
Microsoft's Skydrive sends two million NULL characters - franze
http://my.opera.com/hallvors/blog/2012/11/12/microsoft-sends-two-million-null-characters-hangs-opera
======
pilif
while it's certainly not a very good example of good network citizenship to
send 2 megs of NULL bytes, I think Opera shouldn't be crashing here. The fact
that it does points to a bug in the code that might potentially be exploitable
beyond the simple denial of service which it already is.

AFAIK Opera still runs all tabs in one shared process, so spamming one tab
with 2MB of NULL will cause the whole browser (and with it all other tabs) to
crash.

~~~
Tomis02
Right now I have 101 tabs running, and only 6 cores in my CPU. Do you know how
much context switching costs in terms of performance? Do you know what the
overhead would be if I were using Chrome?

So spare me, please. When general purpose computing moves to GPUs then we'll
revisit the idea of "one tab per process". Until then, out of "Chrome, many
tabs, performance", pick any two, drop the other.

~~~
LockeWatts
That sounds like a personal problem. Your brain can't possibly handle anywhere
near the amount of information 101 tabs provides at once, there's no reason to
do that.

~~~
anonymous
I use tabs like bookmarks - sites that I might need now or a bit later. I GC
them from time to time. Actual bookmarks are used for things like sending a
link to myself at home using firefox sync or bookmarking sites I need to visit
again and again, like docs sites, the internal bugtracker, etc. I don't open
those from the bookmarks menu though, I just type in the awesome bar and
firefox always shows bookmarks first, i.e. I use bookmarks as a manual way to
bubble up search results in the awesome bar.

~~~
jameswyse
I use tabs like this too and I'm not really happy about that, I just haven't
found a better alternative yet.

What usually happens is I'll be browsing and find an article/code
library/inspiring web design/useful tool that I know I can make use of later
in some way, but if I just bookmark it then I'll probably forget it's in
there.

I have very organised bookmarks but these only work for sites I visit often
and I do use tools like Evernote and Gimmebar but it still doesn't feel right.

Perhaps Mozilla have the answer: <https://blog.mozilla.org/ux/2012/10/save-
for-later/>

------
andrewcooke
is it actually sending 2M characters over the wire (ie uncompressed)? you
could imagine seeing something like this via a glitch in compression (2
million of anything, run length encoded, doesn't take much space).

(i guess it's also possible that this really is 2M nulls at a lower level and
compression just happens to save you from an embarrassing waste of bandwidth).

it's not clear to me what the URL is to check myself.

~~~
gingerlime
I was thinking the same thing. Is the content gzip'd on the server? This could
be a nice (i.e. evil) way to send a very small response to the browser that
would pretty much kill it.

a slightly more evil version would be to perhaps do:

    
    
      var x="...2 billion of the same character...";
    

This should compress very well to gzip, but will likely to exhaust the
browser's memory (??)

~~~
samwillis
You are describing a zip/decompression bomb. Most zip and compression libs
protect against them.

<http://en.wikipedia.org/wiki/Zip_bomb>

~~~
gingerlime
Interesting, but the wikipedia article mentions that _antivirus libraries_
protect against those. Couldn't find much on wikipedia or otherwise talking
about browsers or zip libraries that have built-in protection for this...

------
evincarofautumn
A friend of mine who uses SharePoint at work has mentioned its peculiar habit
of occasionally inserting “millions of whitespace characters” in source files.
Perhaps this is related.

------
DanBC
A bit of noodling shows people having this (or something similar) in 2009.

([http://social.msdn.microsoft.com/Forums/en-
US/sharepointcust...](http://social.msdn.microsoft.com/Forums/en-
US/sharepointcustomizationlegacy/thread/4d282bdb-9da4-4d57-94de-2879dcf229bf))

195,000 blank lines? Oh you kidder, Microsoft!
([https://padavis.wordpress.com/2009/05/07/sharepoint-
designer...](https://padavis.wordpress.com/2009/05/07/sharepoint-designer-
error-reading-file/))

------
meritt
Maybe they are just trying to locate a faulty router that always sets certain
bits to 1 above a certain MTU size.

~~~
imrehg
Well played....

(or for those who missed and like epic networking related fun
<http://news.ycombinator.com/item?id=4709438> )

------
bibinou
A post-mortem after this bug is fixed would be interesting, I don't see how
2MB of NULL characters should be different from a random <img>.

~~~
laumars
A random embedded image wouldn't be passed through the HTML parser (at least
not if the web server has it's MIMEs set up correctly - and if they don't,
then the site would be considerably less usable).

It will be interesting to see the results though - to see if the null
characters even reach that far or if this is effectively hitting Opera with a
zip-bomb

~~~
anonymfus
data: URLs?

~~~
laumars
Well yeah, I nearly added that disclaimer myself but then thought it was
pretty obvious the previous poster was referring to referenced URIs rather
than data URIs. Though I may have misinterpreted his post.

------
chiph
Does the mobile version of Skydrive do this too?

"I don't understand how I could have hit my wireless cap again?!?"

------
mephi5t0
Somebody fall asleep on the keyboard right after the if(userAgent == Opera) :)

~~~
dbaupp
It shows up in Firefox too.

------
jrockway
The most interesting part of the article is that the author uses Comic Sans as
the font in his text editor.

~~~
hallvors
Comic relief :)

------
benmmurphy
2MB of null could be a bug somewhere with compression or decompression

~~~
benmmurphy
just to test this theory I used tamper data with firefox to remove the Accept-
Encoding header and I received ~ 100kb page back and with the Accept-Encoding
header present I received ~ 30 kb page but the 30 kb page also had the 2
million null characters. I assume microsoft has a bug in their gzip library or
possibly firefox/opera have a bug in theirs.

~~~
andrewcooke
are you the original author? what url are you using taht shows the null
characters?

~~~
benmmurphy
just go here: <https://skydrive.live.com/> and login. it's the first page
after you login.

~~~
andrewcooke
ok, thanks. so i had tried that. at least on chrome/linux, for me, it's not
showing the nulls. at least, i can't see them in view source and saving to a
file gives:

    
    
        > wc /tmp/skydrive.html 
        310   4068 128404 /tmp/skydrive.html
    

similarly with firefox.

~~~
yuhong
Looks like it is fixed now for me too.

------
hybrid11
People still use Opera?

------
ww520
Is it the Skydrive website sending 2Meg 0's? Or the Skydrive software itself?
That's a big difference. It sounds like the website's sending 2Meg of 0's in a
webpage. Webpages are compressed usually when sent across wire so the 2Meg of
0's is really nothing.

------
ehosca
2M null characters is just a few bytes when zipped... this smells like a
screwed up server config...

