Re:micro kernel via the type system could be possi
on
Secure Programming
·
· Score: 1
Security will be enforced completely by a sound type system
That's not really security then is it? It's kind of like the oxymoron that was "cooperative multitasking".
Re:We really need a different language
on
Secure Programming
·
· Score: 1
I agree with you. In fact, despite defending C to a point, I think it should not be used to develop applications.
That's the distinction I make, and you are right, I am fussy about speed and optimizations, for me it goes like this: any system component should or can be written in C. Any application should not be written in C.
But, there's still a but: I think C++ is semantically rich enough that you can write applications in it. In fact, for applications, I use C++ or scripting (Perl, ASP, JScript, AScript). None of that compiled VB, or Java (not that I'm bad-mouthing them).
Re:We really need a different language
on
Secure Programming
·
· Score: 1
Yes, but the next level don't have to be C.
Absolutely not, but if you somehow think that you can find a next level that's going to miraculously handle buffer overflows - read is going to have dynamic memory allocation be part of the language semantics (as opposed to being some sort of library like malloc), then you are mistaken.
And once we've accepted this, we're back to square one. It may not be called C at that point, but it's going to have the same problems: no run time types, no garbage collection, no memory management, no overflow protections...
Re:We really need a different language
on
Secure Programming
·
· Score: 1
what's the difference between C and another high level
The difference is that C is almost assembly. C is so transparent that you could almost see the assembly gushing out of it. C++ is a very different matter (with the compiler making sure constructors and destructors are triggered etc), but C is not really a high level language: it does little to no book-keeping for you. I could be so bold to say "C is a shorthand for assembly"...
But that's exagerating a bit. The thing is a language so let's not defecate on it.
Re:We really need a different language
on
Secure Programming
·
· Score: 4, Interesting
Microsoft is moving to languages with managed types [...]overwhelming majority of Microsoft security holes would have never happened
Are you somehow recommending a kernel be written in something else than C??? Sure, not all systems software is kernel mode C, but you have to realize that unless the underlying infrastructure is built (on some low level language), you can't have high level languages... in other words, the bottom line is Assembly. You have to build your way to it.
Now that said, the buffer overflow isn't the only security hole in the world, in fact more security holes come from very very high level, very abstract programming fallacies... such as for example the cookie exploit (it's a logical bug) that Hotmail had a while back.
All this being said, I feel like a dirty karma whore right now (feeling the slimey breath of modders down my neck), so I'll say it right out: I'M PRO MICROSOFT.
That's engrish man. Or some sort of bad litteral translation. It should be heatsync. There's no difference in the object, why would there be a different name.
It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.
This is awesome fucking news...
It'll be interesting though, to see just how tangent to TCPA it will be...
I agree, this sounds like a big brewhaha between ati, nvidia and microsoft
I remember not so long ago how Rambus was the black sheep. And how Intel was the maker of the new evil Rambus. Well, did you know that AMD was part of the companies that helped define Rambus?
This is business boys... not kindergarten. In this arena, bending down to get the soap gets you an ass load. It's reality. Face it. As linus said, Grow up.
It's funny you should link fox on this day... the headline is:
Two years after the innocence of a nation was shattered, we remember those who gave the ultimate sacrifice -- And as America moves forward -- 'We will never forget'
I will not comment on just how fucking infuriating and immature that fucking statement is because I am sure to get pounded by napalm from the american crowd here...
I just wanted to say though, SilentMajority, the the propaganda link is brilliant. Thanks for posting it!
I have noticed that in sports cars too. But I fail to understand the logic in that. The CPU ceases emitting heat as soon as it stops functioning. All things being equal, there is no way the CPU could continue heating up after it's been turned off since there is no energy input... it might only take longer to cool down.
They have a point. This is the exact same reason why you can't directly forward your yahoo mail to your personal account. They make money by you visiting the page. Not by supplying you the service (contrary to popular dot-com belief).
But my question is: how did ICQ ever survive then? was it just another dot-com before it got bought?
By this reckoning, you wouldnt use windows atall, unless you work for microsoft
Bzzzt. Wrong again.
If I were to put windows in a nuclear power plant, I would sign the proper NDAs with microsoft and view their source, just like others before have already done.
Now, if I were that 'I' in the previous paragraph, I would probably have a lot of money in my hands... But I don't. What does this mean? That I can't view windows source? sure, why not. But what it actually means is that I don't have the resources to hire the necessary expertise to make any sort of assessment on the fitness of any kernel. Not windows, nor linux.
