Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Last time, we speculated on how the buggy control panel extension truncated a value that it had right in front of it. When we sent our analysis to the vendor, they wrote back, “Can you check the driver version numbers on these crashes?”
When we checked the driver version numbers on all the crashing systems, they were something like “build 314”, when the current driver build number is something like “build 2718”. These users are running drivers that are ridiculously old! The vendor fixed that bug ages ago, but the user hasn’t gotten the fix. What’s going on?
My theory was that these users have turned off Windows Update or are otherwise declining to upgrade their video drivers. But I learned that my theory was probably wrong.
The deal here is that these are video drivers, which are a category of drivers where computer manufacturers have a lot of control. The manufacturer certifies the drivers for use on their PCs after performing their own acceptance testing on their specific hardware configurations. (Which are probably not hardware configurations that the video card vendors themselves are aware of.)
This responsibility carries forward post-sale. The computer manufacturer remains responsible for certifying driver updates, presumably by testing them against reference PCs that they maintain in their labs. Sometimes, manufacturers get customized versions of the video cards (all the better to differentiate your product with, my dear), which is why the video card vendor “driver downloads” sites often warn you to check with your computer manufacturer before installing a driver.
In practice, computer manufacturers are diligent about certifying drivers for a year, year and a half, two years tops.¹ After that, it’s not uncommon for them to abandon that model and not bother certifying drivers for it any more. All customers with that model of PC are just stuck with whatever video drivers were current as of the time the manufacturer stopped certifying drivers.
Microsoft maintains generic drivers for many classes of hardware, but intentionally sets them as low priority so that the PC manufacturer-provided drivers take precedence. The video drivers received directly from video card manufacturers are similarly deprioritized by the video card vendors. The computer manufacturer-certified drivers take precedence, even if that certification is horribly out of date.
¹ I wouldn’t be surprised if the length of time they certify drivers is somehow correlated with the length of the computer warranty.
The post Why has the display control panel pointer truncation bug gone unfixed for so long? appeared first on The Old New Thing.
Kalshi is a high-tech prediction market that allows people to "forecast the future" (their term). It is about contracts and information, the company says, making its offerings more like a soybean futures contract than a round of blackjack or a pull on the one-armed bandit.
Still, prediction markets look a lot like betting if you squint, which is why states like New York have tried to regulate them under gambling laws. To head this off, Kalshi has sought federal protection under the Commodity Futures Trading Commission (CFTC). Yes, this means regulation for Kalshi, but it also means the CFTC will sue states like Kentucky, Minnesota, Illinois, and Rhode Island, trying to pre-empt their laws in favor of a single national standard that the CFTC controls.
While this battle plays out, government insiders continue to generate insider trading stories after using their work knowledge to place bets "forecast the future" and make huge sums of money. The classic example, of course, was Gannon Ken Van Dyke, a US soldier who participated in planning the capture of Venezuela's Nicolas Maduro and then made $410,000 from that knowledge on the prediction site Polymarket. Van Dyke was arrested in April.
But there are also more ridiculous stories, such as disgraced former Congressman George Santos, who allegedly talked up his upcoming appearance at the State of the Union, secretly bet on whether he would attend, and then didn't go at the last minute to score a payout.
This activity raises questions, like: How many people are gambling forecasting the future based on government secrets or insider knowledge? How many are actively manipulating results they have bet on? Even the Trump White House was concerned enough to issue a memo in March telling employees not to "use nonpublic information to buy or sell these contracts."
But concerns have lingered, especially after major wins on contracts involving US government policy or actions. Such suspicions will not be helped by new allegations today from multiple outlets that insider trading on Kalshi has extended even to President Trump's teleprompter operator, who allegedly made $100,000 "forecasting" specific words and phrases that might appear in Trump speeches.
According to sources speaking to NPR, Trump aide Gabriel Perez bet on something called a "mention market." This is a section of Kalshi where you can sink money into contracts on crucial questions such as "What will Domino's say during their next earnings call?" (Currently, $26,000 has been invested in this question; the smart money thinks that "Parmesan" and "DomOS" are more likely to be mentioned than not.)
Kalshi contracts include words that Domino's might say.
In the case of Perez, his "forecasting" allegedly took place over several months at the end of last year and the beginning of this year, and his contracts were sometimes adjusted in the middle of Trump speeches. According to ABC:
Sources say Perez typically has the final eyes on nearly all of the president's prepared remarks—and is often known to take last-minute edits from Trump himself... In certain instances, investigators uncovered times when Perez would back out of certain bets mid-speech when Trump skipped over a portion of the speech that included a word he had previously bet would be mentioned, the sources said.
This conjures up an amazing mental image: The teleprompter operator for one of the world's most powerful people tapping away at his phone during a Trump speech to ensure he made more money for himself.
In this case, Kalshi (which bans this sort of activity) flagged unusual activity, investigated, and found the customer was a federal employee. It then froze his funds and sent the information to the CFTC, which is said to have investigated and to be in settlement talks with Perez.
Will Perez actually be prosecuted? Apparently not; as ABC notes, "sources said the CFTC alerted federal prosecutors in Manhattan, who declined to open a criminal investigation."
The White House did say today that Perez “will no longer be working at the White House.”
Whatever you want to call it, "predicting the future with money at stake" has become huge business in America. A recent (and terrific) long article by McKay Coppins in The Atlantic showed people what a year of online sports gambling looks like, and it raised serious questions about the negative issues that widespread, legal, bet-from-your-phone gambling might cause in a country where "roughly half of men ages 18 to 49 have an active account with an online sportsbook."
Prediction markets, which have invested heavily in advertising during the World Cup, are only going to make these challenges more acute as they extend "forecasting" from sports to drug trials, flight cancellations, and the specific words that people will say in speeches.
Last time, we found that a crash in a control panel extension was caused by pointer truncation. The code had a perfectly good 64-bit pointer in its hand, but somehow lost its mind and opted to throw away the top 32 bits.
How could something like this happen?
My guess is that this code started out as perfectly good 32-bit code:
HWND hwndButton = GetDlgItem(hdlg, ID_BUTTON); SetWindowLong(hwndButton, GWL_WNDPROC, (LONG)g_originalWndProc);
And then they recompiled it as 64-bit code and got an error.
error C2065: 'GWL_WNDPROC': undeclared identifier
They then went back to the documentation and saw that for 64-bit Windows, GWL_WNDPROC was renamed to GWLP_WNDPROC.
So they fixed it by changing GWL_WNDPROC to GWLP_WNDPROC.
HWND hwndButton = GetDlgItem(hdlg, ID_BUTTON);
SetWindowLong(hwndButton, GWL_WNDPROC, (LONG)g_originalWndProc);
However, the point of renaming the value was not to annoy you. The point of renaming the value was to call your attention to places where pointer truncation is likely to occur. In this case, it’s the final parameter, the original 64-bit window procedure. The build break is telling you that you are probably passing a 32-bit value as something that should be 64-bit. In this case, because it was being cast to (LONG). You are expected to upgrade the GWL_WNDPROC to GWLP_WNDPROC and at the same time upgrade the cast from (LONG) to (LONG_PTR).
HWND hwndButton = GetDlgItem(hdlg, ID_BUTTON); SetWindowLong(hwndButton, GWL_WNDPROC, (LONG_PTR)g_originalWndProc);
Now, this was likely an oversight rather than a systemic failure, because they did manage to subclass the window properly:
WNDPROC g_originalWndProc; HWND hwndButton = GetDlgItem(hdlg, ID_BUTTON); g_originalWndProc = (WNDPROC)SetWindowLong(hwndButton, GWLP_WNDPROC, (LONG_PTR)subclassWndProc);
They merely missed a spot. Perhaps the developer got distracted after fixing the symbol name and forgot to come back and fix the pointer.
Next time, we’ll look at why this bug has remained unfixed for so long.
The post Speculating on how the buggy control panel extension truncated a value that it had right in front of it appeared first on The Old New Thing.
