Compiling static OpenSSL with /MD[d]

July 20th, 2016

So, you have a DLL that uses OpenSSL. Maybe your DLL uses libcurl and you want to support HTTPS? And, you want to statically link to avoid distributing multiple files.

You’re couldn’t find a static build of the OpenSSL libs, could you? And when you downloaded the source, you found that only supports static linkage as an afterthought, and when it does, it links with /MT.

Static MSVCRT. How quaint.

DLLs pretty much always compile with /MD (and /MDd in debug mode). And, in fact, it’s not just DLLs; statically linking with /MT is just simply a bad idea these days, because you need to update the C runtime libraries often. Your DLL needs static .lib versions of OpenSSL compiled with /MD (/MDd for debugging). Those aren’t provided. And the makefiles won’t build them. And there are no instructions on how to build them.

Let’s be honest, statically linking against OpenSSL is not a great idea either. But there are good business reasons for what you’re doing, and I’m not going to judge. I’m writing this because I’m doing the same thing.

32-bit build

Here’s my build process for a 32-bit debug build, based on openssl-1.0.2h. Open a Visual Studio command prompt for your target version (I’m using 2010), then run these commands:

perl Configure no-asm debug-VC-WIN32 --prefix=f:\openssl-32-debug
ms\do_ms
!!!  HACK ms
t.mak to replace /MTd with /MDd: I found only one !!!
nmake -f ms
t.mak
nmake -f ms
t.mak install

You can repeat this for the non-debug target with /MD, and repeat the whole process in a different directory tree for the 64 bit builds, as shown in other people’s examples.

Notes:

  • I couldn’t get the assembler to compile even with nasm installed, so I just gave up on that (hence “no-asm”).
  • Version 1.0.2a gave me link errors even with a vanilla build, so I think it’s broken.

64-bit build

It’s almost the same. In the 64-bit Visual Studio command prompt:

perl Configure no-asm debug-VC-WIN32 --prefix=f:\openssl-64-debug
ms\do_win64a
!!!  HACK ms
t.mak to replace /MTd with /MDd as with the 32-bit build !!!
nmake -f ms
t.mak
nmake -f ms
t.mak install

Bonus Credit

For bonus points, also run the tests.

nmake -f ms
t.mak test

Extra Bonus: Assembly Code

Daboul at stackoverflow got the assembly to compile. According to his comment on this answer, this script will do it:

call cd src\openssl-1.0.2k 
call "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat" 
call set path=C:\Perl64\bin;C:\Users\m\AppData\Local\NASM;%path% 
call perl Configure VC-WIN32 --prefix="../../build/1.0.2k-x86_rel_MD" 
call ms\do_nasm.bat powershell -Command "(Get-Content ms
t.mak).replace('/MT', '/MD') | Set-Content ms
t.mak" 
call nmake -f ms
t.mak 
call nmake -f ms
t.mak install

Adobe’s public FTP site

July 18th, 2016

FYI: Adobe publicly hosts the installers for Acrobat reader on Adobe’s public FTP site. Naturally there are license conditions attached to the use of these files, so be sure you understand them.

Just so you know.

SteelSeries RMA Process — WTF?

April 28th, 2016
Steelpad and M800

My Steelpad and M800

SteelSeries makes great gear. In my experience, this “great gear” also wears out fairly quickly, but outlives the 1-year warranty. Well, usually. My new M800 keyboard has problems after only 6 months, and at $180, it’s definitely worth considering a warranty return. I am now having a new experience: SteelSeries’s RMA process is designed to reduce their work load by treating you, the legitimate customer, like a criminal.

It’s a lot like being a Comcast customer, except without the long wait on hold.

It’s muh birthday — what has it got in its pocketses?

Last birthday, I received a SteelSeries M800 keyboard as a gift. What? Hell yeah! That’s right, the one that lights up any key with any color. It was a total surprise–I had put it in my wish list as a bookmark in case I suddenly received a lot of money that, you know, I didn’t need.

