- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Gotta love those experts...
first?
Admin
Maybe that "Security Expert" can solve the SPAM problem!
Admin
It was his error: Instead of using the BAD wording "how a virus works" he should have used the "how a quine works".
Anyway, a real WTF instead of empty dialogs. Was really time for it.....
Admin
Some people are so frigging paranoid. That's like saying "bomb" or "terrorist" in public nowadays. sigh
Admin
Gotta love that institutional memory our organizations work so hard to foster.
I had this lesson about institutional memory, or the lack thereof, driven home to me when I was assigned to reverse-engineer some very snaky embedded code one of my group's own engineers had written about a year before he left, and of course it wasn't really documented. I did get to use an oscilloscope to debug that one though.
Admin
Addendum for i-dotters: It could be that the file is simply copying itself about the network and is therefore not a quine...
Admin
An Oscilloscope to debug code? Where do you connect the probes?
Admin
Admin
Wording is truly everything.
I have gotten into saying "Yup should be all set" and "You shouldn't have any problems with it now". Certain people hear that and freak out saying "Wait - you mean you think its ok but you're not sure? It should be all set, or it is all set?"
To which I reply - Yes it IS all set. And you WILL not have any problems with it now.
I hate people.
Admin
Or using them in your postings to a public forum. We have your IP and will be contacting you shortly...
Admin
You just jab them into the middle of the biggest black chip on the dev board...
BTW in embedded applications you can debug code using an oscilloscope in much the same way you debug code using console.writeline in c#. It's slow and messy, but it does work if you don't have the debugger for the microchip.
Admin
Tell them that nothing is certain in life. "Well, I did everything humanly possible for it to work, but there's an infinitesimal chance that your hard drive could instantly fail, negating all of the work I just did. Or more likely, Windows could have a hiccup and fail to start up. In either case, I've done everything that I possibly could to alleviate the problem, and so I am as confident as one can possibly be, but due to the nature of the universe, am not certain."
They might not like the response, but at least you're being honest. :P
Admin
In my experience, if you say that, invariably they have a problem with "it" that's totally unrelated to what you did, an d blame you for it.
Admin
A bit like when I fixed an ongoing problem at work. Our PCs were crashing left right and center- I turned off hyperthreading and all started working again.
But by pure chance, after I disabled HT on one users PC their entire menu dissapeared (an IT fault, which was fixed an hour later) and guess who took the blame for it?
Admin
So the guy who read the comment first watched one too many movies about computer hackers, but he shouldn't have put the comment in there. The so called "expert" was a bit of an idiot for dealing with it how he did but maybe he just needed some job security.
Admin
I hate that so much. People need to realize, with computers, there are no gurantees. Except, of course, that something is guranteed to blow up eventually.
Admin
This reminds me of a couple of incidents I heard about recently in Boston, though this code predates Aqua Teen Hungerforce.
Captcha: Wha?
Admin
Yep, people are the problem with IT. Computers don't mess up, people do...hence this site: a place for people to complain and let out a little frustration at the stupidity of other people!
Admin
I knew that would trigger an alarm somewhere. You may have my IP, but now you gotta find my desk! :P
Slips out of the building and goes to secret Bat Cave...
Admin
This program was a security nightmare, and cleaning it out was not a WTF.
A self replicating anything that has the ability to diagnose the system is just an exploit waiting to happen. If anyone working for the company decided to open up the program, re-route the feed back, and alter what it was looking for, well then entire network would be wide open for all sorts of mischief.
The real WTF, was not writing the diagnostic application as an upgrade or addition to the main software and pushing it out to clients. Then it could be relied upon to preform its function, and not self propagate "like a virus".
Admin
Probably the main reason I don't write documentation for any jobs I work on...no one with an MBA ever bothers to read it!
Admin
We are just going to go to reception and ask for Mr Abydon Krafts!
:D
I love being the helpful one...
Admin
So the PI couldn't find "Chilton". Either through traditional methods or by his old boss TELLING THE PI WHAT HIS NAME WAS.
His old boss couldn't just call/email Chilton to clarify?
The security expert couldn't even dissect a DOS batch file?
Admin
Heh. I always say, "Yes, it SHOULD be, but it MAY NOT be due to some factor I have not forseen."
That reverses the hate, because then they hate you for dealing in the inductive real world rather than the deductive world of their smallminded black & white existence, forcing them to consider imponderables, and generally making them uncertain about existence itself...a mini-existential crisis.
This makes me happy, so I leave feeling good about myself and they sit in corners a watch each other through narrowed eyes.
Admin
In this case the whole point of the code was to synchronize clocks on several identical cards that talked over a bus, so about the only way to know if they were really synchronized was to check the bus.
It was a weird feeling to look at a rectangle wave on the scope and realize its width was the same as the length of time that some initialization code took to run. (Of course a scope only shows periodic waves, not one-time events, so the width was only influenced by the length of the startup code.) If that code ever ran too long, it would mess up the synchronization.
I added to my report that someone should, in principal, periodically set up the scope the same way to check the running time of that code. I wonder if anyone ever has? I left a couple years later to go back to school (oh wait...).
Admin
It was a batch file. It can't do anything on the computer that the security doesn't already allow. Unless Chilton changed some security settings or embedded passwords in his script, it had no negative impact on security.
Admin
I think I'll file this under "the real WTF is in the comments".
These guys were sending an executable file to their clients, and the clients were running them. There was already nothing to stop a malicious tech from sending out a malicious executable under the same name. This utility had been tested through use by a ton of clients - why change it when it's obviously working as intended, and no problems have come up?
No, maybe it's not the "best possible way ever", but it was working fine, and certainly not a "security nightmare".
Admin
Should have been quoted above.
Admin
Doesn't MS diagnose in a similar way? And does automatic Windows update work in a similar way?
Hmmmmmm...
Admin
LOL
the first two WTFs are in the 2nd sentence though:
Admin
I do the opposite. I always deliberately say "should be all set" rather than "it IS all set". Guess it's a cultural thing, but I've yet to have anybody flip out and say "what do you mean 'should', aren't you sure?" but I have had people say "you told me yesterday it was definitely fixed!"
Admin
It seems to me that that's how a worm works, not a virus.
But what do I know? :)
Admin
Admin
I've heard scandalous rumors that the dancing foil guys didn't actually invent the Pentium either, but they're all lies. Lies, I swear!
Admin
To track down a particularly nasty bug caused by some bad logicy, wrong edgy madness I ended up clocking the CPU at 0.5Hz while watching various lines with an oscilloscope... try and do that with a dual core wotsit, eh?
Admin
Admin
A while back, in a coding class, there was a problem with the student computers where a worm was propagating from machine to machine using unsecured Windows File Sharing. They had to call in their support people to get rid of it.
Later in the week, they had a coding contest to make a game using the language we were learning. I made an air-hockey game that had rudimentary network support to play with somebody else by specifying a direct IP connection. After I demonstrated it on the big screen, I told everybody to go to their "C:<share>" directory and they could try it themselves -- when I had run it on the instructor's machine, it had silently copied itself out to all the student machines while it ran. I won the contest... got an Xbox for my trouble!
Admin
But there are "internets" and you certainly can have more than one of those.
the WWW is an internet that is part of the Internet.
Admin
Note for the future:
Do not say "Hi Jack" in an airport. Do not write virus in comments
Admin
Interestingly you are so right that even where yo uare wrong it almost doesn't matter. intranet is basically short for intra-company network. In other words they are usually self contained. internet is an inter-company network, usually spanning more then one company. Please not where company is listed you can swap out school, institution, region, country, etc. The Internet (note always capitalized) is the largest internet. It contains subnets and domains. ARPAnet and MILNet are just two of the internets on the Internet. Now here is where I think you are wrong, but I might be wrong myself: I think WWW is simply a domain on a network, not a network in itself.
Admin
I think your humor tubes are clogged...
Admin
Admin
That same person who called in the security expert, later moved to boston and became the chief of police....
CAPTCHA: analwart
Admin
Take one or more I/O lines and stuff debug values on them while the program runs - scope these and see what the code is doing - it's the only way if you have no screen or serial port!
Admin
Admin
Admin
badVirus.bat
xD
Admin
Admin
Or for the non destructive, but entirely entertaining variant:
[code] @echo off cls echo Press any key to execute virus... pause>nul echo Deleting everything... And I mean everything ... mueheheh echo del . /s echo Delete ., Are you sure? echo Executing.... ping 127.0.0.1 -n 5 -w 1000>nul cls echo Finished! {/code]
Admin
Some people are so frigging paranoid. That's like saying "bomb" or "terrorist" in public nowadays. sigh
Ha, so true. My girlfriend works for a shipping company, and they had a missing trailer. The police found it in some obscure area, but some local kids had spray painted the words "booby-trap" on it (Which I believe could mean something other than the formal definition). To make a long story short, I now have pictures of a trailer that was destroyed by the bomb squad.