It just makes you wonder what the underlying bug was.
A few days ago I unzipped Spaceward Ho! version 4 and played a few games. Aside from one old bug I remember from playing in 1995, it ran perfectly. There must’ve been an incredible amount of work that went into that non-event. I can see that leading to a lot of weird-ass connections like this bug.
First off: I remember a reputable bootloader that had a serious security issue when the username entered was around 28 backspaces. Huge software has weird bugs of the careless kind.
But it would be very interesting to find out how we can make these bugs go away. “Good practices” seems to be a non-starter. It’s basically “just don’t write bugs and don’t code in a rush” in different clothes.
[Comment removed by author]
I totally agree. Or smaller, shared code. Would the grub vulnerability have happened if “read securely from keyboard into buffer” would have been available as a high-level action without a library with 500 other functions as baggage?
Sadly, avoiding large code bases seems to be pretty hard in most “general purpose” modern software. (By general purpose I mean any piece of software that doesn’t just do one easily definable task eg: any office suite, picture/video editor or 3d modeling program.) While most of these tend to be even larger than they perhaps need to be due to unneeded features and legacy code etc, some kind of largeness at a level seems unavoidable. I think we might need to accept this, and come up with some other solutions and ways of designing programmes that fit better with the direction things seem to be going in.
Also curious on what the bug could be.
Half jokingly, isn’t this the reason why rumors say Windows 9 was skipped? To avoid all code if version.startswith("9")?
Well, a non-neglectible number of programs from reputable software companies and Adobe failed at detecting OS X 10.10 and indicated that they don’t work on OS X 10.1. Never underestimate the power a hastily written piece of code, even if proper APIs are available.
Oh, wow. It’s amazing since version.split(".").charAt(0) == '1' is actually less convenient than version.split(".").toInteger() > 1.
version.split(".").charAt(0) == '1'
version.split(".").toInteger() > 1
That, as you say, ignoring the fact that there are proper APIs!
You’d be surprised how many programs did that, especially Java ones.
For what it’s worth, the bug appears to be in a support library for dfp.exe, which is the “Disk Footprint Tool”. So it’s not legacy code or anything (but might need to deal with related conditions). Half tempted to try and reproduce and grab a stack trace to try and see what the hell it’s doing…