The M800 is bold and flashy; I let it displace my SteelSeries 7G keyboard, the one that has several key caps that just fall off if you hold it upside down, the one that is a real gamer keyboard because it doesn’t have any flash at all. The 7G became my work keyboard, and the M800 became Official Keyboard Of The Big Gaming Computer(TM), a great honor.

Maybe all that attention went to its head. The M800 soon decided that it knew better than me which keys should be lit up. The blinding light of the right-side row of modifier keys can not be dismissed with a simple trip to the Engine 3 configuration program or a firmware update.

There is only one possible conclusion: the M800’s pride has driven it to insanity.

The blinding light, our light that blinds

The blinding light; our light that blinds.

M800 — The return: this time it’s impersonal

It was immediately decided that I would send it back to SteelSeries for, uh, therapy.

So, I requested an RMA return using Steel’s online form. Their form only accepted images of the receipt, so I took a screen cap of the invoice. This was forwarded via email from my wife’s Amazon account, because of this was a gift and I don’t have the damn invoice. Realizing that the rest of the desktop contains sensitive work information, I cropped it out.

Here is what they said.

Please repost your receipt without any cropping. We need to see a full screenshot with no details removed from the top to the bottom. I need to clearly see the current date on the taskbar of your OS. Mobile device screenshots are not permitted at this time.

What? You are kidding me, right? I can fake you up a receipt for anything in about a minute. That’s not some leet hacker skill; anybody can do it.

How to fake an invoice

How to fake an invoice

But sure, I’ll jump through your hoop. I’m a SteelSeries fan after all. Counting my wife’s mouse pad, there are 5 SS mousepads and two keyboards in this house. There was a gaming mouse too, one of the good ones, but it stopped working after, oh, about a year and a half. (You know, not too long after it went out of warranty.)

SteelSeries 7G and DEX

My SteelSeries 7G and DEX

So I submitted a new screen-shot of my invoice along with the entire screen. A silly hoop to jump through, but whatever upper management needs, right?

After a short time, I received what I assumed would be my RMA information in the mail. As you can guess from how I phrased that sentence, I was wrong. Instead, there’s something about printing out a QR code and (I don’t believe this) taking a picture to prove that I really exist and have a printer and a keyboard. Well, just read for yourself.

Please take the following steps:

1) Print the attached QR code attached on a sheet of white paper **
– QR CODE – <link to png>

2) Hand write your name and ticket number on the sheet of white paper

3) Take a picture of the paper alongside your defective product.

4) Use this link to update your ticket and please provide the following
4a. Attach the picture you took in step 3 to the ticket (please do not send a link)
4b. Type your serial number in the update. The serial number can be found on the bottom of mice and keyboards, and on a small white sticker on headsets. On the H Wireless, it’s on a sticker on the inside joint above the left ear cup.

We will then be able to validate your RMA and if it is validated, we will then authorize your RMA.

Did you catch that? We’re doing all this, but they haven’t yet decided whether they’ll issue an RMA!

You are seriously fucking kidding me.

This is all to prove that I own a keyboard, isn’t it? Are people scamming them out of the cost of shipping? I’m using a $200 keyboard for fuck sake; I’ll pay the damn shipping. Just stop treating me like a criminal.

Maybe it’s time for a change

The 4HD pad

The 4HD pad

Other companies don’t treat you like this. I was an early buyer of the Logitech G15 keyboard. They had an issue where the paint would wear off of the key caps. This took many months, but was really annoying–a gamer would have semi-clear WASD keys GLOWING BRIGHTLY in the night, and it was only a matter of time before the other keys wore out similarly.

This is how Logitech handled things:

  1. I called support
  2. They asked for my serial number
  3. They sent me a replacement keyboard.
My SX pad

My SX Pad

No runaround, no BS. They did not send me a box of key caps. They did not ask for the return of my old keyboard (which I have in a box for parts). They just fixed the problem. And the G15 has been rock solid since.

