Wednesday, 16 December 2009

Security Digest #4

This month's Digest is just a little earlier (and just a little shorter) than usual, because of the holidays...


Get The Best Security You Can Afford

Eric Lippert's blog, Fabulous Adventures In Coding, is often among other things a great source of insight into the way the C# compiler works. That's the chief reason why it's a personal favourite of mine. But as its title suggests, Eric's interests and expertise extend into other areas.

On his last summer holiday, for example, Eric used an incident at an airport to digress into analytic queueing theory. And just this week, he's taken an unexpected diversion into some very basic principles of security systems. Click through to see how RSA cryptosystems can be misapplied, providing an illusion of security - with no substance. And he ends with so many excellent bullet points, that you will cower in fear.


The CAT.NET 2.0 Configuration Analysis Engine

Last month I looked at the InfoSec Assessment & Protection (A&P) Suite, which had just been released. Maqbool Malik has provided a fully detailed guide to the Configuration Analysis Engine of its Code Analysis Tool, CAT.NET v2.0:


And from Channel 9, there's this video of Maqbool Malik and Anil Revuru (RV), from Microsoft Information Security, talking about the new release of this tool:



On Security Error Prevention in Development

Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC is a Microsoft paper discussing Security By Default, one of the core SDL principles. Also, a very instructive account of how the Windows Live Team adopted the ASP.NET MVC framework when developing the services that are included in Windows Live, and how their approach helped to prevent developers from making security errors:



BlueHat v9 Brings the Looking Glass to You

Finally this year, the session and interview videos from BlueHat are now available on the TechNet page:


SMS and other attack vectors on pocket-sized devices were a prominent area of comment this year, somewhat predictably; and equally so, The Cloud, and Software + Services (S+S).


That's all from The Padlock for 2009. Have a Security Strategy, and a Happy new Year!

Monday, 7 December 2009

The Dogma Song

I've Been In The Loft

Rewiring the bedroom lighting, and fetching down the Christmas decorations. I found this: a mildly amusing, language-game lyric, written in 1979 - aye, three decades ago! On an electric typewriter! - written, as I was saying, at the time when my good friend Tom Fox, philosophy scholar of this parish and a great fan of the writings of Thomas Aquinas, was leaving these shores to further his studies in Rome.

Utrum Omnes Lex Humanitus Posita A Lege Naturali Derivetur
A young Italian student, he
Was being where he shouldn't be;
And while he being was, you see,
A prefect leaped down from a tree -
Up which, he'd every right to be.

Said him to he, "And what gives you
The right to don't as Romans do?
For up there, down here, I did view
Your trespassing, and heedless to
Such penalties as might accrue."

But Foxy, with a wily look,
Knew he could counter this rebuke;
And from his ample cassock, took
All fifteen volumes of the book
From which this poem's title's took.

"You say that I'm at fault, because,
Down here, with you up there, I was.
Your reasoning is full of flaws!
Which says, among your Roman laws,
Where I can't plant my fox's paws?"

The stage was set; in sequence, they
Produced their books, and had their say,
With eloquent verbosity.
So it continued, night and day,
They'd curse and argue, fight and pray,
And neither man has given way.
That's why, until this very day,
You'll find them on the Cassian Way,
Or any map of Italy.

Copyright © 1979 by John M. Kerr.

This is my original text, including the mega-pretentious title, which I still like. Later, the "poem" became a "story", got itself some choruses, renamed Dogma, and sung to a tortured rearrangement of Benny Hill's Ernie (The Fastest Milkman In The West). Tortured but humorous, as the odd number of lines forces each verse to end with an anticlimactic fade...

Why no, actually. No, in fact I have no plans to record it for YouTube. Seriously. Shut up.

Tuesday, 1 December 2009

On Quines

Writes Code Which, When Run, ...

This is mind blowing. Yusuke Endoh has written a very interesting computer program. In fact, he has written a whole series of them: eleven in all.

What's interesting about these programs is that, first of all, each of them is written in a different computer language. That fact alone qualifies him as a clever chap. Then there's the range of languages he used: some are fairly common (Ruby, Python, Perl, C, Java), others somewhat more exotic (Lua, OCaml, Haskell), still others downright esoteric (brainfuck, Whitespace, Unlambda). Clearly, he's actually a very clever chap.

But when you look at his set of eleven little programs, each in its own different language, and when you realise exactly what they do, then you are forced to conclude that Yusuke Endoh is in fact a very, very clever chap. Because what every program in this set does, when you run it, is to print out the source code of the "next" program in the set.

Imagine these eleven programs arranged in a circle. Each one, when run, prints a copy of the source code of the next one.

I suppose you could look at it another way: he actually only had to write one of these programs. Then he could run that to obtain the second, then run the second to obtain the third, and so on. But wait a minute, doesn't that mean that when he runs the eleventh program, its output will be just the source code for the very first one?

Yes, that's right. There was actually no need for him to write anything at all. These are eleven self-generating sources. What a lazy guy!

Picture: MC Mechanic by Shane Willis.

Here's the link to his blog article. In the (English!) comments you'll see that he actually wrote, in the sense of "putting effort into the crafting of", two of the sources, the diametrically opposed Ruby and the Haskell; then effectively infilled to complete a cycle:


A computer program which prints out a source code copy of itself is called a Quine, after America's most influential Harvard philosopher and logician, Willard Van Orman Quine. So, this is a kind of generalisation of a Quine program.

Here's another description of Yusuke-san's achievement, for those like me whose knowledge of languages does not extend to Japanese. Note the comment from Professor Quine's son Douglas, at the foot of the article:


The association with Quine comes from his famous self-contradictory predicate, yields a falsehood when appended to its own quotation, which he used to investigate the linguistic anomalies underlying Russell's Paradox. Here of course we are concerned not so much with the paradox, as with the self-referential nature of the sentential fragment, which mirrors the self-replicating behaviour of the code.

Historical Note

I was lucky enough to enjoy brief correspondence with Professor Quine in the 80s, and also more recently with his son Dr Douglas Quine, who recommended to me Quiddities: An Intermittently Philosophical Dictionary as a sampler of his father's humour, insight and intellect.

And that's a great read; but my favourite Quine works are still The Ways Of Paradox and other essays, in which I was first exposed to the genius of Alfred Tarski, and the Lambda Calculus, at a dangerously young age; and Methods Of Logic, which first convinced me computers could solve problems using predicate calculus (though it wasn't until several years later that I finally got my hands on a Prolog system).

Decades after you've absorbed whatever technical content you needed from their pages, you can still reread those books for their astute, elegant, lucid and entertaining prose style.

Tweets - November 2009



Monday, 30 November 2009

Meshuggah

Straws Pulled at Random



The instrumental runout on this song is mesmerising.

OK, sure, it's a song about death. The whole fathermuckin' genre's about death, it's right there in the title, this is Death Metal. But it's also some very inspired, minimalist composition. It stays with you and haunts, like a Shadowman game. If you only ever listen to one Meshuggah track - and let's be honest, you probably will! - then make it this one.

Sunday, 22 November 2009

Security Digest #3

Catching up with the latest developments in our favourite MSDN Security Blogs, the SDL and Security Tools.

Two headliners already escaped from this month's Digest and skipped the queue: Volume 7 of the Security Intelligence Report, and Agile SDL. Here's a bunch of smaller announcements and developments for those who just can't get enough of that ol' computer security goodness!


Pirates v Ninjas v Engineers

Threat Modeling is the first port of call in your journey to software security.

Amusement and light entertainment were to be had at the end of October, when the SDL's Adam Shostack declared in favour of Engineers, in their never ending struggle with the Ninjas of Threat Modeling.

What's Ninja Threat Modeling? It's lean, focused, easy to learn, and readily implemented. Cory Scott explains all, while contrasting his arguments with more traditional security development lifecycle approaches - and in particular, taking an occasional swipe or three at Microsoft's history of data-flow diagram & attack tree approaches, and multiple Visio-driven offerings - in this quite comprehensive article from the Matasano Security (developers of Playbook) website:


Adam's articulate and considered reply sets out to compare the two different security methodologies, concluding that the MS-SDL has matured sufficiently to be considered the optimum choice whenever security considerations can be built into a project from the outset. Ninja Threat Models might be of use when an already developed or deployed system needs to be hardened, and admittedly, they do sound more focused and agile than traditional SDL. However they are necessarily less rigorous and less complete. And anyway, the agility factor has now been addressed in other ways.



InfoSec Assessment & Protection

Todd Kutzke, Senior Director of Information Security (InfoSec) at Microsoft, writes here about the InfoSec Assessment & Protection (A&P) Suite that's just been released.

The Assessment Tools include a complete rewrite of the managed code, security source code scanning tool, Code Analysis Tool for .NET (CAT.NET); and the Web Application Configuration Analyzer (WACA), which scans the development environment for various best practices, including: .NET security configuration; IIS settings; SQL Server Security; and miscellaneous settings for permission in Windows.

"Protection Tools" here refers to the Web Protection Library (WPL). This incorporates a diverse set of elements, for example Anti-XSS V3.1 (the Microsoft Anti-Cross Site Scripting Library), and the Security Runtime Engine (SRE).



Finally for this month, Anil Revuru has written the following two useful and quite comprehensive guides, for configuring and running stuff:



Until next time, Keeeeep Dancing!
Eh, no I mean, Have a Security Strategy.

Saturday, 21 November 2009

Wee Mac


Wee Mac - Sep 16th 1993 - Nov 21st 2009

Mercury
the winged messenger

Linda and I married in June 1993. One particular day a few months later, I'm home from work briefcase in hand, and asking her what's for dinner. "There might be a clue in the living room," is the cryptic reply. Okay that's odd, I think, but we'll come back to it. "Any mail?" I ask.

She hesitates, then "There might be something in the living room."

Suddenly curious what I might find in that room, I'm slowly opening the door. She's come through from the kitchen behind me, peering over my shoulder. I'm getting a bit edgy.

A brightly multicoloured patchwork quilt lies on the floor at the foot of the sofa. Cautiously approaching it, I resolve a little matt black bundle in its middle. The bundle moves. It breathes. What is small, matt black, and breathing?

"It's a puppy!"

I'd mentioned before to Linda that I'd like a dog. In the past few months I'd complained - in fact, both of us had - whenever we saw someone walking their dog, how unfair it was that other people had dogs, aye and some had two or more. And we had none at all! Not even one!

So this is her surprise for me, a conspiracy hatched with her father, who's driven to collect the pup this day; and her mother, who's responsible for the swaddling. We name him "Mac". He sleeps through it all, blissfully unaware of daddy's arrival home.

Venus godess of love

Collies, and Border Collies in particular, are among the very cleverest of dogs. They spoil you absolutely for other breeds. After you've owned one, anything else is just a dog. Mac was easily trained, and learned many commands. Linda had plenty of experience of the breed - her previous dog, Sam, was legendary for his intelligence, both at home, and in Highland Shows where he'd often put the local working dogs to shame (winning so many awards, they changed the rules to exclude him).


Linda with Sam and Wee Mac - 1993

We used to joke that Mac was "a dog with a sense of humour," for example when you told him, "I'm gonna eat your dinner!" and he would growl, all the time wagging his tail.

Sometimes of course he'd be a little less clever than usual. Then I'd be forced to introduce him as "a genetic anomaly, the world's first border collie without a brain!" Wee Mac - as he'd come to be known, despite his absolutely average 20kg - didn't mind. Dog with a sense of humour, remember.

He was well loved. When Linda and I were both at work, he would spend days with my father, and my aunt. Mac was simply too clever to be left alone, and they doted on him too. Linda had already made an impression by training dad's previous dog Kerry, a Kerry Blue terrier of course, to walk on the lead, sit at the kerbside, and come back when recalled. This was a unique novelty; we'd never had such a clever dog before! But all that was as nothing to the range of tricks of which Mac became the master.

Whenever we went on holiday, well as Linda would say, "There's no show without Punch!" and so we had to ensure that our accommodation, cottage, caravan, or other, welcomed pets.

