XP/Vista IGMP Buffer Overflow — Explained

HalvarFlake writes "With all the hoopla about the remotely exploitable, kernel-level buffer overflow discussed in today's security bulletin MS08-0001, what is the actual bug that triggers this? The bulletin doesn't give all that much information. This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that causes the overflow: A mistake in the calculation of the required size in a dynamic allocation."

well gee

[sentientbrendan]

>This comparison yields the actual code that causes the overflow:
>A mistake in the calculation of the required size in a dynamic allocation

I hope no one else makes this mistake.

Re:well gee

A good reason for avoiding buffer overflows

Re:well gee

[nizo]

It worked so well for Office 2003, perhaps Microsoft could create a patch that would keep the OS from opening insecure packets from other vendors and their older products?

Re:well gee

the explanation in the SWF is erraneous: if 65535 elements were present, a 8byte sized heap would be allocated, not a 0byte sized one.
It's "lea eax, ds:8[eax*4]" not "lea eax, ds:[eax*4]"

Haven'y you guys figured out

that M$ is a bunch of NIGGERS?!?!

Nigger Nigger Nigger

Re:Haven'y you guys figured out

Ron Paul, is that you?

Re:Haven'y you guys figured out

No that was Romney, you can not get any more racist than being both a politician AND a mormon.

tools used

does anyone know where i can find some "reduced cost editions" of the software used?

Sounds like HowStuffWorks material!

[Ai+Olor-Wile]

Hooray! Windows vulnerabilities are so commonplace now that there are public educational documentaries about their life-cycles and internals, so that the people can stay informed. Brilliant!

Re:Sounds like HowStuffWorks material!

[primadd]

In case you dont know Halvar Flake, he is a master at reverse engeneering and recently gave a talk at bluehat
short audio clip with halvar explaining how he analyzes ms patches for differences

-- bookmark me

Re:Sounds like HowStuffWorks material!

[jo42]

how he analyzes ms patches for differences You mean it is something other than disassemble pre, disassemble post, diff?

Mebbe I should become one of these masters...

Re:Sounds like HowStuffWorks material!

[EvanED]

"You mean it is something other than disassemble pre, disassemble post, diff?"

There's a little bit of actually understanding the diff in there too. That's sort of the hard part.

It's just a mistake!

[EmbeddedJanitor]

OMG! I thought it might be a bug, but thankfully it's just a mistake!

It's a fucking advert

It's a fucking advert

Dang it all.

[palegray.net]

Darn pesky kids and their fancy buffer overflows. I outta HEAP on the insults, but I'll try to stick to my PROGRAM of keeping my smoke STACK cool.

Re:Dang it all.

You're PUSHing it. One more pun and I'll POP you in the mouth.

Re:Dang it all.

[Crzysdrs]

Are you attempting to insult swordfight?

I've got a little TIP for you, get the POINT?

Re:Dang it all.

[AndGodSed]

Oh Touche sir!

Re:Dang it all.

I've been PEEKing into this thread, and I think I'd better get out before I get a POKE in the eye. (Now I'm showing my age ...)

Re:Dang it all.

[rdavidson3]

WORD

Re:Dang it all.

Good Lord, how lame professor!!!!

Re:Dang it all.

[mvdwege]

Well, let's SHIFT the conversation away to a different topic then.

Mart

Re:Dang it all.

[jetpack]

If this joke runs much longer, I will be forced to REGISTER a complaint.

Re:Dang it all.

[rant64]

xor ax,ax
mov [volume],ax

Why Windows 95 and NT 4 are enough

Why upgrade?

I don't plan to upgrade from Windows 95, NT 3.51, and NT 4 on the desktop. With network booting, Windows 95/NT do everything I need for user workstations. Of course, I run OpenBSD on the server. Modern graphical user interfaces are mess. Even modern versions of X are very bloated. And don't get me started on mainstream window managers.

Microsoft should go back to Windows 95's user interface. Combine it with NT and add a good command line shell with SFU. That would be perfect for end users. Windows 95 is actually very stable. I've had no problems supporting it for many desktops with network booting - as long as I don't install IE 5.5 and it's new Explorer.

Microsoft should go back to fast, light user interfaces like Windows 95. Windows 95 was the best consumer operating system in 1995 (I like Apple, but Macs still had cooperative multitasking though OS 9.)

To all IT admins: Just put all users on Windows 95. Office 97 has all the features you need. Anything else can be accessed through NCSA TELNET, SecureSHell, or even vnc.

Re:Why Windows 95 and NT 4 are enough

[RuBLed]

To all IT admins: If you're planning on following this, please do note that you need to ban all knife sharpeners at the workplace plus I heard home depot just got this new shipment of these thick fiberglass cubicle walls...

Re:Why Windows 95 and NT 4 are enough

[Trogre]

*blink*

Re:Why Windows 95 and NT 4 are enough

> I don't plan to upgrade from Windows 95, NT 3.51, and NT 4 on the desktop. With network booting, Windows 95/NT do everything I need for user workstations.

(Not the original AC.)

"Bluto's right. Psychotic, but absolutely right."
- Otter, Animal House

OK, so Win9x wasn't a real OS. It had no security model. That was its unfixable weakness (instability), but that was also part of its salvation.

No network-aware services listening out of the box? No remote-unattended exploits!

And when/if something broke due to the instability - even something as bad as "registry corrupted - don't even fantasize about getting your GUI back", you just booted to DOS, extracted a "good" version of the reigstry from the last five copies in .cab files in C:\WINDOWS\SYSBCKUP, typed a few "ATTRIB" commands (i.e. chmodded it to be writable) and overwrote the "bad" user.dat and system.dat with ones that worked.

The 9x UI wasn't any better/worse than XP or Vista. How many of us took one look at XP's Fisher-Price interface and immediately "downgraded" it to the Win2K look?

Boot speed? My last gaming rig was a Pentium IV, 2.4 GHz, running at 3.2 GHz, 512MB RAM and a 120GB drive, and the fucking thing went from power-on to full-GUI-running-and-no-hard-drive-activity in 15 seconds. There were configuration files you could edit to support 1GB and (by replacing/patching WINDOWS\SYSTEM\IOSUBSYS\ESDI_506.PDR) hard drives over 128GB.

Once upon a time, Linux wasn't ready for the desktop. During those years, Win9x rocked. Crappy multi-user OS? Guilty as charged. Useless for a server? Absolutely. But as a single user OS/program-loader, it was hard to beat. DRM? Product activation? What's that?

Re:Why Windows 95 and NT 4 are enough

What a stupid story. You are stupid for telling it.

Re:Why Windows 95 and NT 4 are enough

[PCeye]

Obligatory "Office Space" Quotes...

Tom Smykowski: It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.

Michael Bolton: That's the worst idea I've ever heard in my life, Tom.

Samir: Yes, this is horrible, this idea.

Re:Why Windows 95 and NT 4 are enough

[Gription]

There is a real point to his argument. It also happens to be the real flaw in his argument...

The only real reason to "upgrade" something is if you need something more. For business, need should be defined as something that will do a business function that will make money, replace labor, acquire additional business related information of value, etc... It has to do something you truly need. If all you any business need for is a computer that runs a word processor then he has a genuine point. It assumes that there is no other piece of software that serves a valid business need that anyone else might need.

A number of pieces of software have been written that require a later OS that fulfill a number of very valuable ($$$) tasks. Also Win 95 is only stable if you have hardware with extremely good drivers under it, a limited number of processes/programs on top of it, and your continuous up-time requirements are somewhat limited. This makes 95 a long way from being the one-size-fits-all solution. (I have one Win 95B station at my desk just to do drive data recovery and to do a few file tasks that XP doesn't want to let you do...)

Using that same logic there isn't a valid reason for almost anyone to use Vista instead of XP. Plus there is the "Business downside" of the end users having to relearn how to use computers that they already knew how to use.

Vista's big offerings are two fold:
- One is what I call the "raccoon" factor. Give people something bright and shiny and their eyes will roll back in their head as they start to murmur, "Gimme, gimme, gimme..." as you can hear the words, "It is new!" echoing softly in the background. This offers them nothing that is real but it does drive people amazingly hard. Look at the number of people that paid $100+ premiums to have an iPhone in the first week of release. A month later no one including themselves remember that they got their phone early and it certainly didn't pay any dividend for the expense but they will do it again: They are raccoons!
- Two, Vista includes huge DRM underpinnings. After XP was released Bill Gates publicly stated they the next version of Windows wouldn't be an OS but instead it would be a Digital Rights Management Platform. This does nothing for us but does plenty for Mickeysoft and the big media companies. I notice they aren't mentioning that fact any more either!

Basically Microsoft wrote a new OS for themselves instead of us and they made it really visually flashy so the raccoon in all of us will want to roll our eyes back in our head and buy it. The fact that they forgot to put anything we actually need in it has made its adoption really tank. The only real reason they have sold any volume of it is that you almost can't buy a computer without it. To help the process along Microsoft has pushed for new hardware that doesn't have XP driver support and you will start to see programming tools with limited or missing XP support.

We are coming up to a point where we are looking at a future where we could lose control of what is on our own computers! Vista is already trying to decide if you should be able to access your own files that are already on your computer! Take this fact and combine it with the whole limitations being rammed down our throat with HDTV and we are looking at being consumers that are buying things that we have no control over. A computer could easily act as a HDTV 'VCR' because that is an amazingly simple function but we have been forced to buy into a system where that isn't allowed. The only HDTV VCR like devices are subscription ($$) based!

You are being quietly guided into a world where you will tithe endlessly to corporations for simple things that in the past you could buy once and be done with. MS has tried to make the OS subscription based. (tithe) Limited number of play media files are subscription based. (tithe) Buying a cell with an MP3 player in it that you will just replace in a year or two is ano

Re:Why Windows 95 and NT 4 are enough

[headLITE]

Windows 95 was the best consumer operating system in 1995 (I like Apple, but Macs still had cooperative multitasking though OS 9.) Hmm, personally I liked TOS better back then. It had preemptive Multitasking... but Atari didn't sell any computers anymore ;-)

Re:Why Windows 95 and NT 4 are enough

[Bert64]

I would have to disagree, AmigaOS was the best consumer level OS in 1995, it satisfied all the criteria you mention. Small, reasonable command line, fast/light ui, full multitasking, and the OS itself was very stable (but, like win9x and macosx could be taken down by an errant program).

However, i would never recommend such an OS to IT admins, an OS with no user separation is a terrible idea in a managed multiuser environment. You want to make sure users can't mess with other users or the system itself.

Re:Why Windows 95 and NT 4 are enough

[Bert64]

Are you sure? I always thought TOS was co-operative like MacOS of the day... That was one of the things that sold me on an Amiga instead.

Re:Why Windows 95 and NT 4 are enough

You do, of course, have the option of not subscribing and living without these so called "needs." Rather than blaming the media companies for wanting more control of their product, I'm more inclined to blame the modern consumer for having redefined needs from food, water, and shelter to food, water, shelter, and my favorite TV shows and music. If they're being sold with a license that you don't want to agree to, then you are perfectly free to look for alternatives that aren't as restrictive. If people want to dish out more and more of their money for a less and less valuable product, then more power to them. The only true protest against this trend is to turn to more agreeable alternatives - not whining and still dishing out the money anyway.

Re:Why Windows 95 and NT 4 are enough

[argiedot]

Try Athene, I used it on an old machine and it was super fast. The only problem was with the cursor not being properly drawn, though that didn't show up on another machine. Just make sure that you run it by itself, outside an xserver. Inside an xserver there seems to be no point to it.

Disclaimer: I don't work for Rocklyte, blahblah

Re:Why Windows 95 and NT 4 are enough

[Nursie]

"(I have one Win 95B station at my desk just to do drive data recovery and to do a few file tasks that XP doesn't want to let you do...)
"

Why?
Seriously, what can it do that XP can't? I'm interested.

File tasks are usually (IMHO) much better donw under Linux, which doesn't try to stop you doing anything.

Re:Why Windows 95 and NT 4 are enough

[peragrin]

I don't know about him but the workstations at my work run either win 95 or if your lucky win 98se.

Why because with the NT line MSFT broke a lot of other companies networking protocols. So we wouldn't be able to connect to the server, which stores all files and applications.(The win95 machines being not much more than dumb terminals). Windows XP won't work as said server company never made a proper upgrade path for such a configuration. Linux might, but I would need an old school netware guru, and someone with enough knowledge of linux to configure netware inside linux but also Dosbox. As all the applications are Dos based. when this setup was first deployed Linux was at 0.9 something.

Then you have to figure out how to sell it to a computer illiterate cheapskate boss.

