Structure and Interpretation of Computer Programmers

I make it easier and faster for you to write high-quality software.

Monday, September 1, 2008

Fuzzing as a security testing tool

Google have a new browser project, called chrome, and in their introduction they explain perfectly, through the medium of image, how fuzzing works.

Of course, as anyone could tell you, if you take a thousand monkeys and a thousand typewriters and put them all in a room for long enough, you will end up with a thousand broken typewriters, ten fat monkeys and 990 monkey skeletons.

posted by Graham Lee at 20:56  

Saturday, February 9, 2008

MacFUSE rules

One reason that microkernels win over everything else (piss off, Linus) is that stability is better, because less stuff is running in the dangerous and all-powerful kernel environment. MacFUSE, like FUSE implementations on other UNIX-like operating systems, takes the microkernel approach to filesystems, hooking requests for information out of the kernel and passing them to user-space processes to handle. Here’s the worst that can happen when screwing up a FUSE filesystem:

Now that might sound not only like a recipe for lower-quality code, but also like I’m extolling the capability to create lower-quality code. Well no it isn’t, and yes I am. The advantage is that now the develop-debug-fix cycle for filesystems is just as short as it is for other userland applications (and HURD translators and the like). This provides a lower barrier to entry (meaning that it’s more likely that interesting and innovative filesystems can be created), but also a faster turnaround on bugfixes (no panic, restart, try to salvage panic log… no two-machine debugging with kdb…) so ultimately higher-quality filesystems.

posted by Graham Lee at 22:06  

Friday, August 24, 2007

Random collection of amazing stuff

The most cool thing that I noticed today ever is that Google Maps now allows you to add custom waypoints by dragging-and-dropping the route line onto a given road. This is great! I’m going to a charity biker raffle thing in Pensford next weekend, and Google’s usual recommendation is that I stay on the M4 to Bristol, and drive through Bristol towards Shepton Mallet. This is, frankly, ludicrous. It’s much more sensible to go through Bath and attack the A37 from the South, and now I can let Google know that.

Trusted JDS is ├╝ber-cool. Not so much the actual functionality, which is somewhere between being pointy-haired enterprisey nonsense and NSA-derived "we require this feature, we can’t tell you why, or what it is, or how it should work, but implement it because I’m authorised to shoot you and move in with your wife" fun. But implementing Mandatory Access Control in a GUI, and having it work, and make sense, is one hell of an achievement. Seven hells, in the case of Trusted Openlook, of which none are achievement. My favourite part of TJDS is that the access controls are checked by pasteboard actions, so trying to paste Top Secret text into an Unrestricted e-mail becomes a no-no.

There does exist Mac MAC (sorry, I’ve also written "do DO" this week) support, in the form of SEDarwin, but (as with SELinux) most of the time spent in designing policies for SEDarwin actually boils down to opening up enough permissions to stop from breaking stuff – and that stuff mainly breaks because the applications (or even the libraries on which those applications are based) don’t expect to not be allowed to, for instance, talk to the pasteboard server. In fact, I’m going to save this post as a draft, then kill pbs and see what happens.

Hmmm… that isn’t what I expected. I can actually still copy and paste text (probably uses a different pasteboard mechanism). pbs is a zombie, though. Killed an app by trying to copy an image out of it, too, and both of these symptoms would seem to fit with my assumption above; Cocoa just doesn’t know what to do if the pasteboard server isn’t available. If you started restricting access to it (and probably the DO name servers and distributed notification centres too) then you’d be in a right mess.

posted by Graham Lee at 22:57  

Thursday, March 15, 2007

Summer of code

GNUstep has been approved for this year’s Google Summer of Code. The title link goes to the GNUstep wiki page outlining possible projects, but I’m sure that if a student had another idea you’d be welcome to talk about it on the gnustep-discuss mailing list, and probably get a mentor!

posted by Graham Lee at 23:36  

Powered by WordPress