His first summer, we took him on his first of many trips to Embo, by Dornoch, Sutherland. Grannie's Heilan' Hame, to be exact. Once he discovered the beach there was nothing we could do to keep him away from it. We might think that we had him completely under control on an extending lead; next minute he was off, racing across the sand and rocks and into the brine, with his useless lead reel bouncing and clattering along behind him.

Mars bringer of war

Wee Mac's life was sadly blighted by being viciously attacked, while still only weeks old, by a neighbour's adult dog. The attack was a sustained one; I had of course put Mac on a lead, and was unable to let him go or pick him up to safety, so all I could do was pull him around in circles trying to get him away from his uncontrolled attacker, while the idiot owner stood back laughing. Mac had extensive surgery to repair his head and face, and was lost to us for a few days.

As a direct result of this, and subsequent similar experiences with the same attacker, Mac was never socialised. Despite numerous visits to training and obedience classes, he never learned to approach another dog without attacking it. His insecurities could occasionally lead him to turn on people too, particularly when someone pulled at the side of his collar, which I'm certain reminded him of that terrifying first attack.

Jupiter bringer of jollity


That aside, Mac's development was unremarkable, and he liked almost any other type of animal - with a particular fondness for cats, oddly enough. He displayed almost parental affection for a friend's guinea pigs, when once they were left in our care for a few days.

Nothing, obviously, was better than being at the seaside. Mac would always chase the waves, trying to catch them in his mouth, and end up with a belly full of salt. He'd swim out to retrieve floating sticks and toys, occasionally substituting one if he lost it.

He'd cheerfully pick up a "stick" that could actually be anything up to a fallen tree trunk, between three and twelve feet long, and three inches thick; adjust his grip by increments until it balanced in his muzzle; then run to you, dropping it at your feet. Waiting for you to throw it.

Actually, he'd drop it just far enough from your feet to make you do the work.

He had a slight heart murmur, and spent much of his life on medication for that. Not so much as you'd notice though, his spirit was strong, and his personality could not be suppressed by a little water tablet, or ACE inhibitor.

Mac was always first beneath the tree every Christmas morning, looking for his treat & squeaky toy stocking, which he would invariably unwrap for himself. In fact, he didn't always wait for Christmas morning! And if he visited you any time around then, your tree would get the same treatment.

His obedience, cleverness, and sense of fun, endeared him to everyone who knew him.

Saturn bringer of old age

Time brought him cataracts, at an age and a condition where nothing could be done about it. And so time also brought him near total blindness - or at least presbyopia.

Old age brought him deafness too, which signalled an end to his ability to respond to commands, except for one: he would still recognise as a recall signal, an arm waved in a circle, sufficiently far away. On the positive side, he was no longer freaked out requiring tranquilizers on fireworks night.

Then came arthritis, and his medication had to be supplemented with painkillers, first anti-inflammatories, then opiates. He began to have trouble standing up and - particularly - sitting or lying down.

Uranus the magician

We extended the steps into our house, lengthening the slabs so that he could get in and out more easily. We'd earlier tried out a dog ramp, but once he'd decided he didn't trust that, then it was never going to get used - he went out of his way to avoid it. Personally I think its metallic construction reminded him of the decks and walkways on the bridges and ferries he'd encountered on holiday when younger, and he didn't like those. Particularly on one tragi-comic occasion - on a ferry to Orkney I think - when we'd just managed to get him to calm down in our arms, before a previously unnoticed ship's horn blasted his ears from a range of two feet.

Mac generally slept on a Snoozee Dog blanket in our room. But as he got older, his trips upstairs at night grew less frequent. That made it all the more special when after a good day's rest, he would suddenly find the stamina to follow us, looking for company. We would hear him, slowly shuffling upstairs two or three steps at a time, sometimes finishing with a burst of half a dozen in his race to the finishing tape.

These were good times, when we felt that we had our wee boy back with us, and they gave us hope that the various medications, and his diet, were helping to make his later life a bit better and more comfortable for him.

Neptune the mystic

Inevitably and inexorably, these magical interludes grew less frequent, and more troubled. Sometimes he would fall back downstairs, while most other times he could not summon the effort to make the attempt. His pains grew worse, and he began to go off his food.

follow me down
to the valley below
you know
moonlight is bleeding
from out of your soul

Eventually, Mac stopped eating almost entirely, and couldn't even be hand fed. When it seemed that his life contained nothing but pain, we prepared ourselves to face the inevitable.

my David don't you worry
this cold world is not for you
so rest your head upon me
I have strength to carry you

Today we both held him, kept him calm and reassured, while our vet administered the sleeping jab. It was a very peaceful end. Then we cried. He had gone so quickly.

come to us
Lazarus
it's time for you to go

Tonight, we toasted the immortal memory of our little absent friend. Wee Mac was 16. Or to put it another way, he was 113.

He's been with us for all of our married life. He's been with us, ever since Linda and I have had our home together. We have always been three. But now, our identities have changed, we're no longer mummy and daddy. Now there's a ghost in every room, in the garden, in the back of the car. I glance over by the sofa, and for one instant, think I see him there again.

It's just a pair of slippers.

Headings inspired by "The Planets" by Gustav Holst
Words from "Lazarus" by Porcupine Tree written by Steven Wilson

Power Corrupts!

Updated Nov 26th 2009 to add: Today I'm an Independent, because today's Scottish National Party, financed by a homophobic religious fundamentalist, fails to convince me of its commitment to the separation of church and state - a commitment essential to the health and survival of our multicultural and multi-ethnic society.

"Imbeciles"

That's the heading provided by Charlie Stross in his rantlet against the Digital Economy Bill published this week. But whilst that bill is certainly something to get worked up about, and for a host of reasons, Charlie on this occasion very wisely puts his health first; links to Cory Doctorow's exposition of the latest Mandelson scandal; and asks others to step up.

Well, this time I did. Firstly, by joining - at last! - the flood towards the Open Rights Group, and setting up a direct debit to support them. And secondly, by picking out what I regard as the single worst infraction of human rights contained in these proposals, and writing a letter to my MP:

Dear John Mason,

We have been utterly shocked and dismayed, almost beyond our powers of expression and protest, by the recently revealed ultimate form and content of the Westminster government's Digital Economy bill.

