1950s: Microelectronics will solve everything! 1970s: Computers will solve everything! 1990s: The Internet will solve everything! 2010s: Big Data will solve everything! 2020s: Artificial Intelligence will solve everything! 2030s: Quantum Computing will solve everything!
My prediction for the 2040s: There will still be plenty shit left unsolved.
...Not only will the actual bugs still be there, but any decent smart compiler will have eliminated all the dummy unused code from the 'fake'-bugs from the actual binary.
Sure, it may take a blackhat a bit longer to analyze the source code, but in effect all this proposal does is make the lifes of developers and QA-testers worse by making code less readable and maintainable. All for wasting a few minutes of a blackhat's time. In theory, sure it is an option. But if your project is so sensitive that it requires *this* level of protection, then chances are you want to keep your source-code as clean and readable as possible as well.
Putting in 'fake' bugs that don't actually contribute to any functionality in the actual code (like your example) will not work, as most modern compilers will automatically eliminate code without an actual function.
The if-branch containing the somethingThatWillNeverHappen() function will not be part of the actual binary if the compiler deduces this code is actually never used. If the compiler does not eliminate this code, then in theory it can be part of the *actual* execution-path and it is no longer a fake bug, but an *actual* one that can be exploited.
The title of this article and the ComputerWorld article are misleading. If you read the original ZDNet article that is being linked to, you will find that this is just Microsoft trying to take a piece of the DaaS market. This will be offered as an additional service, primarily intended for enterprise users. Not your desktop at home.
Currently, D-Wave machines do nothing a classical computer cannot do at least as fast. The only relevant proof, is proof that these things actually outperform classical computers. Which they don't. Not yet at least.
In their current state, they're just really expensive gadgets to scratch someone's really expensive geek-itch. And they're pretty power-hungry as well.
Due to the nature (and implementation) of Shor's Algorithm, which is used in factoring large integer on a quantum computer, the ammount of qbits needed to factor an n-bit integer is actually 2n+3. So you can snooze a bit longer...;)
Language is dynamic, not static. Words don't have explicit meaning, they have usage. When people no longer have any use for a word, it will automatically run out of fashion and out of the general vocabulary. Arguing to 'retire' words just because a word has loss its use for YOU is, in my opinion, rather arrogant.
She's not at all interested in answering anything at all. Right as has been predicted by just about anyone asking questions that people *really* want answers to.
Why on Earth did Slashdot think interviewing her would be a good idea? Or even yield any results? We're talking about a person that has done literally *nothing* for the Gaming Community, other then attempting to drive it apart with her political agenda and social justice naratives. She's not even produced or help produce a sinlge popular game. Why is she even mentioned here? Slashdot is not a political/social justice site, but a site with news for nerds with stuff that matters. And Brianna Wu clearly does not 'matter'.
[..]is better to work on creating something done right?
You cannot create a 'right' implementation of DRM; cryptography-theorie predicts that every method of DRM can eventually be circumvented without too much effort.
It has to do with Alice, Bob and Carol; Normally Alice is the tranmitter, Bob the recipient and Carol the malicious hacker. With DRM, Bob and Carol are one and the same person.
I just don't get it... Can somebody please explain in plain and simple terms just exactly what steps are needed to exploit this bug? I understand that the bug can cause nasty things in memory (hence it's a bug), but that doesn't mean the entire underlying OS can be classified as 'insecure' because of that bug. I mean, if i write a C program in userland space, and i don't really manage memory clean-up well in it (because i'm a lousy C programmer), does that also compromize the entire system i have an account on?
My point being that sshd runs in userland space (as user sshd); so i don't see how this can cause any raised privileges, if the bug is in sshd and NOT in the kernel (which as far as I understand, it isn't).
"4. Read the kernel source."
Yeah. Well, i stopped after the first 300 pages. I found the plot a bit too thin. Maybe it gets better along the way, i dunno.
