Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Borland predates Linux, ELF (Score 1) 130

I'm not familiar with DOS exe format. However, there must be some well-defined entry point.

Thompson's attack doesn't mean that any subversion of the Borland 1.0 compiler is limited to when the Borland 1.0 compiler was created. Thompson was making an extremely general point about security in programmable systems: You either build pretty much all of it yourself, or else you must invest trust in others.

Comment Re:Borland CDs are read only (Score 1) 130

Perhaps I wasn't being explicit enough.

The CDROM might be read-only, but the software has to be copied into memory by something in order to run. As per Thompson's original point, it isn't sufficient to protect one piece of the system. As he stated, his attack implies that *every* programme that is involved in the handling of software must either be validated to the same level as having written it yourself OR you must invest trust:

In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program ..

(emphasis mine).

Indeed, his point on trust extends beyond just programme-handling programmes to all logic (soft or hard) involved in the handling and the running of software. Thompson mentions microcode almost after the text above:

As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect.

Since Thompson, we've had "Blue pill" rootkits that use x86 virtualisation features to effectively run themselves as microcode under the victim system (and unbeknownst to).

Comment Re:Easy enough to handle trusting trust (Score 1) 130

Why do you think a new trojan can not infect old binaries?

The Thompson attack is what we would recognise today as a class of virus. Indeed, as Thompson's point was a general one about the unavoidable need to trust others, if one did not build every component capable of basic logical manipulation oneself, to fully counter Thompson's attack you would have to be able to counter every possible kind of virus and rootkit - and not just of the software, but also of any other firmware and microcode that might handle or be involved in running your code. (Read his paper, he is clear he envisions his attack could be implemented in lots of ways and places in the abstract).

Comment Re:Diverse double compiling (thanks dwheeler) (Score 1) 130

And the end of that comment still sounds more dismissive than I wanted... Take 2:

I'm not being dismissive of DDC. Distros regularly attempting to get reproducible builds with diverse compilers will raise the bar and make attacks harder if it can be done, and additionally it will help catch bugs. However, DDC does not fully counter Thompson's attack, and it is good to remain aware of the assumptions it operates under.

I.e. could be a very nice step forward, though it is important to note the "fully countering" isn't quite "fully" and there are limitations.

Comment Re:Diverse double compiling (thanks dwheeler) (Score 2) 130

No he didn't prove it is infeasible. For one, that would require a method to prove that the compilers are indeed wholly independent, which hasn't been provided. Also, note that people in some sub-field of technology tend to move around. An engineer who has worked on one compiler is *more* likely to also work on another compiler at some stage than any random engineer. The DDC technique *assumes* that diverse compilers are independent - it takes it on trust. Wheeler's work if anything re-inforces the essence of Thompson's philosophical point, that we must either completely build and control every aspect of our system OR we must trust to at least some degree in someone else. Note also that someone can frustrate this technique by deliberately making their software not build reproducibly, for apparently innocent reasons (e.g. D Wheeler had such issues with using tcc for DDC). A fuller version of my critique of "Diverse Double-Compiling".

That sounds like I'm being very dismissive of DDC, but I'm not. It could be really useful, *if* it is feasible to actually regularly reproduce builds. Debian is working on this, and hopefully they'll get there - but it's not a trivial task either. However, DDC does not fully counter Thompson's attack - not in the normal absolute sense of the word "fully" at least.

Comment Re:Upstart? Scarebus? Comparison to Concorde? (Score 1) 345

Plus, you're forgetting another big one. The SR first flew in 1964, the Concorde in 1969. The SR was faster, and built 5 years earlier. The Concorde very likely built on lessons learned from the SR.

Actually, you've got it the wrong way around.

The Concorde built on lessons learned from the *British* aircraft and (especially) jet-engine industry, which was world-leading at the end of the war and towards the 1950s. E.g. Concorde draws heavily from experience building the TSR-2. Concorde's engines were *directly* based on the TSR-2's Bristol Olympus engines, which draw heavily on mid-40s Bristol engine technology.