Re:Why Windows 95 and NT 4 are enough

[justthinkit]

I believe the Windows 95/98 backup program is different than the one in XP. A friend of mine had his machine crash with key contents lost. He emailed me his backup files but I couldn't restore them despite some effort -- XP could not restore 9x backups. Idiotic I know but what I ran up against.

Re:Why Windows 95 and NT 4 are enough

"(I have one Win 95B station at my desk just to do drive data recovery and to do a few file tasks that XP doesn't want to let you do...)
"

Why?
Seriously, what can it do that XP can't? I'm interested.

Well, there is a Windows 3.1 computer in my lab. Yes, Windows 3.1, not 3.11, not Windows for Workgroups. It is used to control an old & expensive scientific instrument that still works very well. The control software only runs on Windows 3.1.

Of course, you could buy a new instrument which will be controlled by a modern PC, but the old one works just fine.

Re:Why Windows 95 and NT 4 are enough

[kaoshin]

Some games don't support or in some cases won't even install with >= DX6. I've also had the odd occasion where a win9x box would have been "convenient" since I would not have had to run it under the confines of a VM.

Re:Why Windows 95 and NT 4 are enough

[Gription]

The big thing is that XP does some automatic things whenever you hit a file system. When doing recovery work I mostly use my 95B system in DOS. (Safemode command prompt only) (I do use an XP system for certain tasks when doing recover. It just depends on what is needed.)

A simple example of Windows stupidity is if you copy a *.lnk file (shortcut) it will look into the file to see where it is pointing to and can alter it. I will use the example of recovering things from a "D" drive to the "C" drive. The contents of the shortcut points to "C:\Program Files\Example\example.exe". That program exists on the "D" drive but not on the "C" drive in your recovery computer. If you copy it in Windows it will look at the contents of the file, see that it doesn't exist on "C", see that it does exist on the source drive, and then alter the copy of the shortcut to point to "D:\Program Files\Example\example.exe".

Their are a number of directories that you can't touch either. Things like the Windows\Fonts directory for example. The desktop.ini makes it so Windows alters your access to to it. 95B is good for looking at drives that have been rootkitted too. The last little bit is I have a number of very low level DOS utilities to get straight to the HD that won't run under an NT based OS.

Re:Why Windows 95 and NT 4 are enough

[Nursie]

I shall now go through the replies to my post, one by one, and judge if they are worthy uses of win95. You First!

Right, I know sod all about netware, and you still have apps that need the system. Seems a good reason to keep it around to me!

The OP mentioned file ops that I was wondering about, but your situation warrants hanging on to 95 as long as is practical.

Re:Why Windows 95 and NT 4 are enough

[Nursie]

That sucks. When I want a disk image for a backup I boot into linux and run dd if=/dev/diskIwanttobackup of=./filetostoreitin and voila, several minutes later I get a complete image.

Restoring is as easy as dd of=/dev/diskIwanttobackup if=./filetostoreitin

OTOH I recognise I'm unusual in backing up whole disks like that. And it does suck that MS broke back compat in their restore software.

Re:Why Windows 95 and NT 4 are enough

[Nursie]

That's a hell of an annoyance. You too seem to have a good reason for keeping 95 about. Shame it's a necessity.

I'd say "try wine, or maybe DOSBox, on Linux", but I've no idea what their older DX support is like. DOSBox on a later windows *might* work.

Re:Why Windows 95 and NT 4 are enough

[Nursie]

OK, this is the post my original comment was aimed at. A linux LiveCD (like Ubuntu installation media) or a linux machine will do this stuff *very* well indeed. It'll give you full access to FAT or NTFS drives, allow you to copy what you like, up to and including full drive images*.

There's no issue with windows systems that may be rooted or infected because the stuff just won't run. What do your low level DOS utils do?

I must mention here, too, that a lot of the tools provided in Linux are intuitive and easy to use. "gparted" is a godsend.

*(which is easy BTW, dd if=/dev/disktocopy of=./imagefile, restore by switching if and of)

(if you're happy using Win95, it's good with me, just felt like getting in a bit of Linux advocacy seeing as I'm using it loads for disk and filesystem stuf at the moment)

Re:Why Windows 95 and NT 4 are enough

[Nursie]

You, sir, have aperfectly valid reason for using Whatever system the control software runs on. I was more curious about somebody wanting 95 around for file operations when Linux was a very good (and more stable and modern) alternative.

Re:Why Windows 95 and NT 4 are enough

[PitaBred]

If you're backing up a disk (especially a bigger hard disk or something), use the bs argument. bs=1M can really speed up hard drive imaging.

Re:Why Windows 95 and NT 4 are enough

Mr. Coward, what you just said... is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.

Re:Why Windows 95 and NT 4 are enough

[DigitAl56K]

No network-aware services listening out of the box? No remote-unattended exploits! Oh! You must have got the Windows 95 special edition without netbios running wide open to the world by default, the ICMP kernel-mode vulnerabilites, the out of band data exploit, and others.

Or perhaps you've been styling it up with the rose-tinted spectacles lately?

Re:Why Windows 95 and NT 4 are enough

[Shakrai]

If you're backing up a disk (especially a bigger hard disk or something), use the bs argument. bs=1M can really speed up hard drive imaging.

I thought it was faster to have the block size set to the HD sector size or some multiple thereof? I've always done bs=4096 for stuff like this.

I just did two tests on my system. One with bs=4096 and the other bs=1048576. Copied 1 GiB of /dev/zero to a file. Block size 4096 finished in 21.6055 seconds, with a transfer rate of 49.7 MB/s. The larger block size finished in 23.9442 seconds, with a transfer rate of 44.8 MB/s. Admittedly, this probably isn't a scientific test -- could anybody shed some light on which way is generally more efficient?

Re:Why Windows 95 and NT 4 are enough

[Shakrai]

Oh! You must have got the Windows 95 special edition without netbios running wide open to the world by default, the ICMP kernel-mode vulnerabilites, the out of band data exploit, and others.

I was going to say, anybody that claims 9x had no remote exploits has selective memory at best. I can't help but remember the teardrop attack. Hell, back in my script kiddie mudding days, we used to bluescreen Windows 95 users all the time. Usually right in the middle of a PvP battle. Boy did they get pissed off ;) By the time they rebooted the battle was over and their corpse had been stripped of anything valuable. Yeah, those were the days ;)

Hell, for the longest time, I used an old program called Trumpet Winsock instead of the stock Winsock that shipped with 95. Trumpet was an old 16 bit program but it was mostly compatible with programs running on 95 and it was largely immune to all of the exploits of the day directed at Windows. Plus it had a packet sniffing feature at a time when utilities like Wireshark didn't exist. I learned a lot about various internet protocols thanks to this.

Of course, at least all of the exploits aimed at 95 were just DoS attacks. BSOD and reboot. Contrast it to XP, which allows script kiddies to root the box and make it part of a botnet. I'm not aware of any remotely exploitable services in 9x that allowed that and even if they had the network stack was so unstable that the box would have crashed before too long ;)

Slashvertisment

[Phlegethon_River]

Yep, the submitter's email is from the company that stands to gain from more hits to this video (the ad at the end of the video).

Re:Slashvertisment

[QuantumG]

so? He did something (some) people consider cool.. why shouldn't he stand to gain from telling people about it?

Slashvertisment used to mean that you were claiming Slashdot was taking money to advertise something as a story. You seem to be using it to refer to anyone who submits their own website to Slashdot. Attention whore? Yes. Slashvertisment? No.

Re:Slashvertisment

[Phlegethon_River]

We're going off-topic and meta, but I will respond: True, slashvertisment usually meant when Slashdot was (thought to be) making money, but I am here using the term as when someone not only submits a story about themselves, but includes an Ad for the product they sell in the video they link to. That is it.

I guess I should have said "clever marketing submission"

Let's get the preliminary stuff out of the way...

[The+Master+Control+P]

Lol MS sux0rz! ph34r my 1337 h4x!1one

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

#include "fucktard_troll.h"

Now that that's done with, I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level? The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP). Why shouldn't those four combinations be handled by hardware, so we can leave the computer to run the applications? We already do this with 3d rendering, why not networking?

GRAMMAR ERROR! it's, NOT its!

Yes, I'm correcting myself. I know that I made an error. I should have typed "its" instead of it's." The former is the possessive form. I know better than this. :(

How about http://blogs.technet.com/swi/

[PerfectSmurf]

Or you could read about it on the Security Vunerability Research and Defense blog at http://blogs.technet.com/swi/

Re:Let's get the preliminary stuff out of the way.

I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level? The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP). Why shouldn't those four combinations be handled by hardware, so we can leave the computer to run the applications? We already do this with 3d rendering, why not networking?

Do you have any idea how many millions of ethernet cards have been sold? Are they all going to be made obsolete?

These days CPUs are so fast that the minor overhead of a network driver is negligible, unless you're going to ultra-fast speeds (some high-performance network cards do offload this to hardware).

However, you still could have buffer overflows in the network drivers/firmware.

Windows is open-sores software

[Junior+J.+Junior+III]

This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that

See? And they said without FOSS, this couldn't be done!

Re:Windows is open-sores software

[totally+bogus+dude]

The difference is that if it was FOSS, they'd be able to see the comment saying "// this doesn't match the specs but it worked for me in the test I did, so the specs must be wrong."

Re:Windows is open-sores software

[mystik]

The difference is that this is legally questionable. I'm pretty sure the license forbids reverse compilation and disassembly like this ....

With FOSS, you know exactly what your rights are.

Re:Windows is open-sores software

[kevmatic]

Oh, sure, because traversing dozens of lines of "Mov EAX,$4B456E5" and whatever is comparable looking at original source code. Disassembling is a pretty poor for this sort of thing; you really need to start with it narrowed down, like this guy did by diffing it. Most of the time you'll be looking at whole executables if you want to do something like this..

Also, though its educational purposes are undeniable and it certainly is interesting to say the least, what good is it? It can only be used to make one or two minor changes or a single bugfix after hours of work. Even then its a license violation.

There's lots of good reasons to have close source software, but saying that something like this invalidates one of OSS's biggest advantages is incorrect, regardless of your closed/open leanings.

Re:Windows is open-sores software

[Junior+J.+Junior+III]

Geez, I can't believe how many people took my grandparent post seriously, like I was actually advocating that you can audit the source code of closed-source software for security holes by decompiling it. Well, I mean, you could, but it'd be fairly ridiculous.

Re:Windows is open-sores software

[Hal_Porter]

I dunno about that. That assumes the original programmer knew the code was incomplete. Most of the time code has sat around for ages and been looked at by hundreds of people without anyone thinking about a situation where it would fail. Admittedly it's a lot easier to fix code if you have the source code, but it doesn't make it any easier to spot bugs. Whover said "many eyeballs make all bugs shallow" has never worked for a company with thousands of developers building real time systems. Maybe it's true of Perl scripts and the like.

Re:Windows is open-sores software

[WNight]

While FOSS is nice because nobody is lying about what your rights are, in reality, there is no valid law that would forbid you from reverse engineering.

When you buy Windows or a computer with Windows, at a retail store, there's no license attached to it. What looks like a sale is. Sales can *NOT* be encumbered by post-sale contracts. Therefore, Windows, which is sold, isn't licensed.

There's only a license if you're negotiating a volume license with MS directly. In that case they could ask for your first-born, NDAs, etc... good reason to not deal with them directly.

Re:Windows is open-sores software

[Anonymous+Brave+Guy]

Please don't write posts like this if you're not going to back them up with reliable sources. Your personal views on the validity of EULAs in whatever jurisdiction you are in don't really count for much if the courts don't agree with you, and in any case are unlikely to be applicable universally.

Re:Windows is open-sores software

[m50d]

How do you think attackers are finding those holes?

Re:Windows is open-sores software

[Sloppy]

Please don't write posts like this if you're not going to back them up with reliable sources.

Where's your source, which shows retail customers binding themselves to additional terms after the "sale?" A claim that seemingly-purchased items are not actually purchased, is a radical claim that defies common sense. That doesn't mean it's a wrong claim, but it does defy centuries of tradition and law. If someone says that commerce in software works completely different than all other commerce (including that of other "IP products" such as books/music/movies), and that it works differently in spite of the fact that no legislation has been passed that would make it so, then that person needs to "back it up."

Whether it's right or wrong, the view that EULAs are not binding, is the "normal" and orthodox view. Go ask any random non-computer-dork (i.e. people who haven't been indoctrinated by the software industry) on the street, if an anonymous cash purchase from a retail seller, causes the buyer to get into a contract with some third party (?!) without the buyer's knowledge or consent. The only reason that anybody would even suspect that EULAs are binding, is that software vendors have claimed it.