I liked the photo version of the kernel a lot better;p
Hmm..i always though that the telephony-network used switching relays, and is therefore a switched relay-network. If IRC is a virtual P2P network, then the phone-network should be too, cuz'IRC is a relay-network as well, only virtual..
Of course, i only have experience with european telephony networks...perhaps the US uses some kind of weird next-generation client/server model, but that would be the first time i ever heard about that;p
Robin Hood stole from the rich and gave to the poor... I let it up to you to decide whether that's a good thing, or a bad thing...
And if you still wanna bet on what I personnally think: go ahead, i'll take your bet; what's your wager?;p
Hmm, in order to find out whether or not P2P is good or bad, you have to *BECOME* P2P...so let's see...
If I was a P2P network.....Rich people would hate me, cuz' P2P makes their huge investments in the entertainment and information technology industries (infotainment?) a kinda useless (as long as these industries want to stick to broadcasting instead of narrowcasting)...Poor people would love me, cuz' i'm bringing them all the infotainment they ever wanted, but never had the budget to pay for.
So, if i was a P2P network, i'd kinda be the Robin Hood of the Digital Era;p
Okay, i can understand you volunteer to work on a community site without getting paid for it. I also understand you have a lot of work to do, so keeping security at the optimum level is prolly out of the question. I also understand you don't like it if someone phuxors up the site that you put so many (unpaid) hours into. I even understand you get pissed. What i don't understand is the reaction to this particular action: closing down the site... I mean: if the damage was too big, put back a backup (i recon you have backups). Shit happens. Not only on the Net. And the more shit happens on the Net, the more it's a sign that people are actually doing things with it. Isn't this precisely what geeks have been wanting? A free internet for everyone? Then accept a mishap every now and then. The only thing that really got cranked was your pride. Take a good night's sleep, and get over that. You cannot pull the plug from a site you've worked on with pleasure. You cannot give those little bastards that satisfaction.... Just keep your chin up!
Before people start reprogramming life by altering DNA on a commercial scale (i.e. in the same way Microsoft commercialized application software), they may first want to try to come up with a bugfree version of Windows! I, for one, would never want to have my kid genetically altered, and discover some hidden 'features' (read: bugs) in his DNA when he gets older...
Duh! instead of developing large LCD-screen technology, i'm working on small LCD-screen technology. So far, i already have a display that is able to display one monochrome pixel. I call this display 'LED'. Wanna try it?
SCO. Hmm. Wasn't that Some Commercial Operating-system? Or was it Sillyness Causing Overflows? I worked with OpenServer for quite some time, and i must say: it has NOTHING that linux might want. As i remember, some portions of the SCO code were even copyrighted by MicroSoft...now i ask you? Let SCO die the death it deserves. Even Novell found out their intranetware was more stable then any SCO around.
Let ISP's log as much as they can. They probably hire a cheap MCSE-dude who will never be able to do anything with 'em anywayz... I mean: information is only information if it's interpreted by someone who knows what he's doing...otherwise it's just data. And the more data around, the bigger the chances on certain data getting lost..or untraceable... It's time to start worrying once ISP's start hiring skillfull personell! Not when they start glogging up their own server-disks with logs.
The reason that there are so few geek girls out there, as opposed to geek guys, is actually rather simple: On average, as many girls as guys start their geek carreer. But, then it happens: because geek guys are so very sexy and fertile, the geek girls get pregnant and turn into wetware-hackers (a.k.a. 'mothers'). So that's why we don't see em that often! Wow.
Geeks just hate people and people just hate geeks. It's like that, it's been like that and it will be like that until slashdot.org gets a higher hit-count then, for instance, microsoft.com.
Slashdot Mirror
I was waiting for an "...and the Earth is still flat", but luckily you stopped at Big Brother.
1950s: Microelectronics will solve everything!
1970s: Computers will solve everything!
1990s: The Internet will solve everything!
2010s: Big Data will solve everything!
2020s: Artificial Intelligence will solve everything!
2030s: Quantum Computing will solve everything!
My prediction for the 2040s: There will still be plenty shit left unsolved.
