Slashdot Mirror

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode.

Because GOTO is considered harmful.

Logo teaches them to think in terms of processes, as well as teaching the importance of syntax.

As for your comment that BASIC gets slagged on slashdot -- I think typically it's VisualBasic that gets slammed, for giving people the tools to get a bit of programming done without making sure they have programming concepts down.

I'll grant that Microsoft has some good products -- but I wouldn't call Excel one of them by any stretch of the imagination. It isn't even particularly accurate!

Word, I'll grant you. Excel, no.

• an established body of knowledge
• established best practices (codes)
• accredited education programs
• established codes of professional conduct and ethics
• examinations (licensing)

There are codes of ethics and conduct in the profession. IEEE's code and ACM's code are out there. They do not specifically address software piracy but both condemn harming property. In this forum, it is often mentioned that this activity is not exactly theft but illicit copying. Nonetheless, I would throw software piracy into the realm of property harm in the context of the code of ethics.

It sounds like this activity is already rampant. It is less clear if it can be pinned on you or not. Are those involved aware the licensing agreements are being violated? Are they aware of the fines for such things? Are they aware of the implications of getting caught (an IT professional could end a career, a business could go under)?

There are people who do not care. Some people would consider this the same situation as exceeding the speed limit by 5 miles per hour. Some feel that the prices are unreasonably high for the product and choose this as a mild practice of civil disobedience.

I do not want to sugar coat your situation, though. The IEEE regularly reports that a whistleblower is screwed. Despite all the laws and rules put into place to protect such a person, the career could end. The company may stop providing advancement and raises. The company may provide very negative references. The company may even engage in unlawful termination activity. All of this, however, is difficult to prove in court. The result would be large legal bills and no income. Read more about it:
The whistle-blower's dilemma
Kumagai, J.
Spectrum, IEEE
Volume 41, Issue 4, April 2004 Page(s): 53 - 55

Your most pragmatic approach may be to get a new job and report them to something like BSA later. That may sound like a case of sour grapes, but there are no perfect solutions.

Good luck with your choice: it is a matter of selecting imperfect solutions in an imperfect world.

PS: Your work computer belongs to the company. They may already be monitoring you. As a member of IT, you may be more aware of the monitoring than others. Keep it in mind, however, because secrecy and anonymity tend to be important in these matters.

You mean like the ACM Code of Ethics?

Can you REALLY trust the OS on the PC you encrypt data on?

http://en.wikipedia.org/wiki/NSAKEY

http://en.wikipedia.org/wiki/Backdoor

Backdoor'ed C compilers

If not, all bets are off!

I wish I had mod points for you, buddy.

Anyone remember this article about bugs and programming?

Committing the "black or white fallacy" is destructive everywhere, both in politics and programming. Saying that there's no difference between Democrats and Republicans because they're both politicians is good for one thing:

letting smug, lazy cynics feel somehow that by not doing anything, they're intellectually superior.

All that makes you is a part of the problem.

Three chromosomes for the maths-kings under the sky,
Seven for the Dinosaur-lords in their halls of chicken,
Nine for polyglutamine doomed to die,
One for the pneumolysin on his dark throne
In the Land of Slashdot where the Firehoses lie.
One Sequence to rule them all, One Sequence to find them,
One Sequence to bring them all and in the darkness bind them
In the Land of Slashdot where the Firehoses lie.

From TFCFP (call for participation):
Filters will be evaluated based on a weighted combination of the percentage of spam blocked and its false positive percentage.

From a theoretical standpoint, a low false positive average over an entire set (like <1%) might seem okay, but that doesn't take into account what's important to users.

Take, for example, a message from a long-lost friend, whose current address isn't yet in your whitelist, and who would have no other way of contacting you should the message get spamboxed. Here's an example of a message that's important to a user but gets lost among the everyday messages when simply talking about the percentage of false positives.

There's lots of other examples, too -- if you run your own domain, your messages are likely to be spamboxed, etc. Furthermore, the lower the false-positive rate, the less likely a user is to actually *check* their spambox, thus making a single false-positive even worse.

Microsoft's own Hotmail, of course, is notorious for spamboxing messages like that. And yet the conference is being held at Microsoft, and Microsoft's own spam researchers proudly touted their system in the February 2007 Communications of the ACM.

Something tells me the leaders in the field are sort of missing the point. Simply bringing down the aggregate false positive rate is *not* enough. The measure needs to take into account how often the user actually misses information that's important to them.

> Actually the answer is, in general, yes. The software vendors must turn over "source code, object code, and executable
> representation of the voting system software for use in an election" (from the bill).

Unless you can take their source and compile it yourself into *exactly* the same - byte for byte - executable, using a publicly available open source compiler, then you can't trust the executable.

