I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a freeware C compiler from the
same company that makes RealPlayer and Quicktime. That's when the
trouble started. See, RealC-32 is like any other C compiler but with
one notable difference. Any time your code invokes undefined
behavior-- for example by dereferencing an uninitialized pointer--
rather than the usual segmentation fault, instead the program will chug
along as usual, but will silently start launching spam emails and
spyware from the computer.
It was only a matter of time before I accidentally forgot to initialize
a pointer before dereferencing it. Then, sure enough, in place of the
usual segfault, my computer started sending porn to every email account
on the 'net. Hours later, the feds busted down my door and I was
hauled off kicking and screaming.
At my trial I insisted I was not responsible for the spam, that it was
the fault of RealC-32. But a representative from the company pointed
out that they were completely in compliance with the C standard, which
allowed them free reign to do as they pleased with my computer once I
dereferenced that uninitialized pointer. The judge agreed that I was
merely using a RealC-32 extension to simplify the creation of the
spam-sending software, and that I was just as responsible for it as I
would be if I'd explicitly programmed it using, say, gcc. In the end I
was forced to succumb to their logic-- they were, afterall, quite
right.
EPILOGUE
Stone McStone continues to serve hard time in a federal "pound me in
the ass" prison. Hopefully he's learned his lesson about dereferencing
uninitialized pointers! RealC-32 has made millions of dollars by
selling adware contracts to small startup businesses. They are
currently negotiating with Diebold Inc. trying to win the contract to
provide the C compiler for Diebold's controversial e-voting machines.
Sep 17 '06
27  2023 
Keith Thompson wrote:
"Spiros Bousbouras" <sp****@gmail.c omwrites:
From a practical point of view I think that "undefined behaviour"
will almost always mean one of the following two things:
1) That the compiler will contain no special provisions to deal
with the case so the output will essentially be random. As such
I would expect that the probability of erasing the whole hard disk
is vanishingly small and running spyware practically impossible.
The probability that the compiler has a bug so the behaviour would
be random even when encountering correct code is larger , I think ,
that the probability of any of the above two events happening.
2) That the compiler does contain some special provision as
part of a joke. The obvious example is some version of gcc which
ran Towers of Hanoi when encountering the pragma directive (which
was implementation defined rather than undefined).
(It was nethack, not Towers of Hanoi.)
It was more than one programmes including Towers of
Hanoi. See http://www.abelsson.com/?page=expertcprogramming
>
Undefined behavior isn't random, it's arbitrary. This is an important
distinction; the word "random" has a specific mathematical meaning,
and using it in this context can raise unrealistic expectations.
I don't think that the word random on its own has a specific
mathematical
meaning. Things like "random variable" have a specific mathematical
meaning.
I believe that in the context that I used it random has the same
meaning
as one of the meanings of arbitrary and there is less chance that it
will create
the wrong impression.
>
Even if the behavior in the presence of, say, a buffer overflow is
purely accidental, if there's code on the system that will reformat
your hard drive, it's conceivable that a misbehaving program could
accidentally branch to that code.
Yes , it's conceivable. Just very unlikely especially with the
protections
of modern operating systems. And I would say that a compiler bug
is at least as likely to have the same effect on a correct programme.
>
But the results of undefined behavior aren't always purely accidental.
Viruses and other malware typically work by *deliberately* exploiting
buffer overflows. And if it were physically possible for a computer
system to make demons fly out of your nose, you can be that some virus
writer would make it do so.
Indeed but in such a scenario the behaviour isn't undefined
anymore. The virus writer has made it defined (to suit their
own purposes).
Richard Heathfield wrote:
Frederick Gotham said:
.... snip ...
>>
I might have above-average intelligence, but I'm no genius.
Precisely the same description applies to a basset hound.
ROTFL
--
"The most amazing achievement of the computer software industry
is its continuing cancellation of the steady and staggering
gains made by the computer hardware industry..." - Petroski
--
Posted via a free Usenet account from http://www.teranews.com
"Spiros Bousbouras" <sp****@gmail.c omwrites:
Keith Thompson wrote:
[...]
>(It was nethack, not Towers of Hanoi.)
It was more than one programmes including Towers of
Hanoi. See http://www.abelsson.com/?page=expertcprogramming
You're right, I had forgotten that detail.
>Undefined behavior isn't random, it's arbitrary. This is an important
distinction; the word "random" has a specific mathematical meaning,
and using it in this context can raise unrealistic expectations.
I don't think that the word random on its own has a specific
mathematical meaning. Things like "random variable" have a specific
mathematical meaning. I believe that in the context that I used it
random has the same meaning as one of the meanings of arbitrary and
there is less chance that it will create the wrong impression.
