The Old New Thing

Environment variable expansion occurs when the command is read

On the command line (and in batch files), environment variable expansion occurs when the command is read. This sounds obvious at first, but it has its own consequences. In the online documentation for , one such consequence is spelled out: would never display the message, since the in both "" statements is substituted when the first "" ...

Raymond's excursions into East Asian pop music, episode 2: China Dolls (中國娃娃)

The wife of one of my colleagues took a trip through the Far East as part of her work. One of the things she did was buy a bunch of music CDs from the various countries she visited. But not just any CDs. To decide which ones to get, she used a very scientific method that didn't require knowing how to read or speak the local language: She would...

Who says there's only one? There can be more than one logon session

An extension of the "What if two programs did this?" thought experiment is the "Who says there's only one?" question. A common question I see is, "From a service, how do I do X with the currently logged-on user?" (Where "X" can be a variety of things such as interact with them or impersonate them.) But who says that there's only one? With ...

[6] days since last monorail breakdown

It's soon going to come to the point where this is no longer news. The Seattle monorail broke down again, just six days since the previous breakdown, which was in turn just two days after operations resumed. I think they need to put up a big sign at the Monorail station at Seattle Center that reads 6 days since last breakdown. Well...

Sucking the exception pointers out of a stack trace

Often, you find yourself staring at a stack trace for a caught exception and want to see the original exception. (You too can get symbols for operating system binaries, either by using the symbol server to get the symbols on-demand or, if you have a gigabyte of disk space, you can download symbol packages to get them all at one go. Even ...

Applications and DLLs don't have privileges; users do

I can't believe you people are actually asking for backdoors. If an end user can do it, then so can a bad guy. In response to the requirement that all drivers on 64-bit Windows be signed, one commenter suggested adding a backdoor that permits unsigned drivers, using some "obscure registry key". Before somebody can jump up and shouts "...

Don't trust the return address, no really

In the discussion of how to prevent non-"trusted" DLLs from using private OS resources, more than one person suggested having the or function behave differently depending on who the caller is. But we already saw that you can't trust the return address and that you definitely shouldn't use the return address to make a security decision (...

Computer monitors float, screen upwards

Oceanographer Curtis Ebbesmeyer made another appearance on my local public radio station. Among the ocean garbage trivia is the fact that computer monitors float screen upwards (timecode 4:00). Other fascinating facts...