Can you please assure us that the SNP regards Internet connection as a basic human right, as do a growing number of European nations (Finland, Spain); that the Party in the House of Commons, with the vocal support of the Scottish Government, will not tolerate, nor indeed contemplate, for any reason whatsoever, the degradation of service and/or disconnection of an entire family from the full range of vital services provided by the Internet; that in particular, such or similar sanctions should never be countenanced on the basis of a copyright infringement or related accusation, against any one family member; and finally, that the Party's resolve on this issue stands ready to challenge the relevant provisions of the bill through, and to the exhaustion of, all possible available avenues of blocking and appeal, both in the UK and in a European context.

We write to you as long time active members and supporters of the SNP, both as office bearers and as canvassers / leafleters, who have worked hard over many years to help bring the Party to its currently successful milieu. Throughout all those decades of campaigning, the one indispensable principle of our activism, from before the Poll Tax to free prescriptions on the NHS and beyond, has been the fundamental and special humanitarianism, the blessed sense of fairness, of the Scottish people.

There is much that is rotten, corrupt and foul in the provisions of Mandelson's bill, but Internet disconnection surely rates as the most pernicious and abhorrent suggestion, an affront to the sensibilities of our national psyche.

I trust that we can count on your support against the despicable measures being considered in this proposition.

Yours sincerely,

John M. Kerr
Linda M.G. Kerr

Political corruption knows no bounds, and is more than happy to form opportunistic coalitions with apathy, gullibility, stupidity and his dog. Peter Mandelson has perhaps the most impressive record of aggressive impropriety and power grabbing avarice, of any UK politician active today. In his most brilliant and terrifying piece of duplicity to date, he recently indicated that he'd be equally happy to work with a Conservative government.

He is immune to the intentions of an electorate that never did vote for him, and never would.

Mandelson was a serially unelected minister, originally without portfolio, and as we now see, without loyalty to any party, or visible principles of any kind. Yet he wields such power at Westminster, in the House of Lords, wholly because of the extreme weakness of this Labour government. Having been repeatedly forced to resign over this and that scandal, nevertheless he has managed to find, in Gordon Brown's dismal desperation, a way to insinuate himself back into the centre of UK politics and power, and once there, to coat himself with Teflon.

This is a time for protest, but this time, your vote alone won't cut it. We need a new wave of activists, ready to go into battle with pens and voices raised. Fit and willing to engage the enemy in a dirty fight for the survival of intellectual and creative freedom, yes, and for basic human decency. We need you!

Because I'll only be 50 for another day or two, and this rousing blog article is the third activist-y thing I've done today. Seriously, I need to lie down now.

Please join the Open Rights Group. We have to start somewhere.

Monday, 16 November 2009

On Education

Schools Of Horror

Little Nephew visited at the weekend, looking for help with his electrical studies. I was able to supply a few aides-mémoires, happily (read: phew! dodged a bullet there), which I hope might help to see him through the forthcoming trials.

The biggest assignment problem involved reconstructing a circuit from a written description. Daunted by the unaccustomed length of text, he'd made no attempt at this. My response was to read the question to him, one short phrase at a time, sequentially and without alteration, while he sketched each step on his notepad. Result: one error, which I'd guess translates to a mark of six from a possible seven. Mission accomplished, eh? And lesson learned: there's no reason to be intimidated by the question!

But then he showed me the solution provided by his teacher. This contained two errors.

Four of us enjoyed a communal eyerolling. Eww, those teachers, what are they like?! No big deal, they're under a lot of workload and other stresses, anyone can make a mistake, blah, blah...

Then my thoughts backed up to Guy Fawkes Night, 240 hours earlier, when we had visited Little Other Nephew to join in some fireworks fun. During conversation, his mother related the following catalogue of horror! How many non-conformance instances can you find in this account?

The school janitor had asked him, and some other pupils, to move some bricks from A to B. The said bricks were insanely dirty. Teacher could think of no way to clean up the kids. Instead, got each pupil to write a note to the parents, apologising for state of child's clothes. Teacher then extended each such note, to confirm pupil was (obviously) to blame, for having obeyed janitor.

Answers? Actually, we haven't yet reached the full horror of the tale. In the latter section of the note, written by the teacher to confirm the child's guilt, we find this:

"They know they should of stopped..."

Sic, as they say, who value their gift of grammar.

Wednesday, 11 November 2009

Agile SDL

Non-RSS readers might have noticed the title "Announcing SDL for Agile Development Methodologies" (by Bryan Sullivan of the MS-SDL team) float past in the "Blogs" sidebar yesterday.

The SDL structure presents a problem for Agile methodologies, simply by virtue of having been in development for so long; it's basically presented as a waterfall (or at best, a discrete and non-time-boxed iterative cycle) process, because that was the predominant mode of working in the early years of this millennium. In addition to this, the SDL was originally developed to support very large products, such as Windows itself, and Office; products with very long development cycles. Looked at from an Agile perspective, the SDL is enormous, monolithic, and chiseled out of Aberdeen granite.

Getting these two to play nice together was never going to be very easy.

As you might have expected, Microsoft has been working on this problem over the past year. Specifically, a cooperation of security professionals from the Online Services Security & Compliance team, Trustworthy Computing Security, and the SDL, have developed a process to solve the methodology mismatch. Their solution is incorporated into the latest release (4.1a) of the SDL Process Guidance document (1.1MB docx), starting on page 45, in a chapter creatively captioned "Security Development Lifecycle for Agile Development".

The key idea is to split the SDL requirements. With Agile cycles of a week or three being the norm, not all of the SDL requirements can be addressed in every sprint (to take Scrum as an example). The optimum compromise has been determined to comprise three categories of SDL requirement, and their related task sets:
  1. Every-Sprint - e.g. new feature thread modelling, web i/o sanitizing;
  2. Bucket - e.g. verification, design review, response planning tasks;
  3. One-Time - baseline threat model being the largest of these.
The source document goes into plenty of detail about these task sets, both in the Agile section and in the related appendices. To quote Bryan Sullivan,

We believe we’ve developed a process that is faithful to both Agile and to SDL, in which teams can innovate and react quickly to changing customer needs but in which the products they create are still more resilient to attack.

