The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts
Raymond's excursions into East Asian pop music, episode 2: China Dolls (中國娃娃)
The wife of one of my colleagues took a trip through the Far East as part of her work. One of the things she did was buy a bunch of music CDs from the various countries she visited. But not just any CDs. To decide which ones to get, she used a very scientific method that didn't require knowing how to read or speak the local language: She would go into a music store and just observe the teenage girls as they did their shopping. Based on this sampling, she would buy the CDs that appeared to be the most popular. One of the CDs she loaned me is of a Thai pop duo called China Dolls (中國娃娃)...
Who says there's only one? There can be more than one logon session
An extension of the "What if two programs did this?" thought experiment is the "Who says there's only one?" question. A common question I see is, "From a service, how do I do X with the currently logged-on user?" (Where "X" can be a variety of things such as interact with them or impersonate them.) But who says that there's only one? With the introduction of Fast User Switching in Windows XP, the possibility for multiple logged-on users exists even in consumer scenarios. You might say, "Well, I mean that among all the users that are logged on, I want the one that's using the computer right now." Except tha...
[6] days since last monorail breakdown
It's soon going to come to the point where this is no longer news. The Seattle monorail broke down again, just six days since the previous breakdown, which was in turn just two days after operations resumed. I think they need to put up a big sign at the Monorail station at Seattle Center that reads 6 days since last breakdown. Well, except that today it would read "2".
Sucking the exception pointers out of a stack trace
Often, you find yourself staring at a stack trace for a caught exception and want to see the original exception. (You too can get symbols for operating system binaries, either by using the symbol server to get the symbols on-demand or, if you have a gigabyte of disk space, you can download symbol packages to get them all at one go. Even if you go for the symbol package, you still need the symbol server, since it gets updated with symbols for binaries that have been updated since the most recent service pack.) Here, we caught an exception in the . What was the exception? Well, an exception filter receives ...
We encourage everyone to pack gel-filled bras in their checked baggage
My thanks to the Annals of Improbable Research for pointing out this recommendation from the TSA. I don't own a gel-filled bra, so I'll have to do some extra shopping before my next plane trip.
Applications and DLLs don't have privileges; users do
I can't believe you people are actually asking for backdoors. If an end user can do it, then so can a bad guy. In response to the requirement that all drivers on 64-bit Windows be signed, one commenter suggested adding a backdoor that permits unsigned drivers, using some "obscure registry key". Before somebody can jump up and shouts "security through obscurity!", the commenter adds this parenthetical: "(that no application has privileges to do by default)". What does that parenthetical mean? How do you protect a registry key from an application? And if applications don't have privileges to modify a key, then...
A modest proposal: On allowing mobile phones on airplanes
Ever since the FAA decided to reconsider its ban on the use of cellular phones on airplanes during flight, there has been quite a reaction over whether this is a good thing. To resolve this issue, I present this modest proposal. Remember back in the days when smoking was permitted on airplanes? When you bought a ticket, you were asked whether you wanted to be in the smoking or non-smoking section. We can do the same thing with mobile phones. You can ask to be seated in the "yapping" or "non-yapping" section. If you're in the yapping section, then yap all you want. Call your grandmother and talk with her the ...
Don't trust the return address, no really
In the discussion of how to prevent non-"trusted" DLLs from using private OS resources, more than one person suggested having the or function behave differently depending on who the caller is. But we already saw that you can't trust the return address and that you definitely shouldn't use the return address to make a security decision (which is what these people are proposing). All attackers have to do is find some other "trusted" code to do their dirty work. For example, the function internally calls to locate the appropriate string bundle. Therefore, if attackers want to get a string resource from a "t...
Computer monitors float, screen upwards
Oceanographer Curtis Ebbesmeyer made another appearance on my local public radio station. Among the ocean garbage trivia is the fact that computer monitors float screen upwards (timecode 4:00). Other fascinating facts: