What does “size_is” mean in an IDL file?

My boss (who has spent a really long time working on RPC) and I got into a discussion the other day about the “size_is” IDL attribute (yeah, that’s what Microsoft developers chat about when they’re bored). For context, there are two related attributes which are applied to an array in IDL files.  size_is(xxx) and length_is(xxx). …


Microsoft Office team deploys botnet for security research

Even though it’s posted on April 1st, this is actually not an April Fools prank. It turns out that the Office team runs a “botnet” internally that’s dedicated to file fuzzing.  Basically they have a tool that’s run on a bunch of machines that runs file fuzzing jobs in their spare time.  This really isn’t…


Not Invented Here’s take on software security

One of my favorite web comics is Not Invented Here by Bill Barnes and Paul Southworth.  I started reading Bill’s stuff with his other web comic Unshelved (a librarian comic).   NIH is a web comic about software development and this week Bill and Paul have decided to take on software security… Here’s Monday’s comic:…


NextGenHacker101 owes me a new monitor

Because I just got soda all over my current one… One of the funniest things I’ve seen in a while.    And yes, I know that I’m being cruel here and I shouldn’t make fun of the kids ignorance, but he is SO proud of his new discovery and is so wrong in his interpretation…


What’s up with the Beep driver in Windows 7?

Earlier today, someone asked me why 64bit versions of windows don’t support the internal PC speaker beeps.  The answer is somewhat complicated and ends up being an interesting intersection between a host of conflicting tensions in the PC ecosystem.   Let’s start by talking about how the Beep hardware worked way back in the day[1]. …