WTF Bites
-
@Tsaukpaetra said in WTF Bites:
For shits and giggles I tried a "fresh" install on a completely different computer
Apparently support eventually took the same approach. I'll have to check over their work tomorrow because I definitely saw them set permissions on the network share to Everyone Full Access again.
Hey fuckers, if you were doing logging correctly maybe you would be able to tell what user you're failing to use to access Shit!
If I find out that they turned off the firewall again...
-
@Gribnit Especially if you're like me and you use Sublime Text where it's just a case of selecting the lines you want to comment out and then pressing Ctrl-/ to comment them all.
Notepad2-mod uses Ctrl+Q, which is weird.
-
@Zerosquare said in WTF Bites:
Except for the analogy to be completely accurate, it would have to also slow down the vehicle to 5 mph or so, and cause the engine to stall randomly.
Well, let's say that our IT department has a special request form to ask to opt out of the AV they install due to performance issues.
I suspect a trap, because that seems way too uncharacteristically end-user friendly and useful to be true.
Pft. 20 years ago I worked for a manufacturer of a Hospital Information System which just had been purchased by Innitech (actually a "great" German company). A new ISO 9000 certification was due, and the head of Innitech's Quality Department ordered us:
If those auditors come to you, make sure your machine is running smoothly. Switch off the virus scanner.
More Dilbert-y than even Dilbert could be.
(Worse still: that guy shared my family name...)
-
I'm reviewing code. These two lines pop out.
@Test @Ignore("It fails we don't know why")
I have a few issues with that.
Kevin working for you, too? Because ... just a couple of days ago, I reported that that was his solution to all our failing tests (far more than only 1).
-
I'm reviewing code. These two lines pop out.
@Test @Ignore("It fails we don't know why")
I have a few issues with that.
Truth. The faster needful to do would have been to single-line comment every line.
Sometimes, my brilliant cow-orkers just use single-line comments for the
Assert
s which fail... (Hence, the test runs without any exceptions, and shows up as a succesful test.)
-
-
@Gribnit Especially if you're like me and you use Sublime Text where it's just a case of selecting the lines you want to comment out and then pressing Ctrl-/ to comment them all.
Notepad2-mod uses Ctrl+Q, which is weird.
Ah, that explains it.
At first I was like I'm not mentioned in this post.
So after clearing my other notifications, I searched through all of my notification to find this one. To ask why I got a notification for it. Then I tried to quote and now it makes sense.
And yes an appropriate tag.
-
@Gribnit Especially if you're like me and you use Sublime Text where it's just a case of selecting the lines you want to comment out and then pressing Ctrl-/ to comment them all.
Notepad2-mod uses Ctrl+Q, which is weird.
Sounds like a Wordstar holdout. I've forgotten the name of the first text editor I used, but Ctrl-Q has a certain logiacal coruscance about it to the eye that has had to deal with such nonsense.
-
@BernieTheBernie said in WTF Bites:
I'm reviewing code. These two lines pop out.
@Test @Ignore("It fails we don't know why")
I have a few issues with that.
Truth. The faster needful to do would have been to single-line comment every line.
Sometimes, my brilliant cow-orkers just use single-line comments for the
Assert
s which fail... (Hence, the test runs without any exceptions, and shows up as a succesful test.)If they took the time to sneak in a
sufficiently disguised|| true
it'd get past sonarqube too. The quality of dereliction is dropping..
-
@BernieTheBernie said in WTF Bites:
Sometimes, my brilliant cow-orkers just use single-line comments for the
Assert
s which fail... (Hence, the test runs without any exceptions, and shows up as a succesful test.)Once upon a time there was a test driver where you'd start with declaring how many assertions there will be and the test would only be considered successful if it actually executed that many assertions. Then the lesson was unlearned.
-
This code is such a bad idea, I’ve intentionally introduced errors so it won’t even compile.* [...] The customer is a major anti-virus software vendor! The customer has important functionality in their product that that they have built based on this technique of remote code injection, and they cannot afford to give it up at this point.
🤦♂️
-
@LaoC That's horrible.
-
@LaoC Saw it a day or two ago. It was pretty funny. Unsurprised that this was in AV software.
Once upon a time (when I was like 15 or something), I tried doing something similar. Well, technically, what I wanted to do is to dump a function into a file and later load it from there. A sort-of lame-o homebaked .so / .dll. Even then, n00b-me quickly discovered the difference between position-dependent and position-independent code and all the other trouble you run into. Kinda realized that you probably can't do this just with any random function in your program.
