[HN Gopher] SQLite changed temp file prefix after McAfee users c...
___________________________________________________________________
SQLite changed temp file prefix after McAfee users called devs to
complain (2006)
Author : conslit
Score : 138 points
Date : 2024-12-08 17:29 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| conslit wrote:
| SQLite's temp file prefix was originally "sqlite_" until McAfee's
| antivirus started creating temp files in Windows' `c:/temp`
| folder, frustrating users who then tracked down and called SQLite
| developers to complain. In response, the prefix was changed to
| "etilqs_" (SQLite reversed).
| thih9 wrote:
| Here is the fix in action - multiple people look into the
| "etilqs" files, but without automatically starting from sqlite:
|
| - https://superuser.com/questions/373683/what-is-the-
| purpose-o...
|
| -
| https://old.reddit.com/r/techsupport/comments/8yv2tn/what_ar...
|
| - https://community.wd.com/t/etilqs-files-in-temp-folder-
| consu...
| watusername wrote:
| To be fair, to non-technical users I assume both "sqlite" and
| "etilqs" would look suspicious :)
| Gys wrote:
| [2006]
| nayuki wrote:
| Indeed, and here's the specific commit where the change
| happened:
| https://github.com/sqlite/sqlite/commit/fd288f3549a1ab9a309a...
| wces wrote:
| The relevant comment here:
| https://github.com/sqlite/sqlite/blob/e8346d0a889c89ec8a78e6...
|
| 2006-10-31: The default prefix used to be "sqlite_". But then
| Mcafee started using SQLite in their anti-virus product and it
| started putting files with the "sqlite" name in the c:/temp
| folder. This annoyed many windows users. Those users would then
| do a Google search for "sqlite", find the telephone numbers of
| the developers and call to wake them up at night and complain.
| For this reason, the default name prefix is changed to be
| "sqlite" spelled backwards. So the temp files are still
| identified, but anybody smart enough to figure out the code is
| also likely smart enough to know that calling the developer will
| not help get rid of the file.
| fasdfdsava wrote:
| I wonder how well it's working--
|
| https://www.google.com/search?q=how+to+fix+etilqs
| thorum wrote:
| Thanks for this, I was wondering why people would care so
| much about these files that they go and complain. Reading
| through these forum questions, looks like most people are
| trying to free up disk space by clearing temp files, but the
| SQLite ones can't be deleted - because they are in use and
| locked - which causes confusion.
| manbart wrote:
| Looks like most links are about antivirus software or
| Firefox. So it does seem to be working; people are getting
| pointed to the buggy application code actually causing their
| problem and not the SQLite project itself
| rhelz wrote:
| Its kind of cool that you can abstract the operating system with
| only a 200-line long header file.
| lostmsu wrote:
| It is missing threading and networking. Also permissions.
| asveikau wrote:
| This is the interface description. It's not the .c file that
| implements the abstraction. There is lots of code behind this,
| redundantly implementing the calls using either Win32 or POSIX.
| JaDogg wrote:
| But you do not need to know about them if abstraction works,
| I assume it is sufficient for SQLite use case.
| asveikau wrote:
| The filesystem APIs for Windows and POSIX have extremely
| similar semantics when you bridge their superficial
| differences. I don't think this is as huge an achievement
| as suggested. Many multiplatform projects have similar
| wrapper layers. Indeed the FILE* abstraction in the C
| standard does some of it. (But not sufficient for the
| functionality that sqlite needs, hence the need for another
| wrapper.)
|
| That's not a knock on sqlite, I consider it well
| implemented and one of my favorite libraries I've ever
| seen, used and studied.
| csense wrote:
| Yeah, translating between Windows and POSIX paths is
| basically a one-liner: sed -e 's-/-\\-g'
| -e 's-^-C:-'
| skissane wrote:
| > The filesystem APIs for Windows and POSIX have
| extremely similar semantics when you bridge their
| superficial differences.
|
| This is in part because Windows and POSIX are relatives.
| Windows is (partly) descended from DOS, and DOS 2
| deliberately borrowed a lot of ideas from Xenix
| (Microsoft's Unix port). And Windows has continued to
| borrow ideas from POSIX since, e.g. Winsock is heavily
| based on Berkeley Sockets.