...Not only will the actual bugs still be there, but any decent smart compiler will have eliminated all the dummy unused code from the 'fake'-bugs from the actual binary.
Sure, it may take a blackhat a bit longer to analyze the source code, but in effect all this proposal does is make the lifes of developers and QA-testers worse by making code less readable and maintainable. All for wasting a few minutes of a blackhat's time. In theory, sure it is an option. But if your project is so sensitive that it requires *this* level of protection, then chances are you want to keep your source-code as clean and readable as possible as well.
Putting in 'fake' bugs that don't actually contribute to any functionality in the actual code (like your example) will not work, as most modern compilers will automatically eliminate code without an actual function.
The if-branch containing the somethingThatWillNeverHappen() function will not be part of the actual binary if the compiler deduces this code is actually never used. If the compiler does not eliminate this code, then in theory it can be part of the *actual* execution-path and it is no longer a fake bug, but an *actual* one that can be exploited.
The title of this article and the ComputerWorld article are misleading. If you read the original ZDNet article that is being linked to, you will find that this is just Microsoft trying to take a piece of the DaaS market. This will be offered as an additional service, primarily intended for enterprise users. Not your desktop at home.
https://www.zdnet.com/article/microsofts-got-a-new-plan-for-managing-windows-10-devices-for-a-monthly-fee/
Currently, D-Wave machines do nothing a classical computer cannot do at least as fast. The only relevant proof, is proof that these things actually outperform classical computers. Which they don't. Not yet at least.
In their current state, they're just really expensive gadgets to scratch someone's really expensive geek-itch. And they're pretty power-hungry as well.
Due to the nature (and implementation) of Shor's Algorithm, which is used in factoring large integer on a quantum computer, the ammount of qbits needed to factor an n-bit integer is actually 2n+3. So you can snooze a bit longer... ;)
Source: https://arxiv.org/abs/quant-ph/0205095
Language is dynamic, not static. Words don't have explicit meaning, they have usage. When people no longer have any use for a word, it will automatically run out of fashion and out of the general vocabulary. Arguing to 'retire' words just because a word has loss its use for YOU is, in my opinion, rather arrogant.
https://archive.is/k4wVu
She's not at all interested in answering anything at all. Right as has been predicted by just about anyone asking questions that people *really* want answers to.
Why on Earth did Slashdot think interviewing her would be a good idea? Or even yield any results? We're talking about a person that has done literally *nothing* for the Gaming Community, other then attempting to drive it apart with her political agenda and social justice naratives. She's not even produced or help produce a sinlge popular game. Why is she even mentioned here? Slashdot is not a political/social justice site, but a site with news for nerds with stuff that matters. And Brianna Wu clearly does not 'matter'.
What the hell *is* 'mental maturity'? No really? Having an IQ of 150? Or an EQ of 240?
I dare claim that whomever came up with the term 'mental maturity' was mentally immature enough to come up with a better term.
I mean, a man/woman is physically 'mature' when all the reproductive organs have fully developed and the person is capable of human reproduction.
Are you mentally mature when you start thinking about sex more then your gameboy? What?
I say the entire term 'mental maturity' is popular marketing speak for 'total nonsense'...
[..]is better to work on creating something done right?
You cannot create a 'right' implementation of DRM; cryptography-theorie predicts that every method of DRM can eventually be circumvented without too much effort.
It has to do with Alice, Bob and Carol; Normally Alice is the tranmitter, Bob the recipient and Carol the malicious hacker. With DRM, Bob and Carol are one and the same person.
I just don't get it... Can somebody please explain in plain and simple terms just exactly what steps are needed to exploit this bug? I understand that the bug can cause nasty things in memory (hence it's a bug), but that doesn't mean the entire underlying OS can be classified as 'insecure' because of that bug. I mean, if i write a C program in userland space, and i don't really manage memory clean-up well in it (because i'm a lousy C programmer), does that also compromize the entire system i have an account on?
My point being that sshd runs in userland space (as user sshd); so i don't see how this can cause any raised privileges, if the bug is in sshd and NOT in the kernel (which as far as I understand, it isn't).
