We continue with the list of important software incidents in recent history as described here.
28) When the fix is worse - Digital content manufacturers take great precautions to thwart software piracy. In one case they even overreached and did more harm than what the buyer had paid for. Sony BMG produced a Van Zant music CD that employed a copy protection mechanism that was scandalous. It involved installing programs that modifies the operating systems to interfere with the CD copying. It also installed another program that would "dial home" the listening habits of the CD buyer. Both programs were not informed to the user. Further they both made the users' computer vulnerable to Trojan horse attacks. Other malicious programs could take advantage of the newly created vulnerabilities and escalate the threats against the target computer. Neither program could easily be uninstalled. The user who bought the CD to listen to music may even risk compromising the computer. The programs that came with the CD also installed open source libraries which itself was a copyright infringement. Moreover, they were not up-to-date and had severe security vulnerabilities. Programs like these that the users did not ask for but are potentially dangerous are termed rootkits. Sony initially denied that these rootkits were harmful. Subsequently it tried to un-hide the programs, provided a so called uninstaller that ended up installing more unwanted software and introducing more security vulnerabilities. These new patches were also difficult to uninstall. To make things worse, the uninstalled collected the email address of the buyer. Sony tried to do a recall but only ten percent of the CDs met that. But it did suspend the copy protection mechanism altogether in 2007. There was a lot of public outcry, government investigations and class action lawsuits. Sony tried to settle all these. Eventually a new and improved software removal tool was provided. It might be interesting to note that the Winternals tool maker actually found the issue on his computer and when Sony made the first round of uninstaller, he was also the first to say that the installer was worse in terms of leaving the computer more vulnerable. Winternals toolsets are popular utilites to work with different aspects of the operating system for routine, troubleshooting and additional tasks.
29) Shell scripting - Perhaps the most illustrative impact of improper shell scripting could be seen with the case of Valve's steam client for Linux. This had an unsafe shell script that did not check whether some of the cleanup steps were appropriate. In particular, if a user moved the installation director, it would summarily delete every file from every folder that the user had. The shell scripts would use the value of a global variable and unconditionally delete every file and folder from the location pointed by the value. The author of the script actually had a comment over the instruction that read "Scary!" and yet the shell script was made available to users. Data corruption is itself bad but data loss without possibility for restore is unpardonable for many users especially when the fix was simply to tighten the script.
#codingexercise
find the count of appearances of a given digit k in a list of numbers A
int GetCount(List<int> A, int k)
{
int count = 0;
A.ForEach(x=>{
var digits = x.ToDigits();
count += digits.Count(t => t == k);
});
return count;
}
#codingexercise
find the count of appearances of a given digit k in a list of numbers A
int GetCount(List<int> A, int k)
{
int count = 0;
A.ForEach(x=>{
var digits = x.ToDigits();
count += digits.Count(t => t == k);
});
return count;
}
No comments:
Post a Comment