See: http://www.acm.org/classics/sep95/

WOW, I can hardly figure out where to start here.
HOSTS?
"When was the last time terrorists killed someone over the internet?!"
That feature is in beta - coming soon !!!
"It isn't about terrorism at all. It is about control and about policing the rest of the world."
If you repeat a word over and over enough (terrorism), it loses meaning, is trivialized.
It IS about control.
DNS is part of that control. (think bypass, sieve)
What if you HAD to pull the plugs?
Think about that, I'll wait.

http://www.youtube.com/watch?v=EYGKV1MaIaY

(God, I love the internet :-)
"Should U.S. DHS be trusted?"
Better question is about the policies of the Bush (v2.1b) administration.
Question authority. Talk to power, carry a big stick, etc.
Ummmm, what was the topic?
DNS (Mockapetris-Postel), right.
Defeat? With your own invention? (ARPANET)
http://www.dei.isep.ipp.pt/~acc/docs/arpa.html
Talk about shooting yourself in the foot and having a name such as "Smith" or "Wesson".
Apathy, lack of awareness and naivety is the greatest enemy.
We're (U.S.) so good at picking up the pieces.
Education, prevention, awareness - not so good.
Some need to understand you can use the internet to harm people - physically.
It's called a malicious Logic Bomb.
It IS rocket science.
Ask your ex SysAdmin about them.
Bios, Firmware, Flash memory, chip crowding, reconfigure with malice, and watch it burn.
Been there, seen that. Do that on a National scale and you have a society meltdown right in front of your eyes, wait two days - stir.
People were writing these things for hardware in the 80's and 90's, X-platform.
Remember all that talk of "hardware eating viruses" that would crop up occasionally, and how that person would be flamed out of the thread?
Ridicule and denial ... the American way. Fingers in ears -la-la-la-la-la-la-la-la.
There are no unbelievers on the battlefield.
"The truly powerful signing key is for Windows Update"
Why would you want any of that when you own the hardware?
Think (rouge) Eastereggs:
Microcode:
Disguised Bugs:

http://en.wikipedia.org/wiki/Easter_egg_(media)
http://en.wikipedia.org/wiki/Hidden_track
http://www.acm.org/classics/sep95/

Really, people have no idea what's going on now.
I've been banging this drum since 1997.
The NSA/CIA/DHS is starting to trickle out awareness of this very thing.
Joel Brenner - The National Counterintelligence Strategy of the United States 2007, speaking last Thursday at the American Bar Association.
(He speaks about the hardware problem near the end)

http://www.abanet.org/natsecurity/multimedia/2007/ breakfasts/joel_brenner_transcript.pdf
http://www.abanet.org/natsecurity/multimedia/2007/ breakfasts/joel_brenner.mp3
http://www.abanet.org/natsecurity/

Richard Clarke on Countdown with Keith Olbermann
Jan 22, 2007

http://www.msnbc.msn.com/id/16771741/

CLARKE: ... China is building cyber warfare units. The Chinese general said publicly that if we get into hostilities with the United States, we will reach out through cyber space and turn off the American electric power grid. From what I can tell and what I learned when I was in government, that's possible.
Not just China.
I'll play Chicken Little, you ... think about it.
I'll wait.

I have two words for you: Turing Award.

http://awards.acm.org/citation.cfm?id=7232067&srt= all&aw=140&ao=AMTURING

> men seem more responsive to email because it bypasses their competitive tendencies

Which is profoundly contradicted by research on flaming:

http://portal.acm.org/citation.cfm?id=967562&dl=AC M&coll=&CFID=15151515&CFTOKEN=6184618

http://www.indiana.edu/~tisj/readers/full-text/15- 3%20guest.html

The lack of "media richness" in email makes its intent easier to mistake. Males tend to jump to conclusions because the tend to try to problem-solve everything (especially when the problem is figuring out if they've been attacked), while females tend to either give it the benefit of the doubt or ignore it.

In TFA, the authors start from a hypothesis which includes an operational definition nobody else uses, and they go on to support what amounts to a supposition. A great deal of communications studies in both gender communication and computer mediated communication is entirely ignored. I've studied both, taught both, and published in the latter. It's a gender stereotype when you draw the conclusion, right or wrong, without considering objective data. TFA ignores masses of objective data. Therefore I submit that their conclusion is precisely the thing they claim to be trying to study.

I've said it before: the lowest code owns. Also true: he who codes the lowest owns.

See Reflections on Trusting Trust. It should be required reading of every programmer.

When I was in my early 20s and had been programming only a few years, and John was already a legend and IBM Fellow for his work on FORTRAN, I had the pleasure of meeting him informally a few times. You would have thought our positions and experiences were nearly the same. He was always as engaged and delighted with younger people like me as with other giants of the computer field, some of whom were standing right with us at those get togethers (Jim Gray comes to mind). John was extraordinarily decent, kind, and down-to-earth, and he will be very much missed.