Download it here.

Friday, 6 November 2009

SIR (yes, SIR)

Security Intelligence Report

I know, because they told me, that one of the reasons certain of my colleagues don't blog, is that a "typical" entry would be along the lines of "Here's a link to something interesting." And that would be that.

I have times like that. While I normally stack them up until there's enough to compile a summary, like the "Security Digest" posts here and here, sometimes by contrast the backlog is too interesting to wait that long. A case in point is the Security Intelligence Report, Volume 7, published this week by Microsoft. Bryan Sullivan of the SDL group mentioned it on Wednesday,


for the purpose of drawing attention to one particular piece of analysis, namely the number of industry-wide reported vulnerabilities, as broken down by category: OS, browser, and application. A worthwhile graph (worth a thousand words at any rate) summarising these results can be seen here:


but I'd like to make a couple of additional comments on this.

App vulnerabilities show an incessant upward trend, with just two exceptions: 2H07, and 1H09. These isolated drops can be traced directly to significant events in the SDL roll out.
  • In the first case, 2H07: although the life cycle project was initiated internally at Microsoft by His Billness in 2002, there was a lengthy period of digestion and gestation (there I go again with the metaphor train wrecks), and in fact early 2007 was the tipping point for adoption by third parties. This is evidenced by the publication and/or update of numerous related MS resources. For example, the MS-SDL blog started that April, in response to "a lot of friendly pokes from customers, partners, colleagues, and competitors, asking us to say more about [the SDL] in an open forum". Realistically, 2H07 was the very earliest point at which these resources and materials could possibly have had any measurable effect on third party (vulnerability exploit) mitigations.
  • In the second case, 1H09: well what can I say, except - welcome to the new, improved, Team System... now with added SDL!
Secondly, whilst not visibly tracking the app security holes over any analytically useful window, the OS vulnerabilities nevertheless have shared the recent dip observed in the apps. Why? After all, app vulns are predominantly 3rd party, while OS vulns (at least in this study) are exclusively MS. Maybe MS simply made a better effort over the piece, to patch OS vulns asap?

Finally, take a close look at those browser vulnerabilities. Shunning the trend, these have risen once again. I've mentioned recently that this particular trend should be expected, simply as a consequence of the widely reported change of focus on the part of the exploiters. It does not take an Einstein, nor indeed a Schneier, to foresee a continuation in this area.

The full detail of the SIR can be read here:

Monday, 2 November 2009

Bruce Schneier in London

From the Open Rights Group blog:
Event with Bruce Schneier:

The Future of Privacy:
Rethinking Security Trade-offs.

We live in a unique time in our technological history. The cameras are ubiquitous, but we can still see them. ID checks are everywhere, but we still know they're going on. Computers inherently generate personal data, and everyone leaves an audit trail everywhere they go.

Bruce Schneier, internationally-renowned cryptographer, technologist and author, will share his vision of current and future technologies' effects on privacy. Schneier rejects the traditional "security vs. privacy" dichotomy in favor of a more subtle and realistic one.

Data is the pollution problem of the information age and we need to start thinking about how to deal with it.

When? Doors open at 1830, Friday 4 December 2009

Where? St Albans Centre, 18 Brooke St, London, London EC1N 7RD

Jim Killock, Executive Director of Open Rights Group, will chair the audience Q&A. Drinks will be available at the venue before and after the talk.

An audio and video recording will be made available after the event.

General admission tickets are already sold out ;-) so you'll have to join the ORG to attend. Extra bonus: join today for a free signed copy of Cory Doctorow's Little Brother!

Already a fan, I read Cory's Little Brother online soon after publication, but later shelled out for a signed copy to give to Little Nephew (yes, that's where he gets the name) last Christmas. When Little Niece asked to read it, he surprised me, not to mention stymied Cory's honourable Creative Commons licensing intentions, by charging her a quid for the privilege.

So wrong. In so many ways. And yet somehow: Attaboy!

Saturday, 31 October 2009

Hallowe'en

Fangs Ain't What They Was

Very few guising parties abroad tonight; we seem to be following America in stealing the Feast of All Souls away from the children, and using it for our own drunken revelry (I recently read somewhere that in Ohio, they have “Beggars’ Night” for the kids, a couple of days before Hallowe'en, "on the thinking that Halloween has been colonized by adults, who will have lots of drinks at their Halloween parties and then take to the road, not necessarily watching for tyke-sized ghosties and ghoulies out looking for treats").

Anyway, our lot were out upholding the best of the tradition, starting with Little Niece, who made her own mask. Good, eh?


Accompaniment was provided by the sundry niece and nephew corps. Note the intentionally uncorrected red eye, because - well, Hallowe'en, blood red eyeballs on stalks, what's the problem?


We adults took an extensive, active and exhausting role in the event.


I guess we made the mistake of over-imposing on Little Niece's excellent nature, because after posing without complaint, then cracking her tooth on one toffee apple, before selflessly donating another to her younger cousin (who found hers inedible), she finally gave up asking politely for the cameras to be taken out of her face, taking instead direct action.


At least we can still see the back of her; sadly, Little Nephew once again spent his entire Hallowe'en upstairs alone, stuffing all of his hard-earned pocket money into Steve Ballmer's wad.

That was October for you.

Photographs copyright © 2009 by Linda Kerr.

Friday, 30 October 2009

Observations on Observations

What The Hell Is Going On?

Last week, and in fact part of the week before, we saw the tenth anniversary of Canada's Premier Institute for Theoretical Physics celebrated with a festival: Quantum to Cosmos: Ideas for the Future. One fascinating discussion, picked up by New Scientist and widely disseminated, took place when a panel of leading physicists ran headlong into the question, "What keeps you awake at night?"


