Thing

    Letterboxing: Geocaching without the GPS


    Geocaching is sort of like global hide-and-seek (with hints) for technology geeks.

    I stumbled upon a non-GPS version of this diversion, known as Letterboxing (not to be confused with letterboxed movies, another subject entirely).

    By the way, if geocaching isn't enough "fun with a GPS" for you, you can try The Degree Confluence Project. See the world with a GPS, experience other cultures, learn a few words of the local language:

    The Thais kept asking how many farang (foreigners) did this and how much they got paid. I must have heard the phrase "farang Baar", (foreigners are crazy) more than a couple of times that evening.
  • The Old New Thing

    String sorting is not done by ASCII code any more.


    Just because you have the ASCII table memorized doesn't mean you know how sorting works.

    I remember a bug filed where somebody said that the "sort" command was sorting underscores incorrectly:


    this was claimed to be wrong "because underscore character follow uppercase letters and precedes lowercase letters".

    Well perhaps it does if you think ASCII sorting is the way sorting should be.

    ASCII sorting is so last century.

    The CompareString function describes two types of sorting, "word sort" and "string sort". And both of them sort punctuation before letters.

  • The Old New Thing

    The coolest thing you can do with a Gameboy is not "play a game on it"


    From Public Radio International, The Next Big Thing covers The Gameboy Music Match.

    These days, a lot of electronic music is performed directly off of a laptop, which most people complain looks a lot like someone up there on stage checking their email. But Gameboy music isn't just for listening. It's also a performance. Nullsleep plays with both thumbs tapping, both feet moving, and head swaying. Okay, yeah, it looks like he's playing a video game. But a really great video game.

    Read the episode rundown or listen directly to the fourth story, Hot GameBoy Music Club. (The story was re-run a year later under the much catchier title New Old Sounds.)

  • The Old New Thing

    When do you put ... after a button or menu?


    When do you put "..." after a button or menu? For example, some menus say "Save as..." and some buttons say "Customize...". What is the rule for dots?

    Many people believe that the rule for dots is "If it's going to display a dialog, then you need dots." This is a misapprehension.

    The rules are spelled out in the Windows User Interface Design Specifications and Guidelines (what a mouthful). Scroll down to "Ellipses".

    I could repeat what's written there, or I could just tell you to read it.

    I'm going to tell you to read it.

    Okay, maybe I'm going to repeat what's written there, but briefly:

    Use an ellipsis if the command requires additional information before it can be performed. Sometimes the dialog box is the command itself, such as "About" or "Properties". Even though they display a dialog, the dialog is the result, as opposed to commands like "Print" where the dialog is collecting additional information prior to the result.

  • The Old New Thing

    Plane-spotters to require government license


    Plane-spotters to require government license. The article spins it as a "benefit" for ground-based aviation buffs, but this is just one of those "two steps back, one step forwards" things. Plane-spotters were outright banned from airports in the summer of 2003.

    Now they can go back, but they'll need to shell out £15 for the privilege.

    And if I, random small-time aviation buff, want to go out and look at the pretty planes as they fly overhead, I'm out of luck. The "authorized" plane admirers might even report me as a security risk.

    I hope I won't be convicted of international espionage.

  • The Old New Thing

    Who'll be where for whom?


    Mike Pesca undertakes a textual analysis of the Friends theme song.

  • The Old New Thing

    How did those FILE_SHARE_* values come to be?


    Larry Osterman picks up the history ball and describes how those FILE_SHARE_* values came to be.

  • The Old New Thing

    When do you disable an option and when do you remove it?


    When you're displaying a menu item or a dialog option, and the option is not available, you can either disable it or you can remove it. What is the rule for deciding which one to do?

    Experiments have shown that if something is shown but disabled, users expect that they will be able to get it enabled if they tinker around enough.

    So leave a menu item shown but disabled if there is something the user can do to cause the operation to become available. For example, in a media playback program, the option to stop playback is disabled if the media file is not playing. But once it starts playing, the option becomes available again.

    On the other hand, if the option is not available for a reason the user has no control over, then remove it. Otherwise the user will go nuts looking for the magic way to enable it. For example, if a printer is not capable of printing color, don't show any of the color management options, since there's nothing the user can do with your program to make that printer a color printer.

    By analogy, consider a text adventure game. The player tries something clever like "Take the torch from the wall", and the computer replies, "You can't do that, yet." This is the adventure game equivalent to graying out a menu item. The user is now going to go nuts trying to figure out "Hm, maybe I need a chair, or the torch is too hot, or I'm carrying too much stuff, or I have to find another character and ask him to do it for me..."

    If it turns out that the torch is simply not removable, what you've done is send the user down fruitless paths to accomplish something that simply can't be done. For an adventure game, this frustration is part of the fun. But for a computer program, frustration is not something people tend to enjoy.

    Note that this isn't a hard-and-fast rule; it's just a guideline. Other considerations might override this principle. For example, you may believe that a consistent menu structure is more desireable because it is less confusing. (A media playback program for example might decide to leave the video-related options visible but grayed when playing a music file.)

Page 388 of 426 (4,251 items) «386387388389390»