The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts
You know you're in trouble when your channel loses to dead air
When Australian Channel Seven aired a blank screen for 41 minutes [indirect report], you'd think its competition would pick up some viewers. But it didn't. But the glitch did not result in a ratings boost for public broadcaster SBS, with figures showing viewers preferred Seven's blank screen. To Seven's astonishment more than 900,000 viewers stayed tuned to the network after screens went blank 38 minutes into the nail-biting episode. "Around a million Australians hung in there for us and we thank them for their commitment," Seven Sydney spokesman Simon Francis said last night. (The Chaser, Australia...
Beware of redirected folders, too
Earlier, we learned about roaming user profiles, wherein the master copy of the user's profile is kept on a central server (which for the purpose of discussion I will call the "profile server") and is copied around to follow the user as she logs onto computers throughout an organization. In the comments, many people said that what they really want is for the files to be stored in a central location without any copying. That is what redirected folders gives you. Redirected folders are a way for a domain administrator to specify that selected folders in the user profile (for example, the Desktop, the Start menu,...
You can't even trust the identity of the calling executable
A while back, I demonstrated that you can't trust the return address. What's more, you can't even trust the identity of the calling executable. I've seen requests from people who say, "I want to check whether I'm being called from MYAPP.EXE. I'm going to make a security decision based on the result." Although you can do this, all it does is give you more rope. Even if you are convinced that you're being called from the expected application, you aren't any safer. An attacker can inject code into that process (say, via a global hook) and you will foolishly trust it. In the same way that you shouldn't trust who y...
Mysterious things Steve Yi has eaten
I read with some fascination Steven Yi's Mysterious Things I Have Eaten, since I have had four out of five of them myself. And I love the little story he tells about sea cucumber. Kimchee, like lutefisk and surströmming, most likely comes from the days before refrigeration. The acid produced by fermentation preserves (what's left of) the food. Oh, and if you're keeping score:
The pornography of food
On the Media picks up on the Harper's Magazine article Debbie Does Salad and chats with Frederick Kaufman, the article's author, on the curious similarity between the way cooking shows and pornographic films present their subject matter. Cooking shows target the 18–35 male, even though these people are unlikely to be cooks themselves. They just tune in to watch.
Be careful when interpreting security descriptors across machine boundaries
While it's true the function can be used to check whether a particular security descriptor grants access to a token, you need to be aware of where that security descriptor came from. If the security descriptor came from another machine (for example, if you got it by calling and passing the path to a file on a network share), calling the function on your machine may give different results from the remote machine. In other words, it is possible for the function to indicate that you have access, when in fact you don't. How can that be? For one thing, there are many SIDs that are machine-relative. If the remote...
The per-class window styles and things really are per-class
Earlier, I discussed which window style bits belong to whom. One detail of this that I neglected to emphasize is that since the lower 16 bits of the window style are defined by the class, you can't just take styles from one class and apply them to another. For example, you can't create a button control and pass the style expecting to have the text rendered with end ellipses. Because when you think you're passing , you're really passing : The button control sees your 0x00004000L and treats it as . Remember that at the end of the day, window styles and window messages are just numbers. If you use a per-clas...
The military marriage of convenience
The marriage of convenience is alive and well, not that is really a surprise to anybody. I found interesting this story on how some young members of the US military are getting married for purely economic reasons. By getting married, he would get a housing stipend and permission to move off-base. And as his legal wife, she would get health coverage and a cut of his extra money.
"I attack the kobold wearing the headdress made of human ears"
If you dare, spend eleven minutes of your life watching the most painfully compelling mockumentary on the lives of two basement fantasy role playing gamers. (via Chris Williams.)