Home » Industry Watch » The Technological » Hall of Monkeys
The Holy Grail of BloatTotal genius.
They're everyone's new idols. The Yonce brothers David and Donald. From scenic Tulsa.
Anybody who can consistently churn out crapware like that and walk away twenty years later with four and one half billion US dollars: that's total genius.
The software of David and Donald Yonce was described by a noted engineer as 'The Holy Grail of Bloat'. 'The Holy Grail of Destruction' could be added. What good is a system that only bloats without totally trashing a system's internals?
This is the one, folks. Logic and proportion fall sloppy dead and get trampled on by one of the best hype jobs in history. And the perps made their escape before the shit hit the fan five years later in what Microsoft's CEO calls the biggest breach ever.
The bad guys, whoever they are, really did their homework. Classic Hacking Exposed groundwork. They knew their targets. They studied them. They loved them. They knew precisely what they wanted and they went for it and they got it!
They attacked by getting into the supply chain. So they'd be under the radar. They got the enemy to corrupt their own systems.
Not everyone uses Microsoft in the network today. Microsoft's share of the server market is very minimal. The web servers of the world mostly run nginx and Apache. People running nginx and Apache are smarter. Corporations where suits get to decide are the dumb ones, the juicy ones. The suits like Microsoft. Governments let the suits rule. Governments run Microsoft stuff. Microsoft know how to sell to governments.
That's the road in.
Most people by now have some knowledge of what happened. No one has the complete picture. Gurus warn that even today none of these systems are really secure anymore. The biggest breach in history - what Brad Smith called 'the largest and most sophisticated attack the world has ever seen'.
And at the core of all: the Yonce brothers.
Yonce. Rhymes with nonce and ponce. Four and one half billion United States dollars. Not all of that was theirs of course. They reportedly held some 12% of the stock. Their share is still a lovely chunk of change.
They had a great thing going. Thousands of people working worldwide. Excellent marketing and client support and advert campaigns. Top drawer. But at the centre of it all? The actual product?
Turds. Some of the foulest ever.
The world of IT is split into two parallel universes. On the one side one has the calm and sane world of Unix where things are done rationally and professionally. Microsoft technologies are on the other side.
The Yonce brothers claim their initial collection of some 50 networking tools comes from the world of Unix. That's a lie. A cleverly hedged truth. They make it sound like they're some kind of Internet wizards. They claim that their tools started as Unix tools, but their clients wanted Windows, so they changed horses.
No, that's not true. The tools themselves originate on Unix, where the source code is eminently free and available, but the SolarWinds code isn't at all based on Unix code. The SolarWinds code is Microsoft bloatware all the way. It uses every imaginable and unimaginable OLE2 monstrosity in the book. The Bloatbusters™ found out about the Yonce brothers over twenty years ago and totally outed them. Then everyone moved on. Save the Yonce brothers.
Thanks to Wayback, it's all preserved. On Wayback you can see how this comic duo took a really bad product, duped Microsoft clients, ran with the ball, and never stopped running. They got early financing by Mitt Romney's Bain Capital and they never looked back. They became a Bernie Ebbers monster with a procession of acquisitions that was never-ending.
It takes pure genius to do what the Yonce brothers did. That things finally went pear-shaped in 2020 is another matter entirely.
The Bloatbusters™ Report on SolarWinds DNS Resolver can be found here.
The preamble to the report can be found here.
Both were written sometime in 1998 or 1999 - more than twenty years ago.
A few salient points.
Download Post-Mortem
DNS Resolver
Solar Winds
3,666,493 bytes download
Price ?
The price is marked as '?' for although the product is touted as 'free', it's anything but - something the user notices as soon as the application is launched.
Hostage Pic
Here's a hostage pic of the dynamic duo from the original article.
SolarWinds DNS Resolver Screenshot
A screenshot of their brilliant app can be found above.
Bloatbusters™ DNS Resolver 7 KB!
The Bloatbusters followed up their report by releasing their own 'DNS Resolver' only hours later. (Yes it's that simple.) The Bloatbusters version took pains to be just as paraplegic as the SolarWinds original, and yet the Bloatbusters version, identical in all functionality to the SolarWinds version, took only 7 KB (seven kilobytes) on disk, as opposed to the SolarWinds version which took over 3.5 MB (three and one half megabytes).
Trashing the Registry
Of note, as stated above, the Bloatbusters version did not go near the system's Registry, whereas the SolarWinds version of course trashed it with over 100 KB of additional junk.
(The SolarWinds version needed to first be 'installed' so it would run. The Bloatbusters version? You just double-click the file.)
