software - Dave's Blog

Search
My timeline on Mastodon

Tweet from David_Risney

2016 Feb 10, 10:20
Internet Archive adds Win3.1 software. http://blog.archive.org/2016/02/11/internet-archive-does-windows-hundreds-of-windows-3-1-programs-join-the-collection/ … Ah the memories. Makes me want to edit my win.ini & config.sys
PermalinkComments

Tweet from David_Risney

2016 Jan 27, 9:57
FCC proposes replacing cable card with software based equivalent. Would be amazing if it could happen. http://arstechnica.com/business/2016/01/cable-lobby-is-really-mad-about-fccs-set-top-box-competition-plan/ …
PermalinkComments

Tweet from David_Risney

2015 Nov 18, 8:29
Next up: hacking phones with inaudible sounds that exploit bugs in this software http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/ …
PermalinkComments

Retweet of CompSciFact

2015 Oct 30, 12:44
Twins denied drivers permits because software couldn't tell their faces apart. http://wbay.com/2015/10/23/twins-denied-drivers-permit-because-dmv-cant-tell-them-apart/ …
PermalinkComments

Tweet from David_Risney

2015 Sep 20, 8:45
Do you think VW maliciously evaded US emission requirements? As a dev, can't imagine working on such a project. http://www.nytimes.com/2015/09/19/business/volkswagen-is-ordered-to-recall-nearly-500000-vehicles-over-emissions-software.html …
PermalinkComments

Retweet of KevinJHill

2015 Jul 22, 8:04
The Microsoft Edge @MSEdgeDev team is hiring a Senior Software Engineer! http://bit.ly/1CRaQz8 . Help us make the web better #cpp #jobs
PermalinkComments

Tweet from David_Risney

2015 Apr 11, 8:52
"@newsycombinator: Programmers: Before you turn 40, get a plan B (2009) http://improvingsoftware.com/2009/05/19/programmers-before-you-turn-40-get-a-plan-b/ …" Bleh
PermalinkComments

Retweet of chockenberry

2015 Mar 9, 11:56
More about the attack on the developer tools: https://firstlook.org/theintercept/document/2015/03/10/strawhorse-attacking-macos-ios-software-development-kit/ …
PermalinkComments

Retweet of pacohope

2015 Feb 25, 2:28
Stopped at the roadside for a #software update. Sigh. pic.twitter.com/wYWXkcnA91
PermalinkComments

Retweet of reinpk

2015 Feb 1, 9:44
New blog post on software layers replacing middle management: http://rein.pk/replacing-middle-management-with-apis/ …
PermalinkComments

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

JS NICE: Statistical renaming, Type inference and Deobfuscation

2014 Jun 3, 9:36

JS NICE | Software Reliability Lab in ETH

JS NICE has indexed over 10,000 JavaScript projects from GitHub and then probabilistically infers newly suggested names and types for all of the local variables and function parameters of new JS.

PermalinkCommentstechnical javascript js coding

Debugging anecdote - the color transparent black breaks accessibility

2014 May 22, 10:36

Some time back while I was working on getting the Javascript Windows Store app platform running on Windows Phone (now available on the last Windows Phone release!) I had an interesting bug that in retrospect is amusing.

I had just finished a work item to get accessibility working for JS WinPhone apps when I got a new bug: With some set of JS apps, accessibility appeared to be totally broken. At that time in development the only mechanism we had to test accessibility was a test tool that runs on the PC, connects to the phone, and dumps out the accessibility tree of whatever app is running on the phone. In this bug, the tool would spin for a while and then timeout with an error and no accessibility information.

My first thought was this was an issue in my new accessibility code. However, debugging with breakpoints on my code I could see none of my code was run nor the code that should call it. The code that called that code was a more generic messaging system that hit my breakpoints constantly.

Rather than trying to work backward from the failure point, I decided to try and narrow down the repro and work forwards from there. One thing all the apps with the bug had in common was their usage of WinJS, but not all WinJS apps demonstrated the issue. Using a binary search approach on one such app I removed unrelated app code until all that was left was the app's usage of the WinJS AppBar and the bug still occurred. I replaced the WinJS AppBar usage with direct usage of the underlying AppBar WinRT APIs and continued.

Only some calls to the AppBar WinRT object produced the issue:

        var appBar = Windows.UI.WebUI.Core.WebUICommandBar.getForCurrentView(); 
// appBar.opacity = 1;
// appBar.closeDisplayMode = Windows.UI.WebUI.Core.WebUICommandBarClosedDisplayMode.default;
appBar.backgroundColor = Windows.UI.Colors.white; // Bug!
Just setting the background color appeared to cause the issue and I didn't even have to display the AppBar. Through additional trial and error I was blown away to discover that some colors I would set caused the issue and other colors did not. Black wouldn't cause the issue but transparent black would. So would aqua but not white.

I eventually realized that predefined WinRT color values like Windows.UI.Colors.aqua would cause the issue while JS literal based colors didn't cause the issue (Windows.UI.Color is a WinRT struct which projects in JS as a JS literal object with the struct members as JS object properties so its easy to write something like {r: 0, g: 0, b: 0, a: 0} to make a color) and I had been mixing both in my tests without realizing there would be a difference. I debugged into the backgroundColor property setter that consumed the WinRT color struct to see what was different between Windows.UI.Colors.black and {a: 1, r: 0, g: 0, b: 0} and found the two structs to be byte wise exactly the same.