I think some of the wise guys/gals on this list are missing the point of the FORTRAN team's contributions. It wasn't that FORTRAN was the perfect language. To some degree, that wasn't even the goal. Quoting from an an article by Backus (full text is available only to ACM subscribers, unfortunately):

At the time the FORTRAN work was done, people didn't believe that a compiler could produce code that was fast enough. If you go back to the early references on FORTRAN you'll find that they implemented optimizations that were still considered sophisticated 15 years later. The difference is: the FORTRAN team did it at a time when nobody had done it before. Furthermore, they did it on an IBM 704 that would be too weak (if not too small!) to power a wrist watch today. Its core storage units were tens of cubic feet in size, and each held 4K 36 bit words, or just over 32K bytes in modern terms. Even the "high speed" drum storage units (like a disk, but with no seeking needed) held only 16K of those 36 bit words. On this machine, they built optimizations that were considered sophisticated even decades later, when machines had gotten much bigger and faster. Quoting from that same article:

The computing field has lost someone very special.

I find it somewhat troubling that in this article John Backus is remembered primarily for the genie that he tried to put back in the bottle.

FORTRAN was utilitarian and procedural and good at enabling engineers and scientists to get work done. However, the problem with FORTRAN is the imperative pattern of though that it imposed led us to tell the computer a precise sequence of steps to accomplish each task. It doesn't offer information on dependencies, simply a "go here, do that" sequence of instructions. Imperative programs are inherently hard to reason about in terms of global state and effects and as written tend to be subject to off-by-one errors.

Backus saw this in 1978! See http://http//www.stanford.edu/class/cs242/readings /backus.pdf.

His insight spawned a great deal of the interest in functional programming languages. It was been credited by Paul Hudak of Haskell fame http://portal.acm.org/citation.cfm?doid=72551.7255 4 (ACM membership required) (summarized here http://lambda-the-ultimate.org/classic/message4172 .html) and others as really helping to turn the tide and kept functional programming languages from being snuffed out.

A lot of people don't see the point, having never programmed in a functional programming language like Haskell or ML. However even those people see dozens of cores on the horizon and wonder how they are going to deal with the debugging issues associated with all of the threads to keep those processors churning.

Functional programming offers an alternative viewpoint that is arguably much better suited to handle multiple CPUs working on large datasets. A case for this was recently reiterated by Tim Sweeney of Epic Megagames fame who said "in a concurrent world, imperative is the wrong default!" http://www.st.cs.uni-sb.de/edu/seminare/2005/advan ced-fp/docs/sweeny.pdf.

Haskell has brought Software Transactional Memory (STM) into play offering an alternative approach to traditional mutexes and locks that is compositional in nature unlike locking models. This is an approach that isn't readily emulable in an imperative setting because of the lack of guarantees about side effects. http://research.microsoft.com/~simonpj/papers/stm/ index.htm.

These are solutions to real problems that we are experiencing today, not some academic sideshow, and they arise from a school of thought that he helped bring a great deal of attention to.

If you want to do something to remember Backus take the time to learn OCaml or Haskell or even just take the time to learn how to effectively use the map and fold functions in Perl, PHP or Ruby.

It is his willingness to turn his back on what was percieved as his greatest work when confronted with a better idea for which I will remember him and I am a better programmer today for having learned what I could from his ideas.

This brochure from the ACM, IEEE Computer Society, and the Association for Information Systems claims, "Estimates for job growth in the United States range from 38% to 56% across the computing spectrum. With more choices and more opportunities, it's a better time than ever to begin a career in computing. In fact, according to CNN/Money Magazine in 2006, software engineering is the number one best job for salary and opportunities!" The document is targeted at high school students. In my opinion all the parents have been taken in by the FUD. I have worked in Software Engineering since 11/95 and have seen the market keep growing. More and more people are relying on technology and software everyday. Applications are never "done". There are new features to add, new hardware to support, and new technologies to take advantage of.
As for outsourcing, I was involved in an attempt to outsource some software development. They wanted to find a company in India who could do Windows device drivers. Again and again, we could talk to the PhD highups but when we pushed to talk to the actual folks that would work on the project we found they had little experience in driver development and almost no experience in development on multiprocessor severs. This happened with several different companies. Also, folks are finding that outsourcing to far away countries is a massive management headache. It takes all the problems of local contractors and makes them worse.

Outsourcing is like anything in life...in the end you get what you pay for!