I don't kid myself, I'm not some script kiddy thinking that just because I can compile my own kernel and run on it (and yes, I can compile my own kernel in linux), I have any sort of insight into the amount of security, or tightness of code residing in the kernel - nor does most of the 'peer reviewing guild' for OSS out there. There are some exceptionally talented people working on OSS, but there are some exceptionally talented people working on non-free software as well... Mark Russinovich is a name that comes to mind...
What I do have is common sense and an understanding of security principles. Sure, IIS has holes, but if I make my web apps run outside the SYSTEM context... if I make my SQL server run using its own user (which has no write access on the SQL binaries and only rw access on the data files)... if I install the proper safeguards against potential intrusion, I will have few problems.
And let me tell you this: Outlook Express has a million bugs, IIS has maybe a thousand bugs, but the kernel itself has much fewer severe bugs than most people realize. I think windows has matured enough that you can't bypass ACLs, and you can't bypass security tokens anymore...
Btw, I just recently got infected with the blaster virus on an old box I took out of storage and put on a network for the first time in a few months. The system was not patched. BUT: SQL was running with its own user, and the above mentionned safeguards were taken. Net result of the infection: nothing. Restart service, patch system, walk away. No damage whatsoever. Worse thing that could have happened would be the data files being mangled by the worm... But any good sysadmin knows to backup, right?
I'll give you one excuse: most of the time, when "Windows hangs", the only thing really hanging is the shell. The shell and the kernel are two very different things.
The only time I've ever had windows 'hang' is an actual lock up due to graphics drivers problems... Aside from that, I've *never* had the priority shit you talk about locking up my services: I run VShell off all my windows boxes, and I can always connect to the box and kill a stray application even if my shell seems locked up somehow.
But who are you to believe me... you've probably heard somewhere that Linux' new O(1) scheduler beats the crap out of Windows 'st00pid' scheduler, and have concluded it's a flawed design. Oh, no... wait, even better (my personal favorite fud): flawed *by* design.
You talk a lot but I'm not too convinced about your arguments...
Linux' kernel is pre-emtpable. So what? NT's kernel has been fully pre-emptable/interuptable since the days of 3.51.
You say the time slicer is bad on NT... I'll tell you a golden rule of security: if an attacker can run code on your box, it isn't your box anymore.
Listen here: I wouldn't trust a linux machine any more than I would a windows machine if it were monitoring a nuclear lab and be at the same time on the internet.
I wouldn't load a third party driver (into kernel) in either case if I didn't know where each came from...
I wouldn't run code that wasn't directly audited.
Windows can be made just as secure as linux if you want to monitor a power plant... with proper failover mechanism etc. Kid yourself all you want, that's the way it is.
If some air head decides, oh we need to write a device driver to interface with the plant, and ends up throwing an exception in the kernel, both linux and windows will panic. End of story...
If the same engineer uses some nice interface, whatever it might be, that goes through OS supplied channels, it will be just as reliable.
Now for the advantages, don't delude yourself... they are: -for linux: configurability (good for setting up networks for example), good set of services available from the OSS community (for example OpenSSH, Apache...) -for windows: hardware support (good for using DV cameras for example), nice gui, good set of professional applications (for example photoshop...)
From episode where Sideshow Bob is running from the authorities (it's the Cape Fear-like one)...
Sideshow Bob steals the Wright Bro's first airplane in an attempt to flee, the government scrambles Harriers.
<snip>
A pair of Harrier fly past them, and one pilot says, "Prepare to engage enemy." Unfortunately, they just speed right past Sideshow Bob. "Bogey's airspeed not sufficient for intercept. Suggest we get out and walk.
We now see a very slow chase going on. The Wright Brothers' plane is being followed by two walking pilots, a squad car, an army jeep a tank, and the Simpsons
</snip>
I don't know how you consider the criminal analogy not applicable... maybe you're suggesting that swapping files isn't criminal or something.
I was just expressing how there really isn't any security at all if false negatives are so easy to obtain. Or in this case, the procedure is hardly effective at finding the searched files.
Not really. All I have to do is modify a single byte of each of my mp3s (that's not hard given even the simplest perl script), and there, none of my MD5s will match.
Even further: most mp3 encoders aren't deterministic from what I understand... not in a general sense at least. I'm pretty sure the output of 2 different codecs on the same input file will yield ever so slightly different results...
No false positives, but very easy false negatives.
It's like a wanted criminal going to the airport and passing undetected because he's wearing shades instead of clear glasses.
Microsoft presented several options that it has under consideration, and benefited from constructive discussion of these options. In addition, the meeting participants strongly supported clear communication on this matter [...]
This document was written by Steven R Bratt of the W3C... so no rimshots on how he's a sell out - please...
