We should stop calling them “ad blockers”. If a site serves up a few banner ads as images like the old days, that’s fine. I don’t object to a site paying the bills, or seeing a banner ad.

They’re malware blockers and privacy protections. I don’t want a site popping up bullshit and trying to track me across the net. If that’s what a site is serving, it’s more than an ad, and I absolutely want to block it.

OK, OK, ok, story time.

Way back when (early 90s), when Omni was consulting for McCaw Cellular (or AT&T Wireless, not sure which it was at the time), we were working on apps for NeXTSTEP for sales, customer care, and such for cell phones, nation wide. We'd occasionally get a crash reports and I don't even remember how those got back to us back in the day before automated collection and reporting, but eventually we were able to reproduce it.

Back then NeXT was using gcc as the system compiler and it turns out that the `new[]` C++ operator would allocate room for the stuff you asked for, plus an extra word at the front of the block, where it would store the count (and then give you the shifted address). Except at some point that changed because it was silly and that redundant count was removed. Except that *also* `delete[]` still took the pointer given and loaded the word *before* it to load the count (and then did nothing with it). Given enough hours, you'd eventually have `delete[]` looking off into a previous unallocated page get a stern talking to from the MMU.

Having discovered this, and not having a way to patch the compiler or system libraries, I instead wrote a perl script to process the assembly output of the compiler, find instances of this and fix them, hand verifying each fix was correct while the hack was needed, and every compiled file went through this until we got new tools that fixed the problem for real.

Duct tape and bailing wire, y'all.

Motherboard manufacturer Gigabyte has failed to patch four vulnerabilities in its UEFI firmware.

The vulnerabilities can allow attackers to take over the System Management Mode (SMM), a highly privileged section of the CPU

https://kb.cert.org/vuls/id/746790

General reminder:

The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.

Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.

You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.

Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.

Read “The Psychology of Money”

On having enough.

#books