The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Monday, July 18, 2022

A screed against modern consumer electronics

So I'm watching this video on a mouse/scanner combo thing when at the very end, Cathode Ray Dude goes on a rant about the companies that make modern consumer electronics that I found amusing. I also think it's a sad state of affairs that I agree with his sentiment that most consumer electronic companies exist just to get bought out and not to sell a viable product.

Wednesday, July 13, 2022

I think Mac OS-X is wrong in this case, and Linux is right

There was apparently a frantic bug-hunt involving “Project: Lumbergh” yesterday that I was not involved in. From the description of the bug, it certainly sounded like it was a manifestation of “undefined behavior” as “Project: Lumbergh” was actinging differently between Linux and Mac OS-X (our testing and development platforms). The issue stemmed from this bit of code (not the exact code, but similar in nature):

x = strtol(input,&endptr,10);
if ((errno == 0) && (endptr != input))
/* ... */

And the fix:

errno = 0; /* BUG FIX */
x = strtol(input,&endptr,10);
if ((errno == 0) && (endptr != input))
/* ... */

In fact, there are man pages that show setting errno to 0 in sample code. Here's what the C99 Standard says about library functions setting errno:

The value of errno is zero at program startup, but is never set to zero by any library function. The value of errno may be set to nonzero by a library function call whether or not there is an error, provided the use of errno is not documented in the description of the function in this International Standard.

C99 Standard, section 7.5.3

So no function will ever set errno to 0. To me, this sounds like some earlier failed function causing a false problem in this bit of code, thus the fix to set errno to 0. Now, the C99 Standard says this about strtol():

The strtol, strtoll, strtoul, and strtoull functions return the converted value, if any. If no conversion could be performed, zero is returned. If the correct value is outside the range of representable values, LONG_MIN, LONG_MAX, LLONG_MIN, LLONG_MAX, ULONG_MAX, or ULLONG_MAX is returned (according to the return type and sign of the value, if any), and the value of the macro ERANGE is stored in errno.

C99 Standard, section 7.20.1.4.8

And indeed, on both Linux and Mac OS-X, for values outside the given range, ERANGE is returned. The issue happens when no conversion happens. Both systems return 0, but Linux doesn't set errno whereas Mac OS-X does. In fact, Mac OS-X sets errno to EINVAL, which isn't even defined in the C99 Standard (but it is defined for POSIX). I think Mac OS-X has the wrong behavior here. errno is documented in the description of strtol() (but only for one error case), so Mac OS-X shouldn't be (in my opinion) errno when there's a conversion issue.

It may be a moot point though, as the fix appears to be working as intended on both systems.

Friday, July 01, 2022

“I'm sorry I mistakenly sent that to you. By the way, how are things with you?”

The fact that these scammers never include the pitch in their opening texts makes them seem confusing and mysterious. But the scam itself is an old and obvious one. If you respond (with “wrong number,” say) the scammer will attempt to draw you into conversation …

This is the first step in what is, at its core, an old-fashioned “romance scam,” in which the scammer exploits a lonely and/or horny person by faking a long-distance, usually romantic relationship. After the scammer has gained the trust of their victim, they convince them to transfer money, often for an investment; in some cases, the victim can be enticed into several successive transfers before they realize they’re being played.

Via Hacker News, What's the deal with all those weird wrong-number texts?

I think this explains the weird email I received two weeks ago. It's either that, or maybe (with low probability given the email sent) a form of “crypto drainer” as was suggested.

Wednesday, June 29, 2022

“These are not the child processes you are looking for.”

At The Enterprise, QA asked if they could have a tool that starts all our stuff up so they can do some performance tests (there are reasons they're asking for this, and why I agree with them that go beyond the scope of this entry). I replied I would see what I could do—it can't any harder than what I've done so far. And I came across an interesting bug.

The program will take our existing test cases, generate all the data and output a list of all the phone numbers so QA can use whatever they use to generate appropriate traffic. Then it will start up all the appropriate programs and just sit there, monitoring the processes such that if any stop, it stops the rest of them. And then QA can run whatever they run to inject requests into the maelstrom at whatever rate they see fit.

The bug in question: due to how the code was being written, I was slowly moving code to catch two signals, SIGINT (the interrupt signal) and SIGCHLD (a child process has terminated) closer and closer to the start of the program (for various reasons not germane to this entry). At one point, the program was always stopping because it thought one of the programs being tested has crashed when it hadn't. I was able to isolate it—this code:

local tests = load_tests(arg)

signal.catch('child')
signal.catch('int')

worked, while

signal.catch('child')
signal.catch('int')

local tests = load_tests(arg)

failed. I then had a look at load_tests() so see what in the world might be going on, when I saw this:

os.execute("/bin/rm -rf dump/")
-- other code
local foo = io.popen("mkfoo lnp.dat","w")
local bar = io.popen("mkbar sup.dat","w")
-- other code

I was executing other programs to generate the data, and those processes exiting were sending SIGCHLD that the program (and I) were not expecting. Huh … leaking abstractions for the bugs!

Tuesday, June 28, 2022

Notes on an overheard conversation on who will be driving

“Do you want to drive?”

“No thank you, I'd rather not drive to my doom.”

“It's not to your doom!”

“Okay, okay! I'd rather not drive to my mild annoyance.”

Monday, June 27, 2022

Cleaning cobwebs off the web browser

Firefox was giving me fits. It would work fine except when I quit the application, then it would just sit there consuming over 100% of the CPU (not hard given I have multiple CPUs on the machine). I even rebooted the machine on the off chance that Firefox thought it was running on a Windows box and not a Mac. But no, Firefox kept freezing when I quit the application.

I was afraid that somehow some critical file got corrupted and that I would have to nuke all my Firefox settings and start over again. But before I do that, let me just … maybe? clear the cache?

Yup. Clearing the cache fixed the issue. And upon thinking of it, I don't think I've bothered to clean the cache since … 2015? Really? It's been that long? Wow.

Saturday, June 18, 2022

I think this is a scam email, but I'm not sure how it works

I received the following email last night:

From
Sergio Rios <XXXXX­XXXXX­XXXXX­XXXXX­X>
To
Undisclosed recipients:;
Subject
transfer done
Date
Fri, 17 Jun 2022 22:43:09 +0000

Hi Carlo,

Trust you are having a good day. As earlier discussed in our last week meeting, your bitcoin wallet has been funded with 48 .99 BTC making a total of 1,433,296.04 USD. Please login with below details to confirm your BTC balance.

Website : XXXXX­XXXXX­XXXXX­X
Customer ID : XXXXX­XXX
password: XXXXX­XXXX

I’ll be joining the team coming week for a symposium in Switzerland. Give me a call if anything else is needed.

Regards,
Sergio

I don't understand this email. It was sent to an email address I have that is the target of a lot of spam (it's the address I use for my domain registration and as I never opted to “hide” that email address, it's gotten around to a lot of spam lists), although the “undisclosed recipients” kind of gives it away as spam anyway. The website exists (I checked DNS) but I have not visited the site, so I don't know of the customer ID or password actually work. A quick web search on the domain name has revealed a lot of suspicion about the website, and a search on “Sergio Rios” doesn't reveal anything either.

So I have to wonder—what's the angle here? What's the scam? How is this supposed to work?

Obligatory Picture

[It's the most wonderful time of the year!]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2022 by Sean Conner. All Rights Reserved.