lightning
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lightning] Dijkstra's Methodology for Secure Systems Development


From: Ian Grant
Subject: Re: [Lightning] Dijkstra's Methodology for Secure Systems Development
Date: Fri, 19 Sep 2014 19:17:04 -0400

 Hi Panicz,

What country do you live in at the moment? I ask because it makes a
difference sometimes to know someone's background. I live in Bolivia.
I am stateless, i.e. an illegal alien, and because of that have no
source of income. I live on money borrowed from friends and family. My
material possessions are a 3 yr old eepc, a sleeping bag, 2 pairs of
pants, four shirts, a fleece jacket, and that's it. I stink because I
don't care what people really think of me, and I just need to get this
job done. My teeth are rotting and falling out. That money is running
out. When it runs out, I will be incommunicado, so I am making the
most of the available bandwidth, shall we say.

Here's my blog. As you suspected, essentially no-one looks at it,
according to the stats. But I don't actually understand them, to tell
you the truth. It says there have been 600 pageviews in total (in two
years!), but then, it only details 10 % of them ... I don't know how
it works.

   http://livelogic.blogspot.com/

Thanks for reading the thunder thing. You are the first person who has
actually admitted, explicitly, to having done that! You obviously
don't worry what people with about you as a result. Good!

The reason I am posting a lot of people, and agitating like this, is
that I have been writing and publishing as you suggest, for over three
years now, and as you guessed, I have been largely ignored. I wrote
8,500 lines of Standard ML code the year before last to demonstrate
the ideas, and they are here:

   https://code.google.com/p/metaprogramming/

There are uses of ML functors and signatures there that I doubt you
will see in any book on Standard ML. Tell me if you do, I'd love to
know wrote it!

I used to be a sys-admin at Cambridge University. I was sys-admin
DAMTP, the dept. of applied maths and theoretical physics. Then later
I was at the Computer Laboratory. I worked at the University for
fifteen years or so. I installed a part of the front-line
authentication infrastructure at cl.cam.ac.uk, and Markus told me a
few weeks ago that the head sys-admin still does not want to touch
what I did, even though the protocols are outdated and the system now
sub-standard. That is a bit worrying, because it can only be because
they don't understand what I did, and that is not a clever position to
leave yourself in: after five years, wouldn't you think they could do
something about that? I also did stupid things, like maintaining
special Linux kernels in the days when Red Hat kernel source RPMs
routinely applied 100+ patches. I used to spend a week or two messing
about with them to integrate the pre-release NFS V5 patches. That's
how I know about how hard it is to integrate kernel patches from
disparate sources. And it's also how I know that it's just completely
fucking impossible to secure a distribution kernel. (The 'vanilla
kernel is probably a different matter, the problem with a kernel with
100 separate patches is that you just can't get any idea AT ALL what
they do when combined. No chance. Maybe Linus and/or Theo will concur?

So I spent fifteen doing sys-admin in a high-profile computer science
research department. At that site they do work for the NSA and GCHQ,
and they had, I was told, the source code for Microsoft Windows, for
example. So there is plenty of motive for various parties to attack
them.

I also taught functional programming and discrete maths and logic and
proof to undergraduates. I did that for over five years. I enjoyed
that work far more.

I worked with the automated reasoning group mostly, and theorists.
Robin Milner was there until he died tragically a year or so after I
left Cambridge for Bolivia. I am a friend of Markus Kuhn, Larry
Paulson, Mike Gordon, Glynn Winskel and Anuj Dewar at Cambridge,
amongst others.  You can email any of them and ask for a personal
reference if you like. They will surely say I am insane, for sure, but
I doubt any of them will able to tell you what is wrong with what I
have written, either here or in the documents  genesis and proofreps2
on the metaprogramming site.

I know a bit about commercial s/w development too. When I was 20 - 22
yrs old I was a contract Software Engineer at IBM UK, Hursley Labs.
Before that I worked for British Telecom, also as a software engineer.
And I did various work after that on 'office automation' type systems,
mainly for companies owned or employing a venture capital 'groupie'
who was a friend of mine.

My other major achievement is that I was a guile developer back in
1999. I wrote guile-pg, which ttn has let fall to bit-rot! Shame on
him! But after maintaining it for over a decade, I can't blame him for
getting bored.

There's lots more I could say, but I'll leave you to make your
judgement of what are my motives for agitating like this. Imagine you
knew, 100% for sure, that the FSF had been totally subverted and as a
consequence all free software, and also all commercial software had
been deeply compromised. Just like the software equivalent of Day X in
the movie "Salt," did you see that?

I'll tell you what you would do: you wouldn't care if you turned out
top be wrong, or if no-one listened to you, you would just ignore them
and carry on screaming "fire" until someone takes you seriously,
because while there's the slightest chance someone will listen to you,
there's chance that we will be able to rescue something from the
wreckage.

So at least you see that you are going to have to make a hell of a lot
stronger case than you have so far done if you want me to stop doing
this. Do you understand now?

Ian


On Fri, Sep 19, 2014 at 6:22 PM, Panicz Maciej Godek
<address@hidden> wrote:
> Hi.
> I've observed that some time ago you started sending tons of revolutionary
> ideas regarding the way the software should be written, and crtiticising the
> current practices.
>
> I am not in the position to refer to those ideas, because I didn't manage to
> comprehend them fully (although I am trying to figure out what is the
> "system F" that you mentioned in your "thunder" essay).
>
> I also made three other observations: firstly, that you are pointing out
> significant vulnerabilities of the GNU project as a whole; secondly -- that
> not every addressee wishes to become acquainted your thoughts, and lastly,
> that if someone dares to criticise you, you're often getting impolite.
>
> With regard to those observations, I can offer three suggestions. The first
> one concerns software security and the odds of the aforementioned "Thompson
> virus". As you pointed out, we cannot guarantee that there is no back door
> in every GNU system installation, but I think that even if we apply your
> methods, we won't be able to do so. Simply because (as some of the
> participants of the discussion noted) the back doors can be implemented in
> the hardware, not in the software, and you will never be able to guarantee
> that no one is able to access your system. So why should we bother? If there
> are some people accessing my files, why should I feel unfomfortable with
> that? Why can't I trust that someome with such great power isn't going to be
> mean and evil? (There's already so many things that I can't control. I can't
> know for sure that I'm not going to die tomorrow, but I think that being
> worried about that wouldn't make that last day of mine any better)
>
> The second suggestion is that perhaps instead of sending all those letters
> to some news groups, you should start a blog?
>
> That way, you could watch the statistics and tell how many people are
> actually interested in your concerns, and you could present your ideas in a
> more coherent and systematic way. And people who didn't subscribe to Ian
> Grant newsletter would have been receiving a few unwanted e-mails less per
> week.
>
> When it comes to the third question, please remember that other people have
> their own issues, and may see no reason to consider your concerns more
> important than theirs. When you're announcing that "there's no need to hook
> guile to gdb, because if we rewrote all software with proper methodology,
> there'd be no bugs", you seem to ignore the existing code base and common
> practices. Of course if you can present a universal way of creating good
> software, then I'm all ears, but so far I haven't seen such presentation (or
> it might have drowned in the flood of your other thoughts and discussions)
>
> I wish you all best with your endeavour.
> M.
>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]