July, 2006

  • The Old New Thing

    Before you can learn to recognize what's wrong, you must learn to recognize what's right


    Sometimes, when I'm debugging a problem, I'll ignore a particular thread and somebody will ask, "What is that thread doing, and how did you know to ignore it?"

    My reply: "I have no idea what it's doing, but whatever it's doing, it's normal."

    Tess has been running an excellent series of posts on debugging the CLR, but one of the most important lessons is where you learn about things to ignore when debugging an ASP.NET hang.

    Hangs and deadlocks are tricky to debug because there is no unhandled exception that says, "Look at me, I'm a bug!" Instead, the program just grinds to a halt and you have to go spelunking to figure out why. What you are looking for is anything out of the ordinary, but in order to recognize what that is, you first need to know what is ordinary.

    So do that. Run your program, let it do its thing, then break in with the debugger and take a look around. Make a note of what you see. Those are things that are going on when nothing is wrong. This is what your program looks like when it is running normally. Now that you know what normal operations look like, you can recognize the abnormal stuff.

    Note that you don't even have to know what all those normal things are. For example, when I connect to a process with the debugger, I often find threads lying around which are waiting inside RPC or the kernel thread pool. I don't know what they are doing, but since they are always there, I don't pay much attention to them.

  • The Old New Thing

    Mr. T prefers a double-shot of espresso with two graham crackers, go figure


    Back in November, Paul Davidson popped into his local Starbucks coffee shop and ended up in line right behind Mr. T. Unlike me, Mr. Davidson actually knew ahead of time what he was going to ask the former A-Team heavy. And the answer was worth waiting for.

    (Via TV Squad: Mr. T likes espresso, fool!)

    Mr. T has not disappeared from the scene entirely, however. TV Land announced [pdf] last September a new reality show starring the former A-Team heavy tentatively titled I Pity The Fool (capital "The" for some reason). More recent coverage.

  • The Old New Thing

    No, really, why is it 160x31?


    When I discussed some time ago why minimized windows have an apparent size of 160x31, I explained that the minimized icon is a miniature title bar, but I managed not to explain why the values are exactly 160 and 31.

    The width of the miniature title bar is determined by the iWidth member of MINIMIZEDMETRICS structure. You can retrieve and change this structure with the help of the SystemParametersInfo function. (Use the SPI_GETMINIMIZEDMETRICS and SPI_SETMINIMIZEDMETRICS flags, respectively.) Some people will mention the MinWidth registry value, but those people are wrong. Notice, for example, that messing with MinWidth requires a logoff cycle, whereas using SPI_SETMINIMIZEDMETRICS takes effect immediately. That's because SPI_SETMINIMIZEDMETRICS updates the internal state variables, whereas whacking the registry just change a value in a database that nobody pays attention to once you've logged on.

    What about the height? That's just the height of a caption bar, which you can adjust from the Appearance tab of the Display control panel. (Programmatically, you can use that helpful SystemParametersInfo function, this time using the iCaptionHeight member of the NONCLIENTMETRICS structure.)

  • The Old New Thing

    Nearly 20 percent of daily smokers say they exercise three or more times a week


    Several months ago, The Seattle Times ran a story on people who smoke and also work out. In the article, personal trainer Will Baldyga compares it to other dissonant behavior such as pigging out on ice cream after a workout. I have to admit that on rare occasions, I lapse into such behavior ("justifying" bad eating habits with exercise), but on the whole, I manage to keep myself honest.

  • The Old New Thing

    Is the maximum size of the environment 32K or 64K?


    There appears to be some confusion over whether the maximum size of the environment is 32K or 64K. Which is it?


    The limit is 32,767 Unicode characters, which equals 65,534 bytes. Call it 32K or 64K as you wish, but make sure you include the units in your statement if it isn't clear from context.

  • The Old New Thing

    Retail companies allegedly not collecting personal information as aggressively


    Several months ago, The Washington Post reported that retail companies were no longer collecting personal information as aggressively. The poster child for this sort of thing was RadioShack, which demanded your name and address even if you just stopped in to buy a pack of AA batteries. I didn't shop there often, and when I did, I merely refused to give them any information about myself. At the store near Microsoft main campus, after going through this exercise, the cashier eventually entered my name as "Cash" and out came the receipt:

    James Cash
    123 Main St
    Redmond, WA 98052

    Thank You, James Cash, for shopping at RadioShack

    I enjoyed telling this story, and to my surprise, one day I got a piece of email from James Cash himself! (As it turns out, one of my friends actually knew James Cash.)