-
Kinda realized that you probably can't do this
That's just defeatist though - remember,
probably can't
==possibly can
. And who knows, maybe someday it'll work every day, or at least all day.
-
That's just defeatist though - remember, probably can't == possibly can.
Nah. You can't do it with any random function in your program, but you can of course write position independent code. And/or perform relocations.
-
@LaoC also what’s the fucking point of running your AV trash inside the process, other than mysteriously crashing random apps? If you’ve got all those privileges, you can already do whatever from out of process.
-
you can of course write position independent code. And/or perform relocations.
I can't advocate for this devil much longer since I'm not a real Jesuit, but:
- who knows, maybe the code you're moving is freely relocatable
- one day the MMU may just deal with it for you
- it's not like this has to run on a company machine
- would you rather have your process crash, or that of some other vendor?
-
I pointed out to the customer liaison that what the customer is trying to do is very suspicious and looks like a virus. The customer liaison explained that it’s quite the opposite: The customer is a major anti-virus software vendor!
— Raymond ChenBeware that, when fighting monsters, you yourself do not become a monster... for when you gaze long into the abyss. The abyss gazes also into you.
— Friedrich Nietzsche
-
@Watson In this case, the abyss must have had pink eye or something when it gazed back -- i.e., some AV engineer saw a virus do this, and ended up copying it rather incompetently into their product.
-
@cvi Can someone explain to me why you would even want to do this - other than for obfuscation purposes, of course?
-
Probably to examine a process "from the inside", because doing so is easier than doing it from the outside.
Filed under: QooC
-
@cvi Can someone explain to me why you would even want to do this - other than for obfuscation purposes, of course?
You want the AV to obfuscate itself somewhat, since much of malware is capable of detecting outside presence and will stop doing anything suspicious, making it even harder to detect. If it was hand-written assembly that's very careful not to touch any memory beyond its allocated buffer, then there would be nothing wrong with that approach. But they fucked up the implementation so bad it's a true miracle it worked in any capacity whatsoever.
-
@Rhywden said in WTF Bites:
If it was hand-written assembly that's very careful not to touch any memory beyond its allocated buffer, then there would be nothing wrong with that approach.It would still be creating a thread, among other things, with visible side effects. Including calling every DllMain with DLL_THREAD_ATTACH, as far as I can tell.
It has the potential to break code that’s otherwise working correctly.
Don’t mess with my process, keep your dirty AV hands off. Look, don’t touch. Don’t create observable side effects.
-
@LaoC also what’s the fucking point of running your AV trash inside the process, other than mysteriously crashing random apps? If you’ve got all those privileges, you can already do whatever from out of process.
Fuck knows what kind of evil hackery these guys have been carrying over from the 80s. I try to steer clear of this whole AV ecosystem but everything I see has this air of organically grown shit from DOS times half of which was written by people who quit in the 90s and notbeen touched because nobody understands it.
-
@topspin I can kinda see wanting to inject code (though whether this is the way to do it is a bit questionable), e.g. to intercept certain calls. Wanting to create a remote thread in the other process isn't quite as clear.
I think Win32 has APIs for this kind of stuff nowadays (haven't used them, so can't say how useful those are). So, there's an official way to intercept IO and stuff. IIRC you can also inspect an other process's memory from "outside".
(FWIW- the article talks about Itanium, so it's been some time ago. Albeit CreateRemoteThread() is XP+ according to MSDN, so there's that...)
-
(FWIW- the article talks about Itanium, so it's been some time ago. Albeit
CreateRemoteThread()
is XP+ according to MSDN, so there's that...)XP for Itanium was a thing (and remind me to send a recreational arsonist after whoever thought naming things "Windows XP 64-Bit Edition" (for Itanium) and "Windows XP x64 Edition" (for EM64T) was a good idea) but that function has been around since before Windows 95 was Windows 95 -- it's discussed in the Microsoft Systems Journal in May 1994.
-
It has the potential to break code that’s otherwise working correctly.
Like some explorer extensions... I remember working with one (I forget which one now) that detected it was running under the debugger and would crash (licensing - "we ain't gonna let you look!"). This made developing an explorer context menu ... problematic.
-
@Rhywden said in WTF Bites:
If it was hand-written assembly that's very careful not to touch any memory beyond its allocated buffer, then there would be nothing wrong with that approach.It would still be creating a thread, among other things, with visible side effects. Including calling every DllMain with DLL_THREAD_ATTACH, as far as I can tell.
It has the potential to break code that’s otherwise working correctly.
