Profile

Cover photo
Simon Howard
125 followers|61,865 views
AboutPostsPhotosVideosReviews

Stream

Simon Howard

Shared publicly  - 
 
Apple's SSL bug, which is being called "#gotofail" on social networking sites. 

The interesting thing is the number of ways that this could have been prevented:

* Unit tests (presumably don't exist)
* Compiler warnings (presumably turned off)
* Static analysis (presumably not used)
* Coding style guidelines that forbid the use of goto
* Coding style guidelines mandating { } braces for every block

I've seen people arguing about which of these is the best solution, but the point is that you should do all of these things. Apple used none. Just like when building a nuclear reactor, no one technique can keep you perfectly safe when programming. Defence in depth is the best approach, especially if you're doing something as perilous as writing a crypto library.
5
Simon Howard's profile photo
 
Snarky language design addendum: other languages that wouldn't have been vulnerable include Perl (mandates braces for blocks), Python (because of its whitespace indentation) and Go (if you use gofmt to reformat your code).
Add a comment...

Simon Howard

Shared publicly  - 
 
 
Chocolate Doom v2.0.0 has been released, in time to celebrate Doom's 20th anniversary tomorrow! Download and try it out. This new major version adds support for three other Doom engine based games: Heretic, Hexen and Strife!
4
Add a comment...

Simon Howard

Shared publicly  - 
 
 
The second beta of Chocolate Doom v2 has now been released. This fixes a number of bugs but there are probably still some hiding in there. Please help find them!
3
1
Jonathan Lange's profile photo
Add a comment...

Simon Howard

Shared publicly  - 
 
 
The first beta of Chocolate doom version 2 has been released. Please check it out and report any bugs that you encounter!
4
Jamie Bainbridge's profile photoSimon Howard's profile photo
3 comments
 
James is the best then :P
Add a comment...

Simon Howard

Shared publicly  - 
 
Interesting video from the '80s showing the design of the Canon Cat. In some ways computing is so stuck in the status quo that we don't stop to consider the fundamentals. Watching this makes me wish my keyboard had Leap Keys :-)
1
Julian Phillips's profile photo
 
If you named the leap keys "meta" and "footpedal" you'd have emacs ... ;)
Add a comment...
In his circles
143 people
Have him in circles
125 people
Stuart Taylor's profile photo
Ginger Liz's profile photo
Jane Howard's profile photo
Profmth Mitch's profile photo
Gemma Davis's profile photo

Simon Howard

Shared publicly  - 
 
This year's Cacowards are finally out! It's great to see Espi remembered in the form of a lifetime achievement award, and it's hard to think of another person more deserving to be its first recipient.
5
1
Jamie Bainbridge's profile photoBrett Harrell's profile photoJason Young's profile photo
2 comments
 
This was a good aniversary
Add a comment...

Simon Howard

Shared publicly  - 
 
Exploits against IPMI. I'm not surprised in the slightest. IPMI makes for a tempting, juicy target - what more can you ask for than console access to a machine? My own experience programming against IPMI was that the BMCs are poorly implemented and often fail to conform to the long, over-engineered spec.

There's a deeper problem here with "firmware"-level code like this. Often it's written by hardware engineers who are out of their depth and just want to get something working. I've worked with hardware engineers in the past and seen software sometimes treated as "the easy part": as Feynman once said, when you work outside your field you don't take it seriously.

The software world has spent ~20 years now (since the Morris worm) learning the importance of security, and knowledge of common classes of vulnerabilities is now pretty widespread. These are things that most hardware engineers almost certainly know nothing about and that any low-level software engineers writing firmware have never had to deal with until recently.

On a side note: with all the discussion about #badBIOS , one of the interesting things that I noticed that while there was lots of discussion over whether it was real or not, nobody ever doubted it was feasible.
1
Add a comment...

Simon Howard

Shared publicly  - 
 
Finally got round to finishing my write-up of my experience of implementing Lisp in a weekend.
2
Add a comment...

Simon Howard

Shared publicly  - 
 
It's fascinating to see old hardware from a few years before my time: I experienced line printers (though not terminals) in my early day days of programming. This video shows the somewhat-legendary Altair 8800 being booted up.
1
1
Ginger Liz's profile photo
Add a comment...

Simon Howard

Shared publicly  - 
 
 
I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction.   To quote from the article below:

"By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors...."

Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea.
1
Add a comment...
People
In his circles
143 people
Have him in circles
125 people
Stuart Taylor's profile photo
Ginger Liz's profile photo
Jane Howard's profile photo
Profmth Mitch's profile photo
Gemma Davis's profile photo
Basic Information
Gender
Male
Story
Tagline
‮I like the Unicode right-to-left override character.
Introduction
I am the correct Simon! You have found me!
Links
Don't get your photos done here. I needed to get some passport photos done, with slightly different specifications for a foreign passport. The employee doing the photos was incredibly difficult, unfriendly and impersonable. This didn't bother me as long as he did a good job; unfortunately he refused to listen to what I said, got it wrong and then swore, was rude and verbally abusive when I explained his mistake. The manager gave me a $25 gift card but this doesn't make up for the hour of my time that was wasted. It didn't seem like he particularly cared about his grossly incompetent, rude staff either. If you want your photos done by competent professionals, go to Walgreens across the street, who were nothing but kind, pleasant and helpful.
• • •
Public - in the last week
reviewed in the last week
Can be summarized in one word: Incompetent. Sent the wrong item, called up and complained, half an hour later the same wrong item arrived again.
Public - a month ago
reviewed a month ago
Probably some of the best burgers in London.
Food: ExcellentDecor: GoodService: Excellent
Public - a year ago
reviewed a year ago
Very friendly staff, the menus are available in English if you ask. The food is probably the best Chinese food that I have had in a long time. Very impressed!
Public - 2 years ago
reviewed 2 years ago
6 reviews
Map
Map
Map
Staff here are incredibly rude - avoid.
Public - a year ago
reviewed a year ago
Literally the worst croissants I have ever tasted. I stopped here to get some breakfast, expecting that despite the higher price I would at least get something tasty. Instead, the opposite was true. It was dry and overcooked, and contained so much butter that it was almost impossible to eat. Indeed, I was unable to eat the entire thing. Thinking it might have been a one-off I stopped by a week later with the same result. Don't be fooled by the higher price and the upmarket decor - these people have no idea how to make food.
• • •
Public - 2 years ago
reviewed 2 years ago