Profile overview for Craftkorb.
Submission statistics

This user has mostly submitted to the following subverses (showing top 5):

10 submissions to programming

1 submissions to subverserequest

1 submissions to voatdev

1 submissions to AskVoat

1 submissions to introductions

This user has so far shared a total of 3 links, started a total of 12 discussions and submitted a total of 196 comments.

Voting habits

Submissions: This user has upvoted 45 and downvoted 8 submissions.

Comments: This user has upvoted 70 and downvoted 5 comments.

Submission ratings

5 highest rated submissions:

[META] I'm the moderator of /v/programming and pledge to be more active from now on - AMA, submitted: 7/15/2015 9:37:59 PM, 36 points (+36|-0)

Underhanded C Contest started today!, submitted: 8/16/2015 6:08:25 PM, 22 points (+22|-0)

Requesting /v/programming - Am the only active mod and need full permissions, submitted: 7/16/2015 10:39:19 PM, 14 points (+14|-0)

Evening everyone, submitted: 2/22/2015 12:34:44 AM, 14 points (+14|-0)

[META] We're not getting any other moderators right now, and here's why, submitted: 8/1/2015 2:30:52 PM, 12 points (+13|-1)

5 lowest rated submissions:

Saving the sidebar text is broken for me., submitted: 7/21/2015 3:31:50 PM, 1 points (+1|-0)

Two bugs with the sub / sup tags: One in the submission title, one in subverse sideboard, submitted: 7/22/2015 3:41:16 PM, 2 points (+2|-0)

Bi-monthly Community Feedback Thread Numéro Trois, submitted: 8/21/2015 5:48:59 PM, 2 points (+2|-0)

Rule change going into effect on Saturday (August 15th) and WE'RE HIRING, submitted: 8/12/2015 6:20:00 PM, 3 points (+9|-6)

Let's discuss the "Like" feature of oh so many internet services, submitted: 7/10/2015 3:04:07 PM, 3 points (+3|-0)

Comment ratings

3 highest rated comments:

Github disables repository for using the word "retard." submitted by SuperConductiveRabbi to programming

Craftkorb 2 points 28 points (+30|-2) ago

Ohai, mod here. Just wanted to quickly note that I in terms of being a moderator, will always give politicial submissions like these the Opinion flair. It does not mean that we either endorse or oppose the view reflected by the submission. It does mean that the moderator(s) of /v/programming are staying out of this. For this, it doesn't matter if we as person like or dislike the submission.

With this being said, maybe one should rename the flair to Opinion/Politics or something.

Github employee attempts to dox user who complained about repo deletion submitted by 404_SLEEP_NOT_FOUND to programming

Craftkorb 23 points 19 points (+42|-23) ago

These submissions are getting out of hand. Remember, this is not "GitHub in Action". If these continue to pile up we'll have to come up with a solution. Spamming the frontpage isn't one. If that being remotely affiliated with programming (Employee doing shit -> Something with "SJWs" -> GitHub -> Repository -> Programming related) is good enough, then people might as well post pictures of their mobile phones.

Edit: That stuff was in October 2014. Almost a year ago.

All decisions have consequences, but how did MS break OpenType fonts in such a way that it allows creation of an elevated user? submitted by TigrisMorte to programming

Craftkorb 1 points 18 points (+19|-1) ago

Many things run in the Kernel in Windows. I'm really sorry to say this, but honestly, that's beyond bad idea. I'm pretty sure though that the MS guys know it themselves, so no need to say further :>

Some things which run in the Kernel: Many things of the GUI drawing, and some other services not belonging there, like parts of the MS HTTP Server IIS (Optionally). All of these don't belong there. Why were they put there in the first place? Good question. For the IIS potion, it's to increase performance. Sorry windows lovers, but looks like the Windows kernel sucks and is abysmal slow, so slow that to win the speed race against linux boxes and their user-space daemons, they had to build a Kernel module to keep up to speed. This is the reason why every security issue inside IIS is immediately beyond critical. Fun times. For other things, I guess it was decided to put there for faster development. Wild guess. Other than that I don't know, I can't think of any good reason, really.

So, as drawing the GUI (Graphical User Interface) is done in the Kernel, font files are also read there. This means that every issue which leads to a crash immediately leads to a critical security issue (Oh, and it makes the system really unstable). I can't find right away what kind of exact issue this was, so let me just do some guessing what kind of issues there could have been:

  • Buffer overflow: The good old buffer overflow. Meaning, you have a data structure, allocate some kind of buffer to hold data, and then try to memcpy more data into it than it has space. This quickly leads to a crash, which may be mitigated by carefully crafting the data.
  • Missing boundary check: Maybe they didn't do proper boundary checking, so that a index given in the OpenType font was not sanity checked, and thus triggered a write out-of-bounds.
// Example of a buffer overflow:
char buffer[20];
strcpy(buffer, openTypeHeader->something); // BAD: No bounds check! If 'something' contains more than 19 Bytes before hitting a 0x00 Byte, this causes a buffer overflow

// Example of a missing boundary check triggering out of bounds writes
int lookup_table[256]; // Lookup table, mapping from an index to some integer. Replace 'int' with anything you like.
lookup_table[openTypeCharacter->index] = openTypeCharacter->foo; // BAD if index is wider than 8Bits: 'index' may be greater than 256, and thus trigger a out-of-bounds write

To sum it up, I'm pretty sure that the developers over at Microsoft hate themselves that at some point it was decided to put these things into the Kernel. You may have heard of mitigation technologies like ASLR, but these don't help on windows. Why? Take a guess. Got one? Answer is: They're disabled in the Kernel, where we're running. Oh well.

One final note: Never put anything into the Kernel that may be done in user-space. Create a user-space daemon, and carefully give it the needed permissions (And only those!) to do its job.

Drops mic

3 lowest rated comments:

deleted by user submitted by moliver to programming

Craftkorb 6 points -4 points (+2|-6) ago

The troll cave is the other way.

If you use a VPN to keep yourself private, you may want to use this tool to check the JavaScript WebRTC IP Leak isn't exploitable in your browser. [x-post - v/JavaScript] submitted by FruityPants to programming

Craftkorb 5 points -3 points (+2|-5) ago

Okay, so how is this now related to programming? (HTML is also not programming related). Hating on me, downvoting me, etc., won't do anything. It actually just increases the likelihood of me deleting the submission.

So, are you now able to make a comment which is not a random rant?

If you use a VPN to keep yourself private, you may want to use this tool to check the JavaScript WebRTC IP Leak isn't exploitable in your browser. [x-post - v/JavaScript] submitted by FruityPants to programming

Craftkorb 2 points -2 points (+0|-2) ago

HTML itself? It's a markup language, not a programming language. CSS? Neither. JavaScript? That's perfectly fine.

Arcane proof of concepts where people are building something turing complete with CSS or HTML only (Read this as "not a programming language") is welcome.