Ages ago I noticed a bit of a “feature” on Skype and initially thought how cool it was. It was when I was using skype for work both in the office on my office laptop and at home on my Apple Powerbook. I would have conversations at home with other people and when I got into work the next day and looked at chat history I noticed all the previous night’s chat saved there. Cool feature maybe, it makes your chat history available where ever you are (erm… just where does it save that history though?).
Then, I had both laptops at home (I had to do some PC only work) and once again I was chatting via Skype to collegues. This time however, I had both laptops logged in and running Skype and I noticed that my conversation I was having on Skype on one laptop was being fully replicated on the other. Neat idea I thought, although from then on I made sure I logged out of Skype at work at the end of each day; there would be nothing worse than chatting away at home while half the office is watching!
Infact, I then made it a point to log out and to make sure that Skype didn’t automatically log in me on start up on any machine. Just picture the moment when you are busy moaning about work while at home only to find out everything you said has been duplicated and viewed by your collegues at work at the same time, in real time in fact! So while I thought it was possibly more “quirky” than “neat”, I also saw it as a bit of a security risk too.
I then noticed the other day that other people have highlighted this too. One bloke setup Skype on a friends PC, used this login details to show them how it worked, shutdown the computer, and off he went. It was only six months later that both parties relised that each time that person turned on his computer it was automatically logging his friend into Skype and so now had a good six months worth of chat history that the other person had had unknown to him that everything was being duplicated.
So lesson to learn, log out of Skype when finished and untick the auto login. Lession to learn for Skype, try and warn users if it detects you are logged in on multiple machines if they feel this feature is worth having.
Related Post
Citrix seems to have forgotton something here, where is the carriage return! I wonder if this wins an awards for the longest alert box?
(the picture is very wide, too wide for me - to see it in full you will need to click on the snapshot below. A wide screen monitor helps too).
Related Post
Noted in a recent edition of the Risks Digest, a bloke who lives in Needlepoint Lane and cannot use Amtrak’s automated parcel tracking as the website beleives he is entering a PO Box address instead of a real one. It seems, according to Amtrak who know about this bug, that the data entry detects the ‘po’ within Needlepoint and treats it as if it is referring to a PO Box.
A simple and silly mistake, I thought bugs like this and indeed prgramming mistakes like this, would not be made these days anymore.
Related Post
Slashdot ran a story this morning about the state of NASAs computers in the shuttle, the idea that you will never see a shuttle in space over the new year.
It is interesting as it does demonstrate that a simple new requirement (or I suppose in this case a requirement that was possibly missed out during the design) can turn into quite a lengthy task when it comes to Software Testing. In this case there might be minimal or no development work required, but a lot of investigation, simulations and code reviews in order to determine the risk. Add to this and the idea that I’m sure computer systems on the shuttle are duplicated a number of times and have independent software systems designed, written, and tested by independent teams - so add this into the risk equation.
It should all in theory work fine, or at least the internals should as they would no-doubt all be working on a number of ticks or a number of seconds since a certain time, with any luck all database records would be using the same concept. Computers have no concept of dates or timezones, they just know it has been x number of ticks since a key time in history. Â But it is when they have to convert their handy time tracking format into something that humans can understand, or they need to convert an input from a human into something that makes more sense to them, that they might come a bit unstuck. Â It is then up to the mercy of the programmer a lot of the time to make sure they sanitise the inputs and the outputs, and it is when something a bit strange it doesn’t just give up.
For NASA, think about the “customer impact” against the “business sense”. There may, or may not, be a bug or bugs when the year wraps over to a new one, it occurs only once a year. The shuttle have been flying since the mid to late 1970s and during this time they have not had to have a shuttle in space over the new year. Maybe because of this worry, but all the same it has not greatly affected space flight. So, the business sense of investigating this possible problem is quite low, it has not been a critical problem before. Added to this all the hundreds of programmers and ex-programmers that have worked on the software for NASA in the past, working on source code spanning nearly 30 years in no doubt a mixture of assember, C, you never know if you might find a bit of Java in there too! Huge amount of effort then for a low business sense and low customer impact possible problem.
A full risk analysis would surely show little gain for high effort = leave it alone.
Related Post
