The stillness and solitude of a New York rooftop

•June 1, 2015 • Leave a Comment

Originally posted on Ephemeral New York:

Few artists convey the disquieting solitude of city life like Edward Hopper, as he does here in “Untitled (Rooftops)” from 1926.


Hopper, who worked out of his studio on Washington Square until his death in 1967, was fascinated by urban scenes: “our native architecture with its hideous beauty, its fantastic roofs, pseudo-gothic, French Mansard, Colonial, mongrel or what not, with eye-searing color or delicate harmonies of faded paint, shouldering one another along interminable streets that taper off into swamps or dump heaps.”

View original

Using SAL in the SQLite API

•May 10, 2015 • Leave a Comment

I’ve just finished adding annotations to a huge portion of the SQLite API, and I see a LOT of potential. This is going to be awesome.

See the changes that I’ve made so far on GitHub:

I’m not a core SQLite dev, so I just hacked on the amalgamation 😊

Preventing bugs, and improving code quality with Microsoft SAL (Part 2, custom preconditions for structs & objects)

•April 2, 2015 • Leave a Comment

Note: At the end of part 1, I’d suggested that part 2 would be about invalid handles. This post however isn’t about invalid handles. That’ll be the next part in this series.

I very frequently come across code like this:

void dosomething( _In_ somestruct* in ) {
    //Not detected at compile time

The function, dosomething, expects/requires a specific condition. So, the author asserts it, and resolves to test every possible code path, thus verifying code correctness. When all their tests pass, they build in release mode, and the assert disappears.

Some time later, someone calls dosomething under different conditions, all of their tests pass, and they release the modified code.  Users start seeing their data mysteriously corrupt itself, and their once-reliable program is crashing in ways that nobody can reproduce. After several days worth of investigation, developers thoroughly audit the code, and spot the new (and incorrect) code path. They refactor the faulty code path, add a VERY LOUD comment to dosomething, and forget about the whole thing.


Some number of months later, the same thing happens. This time, a developer has a bright idea: Let’s return an error code! Whoever wrote the code without a proper check for invalid arguments is an idiot!

The function now looks like this:


HRESULT dosomething( _In_ somestruct* in ) {
    //Not detected at compile time
    if ( !in->some_precondition ) {
        return E_INVALIDARG;

We’re better off now, or at least we think so.

Now of course, everybody has to check the return code, which means more complexity, more ways to go wrong, and more code paths to test. Since there are far too many code paths to test every single one, some end user might still get to one of the untested, and also invalid, path.

Yet a third developer comes along, and thinks: What a silly C programmer. Someone will inevitably ignore the return value and the error will go unnoticed. Even worse, because I have to check the return value every single time, I can’t compose this function, and thus it’s less practical. This is an exceptional case, so we should treat it as one.

The function now looks like this:

void dosomething( _In_ somestruct* in ) {
    //Not detected at compile time
    if ( !in->some_precondition ) {
        throw std::invalid_argument( "Function preconditions not met!" );


We’re a little bit better off now, at least we’re pretty sure that we are.

Now, exception safety becomes an issue. We still have to test every possible code path to make sure that none of them incorrectly call dosomething. We still can’t be confident about it.

Perhaps somebody else comes along, and writes a wrapper object, thus only “allowing” correct uses of dosomething. Now everybody has to rewrite their code use that wrapper.

Complexity has increased, this function has been refactored thrice, and we still haven’t even found a way to be code-correctness-confident, at compile-time, for all the uses of dosomething.

The cycle repeats, no end in sight.

Nearly every program stops there – they choose error codes or C++ exceptions, to carefully handle bad logic WHEN it happens. Preventing them from happening, well that becomes an issue of “professionalism” and “discipline”.


Neither “professionalism” nor “discipline”, actually prevent the mistakes of logic, but blaming the mistake on a given individual’s moral or personal failings works nicely to…well I’m not actually sure; I have noticed it is a fairly pervasive and pathological mindset in case studies of engineering disasters (Therac-25, Toyota electronic throttle malfunctions, others). But, I digress.

