• The Old New Thing

    You can do anything at zombo.com, anything at all

    • 15 Comments

    Zombo has been around for many years, and yet I still find it hilarious (requires Flash).

    I just went back to check, and alas the introduction actually ends. But fortunately, they made it even cooler by having a text-only version. (Still requires sound.)

  • The Old New Thing

    Do you know when your destructors run? Part 1.

    • 10 Comments

    Larry Osterman discussed the importance of knowing when your global destructors run, but this problem is not exclusive to global objects. You need to take care even with local objects. Consider:

    void Sample()
    {
      if (SUCCEEDED(CoInitialize(NULL))) {
        CComPtr<IXMLDOMDocument> p;
        if (SUCCEEDED(p.CoCreateInstance(CLSID_IXMLDOMDocument))) {
         ...
        }
        CoUninitialize();
      }
    }
    

    Easy as pie. And there's a bug here.

    When does the destructor for that smart-pointer run?

    Answer: When the object goes out of scope, which is at the closing brace of the outer if statement, after the CoUninitialize call.

    So you shut down COM, and then try to access a pointer to a COM object. This is not good. (Or as Larry describes it, "Blam!")

    To fix this problem, you have to release all your COM pointers before the CoUninitialize. One way would be to insert a p.Release() at the end of the inner if. (But of course, if you're going to do that, then why bother using a smart pointer?)

    Another fix would be to introduce a seemingly unnecessary scope:

    void Sample()
    {
      if (SUCCEEDED(CoInitialize(NULL))) {
        {
          CComPtr<IXMLDOMDocument> p;
          if (SUCCEEDED(p.CoCreateInstance(CLSID_IXMLDOMDocument))) {
           ...
          }
        } // ensure p is destructed before the CoUninit
        CoUninitialize();
      }
    }
    

    Make sure you leave that comment there or the next person to come across this code is going to "clean it up" by removing the "redundant" braces.

    Of course, this is still too subtle. Here's another solution: Put the CoUninitialize inside a destructor of its own!

    class CCoInitialize {
    public:
     CCoInitialize() : m_hr(CoInitialize(NULL)) { }
     ~CCoInitialize() { if (SUCCEEDED(m_hr)) CoUninitialize(); }
     operator HRESULT() const { return m_hr; }
     HRESULT m_hr;
    };
    
    void Sample()
    {
      CCoInitialize init;
      if (SUCCEEDED(init)) {
        CComPtr<IXMLDOMDocument> p;
        if (SUCCEEDED(p.CoCreateInstance(CLSID_IXMLDOMDocument))) {
         ...
        }
      }
    } // CoUninitialize happens here
    

    This works even if you put the smart pointer at the same scope, as long as you put it after the CCoInitialize object:

    void Sample()
    {
      CCoInitialize init;
      CComPtr<IXMLDOMDocument> p;
      if (SUCCEEDED(init) &&
          SUCCEEDED(p.CoCreateInstance(CLSID_IXMLDOMDocument))) {
       ...
      }
    }
    

    This works because objects with automatic storage duration are destructed in reverse order of declaration, so the object p wil be destructed first, then the object init.

    Mind you, this is basically subtle no matter now you slice it. Nobody said programming was easy.

    Tomorrow, part 2.

  • The Old New Thing

    Coffee machine or assault weapon?

    • 12 Comments

    Coffee Machine Assault Weapon
    AK-47   X
    M-90 Automatic X  
    KF550-BK X  
    XM15-E2S   X
  • The Old New Thing

    Beware the hash reset attack

    • 18 Comments

    There are a variety of message digest algorithms out there, MD5 being a particularly popular one. These generate a "message digest" (essentially, a hash) so you can detect whether somebody has tampered with a file, the theory being that it's hard to tamper with a file without changing its hash.

    But make sure you record the file size as well as the digest.

    Not that collisions are necessarily easy to create by mistake. (I've heard a rumor that the deployment team has seen an MD5 collision, but it's just a rumor. I have no evidence. Heck, maybe what really happened was that somebody on the deployment got their MR2 into a car accident...)

    Anyway, the possibility of a "reset attack" makes collisions trivial to create.

    Hash generators typically operate on a stream. The hash engine maintains some state. The file to be hashed is broken up into chunks, and each chunk is combined with the engine's state variables in some complex way. When you have passed all the data through the engine, you push a button on the engine and out pops the hash value (which is typically a copy of the state variables, or possibly a subset of them).

    Now suppose somebody came up with a way of "resetting" the engine; that is, returning it to the initial state. Here's how they can make any document match your digest:

    First, create an alternate message and send it through the hash engine.

    Next, generate the bytes necessary to "reset" the engine.

