A new kernel. :-) This was the first time I'd tried patching the old kernel rather than downloading the entire thing. It worked like a charm.The only thing of interest so far has been a faster boot time... is this subjective, or is there something cunning going on? Also of note is that The Debian Way worked this time as well. I've no idea why it didn't for the past couple of times. I'm out of my depth.

I'm not working. I just can't motivate myself - I'm stuck in a rut, doing fun Linux stuff and reading Slashdot all day. I have three bits of work due tomorrow, and I'm here writing in a journal. Sigh.

Now that I've got the latest kernel, I can concentrate on turning the 'News' bit of my website into a proper blog (probably without scripting or anything to start with) and generally avoiding work. I also want to put some philosophy on there - I feel the need to explain how I think to others. That could take some time.

I can kiss my maths degree goodbye, can't I?

The CEO of Green Hills Software Inc continues to write about the supposed security flaws of Linux. This annoys me, but I'm not going to dwell on it - it's pretty much FUD, but concentrating on military applications. They don't seem to be competing for the desktop, and all of this is just to draw attention to their products.

This week I had to clean a friend's computer of viruses, and install a firewall before the Sasser worm gets near our university network. She uses... yes, WindowsXP, of course. (I use Debian, btw.) It seems to my inexpert eyes that Linux is more secure than Windows, and yet Windows has a security rating of EAL 4, whereas Linux has EAL 2.

My point is that these ratings mean very little - you basically pay for them to be done, which is why an open-source project stands little chance of having this happen. From the article: "A full security certification must be performed by someone who is a formal methods mathematician, a software engineer, and an experienced evaluator. That is a rare and expensive breed of individual. A thorough evaluation of Linux for subversions would cost billions of dollars." (Their emphasis.)

As a mathematician, this got me thinking. Could a program be written to formally test the security of another program (i.e. the Linux kernel, or a whole distribution)? Could it be an open-source program? After all, talented programmers are a rare and expensive breed as well, and yet Linux happened.

But then how could the security of a test program be guaranteed? I suppose firstly by making it simple enough that any flaws in the source code would be obvious. That might be difficult, but perhaps not as difficult as certifying the whole kernel by hand. Ken Thompson's subversion idea is fascinating as well - I'd wondered about this myself. One option might be writing one in assembler (on a machine without microcode!)... or could you use the untrusted C compiler to write a trusted compiler for a different language, and then use this other language to compile a trusted C compiler? :-) Fun.

I've succumbed to the temptation - I'm writing a journal entry. This is mostly in order to distract myself from revision - I'm on the first year of a maths degree, and exams are soon.

The fun kicks off next week - I have a German oral assessment... I've got to find some kind of job (in Germany, of course) and pretend I'm applying for it, or something, doing a presentation. Perhaps next week I'll be regretting the lack of effort that's gone towards my German module (and degree in general) - I blame this on Slashdot (and too much exploring Linux).

And on 25th May the proper exams start - really should be doing some work now...