    The story is even funnier: For years, my pet peeve was the way that RadioShack wanted my address - and I refused to give it. There was quite a scene a couple of times, with a salesclerk begging me to give it, and me refusing. Once or twice I had to walk out of the store rather than give the info. However, one time I had a roommate who also didn't want to give out his name and address. His solution? To give my name and address! So that is how my name wound up at that RadioShack...
  • The Old New Thing

    Things I've written that have amused other people, Episode 2


    In our internal blogging discussion mailing list, somebody asked, "How do you guys manage your blogs? I mean stuff like revising old posts, managing links, categories, etc."

    My reply:

    What specific sort of "management" activities are you trying to do? Typically, once you post an entry that's the end of it. You don't manage a blog so much as keep feeding it.

    For some reason, people got a kick out of that last sentence.

    (Episode 1.)

  • The Old New Thing

    How do you use the bike rack on a Metro bus?


    While it's true that I often ride the bus and often ride my bicycle, I do not often ride my bicycle onto a bus. This means that I forget how it's done and have to refresh my memory. Fortunately, Arlington Transit uses the same bike rack design as we do here in Metro King County, so I can refer to their detailed pictures instead of our diagrams which leave a bit to be desired.

    It's not that hard, really. There are instructions on the rack itself for most of the steps. You squeeze the handle where it says "pull here", lower the rack, place the front tire where it says "front tire", the back tire where it says "back tire", and put the support arm into place.

    Two details are omitted from the instruction on the rack: First, if you're the first bicycle on the rack, use the slot furthest away from the bus. And second, how do you use that support arm?

    I'm always baffled by the support arm. It won't fit over the tire! Oh, wait, because it's on a spring. You have to pull outwards in order extend the clamp. Then it will fit over your tire, and then you let it retract and hold the tire in place.

    Metro has other tips on how to prepare your bicycle and the protocol to follow with the bus driver. One bus driver mentioned that the rack was designed by "some guy in Bellevue, or maybe Kirkland". Following up on this information led me to bike rack trivia: The racks are manufactured by Sportworks in the nearby town of Woodinville. Here's the Sportworks version of the story.

    (And another Metro Transit tip: If you want a series of options clustered around a particular time, you can use the commuter trip planner, handy if you don't know exactly what time you will be returning. There's also the point to point schedule maker if you want a custom bus schedule between two stops. And no discussion of Metro Transit planning tools is complete without a plug for Bus Monster.)

  • The Old New Thing

    Security: Don't forget to initialize the stuff you don't care about


    Lost in excitement of privilege escalation vulnerabilities is the simple information disclosure through missing garbage initialization. Everybody should by now be familiar with the use of the SecureZeroMemory function to ensure that buffers that used to contain sensitive information are erased, but you also have to zero out buffers before you write their contents to another location. Consider, for example, the following binary format:

    struct FILEHEADER {
        DWORD dwMagic;
        DWORD dwVersion;
        WCHAR wszComment[256];
        DWORD cbData;
        // followed by cbData bytes of data

    Code that writes out one of these files might go like this:

    BOOL SaveToFile(HANDLE hFile, LPCWSTR pszComment,
                    DWORD cbData, const BYTE *pbData)
      DWORD cbWritten;
      FILEHEADER fh;
      fh.dwMagic = FILE_MAGICNUMBER;
      fh.dwVersion = FILE_CURRENTVERSION;
      fh.cbData = cbData;
      return SUCCEEDED(StringCchCopyW(
                 fh.wszComment, 256, pszComment)) &&
             WriteFile(hFile, &fh, sizeof(fh), &cbWritten, NULL) &&
             cbWritten == sizeof(fh) &&
             WriteFile(hFile, pbData, cbData, &cbWritten, NULL) &&
             cbWritten == cbData;

    Do you see the security bug?

    If the comment is shorter than 255 characters, then the bytes after the terminating null consist of uninitialized stack garbage. That stack garbage might contain interesting information that you didn't intend to leak into the file. Sure, it won't contain information that you already recognized as highly-sensitive, such as passwords, but it still might contain information that, while less sensitive, still would be valuable to somebody looking for it. For example, depending on where the compiler decided to put local variables, you might leak an account name into those unused bytes.

    I'm told that one company's networking software from a long time ago had a bug just like this one. They used a very advanced "change password" algorithm, the details of which are not important. The design was that only heavily encrypted data was transmitted on the wire. That way, somebody who sat on the network and captured packets wouldn't see anything of value. Except that they had a bug in their client: When it sent the encrypted password to the server, it forgot to null out the unused bytes in the "change password" packet. And in those unused bytes were, you guessed it, a copy of the password in plain text.

Page 4 of 4 (39 items) 1234