The US had to licence designs from the British to learn how to build jet engines. A number of different British engine designs, from the original Whittle engine, to later Bristol, Armstrong-Siddely and Rolls-Royce designs, were licensed to a number of US makers, including Curtiss-Wright, General Electric and Pratt & Whittney.

It would be far more fair to say the SR-71 drew from British aircraft industry R&D.

NB: I'm not British, and I don't have any great reason to talk up Britain over the USA.

Comment Re:A fatal flaw (Score 1) 95

Good to agree on that.

Yet, no one in the west has ever been prosecuted for double-tap strikes. Not even in the infamous "Collateral Damage" video leaked by Bradley Manning, where children are clearly visible through the window of the van of a random Good Samaritan who happened to stumble on the scene of a previous attack and stopped to help.

Comment Re:A fatal flaw (Score 1) 95

Oh, for the avoidance of all doubt: The last paragraph is highlighting the consequences of saying that it is OK to kill rescuers, or OK to kill people by association. I personally do *not* believe any of these things are ever generally justified, either by western powers in the Islamic crescent or by militants elsewhere.

Double-tap strikes targeting rescuers are very clearly heinous war-crimes.

Comment Re:A fatal flaw (Score 1) 95

I don't think the US military intervention in Afghanistan was well-directed in terms of attacking those responsible for 9/11. Nor do I think the ongoing operations are doing much to improve US security. Indeed, the wider "war" on Islamic extremism ("we must bomb Kobane into rubble, to save it") is likely highly counter-productive and bone-headed.

However, set that aside, let's assume militant Islamic extremists are justified military targets.

Are double-tap strikes justified? How can it be justified to bomb and kill rescuers of whom nothing is known other than that came to rescue people - they may be passing good Samaritans, neighbours, etc.? Answer: It can't be justified, and it is in fact against the laws of war.

How can it be justified to deliberately bomb funerals, which will draw people of lots of different types of association with the original deceased? There would be many men and boys who are there because they were family (near and distant), kinsmen, neighbours, acquaintances, random observers, etc. - *not* militant extremists.

How can it be justified to deliberately bomb militant extremists at home? Afghanis live in large family groups. Targeting them at home kills their parents, grandparents, brothers, sisters, cousins. You can only justify this if you have absolutely no regard for civilian Afghanis (and from your earlier comment, it seem you have little regard - despite your faux concern for women there).

Home compounds were targeted simply because a militant had spent a night there. However in Afghan culture (deriving from Islamic teaching) you are required to give hospitality to strangers, and it is not uncommon for this to happen. Random families have been wiped out for no reason other than that some "brave" drone operator watched a *suspected* Taliban stay at that house some night before, and so they get bombed another night.

Here's the thing, if you can justify the above, then tell me how you would be any different from a terrorist justifying attacks on civilians in a democracy? Certainly, if you can justify bombing militants' homes, then "terrorists" can equally justify shooting off-duty soldiers or bombing their homes - if it's not terrorism when done by western powers in Afghanistan, neither can it be if they do it over here.

Comment Re:A fatal flaw (Score 1) 95

I don't see what your comment has to do with the policy of killing unknown people, with no evidence against them.

Unless of course you're saying that because some people there are bad guys, or because some aspects of culture are disagreeable, that therefore it is OK to kill any one of them - including those girls and women you profess to be concerned about. In which case, you're as uncaring, as hating, as inhuman as any of the worst of them.

Comment Re:A fatal flaw (Score 1) 95

"Double-tap" strikes: They kill one person, then they have the drone loiter and wait for rescuers to come along and bomb those, on the assumption those must be bad guys too. They have no idea who those people are.

They killed a mid-level Pakistani Taliban guy, in the hope bigger Taliban guys would go to the funeral. They then bombed the funeral and killed dozens of people - no idea who those people were, they just /hoped/ they'd kill some more Taliban.

A clear and utter disregard for the lives of ordinary Pakistanis, Afghans and Iraqis that is only possible if you regard them as less than human.

Slashdot Top Deals

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling