FDA

@@Wok_Agenda what does this have to do with the FDA

in reality Microsoft patches are still rather buggy and the only patches i ever ran while using windows were security. any other patches went by the wayside until a week after and sometimes more to make sure they didn't break shit.

@@KaziiTheAvali_inactive Currently a sysadmin, and can confirm we do updates on the FIRST Tuesday of each month, 1 week before patch Tuesday. This is to make sure the updates have had about 3 weeks to get all their shit re-patched with OOB updates.

Glorious patch Tuesday, breaking forensic software every month without fail.

You should research the old Burroughs MCP tagged memory implementation and none of this would not happened. Your C program would have gotten a run time Segmented Array error as soon as the buffer length was exceeded and the program killed.

Thanks for the kind words! If you have any cool language experience that would apply to our Primes project, please check it out on Github! I'd love to see a System/360 assembler version that we can run in an emulator!

The standard C library has some issues with these unchecked string buffer access and the varying convention of putting source or target as first argument. Long time ago I had to solve mysterious crashes in an application and it had these unsafe string buffer access all over the place. Any serious programmer would have made a safe string struct wrapper or use C++.

Me too. Moving from 1990s MVS/ESA to x86 I was shocked at the amount of blind trust placed in other code and the incoming data. gets() is the classic example--ouch! I ended up writing my own functions for almost everything, and then my own compiler (long story). I like the idea of trying primes on S/360. For anyone unaware, the "TK4-" Hercules install with MVS 3.8 is literally TurnKey.

I began in Unit Record Equipment, 407s etc then moved to 1401, 360, 370, 4300 series, then S390. I have written millions of lines of code in mainframe assembler and even some micro code on a 360/30. I built my own microcomputer utilizing IBM Op codes and EBCDIC so i could test my code before getting valuable actual machine time to test. Once I got my code running on the mainframe I crashed the program by implementing an invalid Op code from the front panel. I got a core dump, then corrected my source code to reflect proper operation. I then was fascinated by the Intel 8080 and built another machine using this and the S-100 bus where I could obtain I/o cards etc. I made my own front panel as well. The whole stack pointer and very limited registers left me puzzled as to why they didnt adopt tried and true technology of IBM. I trained COBOL programmers how to read core dumps as well. And even got COBOL to dynamically call other COBOL programs. Something that IBM said could never be done. I also got mainframes to talk to another using the 3270 protocol, again something IBM said was not possible (later they developed Bisynchronis Pass Thru or BPT) this allowed applications to talk to another application directly using STD COBOL under CICS. I LOVE mainframe assembly programming and consider INTELs x86 model a toy that wants to play in a grown up world . What i could do in 32k of memory could not even be dreamed of in C or C++

@@rty1955 Sounds as though you had some fun over the years! From my POV, x86 suffers from compatibility going all the way back to its roots with the 4-bit 4004. x64 is a lot cleaner, and if we can just exterminate every null-terminated string I'll be happy :-)

I bet a LOT of Unix admins got very used to processing the DEFAULT.IDA requests out of their logs! Of course I guess even the properly patched Windows guys would too.

Even years afterwards, I would see Code Red requests in my Linux access log

Was this the one which tried to scan a specific port? I remember checking the addresses showing up in my firewall log for the backdoor. I could use 2 or 3 of those (i got a lot more entries in the log). I placed a readme file in their rootdir about the backdoor.

@@kylestubblefield3404 nicely done sir!!

I was in University at the time, and we were all called in for the weekend, which we spent scanning the network looking for people running web servers and then making sure they were patched. In several cases, this meant breaking into offices which had somehow been re-keyed to not use the building master that we were issued as admin staff. Good times.

Thanks much!

Glad you like them! If you've ideas for other topics, please do share, as I enjoy doing them! The bloopers are hit or miss, depends how it went that day, so sometimes I don't include them!

Hitting up a 7-11 at 2AM to resupply with Code Red. Made mention to the clerk the stuff seems a bit on the addictive side. He mentions he goes through a case every few days. My health tanked shortly thereafter.

@@quintessenceSL I drank so much I became allergic to red food coloring.

As I recall, when Code Red happened the Canadian version of Code Red wasn't caffeinated

Agreed. Would love to see it.

Heh heh, I see what you did there 😆

Just badly written code, and that happens, not sure hosting service/compile farms too happy about that.

Have fun!

I remember when the ASCII BEL character (07) rang an actual bell.

Glad you like them!

Can you believe that's the ONLY instance of anyone EVER saying "Use your powers for good" on TV that I could find? I thought it'd be common, but Archer is the only one!

@@DavesGarage Well with a bit of hair gel you could pass for Krieger :P

@@DavesGarage Bob's Burgers S4E16, Deadpool, Jimmy Neutron movie, Paw Patrol movie, there's lots :D

Glad you enjoyed it!

More to come!

Thanks! I'd love to show how Windows Hooks work, they're cool. I once wrote a "Task Recorder" app called WinMonkey that set various hooks and then recorded everything you did, so it could play it back as a macro. I got it to about 99.5% reliable, which I deemed a "tech support nightmare" so I never released it! But I got plenty of experience. Long story short, you write a DLL with an entry point called "MyWindowsHook() in it". If you set a global hook, when you do so, your dll is loaded into EVERY windows process immediately. I assume threadattach runs for every thread, etc... Then your DLL is called whenever the thing you've hooked happens. Let's say it's a keyboard hook. So every time anyone presses a key, every windows process calls their "MyWindowsHook()" function in your DLL. But each is loaded separately into each process, and they can't see each other. When I did it, I created a C++ template for a shared memory object that could be seen by all instances, and I remember that being complicated to write (sempahores, mutexes, etc) but handy to use! It's been a lot of years, I'd have to look back, but I think you can hook down to the Get/Peek message level... so you can inspect and/or modify any and every windows message sent or received by any process. It's an immense amount of power, and a real bitch to debug when you make a mistake!

Wow, thanks!

Yes I'm working a video now where I explicitly say that it's POSSIBLE to write secure code in K&R C, just very difficult, and that modern C14 or later makes it much easier!

haha that sounds like a good time

Glad you enjoyed it! Trying to strike a balance of "real technical info" without scaring too many away!

Welcome aboard!

ThioJoe explained these in a video.

There is no any such requirements.

@@lolerie You are allowed to eat the chicken but heating it up above 40 degrees C is forbidden!

Thanks! They're a little embarrassing but at least they're natural that way :-)

Hilarious 😂

Hello there! I would imagine Buffalo Days is starting soon in Regina!

Go Riders!