Or, How to Make Your Audience Feel Old in Ten Easy PowerPoint Slides.
A couple days ago at work the dev team and some management had a long meeting with some Longhorn evangelists from MS. The evangelists' job is basically to get other companies to write software for Longhorn to be ready for launch. It's the equivalent of, say, Sony going to video game companies to get them to write launch titles for the next PlayStation.
This isn't a Longhorn post though, it's a historical post. At the beginning of the presentation, the first evangelical speaker went through a "ten years ago" section. He listed the goals MS had ten years ago with Windows 95. The biggies were run on affordable hardware (meaning 386s), run Win16 and DOS programs, and the ultimate goal, "A PC on every desk".
Now, aside form thinking "damn I'm old, I remember all that", I got to thinking that was a pretty remarkable feat to get a Win32 OS, with memory protection (even if it was only for 32 bit code), device drivers, VxDs, DOS compatibility, long filenames on FAT, and so on and so on... get all that running on a 386 machine that had less RAM than your current hard drive's cache.
My first PC was a P120 with 24 MB and man did Win 95 fly on that thing.
I've been sitting on this release for quite a while because I haven't wanted to update the SearchBar article to describe the new features. I've gotten burned out on writing, as evidenced by the 8 months since my last article[^]
I just remembered that I have this blog thingy and I can put up pre-release stuff for anyone who wants to see the new features and happens to read this.
The big new feature is a signature manager. I know there are already a few of those, however AFAICT they all require you to have VC 7.x installed because they use a DLL that comes with VC. Since I don't use VC 7 (I actually installed it at home a couple weeks ago [but that's for another entry]) and since I'm a native code guy, I wanted to have a normal C++ signature tool.
The good news is that I use an XML file in the same format as the existing sig managers, so if you use another one, you can import your sigs into the SearchBar.
With the recent Ad Banner SnafuTM I thought I'd do a little historical post.
Some time ago (a couple years at least), a lot more HTML was allowed in posts, including script. Some people used this to do neat sigs, like David Wulff with the anger/humor/sincerity scales. But of course, some a-holes always have to ruin it for everyone and exploit it.
That's what happened here. Someone made an account and put some script in the signature. The script changed the properties of the ad banners to point to their own banners, which were (naturally) for some adult chat site. When you viewed one of their posts, the HTML in the sig was parsed and the script ran, which switched the banners.
After that happened, Chris tightened up the restrictions on what tags are allowed in posts.
It's 2 AM and due to this stupid cold, I can't sleep. Since I've been stuck at home the past couple of days, I've gotten some time to play one of my all-time favorite games (thanks to MAME): Block Out[^], a Tetris-style game viewed from overhead. It's intensely challenging once you get to level 15 or so. Of course, being sick has dulled my 3D spatial recognition skillz a bit...
The first was Most Recently Used List in a Combobox[^] and to give you an idea of how old it is, the screen shot shows that I had Win 98 installed into "C:\chicago". ("Chicago" was the MS codename for Windows 95 and I often installed the OS into "C:\chicago" for testing; putting the OS in a directory with a name different from the default is a good thing to do when you're in QA.)
I haven't read the article... I don't want to see how bad my writing style was back then.
It was a running joke. A while ago (on the order of years) there was a Lounge thread about The MSDN Show[^] (now The .Net Show) and Erica Wiechers, who is on the show for a couple of segments. Being guys, we naturally started talking about her good looks. (This was back when Lounge traffic was much less than it is now, so the thread hung around for a while.)
The next month, when the new show came out, I posted a screen cap of Erica, again so we could talk about her good looks. Some else did it the following month, and then I had an idea. Some people keep a "sighist", a history of their funny or witty signatures. So I made the Ericahist, a history of Erica's outfits from various shows.
As for blogs, I started with Raymond Chen's[^] (which was great at the beginning, he talked about historical stuff in OS development; still good now because he doesn't talk about much .NET stuff, which is refreshing), then gradually found other MS bloggers that were interesting. Here's an OPML file of my current reading list (not all the blogs are very active).
Other good blogs are Eric Lippert[^], Larry Osterman[^], and Sara Ford[^]
(Before you ask, Erica does not have a blog AFAIK; Robert Hess posts occasionally on the .NET Show blog[^] though.)
BTW, I use SharpReader as my aggregator. I went through a couple of others but didn't like them, finally I tried SharpReader and it fits my needs well enough. I'm too lazy to keep going and find That One Perfect Aggregator.
There are two schools of thought. The MS view is that they trust installers to never mess up someone's system so the exact correct versions of all DLLs will always be present; as a result you can always link to the CRT DLLs and get several benefits, most notably less physical memory usage due to the DLL being shared among processes, and fewer heaps in each process.
My view, as a programmer in the real world (not MS's world where they control everything) is that people's systems (especially 9x) get munged by bad installers or other accidents. If someone has a wrong/missing/corrupted DLL, it can cause my app to crash or misbehave, and guess who gets blamed for that? Me, not MS. Guess who loses sales because of it? Me, not MS.
Therefore I always use the static LIB version of the CRT in every one of my apps. If I lose any sales due to bugs, I can at least say it was my fault, not the system's.
I was listening to the news on the radio whilst driving home tonight, and the girl reading the news did a list of "this day in history" items. One of them was in 1992, the Rodney King riots started.
I almost drove off the road when I realized that was twelve years ago. I can remember it like yesterday, I was on campus at UCLA working in one of the computer labs when I first heard about the riots starting. The following days were pretty bad and the air smelled like smoke due to all the idiots setting stuff on fire.
In short, if the cursor is over something that implements the accessibility interface then you can read its name and value properties using an accessibility API, AccessibleObjectFromPoint(). Try out the sample code in the entry, it's neat.
Note: I've copied this post here from its original location[^] to give it (hopefully) better visibility.Buffer overruns are possible because on x86 there are not separate categories of "readable memory" and "executable memory". If a block of memory has one permission, it has the other. They also work because a thread's local variables and return addresses are in the same area of memory, its stack.
Here's a typical stack with the default size of 1 MB, after one function call. Note how the stack grows down from high addresses towards low addresses.
| | | 40AE |
^ top of stack
That indicates that when the current function returns, control resumes at address 0x40AE. Now after a few calls, the stack will have a few layers of that:
Now lets say the current function declares a char array as its only local variable. That array is denoted by asterisks:
| <unused>|<vars> |<retaddr>| ...
| |**********| 4E33 |
^ top of stack
If the function blindly strcpy's an input string (from say, the network) into that buffer, without checking the length of the source string, it will write past the end of the array, over the return address. The copied bytes are denoted by $:
| <unused>|<vars> |<retaddr>|
| |$$$$$$$$$$$$$$$$$$$$$$$ ...
^ top of stack
All a hacker has to do is figure out what to use as the $$$ to change the overwritten return address to be an address within the $$$ itself. Since the $$$ is the malicious data, the hacker has control over it.
0 7AE1 100000
| <unused>|<vars> |<retaddr>| |
| |$$$$$$$$$$| 7AE1 $$$$$$$$$$$$$ ... |
^ top of stack
When the function returns, the thread reads its return value, which has been changed to point to within the $$$. Now the hacker has made the thread execute memory that he planted in the stack. If that thread happens to be running in a powerful account (like Admin or Local Service), bingo, your box is 0wn3d.