It’s a bad idea to have a TEMP environment variable longer than about 130 characters

I’ve been working with the Win32 API for almost 20 years – literally since the very first Win32 APIs were written.  Even after all that time, I’m occasionally surprised by the API behavior. Earlier today I was investigating a build break that took out one of our partner build labs.  Eventually I root caused it to…

8

What does “size_is” mean in an IDL file?

My boss (who has spent a really long time working on RPC) and I got into a discussion the other day about the “size_is” IDL attribute (yeah, that’s what Microsoft developers chat about when they’re bored). For context, there are two related attributes which are applied to an array in IDL files.  size_is(xxx) and length_is(xxx). …

7

Microsoft Office team deploys botnet for security research

Even though it’s posted on April 1st, this is actually not an April Fools prank. It turns out that the Office team runs a “botnet” internally that’s dedicated to file fuzzing.  Basically they have a tool that’s run on a bunch of machines that runs file fuzzing jobs in their spare time.  This really isn’t…

4

Not Invented Here’s take on software security

One of my favorite web comics is Not Invented Here by Bill Barnes and Paul Southworth.  I started reading Bill’s stuff with his other web comic Unshelved (a librarian comic).   NIH is a web comic about software development and this week Bill and Paul have decided to take on software security… Here’s Monday’s comic:…

3

NextGenHacker101 owes me a new monitor

Because I just got soda all over my current one… One of the funniest things I’ve seen in a while.    And yes, I know that I’m being cruel here and I shouldn’t make fun of the kids ignorance, but he is SO proud of his new discovery and is so wrong in his interpretation…

102

What’s up with the Beep driver in Windows 7?

Earlier today, someone asked me why 64bit versions of windows don’t support the internal PC speaker beeps.  The answer is somewhat complicated and ends up being an interesting intersection between a host of conflicting tensions in the PC ecosystem.   Let’s start by talking about how the Beep hardware worked way back in the day[1]. …

93