I think this just might be the beginning of a broader trend (I hope at least)... a trend where Moft starts getting its ass bitten more and more often, and is finally 'forced' or finally learns to cooperate with open community standards.
Two things that annoy me are filling the gas tank and changing light bulbs. It's time we did alot less of both
You mean you would prefer to lay down a new layer of indiglo, and refuel your car by changing nuclear fuel rods?
Note the humour, but also the idea embedded within it: these two tasks are the simplest of human-performed tasks. Hence the "how many blondes to unscrew a light-bulb" jokes...
Slashdot Mirror
That's not really security then is it? It's kind of like the oxymoron that was "cooperative multitasking".
That's the distinction I make, and you are right, I am fussy about speed and optimizations, for me it goes like this: any system component should or can be written in C. Any application should not be written in C.
But, there's still a but: I think C++ is semantically rich enough that you can write applications in it. In fact, for applications, I use C++ or scripting (Perl, ASP, JScript, AScript). None of that compiled VB, or Java (not that I'm bad-mouthing them).
Absolutely not, but if you somehow think that you can find a next level that's going to miraculously handle buffer overflows - read is going to have dynamic memory allocation be part of the language semantics (as opposed to being some sort of library like malloc), then you are mistaken.
And once we've accepted this, we're back to square one. It may not be called C at that point, but it's going to have the same problems: no run time types, no garbage collection, no memory management, no overflow protections...
The difference is that C is almost assembly. C is so transparent that you could almost see the assembly gushing out of it. C++ is a very different matter (with the compiler making sure constructors and destructors are triggered etc), but C is not really a high level language: it does little to no book-keeping for you. I could be so bold to say "C is a shorthand for assembly"...
But that's exagerating a bit. The thing is a language so let's not defecate on it.
Are you somehow recommending a kernel be written in something else than C??? Sure, not all systems software is kernel mode C, but you have to realize that unless the underlying infrastructure is built (on some low level language), you can't have high level languages... in other words, the bottom line is Assembly. You have to build your way to it.
Now that said, the buffer overflow isn't the only security hole in the world, in fact more security holes come from very very high level, very abstract programming fallacies... such as for example the cookie exploit (it's a logical bug) that Hotmail had a while back.
All this being said, I feel like a dirty karma whore right now (feeling the slimey breath of modders down my neck), so I'll say it right out: I'M PRO MICROSOFT.
<runs for cover>
I'm surprised to not see any IANAL posts up till now.
That's engrish man. Or some sort of bad litteral translation. It should be heatsync. There's no difference in the object, why would there be a different name.
(hommage to SNL Jeopardy)
(right)
It will address essential functions for cross-platform security, including identification and authentification, access control and key cryptographic concepts.
This is awesome fucking news...
It'll be interesting though, to see just how tangent to TCPA it will be...
I agree, this sounds like a big brewhaha between ati, nvidia and microsoft
I remember not so long ago how Rambus was the black sheep. And how Intel was the maker of the new evil Rambus. Well, did you know that AMD was part of the companies that helped define Rambus?
This is business boys... not kindergarten. In this arena, bending down to get the soap gets you an ass load. It's reality. Face it. As linus said, Grow up.
Ohh, I feel so proud to apply my first propaganda technique, thanks to SilentMajority's post.
Two years after the innocence of a nation was shattered, we remember those who gave the ultimate sacrifice -- And as America moves forward -- 'We will never forget'
I will not comment on just how fucking infuriating and immature that fucking statement is because I am sure to get pounded by napalm from the american crowd here...
I just wanted to say though, SilentMajority, the the propaganda link is brilliant. Thanks for posting it!
I don't know why cars have that feature.
All I have to do is hit that little power switch thingy, and there... it cools itself down without a sound.
They have a point. This is the exact same reason why you can't directly forward your yahoo mail to your personal account. They make money by you visiting the page. Not by supplying you the service (contrary to popular dot-com belief).
But my question is: how did ICQ ever survive then? was it just another dot-com before it got bought?
Bzzzt. Wrong again.
If I were to put windows in a nuclear power plant, I would sign the proper NDAs with microsoft and view their source, just like others before have already done.
Now, if I were that 'I' in the previous paragraph, I would probably have a lot of money in my hands... But I don't. What does this mean? That I can't view windows source? sure, why not. But what it actually means is that I don't have the resources to hire the necessary expertise to make any sort of assessment on the fitness of any kernel. Not windows, nor linux.