    Finally, append the original message.

    In other words, the fake file looks like this:

    [alternate message][garbage][original message]
    

    where "garbage" is the reset.

    This fake file has the same hash as the original message, since the "garbage" resets the hash engine to the initial state, at which point the replay of the original message regenerates the hash.

    Result: A file with the same hash as the original, but with different content!

    In a proper attack, of course, the "alternate message" would be crafted so the garbage and original mesage would be ignored. You might end it with a marker that means "Ignore everything after this point." (For HTML, you can just say <NOFRAMES> and everything after that point will be largely ignored by all modern browsers.) Many other file types encode the expected file length in the header, in which case you can append whatever garbage you want without having any effect.

    But if you also store the file size with the hash, then the reset attack fails, because a reset attack always generates a file bigger than the original. To create a collision, they would have to create a shorter alternate message than the original, and then fiddle with the extra bytes to get the desired target hash to come out. This is significantly harder than just resetting.

    (I'm not aware of anybody who has successfully been able to reset MD5, mind you. This is a protective measure: If somebody figures out how to reset MD5, a small bit of work on your side will prevent you from falling victim.)

  • The Old New Thing

    Letterboxing: Geocaching without the GPS

    • 4 Comments

    Geocaching is sort of like global hide-and-seek (with hints) for technology geeks.

    I stumbled upon a non-GPS version of this diversion, known as Letterboxing (not to be confused with letterboxed movies, another subject entirely).

    By the way, if geocaching isn't enough "fun with a GPS" for you, you can try The Degree Confluence Project. See the world with a GPS, experience other cultures, learn a few words of the local language:

    The Thais kept asking how many farang (foreigners) did this and how much they got paid. I must have heard the phrase "farang Baar", (foreigners are crazy) more than a couple of times that evening.
  • The Old New Thing

    String sorting is not done by ASCII code any more.

    • 31 Comments

    Just because you have the ASCII table memorized doesn't mean you know how sorting works.

    I remember a bug filed where somebody said that the "sort" command was sorting underscores incorrectly:

    AAA__
    AAAAA
    

    this was claimed to be wrong "because underscore character follow uppercase letters and precedes lowercase letters".

    Well perhaps it does if you think ASCII sorting is the way sorting should be.

    ASCII sorting is so last century.

    The CompareString function describes two types of sorting, "word sort" and "string sort". And both of them sort punctuation before letters.

  • The Old New Thing

    The coolest thing you can do with a Gameboy is not "play a game on it"

    • 5 Comments

    From Public Radio International, The Next Big Thing covers The Gameboy Music Match.

    These days, a lot of electronic music is performed directly off of a laptop, which most people complain looks a lot like someone up there on stage checking their email. But Gameboy music isn't just for listening. It's also a performance. Nullsleep plays with both thumbs tapping, both feet moving, and head swaying. Okay, yeah, it looks like he's playing a video game. But a really great video game.

    Read the episode rundown or listen directly to the fourth story, Hot GameBoy Music Club. (The story was re-run a year later under the much catchier title New Old Sounds.)

  • The Old New Thing

    When do you put ... after a button or menu?

    • 34 Comments

    When do you put "..." after a button or menu? For example, some menus say "Save as..." and some buttons say "Customize...". What is the rule for dots?

    Many people believe that the rule for dots is "If it's going to display a dialog, then you need dots." This is a misapprehension.

    The rules are spelled out in the Windows User Interface Design Specifications and Guidelines (what a mouthful). Scroll down to "Ellipses".

    I could repeat what's written there, or I could just tell you to read it.

    I'm going to tell you to read it.

    Okay, maybe I'm going to repeat what's written there, but briefly:

    Use an ellipsis if the command requires additional information before it can be performed. Sometimes the dialog box is the command itself, such as "About" or "Properties". Even though they display a dialog, the dialog is the result, as opposed to commands like "Print" where the dialog is collecting additional information prior to the result.

  • The Old New Thing

    Plane-spotters to require government license

    • 3 Comments

    Plane-spotters to require government license. The article spins it as a "benefit" for ground-based aviation buffs, but this is just one of those "two steps back, one step forwards" things. Plane-spotters were outright banned from airports in the summer of 2003.

    Now they can go back, but they'll need to shell out £15 for the privilege.

    And if I, random small-time aviation buff, want to go out and look at the pretty planes as they fly overhead, I'm out of luck. The "authorized" plane admirers might even report me as a security risk.

    I hope I won't be convicted of international espionage.

  • The Old New Thing

    Who'll be where for whom?

    • 1 Comments

    Mike Pesca undertakes a textual analysis of the Friends theme song.

Page 401 of 439 (4,383 items) «399400401402403»