guest - flak

file considered harmful

Yes, actually harmful.

The file utility can be useful. Don’t know what program to open a file with? Run file and it will tell you. Of course, sometimes file will be wrong and misidentify the file type. This may be inconvenient, but at least as a user you still have the option of trying to run another program.

Except when you don’t. What happens when file (or its programmatic buddy, libmagic) is not a hint, but a gatekeeper? What happens when some application determines its behavior based on the output of file?

What happens is you can’t print on Tuesday.

Or you can’t print particular documents that contain inappropriate phrases.

Or you can’t launch a browser and consequently prevent Firefox from providing ASLR enabled builds.

Something tells me these won’t be the last three bugs.

A program that helps users is useful. A program that restricts users is harmful. Run file on your computer all you want, but don’t use file to limit what I can do.

Posted 2016-05-18 18:11:51 by tedu Updated: 2016-05-18 18:11:51
Tagged: bugs rants software

when preloads go sideways

How hard is it to preload a PC with the software it needs to work? Really fucking hard.

superfish

Some time ago, Lenovo shipped some computers with a surprise gift: SuperFish. I like to imagine the business development units from each company in a meeting:

Superfish: It will add value!

Lenovo: How does that work exactly?

You give us customer eyeballs. In return, we give you money. Money is value.

But how does that add value for the customer?

Well, it’s their eyeballs we’re buying. Do the math!

Sold!

aftermath

Afterwards, we’d naturally expect various other vendors to take a look at the giftware they were bundling. Hahaha. Instead of actually changing anything about their product, Dell just updated their website:

Continue reading when preloads go sideways...

Posted 2016-01-22 21:09:22 by tedu Updated: 2016-01-22 21:09:22
Tagged: bugs rants security software

bring your own customer service

Skip the middleman to save time and money by simply telling your customers exactly what you would have told your customer service team. Simple direct communications mean nothing gets lost in translation. Not even funtioning.

Best of all, if they screw up, it’s their own fault.

Posted 2015-10-23 17:42:54 by tedu Updated: 2015-10-23 17:44:28
Tagged: bugs web

the best sandwiches in town

Everybody knows the best sandwiches in town are made by your local neighborhood deli.

Or, apparently, Delhi. Good work Apple.

Posted 2015-09-07 03:40:29 by tedu Updated: 2015-09-07 03:40:29
Tagged: bugs

two mysterious background video bugs

I was watching some Netflix (Joss Whedon Astonishing X-Men) on my iPad. I take a break and I’m catching up on some reading in Safari, when suddenly the next episode starts playing in the background. Not a short while later, but probably about 30 minutes later. It was weird and quite unexpected.

This seems like a good time to laugh about my choice of a proprietary closed system with complexities I can’t study and understand without source. (Should probably blame DRM, too, for good measure.) But as I might reply to strawman RMS, granting me access to the iOS source is unlikely to inspire me to study it. The reason I don’t experience bugs like this on my laptop is not because my laptop is open source. It’s more to do with the fact that my desktop environment is dwm, and dwm is somewhat lacking in the magic background video playback department.

Continue reading two mysterious background video bugs...

Posted 2015-01-05 17:15:40 by tedu Updated: 2015-01-05 17:17:48
Tagged: bugs software thoughts

time is running out

End of the year bug? Or always bug? Dunno. Seen at Starbucks.

Also, “try not to lose this page”? For serious?

Posted 2014-12-31 13:16:46 by tedu Updated: 2014-12-31 13:16:46
Tagged: bugs

sorry this gif is not available in your browser

One of the great things about the animated GIF format, despite its many other deficiencies, is that it works everywhere. Even stodgy old browsers can display it. Naturally, this fact means that whenever an animated GIF is uploaded to twitter, they convert it to a format that fewer browsers can display.

The “Download File” text floating towards the bottom left links to an MP4 file of what was once the GIF. Just one more way developers are working to make the web a better place. Thanks guys!

Posted 2014-07-17 00:32:29 by tedu Updated: 2014-07-17 00:32:29
Tagged: bugs rants web

home is where you want to be

Much has been written about the awfulness of Apple Maps, but sometimes it’s just awesome. I’m in California; I search for a Philz (because that’s what you do in the Bay Area), and I get... Philadelphia. iPhone knows me better than I thought.

