> This is a comment made in a software called InstallShield, version X at last, a software intent to create installers, so it probably will appear in many other products.
> Found in a InstallShield sample that I was reversing to check if it's a malware. The line made me chuckle, and it's so heartwarming to see someone actually made a blog on it and the fact the line has been around since 2003. Relics like these make me so nostalgic for the 00's Internet days. To anyone reading this, fist bump from a fellow Int3rW3bz lurker.
Good old InstallShield. At one point it was everywhere, and then... it wasn't.
I keep all the bundled installers I've ever had in a folder. Currently there are files there from 2009 onwards (older ones are archived somewhere). I didn't bother looking for the older ones, but running grep -a ether-rot-mutex quickly yielded a match containing the entire snippet! The culprit is the installer for Ulead (now Corel) PhotoImpact 12 and it has been there since 2010.
This brought me back to college and me learning about steganography. I wonder how many images are floating around with secret messages in them! Also reminds me of people who immortalized themselves by putting their initials or a favorite phrase in the header of a file format that got popular (like Mike did at Microsoft for .exe's; every exe header starts with MZ, which is really friggin cool)
Or the "Don't Steal MacOS.kext" that was used to prevent Hackintoshes from booting if it was messed with
On a tangent re: immortality: reminds me of the names you'd see in splash screens of various products. After one too many years of seeing “Seetharaman Narayanan” in the Photoshop splash screen, I just had to look him up.
I was REing my insulin pump's uploader at one point, and found that it would always send the phrase "all's well that ends well" to the server as part of the handshake
5 people have posted about this very thing over the past 14 years and this will be searchable for decades going forward, either through Google or the way back machine, or possibly through a publicly funded way back machine like alternative.
Meanwhile the odds that your tweet or FB post will be searchable and archivable anywhere close to that is extremely low.
The open Internet is so much better. I hope we start moving back towards it.
Back when I was in high school and programming on the original IBM PCs I wrote a program that would graph "solids of rotation" (a function rotated around the X axis). Well I chose the obvious name based on the 8.3 filename limitations. One day someone looked over my shoulder and said "you named your program solid rot???"
Oops.
It gets worse. A very long time ago a was working for a startup that was doing real-time speech compression, for telephony applications, using a DSP, with the compression/decompression implemented in assembly language. The code had two processes, an analysis process and a synthesis process. My colleague named the entry point to the synthesis process synth_entry, and he named the entry point to the analysis process anal_entry. Either he honestly didn't realize, as he claimed, or he was better at keeping a straight face than anyone I ever met.
I was adding juice to a cockpit simulator game, a whole bunch of lerping and dampening of the position/rotation to react to user input. Didn't realise that I had abbreviated cockpitRotation -> cockRot until I submitted the pull request.
Smells to me like the sort of comment I'd put in ahead of a bit of defensive coding. e.g. I originally made an assumption, but now I realise my mutex enumeration code will fail if somebody actually calls their mutex this one specific thing. So now I have to put in an additional test to guard against that.
wild guess: there was some sort of registration or copy protection that generated a unique machine id or cryptographic key by applying some simple transformations to the mac address. it was trivially defeated because it was easy to find where this was calculated because of the naming of a mutex that enclosed it. after defeat and remediation, this was added as a grumble.
for background: it wasn't uncommon in the old dark days of proprietary windows software to have an installer generate a machine id that would then be used to compute a machine specific install or registration key.
i don't want to use the word sign, because that was probably more advanced than what actually went on, but the registration key was often a function of the machine id.
what would happen if somebody, in their solidity-based smart contract, called a mutex "ether-rot-mutex". ether is one shortening of ethereum so it's not hard to guess. neither is mutex. rot is frequently short for rotation. also German for red.
if it's easy enough to get scope wrong or cause leaky namespaces in solidity (disclaimer: i do not know enough about solidity to guess at this) then could somebody calling a mutex "ether-rot-mutex" little-bobby-tables themselves into exploiting your smart contract?
i don't know. i don't even know what i don't know in this particular field. i'm just letting my apophenia out to play :)
Why not use a randomly generated (once and then fixed) string with 128 bits of entropy if you want to avoid accidental name collisions but need a well-known name?
maybe they reverse engineer or whitehat/grayhat/whateverhat for a living? hacking, ethical or otherwise, could explain looking through binaries with hex readers.
