Archive for May 24, 2019

Friday, May 24, 2019

Why Does Windows Use Backslash As the Path Separator?

Michal Necasek (via Hacker News):

Microsoft reportedly wanted to use the forward slash as path separator, but IBM nixed the idea because it would have created an incompatibility with DOS 1.x, which already used the forward slash as a switch character, separating command options.


Changing the slash semantics had a clear potential for destroying data, especially when running batch files written for DOS 1.1. Something like ‘COPY FOO + BAR /A’ has rather different semantics when /A is a switch vs. when /A is a file or directory in the disk’s root directory.


There have Microsoft’s own word that the forward slash came not from CP/M, not from IBM, but from DEC, and there’s an explicit mention of TOPS-10.

How Effective Is Basic Account Hygiene at Preventing Hijacking?

Google (via Kevin Beaumont):

We found that an SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.


Given the security benefits of challenges, one might ask why we don’t require them for all sign-ins. The answer is that challenges introduce additional friction and increase the risk of account lockout. In an experiment, 38% of users did not have access to their phone when challenged. Another 34% of users could not recall their secondary email address.

Facebook Sharing Data With Phone Carriers

Sam Biddle (via John Gruber):

Offered to select Facebook partners, the data includes not just technical information about Facebook members’ devices and use of Wi-Fi and cellular networks, but also their past locations, interests, and even their social groups. This data is sourced not just from the company’s main iOS and Android apps, but from Instagram and Messenger as well. The data has been used by Facebook partners to assess their standing against competitors, including customers lost to and won from them, but also for more controversial uses like racially targeted ads.


The source, who discussed Actionable Insights on the condition of anonymity because they were not permitted to speak to the press, explained that Facebook has offered the service to carriers and phone makers ostensibly of free charge, with access to Actionable Insights granted as a sweetener for advertising relationships. According to the source, the underlying value of granting such gratis access to Actionable Insights in these cases isn’t simply to help better service cell customers with weak signals, but also to ensure that telecoms and phone makers keep buying more and more carefully targeted Facebook ads. It’s exactly this sort of quasi-transactional data access that’s become a hallmark of Facebook’s business, allowing the company to plausibly deny that it ever sells your data while still leveraging it for revenue.

Previously: A Privacy-Focused Vision for Social Networking.

Understanding Real-World Concurrency Bugs in Go

Tengfei Tu et al. (PDF via Susan Potter):

In this paper, we perform the first systematic study on concurrency bugs in real Go programs. We studied six popular Go software including Docker, Kubernetes, and gRPC. We analyzed 171 concurrency bugs in total, with more than half of them caused by non-traditional, Go-specific problems. Apart from root causes of these bugs, we also studied their fixes, performed experiments to reproduce them, and evaluated them with two publicly-available Go bug detectors. Overall, our study provides a better understanding on Go’s concurrency models and can guide future researchers and practitioners in writing better, more reliable Go software and in developing debugging and diagnosis tools for Go.