 A few examples from Microsoft’s headers

One of Microsoft’s motivating factors in developing SAL, was the infamous blue screen. Drivers. particularly kernel-mode drivers, are extremely sensitive to misuse.  A failure in the kernel can mean system instability, serious security vulnerabilities, or massive data corruption. Furthermore, the kernel APIs that drivers rely on are often very complex, interacting with many components of hardware and software – and thus very hard to get right.

Continue reading ‘Preventing bugs, and improving code quality with Microsoft SAL (Part 2, custom preconditions for structs & objects)’

A hydrogen bomb detonated against your eyeball

•March 24, 2015 • Leave a Comment

Originally posted on 10 Minute Astronomy:

…would deliver less energy to your retina than a supernova observed from a distance of one astronomical unit (AU; the distance from the Earth to the sun). How much less? From this XKCD What If:

Which of the following would be brighter, in terms of the amount of energy delivered to your retina:

A supernova, seen from as far away as the Sun is from the Earth, or

The detonation of a hydrogen bomb pressed against your eyeball?

Applying the physicist rule of thumb suggests that the supernova is brighter. And indeed, it is … by nine orders of magnitude.

That rocked me back on my heels. And it got me thinking: how far away would one have to be for a supernova to be only as bright as an h-bomb pressed against one’s eyeball?


Radiated energy is subject to the inverse-square law, by which intensity of radiation…

View original 327 more words

Trace Your Book or Kindle with the FingerReader

•March 19, 2015 • Leave a Comment

Alexander Riccio:

The MIT media lab does some pretty damned cool things.

Although, I can imagine a few improvements ;)

Originally posted on Hackaday:

[Roy Shilkrot] and his fellow researchers at the MIT Media Lab have developed the FingerReader, a wearable device that aids in reading text. Worn on the index finger, it receives input from print or digital text and outputs spoken words – and it does this on-the-go. The FingerReader consists of a camera and sensors that detect the text. A series of algorithms the researchers created are used along with character recognition software to create the resulting audio feedback.

There is a lot of haptic feedback built into the FingerReader.  It was designed with the visually impaired as the primary user for times when Braille is not practical or simply unavailable. The FingerReader requires the wearer to make physical contact with the tip of their index finger on the print or digital screen, tracing the line.  As the user does so, the FingerReader is busy calculating where lines of text…

View original 221 more words

I will be out of normal contact until Wednesday March 25th

•March 17, 2015 • Leave a Comment

I’ll be away from my computer, but not my phone. This means ( sadly ) no compilation, and thus, no development. is BACK UP!

•February 21, 2015 • Leave a Comment

The issue with my email has been resolved. You may now email me at

ATTENTION: is not reachable!

•February 14, 2015 • Leave a Comment

Due to some sort of mixup with Hover, who manages my email address, is at the moment, a non-functional email address, and has been so since early morning February 12. They have not responded to my emails asking for help. Will update soon.

HDMI Audio and Video for Neo Geo MVS

•February 13, 2015 • Leave a Comment

Alexander Riccio:

A brilliant hack. And available on GitHub!

Originally posted on Hackaday:

[Charlie] was killing some time hacking on some cheap FPGA dev boards he bought from eBay. Initially, he intended to use them to create HDMI ports for a different project before new inspiration hit him. Instead, he added an HDMI port to Neo Geo MVS games. The Neo Geo MVS was a 90’s arcade machine that played gems like the Metal Slug and Samurai Showdown series. [Charlie] has a special knack for mods, being featured on Hackaday before for implementing Zork on hardware and making a mini supergun PCB. What’s especially nice about his newest mod is that the HDMI outputs both audio and video.