Can anyone comment on the mindset of someone who creates a Blogspot for a single article? Is it anything beyond "I want to post this anonymously and have it hosted for free indefinitely"? It feels like an odd solution, but I also can't think of a better one.
The author found "ether-rot-mutex" amusing enough to start the blog and name it after the thing. They anticipated more posts in the future, but they didn't happen.
The best part of this is that it is concrete evidence of Google Search result quality decay. The screenshot of the search in the article shows a result from a Blogspot blog called "Frankie's Joint".
If you do today the exact same search that the OP does on his screenshot, that result does not show up. ALL the results I get are either a reference to this Hacker News post, or computer generated pages. A short 2 pages worth of useless computer generated content, including binary analysis pages and alternative frontends to the HN post.
Has anyone attempted to create a "search engine benchmark" of, say, oddly specific phrases that almost certainly need to return a certain set of pages as the top result? This could quantify the loss in quality we keep talking about.
If the full list were public then the results could of course be gamed, but if only a sample were public and the full set were private then it would probably provide a useful metric (and would be able to measure attempted gaming by the score on the public and private datasets).
Google gave up on search though right? Like, I assume they’ve just abandoned it, maybe as recently as 2 or 3 years ago. Can anyone prove that they haven’t?
I'm curious if they explicitly excluded their blog from Google search results, they don't seem to have the highest opinion of Google from various posts.
Mutex is a synchronization primitive implementing mutual exclusion. When created with a name, they can be used to synchronize processes across the whole OS.
For instance, a named mutex is a good way to ensure the program can only be running in a single instance. Specifically, the program creates a named mutex on startup, and locks it forever. If failed to lock, it shows a message saying "another instance is already running" and quit. When the program quits normally, the OS will automatically unlock the mutex, allowing the program to run once again.
Now, imagine that by coincidence, 2 unrelated programs have implemented that approach using the same name for the mutex. This gonna break both of them with weird bugs. Launch program A, then launch program B, and it won't run complaining "another instance is already running" despite that's not true.
For this reason, mutex names are better be very unique.
A typical solution is generating a GUID and using it for the name of the mutex.
But the developer of that particular program instead used the string "What are the odds that some idiot will name his mutex ether-rot-mutex!" They're not wrong in the sense the odds are miniscule, however GUIDs are unique too and much shorter, only 36 characters.
[+] [-] iKlsR|3 years ago|reply
> This is a comment made in a software called InstallShield, version X at last, a software intent to create installers, so it probably will appear in many other products.
> Found in a InstallShield sample that I was reversing to check if it's a malware. The line made me chuckle, and it's so heartwarming to see someone actually made a blog on it and the fact the line has been around since 2003. Relics like these make me so nostalgic for the 00's Internet days. To anyone reading this, fist bump from a fellow Int3rW3bz lurker.
[+] [-] pteraspidomorph|3 years ago|reply
I keep all the bundled installers I've ever had in a folder. Currently there are files there from 2009 onwards (older ones are archived somewhere). I didn't bother looking for the older ones, but running grep -a ether-rot-mutex quickly yielded a match containing the entire snippet! The culprit is the installer for Ulead (now Corel) PhotoImpact 12 and it has been there since 2010.
[+] [-] DANK_YACHT|3 years ago|reply
[+] [-] baisq|3 years ago|reply
[+] [-] nunez|3 years ago|reply
Or the "Don't Steal MacOS.kext" that was used to prevent Hackintoshes from booting if it was messed with
[+] [-] npsomaratna|3 years ago|reply
https://www.ironicsans.com/2006/09/interview_seetharaman_nar...
[+] [-] medstrom|3 years ago|reply
[+] [-] sdmike1|3 years ago|reply
[+] [-] thawaya3113|3 years ago|reply
Meanwhile the odds that your tweet or FB post will be searchable and archivable anywhere close to that is extremely low.
The open Internet is so much better. I hope we start moving back towards it.
[+] [-] sprior|3 years ago|reply
[+] [-] not2b|3 years ago|reply
[+] [-] Firmwarrior|3 years ago|reply
[+] [-] 91edec|3 years ago|reply
[+] [-] urbandw311er|3 years ago|reply
[+] [-] bmm6o|3 years ago|reply
[+] [-] derefr|3 years ago|reply
In some languages, rather than comments being a special syntactic thing, you just write a string-literal expression as its own statement.
