Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:Compiler compromise (Score 1) 119

by ameline (#49226967) Attached to: CIA Tried To Crack Security of Apple Devices

I was thinking about whether they planted a self propagating back-door into LLVM/CLANG, but that seems fragile as both CLANG and LLVM can be compiled with other compilers (recent versions of MSVC and GCC for example) -- that would likely clear out a hidden back door unless they have compromised *all* the compilers. (And I certainly wouldn't put that past them.)

(Waves to friendly NSA/CIA/CSIS/GCHQ analyst.)

Comment: Re:About 1 in 20 ? (Score 1) 809

by ameline (#49048753) Attached to: Ask Slashdot: What Portion of Developers Are Bad At What They Do?

Interesting -- why are you "rebuilding" the team? The events leading to that may (or may not -- what do I know?) have something to do with the quality of your candidates.

As an aside, I worked on a C++ compiler (20 years ago at IBM), but it was the code generator & optimizer. There are plenty of moving parts in a C++ compiler that are pretty far away from C++ features like templates and stl (exceptions and lambdas on the other hand do poke their way pretty deep). You have to go and learn them -- working on a compiler back-end written largely in C (or the C like subset of C++) will not teach them to you. But I can still to this day read a hex dump and disassemble x86 instructions in my head. (not as quickly or fluently for less commonly used encodings as I used to, I'll admit)

But I'm close to the 50 year old mark -- I'm pretty grateful to have an interesting and rewarding job -- I'm quite happy that I'm not looking for work these days.

(Although Apple pings me a couple of times a year :-)

Comment: Re:Yet another Heinlein story turned into dreck. (Score 1) 254

by ameline (#48766385) Attached to: Heinlein's 'All You Zombies' Now a Sci-Fi Movie Head Trip

I watched this movie recently, and I had all but forgotten "All You Zombies" -- while watching it I realized the story seemed very familiar, and when one character uses the phrase "All You Zombies" it all came crashing back. (I last read it 35 years ago)

It is easily the best film treatment of any Heinlein work I've seen -- not that this sets the bar all that high -- but it was a good movie -- IMDB rates it at 7.5, and I'd agree with that.

The acting is *very* good, particularly from Sarah Snook.

The story itself was *way* ahead of it's time in many ways.

Comment: They Filed on Sep 9 2010 (Score 4, Informative) 164

by ameline (#48296741) Attached to: Disney Patents a Piracy Free Search Engine

They filed over 4 years ago. If they haven't got a working search engine by now based on this, they never will. 4 years is forever in internet time.

Never mind that any search engine using this is very unlikely to make a dent in google.

I think their strategy is to "shame" google et al into doing more -- "look, see we got a patent on a means of eliminating piracy, proving that it *IS* possible, therefore you have to do more to prevent piracy."
Ignoring the fact that the existence of a patent proves nothing about whether the invention actually *works*. (I say this as someone who holds a number of patents -- all of mine work -- I filed them after I had them coded and working. But it would have been just as easy to make all of it up and code nothing.)

Comment: Re:Just Apple? (Score 1) 207

by ameline (#47903415) Attached to: Sapphire Glass Didn't Pass iPhone Drop Test According to Reports

I've got a 3 year old iPhone 4S. Never broken the glass on it, but it does have some minor scratching on the display.

I'm not surprised Apple went with gorilla glass -- sapphire is very hard, but also brittle -- cornings product is a bit softer, but much more resilient.

I'll probably be upgrading to a 6 sometime in the next month or so.

Comment: Re:open source? (Score 2) 107

by ameline (#47004723) Attached to: Phil Zimmermann's 'Spy-Proof' Mobile Phone In Demand

I think any designer of a "secure" phone needs to assume that the baseband is running hostile software.

If the baseband has write access to application cpu ram, you're screwed.

There needs to be uncompromised hardware enforced protection to ensure the baseband cannot write to application ram or to the flash memory of the application processor. I'd be very suspicious of DMA capabilities under control of the baseband unit.

I'm not saying it's impossible to make a secure phone, but you as a creator of such should assume that every byte of code not under your control is out to get you. (including closed source graphics drivers).

I'd also be nervous of the toolchain/compiler. That classic Thompson compiler attack (http://cm.bell-labs.com/who/ken/trust.html) is a worry.

Comment: The problem... (Score 1) 68

by ameline (#46671647) Attached to: CryptoPhone Sales Jump To 100,000+, Even at $3500

With something like RedPhone is that there are multiple CPUs on the phone -- in particular, the base-band is a full ARM chip with complete access to all ram on the device. And the software running there is almost never under the users control. So it doesn't matter how good red-phone is -- if it ever leaks *any* plaintext or key bits out to ram, or across any wires outside the cpu it's running on, the baseband chip and the software running on it can wiretap you. And even if those things never leak off the main cpu die, the baseband can probably inject processes/instructions into that main chip's address space that would steal those critical key bits.

Unless you have control over *all* the firmware running on *all* the processors in a phone, I wouldn't trust it any farther than I can comfortably spit out a rat.

(and this is not accounting for hardware tricks -- I think you cannot trust your communications are secure unless you trust everyone involved in its design, manufacture and programming (including the compiler and related toolchain, and its compiler and toolchain -- and so on ad-infinitum) -- and that is probably a *very* sizable list indeed -- the odds that some lettered agency (looking at *you* cse/csis, nsa, gchq, fsb, etc) have not corrupted *someone* on that large list are so small that only god/fsm could tell the difference between it and 0.)

"But this one goes to eleven." -- Nigel Tufnel

Working...