But you're probably right that it's not universal. Maybe, somewhere, there really is a country that passed a law that makes software a special case.

Re:Windows is open-sores software

[Anonymous+Brave+Guy]

I considered not replying to your post, since you're doing exactly the same as the other guy and attempting proof by intimidation. You also seem to be attacking me for a position you have invented and then assumed I hold, despite my post not even hinting at any position on this particular subject. However, if you do care what the law actually says and where it is untested, even obvious places like the "EULA" entry on Wikipedia or a Google search for "eula validity case law" immediately turn up numerous sources that show the picture isn't clear.

By way of summary, your "if it looks like a sale then it's a sale and you can't change it later" argument ignores several potentially relevant factors, such as copyright law that might apply at the time of installation, whether the existence of any EULA has been disclosed prior to the sale, and whether such a user has indicated acceptance of such an agreement during the installation process. You have a strange idea of what the average guy in the street thinks, too, I suggest, but since you've given no evidence whatsoever to support your claim it's hard to dispute it.

As for software being a special case, for a start, it has special provisions in several EU laws, which immediately makes it likely that every country in the EU has or will have corresponding special treatments. This is noted, among other places, in the UK government's consultation document to follow up the Gowers review, which was just published.

Re:Windows is open-sores software

[slcdb]

In the USA at least, you are correct about your "sale" argument. The UCC governs retail sales and EULAs between the manufacturer and the end-user are not part of the contract for sale between a retailer and a customer. Therefore EULAs cannot purport to change the transaction from a "sale" into a "license" just because they say so.

However, your are incorrect about the EULAs not being binding. There is a line of cases (starting with ProCD v. Zeidenberg) where EULAs have been found to be legally binding contracts. However, they appear to only be legally binding if you voluntarily assent to the terms of the EULA. What happens to your right to use software that you own if you reject the terms of the EULA is still, unfortunately, unclear in the United States.

I encourage you to visit my blog if you are interested in this topic. I think most people, even seasoned techies and geeks, don't fully understand the involved concepts (contracts, copyrights, etc) and don't realize that the software industry has been pulling the wool over end-users' eyes for decades. I'd like to see this change.

Re:Windows is open-sores software

[WNight]

No, he was attempting proof by precedent. This is law, that's how it works.

Retail sales do not bind people to post-sale contracts. Every so often some lobby group claims that their product is different. In the early 1900s it was book publishers. They were specifically ruled against with the 'doctrine of first sale'. The courts specifically stated that the seller loses all rights to the item they sell. First sale

It's illegal to sell a product, knowing that you intend to render it inoperative, or not allow it to work. Fraud, etc. Software makers obviously intended their product to be used, and as such, had to implicitly agree to having it used, despite the fact that ephemeral copies were made.

Nevertheless, against all reason, lobbyists insisted that running a program involved making unauthorized duplication of the program and thus running software, whoever owned that copy, still required a license.

So copyright law was amended, yet again, to specifically allow what was already obvious.

So, twice lobbyists have tried to use copyright to control use or resale of their products. Twice they've been shot down, with explicit laws banning those practices.

So yeah, to me it looks like Microsoft, Adobe, etc, are just trying to trick of lying and hoping nobody checks.

The producer cedes all rights, you own your copy, and have the legal right to duplicate it as necessary to use it.

What in there requires a contract/license? Nothing.

Further, because EULAs are a contract under duress (you must 'agree' to use the software you bought) they aren't binding, even if they offer additional consideration and go beyond offering simple access to the software.

Please offer some evidence that EULAs are binding. Enron made a lot of claims, Microsoft makes a lot of claims...

Re:Windows is open-sores software

[slcdb]

Sources? On Slashdot? I think not. Especially not reliable ones.

In any case, I'll speak up in his defense because, in the USA at least, he's right-on about sales. When you purchase an item at retail, you form a contract with the retailer. The manufacturer of the product has no standing to add or modify terms of the contract for sale. In the case of software, if you buy it from a retailer, you own it. The software publisher can't, after the sale, claim that it wasn't really a sale but actually just a license.

This is especially true if the EULA says things like, "This is a contract between you and XYZ Software Corporation", "This EULA constitutes the entire contract between you and XYZ Software Corporation", and "This contract is governed by the state of California, even though you bought this software in Arizona". You'll find these types of terms in just about any EULA. All of these things quite concretely show that the EULA is NOT part of the contract for sale, but a separate contract.

In the USA, if you voluntarily agree to this second contract, it may become legally binding upon you. But there is a valid argument that the software company has no right to force you to agree to an EULA before you may use software that you rightfully own.

Re:Windows is open-sores software

[slcdb]

Well put. I believe the vast majority of computer users, even the savvy ones, don't understand this at all. Which is why the software industry still gets away with enclosing purported "license agreements" in every box of software they sell.

Unfortunately, the majority of US courts haven't yet realized the "duress" part of your argument, even though it naturally follows when software is sold, not licensed. As a result, the majority opinion in the US is that if you agree to an EULA, it becomes binding upon you. The courts so far have viewed clicking the "I Agree" button as being voluntary, instead of as being under duress, which it actually is.

This all started because of ProCD v. Zeidenberg. The problem with that case was that the defendant obviously was acting in bad faith and doing obvious harm to the software publisher. In order to come to a conclusion that the court felt was just, they had to form the law this way (that EULAs are binding). Unfortunately, it set a very bad precedent.

Re:Windows is open-sores software

[Anonymous+Brave+Guy]

I believe the vast majority of computer users, even the savvy ones, don't understand this at all.

That may be true, but in case that was intended as a criticism of my judgement and/or level of knowledge, for the record I both work in the software business and have been actively involved in a recent government review of copyright in the UK, amongst other relevant experience. A major part of that review involved comparison with current policy in various other countries, incidentally.

Unfortunately, the majority of US courts haven't yet realized the "duress" part of your argument, even though it naturally follows when software is sold, not licensed. As a result, the majority opinion in the US is that if you agree to an EULA, it becomes binding upon you. The courts so far have viewed clicking the "I Agree" button as being voluntary, instead of as being under duress, which it actually is.

With respect, until the people decide that you are a higher legal authority than the statute books and the courts, the above is just your opinion, and like the other guys arguing with me, your opinion does not outrank the law.

Re:Windows is open-sores software

[slcdb]

With all due respect, my comment about most users not understanding these issues was not directed at anyone in particular.

Also, no one who does understand these issues could, with a straight face, say that the law is clear in this area. I don't know about other jurisdictions, but at least in the US it is not at all clear. In other words, the law hasn't been created yet. Sure the statutes are there, but until they are fully interpreted by the courts, the complete law just doesn't exist.

Furthermore, in the US courts issue opinions. Obviously their opinions carry more weight that a Slashdot post, but they are still just opinions. So there's no harm in people forming, and expressing their own (especially when the courts haven't fully expressed their own opinions yet).

Re:Windows is open-sores software

[WNight]

Exactly, ProCD is largely unrelated to the real issue of EULAs, but is unfortunately seen as a precedent.

Can you point any cases where EULAs were supported despite the argument that the action was under duress? I wonder if you'd have more luck suing the company for intentionally failing to provide a working product than in getting out of the EULA after the fact?

Re:Windows is open-sores software

[Anonymous+Brave+Guy]

Also, no one who does understand these issues could, with a straight face, say that the law is clear in this area. I don't know about other jurisdictions, but at least in the US it is not at all clear.

Indeed. Unfortunately, WNight's original post that I criticised was rather more black and white than that. That was the only point I was making.

Re:Windows is open-sores software

[slcdb]

Can you point any cases where EULAs were supported despite the argument that the action was under duress?

I have never heard of any case where such an argument was raised. I would expect a court's acceptance or rejection of such an argument to depend on the particulars of the case (e.g. was the defendant caught with his hand in the cookie jar, and now he's trying to worm his way out?)

In some ways, I respect the ProCD verdict because the result in that particular case seems just. But it is difficult to concede that consumers can be forced to enter into a contract in order to exercise their ownership rights. I don't see how that can ever be considered "voluntary". It's definitely a point of contention.

Also, it still leaves open the question of what happens if you reject the EULA? Do you need to return the software? Or should you still be allowed to use it? If the courts have decided that software is usually sold (I think the majority has), then as the owner of the software you should have the right to use it regardless of whether you agree to the EULA or not.

I wonder if you'd have more luck suing the company for intentionally failing to provide a working product than in getting out of the EULA after the fact?

Perhaps. This all may have turned out better if the defendant in ProCD hadn't been such a bad defendant. If an end-user was suing a software publisher for providing a defective product, or for interfering with the end-users' ownership rights, I think the courts would be more sympathetic to the end-user.

Another possible tactic might be to sue software companies for deceptive business practices. There's a line of cases where it was determined that software is sold, not licensed. But the software companies still claim that they are licensing the software, despite the court's finding to the contrary. Consumers should be able to take action, through the courts or FTC, arguing that these companies know the software is sold (the courts have told them so), but still claim otherwise in an attempt to mislead consumers.

I wish the EFF would take on such a case.

Re:Windows is open-sores software

[WNight]

Ditto on the EFF...

I dislike the ProCD case because it brought "justice" despite the law. Justice wasn't. For all the the defendant knew about the intended restrictions, ProCD by my reckoning knew they didn't have the right to enforce those restrictions. Rather than handing the case to them the judge should have told them to stop selling through retail if they didn't like the way it works. To throw a bone to one party the judge overturned centuries of precedent in sales and contracts.

The issue of having to return software if you don't like the EULA seems even fishier than EULAs in general. Software companies are suggesting that they get to sell products via retail with hidden restrictions, and if I don't like those restrictions the onus is on me to drive back to the store at my own expense and trade the product for one with different hidden restrictions?

If I ran a retail store I'd be in trouble if I sold products but in the box instead was only a coupon for free delivery of the product, provided you jump through a few hoops and sign this contract here... I don't see how it's different just because it's software.

Thankfully, I think ProCD case is significantly anti-business that it shouldn't last. This isn't a law that just hurts the little guy - potentially any business that buys retail software is bound to a contract that their lawyers didn't read and management didn't accept? That sounds bogus. I imagine it'll finally fall over when the financial tables are turned and someone tries to uphold a EULA on IBM, Boeing, Shell Oil, etc.

Re:Windows is open-sores software

[WNight]

Here's a a EULA thread at Microsoft's forums.

Nothing new, but it's interesting to see the Microsoft employees and MVPs going from reciting elaborate justifications for EULAs to "It's not policy for MS employees to comment on legal matters" when their points were challenged.

Is it a crime to knowingly give false legal advice for your own direct profit? If you commit an illegal action unknowingly but then refuse to investigate the legality of that when challenged, is that seen as willful ignorance?

Microsoft employees were being shown the error of their ways, encouraged to investigate the related laws or consult with MS's legal staff and refute these claims, and they refused, continuing to push the EULA theory. Going so far as to directly tell a customer that running Vista in a VM is a violation.

Re:Windows is open-sores software

[slcdb]

That was definitely a very educational thread. MSFT's unwillingness to elaborate on their legal theories as to how EULAs are valid speaks volumes.

Re:Windows is open-sores software

[cnettel]

I would think that fuzz testing would be worthwhile. Take a valid packet or file and just randomize limited sets. Then, get crash dumps for those cases that fail.

A couple of people on Usenet are complaining that

[zonky]

win32time service is broken in their Active Directory enviroment post these updates. It is as yet unclear if they are related.

Re:Let's get the preliminary stuff out of the way.

[eht]

The cards won't be made obsolete, any more than 2d cards are made obsolete, a number of my machines have 2d only cards and they work fine for a large amount of the non gaming I do.

I don't think anyone advocates softmodems, so why do we tolerate mostly soft network cards.

Re:Let's get the preliminary stuff out of the way.

[RightSaidFred99]

Software is more flexible than hardware. We have plenty of hardware to do the work, and the parts that benefit from offloading (e.g. checksumming) are already offloaded. No point to adding new hardware.

Re:Let's get the preliminary stuff out of the way.

[themacks]

Even with a buffer overflow in the firmware of the card it would be much harder to exploit it for system access, the most you could do with it is control the network adapter (granted that is still a lot but much better than root). That is unless the application using the network card just blindly read in data without sanitizing it, in which case you are back to square one.

Re:Let's get the preliminary stuff out of the way.

[Arainach]

Because TCP and UDP headers aren't of fixed sizes and as such are incredibly difficult to handle in hardware. Hardware switching has been tried - ATM for instance - but it's not that simple. TCP/IP was designed as a software protocol, and it's an unfortunate reality that some protocols are easily handled in hardware and others are not.