Topics in the above article include the anthropic principle; the continuous annihilation of dark matter; the nature of dark energy; emergent complexity; string theory; the holographic principle and the (cosmological) singularity; entanglement and the nature of observation; and rounding off all this, the limits of knowledge. For deeper coverage, the festival site has many video clips on a breathtaking array of subjects, in no way limited to the preceding list, and all available to watch here:


Disclaimer: the random musings that follow below are presented for amusement only, and have no connection with any person who knows what they're talking about. They're just three speculations with a slender common thread. Also, the Lottery references are to the UK National Lottery; lastly, and most importantly, there is a "u" in "colour".

Observing A System

Observers, and their universe. They observe it, don't they? Well in a way, but remember, what they actually observe is the universe that contains them; in other words, they're a part of what is being observed.

An observer can observe some small part of the universe. Another observer, for instance. Or even itself. It can be said to be observing the entirety of the universe, excepting itself - which is what I usually imagine whenever I hear the term "observer". Something outside the universe, looking in. Yet that's not really what we have here. Instead, we have a small part of the universe, observing another part of itself.

Isn't there a sense in which the spatial distinctions implied by that account are illusory? When particles are entangled, for example, they act in all respects like immediate neighbours, regardless of the distance between them. And all distances are measured over the full set of dimensions, not just three arbitrarily selected spatial ones. So, could an observer be considered as extending over multiple, seemingly disjoint and disconnected, regions of space-time?

What's an observation anyway? Just a collection of particle interactions? When I observe a sunset, electrons in my cells are receiving, or interacting with, photons that originated something over 92 million miles away. Seems to me that a single Feynman diagram should suffice to picture that situation.

Now, let's try to zoom in on the observer here. In doing so, we conceptualize ourselves as some kind of meta-observer, which seeks to reduce the sunset-beholder to its lowest terms. Those electrons in my body, the ones doing the interaction with the sun's photons, well they had certainly better be counted as comprising part of our observer. What about the atomic nuclei they associate with? Curiously, if you trace the paths of the neural signals from my retinae through to my visual cortex, you will be following electron-photon interactions, in combination with almost imperceptible gross movement of particular electrons, all the way down. The bulk of the atoms, the atomic nuclei, will play absolutely no part in the act of sunset observation, other than as a static scaffolding giving those electrons somewhere to be. Even then, it's only the outermost shell of electrons in a given atom, that play any part in this process.

Certainly at the other end of this interaction, the sun, we have a quite different process which is producing the photons in the first place. And yes, that end does in fact require some involvement on the part of the local atomic nuclei. But from that point onward, the observation event is just an electromagnetic dance, ending with certain chemical changes in my nervous system.

What makes this sequence of interactions so special? What characterizes an observation, what distinguishes it from any other situation in which photons are exchanged between electrons? Take any photon in transit from old sol. Quantum electrodynamics tells us that it can split quite spontaneously into a positron and an electron, which then recombine, eliminating each other and producing a photon. This might happen any number of times during its eight minute journey to Earth. Upon hitting the upper atmosphere, it may then find itself absorbed by one of the outer electrons of a gas atom, causing a transition to an excited state. Do any of these interactions of the photon qualify as an "observation"? If not, then how exactly do they differ from the case where that excitable electron was in my eyeball, or the middle of my head?

Much of this can be encapsulated in the thermodynamical concept of a system. When we seem to peer out at the world, observing it as we might, we treat it as one closed system - with ourselves outside of it. This works well enough for observation of everyday objects at a sensible scale, for example, the balls on a snooker table. As the system shrinks, it begins to pull me in, until I find myself trying to observe single photons, and discover that the only way I can do so is to absorb them entirely into my body. They have left the system, escaped from the experiment; or to put it another way, I have become, bodily, a part of it.

No surprise then, to discover certain corollaries to this, such as: it's impossible to measure anything without changing it. Imperceptibly perhaps, but in the end it's all just a matter of scale. A voltmeter draws a tiny current in order to operate; this current causes a corresponding drop in the voltage across the source's internal impedance, with the result that the displayed voltage is slightly different from the value prior to measurement.

Observation is interaction: all the way down.

Deal Or No Deal

One of my better high school teachers, in chemistry as it happens, had a pet theory about the symmetry of time. We are talking 1974 here, when such ideas were popular only with certain types of crackpot, and quite invisible elsewhere. One day a few of us stayed behind after class to ask him a question or two about electron orbits, and somehow we got sidetracked into this idea of his. Next thing we knew he'd produced a pack of playing cards, which he proceeded to shuffle, then demanded that I start predicting the colour, red or black, of each card as he turned it over.

I started off well. Can't remember the exact sequence, save for the fact that it had a long run of about half a dozen reds near the start, but I certainly got into double figures, somewhere between 12 and 16 cards, without getting a single guess (prediction?) incorrect. Aware of being watched by my friends, I called out every one of those colours with complete confidence.

Then I paused, saying aloud, something like "This is too freaky. I'm going to start getting them wrong now." And the next half dozen or so were indeed wrong, just as I predicted. After that, I stopped and refused to continue. For some reason unknown, I had become fearful of getting one guess incorrect!

At the age of 16 I had an undeniable desire to impress my peers, and I'm certain that had a lot to do with the outcome of our little experiment; and perhaps, with my sudden desire to stop before the first, inevitable, failure. But what are the chances of getting this sequence of results? That's an easy calculation: somewhere between 1 in 262,144 (assuming 12 cards in my first run, followed by 6 correctly predicted mismatches) and 1 in 4,194,304 (assuming 16 + 6).

Throughout the trial, I had the unmistakable feeling - consistent with my teacher's pet theory - that I was in some sense reaching a little into the very immediate future, and somehow capturing a "memory", which I would rather term a "conviction", of what colour the next card would turn out to be. The closer you are to an event in time, he reckoned, the easier it should be to "remember" - regardless of whether it's a past or a future event.

Scott Adams, he of Dilbert fame, has written about this at some length, although he frames it very differently. When he talks about affirmations, for example in The Dilbert Future (p. 246, also Appendix A), I detect the same as-yet poorly understood phenomenon, the tricking with time, the constant falling-through into particular possible futures. Recently, Noel Edmonds has made much capital of a poorly understood, mysticised and new-aged-up version of the same idea, awkwardly framed as half philosophy, half self-help guide.