|
| Compare DOS 2+ handle-based IO to CP/M: CP/M treats files
| as fixed length 128 byte records instead of bytes, you
| can only read or write a whole record at a time, and a
| file's size on disk must be a whole multiple of 128 [0] -
| that has more in common with mainframe/minicomputer
| record-oriented IO than Unix-style byte-oriented
| filesystems
|
| [0] later on, CP/M added an attribute in the directory
| entry to store how many bytes were valid in the last
| record of a file; but it wasn't actually enforced by the
| filesystem, apps had to set/get the attribute using a
| separate API, a lot of apps just ignored it, and even for
| those who did try to use it, two completely opposite
| conventions of how to use it coexisted
| rhelz wrote:
| // This is the interface description //
|
| Yeah, but _that_ is the abstraction. The associated .c files
| are not the abstraction, because they could be implemented
| any number of different ways, and it would still be the same
| abstraction.
|
| It's incredible that _even the header file_ is around 200
| LOC. For state-of-the-art, very performant database, I would
| have thought that all manner of Os-specific IO api 's would
| have to be used.
| msla wrote:
| The dividends of damn near everyone who still matters copying
| Unix and developing similar ideas about subdirectories and
| filenames and so on.
|
| There's still differences between Windows and Everything Else,
| but it's easier to ignore them now that, for example, all of
| the old flat file systems with no directories (like on the
| original MacOS, CP/M, MS-DOS 1) are all comprehensively
| obsolete and ignored.
| skissane wrote:
| > all of the old flat file systems with no directories (like
| on the original MacOS, CP/M, MS-DOS 1) are all
| comprehensively obsolete and ignored.
|
| not quite true. The classic flat OS/360 filesystem is still
| heavily used on IBM mainframes. Of course, probably your app
| will never run on a mainframe, and if it does, it will
| probably run either under z/Linux or the z/OS UNIX filesystem
| (zFS). But there is still a lot of actively supported in-
| production software which does, since born-on-the-mainframe
| apps mostly use the classic filesystem and the POSIX file API
| is mainly used by apps ported from elsewhere
| 01HNNWZ0MV43FF wrote:
| I can abstract the entire sun with a pair of sunglasses
| JaDogg wrote:
| Fun alternative is to get a paid number. You can complain for but
| it will cost $100 per minute.
| mannyv wrote:
| Unfortunately those don't exist in the US anymore.
| nayuki wrote:
| Antivirus products are worse than viruses. Change my mind.
|
| (AV hogs CPU, RAM, disk, and network resources. AV comes with
| their own exploitable vulnerabilities, often running in kernel
| mode. AV has their own zero-days and zero-click exploits.)
| loeg wrote:
| I think it's a relatively consensus viewpoint in the security
| industry that AV products are worse than no AV product. I don't
| think that makes them worse than viruses, though.
| teruakohatu wrote:
| Is the consensus that third-party AV is worse than no AV, or
| that any AV (including Windows Defender) is worse than no AV?
|
| In the corperate security "industry", anti-virus use is
| always recommended and required. The more invasive, buggy and
| annoying for users the better the AV probably is /s
| loeg wrote:
| Third party. I don't think anyone is actively opposed to
| Defender.
| londons_explore wrote:
| Even defender is dumb. When you control the OS, which (in
| the default setup) has exclusive control of all disk
| reads and writes, you can be sure that if you wrote a
| virus-free file to disk, then it will be virus-free when
| you go to read the disk again.
|
| So, why are we doing scan-on-read (with substantial
| performance overhead) when we should instead be doing
| scan-on-write (when scanning can, in most cases, be done
| in idle CPU cycles)?
| kardos wrote:
| 1) virus database gets updated, what was written virus-
| free with the previous database may not be virus-free on
| the current database.
|
| 2) removable storage devices
|
| 3) the system drive is not controlled during reboots
|
| You could imagine building a system that tracks which
| files we wrote and with which virus database version,
| which resets things to be scanned across reboots and
| virus database updates, and has exceptions for removable
| devices and so on, but it screams "attack surface"...