Hmm. Perhaps, but for me the word "random" carries with it an
implication that the possible outcomes are determined by some
consistent probability distribution. In fact, the outcome is
determined by Murphy's Law -- or at least it's safest to think of it
that way.
>Even if the behavior in the presence of, say, a buffer overflow is
purely accidental, if there's code on the system that will reformat
your hard drive, it's conceivable that a misbehaving program could
accidentally branch to that code.
Yes , it's conceivable. Just very unlikely especially with the
protections of modern operating systems. And I would say that a
compiler bug is at least as likely to have the same effect on a
correct programme.
If there's an available library routine that can reformat a disk, and
if your program is running with sufficient privileges to invoke that
routine (which is plausible on some systems), then there's a risk that
it could happen accidentally.
>But the results of undefined behavior aren't always purely accidental.
Viruses and other malware typically work by *deliberately* exploiting
buffer overflows. And if it were physically possible for a computer
system to make demons fly out of your nose, you can be that some virus
writer would make it do so.
Indeed but in such a scenario the behaviour isn't undefined
anymore. The virus writer has made it defined (to suit their
own purposes).
No, the behavior is still undefined as far as the C standard is
concerned. The point is that, in some cases, the outcome can be
determined not by random chance, or even by applied Murphology, but by
conscious malice.
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this. st**********@ya hoo.com wrote:
I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a
[lots-of-more-bull-shit]
Are you ok ? Should we call a doctor ?
Keith Thompson wrote:
[...]
Even if the behavior in the presence of, say, a buffer overflow is
purely accidental, if there's code on the system that will reformat
your hard drive, it's conceivable that a misbehaving program could
accidentally branch to that code.
As I recall, old hard drive I/O cards for the IBM-PC market often had
low-level format code in the BIOS. Jump to the right address, and the
magnetic flux that was once your data was just a memory.
[...]
--
+-------------------------+--------------------+-----------------------+
| Kenneth J. Brody | www.hvcomputer.com | #include |
| kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer .h|
+-------------------------+--------------------+-----------------------+
Don't e-mail me at: <mailto:Th***** ********@gmail. com>
Spiros Bousbouras wrote:
[...]
From a practical point of view I think that "undefined behaviour"
will almost always mean one of the following two things:
1) That the compiler will contain no special provisions to deal
with the case so the output will essentially be random. As such
I would expect that the probability of erasing the whole hard disk
is vanishingly small and running spyware practically impossible.
The probability that the compiler has a bug so the behaviour would
be random even when encountering correct code is larger , I think ,
that the probability of any of the above two events happening.
You've never run on a system with memory-mapped I/O, have you? A
simple strcpy() or memmove() with in an uninitialized pointer is
enough to start very nasty things happening.
Ditto for platforms without some hardware memory protection, such
as an x86 "real mode" platform. Overwrite the wrong memory, and
the O/S may start scribbling all over the drive.
2) That the compiler does contain some special provision as
part of a joke. The obvious example is some version of gcc which
ran Towers of Hanoi when encountering the pragma directive (which
was implementation defined rather than undefined).
While it's true that it's not likely that a compiler writer has gone
out of his way to explicitly program some behavior for UB situations,
the fact is that one doesn't have to "go out of the way" to do so.
And your gcc example proves that they sometimes do explicitly write
such things. (Though any "good" compiler writer is probably good
enough to do something humorous like a Tower of Hanoi program, rather
than malicious like spyware.)
[...]
--
+-------------------------+--------------------+-----------------------+
| Kenneth J. Brody | www.hvcomputer.com | #include |
| kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer .h|
+-------------------------+--------------------+-----------------------+
Don't e-mail me at: <mailto:Th***** ********@gmail. com>
Keith Thompson said:
<snip>
Even if the behavior in the presence of, say, a buffer overflow is
purely accidental, if there's code on the system that will reformat
your hard drive, it's conceivable that a misbehaving program could
accidentally branch to that code.
In Liverpool, late 1989, this very nearly happened (on the machine *next* to
mine!) when the programmer forgot that you need one byte for a string's
null terminator. The branch was to the part of MS-DOS that said something
along the lines of "Formatting drive C: will trash the disk - continue
(Y/N)?" - not that exact wording, obviously, but it was clearly a "near
miss".
And in - er, either 1990 or 1991, the chap across the desk from me made
precisely the same error, and trashed his machine's CMOS. Fortunately,
Compaq had provided us with diagnostic diskettes which allowed us to boot
the machine and correct the problem.
"Nasal demons" *do* happen, people. It's just that they don't always wear
red jumpsuits.