Richard Feynman's Quantum Electrodynamics, The Strange Theory of Light and Matter, contains a lucid account of the summing-over-all-histories method of prediction. At any given point in space-time, a given quantum has a certain propensity to move to any other such point. A lot of these propensities cancel out; others are bunched up in a particular direction, and hey presto, if that's not just where the darned thing goes.

Propensity: might be a good term to use for the complex square root of a probability! Better than Amplitude, at any rate.

When the Lotto [UK] balls tumble on a Saturday night, all fourteen million possible outcomes are represented by such propensities. Is there any way to force these to "bunch up" in a particular direction, so that a predetermined set of six numbers comes out?

Actually the signs aren't all that good. Under some modern interpretations of quantum mechanics, all of these possible worlds cascade forward into actual existence. Picture fourteen million distinct new realities, complete new universes, splitting off in unknown dimensions from a common starting point, the Saturday night lottery machine. Each new universe contains a replica of me, and most of these - almost all of them, in fact - have not just won the lottery.

Would there be any visible, observable indications if this interpretation were incorrect? Maybe there is but one actual reality, after all. Maybe I can bunch up the fibres of propensity in my favour, perhaps by leaving lots of little notes lying around, notes whose existence, or whose observation, would make certain lottery outcomes much less likely than others?

Observation is interaction: all the way down.

The Digital Universe

The majority of physicists today, when they can be pressed to opine on the matter (and many refuse), appear to be of a consensus that our universe is a simulation. At least, that's my impression of that community, from what I've read, both in the popular science press, and here on the web. However there's so much material available on the subject, it would be fatuous to pick out one such reference to "prove" my assertion. So you'll just have to do your own research, and form your own impression.

True or not, academically popular or shunned, this has undeniably been a favourite theme of much science fiction since the first half of the 20th century, and a favourite subject of philosophers much further back than that. It's inevitably one of those possibilities that enters your head when wrestling with quantum mechanical concepts. But in either of those contexts, it can't be said to have any more validity than, say, extrapolating the model of the atom as a solar system, in an indefinite recursion, without paying heed to the many and fundamental differences and incompatibilities between the two pictures.

What brought it home to me, after more than 35 years of programming these wonderful little digital systems, was a development in Loop Quantum Gravity. Specifically, a proposal to measure the stretching out of the spectrum of light coming to us across billions of light years, to see whether the discrepancies between the red and the blue predicted by quantized space were actually present. And why should the universe be quantized? Maybe because it's nothing more than the state of a digital simulation!

It seems likely that if anything is quantized (the available energy levels of an electron, for instance), then everything will be, including space-time. And by that is obviously meant, the entire M-dimensional manifold of our being, whatever that value of M eventually turns out to be.

Now consider the digital system on which our simulation is running. From our experience of software development, our knowledge of mathematics, the availability and impossibility of various algorithms, and the success of the neural net approaches, we would probably admit that the system software of this universe is genetic in its nature and approach. And once again, when it's laid out like that, it becomes clear. Of course nature uses genetic algorithms, where else would our brains - products of these methods - have picked up the idea?

Now, can we divine any information about who might be running this simulation? If the general argument is valid, making it vanishingly unlikely that we are not such a phenomenon, then it can be applied recursively to establish that we are "almost certainly" a simulation being run by a simulation, much as recent Sims games have your little creations running their own Sims. And so on, ad absurdum.

Actually there are several ways out of this reductio, each more fascinating than the next; see Paul Davies's Goldilocks Enigma for a full treatment.

At first glance, there doesn't seem to be much that we can infer about any of those higher levels, just from looking at this great universe of ours. However, if we assume that we are a simulation with a purpose, then it becomes likely (or at the very least, rational to assume) that we are observed. Shouldn't there be implications for our ability to detect such acts of observation?

Observation is interaction: all the way down.

And Finally: How It All Fits Together

Erm... on second thoughts actually, details are left as an exercise for the reader. Don't say I'm not good to you.

Corrections

Stop!

Listen up, people:

Take Me With U, not Let's Go Crazy.
Say Hello Wave Goodbye, not Tainted Love.
Northern Lights, not Harry Potter.
Prokofiev, not Rachmaninoff.
Arthur Schopenhauer, not Immanuel Kant.
Pie, not cake.

Okay, carry on.

Sunday, 25 October 2009

Dog Biscuit's Trading Pages

Sorry For Any Delay

Each year about this time, I get an email from someone asking me kindly to reinstate one of my old websites; a plea that's remained unanswered before, due to my being busy with other things. Shame on me. But I'll miss that message this year; it will be bounced back to sender (we've dropped Virgin Media, losing old early adopter mailboxes like 'j.kerr' and 'yesman', in favour of Sky Broadband's unique, truly unlimited offering).

The website in question, Dog Biscuit's Yes & Led Zeppelin Trading Pages, grew, between its 1990s origins and the subsequent demise of mass CDR trading (at the hands of BitTorrent) around 2005, to become the world's fourth biggest CDR trading site for bootleg recordings (aka ROIOs: Recordings Of Indeterminate Origin) of the progressive rock band Yes - behind the similar efforts of France's Yann Clochec, Holland's Ruud Ermers, and Germany's Matthias Müller (Matze's Yesshows).

I've reinstated it here: http://jmkerr.com/db.

My Yes collection contained some 600-odd recordings, while those 3 other sites all had twice or three times that. The popularity of Dog Biscuit's Pages was as a resource for other collectors. It contains artwork links for all recordings where available, and a handy print utility for these; is searchable by artist/tour, song, keywords (date, venue, recording title, catalog number), media type, source and grade; and displays search results in five different formats, depending on the task in hand.

Thought I'd write a little about it here, as someone recently noticed this blog, "My Code Here", actually contains thus far, not one binary digit's worth of my code.

The main site is distinctly Web-1.0. All of the corners are sharp. It has a quaint, naked click counter. There are no Frames, no IFrames, no Tables, and minimal CSS which is only used to provide printer-friendly output. Everything is done with JavaScript, for two reasons: primarily because this was a learning exercise in that language, and also because its original home was a paltry 50MB of free hosting space, with no server database support.