IPv6 makes some steps towards having simpler hardware handling, but as long as IPv4 is still around, we won't see hardware switching become commonplace.

Re:Let's get the preliminary stuff out of the way.

[qbwiz]

That is unless the application using the network card just blindly read in data without sanitizing it, in which case you are back to square one.

Or unless it DMAs stuff over, right on top of the kernel...

Re:Let's get the preliminary stuff out of the way.

[4D6963]

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

I beg your pardon?? What is it you're suggesting with that respect exactly?

Best resume ever

[Noodly+Appendage]

In flash no less! Someone's about to leave somewhere for a lot more money.

Re:Best resume ever

Lol this is impressive? How exactly ? Even been to a crack site? Know how they come up with keygens/cracks/patches?? meh... its a waste on you...

Re:Let's get the preliminary stuff out of the way.

The problem is more fundamental then smarter network hardware, it's the CPU/Memory architecture. Long ago, there where computers that had dedicated hardware for memory content management. Two schemes were used: segment descriptors and memory tag bits. The segment hardware checked that addresses for the data structure fell inside the segment memory limits, and tag bit described memory contents (i.e. integer, float, pointer, etc). This was in the days when logic and memory was much more expensive then today. These design choices made the machines much more reliable.

Specifically I'm referring to Symbolics Lisp Machines and Burroughs stack machines, both of which had very low software failure rates. Even when a program crashed, the OS kept going. Note that both of these computers had all their main software written in high level languages that had automatic garbage collection that was integrated with the hardware memory support.

Unfortunately, the quest for performance eliminated these features. Realistically, without hardware support software will never be very reliable. (Even with better hardware there will still be problems, but the current situation will never be very good.) Now that logic and memory are cheap and reliability is a critical issue, we should be considering putting resources into these kind of reliability checks. What are we doing instead? Putting more cores on the die. Yeah, more multi-threading will make software even more reliable in the future.

Re:Let's get the preliminary stuff out of the way.

[The+Master+Control+P]

I'm so looking forward to reconfigurable hardware; that'll make the whole argument moot. The CPU as we know it will do nothing but setup reconfigurable logic units and direct data streams. You want hardware networking? Bam. Hardware complex math? Bam. Hardware neural net? Bam.

Re:Let's get the preliminary stuff out of the way.

Everyone should be forced to give up manual memory allocation regardless of the power it can afford. I wonder how you will program dynamic memory allocation without using manual memory allocation. ;)

Re:Let's get the preliminary stuff out of the way.

[guruevi]

TCP/IP offloading is already done on-chip by several network cards. Spend $10-$50 more on a network card and you would get it. Off course a lot of TCP/IP is still handled in the kernel of the OS just because it is too flexible to be done on-chip. Off course, if you need more performance along the lines of firewalling or traffic shaping, you could get an external appliance that handles it.

Re:Let's get the preliminary stuff out of the way

[Lisandro]

Because Ethernet is a physical component of the networking chain; protocols other than TCP or UDP can (and are!) be implemented.

Besides, networking is something that barely taxes CPU power on every processor made from the Intel Pentium days to this date, unlike 3D acceleration. There's little justification to loose the flexibility provided by running it in software to get a negligible CPU performance increase.

And yes, hardware can be buggy too. There's a shitload of issues with specific hardware that are addressed on their device drivers - again, easier to solve in software than to fix in hardware. Even CPUs suffer from this.

Re:Let's get the preliminary stuff out of the way.

[Lisandro]

I'm so looking forward to reconfigurable hardware; that'll make the whole argument moot. The CPU as we know it will do nothing but setup reconfigurable logic units and direct data streams. You want hardware networking? Bam. Hardware complex math? Bam. Hardware neural net? Bam.

Behold, the bright future!

Event ID 4226

[Xenographic]

Actually, there's one more comparison they've screwed up. Anyone who has installed the Event ID 4226 patch to increase the allowed number of half-open connections so their BitTorrent speeds don't suck ass just had that patch undone by this new version of TCPIP.SYS.

The only good thing is that, while the page hasn't been updated since 2006, the patch seems to work on the new TCPIP.SYS (I just tested it on my own machine).

I realize I'm sort of hijacking the first post, but given how many of us are probably downloading Linux ISOs right now, I figured it's important enough that people wouldn't mind a reminder... :-] Oh, and I'll add one more detail not mentioned here. According to F-Secure, there haven't been any exploits for this found in the wild--yet.

Re:Event ID 4226

lvllord's Event ID 4226 patch did not work on my new tcpip.sys.

Windows Server 2003 64 bit (AMD64) tcpip.sys, v5.2.3790.4179, crc32 7896D6DC.

The following byte changes will change the limit from 10 to 1000:

00000148: 65 87
00000149: 56 52
000B83CC: E8 0A
000B83CD: 03 00

New crc32 should be 6356686D.

Copy somewhere safe, edit, save, and copy to these three folders:
\WINDOWS\SYSTEM32\DRIVERS
\WINDOWS\SERVICEPACKFILES\AMD64
\WINDOWS\SYSTEM32\DLLCACHE

Do this as quickly as possible to avoid WFP (cancel if you get a prompt, WFP was acting silently for me). Check the modified date/time of the file after a couple of minutes to be sure WFP wasn't faster than you. Reboot. Smile.

Re:Event ID 4226

Byte changes listed as "offset: new_byte old_byte".

Re:Event ID 4226

[Jugalator]

There are a lot of misinformation spread on the lvllord patch though. The people using it often don't seem to have a good idea of what it actually does, and when it is actually mostly in effect. This should be mandatory reading before binary patching your system files...

Re:Event ID 4226

[Rupam]

But wont running to pathch overwrite TCPIP.SYS with version 5.1.2600.2892 again, bringing you back to a vulnerable stack??

Re:Event ID 4226

No. It's called a "patch" because it targets on specific spot in the file.

Re:Event ID 4226

"This should be mandatory reading before binary patching your system files"

Why? It has several errors and makes assumptions that are not always correct.

Re:Let's get the preliminary stuff out of the way.

[alexmin]

Because in the end an application is going to get a packet of arbitrary size from network stack and has to allocate buffer accordingly. This is nature of asynchronous communication.

you BINARY PATCH core OS code???

[r00t]

Woah...

Now, don't get me wrong. I think that's a really cool hack. I admire the effort.

Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

Re:you BINARY PATCH core OS code???

If Microsoft would actually do it for us we wouldn't have to.

And now with Vista, Microsoft decided to not load unsigned kernel drivers and refuses to fix stuff like this. The arrogance!

Re:you BINARY PATCH core OS code???

[Scoth]

While I don't necessarily disagree with you... feel free to release your patch to tcpip.c and give us a link to the updated source file as soon as you get a chance ;)

Sometimes, if a closed-source vendor isn't going to release an update/fix/tweak, the community has to do what they can to do it. Given what many people use Bittorrent for, I suspect getting a rootkit from this patch is the least of their worries. The rest of us will either just have to trust it, use BT on a non-Windows platform, or deal with the slower speeds.

This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from.

Re:you BINARY PATCH core OS code???

Don't feed the trolls.

Re:you BINARY PATCH core OS code???

[crosson]

Sounds like a good idea, but it would probably break the WGA system, and so MS would not allow updates/extras/operation.

Re:you BINARY PATCH core OS code???

[BronsCon]

And we'll write our own.

Re:you BINARY PATCH core OS code???

>> This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from.

Cool, so you take the "best" of both worlds! : a closed-source proprietary OS, which doesn't work anymore.

Re:you BINARY PATCH core OS code???

Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

I think the problem with this is that he's using the "Microsoft Windows" operating. This is made by a company called "Microsoft" and not only do most users not get the source code, but Microsoft also tries to block redistribution of fixed versions even though that's the only way to get rid if certain bugs (e.g. the WGA and DRM bugs which causes many problems to users of Windows)

If you don't know Microsoft Windows, it's kind of interesting theoretically (in some versions it was close to a micro-kernel and was the first operating system to use Unicode in the Kernel) but probably not something you want to bother with yourself. Early versions were sort of derived from CP/M via QDOS but later it was rewritten based on VMS. This gives you a theoretically powerful system, but one which is too complex for most of the people who try to use it and so they have interesting security problems. Windows doesn't come with much software by default and doesn't support yum, apt or even a ports system so most users end up installing binary softwares from unknown sources which just adds to the problem. Definitely not recommended even to play with unless you have tens of years of experience in system administration; but if you do, it can be an even more interesting challenge than trying to run entirely on plan 9.

Re:you BINARY PATCH core OS code???

[khanyisa]

This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from. Actually WINE and ReactOS both reimplement large sections of Windows in ways that can be used on native Windows too. ReactOS does so more because it reimplements the lower layer where WINE uses emulation - but even in WINE higher-level DLLs are implemented natively.
I wouldn't be surprised if you could use the ReactOS version of tcpip.sys on a real Windows (although you may discover some bugs :-))

Re:you BINARY PATCH core OS code???

> Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

"What the other AC said."

(I'm the guy that said the reason Win9x was restricted to 128GB hard drives was totally artificial, and by implication that if Microsoft had simply released a version of ESDI_506.PDR that supported over-128GB hard drives, we'd have been happy to use it. They didn't, so it got patched by hand. Closed source == planned obsolescence, and the only ways out are either (a) cheap hacks or (b) migrating to an open OS. Migrating wasn't an option for the Windows-based gaming rig in question.)

Another funny binary patch story -- the patch to get DOOM 3 and Quake 4 to run on Win9x is two bytes. Seems that only one function name (GlobalMemoryStatus / GlobalMemoryStatusEx) got changed. Replace "Ex" with NULs and the friggin' game runs just fine under 9x.

Re:you BINARY PATCH core OS code???

[Ed+Avis]

Yeah, the Wine guys were muttering about using their implementation of DirectX 10 on Windows XP, so gamers wouldn't have to upgrade to Vista to play the latest games. I don't know what became of that.

A 'Wine for Windows' or 'ReactOS for Windows' distribution replacing certain Windows DLLs with their free equivalents would be a fun toy and a useful way to get more testing for these two projects. I'd install it at once... uh, on a spare machine...

Re:you BINARY PATCH core OS code???

I wouldn't be surprised if you could use the ReactOS version of tcpip.sys on a real Windows (although you may discover some bugs :-)) You mean Windows' bugs, fixed in ReactOS, right?

Re:you BINARY PATCH core OS code???

This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from. What a great idea, let's call it GNU/NT!

Re:you BINARY PATCH core OS code???

[BigBlueOx]

... If you don't know Microsoft Windows, it's kind of interesting theoretically ...

Mr./Ms. AC, you need to get yerself whatcha call yer Slashdot account so as your comments don't get scored zero right offen the bat like.

That brilliant little piece of writing was so good it scores "I wish I'd written that" on the Oxen scale.

Re:you BINARY PATCH core OS code???

[HTH+NE1]

What a great idea, let's call it GNU/NT! I was thinking "deborgification" myself.

Re:you BINARY PATCH core OS code???

[TheLink]

Actually if the wine guys did release a decent DX10 for WinXP, it would make the other stuff easier for them.

Because it means more people would stick to XP and thus the "goal posts" won't move as often or as much.

If things go that way Microsoft might end up like a BIOS vendor :).

Re:you BINARY PATCH core OS code???

It might be a good idea in that it'll slow down adoption of Vista, but Microsoft will stop selling XP, so people will have to buy Vista if they want Windows after the cut-off date.

Re:you BINARY PATCH core OS code???

[internewt]

Another funny binary patch story -- the patch to get DOOM 3 and Quake 4 to run on Win9x is two bytes. Seems that only one function name (GlobalMemoryStatus / GlobalMemoryStatusEx) got changed. Replace "Ex" with NULs and the friggin' game runs just fine under 9x. Forcing an application to only run on certain platforms means you only have to support those platforms. id making those games non-9x could have been a business (or common sense!) decision to save the costs of supporting knackered old 9x boxes.... the way cruft used to build up and lead to stupid problems on 9x was shocking!

Re:you BINARY PATCH core OS code???

[robfoo]

I was thinking 'NT, Community/User edition', or 'Community/User NT'..

Re:you BINARY PATCH core OS code???

[sjames]

Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

Yes, they should, but that's not an available option for Windows system code. People who want/need system changes that are well maintainable in source code should go with a Free OS.

Meanwhile, given the uncertain quality of MS code and the way updates sometimes break things badly, a well tested 3rd party binary patch isn't likely to be even as dangerous as an official one from MS.

Re:Let's get the preliminary stuff out of the way.

