Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal Journal: Hello world

I suppose I'm writing to procrastinate finishing my current software project, specifically the transitory period from the last chunk of new code being added and the first chunk of testing. Testing your own software of any reasonable size has always struck me as comparable to washing a pan full of silverware or assembling an office chair, a soulless task that one is nevertheless forced to undertake in order to sit down comfortably and eat like a human. This project defies unit testing without completely denying it, dangling the possibility of efficient and consistent error-checking in my face with the sure knowledge implementing such a system would in this circumstance be far more trouble than it's worth. AJAX may be pretty but it's also the third greatest atrocity the world has ever seen.

Lately I've been on a reading binge. Rather, I've fit it in amongst my other binges/benders. I'm pushing through a number of different sci-fi and fantasy series that I read long ago, just buying whole trilogies+ at a block where I can so that I can maybe find out where things wind up. More often "wind down" is the more appropriate term, given the propensity of authors in this genre to write a series till they can't. It's been interesting to reread some books for style and with a new perspective.

If I may make one request of now and future authors, tucked safely away in this journal entry where no one will ever see it: if you must proselytize, can you try a light touch rather than a cram down the throat?

I've just made it through all of the Ender books, Ender's Game -> Ender in Exile. I'd finished the first four quite a while ago, then as part of the aforementioned binge decided to go the next five. I don't know what happened to the author in the intervening timeframe, but he LOVES the word "babies". So much so that not only does the plot revolve at one point around finding stolen babies (fertilized embryos, specifically, but as we all know and agree life begins at conception), but the topic of "making babies" comes up frequently and in verbally jarring fashion:

"We really don't want to have to start all over, making babies."

"I want you to help them make babies that don't have any of the father's gifts or problems."

"Lie down with one of our young men, or one of our old ones if you want, and make babies."

"...and what would happen to her plans for making []'s babies then?"

These are all in the same book! Don't get me wrong, I'm not against reading different perspectives, but in the age of the cheap thesaurus this just felt inelegantly done. If you had told me halfway through Lord of the Rings that it was an allegorical protest of industrialized farming, I never would have believed you.

At any rate, it's good to be back reading fiction. I've been hoping for a while now that the e-ink readers would come down to Earth so I could roll through Project Gutenberg, but until then used paperbacks will do.

It's funny.  Laugh.

Journal Journal: What the hell? 1

OK, I've been out of the loop for a year or three, so what's the criteria to get this box?

[ ] Disable Advertising
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising.

I have to admit that it really made me laugh when I saw it, though I suppose not pouring shit into the comment area could be taken as a positive contribution in a relative sense.

The site feels a little strange with this new interface, but I do like that they didn't incorporate the "dumb it down" portion of Web 2.0 even if 500 different functions can get a bit unwieldy. Given how poorly the art of conversation is faring on the Internet these forum sites could do with a bit of a test before you're permitted to add your two cents; captchas are all well and good, a literacy test would be better, and requiring people to write every comment in assembly language would be just plain silly -- or the next billion dollar Web business. I still don't get this whole Internet thing.


Journal Journal: Mean spirited 1

I think this has to be one of the best awful electioneering stories I've read about lately -- not only because of the degree of its offensiveness, but also because of the multiple ways in which it manages to offend. Though if you happen to know a worse story offhand (I don't care about party/country/election cycle) I'd love to read it.

Does anybody compile a nonpartisan list of political dirty tricks?


Journal Journal: Why even bother with telephones anymore?

Just stumbled across this unfortunate bunch of people. What's important for them to keep in mind -- between the five calls a day from a fake phone number attempting to get their credit card information or trying to help their elderly parents recover from the same scam -- is that when they turn on their television or their radio they can be assured no prurient or otherwise entertaining content will sneak through.

Journal Journal: Workaround?

Set up a transparent proxy to block the things? Squid+Squirm+Virilator, and a tiny bit of coding, to recognize every WMF file as a virus by its header till things blow over?

Edit Privoxy to permit binary regex matching?

Hook the appropriate parts of kiServiceTable, per the recent DRM flap, and simply prevent any file with a WMF header from being opened? Just the ones that look funny or all of them to take no chances?

Use the apparently preferred method of replacing the callback for the Windows Executive Object for file access, and have that block WMF reads?

EDIT: As just seen on Bugtraq -- Update Sunbelt Kerio Personal Firewall with two IDS rules. If it provides full coverage network-wise for the computer this is actually a pretty nice option for individual client systems; the software is downloadable and usable for 30-days, after which it removes some features and becomes free for personal use or (for a limited time) is available for $14.95. It's also in my kit for the occasional friends/family/friends of family visits when I gotta clean a computer up and leave something behind to try to stop it from happening again.