Before dead code elimination was a thing, I imagine these string-literals would end up in the binary.
[+] [-] mkj|3 years ago|reply
[+] [-] IncRnd|3 years ago|reply
I think you meant "in the source code sense" not "in the true sense."
It could very well be a comment in installware.
[+] [-] a-dub|3 years ago|reply
for background: it wasn't uncommon in the old dark days of proprietary windows software to have an installer generate a machine id that would then be used to compute a machine specific install or registration key.
i don't want to use the word sign, because that was probably more advanced than what actually went on, but the registration key was often a function of the machine id.
[+] [-] imgabe|3 years ago|reply
[+] [-] twic|3 years ago|reply
[+] [-] bee_rider|3 years ago|reply
[+] [-] classified|3 years ago|reply
[+] [-] schmeckleberg|3 years ago|reply
solidity programs can be hosted on? run on? ethereum. people can and do implement mutexes in solidity. (e.g.: https://medium.com/coinmonks/protect-your-solidity-smart-con...)
what would happen if somebody, in their solidity-based smart contract, called a mutex "ether-rot-mutex". ether is one shortening of ethereum so it's not hard to guess. neither is mutex. rot is frequently short for rotation. also German for red.
if it's easy enough to get scope wrong or cause leaky namespaces in solidity (disclaimer: i do not know enough about solidity to guess at this) then could somebody calling a mutex "ether-rot-mutex" little-bobby-tables themselves into exploiting your smart contract?
i don't know. i don't even know what i don't know in this particular field. i'm just letting my apophenia out to play :)
[+] [-] SCUSKU|3 years ago|reply
[+] [-] qsdf38100|3 years ago|reply
Now, comments don’t end up inside compiled files right? This has to be a string, not a comment??
What am I missing?
[+] [-] lann|3 years ago|reply
[+] [-] mike_hock|3 years ago|reply
[+] [-] gsliepen|3 years ago|reply
[+] [-] pharmakom|3 years ago|reply
[+] [-] invalidusernam3|3 years ago|reply
[+] [-] schmeckleberg|3 years ago|reply
[+] [-] andrewflnr|3 years ago|reply
[+] [-] jwilk|3 years ago|reply
The author found "ether-rot-mutex" amusing enough to start the blog and name it after the thing. They anticipated more posts in the future, but they didn't happen.
[+] [-] bayesian_horse|3 years ago|reply
[+] [-] gomox|3 years ago|reply
If you do today the exact same search that the OP does on his screenshot, that result does not show up. ALL the results I get are either a reference to this Hacker News post, or computer generated pages. A short 2 pages worth of useless computer generated content, including binary analysis pages and alternative frontends to the HN post.
The original article on Frankie's Joint still exists, here it is: https://frankiesjoint.blogspot.com/2014/08/nein-doktor-nein....
[+] [-] thrtythreeforty|3 years ago|reply
If the full list were public then the results could of course be gamed, but if only a sample were public and the full set were private then it would probably provide a useful metric (and would be able to measure attempted gaming by the score on the public and private datasets).
[+] [-] rapind|3 years ago|reply
[+] [-] walterbell|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] teschty|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] xthrowawayxx|3 years ago|reply
[+] [-] Const-me|3 years ago|reply
For instance, a named mutex is a good way to ensure the program can only be running in a single instance. Specifically, the program creates a named mutex on startup, and locks it forever. If failed to lock, it shows a message saying "another instance is already running" and quit. When the program quits normally, the OS will automatically unlock the mutex, allowing the program to run once again.
Now, imagine that by coincidence, 2 unrelated programs have implemented that approach using the same name for the mutex. This gonna break both of them with weird bugs. Launch program A, then launch program B, and it won't run complaining "another instance is already running" despite that's not true.
For this reason, mutex names are better be very unique.
A typical solution is generating a GUID and using it for the name of the mutex.
But the developer of that particular program instead used the string "What are the odds that some idiot will name his mutex ether-rot-mutex!" They're not wrong in the sense the odds are miniscule, however GUIDs are unique too and much shorter, only 36 characters.
[+] [-] infogulch|3 years ago|reply
[+] [-] low_tech_love|3 years ago|reply
[+] [-] totetsu|3 years ago|reply
[+] [-] butwhywhyoh|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] notforsaleldn|3 years ago|reply
[deleted]