[The+Master+Control+P]

I don't mean an FPGA, I mean something like a magnetologic array. Something that's both fast and quickly reconfigurable on the fly. Scientific American had a story in the August 2005 issue if you can find it.

Rootkit?

[Xenographic]

> Seriously though, WTF? That's a rootkit technique.

Rootkits use a lot of techniques that are also used by legitimate software. Yes, that patcher (and its patch) does get detected by a few anti-virus programs because worms, like torrents, benefit from being able to connect to more peers. It's not a virus in or of itself, though, plenty of people have checked it out.

> Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

I fully agree, but it's kinda hard to get the source for Microsoft programs. Last I heard, you had to be a big university, pay tons of money, sign NDAs, etc. Besides, this limitation wasn't an accident. It was a deliberate "feature" they put in because they thought it would slow down worms. They're not going to fix it just because people ask.

Re:Rootkit?

[hotdiggitydawg]

this limitation wasn't an accident. It was a deliberate "feature" they put in because they thought it would slow down worms. They're not going to fix it just because people ask. Ahh. So it's like giving a bell to a leper then?

Re:Let's get the preliminary stuff out of the way.

[kelnos]

Because TCP and UDP headers aren't of fixed sizes and as such are incredibly difficult to handle in hardware. UDP headers are always 8 bytes long. TCP headers are indeed not fixed-length, but will always be a multiple of 4 bytes, will always be at least 20 bytes, and there's a field in the first 20 bytes that tells how large the header is. All of this can certainly be interpreted by hardware, but, as usual, it's cheaper to do it in software.

Re:Let's get the preliminary stuff out of the way.

I beg your pardon?? What is it you're suggesting with that respect exactly? I think he's suggesting the .NET framework.

despair.com says it best

[dave55699]

"It could be that the purpose of your life is only to serve as a warning to others." http://despair.com/mis24x30prin.html

Wow! and I thought I was retro!

[killmofasta]

Wow! I thought I was retro with Windows 2000!
Turns out this patch MS08-0001 is Patch NUMBER 100! Yea! Yea! Yes!
Finally, the number of patches to Windows 2000 is in TRIPLE DIGITS!
( actually, for us, 2K users, there are two patches, KB941644 and KB943485 )
( I found the actual patch count from a Winternals System informataion program )
( WinTernals is my bestest friend! )

Since you can 'blind' Windows 2000 to look like vista, ( if you have the graphics hardware ),
or you can 'blind' Windows 2000 to look like Windows98, I have the best of both worlds.
but ALL MY PATCH COLLECTION CDs ARE NOW OUT OF DATE.

Actually, there is one feature I need that Office 97 doesnt have, and that is the ability to read Office 2007 excel files. So, its Win2k and Office 2k for me. ( btw, I am going to set up a DOS machine to play some old games... :)

Re:Wow! and I thought I was retro!

[VGPowerlord]

Might I recommend a virtual machine to play DOS games?

or the DOSBox emulator.

That way you don't have to figure out how to get sound working in DOS on anything made after 1997 or so.

Re:Wow! and I thought I was retro!

[killmofasta]

Wow! Thanks Good idea.
What are you recommendations w/ links?

Re:Wow! and I thought I was retro!

[Corporate+Troll]

You're lazy, aren't you? He gave the name of one product in his comment. A Google would have given you what you need. DOSBox

Now, I'll simply add: FreeDOS, which is really really really good. Better than any PC-DOS or MS-DOS I've ever used. Either run it native on an older machine, or dump it in a virtual machine. Oh, yes, I guess you want a link for that too: VMWare.

Re:Wow! and I thought I was retro!

You should know that Dosbox's built in version of DOS is based heavily on FreeDOS source code.

Re:Let's get the preliminary stuff out of the way.

[complete+loony]

Some ethernet hardware can offload a number of expensive yet common operations to be done in hardware. But it doesn't always work.

Re:Let's get the preliminary stuff out of the way.

[Hal_Porter]

That's not really fair. OSs now use virtual memory for protection. There are schemes to use canaries on the stack so that buffer overflows are guaranteed to cause a crash rather than an exploit - software can be updated over the net to fix the crashes. There is a move to VM based software like Java and .Net that uses garbage collection and can be statically verified before it is JITted to native code.

I don't really believe that segment based protection could ever have eliminated stack overflow exploits at an acceptable performance level. Look at the assembler for a function that uses stack variables - they are all allocated by a single subtract operation. If they were allocated individually as far pointers the OS would need to be called for each one. It would need to switch to kernel mode and modify the descriptor table and then return. Once the function was done the whole process would need to be repeated. Most C functions would run hundreds of times slower if this was the case.

The performance cost of VM based solutions is far lower and they can still be run on current PCs, not some radically new architecture which would probably spend most of short life emulating old code badly anyway. E.g if you look at Itanium it is far less radical than a stack based machine and yet it still failed because it had a relatively minor performance disadvantage on old binaries.

Re:Let's get the preliminary stuff out of the way.

[mr_mischief]

Most Ethernet cards aren't "mostly soft". The network stack is, well, a stack. The physical layer and link layer are usually handled by the card. The stuff above that might be handled in firmware or a driver, but I'd rather not have IPv4 shove onto my Ethernet card as the only option. Some cards have gone soft to cut costs, but mid to high end cards are all hard. High-end server cards often have IP acceleration built in, but leave other options open.

Yes, let's do just that...

[gillbates]

Because as we all know, manual memory allocation is hard to understand. Programmers shouldn't have to know basic math, right?

Why don't we just make a language that does it automatically, and then we won't have any problems like this? Right?!

Those of us who cut their teeth on assembly and C look at this and just wonder in wide amazement. A part of us wonders how anyone could be so negligent - but the other part knows how things work in proprietary software shops. (A hint - the management doesn't consider it a bug unless the customer notices it.) Yes, we've all done this before, but the solution isn't to create a language which dumbs down the programmer (Dude - you're writing directly to memory!!! You must be some kind of uber-hacker!!). Rather, there are steps you can take to virtually eliminate this kind of problem:

1. A different language isn't the solution (cue the Java trolls). The problem is that the programmer did not know how to correctly allocate the buffer, didn't bother to calculate the size needed, or was just plain sloppy. A sloppy C programmer makes an even sloppier Java programmer; if one can't be bothered to understand the details, they won't be saved by switching to another language.
2. People do make mistakes, and the field of software engineering knows this. Thats why we advocate things like Formal Technical Reviews - where other engineers review the code you've written. Even if the author of this abomination was fresh out of college and didn't know any better, a thorough review would have caught the mistake.
3. A good system test plan would have a.) known that such vulnerabilities are common, and b.) stress tested the code for this very situation. One thing I like to do in testing is to put values into fields that are one larger than what the program expects. Does it overflow? Does it crash? Does it correctly detect and properly handle the incorrect input? A good test program would have caught this bug even if the review had missed it.
4. There are automated tools which can find buffer overflows, uninitialized variables, and the like. Why weren't they used? Or, perhaps they were...
5. The most likely cause of this bug was not a sloppy programmer, or a bad choice of language (in fact, at this level, Java and C++ are pretty much out because of the performance issues.), but rather, a company that chose to forego the requisite design, review, and testing needed to produce a high quality product. Microsoft's customers have become so accustomed to buggy software that releasing a bug like this - and patching it later - is par for the course. From a business perspective, a buffer overflow is probably considered nothing more than a contingency that has to be dealt with eventually, that need not stop a product from shipping.

You know, there was a time when formal methods were taught, when programmers were expected to know how to properly allocate and release memory. When things like calculating the size of the buffer, applying basic math(!) and testing your own code were considered just a part of the programmer's job. Now we're hearing people blame languages for the faults of the programmer.

If I keep going, I suppose I'll start to sound like Bill Cosby. But consider this: the most reliable operating systems to date were built on C (UNIX) and assembly (MVS). If a bunch of old farts (well, perhaps they were young then...) can crank out correct, reliable, fast code without an IDE and a bunch of GUI tools, clearly the language is not to blame.

The old adage still applies: a poor workman blames his tools . Software engineering works, regardless of the implementation language. This isn't a failure of the language or the environment, but rather, failure to do software engineering right:

1. The programmer made the initial mistake, and
2. Then no review of the code was performed, or all of the reviewers missed it, and
3. No automated audit of the code was done, or

Re:Yes, let's do just that...

[WNight]

You are right, but if you have to calculate buffer size manually

buf_size = header_len + packetlen + sizelen + crclen + paddinglen
my_buf = malloc(buf_size) // barf if my_buf is null
memcpy(in_buf,my_buf,buf_size)

there's simply a lot more to code than in Ruby. While in theory you can make it as safe, in practice you've simply got 8+ times as much code, checking it for correctness takes a lot longer.

Similarly, in languages like Ruby you can iterate through a collection without loop variables, without writing yet another for loop.

C:

char foo[20] = "test string"
for (i=0;i [1105, 190, 1195, 1120, 1135, 166, 187, 163, 1168, 1183]

No buffer checking needed - if it fails to allocate it'll die cleanly at least. Or you can catch the exception and do whatever you want.

There's no need to write in C unless you need its features. There's just too much code, and with that code, more chance of errors - not to mention that it's harder code...

When testing a buffer, throwing something a bit longer at it is good. I tend to just copy a whole slashdot discussion or something else huge and try to paste it into every control I can. That catches the programmers who just allocate large static buffers.

Programmer: "You can't send back a 200k web request! That form only allowed 300 characters."
Me: "Yes, until I used the Firefox DOM viewer to change it - just like a hacker would. Verify your input!"

Re:Yes, let's do just that...

[WNight]

Pardon the other post - I forgot code with gt/lt symbols doesn't paste well...

You are right, but if you have to calculate buffer size manually

C:

buf_size = header_len + packetlen + sizelen + crclen + paddinglen
my_buf = malloc(buf_size)
if (null == my_buf) ... // barf if my_buf is null
memcpy(in_buf,my_buf,buf_size)


there's simply a lot more to code than in Ruby. While in theory you can make it as safe, in practice you've simply got 8+ times as much code, checking it for correctness takes a lot longer.

Similarly, in languages like Ruby you can iterate through a collection without loop variables, without writing yet another for loop.

C:

char foo[20] = "test string"
for (i=0;i < strlen(foo);i++) { ... foo[i] }


Ruby:

foo = "test string"
foo.each_character {|c| ... c }


This savings is exaggerated if you write more complex code:

a = []
10.times { a << (rand * 100).to_i }
puts a.collect {|n| n * 3 }.collect {|n| n = ('1' + n.to_s).to_i }.sort_by {|n| n % 5 }.inspect

prints: [1105, 190, 1195, 1120, 1135, 166, 187, 163, 1168, 1183]

No buffer checking needed - if it fails to allocate it'll die cleanly at least. Or you can catch the exception and do whatever you want.

There's no need to write in C unless you need its features. There's just too much code, and with that code, more chance of errors - not to mention that it's harder code...

When testing a buffer, throwing something a bit longer at it is good. I tend to just copy a whole slashdot discussion or something else huge and try to paste it into every control I can. That catches the programmers who just allocate large static buffers.

Programmer: "You can't send back a 200k web request! That form only allowed 300 characters."
Me: "Yes, until I used the Firefox DOM viewer to change it - just like a hacker would. Verify your input!"

Re:Yes, let's do just that...

But consider this: the most reliable operating systems to date were built on C (UNIX) and assembly (MVS).

Most reliable? How do you measure that? I've never seen a Lisp machine with a kernel panic, but I've seen Unix machines of all sorts die this way. The B5000 series was also famously rock-solid, and their OS was written in an ALGOL dialect (possibly helped by an ALGOL-58 compiler written over a summer for an earlier Burroughs computer by a student named Donald Knuth).

If you're using Unix as an example of what C can do, I'd say it's pretty good evidence that language *does* matter, and C fails.

From a business perspective, a buffer overflow is probably considered nothing more than a contingency that has to be dealt with eventually, that need not stop a product from shipping.

And it was probably the right decision. Look how many people paid good money for Windows XP (and then again with Vista). If people really didn't want poorly designed software, they wouldn't be buying it in such huge quantities.

Then again, as long as people think that C is an acceptable language to write large programs in, the bar is set pretty low to begin with.

Re:Yes, let's do just that...

You really need to learn about functions in C.

Re:Yes, let's do just that...

[goose-incarnated]

char foo[20] = "test string"
for (i=0;i < strlen(foo);i++) { ... foo[i] }

You really should not be programming in C.
Or, come to think of it, without supervision.

Re:Yes, let's do just that...