In fact, the only reason I stopped using the Logitech for gaming is that it’s simply enormous–well, and Logitech’s fairly lame app which would get all laggy sometimes. Can’t have laggy responses. I have a better desk now, and whether or not my RMA is approved, I think I’m going to try it again for a while. It does match the Logitech gaming mouse that, incidentally, replaced my now-dead SteelSeries mouse.

That SteelPad is wearing out, too; it’s getting sticky. They don’t make anything like it any more, but others do. Funny, that.

No escape?

In the end, I will have to go back to the M800, because it was a birthday present from my wife. When she saw that she gave me something broken, and the stupidity of this process, it made her sad. So I tried pretending it doesn’t bother me that much.

This has been an educational experience all around. I have now learned that I don’t like lying to my wife.

In the end, I told her about the one small step remaining. “Now that I have uploaded the screen capture, all that’s left is this: they give me a link to a QR code on a PNG, which I print out; I write my name and the ticket number on it and take a picture of it, upload the picture, add my serial number, and then…they decide whether they want to approve me for an RMA.”

I haven’t seen her laugh that hard in weeks. Thanks, SteelSeries!

UPDATE

So it wasn’t about postage. The RMA was approved, but I get to return it at my expense. $41 S&H later, it’s on its way. Hey, I didn’t have a box the right size, so I paid the $10 to have somebody else pack it for me. :)

That’s not all, the terms of the return include this clause:

4) When your product arrives at our warehouse we evaluate if it applies to our warranty.
a. If it is found to not be defective, it will be discarded, and the RMA will be deemed void.
b. If it is found to be defective, we will process your RMA and move to the next step in fulfillment.

Did I hear that right? If they are unable to reproduce the problem with my keyboard, they’ll throw it away. This is really reassuring, considering that the keyboard sometimes takes a few seconds or a minute to display the symptom. Cold solder joints sometimes work that way, which is my best guess here.

If I have an intermittent problem, and they can’t reproduce it, I’m out the cost of shipping, and I no longer have the keyboard to repair at my own expense, either. Great.

Update 2: I Still Might Be A Thief

  • Good news! They received the keyboard and it failed for them, so they’re issuing an RMA!
  • Bad news! I still might be a filthy liar!

This was the first paragraph in the email containing my RMA code:

Due to a sharp increase in fraudulent activity, we are increasing screening after order checkout. As a result, your order may be temporarily held while we do a final screening. If the RMA is confirmed to be fraudulent, we will cancel the order.

“Fraudulent activity?” They have my hardware, they are the ones issuing rebate codes. At this point, I still might be a thief? I understand that they need to protect themselves from scammers, and of course they need to to refuse RMA service to actual thieves. But the way the communications have been phrased throughout this process shows a complete lack of understanding of basic tact.

Going through the motions

I initially assumed that the person managing SteelSeries support is an asshole. But it’s just apathy. They have every system in place that you would normally require to provide the very best customer service, tracking software, cases assigned to individual support personnel, a very good policy of replacing defective gear.

But when you’re on the receiving end of this process, you can see that nobody that works at SteelSeries has ever been in your shoes. Clearly there has been no thought or effort put into considering how the customer experience is, well, experienced by the customer.

Update 3: Icing on the cake

So, several weeks, $41, and some humiliation later, I have a replacement keyboard in a box from UPS. At least I got it, maybe it even works. But in any case, it’s time to click the “Give us feedback on this issue” button. And I am taken to a screen bearing this message:

This issue is closed. Go away.

This issue is closed. Go away.

Yeah, the issue was closed. Automatically. Several days before the replacement keyboard arrived.

In a way, this is comforting; the mystery is solved. I no longer have to wonder “why?” I know why. SteelSeries has a crap RMA department because they don’t listen to feedback from their customers.

https://www.youtube.com/watch?v=vEccNAOUA_k

(Featuring “Korg Electribe pattern #41 by tekHedd”.)