This brochure from the ACM, IEEE Computer Society, and the Association for Information Systems claims, "Estimates for job growth in the United States range from 38% to 56% across the computing spectrum. With more choices and more opportunities, it's a better time than ever to begin a career in computing. In fact, according to CNN/Money Magazine in 2006, software engineering is the number one best job for salary and opportunities!" The document is targeted at high school students. In my opinion all the parents have been taken in by the FUD. I have worked in Software Engineering since 11/95 and have seen the market keep growing. More and more people are relying on technology and software everyday. Applications are never "done". There are new features to add, new hardware to support, and new technologies to take advantage of.
As for outsourcing, I was involved in an attempt to outsource some software development. They wanted to find a company in India who could do Windows device drivers. Again and again, we could talk to the PhD highups but when we pushed to talk to the actual folks that would work on the project we found they had little experience in driver development and almost no experience in development on multiprocessor severs. This happened with several different companies. Also, folks are finding that outsourcing to far away countries is a massive management headache. It takes all the problems of local contractors and makes them worse.

Outsourcing is like anything in life...in the end you get what you pay for!

Dont tell that to my professor.

Grepya quoth: Now, I write software for a large and complex system containing millions of lines of code and I know that nobody could slip a single line of code into my project without my knowledge. This is because everything that goes into the build goes into a source control system, and email notification is generated to interested parties. Me and Ken Thompson pwnz0red your source control system twenty years ago, and we can slip in all the code we want without anybody being notified at all!

Quis custodiet ipsos custodes? Or in modern terms, who validates your compiler?

And even there, there is a workaround that can be employed with the use of a 3rd party that doesn't block incoming connections (though I haven't heard of any P2P protocols currently use this method in the wild).

Skype (which, coincidentally, was written by the same people who wrote Kazaa) uses some of those workarounds to punch through NAT firewalls. I do not know if Kazaa uses them, but the authors of Kazaa could have certainly done so.

The point of all this being, you can share files, without accepting inbound connections. You can download files from others without accepting inbound connections. And you can participated in the P2P network (communications, searches, etc) and all of the above, without your P2P program knowing your public IP address.

But P2P works better if it has access to your public IP address, and you can accept inbound connections. Hence some P2P applications will complain if they detect that they are NATed and ask for your public IP. Some will auto-detect you public IP. Others will not only autodetect your public IP, but if you have a UPNP-capable router, will automatically detect or otherwise set up appropriate holes in you NAT firewall (later versions of Azeurus do this, I believe) to forward inbound connections. And, as aforementioned, Skype uses NAT-busting techniques to bypass setting up proper forwarding rules altogether. Skype's ability to get past firewalls is actually somewhat frightening...

Although the original design of the internet was based on the assumption of a static one-to-one mapping of computers to IP addresses, this is not the case today. DHCP means that the mappings are not static, and NAT means that the mapping isn't one-to-one (indeed, a sufficiently sophisticated NAT setup could be many-to-many, although such would be unusual). Even MAC addresses aren't really unique--it is quite common to set up interface failover by spoofing the MAC address of the failed NIC. Identifying a computer uniquely is a very tricky process--the common means of doing so rely on these broken assumptions. The uncommon means (specifically, searching for evidence of clock drift in timing parameters) are, well, not commonly used, and have higher false positives (due to sensitivities to temperature and the low precision of clock drift measurements). And none of this can be used to show that a particular person was doing anything at any point in time.

From my limited experience with expert testimony, many expert witnesses, although experts in their field, are not experts at being witnesses. It's a way for a university professor to pick up more money on the side with easy consulting work, especially if hired by a petitioner under the expectation of a weak defense by the respondent. In such a case, speed and cheapness are prized above thoroughness and accuracy, and actually being deposed by a lawyer who has been prepped on the sorts of questions to ask would be quite the surprise. Dr. Jacobson appears to have been caught with his pants down, giving a slap-dash report which is clearly biased in favor of the side which hired him. Although he isn't a member of any regulatory body, I would be surprised if he wasn't a member of the ACM or the IEEE Computer Society, and in violation of their respective codes of ethics (specifically, ACM 1.2, 1.3, and 2.5, and IEEE 2, 3, 7, and 9).

Having source is not sufficient.

Check out Reflections on Trusting Trust by Ken Thompson.

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

A templating language's support for math functions does not get in the way of designers using it. They don't need to know math in order to use it. Your argument that designers don't deserve to be able to use math even when they need it is ridiculous. Maybe your designers are mathematically illiterate, and your templates are extremely simple, but don't try to force your low standards on the rest of the world. There is nothing about supporting math that makes a templating language hard to use.

In fact Smarty does support some math functions, but not all of the functions supported by PHP. So are you actually arguing that Smart goes to far in its support for math?

Since when were you the final authority of which functions view logic should be allowed to call? I often need to round a number to a particular number of decimal places in the view, so why are you arguing that I shouldn't be able to?

