The Old New Thing

When people mimic the display rather than the actual data

I recall a bug that we were investigating that was being caused by a registry key being set when it shouldn't have been. But when you looked at the key in Regedit, it say "(value not set)". Why were we going down the "value is set" branch? A little spelunking with the debugger revealed the reason directly: Whoever set up that registry key ...

Automatic messages when you're not in the office – the infamous OOF

"OOF" is a word you hear a lot at Microsoft. KC Lemson gave the etymology a while back (though my recollection is that it stood for "Out of Office Feature", not that my memory is good for much nowadays). Incidentally, KC is profiled on the Microsoft Careers site, though she goes under the top-secret code name "KC" there. Most people set ...

Solutions that don't actually solve anything

If changing a setting requires administrator privileges in the first place, then any behavior that results cannot be considered a security hole because in order to alter the setting, attackers must already have gained administrative privileges on the machine, at which point you've already lost the game. If attackers have administrative ...

Why doesn't Ethan Hunt have to wear identification?

Whenever there was a scene in Mission: Impossible III that took place at the agency offices, I was repeatedly bothered by the fact that all the people in the building are wearing their identification badges clipped to their jackets or shirts. Except Ethan Hunt. He gets to walk through the halls like a cologne advertisement. Why doesn't he ...

Subtle ways your innocent program can be Internet-facing

Last time, we left off with a promise to discuss ways your program can be Internet-facing without your even realizing it, and probably the most common place for this is the command line. Thanks to CIFS, files can be shared across the Internet and accessed via UNC notation. This means that anybody can set up a CIFS server and create files like...

Seattle boating season opens but never closes

This past weekend was Opening Day of the Seattle boating season. This tends to create traffic chaos in the Montlake neighborhood, which leads to confusing newspaper headlines like Opening Day closure. I remember many years ago asking a boat-owning colleague, "So, when does boating season close?" "Oh, it doesn't close." "Then why do they ...

What can I do with the HINSTANCE returned by the ShellExecute function?

As we saw earlier, in 16-bit Windows, the identified a program. The Win32 kernel is a complete redesign from the 16-bit kernel, introducing such concepts as "kernel objects" and "security descriptors". In particular 16-bit Windows didn't have "process IDs"; the instance handle served that purpose. That is why the and functions returned an...

On the bogusness of reporting the winning word in a spelling bee

Whenever the United States media report on a spelling bee (typically, the Scripps National Spelling Bee, the best-known spelling bee in the country), they always report on the "winning word". But the winning word is a bogus metric because the winning word in real life tends to be comparatively easy. It's the penultimate word that is the hard ...

Doing quick arithmetic from the command prompt

The command processor comes with a mini-calculator that can perform simple arithmetic on 32-bit signed integers: Note that we had to quote the shift operator since it would otherwise be misinterpreted as a "redirect stdout and append" operator. For more information, type at the command prompt...