Posted 2014-06-07 00:39:41 by tedu Updated: 2014-06-07 00:39:41
Tagged: bugs philly

remember to close your casts

When writing C++ code, remember to close your static_cast<type> operations with </type>, as demonstrated in this Facebook post.

Reminds me of too much email protection, but I’m not sure where it was introduced. Facebook’s online editor? Or some overly helpful text editor used to compose the draft? Doesn’t appear dynamic, but the source for the page is over 300K of impenetrable data spread over a mere 39 lines. Hard to imagine a person actually typing it in as posted.

Posted 2014-05-08 02:22:47 by tedu Updated: 2014-05-08 02:22:47
Tagged: bugs c web

too much email protection

I’m reading a CloudFlare blog post about serialization in Lua, and I’m thinking this might be useful. Then I scroll down to see what it looks like in action.

Err, that looks kinda weird. Now I’m thinking maybe this isn’t the serialization library for me.

Perhaps it’s just a mistake? View source.

<p>A sample data table looks like this:</p> <pre><code>local data = { people = { { id = "123", name = "Alice", email = "<a class="__cf_email__" href="http://www.cloudflare.com/email-protection" data-cfemail="f3929f9a9096b3968b929e839f96dd909c9e">[email&nbsp;protected]</a><script type="text/javascript"> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>", phones = {

Ah, yes. The email protector has protected dear Alice’s email, but didn’t quite manage to get out of its own way. I’m assuming nobody typed that mess in on purpose, which means CloudFlare has some automatic protection injecting proxy magic. Too much magic for me.

Posted 2014-03-04 02:22:53 by tedu Updated: 2014-03-04 02:22:53
Tagged: bugs web

Facebook Zero

A more difficult challenge than Inbox Zero, but after years of effort I’ve finally achieved it. Facebook Zero. I now know everything my friends have ever done. There is nothing left to read about.

Posted 2014-02-14 21:38:54 by tedu Updated: 2014-02-18 07:27:20
Tagged: bugs rants web

comcast ping times

Despite their wonky customer service, I have generally been happy with Comcast’s technical service. Occasionally though, I have to question what in the world is going on with their network. Recently I noticed that my internet connection would alternate between working and not on roughly a two minute interval. One minute things work fine, the next minute nothing works at all, the next minute everything is fine. During the blackout minutes, making a new connection would timeout, but established ssh connections would remain up, but nothing would happen until the blackout was over. Here are a few pings I sent out (2014-02-13).

Continue reading comcast ping times...

Posted 2014-02-13 21:49:15 by tedu Updated: 2015-06-25 17:56:21
Tagged: bugs network rants

worst website password entry mechansim?

Just in time for stolen password database month. I am trying to reset my Comcast password and I’m having a remarkably hard time typing the same password twice. Over and over, the two passwords never match. I’m a fairly decent typist, this shouldn’t be happening. Eventually I notice the second password is always one (obscured) character longer. WTF?

Comcast has some javascripty overlay box that tells you all the rules (min length, a-z, 0-9, etc.) that hovers around until your password conforms. It appears to work by watching the input box and disappearing when you have a winner. And by work, I mean not work. When your password finally passes muster, whatever keystroke you hit gets eaten entirely and never makes it into the box. No wonder the second password never matched.

Finally solved this by typing my password one letter at a time, waiting for a character to disappear into the abyss, typing that character again, and then finishing the password. I don’t understand how this happens. You actually have to go out of your way to be this incompetent.

Posted 2013-11-21 05:45:56 by tedu Updated: 2013-11-21 05:45:56
Tagged: bugs rants security web

if it ain’t mangled, don’t unmangle it

I have a song on my iPod, “Don’t Pull Your Love” (nonsensical fake video) by the grammatically ambiguous Hamilton, Joe Frank & Reynolds. Three dudes, four names (two first, two last). The software on my iPod Nano sees this and decides that at some point in the past some other software must have mangled up the artist name, and therefore the Nano must attempt to unmangle it. Result: appearing in both the artist directory and as the song artist I have Joe Frank & Reynolds Hamilton.