As for your guess that I don't know MVC: I've writing user interface toolkits since 1986, when I developed pie menus for the X10 "uwm" window manager, and I've been regularly using OOP and MVC since at 1987 or so. When and how did you learn about object oriented programming and MVC? Do you know enough about MVC to offer any criticism of it, or do you just blindly accept it as a given without questioning it?

The hypermedia formatting and templating language I developed around 1987 was called the "HyperTIES Markup Language" for Sun workstation version of the HyperTIES hypermedia browser, while I was working for Ben Shneiderman at the University of Maryland Human Computer Interaction Lab. I implemented the first version in Forth, and it had full access for Forth expressions, conditionals, loops, etc. We implemented the second version in C, and it had a full set of mathematical and string processing functions, as well as the ability to define macros, conditionals, loops, etc.

Here is a description (including links to the source code) of the HyperTIES Hypermedia Browser and Emacs Authoring Tool for NeWS, and also a paper we published about HyperTIES in the ACM journal "Hypermedia" Volume 3, Issue 2 (1991): Designing to Facilitate Browsing: A Look Back at the Hyperties Workstation Browser [reference].

You should read the paper we published in 1991, because it gives a good explanation of why templating languages should support macros, math and string processing functions. One reason is conditional text. The conditions must be able to evaluate conditional expressions, which need to be able to call math and logic fuctions, as well as many other utility functions that are useful for authoring conditional text.

Have you published or can you reference any peer reviewed papers that support your point that templating languages should not support math? But it seems like you don't know templating languages, anyway.

From Designing to Facilitate Browsing: A Look Back at the Hyperties Workstation Browser:

Generating customizable documents

To achieve effective formatting we created the Hyperties Markup Language (HML) in 1988. It includes standard markup language features and conditional text to easily customize the document based on user actions. Although traditional Generalized Markup Languages, the Interleaf document preparation system, and scripting languages such as Hypertalk enable authors to specify conditional appearance of text, we feel that this feature should appear as a regular part of hypertext systems. Our empirical studies have shown that by limiting the amount of text on the

The FSF is not a research organization, so in principle they don't innovate anything.

GCC, GDB and BISON were all based on academic research papers by other people.

Emacs, predating FSF, was pretty innovative for its time, and has been a source of inspiration for other text editors and IDE's for decades. RMS even wrote one of his few academic papers on it.

The copyleft is a major innovation, RMS used copyleft licences before the GPL, the GPL was also innovative as the first generic copyleft license. The copyleft fill an important niche between the older "just don't sue us!" licenses (such as BSDL, but many earlier such licenses existed) and the "not for commercial use" license (popular at the time). The copyleft creates a level playing fields that allows competing companies to cooperate, something neither of the two other (older) classes manage.

I respectfully invite your attention the article "Computing versus human thinking" by Peter Naur in the January, 2007 edition of Communications of the ACM. Naur lays out an extremely sound theory of intelligence, which I found very enlightening in terms of the possibilities and limits of AI. It very much reminds me of Hofstadter's research.

Wishful thinking there. MS is just as big a tax dodger in the US as it is in Europe. Just because you pay your taxes and your company pays it's taxes doesn't mean that either Big Bill or his company do so.

It gets even simpler. You can't trust any closed source code. Now, there is still some quality stuff out there that MS hasn't run out of business or bought out, but the bottom line is regardless of whether it's from the MS movement or from a normal company, if you don't have access to the code for the entire tool chain, it could contain just about anything.

However, you don't have to be technically oriented to know that MS presents a problem here. Just read the EULA for 2000 SP3, XP SP1, and 2003 and later. It says flat out that you grant admin rights to Big Bill or his designated representatives.

The bottom line is that the school and the teacher were asking for trouble when they risked it with MS Windows. MS has tried the same thing in many other school districts, sometimes with success and other times driving the whole district to more appropriate technology.

I was at a presentation of their paper on this in Portland last year: http://portal.acm.org/citation.cfm?id=1169001&jmp= cit&coll=ACM&dl=ACM&CFID=14265233&CFTOKEN=82641255 #CIT From the abstract: "...techniques that exploit the visual nature of sign language. Inspired by eyetracking results that show high resolution foveal vision is maintained around the face, we studied region-of-interest encodings (where the face is encoded at higher quality) as well as reduced frame rates (where fewer, better quality, frames are displayed every second). At all bit rates studied here, participants preferred moderate quality increases in the face region, sacrificing quality in other regions. They also preferred slightly lower frame rates because they yield better quality frames for a fixed bit rate. These results show promise for realtime access to the current cell phone network through signlanguage-specific encoding techniques." Bob

So finally the tile processor architecture makes it to the industry. People in the comp arch group at MIT envisioned and prototyped something pretty similar to this years ago as the RAW processor.
http://www.cag.lcs.mit.edu/raw/
http://portal.acm.org/citation.cfm?id=624515
http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumb er=13382&arnumber=612254