[Anonymous+Brave+Guy]

I was reading through your post and nodding, but then I realised that I just can't agree with your underlying argument. I think this is the part of your post that captures the essence of what I mean:

You know, there was a time when formal methods were taught, when programmers were expected to know how to properly allocate and release memory. When things like calculating the size of the buffer, applying basic math(!) and testing your own code were considered just a part of the programmer's job. Now we're hearing people blame languages for the faults of the programmer.

While this is all true, the problem with this argument is that it fails to account for no-one being perfect. If a certain type of error is known to have occurred a non-zero number of times, and other things being equal the models in a certain programming language make that type of error impossible, then that programming language is unambiguously safer than one that doesn't prevent the error. It might only prevent it once in a blue moon when a really great programmer is using it, and probably a few more times when someone who thinks they're a really great programmer is using it, but it still prevents errors. Pride comes before a fall, and choosing a programming language that it unnecessarily vulnerable to certain classes of programmer error because you believe you're too good to ever make them is like tying your own shoelaces together before running a marathon.

But consider this: the most reliable operating systems to date were built on C (UNIX) and assembly (MVS). If a bunch of old farts (well, perhaps they were young then...) can crank out correct, reliable, fast code without an IDE and a bunch of GUI tools, clearly the language is not to blame.

And if a bunch of old farts had cranked out correct, reliable, fast code in that way, I'd be impressed. Since this has almost never been achieved in the entire history of software development, however, this doesn't tell us much. These are, after all, the same old farts who brought us joys like the gets library function in C. (If you're Donald Knuth, I'll acknowledge that you're an exception on the correct, reliable, fast count, but we really need to talk about usability.)

Your answer to these ailments appears to work exclusively on a "cure" basis: use better processes so more people look at things, use better tools to pick up errors, etc. But prevention is better than cure. If you're using a programming language where the problem simply can't happen, you know the reviews and tools won't miss anything.

The old adage still applies: a poor workman blames his tools.

Perhaps. But a good workman knows his tools, and chooses the right one for the job.

While there certainly is an ethical issue at work here, the problem with buffer overflows can usually be avoided through purely technical means. In the context of a TCP/IP stack, I question whether it's really necessary to resort to known error-prone implementation technologies. We're not talking about an OS kernel or some ludicrously high performance mathematical algorithm, and any performance penalties associated with using a slightly safer language would surely be negligible.

(Incidentally, I work on high performance maths software, typically with fairly low level languages. We do use reviews and automated tools, and they tell me I don't personally make the kind of memory management error you're criticising, so I have no axe to grind here nor any particular bias towards high level languages when they're not appropriate.)

Re:Yes, let's do just that...

[hey!]

Because as we all know, manual memory allocation is hard to understand. Programmers shouldn't have to know basic math, right?

This is a fallacy. By that argument, number theory is simple because arithmetic is easy, and numerical errors in computations should not occur because the people doing them have mastered the atomic operations.

[motherhood and apple pie snipped]

The old adage still applies: a poor workman blames his tools

Because, in large part, poor workmen choose inappropriate tools.

It makes no sense to argue assuming a false dichotomy (e.g., "should we use a dynamically typed language with garbage collection, or should we do software engineering?"). The question is how to build robust systems most economically.

To that end, we have to ask two questions:
(1) Does making the programmer responsible for memory allocation lead to errors?
(2) Can taking the responsibility for routine memory allocation out of the programmer's hands create other issues?

The answers are, yes and yes. It all comes down to cost, schedule and results. It is true that there is no system written in Java, Python or Ruby that could not, theoretically, be written with the same or greater quality in C or assembler. It is also true that there are some systems which are written in C or assembler that would be much more difficult, if not impossible to write in Java, although as the years roll in these are fewer.

A few years back I was asked to look at an embedded system that was originally designed for the tracking of shipping containers. It used GPS and short bursts of sat phone comm to phone its position home. The client had an application which required that the positional data be secured from interception, ideally of course perfectly secured, but if the data could be protected for several hours that would be sufficient. It doesn't take much imagination to guess who the ultimate users of this would be and in what four letter country they wished to use it.

The systems in question were programmable, but there was less than 50K of program storage and about 16K of heap/stack RAM we could play with. We did not have the option of altering the hardware in any way other than loading new programming on. The client was pretty sure they weren't going to be able to do it because there wasn't enough space. My conclusion was that while creating a robust protocol given the redundancy of the messages was a challenge, the programing part would be quite feasible in C or assembler. Of course, if I had the option of adding something like a cryptographic java card to the system, the job of creating a robust protocol would have been greatly simplified.

And ultimately, that's what software engineering amounts to: finding ways to greatly simplify what are otherwise dauntingly complicated problems. Yes, it takes more mojo to do it in assembler, but mojo is a resource like any other. Engineering is getting the most done for the least expenditure of resources.

So the answer is that is good engineering to use Java or Python or Ruby where it simplifies your solution. It is good engineering to use C or assembler when they simplify your problem. It is bad engineering to choose a tool because using it proves you have large cojones.

Re:Yes, let's do just that...

[Just+Some+Guy]

Because as we all know, manual memory allocation is hard to understand.

For me, memory allocation is dead simple. It's knowing when to free it that's the bear. In trivial cases where malloc() and free() are in the same function, that's a piece of cake. In more involved cases where buffers are working their way through multi-threaded code and it's not immediately clear which function will be the last one to touch a buffer (and therefore responsible for freeing it), it's a freakin' nightmare.

I openly admit that I'm a flawed programmer. When everything's going well, I'm very, very good at what I do. Sometimes I'm not at 100%, though. Maybe the baby kept me up last night. Maybe I drank too much coffee and now I'm jittery. Maybe a deadline is hanging over my department's collective head. At those times, maybe I'm only at 95% of my potential.

It's at times like these when I'm really glad we use $garbage_collected_language and I can concentrate on what my code is supposed to do and not every little detail of how it's supposed to do it. It's a computer. Its job in life is to keep me from having to repeat the same mind-numbing steps over and over and over. Why not let it do what it's good at so that I can work on the parts of the problem that a human can do best?

Re:Yes, let's do just that...

[An+ominous+Cow+art]

But consider this: the most reliable operating systems to date were built on C (UNIX) and assembly (MVS). And BLISS (VMS).

Re:Yes, let's do just that...

You also have to make sure there are no bugs in the implementation of your code by the language. A newer language might have implementation problems and such, though this is a problem of any software regimen.

Re:Yes, let's do just that...

[WNight]

I thought that you'd notice the clues that it was psuedo-code, such as "... // barf if my_buf is null"

But why, specifically, is that code so bad?

Re:Yes, let's do just that...

[kad77]

Well here one reason: strlen() relies on the input data being zero terminated.

The code: char foo[20] = "test string" would not have provided that, so the result would have been unknown (probably a large int) and the loop would have performed unexpectedly.

Re:Yes, let's do just that...

[WNight]

Yeah, I forgot to calloc the string, or specifically null the last byte.

But that's my point. C has too many gotchas like that where the standard library is nearly unusable - scanf is bad, gets is bad, printf with user-controllable strings isn't safe, etc.

Same with C++. Use strings to avoid these problems, but which string library. Which smart pointers? Which resizable array, or associate array library?

Thankfully it's been too many years for me to be more specific.

Re:Yes, let's do just that...

[gillbates]

While technically you may be correct about the C standard, gcc does indeed provide zero padded arrays:

/*wingnut.c */

#include <stdio.h>

char stupid[32] = "infinite loop";

int main(){
int x;
for (x = 0; x < strlen(stupid); x++){
printf("%c", stupid[x]);
}
return 0;
}

A dump of the file produces this:

000090E0 69 6E 66 69 6E 69 74 65 20 6C 6F 6F 70 00 00 00 infinite loop...
000090F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

The interesting thing about this code is that it will work correctly until someone tries to port to a system with a different/older compiler which doesn't implicitly zeroize data sections.

Re:Yes, let's do just that...

[foxylad]

So you are arguing that the network stack (one of the most heavily used and hopefully highly optimised parts of the OS) should be written in Ruby?

No offence, but I'm glad you didn't write the OS I'm using...

Re:Yes, let's do just that...

char stupid[32] = "infinite loop";

Since you declared that at global scope, you can expect it to be zero-initialized. Perhaps better would be:
const char s[] = "asdf";
Then you could do:
for (int i = 0; i < sizeof(s)/sizeof(s[0]) - 1; ++i)
{ whatever reading s[i] }
The loop will iterate once each for 'a', 's', 'd', 'f'. Writing to a statically-sized buffer like the grandparent post has consistently proven to be a recipe for disaster.

Re:Yes, let's do just that...

Yeah, I forgot to calloc the string, or specifically null the last byte.

Don't need to. Try this.
const char s[] = "x";
assert(2 == sizeof(s) && 0 == s[1]);

But that's my point. C has too many gotchas like that where the standard library is nearly unusable - scanf is bad, gets is bad, printf with user-controllable strings isn't safe, etc.

The standard library has nothing to do with this. It's that strlen(compile-time constant string) is less than ideal.

Use sizeof(s)/sizeof(s[0]) - 1 instead.

Same with C++.

Now, now, don't bring the neighbors into this!

Use strings to avoid these problems, but which string library.

Easy, use std::string.

Which smart pointers?

Easy, use std::tr1::shared_ptr.

Which resizable array

Easy, use std::vector.

or associate array library?

Easy, use std::map (or possibly std::unordered_map).

Re:Yes, let's do just that...

[WNight]

You got me. I advocated the language for general use, so I must brush my teeth with it.

95% of most OSes could be written in Ruby* though, or Python, etc, without much of a slowdown. That'd give you a lot more resources to pour into making sure your network and filesystem code are solid.

* If by OS you mean GNU/Linux, or all of MS Windows. If you only mean the kernel it'd be less.

I'd probably write much of the part that needed to be C in a higher-level language first anyways. I could prototype my filesystem code long before optimizing it for speed. And having a reference implementation in an easy-to-debug language would make testing the C implementation easier.

Re:Yes, let's do just that...

[goose-incarnated]

Yeah, I forgot to calloc the string, or specifically null the last byte.

I get the idea that you still do not know what you are talking about.

But that's my point. C has too many gotchas like that where the standard library is nearly unusable - scanf is bad, gets is bad, printf with user-controllable strings isn't safe, etc.

Of course; you have to learn it first. Your code snippet that I quoted provided a very good reason for teaching programming via something that maps so well onto the hardware (such as C); if you had been taught C before getting to develop on $LANGUAGE-OF-CHOICE, you would appreciate $LANGUAGE-OF-CHOICE much more.

Same with C++. Use strings to avoid these problems, but which string library. Which smart pointers? Which resizable array, or associate array library?

As a professional programmer, you would have read the standards documents on the language you are using. If you haven't, do not go blaming the language for "gotcha's" when they are so clearly spelled out in the standards documents.

However I get the impression (correct me if I am wrong) that you do not actually read the standards (or specifications) documents for the language you want to use, hence you will get tripped up all the time by stuff that should not be an issue.

(btw: I program in C all the time (daily), and I malloc/free all the time as well, and the last time I had a bug that was a memory leak in production was in the 90's. I do not worry about it at all - proper factoring of the code, proper testing (valgrind is part of the test harness, including diff scripts) catches all the memory bugs.

Thankfully it's been too many years for me to be more specific.

If you're still awake at this point, let me attempt to point out the problems with the code you posted; I'm ignoring the missing ';' as that is almost certainly a typo - what I am not ignoring is your severe misconceptions. Here is your code snippet:

char foo[20] = "test string"
for (i=0;i < strlen(foo);i++) { ... foo[i] }

1. You were incorrect upthread when you assumed that no NULL byte was added; it most certainly is.
2. If you are traversing an array, you use the sizeof operator to calculate the array length at compile time like this:

for (i=0; i < sizeof array / sizeof array[0]; i++)

3. You are calling strlen before every loop - this usually results in unacceptably long execution times for the loop. For a pointer to a string use a while loop like this:

while (*ptr++) { ... }

For a char array, use the sizeof operator.
4. You are running through the loop body with a mutable string but relying on the end of the string to break the loop. This is a source of very difficult to track bugs once the maintainer starts work. Instead, use sizeof *or* use a constant/variable; this prevents the loop going haywire when the array/string is modified within the body of the loop.
5. If you need a string constant, then use one like this:

char *sro = "test string";

If you need a writeable string, then do this:

char srw[] = "test string";

There are very few reasons for this:

char srw[20] = "test string";

If you really needed the extra space, then it is clearer to the maintainer what you meant if you do not initialise when declaring. Rather copy in the values with a safe string function after declaration, otherwise this is almost certain to happen.

This ...