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously) st**********@ya hoo.com wrote:
>
I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a freeware C compiler from the
same company that makes RealPlayer and Quicktime. That's when the
trouble started. See, RealC-32 is like any other C compiler but with
one notable difference. Any time your code invokes undefined
behavior-- for example by dereferencing an uninitialized pointer--
rather than the usual segmentation fault,
instead the program will chug
along as usual, but will silently start launching spam emails and
spyware from the computer.
It was only a matter of time
before I accidentally forgot to initialize
a pointer before dereferencing it.
OK ..., I understand the humor, but it's not making me laugh.
It needs work.
Here's a polished bit of humor on the "do my homework" topic.
This is easily two full orders of magnitude funnier. http://groups.google.com/group/comp....81c58037083416
--
pete
Frederick Gotham wrote:
I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a freeware C compiler from the
same company that makes RealPlayer and Quicktime.
Spiros Bousbouras wrote:
My theories in random order:
1) Troll.
2) Someone very bored who decided to post random
stuff on a group.
3) Someone who wants to tarnish the reputation of a
certain company mentioned in the opening post.
1) Troll or joke, take your pick.
2) What? Bored? Isn't everyone on this group?
3) It's not very certain which company, given that RealPlayer and
Quicktime are made by two separate companies (RealNetworks and Apple).
--
Simon.
Simon Biber wrote:
Frederick Gotham wrote:
I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a freeware C compiler from the
same company that makes RealPlayer and Quicktime.
No, Frederick Gotham did not write that. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Pmb |
last post by:
Hi. I'm new to this group. I'm refreshing/learning C++ and am starting to
learn Object Oriented Programming (OOP). In discussing this with people I
came up short as to what the benefits of OOP are. For example: As I
understand it, OOP has its main benefit in software reuse. Thus one develops
a software library of classes and this cuts down the overhead of reinventing
the wheel. Someone might say that this can be done with structured...
|
by: Bibby |
last post by:
Hi, I'm interested in getting started in the programming world. I've dabbled
in C, C++ and VB6. Which would be the best language to focus my attention to
regarding the following considerations:
Hireability
Portability
Flexibility
The likely candidates seem to be Java, VB.Net, C, C++, C#.
|
by: PRESENT321 |
last post by:
I just wanted to get some advice.
I've had a few years experience in web site design and server-side
programming and am fairly confident in my skills.
There is a local Credit Union wanting to add a few features to their
site (bill pay, transfer money between banks) and I am interested in
the job.
However, I've never worked for a bank before. Any suggestions about
how to win the job, and how to ensure my work is secure enough for this
|
by: @(none) |
last post by:
Hi, I need to learn the necessary and sufficient C programming knowledge
in order to be able to implement number theory and graph theory
algorithms (as RSA or Dijkstra algorithms). No system programming no
network programming nor graphic programming.
Any advice ? Any link to a non verbose reference ?
Thanks in advance,
|
by: Bret Pehrson |
last post by:
This message isn't spam or an advertisement or trolling.
I'm considering farming some of my application development to offshore shops
(I'm in the US). I have absolutely *no* experience w/ this, and therefore I'm
looking for comments, suggestions, etc. on how to go about this w/o getting
screwed.
My current application development is primarily database-driven apps in C++/C#,
so I'm looking for programmers w/ up-to-date skills.
| | |
by: John Salerno |
last post by:
There is an article on oreilly.net's OnLamp site called "The World's
Most Maintainable Programming Language"
(http://www.oreillynet.com/onlamp/blog/2006/03/the_worlds_most_maintainable_p.html).
It's not about a specific language, but about the qualities that would
make up the title language (learnability, consistency, simplicity,
power, enforcing good programming practices). I thought this might be of
interest to some of you, and I...
|
by: pavan |
last post by:
Is there a modern (OO, garbage collected etc...) programming language
that can server as a good alternative for C for system programming. I
wouldn't want to compromise too much on performance.
|
by: CoreyWhite |
last post by:
I bought this book years ago, when I was just learning C++. Since
then I've gone through every math course offered at my college, taken
courses on coding C & thinking in terms how how to make the smallest
tightest algorithms to preform specific functions. I've also grown
and matured a lot, and am wiser and older. I'm reading through the C+
+ Programming Language, Third Edition now, and I can actually
understand it. I can understand it...
|
by: Banfa |
last post by:
Posted by Ganon11
So, you want to learn how to program! Good for you! Programming is a very intruiging and fun activity to pick up, and it's also a great career choice if you like it! Finally, it can be a great brain teaser-type activity, as you challenge yourself with creative and difficult problems!
But there's a problem.
What I'm typing in right now is English. It's cool, it lets you understand what I'm saying, and we've spoken...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
