flak rss random

a theory of stack ranked enhancement requests

Every software project has a backlog of enhancement requests, unimplemented features. It may be explicitly tracked in a database, or perhaps just a sort of informal consensus among developers. Whether officially acknowledged or not, it exists.

more...

Posted 27 Sep 2019 16:44 by tedu Updated: 27 Sep 2019 16:44
Tagged: software thoughts

warning: implicit backdoor

One way to slip malicious code into a project is to hack into their build server and just drop it in. Messy. Another way is to hack a trusted developer’s machine and alter the code there so that they commit it, but it might get spotted during code review. A third way is to become a developer, then yourself commit a seemingly innocuous patch containing an obfuscated backdoor. This is sneaky. Even better is to have somebody else intentionally commit the backdoor for you.

code

Consider this code to allocate some buffers.

void *
allocatebufs(int num)
{
    size_t limit = 256;

    if (num > limit)
        return NULL;
    return malloc(num * 64);
}

This isn’t top quality code, but it’s totally safe and secure. It does however trigger a warning about signed vs unsigned comparisons. Many developers don’t like to see those. Some will even try to fix it.

void *
allocatebufs(int num)
{
    size_t limit = 256;

    if (num > (int)limit)
        return NULL;
    return malloc(num * 64);
}

Now the warning is gone. And they’ve introduced a serious security hole.

If you’re a sneaky bastard, you might write the first code and submit it, knowing that a trusted developer somewhere down the line will alter it. And you’ve got perfectly plausible deniability. Your code was secure. They introduced the bug.

thoughts

This is just a thought experiment, and you can dissect it with the razor of your choosing, but what I think is interesting is the paradox of plausibility. What happened? The most likely explanation is the mundane one, that it’s just an accident. People introduce bugs like this with alarming regularity. No reason to suspect foul play. But it’s the dependable regularity of such errors that make the attack possible. If people didn’t introduce bugs fixing harmless warnings, the attack would never succeed.

(There was a concrete incident, somewhat similar, although this is not meant to be a comment on any particular patch or fix.)

Posted 04 Sep 2019 15:18 by tedu Updated: 04 Sep 2019 15:18
Tagged: programming thoughts

some more books 2

We’ve got the band back together and we’re ready to rock!

more...

Posted 03 Sep 2019 12:54 by tedu Updated: 03 Sep 2019 12:54
Tagged: bookreview software

some more books 1

There was a lot happening here. The summaries started getting really unwieldy. Just listing all the relevant names in some cases would stretch to several paragraphs. I’ve tried to streamline things a bit, but tons of great material has been cut out.

more...

Posted 24 Aug 2019 20:51 by tedu Updated: 24 Aug 2019 20:51
Tagged: bookreview

some gerc notes

gerc (good enough revision control) is a partial reimplementation of mercurial. Between got and bitbucket, it seems source control is back in the news. Here are some scattered notes about gerc and its development. It’s not complete or recommended for use, so don’t expect much.

more...

Posted 21 Aug 2019 15:50 by tedu Updated: 21 Aug 2019 15:50
Tagged: go programming project

some more books 0

Two years ago, I read some books. It’s kind of hard to believe it’s been two years since then; I was sure it was only one year ago. Guess that means it’s time to try again. Reading five books seemed a little frantic at times, and two or three is probably a better pace for me, so this time I’ll be reading five books again.

more...

Posted 12 Aug 2019 12:50 by tedu Updated: 12 Aug 2019 12:50
Tagged: bookreview

changing defaults and removing options

Times change and programs must change with them. Altering or removing functionality however risks breaking backwards compatibility. A few examples.

more...

Posted 08 Aug 2019 18:14 by tedu Updated: 08 Aug 2019 18:53
Tagged: openbsd programming

ActivityPub as it has been understood

If you’re looking to move beyond the silos of social media sites run by individual companies, you’re maybe looking for federation, which allows multiple sites to communicate and interoperate with each other. You post a photo on this site, your friends on another site can share it, your family on a third site can comment on it. Assuming that’s what you want.

more...

Posted 06 Aug 2019 15:54 by tedu Updated: 28 May 2021 04:05
Tagged: activitypub web

AP networking

Some more notes about networking between federated ActivityPub servers. A brief overview covered a fairly typical exchange to transfer a post from one server to another. Here’s a few more details, how following works, and some more notes about addressing and delivery.

more...

Posted 01 Aug 2019 14:17 by tedu Updated: 06 Aug 2019 15:29
Tagged: activitypub web

activity notes

So you have an ActivityPub actor and you want to say something. What are you going to post? Might I suggest a Note?

more...

Posted 17 Jul 2019 19:32 by tedu Updated: 02 May 2022 01:18
Tagged: activitypub web