See? IE is Spaghetti Code

“The selection event handler script then writes a character to the web page. This, for reasons best known to Microsoft, causes the browser to delete the original command object and free its memory.”

That’s the fatal flaw in multiple versions of Internet Exploder. What were they thinking? That the browser deletes an object in use shows the action was deliberate. Did M$’s programmers fail Comp. Sci. 101? Did all the $billions invested in code-checking go to waste? Yes. What about the dual teams of programmers? Were they both in the pub when that lecture was given? The next time someone tells me how wonderful M$’s software is and how impossible it would be to do better, this article should come to mind,

Inside the guts of a fiendish Internet Explorer 0-day attack • The Register.

This is characteristic of spaghetti-code. The stuff is running every which-way and off the plate… That the application does something for no reason/illogically/for no benefit, and that action causes the application to melt shows that the code was hidden under the spaghetti somehow. Either that or one of M$’s programmers was in a bad mood. With all the redundancy that M$ can afford, there isn’t much explanation that stands except that the stupidity was hidden under the bloat or the authour or his code-checker of the other guy would have done it differently or spotted the error. Instead we have hundreds of millions of PCs at risk. Without seeing the code we should expect other such vulnerabilities to emerge in the future. The fix is not to remove the bloat after all but to fix the bug but not its brothers.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

57 Responses to See? IE is Spaghetti Code

  1. oiaohm says:

    –As programs we with that was the case.–
    great word swap.
    As programmers we wish that was the case.

  2. oiaohm says:

    Modern day error handing can create a OOP modern form of speghetti where you get a error message but due to all the places the error handling is connected you have no clue where in the code base the error comes from. Speghetti with meatballs.

    Again this is flow insanity. Exceptions can break out of smooth flow threw program. Threads also can break out of smooth flow control. Speghetti is mostly a result of poor code quality management and coders taking short cuts here and there and they stacking up.

    Like I will create a universal catch all exception handler and forget to include the useful information like where in by code base something went wrong. This can be a very small but highly inconvenient section of Spaghetti code. Rest might be sane design but if you exception handling is spaghetti you are fairly much up the creek.

  3. oiaohm says:

    TM Repository really what I wrote is the bare min spaghetti. There is only 2 noodles mixed up there. The more noodles you add doing the same kinds of things over lapping with each other then you speghetti really displays itself.

    The goto and label construct exist in C and many other languages. Still used in fact in the Linux kernel are part of error handling. But correctly. Correctly is beneficial to performance.

    The link you have referred to has Spaghetti with meatballs code and traditional spaghetti code in the same define.

    This is why I type traditional spaghetti code and Speghetti with meatballs code.

    –In later languages, especially scripting languages, the use of include files or statements could often result in Spaghetti Code.–
    This Speghetti with meatballs code in most cases. OOP control structures used poorly.

    Yes there is a generic spaghetti code term that does not really mean much.

    Most of the Spaghetti code issues when you look closely is poor code usage and poor quality code options selected.

    Business layers mixed with each other does not have to happen for the code to be Speghetti. Speghetti style makes the code harder to read simpler to cause a memory leak or object leak or other nasty memory leak.

    TM Repository there is a subset of Speghetti called rat’s nest this is the one with out layers with the spaghetti going in all directions bar lose with no sanity control.

    –business layers with data layers and presentation layers.– This is rat’s nest code. Code that is rat’s nest is o my god this might be simpler to start over.

    You can have Speghetti code with clean separation between layers. It is still Spaghetti code. Just Spaghetti breaking control struts of the language all over the place so is liking playing with a live hand bomb. Make one alteration and all hell can break lose.

    Rat’s nest is the worst end of the Spaghetti scale. My examples are at the shallow end of the spaghetti scale.

    Spaghetti code integrated into Lasagna code does exist. Its not in the class of rats nest spaghetti code but is pretty down right bad.

    Just because you have a Lasagna looking code base does not mean layers in it are not full blown Spaghetti code. This is why the idea of mixing of layers is wrong. Key trait of Speghetti is breaking the control structs and the lack of smooth flow of the code.

    Execution should smoothly flow down the program. Spaghetti does not show this trait as it gets worse. My simple examples only slightly break the flow I don’t have many gotos coming in from all over the place to the same label from above and bellow as you find in bad Spaghetti.

    Really you can have a program that is really lost.

    Yes a program Lasagna, Ravioli, traditional spaghetti, Spaghetti with meat balls and rats nest code. None of these types is 100 percent prevent being mixed up.

    So one layer of the Lasagna might be traditional spaghetti mess. Another layer might be a Stack of Ravioli with instead good code inside Spaghetti code. Another layer might be a pure rats nest with no clear logic at all. Then you can find that the a rats nest has created links between the Laguna layers. Yes the rats nest code is called that because just like rats infesting houses that look find you can find rats nests infesting code bases that from a quick look seam to be sane Lasagna or Ravioli.

    A program like this is result of code quality standards not being enforced.

    TM Repository you are thinking mutually exclusive between the types. As programs we with that was the case. The problem is without checking the complete code base a section of spaghetti or over done Ravioli or over done Lasagne could go in the code base for a long time. This is why automated tools throw up errors about coder style.

    TM Repository really you don’t understand the terms here.

  4. Your examples aren’t spaghetti code, they’re just poorly written. The GOTO construct doesn’t exist in anything but Assembly anymore. Even then, proper unit testing can wrangle even your worst examples.

    Once again, spaghetti code is when you mix business layers with data layers and presentation layers. Each “noodle” is a different layer that’s interwoven. Get it?

    The opposite of spaghetti code is “lasagna code” where data, logic and presentation layers are all separated. That’s what Model, View, Controller (MVC) is. Get it yet?

  5. oiaohm says:

    That Exploit Guy my example is the bare min of spaghetti code in C and C++.

    –Don’t worry – all I want is a sippet of C/C++ code. Nothing more.–
    You asked for C and C++. Asm my example is not spaghetti there are not hidden control structures being broken.

    C is a structured programming language. Its designed for structured style code. Using goto on C can turn into speghetti insanely quickly. Most cases insanity. The question is if the spaghetti is harmful or beneficial.

    My example was 1 step away from harmful same with the wikipedia goto example. Only thing saving it is no memory declares in the if. Because both are breaking control structures. Close to disaster not disaster yet.

    This is why speghetti code such a maintenance nightmare. Code that looks close to the same one can be a memory leak and one can be perfectly safe. Worse only a memory leak when built with particular complier options.

  6. oiaohm says:

    That Exploit Guy traditional spaghetti code starts off without control structures.

    So to make it look 100 you could do like my if (c<10) goto start; twice.

    The if is truely a break.

    if (c<10) {
    goto start;
    }
    Comes clear when you do the C code old school long hand. The {} are control structure broken in the first example. Modern day compliers you don't have to type the brackets because the compiler basically inserts them for you.

    if (c<10) {
    int x=10;
    printf("%i\n",x);
    goto start;
    }
    This brings a interesting question what happens now.

    Depending on the complier you could have a memory leak. Why int x never made it to the free point at } this is because the control structures are broken by the goto.

    This is why the goto can become a source of a disaster. I will just add some code to the if statement with a goto and the broken control structure.
    if (c<10) {
    int x=10;
    printf("%i\n",x);
    }
    if (c<10) goto start;
    This here is what you have todo to be sure not to leak memory. You must not break brackets(invisible or not) with goto that you declare memory that you cannot directly free before the goto in due to the broken control structure possibly causing the free not to happen.

    for (int c = 1; c 10) {
    goto end:
    }
    goto start;
    end:

    This is heading to messy spaghetti and is dirty.

    The reality is without the if a never end goto loop done a particular way.

    start:
    goto start:

    With no escape option speghetti since it does not break brackets that are control control structures. Not a good thing todo to end up in a never ending loop. Its the if statement where you break the control structures for the first time when you use goto. Its only going down hill from there if you are not careful.

    That Exploit Guy you have forgotten these {} are control structures written or not.

    The start of speghetti looks harmless. As the code expands the evil can appear.

    There are times when using goto to break the control structs is valid. There are reasons why the goto has to be going forwards in the code. Even doing that you can cause memory leaks if you are not careful.

    The fact that every if () goto breaks control structures a warning. Wikipedia example is a pure break. My example sorts the men out from the boys on exam. Does this program contain any broken control structures you would have answers no when the answer is yes 1 the if () goto combination.

    spaghetti code starts with the possible valid uses and you add a few invalid like mine where a do while, for,while should have been used . The progressively the code base becomes a disaster zone as more and more control structures are broken without valid reason.

    Traditional speghetti code comes from the over use of speghetti code and people like That Exploit Guy that does not have a clue what the control structures in C are and when they are breaking them.

  7. That Exploit Guy says:

    @oiaohm

    ‘Like instead of a for loop…’

    I don’t see any “structs” there. Perhaps you mean “structures”?

    Also, I don’t see any “spaghetti code” there since the goto statement is not breaking any control structures in the code (e.g. loops, if…else). Sure, one could have used “do…while” instead of “start… goto start” or even replaced the entire piece of code with “for (int c = 1; c <= 10; c++) printf("hi\n");", but that's besides the characteristics of “spaghetti code”.

    Also, Edsger Dijkstra’s letter to ACM (“A Case against the GOTO Statement“) even explicitly states that his argument was against “the unbridled use of the go to statement” (bolded mine) rather than the mere usage of goto.

    Also, try not to rely on Wikipedia too often. It is, after all, a quite unreliable source of information.

  8. oiaohm says:

    http://en.wikipedia.org/wiki/Goto The hello wikipedia one there is very much goto abuse.

    Like instead of a for loop
    c=0;
    start:
    c++;
    printf(“hi\n”);
    if (c<10) goto start;

    This is the start of traditional spaghetti code. Worse case in tradition spaghetti code done in c or c++ only main() {
    } exists as a function. No OOP of any form. Just if goto and labels used to get around. No for, while, switch. Yes all the stuff of structured programming not used.

    Good quality code checkers today will reject what I just did. They allow you goto to a point latter in the program you cannot goto to a point before the goto jump. This is a rule any good quality static checkers will enforces. Gotos most productive usage is error handling to go forwards in code to free memory struts safely.

    This prevents goto triggered never ending loops.

    To code tradition spaghetti code you don't have loop functions.

    Good write up on the different names. http://en.wikipedia.org/wiki/Spaghetti_code

    What a lot of people call speghetti code today is what is really called Spaghetti with meatballs code since OOP features are mixed up like functions.

    Traditional spaghetti code is simple to find due to over use of goto.

    Spaghetti with meatballs can be horrible. Coverity also has a habit of calling out spaghetti with meatballs code as well.

    Each of these titles has a particular feature usage style to them. This is why its possible to design automated software to find coders not doing good style for lots of them.

    The spaghetti and spaghetti with meatballs problems is the simplest to design checkers to find.

    dirty code finding is harder.

    Ravioli code and Lasagna code are down right hard to create detection for since at times the code that looks like that can be valid.

    Basically dirty is always wrong. The speghetti code is almost always wrong. speghetti where the gotos only go to future points in the execution is the only form of speghetti that is valid. This is why both are simple to detect.

    The example on the wikipedia a checker should throw an error for unrequired else and goto. Checking flow logic detects lots of human errors.

  9. That Exploit Guy says:

    ‘traditional spaghetti code gotos and if as you only flow control structs. Also reusing buffers over and over again in different sections of code coverity does not particularly like either. So global buffers coverity will hate you.’

    ‘Flow control structs’? I, for one, would like to see an example of that.

    Don’t worry – all I want is a sippet of C/C++ code. Nothing more.

  10. oiaohm says:

    Second of all, what do you mean by ‘traditional’ spaghetti code?

    traditional spaghetti code gotos and if as you only flow control structs. Also reusing buffers over and over again in different sections of code coverity does not particularly like either. So global buffers coverity will hate you.

    Coverity I know supports windows. For Microsoft to use it they would have to pay and use it. The current IE bug would have been dug out by it. Its the kind of problem Coverity is designed to find.

    Converity was because of spell checker.

    –A Lint tool isn’t going to fix logical errors that the programmer has introduced!–

    Particular programmer logic errors are detectable. Like using a variable after its freed or should have been freed.

    Depends how advanced the Lint tool is basically. Advanced tools do checking of variable usage.

    TM Repository
    –Programmers aren’t psychic, though, and can only base their unit tests on past experience.–

    This is why you use klee.llvm.org or coverity or others tools for automated test suite generation. These are software they build there own program unit tests based on the flow of the program. To make sure every code path gets executed.

    Humans are fairly useless at making unit tests that properly test a program. Humans are good at making unit tests to make sure features users want is there.

    TM Repository basically you are out of date. You are talking about using humans to make test suites that is old obsolete talking.

    Automated test-suite generation with human tweaking is current day. The current fault in IE should have been dug out with Automated test-suite generated test-suite as well. Since that makes sure the error paths are checked.

    We know programmers are not psychic this is why automated tools make large section of test suites and you also run fuzz testing. In the case you missed something.

  11. “todays tech for program code quality controls really mean bug rates should be dropping.”

    That’s a stupid assumption! Code quality tools only help improve CODE QUALITY. They perform static analysis, NOT LOGICAL ANALYSIS. A Lint tool isn’t going to fix logical errors that the programmer has introduced!

    Next comes unit tests. Those test individual functions to make sure they yield the correct output given certain input. Programmers aren’t psychic, though, and can only base their unit tests on past experience. The rule of thumb at any good development studio is; Once you fix a bug, you make a set of unit tests for it to ensure regressions don’t happen in the future.

    Then there are additional integration tests, usability tests, etc. But those have less to do with the actual code. The point is, code quality tools only warn you if you’re off style, NOT if you’ve introduced bugs!

  12. Chris Weig wrote, “Yeah, that’s why I wrote about the context menu!”

    Context menu is a pointing and two clicks. CTRL-T is just one click and my hands are already on the keyboard. The context should be my active tab but it is not for some reason.

  13. oiaohm wrote, “todays tech for program code quality controls really mean bug rates should be dropping.”

    Apparently since the 1990s, M$’s OS was growing in size of code faster than quality could be managed. That’s why disasters like waves of malware and Vista happened. Some say “7” was tightened a lot but it was really just debugged Vista. It was the crime of the century that M$ made people pay twice for Vista.

    GNU/Linux is also prone to bloat. The reason I use XFCE4 and not GNOME or KDE are that those desktop environments go far beyond what I need them to do and XFCE4 just works better for me. As long as people create code for its own sake quality is shaky. GNU/Linux has had its essential features for nearly a decade yet the pace of development keeps increasing. One of the reasons that I use Debian GNU/Linux is that the total bug count is increasing somewhat more slowly than the package count so there is hope by careful package selection to obtain a pretty good system relatively free of bugs. Of 37K Debian packages, I have installed 2400 and the total bug count is just a few hundred. Odds are there are just a few bugs in my system. With that other OS, I would have thousands and that’s without the applications.

  14. That Exploit Guy says:

    @oiaohm

    ‘Chris Weig chromium is checked converity. So traditional bad spaghetti code is no where to be seen.

    ‘Converity is a bit code style picky.’

    First of all, it’s “Coverity”, not “converity”.

    Second of all, what do you mean by ‘traditional’ spaghetti code?

    Third of all, care to elaborate on what you mean by “code style picky’, preferrably with code sippets as examples?

    Lastly, speaking of Coverity, did you notice that their dynamic analysis tool-set does, in fact, support Windows?

    http://www.coverity.com/products/dynamic-analysis.html

  15. That Exploit Guy says:

    ‘There is a weakness on Windows lack of tool like [Valgrind]. This is in fact critical.’

    Valgrind is a dynamic program analysis tool and is merely one amongst the many. Also, there is no shortage of dynamic analysis tools, commercial or otherwise, for Windows.

  16. oiaohm says:

    Chris Weig chromium is checked converity. So traditional bad spaghetti code is no where to be seen.

    Converity is a bit code style picky.

    Chris Weig automated auditing tools means bad code style cannot be hiding in some backwater of the code base and not been detected.

    Chris Weig todays tech for program code quality controls really mean bug rates should be dropping.

  17. Chris Weig says:

    Yep, and the keyboard shortcut to do that is supposed to be ctrl+T and that opens the tab to the far right.

    Yeah, that’s why I wrote about the context menu!

    I suggest that you get Chromium’s code and hack away. Should be no problem for you. But watch out for spaghetti code.

  18. dougman wrote, “if you have ten tabs open and click a link to “Open in New Tab” it opens to the right of the currently open tab.”

    Yep, and the keyboard shortcut to do that is supposed to be ctrl+T and that opens the tab to the far right. Really far, like in the next county.
    Google Chrome 23.0.1270.0 (Official Build 157306) dev

  19. dougman says:

    Re: For example, I often have a lot of tabs open and when I open a new one I would like it to be to the right of the tab where I am, so that related tabs will be near each other. Instead, the tab opens to the faarrr… right which is often pretty far.

    I just tested that and if you have ten tabs open and click a link to “Open in New Tab” it opens to the right of the currently open tab.

    Google Chrome: 21.0.1180.89 (Official Build 154005)

    OS: Linux

    WebKit: 537.1 (@126646)

    JavaScript: V8 3.11.10.20

    Flash: 11.3.31.232

    User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1

    Command Line: /usr/bin/google-chrome –enable-accelerated-compositing –disk-cache-dir=/tmp/ram/ –flag-switches-begin –enable-accelerated-filters –enable-accelerated-video-decode –enable-http-pipelining –enable-smooth-scrolling –enable-spdy3 –force-compositing-mode –ignore-gpu-blacklist –enable-threaded-compositing –flag-switches-end %U

  20. “You don’t know that a tab has a context menu with “New Tab” in it. Try it out and be enlightened.”

    ctrl-T does not.

  21. Chris Weig says:

    For example, I often have a lot of tabs open and when I open a new one I would like it to be to the right of the tab where I am, so that related tabs will be near each other. Instead, the tab opens to the faarrr… right which is often pretty far.

    1. You don’t know what extensions are.
    2. You don’t know that a tab has a context menu with “New Tab” in it. Try it out and be enlightened.

    Is it the most secure? I don’t know and don’t care much because I have never seen malware on GNU/Linux and assume the chances are pretty low that I will encounter any.

    So we can conclude that blind faith is all you’ve got. It’s not surprising.

    I also use Google which warns of infected sites which is pretty cool. There’s strength in numbers.

