About ericlippert

http://ericlippert.com

Defying gravity

No tech today, but some fun for Friday.

The 2015 Moisture Festival is over; if you’re not familiar with the festival, it’s a month-long celebration of old-timey and modern vaudeville, comedy, variety, burlesque and circus arts at multiple venues here in Seattle. Hundreds of artists come in from around the world, and often end up staying in my spare bedroom to cut down on their costs. This year I had the pleasure of spending a week with one of the world’s greatest jugglers, Niels Duinker, during the festival and I thought I’d post some links to his videos. When I was a college student I taught myself to juggle, but that was before all the great youtube tutorials that are now available.

Here is Niels on how to do three — start here if you’ve never juggled before.

Back in the day I got a few pretty solid four ball patterns going but I never managed to get more than eight throws with five, or six throws with three in one hand. Maybe I’ll give it another shot!

What is the unchecked keyword good for? Part two

Last time I explained why the designers of C# wanted to have both checked and unchecked arithmetic in C#: unchecked arithmetic is fast and dangerous, checked arithmetic is slightly slower but turns subtle, easy-to-miss mistakes into program-crashing exceptions. It seems clear why there is a “checked” keyword in C#, but since unchecked arithmetic is the default, why is there an “unchecked” keyword?

Continue reading

What is the unchecked keyword good for? Part one

One of the primary design goals of C# in the early days was to be familiar to C and C++ programmers, while eliminating many of the “gotchas” of C and C++. It is interesting to see what different choices were possible when trying to reduce the dangers of certain idioms while still retaining both familiarity and performance. I thought I’d talk a bit about one of those today, namely, how integer arithmetic works in C#.
Continue reading

Too many hobbies

Hey all, apologies for the sudden and very long break there. A number of people asked me if I was OK, falling off the face of the earth like that — thanks for your concern, I am fine, just over-busy.

Ricky Jay has a line in The Spanish Prisoner where he says that when your hobbies interfere with your work, that’s fine, but when they interfere with each other, you have a big problem. I had that terrible problem back in November and something had to give, so I stopped blogging and woodworking for a while there. The combination of a tight deadline at work, helping Mark get the next edition of Essential C# ready for later this year, and working on a series of educational videos ended up consuming all my available bandwidth for technical stuff.
Continue reading

Nostalgia, horror, and a very old bug

My next article about graph traversal is pre-empted by this breaking news; I’ll pick up that series again soon.

Yesterday morning a coworker forwarded to me an article about a recently patched security hole in Windows, and wondered if I had any thoughts on it. Oh, did I! I read about the exploit with an odd mixture of nostalgia — because I worked on the code in question back in the 1990s — and horror at how long this exploitable bug had been in Windows.

To be clear, I did not write the actual exploitable code; it predates my time at Microsoft. But I was worried while I was reading the article that it might turn out to be my bad! This is the second time that has happened to me, and it is not a pleasant feeling.

Coverity has a research team devoted specifically to security-impacting bugs, and they were kind enough to ask me to write up my thoughts for their blog. You can read about my guess at what the buggy code looked like here.

If you have examples of “missing restore”-style bugs — security-impacting or not — in real-world code in any language, I would love to see them. Please leave examples in the comments here or on the security blog. Thanks!