On a hunch I tried my test app with only a reference to the color and otherwise no interaction with the AppBar and not doing anything with the actual reference to the color: Windows.UI.Colors.black;. This too caused the issue. I knew that the implementation for these WinRT const values live in a DLL and guessed that something in the code to create these predefined colors was causing the issue. I debugged in and no luck. Now I also have experienced crusty code that would do exciting things in its DllMain, the function that's called when a DLL is loaded into the process so I tried modifying my C++ code to simply LoadLibrary the DLL containing the WinRT color definition, windows.ui.xaml.dll and found the bug still occurred! A short lived moment of relief as the world seemed to make sense again.

Debugging into DllMain nothing interesting happened. There were interesting calls in there to be sure, but all of them behind conditions that were false. I was again stumped. On another hunch I tried renaming the DLL and only LoadLibrary'ing it and the bug went away. I took a different DLL renamed it windows.ui.xaml.dll and tried LoadLibrary'ing that and the bug came back. Just the name of the DLL was causing the issue.

I searched for the DLL name in our source code index and found hits in the accessibility tool. Grinning I opened the source to find that the accessibility tool's phone side service was trying to determine if a process belonged to a XAML app or not because XAML apps had a different accessibility contract. It did this by checking to see if windows.ui.xaml.dll was loaded in the target process.

At this point I got to fix my main issue and open several new bugs for the variety of problems I had just run into. This is a how to on writing software that is difficult to debug.

PermalinkCommentsbug debug javascript JS technical windows winrt

CodePlex - Virtual Router - Wifi Hot Spot for Windows 8, Windows 7 and 2008 R2

2014 May 21, 2:30

The original open source Wifi Hotpot for Windows 7, Windows 8 and Windows Server 2012!

Free open source software based router you can run on Windows to wirelessly share your Internet connection with other devices

PermalinkCommentstechnical tool wifi router free open-source windows

FitBit and WebOC Application Compatibility Errors

2013 Aug 29, 7:17
I just got a FitBit One from my wife. Unfortunately I had issues running their app on my Windows 8.1 Preview machine. But I recognized the errors as IE compatibility issues, for instance an IE dialog popup from the FitBit app telling me about an error in the app's JavaScript. Given my previous post on WebOC versioning you may guess what I tried next. I went into the registry and tried out different browser mode and document mode versions until I got the FitBit software running without error. Ultimately I found the following registry value to work well ('FitBit connect.exe' set to DWORD decimal 8888).
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Fitbit Connect.exe"=dword:000022b8

For those familiar with the Windows registry the above should be enough. For those not familiar, copy and paste the above into notepad, save as a file named "fitbit.reg", and then double click the reg file and say 'Yes' to the prompt. Hopefully in the final release of Windows 8.1 this won't be an issue.
PermalinkComments

Windows Store on Windows 8 Fun For Independent Developers

2013 Jun 24, 1:00
Having worked on Windows 8 I'm not in a neutral position to review aspects of it, however I'll say from a high level I love taking the following various positives from smart phone apps and app stores and applying it to the desktop:
  • Independent developers can easily publish apps.
  • One trusted place for a user to find apps.
  • User can trust apps are limited to a declared set of capabilities.
  • One common and easy way for users to buy and try apps.
  • Easy mechanism for independent developers to collect revenue.
Relieving the independent developer of software development overhead, in this case Windows taking care of distribution and sales infrastructure is wonderful for me with my third party developer hat on. This combined with my new found fun of developing in JavaScript and the new Windows Runtime APIs means I've been implementing and finishing various ideas I've had - some for fun and some for productivity on my Surface. Development notes to follow.
PermalinkCommentsstore technical windows windows-store

App Developer Agreement (Windows)

2013 Jun 21, 4:20

The Windows Store supports refunds and as the developer you are responsible for fulfilling those refunds even after Microsoft pays you. That seems reasonable I suppose but there’s no time limit mentioned…

"g. Reconciliation and Offset. You are responsible for all costs and expenses for returns and chargebacks of your app, including the full refund and chargeback amounts paid or credited to customers. Refunds processed after you receive the App Proceeds will be debited against your account. Microsoft may offset any amounts owed to Microsoft (including the refund and chargeback costs described in this paragraph) against amounts Microsoft owes you. Refunds processed by Microsoft can only be initiated by Microsoft; if you wish to offer a customer a refund, directly, you must do so via your own payment processing tools."

PermalinkCommentsmicrosoft developement software windows money

Kim Dotcom’s Megabox: Music service or malware? | Ars Technica

2012 Sep 26, 6:40

Megabox is an ad-replacer - replacing ads on the web as you browse with its own. Ignoring security concerns, I hope this doesn’t result in over prescriptive laws that endanger things like Greasemonkey.

To listen to songs through Megabox, users will have two options—purchasing the music through the service, or installing “Megakey” software onto their computer to listen for free. The Megakey software, as Dotcom explained to Torrentfreak, acts like ad-blocking software—except that it isn’t. Megakey allows most advertisements to appear, but replaces about 15 percent of the ads served up by websites with ads hosted by Megabox.

PermalinkCommentstechnical music ad mega megadotcom megabox

Nanex ~ 03-Aug-2012 ~ The Knightmare Explained

2012 Aug 6, 4:29

We believe Knight accidentally released the test software they used to verify that their market making software functioned properly, into NYSE’s live system.

I get chills breaking the build at work.  I can’t imagine how much worse it would feel to deploy your test suite and destroy the company you work for.

PermalinkCommentsmoney stock knight software trading technical

(via Pareidoloop) “Phil McCarthy’s Pareidoloop...

2012 Aug 6, 4:11


(via Pareidoloop)

“Phil McCarthy’s Pareidoloop overlays randomly generated polygons on top of one another until facial recognition software recognizes a human face. Can’t sleep, at SIGGRAPH! [via @Brandonn]”

PermalinkCommentstechnical images facial-recognition siggraph
Older Entries Creative Commons License Some rights reserved.