Older blog entries for uweo (starting at number 35)

How to create a buffer overflow, lesson 1:

char name2[PATHLEN];
char name[PATHLEN];
strcpy(name2,name+something);
name[name+something]='.';
strcpy(name+something+1,name2);

Indeed. Broken. And i didn't notice it in more than 5 years. Speak about quality.

I inherited that from the original rzsz sources ...

A nice day: The sun shines. I'm possibly going to leave early today to make some photographs.

Something which is not so nice is german politics, especially regarding the list of a few web servers a regional authority wants to be blocked. They don't have the slightest idea about the technical side of things ... and the way *how* they are trying to enforce their ideas makes my feel uneasy.
It's not like these four servers contain anything of value, but i fail to see something which needs to be filtered ... i mean, by german law someone is innocent unless proven otherwise, and a court decides that, not the bureaucracy. I'm not against drastical matters in case of urgency, but hey, the very same content was on the net for years, so there is no urgency.

Back to software: it's incredible how many broken SMTP servers are out there. STARTTLS tends to fail in astonishing ways. "220 Ready" directly followed by a close of the connection. A complete TLS handshake following by an error stating something like "oh, sorry, i don't want to talk to you with TLS". The usual amount of TLS misunderstandings - it's not like all implementions like each other. SMTP servers stating the ability to run TLS in their EHLO response, but telling "unknown command" when you try to start a TLS session. Incredible. But i want it anyway.

I'm tired. 10 long years i published software i mostly wrote for my personal use, but sometimes software i never saw a use for myself for. It has been fun - sometimes.

This message is about the other times.

"Why does ftpcopy fail to mirror some-obscure-site". "I don't know, please give me more details, especially `what does fail mean'". Answer: silence. No, not really, but the guy started to throw dirt on me.
"You should use standard software. Don't waste your time and that of your users with incompatible replacements. Use cron. Learn cron, understand cron and teach cron." Hey, i learned about cron 10 or may be 20 years ago, and that's _why_ i don't use it.
"You didn't answer my question about ... in time. It's now too late, i will not answer your question." Oh, yes, i didn't answer "in time". I regret to have a life sometimes.
"Hello. Your [package] doesn't follow the ... standards. I therefore stop to list in in my [very-important-list-of-open-source-packages]." Heck, yes. You can't seriously follow all standard on this world, and some particular stupid things are just too stupid.
I got flames for not providing binary packages, and flames for compile problems on [operating system of choice, just not my choice].
I could whine about the evenings i spent trying to find some obscure problem. I could whine about all the fine things i missed due to working on software when i could have done other things.
"Why don't you use [non-standard-library-of-choice]?"
I _feel_ like whining today.

What almost killed me was a mail i got last night: "I downloaded ftpcopy this evening, but found that it doesn't have a user interface. Where's the KDE interface? Software shouldn't even be labelled beta without one!". Oh yes, a flame for not having written an X frontend to ftpcopy. That feels really good, especially after spending an evening working on the package. Nice guy ... at this very moment i think he "saved" me from continuing.

Fairly busy times.

It's summer (cooling off now, but anyway), and basically things are as they are supposed to be - it's hot and i'm more often doing something quite different from hacking.
Ok, i _did_ - an outer ear infection stopped me from swimming and diving for the next days. No, i'm not happy - fortunately that didn't hit before i made some very good pictures (from my point of view, of coutse) of a few inhabitants of a sea around here.

I released new versions of ftpcopy and dyndb in the meantime. Two other packages are almost ready to be released. Oh well. It's summer, you understand?

Company is going crazy. The one doing the mass-support left, and $boss "forgot" [1] to get someone to replace him. So now a few people with a little bit of time left do that job, together with $boss, who has his own way of doing support: "oh, this is stupid. Throw away this request". "Answered on the web site. Throw away ...". Ok, _that_ way i can handle a request per minute.
[1] actually i think $boss was surprised by the amount of vacation Thomas still had open ...

My job isn't going well at the moment. Currently i firmly believe that afilias (the company trying to get big money out of .info) has been created to ruin my nerves. Hey, their test server sometimes even answers correctly ... most of the time it doesn't answer at all. Not to forget that it's slow. I was hoping to have a vacation starting tomorrow, but that will not happen, i'm unable to finish even one test run.

Oh, well. Came back yesterday in the evening, noticed a new hole in the wall, where the electric installation was supposed to be done. Unfortunately that hole was a little bit deeper than the wall. I was hoping to carry a lot of things into this room tomorrow. Let's see when i'll do that.

Discussed open source with a friend. "You really mean that being able to fix bugs or audit the code yourself is a reason to avoid standard software from microsoft?". Of course, yes, i do, but Bernd, i don't think i can explain that to you.

I released ftpcopy-0.4.0 yesterday. There's no really compelling reason to upgrade.

Buried in work. Unsatisfied with almost everything, especially including the state of the things regarding our building.

Bad weather for what seems to be eternity. Coming to think about it: I'm swimming a lot. Even at the moment. But the people i'm supposed to swim with, in the club, are disappointing. The hall is closed, due to maintainance. We would get 2 lines outside instead ... guess what? "It's the wrong weather for swimming outside". Morons. No, they are worse. [rant censored]

On the bright side: i bought myself an olympus digital camera. Years ago, when the first digital ones were available, i was quite disappointed. The pictures looked bad even on VGA. I didn't look at digital cameras for about 5 or 7 years. I expected improvement, but i was surprised how much better these things are now, at least in the two and three million pixel classes.

Back to work: Write a converter from a relatively sane data format to a misdesigned XML-Format. The men who designed EPP should be shot on the spot. Those idiots who decided to use this piece of shit in it's unfinished state should be shot, too.

I release ftpcopy-0.3.9 yesterday. It fixes two file descriptor leaks. 0.3.8 was supposed to be free of bugs. I obviously didn't remember to close these file handles.

The proof-reading of the library is finished. Even the documentation seems to make sense. Most of the tools still need to be checked.

Be sure to never catch a 17"-monitor with your feet. Yes, the monitor is OK, thanks for asking. The foot? More or less so.

I released ftpcopy-0.3.8 today. There are, fortunately, no really important reasons to update.

Continued to proof-read and document the library. 80% of the public interfaces are done. 100% of the private interfaces are done - except for the documentation. And then i'll have to do the same for the tools and have to write some introduction. Let's say i'm at 50% overall.
The bad thing is: i will not have time to finish it this week.

Life sucks. Bad news anywhere. No, that's not true, but there are some _very_ bad news.

A bug report for ftpcopy came in today: ftpcopy doesn't work over socks5 using runsocks. After a little bit of investigating it turned out that the socks5 library includes a wrapper for select(). This wrapper sets some flag if a non-blocking socket is connected now. Later this flag is needed inside the getpeername() wrapper.
Now there's no such wrapper for poll. Impact: Bang. Connect failed. No, not really, but ftpcopy couldn't tell.

I'll include some way to turn of the usage of poll at compiletime. The clean solution would be to fix socks5, but i don't really like the nec peoples copyright, and i don't like the code. Somebody forgot KISS.
Besides, what's socks good for? Isn't it just an excuse for not using the right firewall?

I wrote:

I'm quite confident that it's stable
Proofreading is better. It wasn't stable, of course. I wrote a buffer to a place on the disk instead of reading it. Quite stupid, but _hard_ to detect. I couldn't believe it when i looked into the code.

26 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!