Don't catch it!

By -

Dot your i's, cross your t's - but don't catch your exceptions. That's what is recommended if you are coding for Windows Vista.

Well, not exactly. There is an extremely interesting post on the recent ANI cursor handling security vulnerability here. It has a new take on catching exceptions. Catching an exception from a vulnerable snippet of code may nullify the protection provided by Vista's address space randomization, since the hacker may repeatedly try different input values without the process exiting.

Really interesting. The real question is.. how much attention do we really need to pay to this? Where do we draw the line between reliable code (one that catches exceptions) and secure code (one that doesn't). Is it too early to be worrying about this? I wonder.

Comments

Post a Comment

Popular posts from this blog

Dark Fonts and Colors for light theme in VS 11

By -
Image
Update: The VS 2012 Color Theme editor has a lot more options and subsumes the functionality of this settings file. Check it out! ——————————————— Visual Studio 11 comes in two themes: dark and light. I like how the code looks in the dark theme (since it is easy on the eyes), but I like how the menus and toolbars look in the light theme (the buttons look sufficiently different from each other.) So if you want to use the colors and fonts of the dark theme with the light theme UI, you would think you could just export out the fonts, change the theme, and import them back in. However, this has the bizarre side effect of causing all the fonts to become bold. So I went into the theme file and manually changed all the BoldFont="Yes" invocations, and finally I have a theme I like. You can download this settings file if you like, it has only the Fonts and Colors, so it should not mess up any of your other settings. Download Visual Studio 11 Dark Fonts and colors settings fi
Read more

Setting coordinates in Phaser where the body and the sprite are offset from each other

By -
Image
If you're using Phaser with matter physics , sometimes you might need to set a body of a different size from your sprite. That's pretty easy, simply by setting the width and height of the body. But if your physics body is offset from where the sprite is, then one has to use the setOrigin method to fix this. This can be tricky. This diagram might help explain how origin is used, where 'visual' is the sprite, and 'body' is the physics hitbox: And finally, if you do some algebra to find the origin, you can use the following code: // SPDX-License-Identifier: Apache-2.0 const visualX = 150; const visualY = 150; const visualWidth = 120; const visualHeight = 120; const bodyX = 200; const bodyY = 200; const bodyWidth = 180; const bodyHeight = 180; const originX = (bodyX - visualX) / visualWidth + 0.5; const originY = (bodyY - visualY) / visualHeight + 0.5; const sprite = this.matter.add.sprite(bodyX, bodyY, '
Read more

Laptop Surprises: Lenovo Yoga Slim 7i

By -
I recently bought a Lenovo Yoga Slim 7i (Model 14ITL05). I really like it. I am trying to write down everything that surprised me about the laptop in here. These are mostly things that did not understand about the machine from the product page on Lenovo when ordering. I'll start off with the pleasant surprises: There is some sort of radar sensor on the top on the screen, in the webcam area. When I come and sit on my chair in front of the laptop, it wakes the screen and then Windows Hello logs me in with face ID. This is great! There is a feature called Battery Conservation Mode . What it does is: it pauses charging the battery when it reaches somewhere between 55 and 60%. So you can get the full performance out the CPU without adding a lot of wear on the battery. It allows the CPU to go to full performance with all the wattage coming from the AC adapter without worrying about battery wear. However, I would like to know more about this, and exactly why the battery percent
Read more