Five days ago I was forced to reauthenticate software I paid for, entered a CD-KEY into, and authenticated over a year ago because the addition of a virtual device exceeded the number of changes I was permitted to make to my computer.

So as far as computers go, this has certainly been a week to reflect on how fortunate it is that my primary platform is the second, better operating system on this computer: one that is broken neither by accident nor by design. And here's to hoping I didn't just curse my luck by saying that.

User Journal

Journal Journal: Sheetback: exciting, tweaking, lengthy

I've been about to write a journal entry maybe three or four times since my last one, consequently there might be enough here to be of some substance.

First, some exciting news

For a limited time my two most popular signatures are being offered as a combination. Can't decide? Why should you have to! Now you can correct movie trivia and grammar in the same offtopic post. Valid while supplies last.

Firefox HTML/CSS tweaking

I don't know when the Slashdot contest for developing alternative stylesheets is going to get off the ground, but if you're looking to get a head start on the action I've discovered a free tool for Firefox users that helps greatly with the debugging process: Firefox Web Developer Extension. I've had the misfortune of working with CSS/HTML lately and while I tend to avoid WYSIWYG HTML editors and the like this utility is now indispensable.

Aardvark also deserves a mention. This tool is quite nice for "cleaning up" a web page for printing -- for example, you can move the mouse over a CSS block, press "E", and it will remove the block from the page. Also for Firefox.

Lengthy Windows rambling

I'm no master of the Windows Debugger (WinDbg, freely available from Microsoft), but it's nice to have around for diagnosing system crashes. If you don't know about it and you're troubleshooting any 2000/XP machines you should get acquainted, and I'll explain why.

For many people, the diagnosis stops at the STOP screen. You get a cryptic and mostly useless message about IRQL_LESS_THAN_EQUAL or some similar bullshit with a list of hexadecimal numbers. Savvy individuals write down the message, the numbers, and any other information (ntfs.sys?), walk over to a functioning Internet-connected system, and punch something like "STOP 0x0000000a" into Google. Which gets you a Microsoft support article explaining that 0x0000000a is a code for IRQL_LESS_THAN_EQUAL. Fantastic.

If the crashing system is configured to give a meaningful crash dump, you can go farther with WinDbg. I typically configure my systems to do a Kernel Memory Dump, which writes out whatever memory Windows thinks is in use, but the Small Memory Dump (which only writes 64K each crash) will write a new file with each crash whereas the Kernel Memory Dump will overwrite its storage file each time. The setting is somewhere under Control Panel -> System -> Advanced on Windows XP.

Basically, you need a debugger and a copy of the symbol files for your Windows installation (also freely available from Microsoft), although if you are using a faster-than-56kbps connection you can also tell the debugger to request symbols as needed via an Internet connection by following the details in the help file provided with the debugger.

Anyway, to set up a system I'll unpack the symbol files to C:\WINDOWS\SYMBOLS. Then I go into WinDbg and configure the symbol file path to the same location, then Save Workspace (both options under the File menu, IIRC) so I don't have to keep setting this option. Then File -> Open Crash Dump. The crash dump will be in Minidump under the Windows directory (for example, C:\WINDOWS\MINIDUMP) for 64K dumps or in the file C:\WINDOWS\MEMORY.DMP for a Kernel Memory Dump.

This gets a window, Command, which is a subwindow of the debugger (and can be dragged-and-dropped into its frame, which I do.) If I punch in "!analyze" at the prompt and hit Enter I get this:

Use !analyze -v to get detailed debugging information.

BugCheck E2, {0, 0, 0, 0}

Probably caused by : i8042prt.sys ( i8042prt!I8xProcessCrashDump+237 )

Followup: MachineOwner

Then, the command "!analyze -v" gets me this:

The user manually initiated this crash dump.
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:



LAST_CONTROL_TRANSFER: from f77817fa to 805339ae

805507dc f77817fa 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b
805507f8 f7781032 00887598 01da58c6 00000000
80550840 804dad9f 83595948 838874e0 00010008
80550840 804dc0d9 83595948 838874e0 00010008 nt!KiInterruptDispatch+0x3d
805508d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x12

f77817fa 5d pop ebp



SYMBOL_NAME: i8042prt!I8xProcessCrashDump+237

MODULE_NAME: i8042prt

IMAGE_NAME: i8042prt.sys




BUCKET_ID: MANUALLY_INITIATED_CRASH_i8042prt!I8xProcessCrashDump+237

Followup: MachineOwner

If desired, one can then dump a list of drivers that were loaded at the time. "lm t n" gets me a huge list of the following form:

start end module name
804d7000 806eb780 nt ntoskrnl.exe Wed Aug 04 01:19:48 2004 (41108004)
806ec000 8070c380 hal hal.dll Wed Aug 04 00:59:05 2004 (41107B29)
b91a4000 b91cdf00 kmixer kmixer.sys Wed Aug 04 01:07:46 2004 (41107D32)
ba06f000 ba0c1180 srv srv.sys Wed Aug 04 01:14:44 2004 (41107ED4)
[...about a hundred entries]
f777f000 f778be00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
[...fifty or so more]

If the debugger has difficulty determining where the crash occurred, it's worth examining the STACK_TEXT portion of "!analyze -v" or opening the call stack window (View -> Call Stack or Alt-6). As it's a stack, the most recent call (or the one occuring most closely to the generation of this dump) is on top.

Here, the call stack ends with "nt!KeBugCheckEx+0x1b". "nt" refers to the module, which you'll happily note appears in the driver list above. The "KeBugCheckEx" is a symbol referring to a particular spot in the module, and gives you something you can use Google to look up in addition to giving you some idea about what this chunk of code is about from the name. "+0x1b" means it's jumping 0x1b bytes after "KeBugCheckEx". Technically speaking, you could issue the command "u nt!KeBugCheckEx+0x1b" to show a disassembly, or "u nt!KeBugCheckEx" if you want to see what happens in this module leading up to the call, but it's unlikely to help you out.

In this case, the symbol names tell the story:


There's a registry key you can set to permit you to crash the system by holding down the right Ctrl key and pressing Scroll Lock twice, and that's how I generated this dump. But this is the same routine I use when I suspect a driver is causing a problem on the system (a common cause of crashes.) There's another command "!process" that helps working out software-created lockups, but this scenario's complex enough as is.

Anyway, I actually bring it up because after the unfortunate Sony DRM flap I went to figure out what sort of interesting API hooks might have been made into my system. If you're still with me, I thought I'd use what I'd learned from Mark's Sysinternals Blog to do it by hand. With a Kernel Memory Dump, I could check the results of the memory dump at kiservicetable (it's a window you can open in WinDbg) against my list of drivers from the command "lm t n" -- the deviants tend to show up because on my system the kernel API calls are in the 8xxxxxxx region and the driver API hooks are in the 4xxxxxxx region. Compare the 4xxxxxxx hooks against the driver list, and voila. Well, you can see what's intercepting system API calls, but to decipher which API calls are being intercepted is a pain (I just checked them in sequence against a list of API calls I found somewhere on the Internet.)

Interestingly, I do have something on my system that does this: my firewall. Although it's worth noting that because of the way API hooking works, there could be more than one program doing it -- program A inserts its hook that calls the system API after doing what it wants to do, then program B inserts a hook that calls program A after doing what it wants to do, etc. You only get to see the final hook, although I'd imagine disassembling the code at the address shown for the hook would allow you to dig further. But only do so if the code doing the hook is actually malware and not a program you paid for that has an EULA forbidding you from examining your computer.

Anyway, I won't bother checking my system this way again, as in the process of looking up the API functions I found a tool that automatically did everything I did. The dire warnings on the website prevent me from making this a part of my diagnostic kit, but I'm keeping an eye on them to see if they get to a stable release.


Merry Christmas. I know it's late, but whatever. I dig Civilization IV but it eats memory like it's free. What's doing that, a Python instance for every frigging unit, town, and scrap of land?


Journal Journal: Uberel33t.

As a fan of The Cuckoo's Egg, I found this TIME article pretty compelling... and surprisingly underreported. The article boils down the state of U.S. computer security to the same unsatisfying equation present in The Cuckoo's Egg:
  • Many computers remain insecure
  • Most targets remain unaware of (and unconcerned by) exploitation
  • Being a good net-samaritan means you will have a pile of unnecessary grief heaped on you by the people you think you're helping

I recall a point in the book where it seemed everything was dropped on the floor but matters were actually being handled without the involvement of the author. Maybe something similar's going on here despite the discouraging turn of events at the end.

Real Time Strategy (Games)

Journal Journal: Irony. 2

You know, I'd feel a little more sympathy about this if I forgot about that.
Real Time Strategy (Games)

Journal Journal: Remember when gaming was fun? 2

The BBC reports that World of Warcraft has developed a different kind of bug:

In the last week, [Blizzard] added the Zul'Gurub dungeon which gave players a chance to confront and kill the fearsome Hakkar - the god of Blood.

In his death throes Hakkar hits foes with a "corrupted blood" infection that can instantly kill weaker characters.

The infection was only supposed to affect those in the immediate vicinity of Hakkar's corpse but some players found a way to transfer it to other areas of the game by infecting an in-game virtual pet with it.

This pet was then unleashed in the orc capital city of Ogrimmar and proved hugely effective as the Corrupted Blood plague spread from player to player.

Slashdot Top Deals

"I'm not a god, I was misquoted." -- Lister, Red Dwarf