---someheader.h---
...
#define MY_SLEN (20)
...
---somesource.c---
...

Re:Yes, let's do just that...

[WNight]

I started in Applesoft basic, briefly, then used ASM on a 65c02, and then in Pascal, then very thankfully to C and some x86 ASM, and then on.

Take five years away from C and see if you remember the little things - not about null terminators, but which routines add them and which don't, etc. Does strcpy copy the null-terminator? Does strncpy if the string is longer than n characters? This isn't "programming", this is API trivia.

Anyways, your comment is a further example... I posted a pesudo-codish for-loop illustrating the initialization, check, and self increment. There are easier ways for strings, as you list:

while (*ptr++) {} but they don't generalize to arrays that aren't null-terminated or where you wish to walk backwards, etc.

And then with all the different ways to allocate space, assign strings, set nulls, you still don't think it's full of gotchas? Maybe gotchas that you learn when working in it, but if you just picked up K&R and started coding you'd turn out bad code. Worse, semi-stable bad code that works but only until you change compiler, platforms, etc.

The point is that my Ruby example was one line of setup, one of code. It did what you couldn't do well in less than ten lines of C, and risking at least a few security flaws or fatal bugs. If my Ruby failed it would print a nice exception. If the C fails it'll silently overwrite some other variable or die in another hard to find way.

It's funny that you nitpicked over my unintended bugs, the ones I assumed people would see as pseudo-code, and totally missed my point about having to manually write code to do this at all. More code leads to more bugs, it's that simple.

That's okay when you're putting in the time anyways to make sure your filesystem, memory manager, etc, work properly. When you're trying to write a quick UI-heavy end-user utility it's not so good. 98%+ of programs aren't memory managers, database engines, or graphics-intensive games...

Re:Yes, let's do just that...

[goose-incarnated]

I started in Applesoft basic, briefly, then used ASM on a 65c02, and then in Pascal, then very thankfully to C and some x86 ASM, and then on.

I started with a c64, so not much difference then.

Take five years away from C and see if you remember the little things - not about null terminators, but which routines add them and which don't, etc. Does strcpy copy the null-terminator? Does strncpy if the string is longer than n characters? This isn't "programming", this is API trivia.

In actual fact, I haven't used the standard C string functions (unsafe, C programmers almost never use the unsafe functions, like gets) in many years, but I can almost certainly guarantee(sp?) that strncpy will add in the terminator *unless* the length of the source string is greater than or equal to the length of the destination array.

Anyways, your comment is a further example... I posted a pesudo-codish for-loop illustrating the initialization, check, and self increment. There are easier ways for strings, as you list: but they don't generalize to arrays that aren't null-terminated or where you wish to walk backwards, etc.

I replied with something that generalises to arrays and can be used in reverse (from end of array). I have to concede that I have nothing that will generalise to pointers to malloc'ed arrays.

And then with all the different ways to allocate space, assign strings, set nulls, you still don't think it's full of gotchas? Maybe gotchas that you learn when working in it, but if you just picked up K&R and started coding you'd turn out bad code. Of course not; this is C we are talking about - it was created to write a portable OS. Even now, it is very rarely used to implement business logic, hence it comes with disadvantages for high-level constructs, but it does come with a rather intuitive mapping to the computer (hence, nice for teaching computer architecture).

My point was that you are criticising something when it is blindly obvious that it has been some time since you have used it intimately.

Worse, semi-stable bad code that works but only until you change compiler, platforms, etc.

If you read the standard, this never happens; the only times I have seen this is in the hands of developers who think that an int, in C, is 32 bits (because it is on their platform) or who think that the code "void main ()" is legal C.

IOW, the only people who suffer are those that look at what their compiler generates and then infers what is and isn't in C. Drop by comp.lang.c sometime and you'll see these people getting constantly corrected when they say "it depends on your platform".

Re:Yes, let's do just that...

[gillbates]

Not to nitpick, but I get the same zero-initialized array even when declared inside the body of a function. The problem I see with this is that someone who learns C through trial and error will expect every compiler to zero pad an array.

These kinds of details are important, because I was taught that the compiler always zero terminates a string. So it apparently works out something like this:

1. char * foo = "asdf"; produces a 5 byte, null terminated string.
2. char foo[5] = "asdf"; produces a 5 byte, null terminated string.
3. char foo[5] = {0}; produces a 5 byte string of all 0's. (Yes, there was a time when this was true; it was valid C). I don't think this will compile on most modern compilers.
4. char foo[5] = { 'a', 's', 'd', 'f' }; produces a 5 byte string, where the last byte is not necessarily 0 (but happens to be when gcc is used).

Apparently, if you have a string on the rhs of an expression, the compiler creates an ANSI-C, null terminated string literal. If you declare an array and initialize it element-by-element, the compiler is free to leave the remaining bytes unitialized; that is, it doesn't implicitly null terminate an array initialized element-by-element. To the compiler, the first is treated as a null terminated string; the second is merely a sequence of bytes.

You know, this violates the principle of least surprise. If the ANSI standard declares a string to be null terminated, then one expects a literal string to be null terminated, regardless of whether the object to which it is assigned is a "char *" or a "char []", or "char [size]". Semantically, they are identical; the difference is that when the size is specified, the compiler doesn't go through the additional step of determing the allocation size.

When I first learned C, I was taught that the only time the compiler initialized the entire array was when the syntax of [3] was used. And the compiler didn't zero-initialize an array unless it was explicitly specified as such. Apparently, both of these have changed. The first is no longer valid syntax, and the compiler is now apparently free to zero-initialize an array, (or not). What disturbs me is that in an attempt to outsmart the "dumb" programmer, we've now created a situation which allows subtle bugs to hide in code. I think the GP example, and the discussion that followed, is a prime example of how violating the principle of least surprise can produce subtle and difficult to find bugs in code. Even though I code in C on a daily basis, it wasn't immediately apparent that the GP code was flawed; in fact, it compiles and runs correctly on an x86 system. So to most C programmers, the argument of whether or not it is ANSI compliant seems pedantic. (Even though it isn't).

Re:Yes, let's do just that...

[WNight]

I'm not criticizing C though (much). I'm calling it a chainsaw.

As evidence I'm presenting some tiny snippets of near pseudo-code and low and behold we discover they aren't safe as is, and that I've made a few mistakes. I think I'm proving my point - pay attention to where your fingers are.

And I don't think it's simply a matter of thinking of the machine architecture, strncpy could copy n bytes, or n-1 and null-terminate the nth. Its name says it works on strings, and strings are null-terminated. I'd expect something that didn't null-terminate to be called memcpy... It reads as a string, but writes like an array of chars.

I do agree about C being a good teaching language. Rubber chainsaws (C in a classroom setting) are great because people don't get by with fragile code that happens to run anyways as C is hard to write infinite-monkey style, forcing you to think about your goal.

I totally laud C, and ASM, as the reasons I'm an insightful developer and debugger. Having manually tracked everything I respect how much work the VM is doing. I Understand the computational complexity of built-in types like associative arrays, so I use them carefully. Not just in big-O notation, but in the failure modes of various algorithms (sorting ordered vs unordered lists, etc) or at least that they have them . All sorts are not created equal, though you'd think so if you started coding in Ruby or Python and had never needed to look under the hood.

But. I appreciate being able to code tired and not lose fingers. Especially as I rarely need the bare metal in mundane programming tasks like syadmin scripts and writing web apps.

You misread my statement about platform dependence. I specially meant people who assume an int is 32b, don't test this assumption or any others, and have it fail when one of a million variables change. Such as the version of compiler, what was in memory before, etc. It's easy to fail to write portable C, though I will agree that this is usually not C's fault.

Re:Let's get the preliminary stuff out of the way.

[Scaba]

Isn't that pretty much what a CPU already does?

What about Windows 2000 ?

For the few people, who are hanging to their Windows 2000 for dear life ?

Re:What about Windows 2000 ?

[the_greywolf]

We've already abandoned it for Linux.

I still have (and occasionally use) my server edition license, though.

Re:Let's get the preliminary stuff out of the way.

The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP).

You forgot ICMP. And even if you had remembered it, the bug was in IGMP, which is still not on your list, and would thus need to be implemented in software anyway. Sure, IGMP is not used that much, but it only takes one bad guy to send the packet that takes over your system.

yeah

bindiff.exe

Mmmm, mmmm, good!

[Gription]

Don't feed the trolls. ???
But that is the primary reason for /. to begin with!?

Re:Mmmm, mmmm, good!

But that is the primary reason for /. to begin with!?

Uh no, retard, /. is for making fun of M$, worshipping Linux, and quoting tin-foil hat conspiracy theories over and over again.

I'm a freakin' troll dammit! Feed me!

Re:Let's get the preliminary stuff out of the way.

[ultranova]

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

Considering that Firefox crashes whenever I happen to hit the "Insert" key when writing a reply on Slashdot, and randomly otherwise, I'm inclined to agree. Programmers, in general, are apparently incapable of dealing with memory management or bounds checking, so they should just use automation.

Of course simply moving them to Java will just have them do things like starting threads from object constructors (which causes all kinds of weird and wonderfull bugs), use 100+ threads for low-volume network communication (I'm looking at you, Freenet) and in general write such inefficient code that a lookalike but less featured remake of a DOS-era game running on a 1 GHz machine feels like watching a glacier (FreeCol, that means you).

Most programmers are incompetent, there's no getting around that. And giving more power to an incompetent is propably not such a bright idea.

Sorry about the rant. I blame it on Firefox crashing three times this morning.

Re:Let's get the preliminary stuff out of the way.

[4D6963]

I think he's suggesting the .NET framework.

Quite what I was afraid I understood. If you're afraid of doing dynamic allocation yourself you shouldn't be allowed to use a real programming language in the first place anyways. I mean seriously, that trend that consists in going "eww, dynamic allocation", "omg, a pointer, what is that thing!?" or even "I wonder how people could live without garbage collection" makes people sound like sissies.

Re:Let's get the preliminary stuff out of the way.

[sp3d2orbit]

Forget these other retards. Your hardware idea is one of the best I've ever heard.

Write it out in VHDL, get an FPGA, and take the proof of concept to someone with money. Any web server admin with half a brain can see why having your TCP/IP stack in hardware is preferential to software, even if it does replace the ethernet card.

Fantastic!!!

..and then you've got MPLS, Q, QinQ, et cetera..

[kriss]

Well, for starters you'd need to actually *find* the IP header in the frame before you start mooking around for the transport headers.

Yup, I do that

But people keep saying "You really need to get a TV" etc. We're social animals and now social mores are based around TV.

Mind you, I now need so little money I'm able to work part time and STILL have a lot of money to enjoy it.

OK, so the poor artists (and engineers, etc) will starve because nobody is buying their product any more, so I can't see that being allowed.

Re:Yup, I do that

OK, so the poor artists (and engineers, etc) will starve because nobody is buying their product any more, so I can't see that being allowed.

Actually, that's a pretty good point. The only way to continue employing hundreds of millions of people, each of which can do the work to support dozens if not more, is to convince everyone that they need to buy the output of hundreds of millions of other people.

Otherwise, 1/10th of the population would have jobs, whose income would go entirely to pay welfare to support the other 9/10th, and even if you say "well, let the useless 9/10th die", the population would just contract, and you'd still only need to employ 1/10th of the population, until you reach the point where places like New York have evaporated into a small hamlet.

Re:Let's get the preliminary stuff out of the way

[justkeeper]

It's a physical layer component ,which is not a physical component,but a logical one.

billg said what?

[Butterspoon]

After XP was released Bill Gates publicly stated they the next version of Windows wouldn't be an OS but instead it would be a Digital Rights Management Platform.

Can you provide a reference for this? Even for Microsoft, that's a pretty extreme comment...

Re:billg said what?

[Gription]

Back then it wasn't such a jaw dropping statement. It is pretty extreme for now days but in 2002 we didn't really know what DRM truly meant for the end user so it didn't raise an eyebrow. I thought it was stupid because that would mean that their key focus wasn't on creating a platform to run programs on so they were losing their vision...

I have tried searching to get a good web reference for it and but when you put in "Digital Rights Management Platform" on a search engine you get a billion hits. It was during a public press conference. If someone knows how to search just transcripts of press conferences I would really like a link to it too.

Variarable sized headers/payloads.

[smcdow]

Hear, hear. Once upon a time I designed a packet-ized format for data telemetry and storage. The design was straightforward, but it included a variable-sized record-header (but always a factor of 8) on top of variable-sized record payloads. I thought it was a good idea at the time, but it turned out to be problematic for S/W implementation, especially for inexperienced devs. I could have saved ourselves a lot of time and pain if I had made the record headers fixed-length. Mea culpa.