[Charlie] obtained the best possible video and audio signal by tapping the digital inputs to the Neo Geo’s DACs (digital-to-analog converter). The FPGA was then used to convert the signals to HDMI, maintaining a digital signal path from video generation to display. While this…

View original 249 more words

Preventing bugs, and improving code quality with Microsoft SAL (Part 1, Prologue)

•February 10, 2015 • Leave a Comment
_Post_invalid_ here is kind of a hack, but it works!

You’re using an invalid handle!

Microsoft’s SAL started nearly ten years ago at Microsoft as part of a major push for code quality, and (more visibly) preventing bugchecks. In its earliest versions, it appears to have been effectively restricted to the Windows core codebase, with kernel-mode-driver developers following suit. “Unleashing the Power of Static Analysis” says that here it helped developers fix more than twenty thousands bugs in Windows Vista,  and more than 6,500 bugs in Microsoft Office 12. Of these, they found one buffer overrun per twenty annotations!

Continue reading ‘Preventing bugs, and improving code quality with Microsoft SAL (Part 1, Prologue)’

Probably Dance

I can program and like games

a totally unnecessary blog

paolo severini's waste of bandwidth

Musing Mortoray

On Programming and Language Design

PJ Naughter's space

Musings on Native mode development on Windows using C++


full-process web designer, front-end developer and all-around creative person ♥

  Bartosz Milewski's Programming Cafe

Concurrency, C++, Haskell, Category Theory

Brandon's Thoughts

Thoughts on programming



David Crocker's Verification Blog

Formal verification of C/C++ code for critical systems


Championing a young, diverse, and inclusive America with a unique mix of smart and irreverent original reporting, lifestyle, and comedic content.

10 Minute Astronomy

Stargazing for people who think they don't have time for stargazing.

One Dev Job

notes of an interactive developer

Scrum Master, Technology Evangelist, Technology Manager

Windows 8, WinRT, iOS, iPhone, iPad, Andriod, VC++, MFC, COM, .NET, XAML, C#, WPF, HTML5, ASP.NET MVC4, Scrum, TFS 2012


Modern C++ for the Windows Runtime

The Angry Technician

No, the Internet is not broken.

Kenny Kerr

MSDN Magazine contributing editor • Pluralsight author • Microsoft MVP • Creator of • Romans 1:16

IT affinity!

The Ultimate Question of Life, the Universe, and Everything is answered somwhere else. This is just about IT.


The ramblings of a crazed mind

Molecular Musings

Development blog of the Molecule Engine

The New C++

The latest version of C++ on steroids

Wikimedia blog

News from the Wikimedia Foundation and the Wikimedia movement

Ephemeral New York

Chronicling an ever-changing city through faded and forgotten artifacts

The Honest Courtesan

Frank commentary from an unretired call girl

Random ASCII

Forecast for randomascii: programming, tech topics, with a chance of unicycling


I.C.F::Israel Cyber Forces


(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Andrzej's C++ blog

Guidelines and thoughts about C++

Bromium Labs

Call of the Wild Blog

the art of unexpected input engineering

Video Encoding & Streaming Technologies

Fabio Sonnati on video delivery and encoding

Freedom Embedded

Balau's technical blog on open hardware, free software and security

Paolo Bernardi

Paolo Bernardi, ramblings and notes (and Crypto-Gram for ebook readers)

The Embedded Code

Designing From Scratch

Bughira's Weblog

There is no such thing as closed source software...the processor sees every instruction, and so does the reverse engineer...

mov ah, 9<br>mov dx, hello_world_msg<br>int 21h

Just another weblog

Running the Gauntlet

Tank and Siko's Security Blog


so watch me do the funky dead butterfly.

The ThreatSTOP Blog

Neutralize Malware. Prevent Data Theft.


home of the Custom light controller and LightFX library

Naked Security

Computer Security News, Advice and Research

root labs rdist

Embedded security, crypto, software protection


Advances in biological systems.

Strategic Cyber LLC

A blog about Armitage, Cobalt Strike, and Red Teaming


Get every new post delivered to your Inbox.

Join 1,020 other followers