I don't kid myself, I'm not some script kiddy thinking that just because I can compile my own kernel and run on it (and yes, I can compile my own kernel in linux), I have any sort of insight into the amount of security, or tightness of code residing in the kernel - nor does most of the 'peer reviewing guild' for OSS out there. There are some exceptionally talented people working on OSS, but there are some exceptionally talented people working on non-free software as well... Mark Russinovich is a name that comes to mind...
What I do have is common sense and an understanding of security principles. Sure, IIS has holes, but if I make my web apps run outside the SYSTEM context... if I make my SQL server run using its own user (which has no write access on the SQL binaries and only rw access on the data files)... if I install the proper safeguards against potential intrusion, I will have few problems.
And let me tell you this: Outlook Express has a million bugs, IIS has maybe a thousand bugs, but the kernel itself has much fewer severe bugs than most people realize. I think windows has matured enough that you can't bypass ACLs, and you can't bypass security tokens anymore...
Btw, I just recently got infected with the blaster virus on an old box I took out of storage and put on a network for the first time in a few months. The system was not patched. BUT: SQL was running with its own user, and the above mentionned safeguards were taken. Net result of the infection: nothing. Restart service, patch system, walk away. No damage whatsoever. Worse thing that could have happened would be the data files being mangled by the worm... But any good sysadmin knows to backup, right?
The only time I've ever had windows 'hang' is an actual lock up due to graphics drivers problems... Aside from that, I've *never* had the priority shit you talk about locking up my services: I run VShell off all my windows boxes, and I can always connect to the box and kill a stray application even if my shell seems locked up somehow.
But who are you to believe me... you've probably heard somewhere that Linux' new O(1) scheduler beats the crap out of Windows 'st00pid' scheduler, and have concluded it's a flawed design. Oh, no... wait, even better (my personal favorite fud): flawed *by* design.
You talk a lot but I'm not too convinced about your arguments...
Linux' kernel is pre-emtpable. So what? NT's kernel has been fully pre-emptable/interuptable since the days of 3.51.
You say the time slicer is bad on NT... I'll tell you a golden rule of security: if an attacker can run code on your box, it isn't your box anymore.
Listen here: I wouldn't trust a linux machine any more than I would a windows machine if it were monitoring a nuclear lab and be at the same time on the internet.
I wouldn't load a third party driver (into kernel) in either case if I didn't know where each came from...
I wouldn't run code that wasn't directly audited.
Windows can be made just as secure as linux if you want to monitor a power plant... with proper failover mechanism etc. Kid yourself all you want, that's the way it is.
If some air head decides, oh we need to write a device driver to interface with the plant, and ends up throwing an exception in the kernel, both linux and windows will panic. End of story...
If the same engineer uses some nice interface, whatever it might be, that goes through OS supplied channels, it will be just as reliable.
Now for the advantages, don't delude yourself... they are:
-for linux: configurability (good for setting up networks for example), good set of services available from the OSS community (for example OpenSSH, Apache...)
-for windows: hardware support (good for using DV cameras for example), nice gui, good set of professional applications (for example photoshop...)
my 2 cents
The infamous Slashdot math I guess.
Sideshow Bob steals the Wright Bro's first airplane in an attempt to flee, the government scrambles Harriers.
<snip> A pair of Harrier fly past them, and one pilot says, "Prepare to engage enemy." Unfortunately, they just speed right past Sideshow Bob. "Bogey's airspeed not sufficient for intercept. Suggest we get out and walk. We now see a very slow chase going on. The Wright Brothers' plane is being followed by two walking pilots, a squad car, an army jeep a tank, and the Simpsons </snip>
I was just expressing how there really isn't any security at all if false negatives are so easy to obtain. Or in this case, the procedure is hardly effective at finding the searched files.
Even further: most mp3 encoders aren't deterministic from what I understand... not in a general sense at least. I'm pretty sure the output of 2 different codecs on the same input file will yield ever so slightly different results...
No false positives, but very easy false negatives.
It's like a wanted criminal going to the airport and passing undetected because he's wearing shades instead of clear glasses.
Microsoft presented several options that it has under consideration, and benefited from constructive discussion of these options. In addition, the meeting participants strongly supported clear communication on this matter [...]
This document was written by Steven R Bratt of the W3C... so no rimshots on how he's a sell out - please...
I think this just might be the beginning of a broader trend (I hope at least)... a trend where Moft starts getting its ass bitten more and more often, and is finally 'forced' or finally learns to cooperate with open community standards.
NB: I said open standards, not open source.
You mean you would prefer to lay down a new layer of indiglo, and refuel your car by changing nuclear fuel rods?
Note the humour, but also the idea embedded within it: these two tasks are the simplest of human-performed tasks. Hence the "how many blondes to unscrew a light-bulb" jokes...