Over the last year or so, I’ve seen a lot of information coming out of Microsoft dealing with integer overflow. Some Microsofties have even gone on to say that “Integer overflow is the next round of exploitable security bugs” (which is something that I agree with).

So anyway, I noticed today on the Google Research blog an interesting article about just this topic, “Extra, Extra - Read All About It: Nearly All Binary Searches and Mergesorts are Broken”. It seems that an integer overflow has existed in Java’s binarySearch method for nine years! It basically comes about because of code like midpoint = (min + max) / 2 which suffers from an integer overflow when min + max is larger than what can be represented by the integer type.

It can be fixed in various ways (as described in the google research blog post), but after I saw this blog, I had a look at the source for .NET (using none other than Reflector, of course!) and it seems that while the bug existed in .NET 1.x, which had code the following:

int median = (low + hi) >> 1;

.NET 2.0 has replaced that with a call to a new method, “GetMedian”:

static int GetMedian(int low, int hi)
{
    return (low + ((hi - low) >> 1));
}

Which is the a non-integer-overflow-susceptible version.

I also noticed that mono has the same bug (see this file, you’ll have to do a search for “DoBinarySearch”). I suppose I could submit a patch, but I’m too lazy :)

Now, on a 32-bit architecture, I don’t think you’d ever run into this particular integer overflow bug, simply because it’s not possible to allocate an array big enough to hit it. But in the move to 64-bit, integer overflows will become increasingly common as the limits of a 32-bit integer are pushed.

As some people may know, I’ve recently moved house. One of the things I brought with me is my old cordless phone.

Here’s something I didn’t know: most cordless phones operate at 2.4GHz. If anyone’s set up an 802.11b wireless network, that number will sound familiar – it’s the same frequency that your wireless network operates at. Unfortunately, I found this out the hard way.

You see, whenever my phone rings, my wireless network stops working! Now generally, I don’t talk on the phone all that often. But if I’m using the internet when the phone rings, I really have to think about whether I want to talk to whomever is calling...

Another solution (that isn’t as anti-social) would be to buy a 5GHz or 900MHz phone, but right now a new cordless phone isn’t something I really want to buy. So if you try to call me and I don’t answer... well, it could be because I’m checking my email :)

There’s something funny going on over at Google.

First of all, a couple of days ago, I see reports that Google is talking to the U.S. justice department, about the fact that IE7 is having MSN Search as the default search provider (which, first of all, isn’t true: it’ll have whatever the default was in IE6 if you upgrade, and whatever the OEM sets if you buy from an OEM. It’s only the minority of people who buy retails versions of Vista that will have MSN search as the default).

Then on the weekend, I see that Google has signed a deal with Dell, the largest OEM supplier of PC equipment, that will see Google’s software pre-installed on millions of new Dell machines.

Now let’s call a spade a spade and say that it’s rather hypocritical of Google to complain about the default search provider in IE7, while at the very same time signing a deal to see their software on every new computer sold by Dell. Add to that the fact that Google is the default search provider In every other major browser currently on the market (Firefox, Safari, etc). What are they afraid of?

I downloaded the latest Beta of Microsoft Office 2007 today.

I must say that I do like the new interface a lot. I know a lot of people have been complaining about it, but it actually looks a lot cleaner than in the Office 2003 one.

The only issue I have at the moment is rather a lack of support for blog posting. Their new “blogging” interface looks pretty darn awesome, but unfortunately, I wasn’t able to get it to work with my install of b2evolution (though, I’ll admit, my version of b2evo is kind of old – maybe a newer version works?)

Kind of a shame, cause I’d really like to be able to blog directly from Word! Oh well, maybe in the final release. Actually, one thing I’d like to be able to do in the meantime, but I wasn’t able to figure out – if I could just cut’n’paste the XHTML it generates from the blog tool, at least I could cut’n’paste it into my blog’s normal input box. I wonder if that’s possible?

Anyway, I haven’t played around with it that much (just checked that I could read emails from Outlook and write stuff with Word, so I guess we’ll see how the rest of it goes!

I saw an interesting post on Daniel Cazzulino’s blog titled “AJAX may be the biggest waste of time for the Web” and I agree with the initial premise of the post – that is, that AJAX is a waste of time, but that’s about where the agreement ends. I’ve done a little bit of work with AJAX, and let’s face it, it is nothing really special. Just a javascript postback to the server. But the thing is, to get it right is really hard. Unless you use it rather sparingly, then it becomes all too easy to make your site rather difficult to use: bookmarking stops working, the Back button stops working, the keyboard becomes a nightmare to use, screen readers stop working and so on.

The other problem with AJAX (though this is mostly solved with a decent framework) is the browser incompatibilities. But then, browser incompatibilities are par for the course with any web work, I guess. Now, Daniel goes on to say:

I don't think the future of the web lives in HTML and forms and javascript. The future of the web should be fully inmersive 3D worlds where you can hang around, look at things, interact with other people/buyers, etc. Imagine what Amazon would be with such an approach. Instead of browsing catalogs, walk past some hall and find all products in a shelf. Look up and see the special offers signs. That's the web I want for the future.

Which is where I completely disagree. All you’re doing here is trading one set of problems for another set. I mean, I admit it’d be pretty cool to be able to “browse” a 3D virtual Amazon, but in terms of actually being useful, I can’t see how it would be. I mean, how do you “search” in a 3D world like that? What about accessibility? How would a blind person interact with it? I’ll admit that these aren’t unsolvable problems, but this is probably too far removed from the current status-quo to be anything but a cool “toy.”

It kind of reminds me of that scene in Jurassic Park (I forget which one) where the girl starts using their computer, and after muttering something like, “This is UNIX – I know this” she flies around some weird 3D world or something¹...

Another point Daniel makes is:

There is already a web technology that would readily support building next-generation websites: Flash. It's deployed on **98%** of internet-connected PCs.

Now, while that 98% thing may be true, Flash is most definitely not a technology for building next-generation websites. The reason is probably more of an image problem than anything technically wrong with flash itself, but traditionally Flash-based sites have had horrible usability problems. It’s basically all the problems I listed above for AJAX, the only difference being that Flash sites look a little better than standard HTML+CSS.

This is actually where I think XAML has something over Flash. It’s designed to be a proper, first-class UI platform. Flash was originally just a way to get nice-looking vector-based animations onto a web-page – all the UI and scripting stuff came later (and by then, it was too late – Flash was a tool of the artist, not the user interface experts). XAML has all the nifty vector-based graphics (and proper 3D, if that’s what floats your boat) while at the same time, allowing for highly-accessible interfaces.

So, while I do believe that AJAX is (often) a bit of a waste of time, I believe the “future” is going to be something like XAML. I don’t even mind XUI on Firefox, but it’s not quite as advanced as XAML is. Anyway, time will tell.

¹ Another thing about movie-style computer interfaces that I never understood. You’ll often see people typing like 30 words a minutes on the keyboard, but on screen all they seem to be doing is manipulating some graphical objects, or it’s like 15 keystrokes just to open another window... are mice non-movie-friendly or something? Or maybe using the keyboard makes them look more hacker-ish?