    And you rely on Google to “protect” you.

    You have just discredited yourself forever. Please don’t talk about computer security ever again.

  22. dougman wrote, “Browsing the web under Linux = Flawless”

    I use Chrome on GNU/Linux which I think is a great combination but it’s not flawless. For example, I often have a lot of tabs open and when I open a new one I would like it to be to the right of the tab where I am, so that related tabs will be near each other. Instead, the tab opens to the faarrr… right which is often pretty far. I guess no browser can please everyone but Chrome is the best I have found and I have used many. Is it the most secure? I don’t know and don’t care much because I have never seen malware on GNU/Linux and assume the chances are pretty low that I will encounter any. I also use Google which warns of infected sites which is pretty cool. There’s strength in numbers.

  23. oiaohm says:

    TM Repository static analysis tools can detect use after free. http://seanhn.wordpress.com/2009/11/30/finding-bugs-with-static-analysis/ When the tech started turning up most likely too new for you.

    Linux kernel default static analysis checks for this.

    http://stackoverflow.com/questions/2436020/detecting-use-after-free-on-windows-dangling-pointers

    Microsoft does have a build option that would have prevented it as well. The de-buggering memory management fault would not have worked. Lot of distributions programs on Linux ship with mudflap gcc equal enabled. Not for debugging so bugs like this cannot work. Yes crash the program but the attacker does not get in.

    This bug in IE is pure characteristic of someone not doing there job in quality control. Now it could be that Microsoft is not paying for third party software like Converity for their tools.

    https://bugreports.qt-project.org/browse/QTBUG-14633

    There are some open bugs in the FOSS world that are use after free.

    Static analysis is used to find errors in programmer logic. Of course static analysis is not perfect.

    This is why unit tests and fuzzing are done as well.

    There is a weakness on Windows lack of tool like http://valgrind.org/ . This is in fact critical. valgrind running over unit tests and fuzzing can detect minor memory faults so enable you to tune you fuzzing or unit tests to find out if their is a issue there or not.

    Its sad that the biggest platform used has the weakest tools for detecting faults.

    ASP.NET without a .Net engine is worthless. FOSS would most likely embrace it if Microsoft corrected the wording of their patent grant so removing the possibility of MS attacking the implementations of the .net engine.

    TM Repository reality does not matter what software you run. If you don’t check you facts you are as bad as the freetards you claim to be out to destroy.

    Again you commented here without knowing the topic TM Repository so claimed static analysis checks does not do something when the good quality ones do.

    Anyone who knows quality programming will look at the recent IE bug and go hey what is wrong with IE QA control staff that should have been detected and corrected in 2010 also where in hell is the runtime protection. This is a browser of all things processing tainted crap.

    Chrome and Firefox both contain runtime protection against this class of fault. If its not detected by static analysis the result of doing this is crash. The chrome opps messages commonly trace to somewhere doing a use after free and resulting in it killed dead before attack can do something.

    There is a list of bugs that there is no need for them to exist in workable form in modern well made code. Use after free is something that should not be a security bug. It should be a program crash leaving attacker with no way in.

  24. dougman says:

    Browsing with IE on Windows = Stupid
    Browsing with Firefox on Windows = Prudent
    Browsing with Chrome on Windows = Smart

    Browsing the web under Linux = Flawless

    http://www.youtube.com/watch?v=nCgQDjiotG0

  25. “i just checked out tmr.com
    read their about page.
    then saw the whole thing is powered by django.

    -1 MS cred.
    +1 OSS cred.

    good show, mate.”

    See, this is what I’m talking about. To you this is some kind of match where you need to keep score. You want to be on the “winning team”.

    Plenty of people like you visit the site, don’t bother reading the About page, think it’s anti-Linux or anti-FOSS when it explicitly states it’s anti-community, and then proceed to guffaw that the site was built with open source technologies…which I announce very clearly.

    I’m pragmatic, I use the tools that work best, I don’t care who makes them. I have no problem using open source software right along side proprietary software; Whatever it takes to get the job done. As a bonus, it gives the zealots one less thing to snipe at about my site. You can bet if it was made with ASP.NET MVC (which is open source under a very permissive license) the zealots would have just dismissed it.

  26. “Probably just semantics but what are these other than code checkers ?”

    That’s a lint tool. That’s not “code checking” they’re called “static analysis” tools. They find technical errors with the code itself (a missed semi-colon, use of == instead of ===, etc.) but they won’t find errors in logic that a programmer introduced. That’s what unit tests are for.

  27. “TMR, why are you apologizing for microsoft’s admitted mistake?”

    I’m not apologizing for their bug, I’m just shooting down Pog’s FUD about it. Browsers are complex, they all have bugs, they all have had zero day exploits. To think that this sort of problem is isolated to IE is foolish and a dangerous message to send.

    Further, Pog’s remarks about spaghetti code are unfounded and not even applicable. Spaghetti code refers to code that mixes the logic and presentation layers, making it harder to maintain. It doesn’t mean it’s less functional or secure though. WordPress is spaghetti code and this blog seems to work fine for the most part.

  28. “Forgive TMRepository. He spends his days getting drunk at 3 A.M and pretending he can code while claiming to be a graphic designer or something.”

    No argument here!

  29. “TMR is infamous for banning people who dare to spread the truth about GNU/Linux and call out his friends for their hateful and perverted activities.”

    I’ve banned exactly two people on my site in the nearly 4 years it has been operating. One was banned for spamming, the other for posting off topic/racist material. Both were warned twice.

  30. Chris Weig says:

    This is characteristic of spaghetti-code.

    Show us that it’s spaghetti code or STFU.

    Your programming days are over. Start anew with a C program which adds two numbers. And then post the code for review.

  31. Chris Weig says:

    i just checked out tmr.com
    read their about page.
    then saw the whole thing is powered by django.

    The next brainless FLOSS troll enters the “Most stupid FLOSS troll” competition.

  32. Adam King says:

    Forgive TMRepository. He spends his days getting drunk at 3 A.M and pretending he can code while claiming to be a graphic designer or something.

  33. That Exploit Guy says:

    Probably just semantics but what are these other than code checkers?

    Perhaps it is semantics that you are playing with?

    You do notice that Visual Studio has it’s own static analyser (i.e. “code checker”), right?

    You do also notice that most modern compilers perform their own static analyses during compile-time, right?

    Yes, there are “code checkers”, but designating the use of them in what you might believe to be a standalone standard procedure called “code checking” in commercial software development is just plain silly.

  34. JR says:

    @ TM Repository

    your comment refers…..” There’s no such thing as “code checking”

    Please excuse my igorance here:

    Probably just semantics but what are these other than code checkers ?

    http://www.slideshare.net/csixty4/lint-php-javascript-code-checking

  35. kolter.online says:

    i just checked out tmr.com
    read their about page.
    then saw the whole thing is powered by django.

    -1 MS cred.
    +1 OSS cred.

    good show, mate.

  36. kolter.online says:

    TMR, why are you apologizing for microsoft’s admitted mistake?

  37. That Exploit Guy says:

    @Robert Pogson

    ‘Not true. They are blocked because they contain stuff in the blacklist but perhaps they should be blocked because you are such a time-waster.’

    So, what would be considered not a “time-waster” by your definition?

    Would it be comments without actual technical merits? If so, then how does TM Repository’s comments constitute a “time-waster”?

    Would it be, then, comments that exceed a certain arbitrary length? If so, then what would that length be?

    I believe these are legitimate questions to ask, since, in all honesty, you are giving threats of a summary ban to someone who has merely offered an different opinion to yours. That simply does not seem fair to me.

    ‘“ted” was blocked and “*ted” occurs in a lot of legitimate comments. I have removed “ted” from the blacklist but will ban him by other means.’

    Questionable morals aside, I don’t think this is how you are supposed to perform a “ban” in WordPress.

    @oiaohm

    ‘TM Repository really you don’t believe in free speech. So you really have no right to complain when blocked.’

    Let’s suppose he secretly and provably detests free speech.

    How does that, though, justify your own action or opinion against free speech especially if you genuinely value it?

    Or is this just your way to say that disregarding your own principle is fine so as long as someone else has wronged you first?

  38. That Exploit Guy says:

    @Robert Pogson

    ‘How is deleting stuff in use a bug? That’s like forgetting to apply the brakes or not slowing down when parking. It’s probably taught in the first lesson of driving school.

    ‘Have I attempted to use deleted stuff? Yep, in one-off stuff dashed off in a hurry. In stuff intended to be used by millions of people all over the world? Nope. In FLOSS, we would know who did this and why and know whether or not we should ever trust anything that person ever did.’

    Following your argument, then, would you care to explain how the following use-after-free vulnerabilitie managed to exist?

    http://packetstormsecurity.org/files/view/95850/android-useafterfree.txt

    http://www.mozilla.org/security/announce/2012/mfsa2012-58.html

    http://www.cvedetails.com/cve/CVE-2011-3108/

    It seems that you somehow believe use-after-free bugs exist only in IE. That’s simply not true.

    @dougman

    ‘Throwing a fuzzer at IE and looking at memory dumps, or calling functions in a way that Microsoft never intended, until you identify specific code that allow you to do things like this is intensive work.’

    Exactly. That’s why you don’t see exploits of this nature circulating in the wild often. If everyone could easily discover and leverage a vulnerability in a piece of code, then surely there would be a lot more people in the shady business of cyber-crimes than we actually have now?

    Or did you just misread the paragraph as a critique of IE?

  39. JR says:

    @ TM Repository

    I think we get the message!

  40. oiaohm wrote, “this bug is pure sloppiness by someone at Microsoft.”

    Yep. It’s computer science 101. It’s the first thing anyone should know about pointers. Almost everyone uses pointers because they are so efficient but people who are careless or ignorant always mess them up. It might be well that people used pointer structures instead with a “status” and “instance” variable handy. That would be tedious to code but would eliminate a lot of accidents. Would it not have been great if years ago, the first time this happened an explanatory note of the problem popped up somewhere and the problem was found before the world’s IT was compromised?

  41. TM wrote, “Yup, my comments are being blocked/filtered by Pog, the champion of freedom.”

    Not true. They are blocked because they contain stuff in the blacklist but perhaps they should be blocked because you are such a time-waster. “ted” was blocked and “*ted” occurs in a lot of legitimate comments. I have removed “ted” from the blacklist but will ban him by other means.

  42. TM wrote, “There’s no such thing as “code checking”.”

    Only in a world where everything is done right the first time. There’s no magic to writing code:

    1. choose something to be done
    2. identify all processes and interactions
    3. define or use definitions of all inputs, outputs and data-structures
    4. choose an algorithm or series of algorithms for every process
    5. write the code
    6. check it for syntax
    7. check that it links to other code as needed
    8. check that it runs and gives desired results
    9. check it for undesired results
    10. check that it is all documented properly so that code may be repaired or reused
    11. implement or release it with a means to fix bugs found by others and for maintenance

    Yes, code-checking exists and takes about as much effort or more than writing stuff and assuming it’s good because it works occasionally. Of course in FLOSS we can examine the code and see that this all happens. In non-FREE software your guess is as good as mine that code-checking happens at all. M$ claims to release patches very slowly because it has so much spaghetti to check but it’s still spaghetti. The more code M$ write, the further behind they get and the higher the spaghetti gets and the more bugs get hidden. There is no room in IT for a company that releases such garbage and has the temerity to charge money for the privilege of using it.

  43. oiaohm says:

    TM Repository chrome and firefox face fuzz tested triggered by their development teams.

    http://feliam.wordpress.com/2010/10/07/the-symbolic-maze/

    Proper done test suites are meant to check every single code path. Due to the limitations of human the FOSS world has started developing KLEE and other tools.

  44. TM wrote, “You clearly have no clue how bugs occur, how they’re dealt with, and what testing is actually for. If you did you’d know testing is mostly about preventing regressions, not magically predicting the future. If it was, then every piece of software would be perfect upon release and no new versions would be necessary!”

    I have created a lot of bugs. I know 99 ways to make a bug. Forgetting to quit using something after deleting it or deleting stuff withoug a good reason are in there.

    How is deleting stuff in use a bug? That’s like forgetting to apply the brakes or not slowing down when parking. It’s probably taught in the first lesson of driving school.

    Have I attempted to use deleted stuff? Yep, in one-off stuff dashed off in a hurry. In stuff intended to be used by millions of people all over the world? Nope. In FLOSS, we would know who did this and why and know whether or not we should ever trust anything that person ever did. At M$, it’s the whole team and I quit trusting them with Lose ’95. Multiple processes can be tricky. That’s why we know JavaScript is less secure than some other code we use but I sure would like to know whether or not the nitwit that did that even checked whether other processes used the object he decided to delete and why he decided to delete them.

    TM, does it make any sense to you that an object in use should be deleted? Was it something M$ did to “start you up”? Confuse people about “where do you want to go today”? or just make a system administrator’s day? Why do you think it happened if the code was not hidden under spaghetti? Come on, give us one feasible suggestion/guess.

  45. oiaohm says:

    TM Repository really you don’t believe in free speech. So you really have no right to complain when blocked.

    Fuzzying is quite a normal process of finding bugs.

  46. dougman says:

    TM Suppository, instead of whining about being blocked, if that is the case, perhaps you should contribute meaningful content?

    On another note, I think its humorous when so-called industry experts tell me that IE is the “Industry Standard”. I always raise my hand and ask them “What Standard?”

    Throwing a fuzzer at IE and looking at memory dumps, or calling functions in a way that Microsoft never intended, until you identify specific code that allow you to do things like this is intensive work. No matter how well-written your application is, there are always going to be bugs like this that someone can take advantage of.

  47. Adam King says:

    TMR is infamous for banning people who dare to spread the truth about GNU/Linux and call out his friends for their hateful and perverted activities. Now he whines about being prevented from spewing his garbage on another person’s blog. Typical M$ $hill behavior: do whatever you have to to spread the word.

  48. JR says:

    @ TM Repository

    Sorry misunderstood your post thought you were waiting for the usual comments this post would have elicited.

  49. Like I said in a previous comment that got filtered:

    “This is characteristic of spaghetti-code.”

    No it isn’t. It’s characteristic of a bug! This stuff happens on every other platform and browser! Do you think Chrome, Firefox and Android 4.0 are “characteristic of spaghetti code”? (I had links to post but they’re being blocked)

    “Did all the $billions invested in code-checking go to waste? Yes.”

    There’s no such thing as “code checking”. There is code review which is a high level analysis, unit testing which tests classes and methods for expected results, integration testing which ensures said units work together, and usability testing which ensures users can understand how features work. Clearly, you’ve never been involved in any of these.

    You clearly have no clue how bugs occur, how they’re dealt with, and what testing is actually for. If you did you’d know testing is mostly about preventing regressions, not magically predicting the future. If it was, then every piece of software would be perfect upon release and no new versions would be necessary!

  50. Like I said in a previous comment that got filtered:

    “This is characteristic of spaghetti-code.”

    No it isn’t. It’s characteristic of a bug! This stuff happens on every other platform! Do you think Chrome, Firefox and Android 4.0 are “characteristic of spaghetti code”?

    “Did all the $billions invested in code-checking go to waste? Yes.”

    There’s no such thing as “code checking”. There is code review which is a high level analysis, unit testing which tests classes and methods for expected results, integration testing which ensures said units work together, and usability testing which ensures users can understand how features work. Clearly, you’ve never been involved in any of these.

  51. Yup, my comments are being blocked/filtered by Pog, the champion of freedom. He must mean “free as in beer” because he certainly doesn’t mean “free as in speech”.

  52. Like I said in a previous comment that got filtered:

    “This is characteristic of spaghetti-code.”

    No it isn’t. It’s characteristic of a bug! This stuff happens on every other platform! Do you think Chrome, Firefox and Android 4.0 are “characteristic of spaghetti code”?

    “Did all the $billions invested in code-checking go to waste? Yes.”

    There’s no such thing as “code checking”. There is code review which is a high level analysis, unit testing which tests classes and methods for expected results, integration testing which ensures said units work together, and usability testing which ensures users can understand how features work. Clearly, you’ve never been involved in any of these.

    You clearly have no clue how bugs occur, how they’re dealt with, and what testing is actually for. If you did you’d know testing is mostly about preventing regressions, not magically predicting the future. If it was, then every piece of software would be perfect upon release and no new versions would be necessary!

  53. oiaohm says:

    TM Repository The problem this is nothing we did not already know or suspect by every time IE has faced third party auditing tools.

    Mudflap/propolice in gcc is designed to block this exact kind of fault. MSVC also contains a build time feature to prevent it. So this bug is pure sloppiness by someone at Microsoft.

  54. JR says:

    @ TM Repository

    Bored. ?
    Looking for something to do.?
    Want me to post one ?
    Let me see!

  55. Not posting comments anymore?

  56. “This is characteristic of spaghetti-code.”

    No it isn’t. Spaghetti is sloppy in style, not necessarily quality. It’s not inherently insecure, just difficult to maintain. Your own blog runs on WordPress, which is the very definition of spaghetti code (I’ve built several templates for it, it’s a minefield). But any experienced WordPress developer has no problem with the quirks. Again, spaghetti code does NOT equal insecure!

    “The stuff is running every which-way and off the plate”

    Did you just learn the term “spaghetti code” and looking for an excuse to use it? That’s NOT WHAT SPAGHETTI CODE IS!. Spaghetti code is when you mix logic and presentation into the same layer! You know, like WordPress mixes critical security functions into the templates that inexperienced designers are supposed to edit. THAT is what spaghetti code is, goofus.

    “Did all the $billions invested in code-checking go to waste? Yes.”

    “code checking”? You really are an inexperienced ignoramus, aren’t you? There’s no such thing as “code checking”. There’s “code reviews” but those are not deep dives to test the code, that’s for “unit tests”, “integration tests”, “UI tests” and “usability tests”. You can bet that like any company that discovers a bug, they will generate a test in one of these categories for it to prevent regressions.

    Sadly, the kernel lacks any such test suites, instead foisting this task on the user. If this isn’t the case, please tell me where the test suite is, how to set it up and run it against various kernel versions, and where the test swarm is so I can test it against all supposedly compatible hardware.

    Oh, you can’t. Because you’re just an ignorant user posing as a developer. Go crimp some cables before you embarrass yourself anymore.

    Android 4.0.4 exploit

    Firefox 3 exploit

    Chrome exploit

    I guess this is just characteristic of spaghetti code, right?

Leave a Reply