| bluedino wrote:
| Network share, the possibility that a client wrote files
| while the AV software was disabled, etc
|
| I always felt the same way about daily/weekly scans. How
| would anything get there if your client, server, etc all
| have AV? At that point it probably wouldn't be caught
| anyway.
| ziml77 wrote:
| AV Comparatives does testing every few months of
| performance impact of various AV software and Defender
| has never scored great there. Third party AV options have
| always done better while having the same or better scores
| in protection tests.
| saghm wrote:
| I'm not familiar with AV Comparatives. Do they have any
| incentives that might influence this result? Offhand, it
| seems like if Windows Defender is actually the right
| choice for basically everyone, they wouldn't have any
| reason to exist, so I can't help but wonder if that would
| affect their reporting.
| bluedino wrote:
| I've seen defender be the cause of all those things that
| the grandparent listed
| cobbal wrote:
| Microsoft itself recommends developers use a "dev drive"
| where defender is partially disabled because of how bad
| it is.
| stackskipton wrote:
| Dev Drive isn't because Defender is so bad but because
| Dev behavior can look like malicious behavior. Creating a
| bunch of random executables, connecting to running
| processes, decompiling files. Stuff that would be
| malicious behavior from normal user but normal for a dev.
| vlovich123 wrote:
| I could be wrong but I don't believe that even these days
| anti viruses look at behavioral patterns to identify
| viruses. They look for signatures of running executables
| to match malicious patterns in their database. Instead
| dev drives recommendations are because of performance.
| There's substantial overhead & dev patterns, particularly
| for native code like C/C++/Rust etc, create a lot of
| intermediary files as part of the build and AV can cause
| a slowdown. Traditionally the advice for Windows devs was
| to turn off Defender or exclude your project folders but
| maybe there was a reason dev drives were still beneficial
| (maybe it can avoid even more work by working at a drive
| level).
| mook wrote:
| Anti-viruses do both signatures and behavior tracking; I
| believe for the Microsoft ones they're the ones with a
| !ml suffix.
| saagarjha wrote:
| Ok, and where exactly will malware place its artifacts
| when it comes to infect your company's developers?
| askvictor wrote:
| The AV our company uses regularly pops up obnoxious warnings
| about things that are benign. This trains people to click
| through warnings without reading them (on any product).
| tux3 wrote:
| Counterpoint: I have a very non-technical friend that visited
| recently, and I was horrified to see that her macbook was full
| of malware. She casually talked about how someone stole money
| through her credit card. An AV scan actually found something on
| the laptop.
|
| The AV industry is, unfortunately, terrible. Also
| unfortunately, some people really need them. I have no idea how
| one even gets a virus these days, but it does happen. People
| really do get infected all the time, and basic security advice
| that people get is not up to the task.
| ryan-duve wrote:
| @nayuki Did this comment change your mind?
| ThatMedicIsASpy wrote:
| Phones are a bigger problem. Nothing stops people from
| installing applications with insane permissions.
|
| The basic security advice is install adblockers everywhere.
| You see someone using a browser without it? Talk to them.
| andai wrote:
| I joked to a friend yesterday that, having removed Defender, my
| computer is now malware free.
| sneak wrote:
| macOS has a built in, invisible, Apple-maintained antivirus
| system called XProtect which works great and most people don't
| even know exists.
|
| Bad antivirus software is indeed terrible, but the good stuff
| is performant and invisible.
| palsecam wrote:
| Similar to how Daniel Stenberg (`curl` author) gets complain
| e-mails unrelated to `curl`, because his address end up being in
| the license or credits screen of plenty of software.
|
| > _Apparently, people often have problems finding an appropriate
| address to contact when they have issues with this app._
|
| > _This leads a disproportionate amount of them to send emails to
| me asking for solutions and fixes to their situations._
|
| -- https://daniel.haxx.se/blog/2024/12/03/no-need-to-email-
| me-a...
| kristianp wrote:
| There was a fun thread last year about this topic:
| https://news.ycombinator.com/item?id=36302805 396 points on June
| 12, 2023 | 141 comments
___________________________________________________________________
(page generated 2024-12-08 23:00 UTC)