But in the end, a lot of the stuff that may take advantage from parallel programming, may or may end up good in practice. Take for instance a database system. If you did a bunch of stuff in parallel algorithms then you basically add a bunch of overhead in the form of distribution and gathering, and extra threads or processes. If you leave it as sequential, then you cut down on the overhead, and leave the other CPUs or cores free for other queries coming into the database. I don't work with parallel programming enough to know the answer, but would you really get better performance than the sequential algorithm? Even when you have to processes multiple requests at once, and 1 request is using all the cores? I remember that it was possible to sort N elements in O(log (n)), but only if you had n processors. So on 1 processor, it ends up taking O(n log (n)), which is the same as a serial sorting algorithm (related article. Usually you have 1 or 2 cores, maybe 4, or something really large like 64 or 128, but if you're sorting billions of elements, then you're very close to something that's only as efficient as the serial algorithm, plus a bunch of overheard. If you have 128 cores, you're probably better off serving 128 requests with serial algorithms, each with it's own core, then trying to run them as parallel processes 1 after the other.

If I can't see the code myself, I am forced to trust that the vendor has refrained from inserting a backdoor in the code. As for third party audits, I trust them as much as I would trust Microsoft to hire an impartial third party to determine whether a new Office version actually increases productivity.

I don't care how many pictures of keys, keyholes, locks, policemen, security guards, castles, gates or agents in glasses the website hawking the product has, how high it ranks on cnet, how many recommendations it gets by editorial staff in magazines, or how many times superlatives ("military grade", "256 bit", "tinfoil hat", "for the ultra-paranoid"), are used in conjunction with the word "security" in a review or the product description. IF I CAN'T SEE THE CODE, I DON'T TRUST THE APPLICATION. PERIOD.

The next level above that is code that I can see - typically open source. At least then it is theoretically possible that someone could get caught inserting a backdoor, with resulting impact on their reputation. Compiling it yourself should be more secure than using something compiled by someone else. One should also consider who is writing it, and who has provided funds to write it. Should I trust them?

Above that is open source code that someone I trust has audited or written.

And above all is code that I have personally written.

Obviously there are trade-offs to be made (usually the only software available to me for my budget is either commercial or open source), but that's how I do the ranking.

Maybe it's time to re-read the classic "Reflections on Trusting Trust". http://www.acm.org/classics/sep95/

No it wouldn't, at least not in the original BitTorrent specification. Seeds upload to the fastest downloaders, so all you have to do is track down seeds and download from them as fast as possible. Also, you can have a lot of connections open and other peers will throw you a bone once in a while.

In all, a client which does not upload and is optimised for this purpose has a download speed comparable to other clients. See also http://www.acm.org/sigs/sigcomm/HotNets-V/locher06 free.pdf. Of course, if everyone starts doing that the system collapses.

The F-16 didn't "bounce off the equator". Before it ever flew, in simulation the computer flipped the plane over when it crossed the equator due to a bug that incorrectly handled southern lattitudes. Additionally, since the computer "flip" happened instantaneously, and the f-16 can roll at much higher G forces than the pilot can take, the flip would have killed the pilot (and the F-16 would have happily continued on its way).

http://portal.acm.org/ft_gateway.cfm?id=163293&typ e=pdf&coll=GUIDE&dl=GUIDE&CFID=11154656&CFTOKEN=19 136062

How can a JIT run faster than a Jazelle implimentation?

The same reason ARM code is faster than THUMB. When you compile an algorithm to a bytecode, it probably takes more instructions than it would take using 32-bit ARM instructions. When you JIT you don't just convert a bytecode to an ARM instruction, you do some optimization, and the resulting code is typically faster.

There are also other optimizations you can do at execution time that you just can't do at compile time. This is why work you do in the microarchitecture pays off (ie, out of order execution, alias detection, etc), but you can also find interesting things like HP Dynamo that find speedups in JIT recompiling PA-RISC to PA-RISC. Fun read, check it out. Ars technica article here, real paper here

Checking the source code for backdoors (and removing them) doesn't mean there aren't backdoors in the other software involved. It all comes down to trust:

1. Can you trust the programmer to write bugfree code and not to insert hidden code or well-covered trapdoors?
2. Can you trust the compiler not to insert malicious code independent of the code compiled? (See above paper.)
3. What about the preprocessor, assembler, and linker (or interpreter)?

That's a lot of trust to share.

Oh no, not again.... I though that the FUD on Ethernet has died at least 10 years ago.

Measured Capacity of an Ethernet: Myths and Reality

http://www.acm.org/sigs/sigcomm/ccr/archive/1995/j an95/ccr-9501-moguleth.pdf

My advice to anybody who wants their cake and eat it too: Use different handles for different applications.

Don't count on it. There are tools to identify people by writing style that can be used to uncover and link multiple identities. I think they've even been mentioned here on slashdot along with claims of very high success rates. I don't really know how successful they will be when applied to really large datasets like some of the larger forums on the net, but they are at least a cause for concern.

Here's a reference to one such set of tools: A framework for authorship identification of online messages: Writing-style features and classification techniques

If your system is compromised, nothing is trustable. Not the kernel, not the sync utilities (which on a FreeBSD system would be the first thing to alter), not anything. I did not miss the part about syncing to master. If there's a rootkit it will either make sure your sync still has its changes, or it will simply not install files silently. It could also modify your compiler to produce backdoors in your executables (For more on this one in particular, look at this http://www.acm.org/classics/sep95/Turing Award Lecture by Ken Thompson, one of the original people involved with Unix. This has been done before, and can be done again.

I repeat--If your system has been compromised, you can only rely on things that are non-modifyable by the system (I.E. BIOS ROM, unconnected disks). Your filesystem driver cannot be trusted. Expect it to lie whenever it needs to. Assume that the rootkit will not do anything that will help you find it. Syncing your source tree depends on way too many things that would be compromised to rely on (filesystem, network driver, sync utilities, libc, etc). The same goes for any other software update of any kind (excluding livecds -- assuming said rootkit didn't change your BIOS).

This is a good place to start. There are more ways to break into a house than there are doors.

How hard is it to build a basic but worthwhile rootkit detection tool with common tools? Like run `md5 /bin/*` and then ship the output of that to another machine every day for comparison to yesterday's output of that command? (Looking at other directories as well, of course.) My understanding is that many rootkits come with hacked versions of tools like 'ps' to hide themselves.

On the one hand, yeah, let's not reinvent the wheel, but on the other hand, there are advantages to building your own tools:
- you know exactly what they're doing--more complicated pre-existing tools might do more, but if you don't understand their output, they're no good.
- you don't have to trust*/audit someone else's code
- they don't do more than you need
- they don't have features that you don't know about or might misuse
- at the very least, it's a great way to learn

* yes, I know about this. but there are reasonable limits--I do trust that my distro came with a clean copy of gcc. OTOH, I'd rather write my own 20-line script that download someone else's that says it does the same thing as what I would write myself but that I'd have to audit for even the smallest things, like sneaking in an
if ($rooted="no")
instead of
if ($rooted=="no")

Some of the points he is making are BS. They are not good `Unix habits` they are simply hacks that marginally reduce the workload but (arguably) increase complexity.

Ie there is NOTHING bad about piping cats. While you might indeed get a ~30% performance increase if you skip the cat, the complexity increases. We often sacrifice performance in order to increase abstraction and understanding.

What makes unix so powerful is its modularity, the fact that you can pipe any output from any application to any applications stdin. This makes it possible to use common tools app1 | app2, app1longoutput | grep thingsIwant. The possibility to mix and match common elements that (arguably) makes unix powerful.

Advice that says "stop piping cats" is akin to "stop using helper functions, they overload the stack, instead do everything in one function"

--
A better articulated article on the programmers intellectual ability vs proper abstraction techniques:
http://www.acm.org/classics/oct95/ - Dijkstra, Edsger - "Go To Statement Considered Harmful"

Check on the ACM curriculum recommendations. http://www.acm.org/education/curricula.html and http://acm.org/education/k12/k12final1022.pdf

Also the College Board. http://apcentral.collegeboard.com/apc/public/cours es/descriptions/index.html

Due to the fact that the College Board Computer Science AP test is given using Java, I highly recommend that in place of C/C++ as the language framework for teaching the concepts. Any language chauvinism aside, Java tends to be easier for beginners to grasp since it has far few "dark corners" to get into. Those dark corners are invaluable to programmers who need them, but for learning they tend to be counter productive. My son placed out of his first two programming courses due to AP, though that was a few years ago when the test was given in C++. Java is very much derived from C/C++ so you should have relatively little trouble adjusting yourself. You'll also find active online communities of other HS Computer Science teachers so you can find/share resources there, especially for things such as appropriate texts for the earlier courses (the AP courses should use the same texts as nearby colleges) and appropriate programming environments for whatever your computers are running.

Personally, I suggest that you start students in a simple web environment using a plain text editor, then once the programs become non-trivial, move into either Eclipse or Visual Studio, or at least get a good language aware programming editor. It will take about a week or two to get them used to the environment, but it pays off big time for debugging and general productivity.

Check on the ACM curriculum recommendations. http://www.acm.org/education/curricula.html and http://acm.org/education/k12/k12final1022.pdf

Also the College Board. http://apcentral.collegeboard.com/apc/public/cours es/descriptions/index.html

Due to the fact that the College Board Computer Science AP test is given using Java, I highly recommend that in place of C/C++ as the language framework for teaching the concepts. Any language chauvinism aside, Java tends to be easier for beginners to grasp since it has far few "dark corners" to get into. Those dark corners are invaluable to programmers who need them, but for learning they tend to be counter productive. My son placed out of his first two programming courses due to AP, though that was a few years ago when the test was given in C++. Java is very much derived from C/C++ so you should have relatively little trouble adjusting yourself. You'll also find active online communities of other HS Computer Science teachers so you can find/share resources there, especially for things such as appropriate texts for the earlier courses (the AP courses should use the same texts as nearby colleges) and appropriate programming environments for whatever your computers are running.

Personally, I suggest that you start students in a simple web environment using a plain text editor, then once the programs become non-trivial, move into either Eclipse or Visual Studio, or at least get a good language aware programming editor. It will take about a week or two to get them used to the environment, but it pays off big time for debugging and general productivity.

What a bunch of hypocritical ninconpoopery. Although, that's only to be expected when reading SlashDot and Microsoft in the same sentence. I was impressed to see a few people actually backing the 3v1l suxx0rz, however. I haven't read all the posts and this one won't get read either, but I couldn't not put something down.

Bill Buxton recently spoke at CSCW 2006 and had a great talk. One of the things he talked about was his recent hiring by Microsft Research. He took a lot of flak when he moved there, but here he presented the reasons he joined. Basically, Microsoft funds and embraces research, and they encourage people to publish what they find. This can be seen in reality when you look at the mass of publications that come from or are touched by Microsoft Research at many of the academic conferences I attend regularly (like SIGCHI, CSCW, UIST, etc...). I have known many people who have done many internships at MSR, why would they go back if it is so terrible?

A good example of research personified is the new side-bar in Vista. This idea was not stolen from anywhere. It was originally published here and in that paper you'll see the original prototype was written by a research intern, who was inspired by work he and I were doing together at the time in our graduate programs (and that work is cited by this paper as well). Am I peeved that MS hasn't bought out my MSc Thesis? No! Is he peeved that MSR furthered and then included his prototype in a shipping product several years later? No! Most of the numpties here would be peeved, though. Whatever. We work at the same company now, and I can honestly say it's a discussion we've never had.

It was amazing to see the zealots in the CSCW community turn on Buxton. Buxton is long resepected and almost revered in this research area, but the overpowering hate of MS broke through even his passionate and relevant points. It's almost as bad as religious extremism. During the question period, one attendee called out MS (using Bill Buxton as the face) for not releasing easy ways for him to get projects he was working on in after school programs with kids onto the XBox. "Why can't I compile and run this stuff on an XBox without paying lots of money to MS? If MS is so great, why don't they enable people to use their stuff?" Bill said "well geez, contact me after the conference and I'll look into it." Anyways, it's unrelated to Bill, how about this??? And a month after his talk, no less. MS knows that enabling people on their systems is the way to go, and they work towards that. Slashdot will accuse them of stealing the idea from OSS, I can't wait.

(Now) classic Slashdot riff: "PS3 is teh suxx0rz! My XBOX 360 pWns! Gonna get a Wii too!" followed by a post in the next article by the same person "M$ is teh suxx0rz! Evil evil bad horrible!" Again, if you don't want to use MS products, then don't! It's that simple! I run Windows because I don't have to think about it. It has the tools I want, accessible and running. I run a Linux file server, because it's inexpensive (cost: a bunch of hard drives and an old pc I'm not using) and it works just for what I need. This is hardly Gap or Nike or Enron or McKesson (personal experience dictates I say that here :D) we're talking about, here.

A point about OS's. The classic definition of OS has changed and evolved over the last few years (greatly simplified): An OS initially was a human operating a loom. Then it evolved to a series of cards running a loom. Then it was a bunch of cards running a census tabulator. Then it was a bunch of cards running a bunch of vaccuum tubes (pop!). Then it was a bunch of cards running big mainframes. Then it was an incr

The industry group Association for Computing Machinery has a model curriculum for integrating computer science into K-12 education. You might find some helpful ideas in there.

(Not the same person as above) After reading this whole discussion, I am convinced that "bored" is onto something. See here for an example of how Java's GC requires 5x the memory to match the performance of a certain "manual" memory management strategy. Performance of the Java GC drops dramatically as available memory drops to 3x and 2x what is available to the manual MM.

Garbage collection has gotten better with time, but people might ignore that "manual" MM has as well. The key informational advantage available to GC algorithms seems to be knowledge of how objects are related to one another (and thus how their memory-use is correlated), but this information is also available to a sufficiently-skilled programmer. Seems to be another runtime/space to skill/effort/developer time tradeoff.