Trashing System Files
But it doesn't end there. The Bloatbusters began by of course locking down their system areas on disk. The SolarWinds 'install' failed. The Bloatbusters then made a secure copy of their system files and then opened up things to David and Donald. They found that the following highly sensitive system files had been overwritten. Truly the mind boggles.
comcat.dll
comctl32.ocx
Dns40.ocx
ICMP40.ocx
mfc42.dll
msvbvm60.dll
SolarWinds.dll
SolarWinds.exe
THREED20.OCX
Tulsa Sockets
But what's the essence of this curious 'DNS Resolver' anyway? DNS Resolver purports to render an IP address for a given domain or vice-versa. That's all. (But things aren't that simple, guys.)
Whatever. In the common parlance of the Windows API the code boils down to this.
You either want an IP address for a given domain or the opposite. (All other 'resolvers' do this with a single entry field, but that would be too bewildering for the Yonce bros.)
In the one case, where you want to get an IP address for a given domain, you invoke the following.
GetDlgItemText()
gethostbyname()
SetDlgItemText()
That's it. The first call is a Windows call to fetch the contents of the dialog's entry field. The second call is a sockets call to resolve the input. And the third call puts the results of the second call in the appropriate dialog box.
That's it. Job's done.
The only difference between the one query and the other, in the way the Yonces set it up, is in the middle sockets call, where gethostbyaddr() replaces gethostbyname().
Now you figure out why the Yonces needed 3.5 MB to do that.
SolarWinds Brainfarts
But there's another issue at play here, a very important issue, namely that the Yonce SolarWinds idea of a 'one-to-one' correspondence doesn't hold.
In the Unix world, something known as the 'hostent' looks like this.
struct hostent {
char *h_name; /* official name of host */
char **h_aliases; /* alias list */
int h_addrtype; /* host address type */
int h_length; /* length of address */
char **h_addr_list; /* list of addresses from name server */
};
The equivalent in the world of Windows, at least back then, looked like this.
struct hostent {
char FAR * h_name;
char FAR * FAR * h_aliases;
short h_addrtype;
short h_length;
char FAR * FAR * h_addr_list;
};
So pretty similar, except for the recurring 'FAR' which simply told the Microsoft compiler to count on full 32-bit addresses. (The names are the same.)
What's important to register here are the fields h_aliases and h_addr_list. The response to a query is not a single address or domain but a list, possibly two.
Let's take 'nasdaq.com' as an example. Here's what a real DNS resolution looks like.
Name:
nasdaq.com
Aliases:
Addresses:
199.83.128.215
192.230.81.215
Address Type:
AF_INET
And NASDAQ's web interface?
Name:
e6982.dsca.akamaiedge.net
Aliases:
www.nasdaq.com
www.nasdaq.com.edgekey.net
Addresses:
2.18.143.61
Address Type:
AF_INET
Or let's take another example where the aliases field is filled in.
Name:
e2867.dsca.akamaiedge.net
Aliases:
www.cisco.com
www.cisco.com.akadns.net
wwwds.cisco.com.edgekey.net
wwwds.cisco.com.edgekey.net.globalredir.akadns.net
Addresses:
2.18.134.224
Address Type:
AF_INET
Or why not take SolarWinds itself?
Name:
e5840.dsca.akamaiedge.net
Aliases:
www.solarwinds.com
www-ion-ipv6.solarwinds.com.edgekey.net
Addresses:
2.18.143.168
Address Type:
AF_INET
Both the addresses and the aliases are in fact not single entries but lists - something that the Yonces overlooked, something that doesn't fit in their tiny box.
The entire SolarWinds DNS Resolver application is just a bad joke.
And that's the gist of it.
The report goes on to discuss the trashing of system files, something that cannot readily be prevented on Windows, something that even got a rise out of Bill Gates, something the Yonces just let happen anyway.
But there you have it. And what happened to this illustrious company, this 'SolarWinds' of Tulsa?
They pulled up stakes, moved to Austin, and became (in)famous. Of course.
Their software hasn't improved, in case you were wondering. Here's the post-mortem for one of their recent downloads.
Yep, it's all Windows, even though their website doesn't mention it, and yep, that's a tidy 46 megabyte download for 'yes-you-guessed-right'.
And with all that money. And backing by Mitt Romney. You'd think they could hire on professional programmers who held to a higher standard.
So what's painfully obvious with this bird's eye view is that if you're not so clever with one thing you're probably not too clever with the other either. Something like creating secure systems. Getting suits to spend billions on you - that's the easy part.
Still, one has to congratulate them. Sell crapware like that and walk away with four and one half billion? That's total genius.
There is truly no limit. Human stupidity is truly boundless - at least at SolarWinds.
- BloatBusters SolarWinds Report
|