Added to my VirtualBox OS list is Fedora, Knoppix, Mandriva, Arch Linux, Debian, and OpenSUSE.  Figured "why not have a bunch?"  Best way to explore various distributions.  One thing I liked about Fedora was the ability to start right from install with an encrypted file system. 
   Vinny says "I stick my tongue out at you, and clean myself profusely!"

   Self-portrait

   Decided to play around a little more with BSD. While I have all the base BSD distros (Free, Net and DragonFly), none of them have a GUI. Rather then do work to put a GUI on one of the installed distros, I decided just to download some distros that include a GUI. So I've added PC-BSD and Incognito to my list of virtual machines. Unfortunately, neither distro works in VirtualBox due to video problems.
   Pictured is Heidi with 7.62x39 ammunition in her ear as an alternative for her gages, which she could not find.

    For my history class I was looking for information about a person in the Revolutionary War era and found what I was looking for with Google Books.  Unfortunately, I closed the page before I finished my assignment and had to find it again.  Not sure exactly how I got to where I did, I simply started with a search in Google Books.  Seemed like a good place to start, since that is where I found the information.  After paging through a couple of search results, I started getting a message that said I had "reached my viewing limit".
    I block all cookies and scripts by default, so my guess was that if Google was monitoring my viewing, it had to be using my IP address.  Since I recognized the cover of the book I knew had my information, I decided to see if I could get around this "limit" using a proxy.  A quick search for open proxies and using the first US proxy listed (I didn't want Google in an other language ;), I tried my search again and went right to the book I was looking for.  Sure enough, I was able to browse and finish my assignment.
    This is the first time I've ever had to work around Google.  I'm not sure what they are trying to accomplish limiting how many book pages someone can look at, but I have a feeling it has something to do with copyright and a deal they made with publishers.  Otherwise, surely the Google guys could have seen through my petty attempt to circumvent their "limit" with a simple proxy.

    Star studying for her exam.

I've never received this message from Google before, but it was warning me about a malicious website I was about to visit.  The search was for some Revolutionary War era person and the site I suspected was a family tree based on the information from Google. 

My first through when I saw these warnings was "hey, what does this malicious script look like?"  I block cookies and scripts by default, so it was probably pretty safe to go ahead and visit this site.  But I also have 16 different operating system installed and setup in VirtualBox, and it really wouldn't matter if one of them ended up with some malicious software.  Despite having homework to do, I decided to see what the scripts looked like.

I decided to try this experiment on my latest 64-bit Ubuntu VM, and just to see if my hypothesis about the script blocker was valid, I installed NoScript .  Then, it was off to this site.  Except Firefox hit me with this:

Seems both Firefox and Google really don't care for this site.  Firefox gave me a nice "Ignore this warning" link and so in I went.  No script threw up it's little "blocked script" tag like it does on most sites.  When I tried to view the source, Firefox hit me again with the warning again, but the link for "ignore this warning" didn't work.  This isn't the first time I've encountered this in Firefox. 

Since I don't have a SSL certificate from a recognized root authority, anytime someone goes to one of the SSL areas of drque.net they will get a message about an invalid certificate.  For the quite awhile, I was unable to use Firefox to get into the SSL areas of drque.net because the "add exception" button didn't do anything. 

Well, since Firefox wasn't going to help me, I would have to go more low-level: wget.   It didn't care in the least and I was soon looking through javascript.

Nothing that stood out right away.  Some code for Google ads, script to get the window size, and finally some script for an ad from "zedo.com".  I hadn't herd of these guys before and decided to look into them.  Web of Trust ranks them at 25% for "trustworthiness" and "vendor reliability."  This is my bad guy.

I downloaded their script and had a look at it.  The javascript was code to insert more javascript into the page.  Part of it was a shockwave object.  An other part loaded an other script.  The second script seems to just load an ad image.  Rather uneventful.

It is possible the bad guy is inside some shockwave element, but I didn't see any URL for a sockwave file.  Even if I did, I wouldn't be able to do much with it.  So, my hunt has been rather uneventful. 