Basically, the site functions by downloading to the browser its entire database, which is embedded in highly compressed, manually maintained, .js script files. Once there, your page or search parameters control the building of that content into HTML. Here is a sample db entry, expressed as a function call:
add('Yes', '1968', '1966-73', '', "Moments", '1CD', 'VAR', "'B-' to 'A'", '7148/10001', 'MomentsEarly',
"[RS] (BBC, 1973-11-01), [BAB|IOYAM|J] (Mabel Greer's Toy Shop, BBC 1968), [DF|BAB|FORE] (BBC 1969-70), [DF|ER|ISY] (Live in Sheffield, 1969-12-21), [WTP] (Larry Smith single, featuring Chris Squire, Tony Kaye; 1970).",
'',
A1 + 'momentsf.jpg">Front ' + A1 + 'momentsb.jpg">Back')
Once processed into HTML, expanded and rendered, this example comes out like this:

1966-73 "Moments" (1CD) Various Sources 'B-' to 'A'

The Revealing Science Of God (Dance Of The Dawn) (BBC, 1973-11-01), Beyond And Before, Images Of You And Me, Jeanetta (Mabel Greer's Toy Shop, BBC 1968), Dear Father, Beyond And Before, For Everyone (BBC 1969-70), Dear Father, Eleanor Rigby, I See You (Live in Sheffield, 1969-12-21), Witchi-Tai-Po (Larry Smith single, featuring Chris Squire, Tony Kaye; 1970).


The script also does a few other things. It alternates the thumbnail alignment on the page, to give both a pleasing layout and an economy of real estate. It also adds mouseover hints, visible in all browsers that support these. Finally, when a recording is awarded a grade of A+, it slaps on a cheerfully yellow The Dog's Bollocks sticker, modelled above.

There exists a parallel, static site, comprising one page per artist/tour; this is what you will see if you browse to jmkerr.com/db with scripting disabled. To ensure these pages are kept current, they are autogenerated periodically using a further JavaScript program, embedded in the page generate.htm. If you want to look at that code, be warned that it's full of ActiveX (for local disk access), so IE-equipped is forearmed.

The addition of Led Zeppelin and other artists was a half-arsed attempt to ensure the code remained scalable. That's impossible of course, given the highly unconventional data access design. But in the pre-AJAX ecosphere, this little site did a perfectly acceptable job of maintaining a typical boot collection, and providing useful reference resources to other collectors.

Monday, 19 October 2009

Dear Charlotte (Part 2 of 2)

What He Said:

http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/music/cd_reviews/article6874885.ece

Great to see Charlotte Hatherley's new album being chosen as CD Of The Week in the Sunday Times Culture magazine. From the article by Dan Cairns, three excerpts:

There are seven primary and five secondary notes in western music...

What [Charlotte] should really be cherished for is her trio of solo albums, of which New Worlds is the third and best...

...these are sensational songs, from an artist who remains bafflingly overlooked, but continues to dive into that tiny pool and come up bearing pearls.


That puts it so much better than I ever could, so I won't. Save to express the hope that the epithet, "bafflingly overlooked", which has already been applied to Charlotte many times, will begin to work its magic this year.

Just over a year ago one of my favourite bands, the Criminally Neglected Elbow, won a Mercury prize, and immediately began enjoying great success as simply Elbow.

Sadly the same effect doesn't seem to be working this season for my SPL team, Hamilton Academicals Nil.

To your great relief, my planned discourse on the theory and nature of progressive music has been dropped, however temporarily, in favour of simply asking you to click through and glance over Dan's article, above. It's almost enough to forgive him this howler, from his extensive Fleetwood Mac article in the same issue:

Not that things don’t remain unsaid: this is Fleetwood Mac, after all.

Seriously, who needs three negatives?

Tuesday, 13 October 2009

A Cross-Domain Conversation

RIA Security Flash!

Adobe Senior Security Researcher Peleus Uhley recently wrote a Microsoft BlueHat blog guest post, on the subject of web sites' permissions for cross-domain access, and some security issues with these arrangements:

http://blogs.technet.com/bluehat/archive/2009/10/06/collaborating-on-ria-security.aspx

It's interesting to see how security considerations encourage companies such as Adobe and Microsoft to work together. The MS BlueHat Conference Series in particular now has a history of "building bridges" between their developers and executives, key security program partners, and members of the security research community.

Peleus gives multiple examples of threats, based on a vulnerability introduced by cross-domain XMLHttpRequest. More generally, the gotcha to look out for is the transitivity of cross-domain permissions. Commenting on this research in the MS-SDL blog, Bryan Sullivan puts it like this:

If site A grants privileges to site B, and site B grants privileges to site C, then site A is implicitly and perhaps unknowingly granting privileges to site C.

So, let's assume I've provided cross-domain XMLHttpRequest Level 2 (XHR2) permissions, for MySite, to YourSite. Let's also say YourSite serves interactive third-party SWF advertisements, provided with JavaScript access via the allowScriptAccess parameter. Then we have this situation:

[AdSite] -> [YourSite] -> [MySite]

Obviously I never intended to give AdSite's advertisements access to MySite, but that's exactly what I've done! As Peleus notes, this is the vulnerability recently exploited by the Renren worm.

Bryan goes into some detail about the history of these issues and their mitigation, also linking to one of his earlier (April 2008) articles, provocatively titled Cross-domain XHR will destroy the internet. Try not clicking on that!

Peleus concludes his BlueHat article, "Combining research makes it easier to communicate common risks with deploying RIA technologies." The next BlueHat conference, "Microsoft BlueHat Security Briefings: Fall 2009 Sessions", is being held next week:

BlueHat v9 will again bring leading external security researchers to campus to present timely and lively presentations that showcase ongoing research, state-of-the-art hacking tools and techniques, and emergency security threats. Our main themes for BlueHat v9 will be around e-crime attacks, the exploit economy, the global threat landscape, online services, security in the Cloud, mobile (in)security, and cool tools and mitigations.

BlueHat v9: Through the Looking Glass, October 22-23 at the Microsoft corporate headquarters