Makes one appreciate just how complex handling TCP/IP can be. I can't imagine how it could easily be ported to firmware. It obviously can be done, but it's no easy task.

Re:Variarable sized headers/payloads.

[statusbar]

Having to teach inexperienced devs how to deal with variable sized record payloads is better than having the hardware restrict your packet contents such that software features become impossible to implement...

--jeffk++

Re:Variarable sized headers/payloads.

[smcdow]

It wasn't the variable-sized headers that caused the bugs; they were fine with that. It was the variable-sized record headers that did the trick.

But your point is taken. But, I'm not ever expecting this data format to be subsumed into firmware.

TCP/IP stack again

[nuddlegg]

Shit, this error needs to be fixed in BSD Unix as well.

Re:TCP/IP stack again

The 90's called -- they want their joke back. The NT TCP stack was written from scratch in NT 3.51, and (mostly?) rewritten for Vista/Longhorn. But please, don't let facts get in the way of your lame humor attempt.

Re:TCP/IP stack again

Faggot.

Re:Let's get the preliminary stuff out of the way.

[slartibart]

Of course simply moving them to Java will just have them do things like starting threads from object constructors (which causes all kinds of weird and wonderfull bugs), use 100+ threads for low-volume network communication (I'm looking at you, Freenet) and in general write such inefficient code that a lookalike but less featured remake of a DOS-era game running on a 1 GHz machine feels like watching a glacier (FreeCol, that means you).

Most programmers are incompetent, there's no getting around that. And giving more power to an incompetent is propably not such a bright idea.

Sorry about the rant. I blame it on Firefox crashing three times this morning.

Wow, Java programmers start threads in constructors? I admit I have no idea what havoc that would cause, but on the other hand it would never occur to me to do such a thing. Seems to me that's what the Runnable interface is for.

One of my big pet peeves of the software industry is that no project I've ever been on bothers to do CPU or memory profiling unless there's an absolutely god-awful bug. I mean, something like "a tiny transaction is taking 1.5 hours" or "Our small app is bloating from 25MB to 1GB". No one on these projects but me has EVER thought "This thing should be performing faster and using less memory" and then ran the tools to figure out why. Then again, I've spent most of my time at a company that sells hardware and software, so it's probably good for business that their apps waste memory and CPU cycles.

Clever Marketing

[CustomDesigned]

I actually don't mind marketing that actually *is* clever. Be it entertaining, informative, or just cool, when a company spends enough bucks to make an Ad truly worth watching/reading, I won't complain. For such ads on the internet, they usually don't even need to spend much on distribution - people will pass it on of their own accord. "Viral Marketing." I do think companies that do this should include a Creative Commons type license so people know it's ok to pass it on.

How long should C remain in use?

[master_p]

C is a horrible abomination of a language when seen from the perspective of modern languages like Haskell, Erlang, ML, Scala etc. There are even operating systems written in these languages. C has cost the IT industry billions of dollars as a result of safety and security problems.

C served its purpose, it's now time to be replaced with a better language.

Re:How long should C remain in use?

What language you would use to write those other languages? Most of the high-level languages are not self-hosting -- for example, Sun's Java implementation is entirely in C, as are common implementations of lisp, python, perl, etc.

There are sometimes attempts to make such languages self-hosted, but generally only as analysis tools for in-depth debugging and performance monitoring. For example, there are a couple of "self-hosted" JVMs floating around, but they all are A) dead slow B) have incomplete language coverage C) are launched by a C program that loads a hand-constructed JVM image into memory and begins execution.

So until you write a self-hosted Java implementation that's usable in the real world, I think we'll probably still be writing in C.

Re:How long should C remain in use?

[master_p]

I don't think that using a safe self-hosting programming language like ADA or Cyclone is a thought that is difficult to formulate...

Movie?

[Hillgiant]

A movie? Of comparing code? I guess I'm getting old, because I do not understand this youtube-ification of the internet. What is wrong with plain 'ole text? I can read it faster than you can fumble around with the camera. It costs less to send to my computer. I don't have to learn YAFBMW (Yet Another Flash Based Movie Widget).

Remember kids, if you need a vBlog to make your Blog interesting it may be more about you not being interesting than the format.

Re:Let's get the preliminary stuff out of the way.

[RightSaidFred99]

Yeah. And CPU's are ridiculously fast nowadays anyway. The demands put on them by stuff like networking are so low it's just in the noise in most cases.

Re:Let's get the preliminary stuff out of the way.

[mugnyte]

  I think if you continue your "off course" comments, you'll never stop stating the obvious.

Misinformation?

Well, I seem to get plenty of 4226s when I don't patch it and I'm using uTorrent. Also, the site linked seems to rely on MSDN documentation, which I don't really trust. I've used the LVLlord patch for years now with absolutely no troubles, though I admit that I don't (and never would) use Media Center.

Moreover, the LVLlord patch (which is the one linked above, BTW) can be run again to uninstall itself and makes a backup of your TCPIP.SYS.

Anyhow, it's up to people to make their own choice on the matter. I'm not too worried about worms--I've never had one in all my years of running Windows (I do my own checks for malware, rather than just relying on a virus scanner) and the patch works for me.

*shrug* But you don't have to take my word for it.

Re:Let's get the preliminary stuff out of the way.

[PitaBred]

I seem to remember assembly programmers saying the same things about high-level languages...

Bug...

[RegisteredAnonymous]

Hopefully the GTK developers will fix this issue soon.

Re:Let's get the preliminary stuff out of the way.

[PitaBred]

Hrm... doesn't seem to crash for me. What version are you using? Or do you have your Insert key somehow tied to something else? Because I just hit Insert 20 or 30 times while typing this and nothing happened.

I slave for no Bill Re:you BINARY

[mrmeval]

Why should I *slave* for micro$soft?

Let them release the code for Win98 GPL and see how fast it surpasses Pista!

Re:Let's get the preliminary stuff out of the way.

[4D6963]

I seem to remember assembly programmers saying the same things about high-level languages...

Sure, we might go "wtf do you need exception handlers for? Just write bug-free code!" or even "operator overloading is for pansies", but there's no way you can turn it into making us sound like sissies.

Re:Let's get the preliminary stuff out of the way.

[sjames]

Now that that's done with, I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level?

It's been done over and over again, and in every single case, with the excepting carefully selected benchmarketing, it's had worse performance than doing it in the CPU with a cheaper and simpler NIC.

Personally, I'm glad it's NOT in the card. Imagine a vulnerability found in a network card's stack! A PCI card can scribble all over system RAM just as easily as a buggy kernel driver. Imagine no more iptables. Imagine nobody experimenting with IPv6 at all because they'd have to get an expen$sive new card carved from pure unobtanium.

strlen in a loop, pointer, writable memory

[Sits]

I'm not too sure about using strlen in a loop like that. C strings are NULL terminated so each time you are going through that loop and doing your test you are also having to iterate over foo to find its length (unless foo is const variable and the compiler notices etc).

I'm not so sure about the "you forgot to terminate your string constants" bit. My understanding is that string constants are NULL terminated in C. I would be a bit cautious about assigning a string constant to a fixed sized array though (it feels wrong... If copying happened there's potential for wasted/too little memory, questions over whether you are actually throwing a pointer to rewritable memory away, are you trying to change read only memory later etc). Whether more memory is zeroed before use depends on your platform, libraries, how the memory allocation was done and your compiler (e.g. on Linux the glibc malloc function switches between brk and mmaped memory allocations depending on size and mmaped memory is zeroed by the kernel before being passed to your program).

Re:strlen in a loop, pointer, writable memory

[WNight]

It's funny, I didn't want to belabor my point by making the for-loop too long. I could have hoisted the strlen out but the number of expressions I was having to write to match a .each {} expression was getting out of hand.

I think I proved my point inadvertently as well. C is too complex to use safely as a psuedo-code language. :)

char x[5] = "foo"
char x[5] = "longer string"

The first is bad form because the second would still compile. It'd probably be zero-terminated, but stomping on your other variables.

Nope, just tested that. It's limited to the declared length, but it's not zero-terminated.

Anyways, that's C - tons of little gotchas, most of which are somewhat platform dependent.

Re:strlen in a loop, pointer, writable memory

[goose-incarnated]

I think I proved my point inadvertently as well. C is too complex to use safely as a psuedo-code language. :)
Nope - all you proved is that you need to learn C before you can 'dis it :-). Seriously, no one would take me seriously if I wrote glaring errors in $LANGUAGE_I_DID_NOT_LEARN code and then insisted that it is the fault of the language and not the fault of the programmer who never learned the language.

char x[5] = "foo" char x[5] = "longer string" The first is bad form because the second would still compile. It'd probably be zero-terminated, but stomping on your other variables.

Actually, this is in the damn C standard! You are picking on things that are part of the language specification that *every* programmer in that language should know!!! How can you call yourself a C programmer if you've never read the standard?

Nope, just tested that. It's limited to the declared length, but it's not zero-terminated.

Or, you know, you could have read the C standard instead; then this would be one of many so-called "gotcha's" that you would never even notice.

Anyways, that's C - tons of little gotchas, most of which are somewhat platform dependent. You remain stubborn in your opinion that, even if you never read the language standard (or spec), then it is the fault of the language that you do not know things that are common knowledge to all C programmers. I think perhaps you should re-examine your arguments about C, but first at least read the standard.

Re:strlen in a loop, pointer, writable memory

[WNight]

You're still missing the point. A chainsaw can be safely used by a skilled logger, but it has many pointy gotchas, as does falling trees, etc.

Yes, if I was an active C coder and knew the spec I'd have made less mistakes. If I was careful and concerned I could write better code.

But how about all the C coders out there who aren't careful? Who don't know the spec like the back of their hand? They're playing with chainsaws. That's all I was saying. If active C programmers came with a quality guarantee this wouldn't be such a problem, but for every spec-head there are two that don't know the difference between (*p)++ and *p++, to great calamity.

These people should be programming in Python or something where they'd be happier, as would their coworkers.

There's nothing wrong with C, except that all forms of declaration and assignment are subtly different and you need to very clear to keep them straight, manually.

Personally I'd expect char x[5] = "abcdefghi" to write the full null-terminated string into the space of a 5-byte string. I find it counter-intuitive that the language that allows you to write beyond the end of an array has different behavior during an initialization. Seems like a gotcha. One you no-doubt navigate blindfolded through experience, but still a gotcha.

Re:strlen in a loop, pointer, writable memory

[goose-incarnated]

These people should be programming in Python or something where they'd be happier, as would their coworkers.

We sure would ;-).

There's nothing wrong with C, except that all forms of declaration and assignment are subtly different and you need to very clear to keep them straight, manually.

Not really; all forms are the ones that make the most sense for the compiler and/or the hardware. Using this reasoning I was able to infer the behaviour of strncpy(). I could be wrong, but I doubt it. Just the same, I am fairly confident that a struct-to-struct assignment does no deep copies, that simply dereferencing uninitialised pointers (without writing to the memory) can cause problems, that using VLA's(c99) is a bad idea, that going 1 past the end of an array might hurt me, that using gets, even though it is in the standard, is a monumentally stupid idea.

I'm also right alongside the idea that C is not the easiest language, but I still feel that it is a great teaching language[1] if you want to turn out methodical, careful, cautius and above all, great programmers.

Notes
[1]Sure, programmers should not have to worry about memory; but, like driving a car, the managing of things like that should come to them after time anyway. Think about learning to drive a manual trans car. You had to remember to push the clutch in, you had to remember what gear you were in and where the next one (up/down) was, you had to remember to release the clutch slowly, and to push it back in if you needed to stop, etc.

Now you probably drive without noticing all those things - as a species, we progress by thinking *less*, not more. We progress but letting our automatic reactions handle those things we previously had to think very hard about. Managing memory is much the same; I wouldn't trust any programmer who has never spent a good few years in a non-gc language (ask me why :-)

Anyway, cheers ...

TCP/IP stack is a hot path

[Sits]

I think you've chosen a bad example there. The TCP/IP stack is a very speed critical part of current kernels. At gigabit (or faster) speeds a very large number packets will arrive so that is code that is executed an awful lot (especially if you are running a stateful firewall). You don't want gettimeofday to be slow because it is called so many times. The same goes for your TCP/IP stack - you want it to be fast AND robust.

Re:TCP/IP stack is a hot path

[Anonymous+Brave+Guy]

Sure, but this is a relative scale. Compared to process scheduling or memory allocation, TCP/IP really doesn't matter that much. The performance overhead from writing such code in a marginally higher level language that is safe from buffer overflows is likely to be small as well.