While the below research into computer security is still interesting I am also spending time on EarthSwarms.
This was inspired by the International Digital Earth 3-D Visualization Challenge. Why? I've always been interested in Earth data, and, this pushed me to actually do something about it. I strongly believe that without a deeper appreciation of climate change and the Earth spread across more people (ie, not just YOUR friends) we will not get very far in terms of a reasonable solution. EarthSwarms is one of my ideas as to how to engage less technical people.
More details under the Earth Swarms link but the basic idea is that this needs to run as many places as possible, and, not require fiddly 3d library installation and/or annoying graphics card/GPU installation. If you have something cool it runs faster, otherwise it just runs.
This is all written in
Squeak since nothing else
is so good at cross platform portability. Java? Yea,
not on any system I actually own and run...
At pckswarms.ch I research techniques to find interesting, but uncommon, events. For example, I have developed a program to scan ethernet packets for uncommon connections in order to discover spyware and bots. More information can be found under the Packet Swarms link on the side bar.
30 Apr 2007
Environment
I've always liked the WorldChanging website and their article Make This Earth Day Your Last! is excellent.
The 4th Intergovernmental Panel on Climate Change Report.
Computers
Yet again I reminded as to how nice open source software is. I have a friends PC which hasn't really been backed up, running Windows XP, which now has a bad disk. Windows doesn't boot. The error message is quite bad -- ie Stop: c0000218 {Registry File Failure}. The recovery is hard, and, NetBSD can boot and I can copy the files from the NTFS partition across NFS to a Linux system. Fast, simple, and easy.
26 Apr 2007
Security
Ah, a targeted virus. In this case a divorce case and the email installed a keystroke logger. Cost the husband 7000 pounds month.
I wonder how many others are out there? For 7000 pounds a month it can't be hard to find people to do this.
20 Apr 2007
Home Network
After a nice vacation near Lago Garda in Italy I'm back.
After a bit of reflection I decided to switch away from OpenBSD and to Debian Linux. Don't read too much into this. I still think that OpenBSD is technically better, and, way more secure. What I do think is that Windows Vista is going to bomb. Yes, it will sell well since you don't have much choice, but, I shudder at trying to support the folks who I currently support on XP on Vista. Therefore I see folks moving to Linux and I thought I'd go back and give it a try and see how it's going.
Basically pretty well. I choose Debian for no other reason than I have Sun Ultras and Mac PPC systems, and Debian seems to support those well. The install went as follows:
- Sun Ultra 10. Trivial. The only problem so far is that high IDE bus activity (tar a DVD-ROM onto the disk) causes the keyboard in X to freak. The problem solves itself when the tar is done, so, I'm guessing a problem with interrupts
- Sun Ultra 2. This is a SMP box. While it boots the CD, the install process won't find the CD. Ergo we had to netboot it off of the Ultra 10. Once done it went ok. The X11 config file was empty and getting the 73gig scsi disk formatted was a hassle since fdisk didn't know about disks that big. Works very well and is very fast
- Clamshell iBook. Installed trivially and runs well. It's only hassle is that, once in a while, Gnome won't start. This looks to be a hardware initialization problem since once reset it works well.
- Lombard Powerbook G3. Works well, no comments
- Wallstreet Powerbook G3. Doesn't install. The problem looks like it could be solved with a second disk. It wants to mount the install .iso from the hard disk, but, you're then going to partition and mount the new partitions. Things seem to get lost there.
Overall pretty positive. Icedove (Mozilla Thunderbird) and IceWeasel (Mozilla Firefox) work well. Gnome desktop is pretty and it runs ok on the 300mhz systems.
Now that I have Linux SBCL runs. So, step next is to port pckSwarms. I have some new ideas, and in watching the sorts of break-ins which are happening I believe it's even more useful.
Security
It looks like the papers at HotBots 07 might be quite interesting
Smalltalk
Wow, someone scanned the BlueBook
6 Apr 2007
Security
Some more thoughts on the MS ANI problem
First it looks like breaks of this class could be grepped out of MS's documentation because MS is strict about naming of variables. Given the example structure here the important bit is:
struct tagANIHeader {
DWORD cbSizeOf; // Num bytes in AniHeader (36 bytes)
It would be quite easy to write a regular expression and parse the MS documentation to get a list of file types which might break in a similiar way
It was bad design to have a size of a structure, and, have it basically hard coded to a max length. This is asking for trouble
One has to be careful not to:
- Cut and paste
- Assume that all files of a particular type are valid. Files can get accidentally corrupted you know...
- Assume only your tools will generate these valid files
- Assume that no one with ill intent ever can spoof us into reading their carefully generated file.
All of these were probably true when the code was written 10 years ago.
The one final thing that struck me was that the files on disk (or network) are oddly coupled with the version of the OS. This is very fragile.
Basically you can't ever change an ANIHeader anywhere on disk or the net without upgrading ALL copies of the OS. Plus any new ANIheaders that exist will crash (at best) older versions of the OS.
Much better is a version number of the header (and just reject versions you don't know about), a variable length header with some sort of terminating value, or a header length, and as new fields are added to the end and you skip them and ignore them with older software.
These things are gifts to hackers.
5 Apr 2007
Security
Now back to security
There have been several stories this week about MS's ANI problem. Now, it's all fine and good to poke fun at MS but I think this points out a more basic problem in computer security. We, the folks trying to keep systems secure are always at a disadvantage. First, it seems that those breaking into systems have loads of free time. Second, ALL of our patches have to work, only ONE of their break ins has to succeed. Finally we have years and years of shoddy programming to work around, they have years and years of shoddy programming in their favor.
We won't win doing what we have done in the past. In fact we'll be lucky not to keep falling further and further behind at this rate.
One idea that I have is talked about in more detail in Packet Swarms is that while Intrusion Detection Systems (IDS) are very important, you have to have a known signature for them to work well. And while it's true that the ANI bug could be caught with a previous signature you would have been out of luck had the stack overflow been from a different source.
The second type of security problems we are good at catching are the ones which jump up and bite us hard. You might remember the SQL slammer worm. Another example is a DDOS attack. In both cases you can't help but know that you've got a problem. You might not know what it is, but you you do know it exists.
My third thought about this is that with traffic analysis you can catch jumps in types of network traffic that stand out. But why should an attack produce a lot of traffic. Why couldn't the attack have your accounting and/or sales and marketing departments slowly send the contents of "My Documents" to some dodgy site somewhere in the world.
In all of those cases is that you tend to have a binary system. Ie, The network connection/packet/traffic is good, or it's bad. It only moves from good to bad when someone makes some sort of decision.
These togther pushed me to a slightly different solution, ie, pckSwarms. I've thought more about the problem since the paper was published so over the next weeks I'll write a bit more of these thoughts down.
4 Apr 2007
EarthSwarms
Everything is uploaded and done. John M McIntosh did a quick fix to the Mac Intel Squeak VM so that the colors are pretty. This made me very happy...
Bruce O'Neel
Last modified: Thu Apr 5 13:42:07 MET 2007