"4. Read the kernel source." Yeah. Well, i stopped after the first 300 pages. I found the plot a bit too thin. Maybe it gets better along the way, i dunno. I liked the photo version of the kernel a lot better ;p
Hmm..i always though that the telephony-network used switching relays, and is therefore a switched relay-network. If IRC is a virtual P2P network, then the phone-network should be too, cuz'IRC is a relay-network as well, only virtual.. Of course, i only have experience with european telephony networks...perhaps the US uses some kind of weird next-generation client/server model, but that would be the first time i ever heard about that ;p
Robin Hood stole from the rich and gave to the poor... I let it up to you to decide whether that's a good thing, or a bad thing... And if you still wanna bet on what I personnally think: go ahead, i'll take your bet; what's your wager? ;p
Hmm, in order to find out whether or not P2P is good or bad, you have to *BECOME* P2P...so let's see... If I was a P2P network... ..Rich people would hate me, cuz' P2P makes their huge investments in the entertainment and information technology industries (infotainment?) a kinda useless (as long as these industries want to stick to broadcasting instead of narrowcasting). ..Poor people would love me, cuz' i'm bringing them all the infotainment they ever wanted, but never had the budget to pay for.
So, if i was a P2P network, i'd kinda be the Robin Hood of the Digital Era ;p
Plasma shields, huh? Wouldn't it be nice if condoms were based on that principle? I mean...talking about 'bursts' of energy...
Okay, i can understand you volunteer to work on a community site without getting paid for it. I also understand you have a lot of work to do, so keeping security at the optimum level is prolly out of the question. I also understand you don't like it if someone phuxors up the site that you put so many (unpaid) hours into. I even understand you get pissed. What i don't understand is the reaction to this particular action: closing down the site... I mean: if the damage was too big, put back a backup (i recon you have backups). Shit happens. Not only on the Net. And the more shit happens on the Net, the more it's a sign that people are actually doing things with it. Isn't this precisely what geeks have been wanting? A free internet for everyone? Then accept a mishap every now and then. The only thing that really got cranked was your pride. Take a good night's sleep, and get over that. You cannot pull the plug from a site you've worked on with pleasure. You cannot give those little bastards that satisfaction.... Just keep your chin up!
Before people start reprogramming life by altering DNA on a commercial scale (i.e. in the same way Microsoft commercialized application software), they may first want to try to come up with a bugfree version of Windows! I, for one, would never want to have my kid genetically altered, and discover some hidden 'features' (read: bugs) in his DNA when he gets older...
Duh! instead of developing large LCD-screen technology, i'm working on small LCD-screen technology. So far, i already have a display that is able to display one monochrome pixel. I call this display 'LED'. Wanna try it?
SCO. Hmm. Wasn't that Some Commercial Operating-system? Or was it Sillyness Causing Overflows? I worked with OpenServer for quite some time, and i must say: it has NOTHING that linux might want. As i remember, some portions of the SCO code were even copyrighted by MicroSoft...now i ask you? Let SCO die the death it deserves. Even Novell found out their intranetware was more stable then any SCO around.
Let ISP's log as much as they can. They probably hire a cheap MCSE-dude who will never be able to do anything with 'em anywayz... I mean: information is only information if it's interpreted by someone who knows what he's doing...otherwise it's just data. And the more data around, the bigger the chances on certain data getting lost..or untraceable... It's time to start worrying once ISP's start hiring skillfull personell! Not when they start glogging up their own server-disks with logs.
The reason that there are so few geek girls out there, as opposed to geek guys, is actually rather simple: On average, as many girls as guys start their geek carreer. But, then it happens: because geek guys are so very sexy and fertile, the geek girls get pregnant and turn into wetware-hackers (a.k.a. 'mothers'). So that's why we don't see em that often! Wow.
one word: duh!
Geeks just hate people and people just hate geeks. It's like that, it's been like that and it will be like that until slashdot.org gets a higher hit-count then, for instance, microsoft.com.