Update: It appears the iPod is not to blame, but Apple certainly is. The song was purchased through iTunes, but the artist info in the .m4a file is wrong, too. The corruption goes all the way to the top!

The album title (Hamilton, Joe Frank & Reynolds-Greatest Hits) did escape unmangled, perhaps due to the dash or perhaps because only artist names get special treatment.

Posted 2013-11-20 02:26:11 by tedu Updated: 2013-11-20 04:47:21
Tagged: bugs gadget

almost original original links

Once upon a time, Google Reader shut down, and everybody scrambled to write a replacement. I didn’t actually use Reader or any RSS reader, but writing one seemed like a great idea. I’m quickly learning to regret that decision.

Let’s consider just one terribly difficult task, extracting the link to a post. Maybe the <id> element? <id>tag:blogger.com,1999:blog-4341554630550651649.post-8843802384533935675</id> That doesn’t look very clickable, but nobody said it should be, so let’s move on.

Maybe it’s one of the aptly named <link> elements?

Continue reading almost original original links...

Posted 2013-11-04 04:24:46 by tedu Updated: 2013-11-10 07:30:40
Tagged: bugs software web

printf null in the wild

What happens when you call printf("name: %s\n", NULL); in C? If you’re running Apple iOS, something like this:

Posted 2013-10-16 04:37:22 by tedu Updated: 2014-02-18 07:20:09
Tagged: bugs c programming

Hooray! Your Firefox is almost up to date

I recently switched one of my laptops over from OpenBSD i386 to amd64, which meant reinstalling all packages. Due to using an older mirror, this ended up downgrading a number of packages, among them a certain browser which displays a helpful message telling me I’m “up to date” whenever the currently running version differs from the previous run version.

Yes, you’re reading that right. I went from version 18 to version 17. And somebody decided that was an upgrade. The silly part is you can go to the magic URL and get the same page in any version of Firefox, but if you use another browser like Chrome they sniff the user agent and redirect you elsewhere. Why isn’t the “not Firefox” check a “not up to date Firefox” check?

Posted 2013-03-26 05:13:09 by tedu Updated: 2014-02-18 07:21:09
Tagged: bugs software

magical protection

As part of working on mailtanium, I wrote a basic webapp in Sinatra to check mail on my phone. Sinatra does all sorts of magic for you, as ruby frameworks are prone to do. It’s built on top of Rack, which also does magic things.

I wasn’t fully aware of this until I recently checked my logs and noticed a bunch of entries like this.
W, [2013-03-06T06:01:57.276947 #2149] WARN -- : attack prevented by Rack::Protection::HttpOrigin
Wowza, I’m under attack! No wait, on further inspection, I see one of those every time I send a POST request from my phone. Firefox on my laptop doesn’t seem to trigger it.

What’s happening? I’m not sure. From what I can make of the source for the module, the request should be blocked, but it’s not. Everything still works. The emails I tried to send were, in fact, sent. Maybe Rack’s default config is to only log a warning and not do anything drastic. But why then say the attack was prevented, instead of not prevented?

I think what I need is less magical protection and more protection from magic.

Posted 2013-03-06 19:40:47 by tedu Updated: 2013-04-11 21:34:40
Tagged: bugs mailtanium rants web

genuine windows suckery

The Windows (7) Action Center announces that I have a problem. Or rather, a Lenovo 32-bit application or service has a problem. But help is on the way. I can install an update (for some reason not included in Windows Update) from ye old local Microsoft Download Center.

After I validate of course. So I click continue. I download the GenuineCheck.exe verificator. I run it. “This version of the Windows Genuine Advantage validation tool is no longer supported. Please download the newest version and ensure that your system clock is accurate” (No trailing period after the second sentence.)

hmmm. I downloaded it five minutes ago. Rather short support timeline.

hahahaha. I switch to IE. I install the Genuine Advantage ActiveX control. I finally get to download my precious msu update file. “The update is not applicable to your computer.” For serious? If the Action Center had told me that, might have saved me some trouble.

Posted 2012-09-25 07:22:31 by tedu Updated: 2012-09-25 07:25:45
Tagged: bugs rants software