Safe Browsing claims the root directory of this site had 21 script exploits and 1 Trojan.  It listed the malicious software included several Chinese domains, none of which I found in the scripts or HTML I looked at.  So, it's possible this page wasn't dangerous, but simply in with a group that were.  Fortunecity.com is one of those free web hosts that have been around since the late 90ies and the page I looked at seemed to be one designed around that time—very basic.  A lot of these old sites that sit on hosts like Fortunecity are susceptible to attack from script that try and guess passwords.  Once they are in, they can change the website and add their own script, which it probably what happened.  Unfortunately, nothing I saw was all that exciting.

Still, I really wanted to see if I could get something malicious from this site. For this, I needed the most insecure operating system and browser I could think of. Naturally, I picked an MS operating system and Internet Explorer. In VirtualBox, I saved a snapshot prior to this experiment, then fired up IE and went right to the site. No warnings this time and the page loaded up with ads, scripts and all. The only thing I saw happen was IE tell me it blocked a pop-up ad. How uneventful. I'm going to let this virtual machine run for awhile and see if anything bad happens. So far, it looks like a false-positive.

Many people have written about the problems of using macros in C. In C++, constants and templates should pretty much eliminate the need to use macros. Unless you are seriously pressed for speed, there should be no reason to use macros in C++.

In straight C, the keyword "const" doesn't produce constants that can be used to initialize array sizes.

The most common way I've seen people deal with this is by using macros:

This always works, but it has a few problems. Lets make the statement a little more complex.

How big is the array going to be? If you said 220 elements, you would be wrong--the correct answer is 120. This is due to the nature of macros. They are pre-processor substitutions and are not evaluated. What really happens is the following code is generated:

Now remember your operator precedence--10*2 will happen before adding 100, so the size of the array is 100 + ( 10 * 2 ) = 120.

Most programmers know to use parenthesis around everything defined in a macro.

This will produce the 220 elements desired. However, I learned a trick at my previous contract job that can avoid this whole scenario. Instead of using macro, use an entry from an enumeration. ANSI C says that a value in an enum is always treated as an constant int. enum values can be assigned to integer values and enums can be anonymous. So this syntax is valid:

Note we don't need to use parenthesis (although it wouldn't hurt) like we need to with a macro. enums are not pre-processor substitution and are evaluated at compile time. They are, in many respects, a C version of C++ const.

I use the anonymous enum constant instead of macros when ever I can. They always work for array sizes and work for most constants. However, there are some places they may not do the job. enums are always of type "int". If you need a floating-point constant, you'll be stuck with either a macro or a "const". And the int size can be different on different machines. This can really be an issue if you are making masks. For example:

This will create problems on a 16-bit compiler where the int size is 2-bytes. For such cases, you can still use "const".

The drawback is that in standard C, const values are required to take up storage space. So in this example:

Even if PI is never referenced in the source code again, it still has storage allocated. Where as:

Will never result in unused storage. In most cases, we're talking about a few bytes. If you are using a constant value for something other then array initialization, having storage allocated can actually produce smaller code. Rather then loading to a constant value every time the value is used, the code can load from a location in memory. Again, we're talking savings in the bytes. So unless you are an embedded programmer with a really tight ROM/RAM budget, it's hardly worth worrying about.

In C++, the rules for const change. Storage for a "const" object isn't necessarily allocated. So in our previous example with PI and _2_PI, the compiler is free to discard PI if it isn't used anywhere else. In addition, const values can be used to initialize arrays.

The compiler is free to discard storage for ARRAY_SIZE. In most cases, C++ const will do anything we had to do with enum values. And in most cases, the value will be used directly rather then loading from a memory location--although this may depend on your compiler.

The above loop might need to happen in some time-critical location. Assuming the compiler has no optimization, it would be preferable that MASK were evaluated as an intermediate and not stored at some memory location. Otherwise time is wasted loading the value from the memory location. However, even the most basic optimization will take care of this problem.