On “Reflections on Trusting Trust”

In 1984, Ken Thompson wrote “Reflections on Trusting Trust”, and it is still valid today.

All students writing anything higher level than machine code (does anyone still do that?) should have an appreciation of what goes on at various points in the toolchain, and how it can be exploited at each of those levels.

The article can be read here and is also has some refelections on Open Source to consider.

Obfuscation can happen at many levels and nobody’s commits should be taken at face value – only vigilance in code reviews will keep everyone honest.

Oh, and apparently he implemented it, but never distributed the compiler.

A short video

For those of you wondering what FOSDEM is all about, here’s a short video that explains a little…

It’s a relaxing look back at what was a very hectic conference for me, so it is interesting to get a different view.

Oh and Aber Comp Sci students feature in it too…

Arduino Pong Clock

I am currently enjoying building interesting electronic clocks. I’ve built a couple of nixie clocks from kits, but I came across an Arduino project on make magazine blog. It linked to Nick’s LED Pong clock so I ordered the bits and built it in a couple of hours on Sunday afternoon. I bought a different real time clock module to the one that Nick used, mine came from Blue Smoke Labs and is a very neat little module.

So when I got it up and running I decided to put my own twist on it and started playing with the code a bit. First I added lowercase letters to the font and altered the character drawing routine to accommodate them. Next I added some space invader characters to the font and played around with adding a couple of animations to scroll them across the screen. Thirdly I thought that I’d try to replicate some of the functionality that I have on the nixie clocks and add a nighttime mode that allows the clock to dim between certain hours.

These changes took me a few hours, and tidying up the bits of code things stopped working – especially the button press routines, so I fiddled with the code for a while and before I knew it it was 3am, and I decided that I wasn’t going to fix it so went to bed.

Tonight I came in and methodically worked through my additions and within half an hour I had worked out what the problem was which had been staring me in the face for two hours the night before and had fixed it. Just goes to show what a night’s sleep can do.

Anyhow, a little video of it working showing the lowercase and space invaders follows, still more work to do on the invaders mode and I want to add a scrolling text mode and add some way of setting preferences and storing them in eeprom…lots of ideas.

Farewell del.icio.us you were truly great

Looks like Yahoo is closing down del.icio.us I just exported my bookmarks, but that means that I’ll have them on one machine but not the others, and keeping the several machines I use on a regular basis will be more of a pain.

Anyhow it looks like there are a few alternatives out there that I’ll have to investigate which give me something else to do over the holiday.

Is it really going to save a huge amount of money for Yahoo, compared to the pain that it’ll cause the users and the bad publicity for them. I’ve already heard that several people ruminating about the long term future for flickr – I’ll not be buying a flickr pro account in the near future.

Warren Ellis has some more on the story.

Possible backdoors in NetBSD IPSEC stack?

I just picked this up from a friend at the FSFE.

Apparently, someone who was working with the FBI a few years ago alleges that he came across information regarding backdoors that had been inserted into the IPSEC stack.

I know, that this is technical but it comes down to the fact that the FBI can snoop on “secure communications” that are encrypted using the NetBSD IPSEC stack. Now is the time for a code review, especially as it appears that the FBI have apparently been pushing use of the allegedly backdoored stack for firewalls and VPN tunnels.

The email that details this is linked below:
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

I do like the “Merry Christmas” at the end.

Google Instant Blacklist

So you’ve used google instant right?

What happens if you accidentally type in something that might return some “dodgy” results? Well, good old google will protect you from yourself through its blacklist.

You can still get the full results by pressing return in the search box, so make sure that you press return if you want all those results.

And for a full list of words on the blacklist, pop over to 2600.com…
http://www.2600.com/googleblacklist/

Spam filtering, and how not to do it.

Alun is not having a very fun time with secureserver.net and from the sounds of their technical support staff, they’re secure through a certain amount of incompetence.

I’m sure that you will enjoy reading the exploits of a sys-admin at a UK university, so here’s the link secureserver spam blog entry

Oh, and this counts as a little assistance in getting pushed up the google search rankings