Saturday, December 29, 2012

Decline of the PC

Many companies were caught off guard by the decline of PC usage, since Komodia's SDK is Windows based this affects me as well. I'm planning for two year now the "day after", when PC is no longer relevant or it's not economical to develop for it anymore. Some colleagues disagree with me and think that PC will be relevant even 3 years from now (the point I think it will die), who's right? I have no idea, all I do know that I have already rolled out a new product that is not tied to PC (URL Classification service).

What do you think?

Monday, July 30, 2012

WFP, LSP and reset drops

For the past few weeks I tried to hunt a bug with WFP, when using IE8 on Win7 some connections would not close when closing the IE8 via the close button and they were seen as orphaned connections.

I researched the matter and discovered that unlike FF and Chrome that closing the connections gracefully with FIN when they are closed, IE (or the OS) sends resets, and with the WFP some connections would not close.

I tore the WFP a new one, with many debug prints eventually I got to the conclusion that no resets were dropped, so I tested again without the WFP and discovered that some connections are not closed and after 30-60 seconds the server side closed them (and not the client side as it should), probably a bug of MS.

When using a LSP this didn't occur because when the LSP is unloaded it closes all the connections gracefully, so I added a function in the Komodia's Redirector to track closed apps and manually close all outstanding connections, this way connections are closed after a few seconds and not 30-60 seconds.

Thursday, December 17, 2009


SSD stands for Solid State Drive and they are flash based Hard drive, I'm a big fan of them and the reason is that I work quite allot with virtualizations software that allows me to test the products on various OS and scenarios, working on a traditional hard drive is quite slow and when most of my work is spent on waiting for OS to boot, and change scenarios it accumulates over time so I setup three SSD raids (all raid0):

1. 6 16GB Mtron which gives me crazy speed of 600mb/s
2. 2 128GB Corsair for my OS
3. 2 128GB Corsair for my main virtualize OS drive

Over a period of time I can say that this setup saved me allot of time and frustration and I can also add that until you worked from a SSD drive, you don't know what a computer is :)

This is a speed benchmark of the Mtron raid:


Sunday, December 13, 2009

Detours the story

I "fell" in love with detours and detouring around three years ago when I learned about them, ever since it's been a sharp weapon in my programming arsenal, but as much as I liked them I always had a problem, I learned and used Microsoft Detours, but they are not free, only if your software is non commercial, which isn't the case for me. Anyways I started to look for a solution, free, paid or information that will help me write a solution. Documentation was confusing because the concept of detouring is mixed with hooking which is a different approach and something I didn't need. I bought a library for 100$ just to find out it isn't doing what I wanted, I considered it a 100$ fee to learn how not to do it as the library was bad even for what it was suppose to do (I'm not giving any names on purpose) so I found another library which is widly known (again no names) but it requires runtimes for a language which is not MSVC (you probably know the library by now) which again is bad for me and I wanted to be able to sell my products without forcing my clients to buy licenses for 3rd party SDK which will probably come off my profits.

I've talked to a friend of mine which introduced me to detouring back in the days and he explained to me the mechanics of detouring as he was a kernel programmer and in his previous position he subvered most of the kernel. With this new knowledge I was able to build a library that does exactly what Microsoft Detour does, and because I'm intercepting only a handfull of functions I don't need to make it generic.

Time has passed, everyone was happy but I got more and more requests to support my detouring apps for 64bit, now if detours was a pain for 32bit they are a nightmare for 64bit and the reason is that MS excluded two important features that are required to perform detours:

  • Naked __declspec
  • __asm

Without these two, detouring would be a nightmare, so again I researched the web and just like before I went down the same path: MS Detours professional supports 64bit but costs quite a lot (last time I saw a price it was 10k$), and it can't be downloaded so I couldn't learn what they are doing. The non MSVC library doesn't support 64bit detours because there isn't a 64bit version of the development language, and the 100$ library, well, it was bad and nothing changed about it :)

The only difference is that I know how the 32bit detours work, so I researched again on the subject and again documentation is scarce and fuzzy but in a moment of insomnia I managed to find a solution for the problems with 64bit detours :) my code is working and just like before I need to make sure it works for all my detours but the hard work is done, I can safely say that as for this moment, my company is one of the handfull that are in possesion of such technology.

Just to be fair and unbiased there's another LGPL (I hate L/GPL) library which is doing kernel hooking which is quite of an overkill for me and I couldn't learn anything from it, it's called: EasyHook.

Sunday, March 15, 2009

Code design

A few months ago I read about Tesla that he could vision entire technical drawings and designs in his mind's eye and while inspecting the design he could find flaws in it and fix it before drawing a single line on a paper. Tesla is an example of a genious with poor marketing skills, because he died in debts alone at the age of 86, this man is refered to: "the father of physics" and "the father of the 20th century"

When I code I have the same effect like Tesla, I see the code in my mind's eye, I know what to do, I don't need to design it on a paper or computer software and when I write it out, it's like doing without "thinking" I've been doing this for the past 23 years, I've calculated I've got around 30,000 hours of coding experience, which shaped my personality as well, for good or bad.


Thursday, March 12, 2009

Finally I got my blog back

Had problems login because the switch between blogspot and blogger, had alot to write about but no login :(

Anyway we have a new web site ( and I think the design is very good, now I'm working on getting some more links and articles, there are some crucial keywords which the site is not ranked in the top 10 and because Winsock LSP is a niche I know it's possible to rank the site quite high for LSP keywords.

Some technology update, there's a new version of the HTTP sniffer comming out (, total rewrite of the first version, new version is fast, robust, stable and works like a charm, and on top of that I will add Firefox support so the new sniffer will support both IE and FF.

I have some thoughts about creating a retail version of the sniffer with many retail features to sell, I'm not sure though, what I do know that if this comes to be, I'll hire some outsource to do the GUI, my GUI abilities are minimal functional at best :-)

That's it for now,

Tuesday, January 13, 2009


Support is very essential for the client, specially with complex code and SDK and nothing is more frustrating then paying money for something that doesn't work or doesn't work as it should.

Recently I had two cases which I was the client and I needed the support.

First story is that I bought an SDK for 100$, the guy on the other side answered my questions prior to the purchase, basically he said - you won't get any support, you're on your own, I decided the amount was worth the risk and I bought the SDK. After I inspected the code therally I discovered a pitfall that meant I can't use the SDK - ofcourse this wasn't mentioned before anywhere and for 90% of users this will be ok because they will never link the problem I discovered to the problems they will experience. Well the guy said that there won't be any support and the amount isn't worth my time asking my money back, so I consider this a teaching experience, how to not act toward my clients.

Second story is of a special piece of code I purchased that was written specially for me. I discovered a bug in the way the program was behaving and I asked the guy to help me tracking the bug, he said there's no bug, it works great for him and the problem is on my end. I know there's a bug in his code and I can't roll the problem to my clients because I want them to be 100% satisfied - so I say for two hours and debuged a code that isn't mine, I ran two sniffers, wrote custom logs and found the problem and fixed it, indeed it was a hard bug to find however it was exactly the kind of bug I suspected it was and I mentioned it to the guy that said, it works great for me. Again I consider this a learning experience, my clients got a great product and I learnt new technology on the way.

Good news is that our SSL hijacker has entered beta stage and is now working quite good, some fixes are still needed to make it work great but that's quite an achievement, specialy that there's no other product on the market that does that, without alerting the user that is.