Posts by John Smith 19

Let's see if I've got this straight

C is dangerous because of it's memory handling.

C is powerful and flexible because of its memory handling.

Bad developers shouldn't write operating systems.

Bad developers do write operating systems.

Pascal is a poor model for secure OS writing as it's not got enough features to write an OS.

Now let me remind people of a few bits of history.

C was developed to allow Unix and other system apps to be written easily in a time of constrained resources both on the hardware to be supported and the compiling process itself (although I think the DEC Proprietary language "Bliss" was better at optimization it retained the single data type "word" and everything had to built on top of that. Not fun).

C was written by and for the staff at Bell Labs, who included some of the best software developers in the world. Key apps for them included the software to control the US telephone exchanges. This must be reliable.

Nicholas Wirth did not write an OS in Pascal. He and his team at ETH did write an OS in follow on languages Modula 2 (for Lilith workstation) and A2 for the Oberon language. Embedded development could be done on Turbo Pascal because it supported access to the whole memory and IO address space as 2 special arrays with no safety net of any kind.

Ada was specifically written to support real time embedded software development. AFAIK most of the 20 000 different languages the DoD supported, a statistic that got DoD in getting "1 language to rule them all" (to coin a phrase) were assembler languages, followed by things like Jovial, developed exactly for those functions.

But Ada's design-by-committee design stuffed everything but the kitchen sink in and made compiler development a royal PITA.

And all (except Bliss, which is contemporary) were developed after C. A live compiler on the terminal beats a dead tree standard any day. :-( .

The automotive and other industries (medical products IIRC) do have secure C coding standards.

They typically work by assigning all the necessary memory at start up. From then on everything is static allocated.

C & C++ are very powerful. But do you need that power? My experience of embedded was a lot of the time it was "write a hex value to this location and read something at this location."

On that basis being able to specify (at some level in the language) specific hardware addresses (with a bit of in line assembler) were the key needs for those functions.

Does anyone think he's really the first person to have discovered these?

In a very secure office somewhere in Maryland....

"That sneaky little f**ker has f**ked us good. Now we'll have to find more ways in that most people haven't thought of. We've been using those for decades. Ba***rd."

Hackers Handbook, 1st edition??

ISTR a dumb version of this.

While you could capture a signal it was never quite clear what you could do with it.

Note the *low* frequencies they are talking about.

The processor may be clocked at GHz, but they are looking at signals in the low MHz range.

And note once you've got someone's private key you've got their whole secure email back catalogue as well.

"Headings" list has probably already sent senior managers to sleep.

Which is a pity as only their involvement is likely to get this done.

So they will palm it on on some minion who will, in turn, palm it off on a minion until....

And henceforward that person will be "responsible" for system security.

Responsibility without authority is bul***it.

A note on "Galloping Gerty"

What finally destroyed Tacoma Narrows was the fact the wind was gusty, hitting it with high amplitude pulses of energy,

Since narrow enough high energy pulses fourier analyze into a broad range of frequencies this is a great way to find what frequencies a device or structure resonates without having to "sweep" the excitation signal (a variable speed wind is difficult to arrange).

Which it did.

Theo von Karman did the analysis on Tacoma Narrows should anyone want to find out more.

Hounslow to New York distance roughly 3450 miles.

Or about 27 milliseconds at the 2/3 of light speed inside a fibre.

It's estimated HF traders need delays of 320 micro seconds or less to work.

Not in the race.

Not even close.

"well-known to be using exploits in the trading systems,"

These are not exploits.

They rely on the use of special order types.

With a separate order sent on every share being traded.

How the exchange responds to this order tells the organization sending the order IE the HFT company,

These are not real orders.

They are in effect "pings" to the market to detect what is going on.

Apparently there are 150 order types supported by some (if not all) exchanges. These order types would not exist without the express support of the exchanges involved.

Once you're read "Flash Boys" you realize, this is no accident.