Don’t mess with my process, keep your dirty AV hands off. Look, don’t touch. Don’t create observable side effects.I recall having quite a time finding out a library we were using started using a separate background thread. Luckily they also messed up something timing related and it delayed process shutdown by over a second, which is how we found it. More significantly it messed up signal handling code.
If I remember correctly, this behaviour was added in a security update, and removed again in a later one. Of course this was linux rather than windows, but that's not too relevant here.
-
Status: Google is officially copying TikTok.
-
It has the potential to break code that’s otherwise working correctly.
Like some explorer extensions... I remember working with one (I forget which one now) that detected it was running under the debugger and would crash (licensing - "we ain't gonna let you look!"). This made developing an explorer context menu ... problematic.
I once had to fix a mysterious bug where my file loading code would start to randomly return wrong values, which happened after I installed TortoiseSVN. After a call to GetOpenFileName (or similar) the shell would inject its extensions and tortoise decided to change the process locale, messing up number parsing.
Thanks, fuck you very much.
-
-
@Tsaukpaetra said in WTF Bites:
the process locale
-
@Tsaukpaetra said in WTF Bites:
the process locale
What? You mean you don't hardcode formats? Amatuer!
-
Out of mere curiosity I clicked a link from Raymond Chen's blog to "SizeBench is a tool to help understand and reduce the size of your binaries."
I clicked the download button, which is apparently called "Get" nowadays, in Firefox on the Windows 10 machine. Nothing happened. Okay, maybe they're being clever and I need to
acceptreject cookies from their stupid banner first, which I have so far ignored? Nope, that didn't change anything.
Okay, whatever, it's Microsoft so maybe their site only works in their own shitty browser. So I open Edge, tell it to fuck off and I don't want to log in or whatever they want you to do, and go to the same site.Not only does their piece of shit browser have all this garbage about signing in, "Microsoft S/MIME has access to this site", and "See popular products! Shopping in Microsoft Edge, 15", the fucking download button still doesn't work!
Okay, one last try, I go there from Firefox on my MacBook. I click the button and it actually does something. It goes to login.live.com asking me to sign in!
Fuck right off!
-
@topspin My Chromium-based browser gives me this:
The actual URL behind the Get button:
ms-windows-store://pdp?productId=9NDF4N1WG7D6&ocid=&cid=&referrer=unistoreweb&scenario=click&webig=8f7035d8-19be-49d8-a22c-ff0bdfed1d61&muid=&websession=&tduid=
I think you can try one more time in the store app itself, though that will most likely also require signing in.
-
It goes to login.live.com asking me to sign in!
Duh
Installation
Get this app while signed in to your Microsoft account and install on up to ten Windows 10 devices.
-
@loopback0 eh, that's buried 3 pages further down. Below some "people also like" gallery crap. I didn't read that far.
(Guess what, I also didn't read the "terms of transaction" or "photosensitive feature warning". I did read "Free" and "Get".)That's how I looked at it:
-
After a call to GetOpenFileName (or similar) the shell would inject its extensions and tortoise decided to change the process locale, messing up number parsing.
That reminds me of dealing with HP printer drivers.
-
asking me to sign in!
It's the Microsoft Store.
Didn't you know? All stores nowadays want to track you and the easiest way to do that is to require you to sign in when possible.
-
I just had Twitch show one video but play audio from another.
-
I just had Twitch show one video but play audio from another.
-
@Applied-Mediocrity Eh, maybe. Depends on what video it was. I've almost never watched Twitch, so I can't say how likely it was. However, based on Sturgeon's Law, there's >= 90% probability you are correct.
-
@HardwareGeek it was a video of a guy watching a video while editing a video of himself. @Applied-Mediocrity is right. It's also why it took me 5 minutes to notice. I just thought the audio desynced by 10 seconds or something.
-
My joke module needs rebooting
-
@Applied-Mediocrity nah, it's just the 2022 update. Reality and satire have become one and the same.
-
@HardwareGeek said in WTF Bites:
@Applied-Mediocrity Eh, maybe. Depends on what video it was. I've almost never watched Twitch, so I can't say how likely it was. However, based on Sturgeon's Law, there's >= 90% probability you are correct.
Slightly less, if the audio and the video are considered separately.
-
@Applied-Mediocrity said in WTF Bites:
My joke module needs rebooting
I'm sorry, I don't support partial reboots. But I can offer you a full reboot. Do you want to proceed?
-
Thanks Visual Studio, very cool
-
Thanks Visual Studio, very cool
Without this who knows what sorts of asynchrony you might encounter. Do you want your callers not knowing whether the thing has happened yet or something?
-
@Gribnit All I want is for the IDE to see that "await" is right there