From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ian Grant Newsgroups: gmane.comp.gnu.lightning.general,gmane.lisp.guile.devel Subject: Re: Dijkstra's Methodology for Secure Systems Development Date: Fri, 19 Sep 2014 19:17:04 -0400 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1411168645 28916 80.91.229.3 (19 Sep 2014 23:17:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 19 Sep 2014 23:17:25 +0000 (UTC) Cc: lightning , guile-devel To: Panicz Maciej Godek , Markus Kuhn , Theo deRaadt , Linus Torvalds , Richard Stallman , Vaughan Pratt , schellr Original-X-From: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Sat Sep 20 01:17:19 2014 Return-path: Envelope-to: gcglg-lightning@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XV7QU-0005UC-94 for gcglg-lightning@m.gmane.org; Sat, 20 Sep 2014 01:17:18 +0200 Original-Received: from localhost ([::1]:32803 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XV7QT-0006x2-Rs for gcglg-lightning@m.gmane.org; Fri, 19 Sep 2014 19:17:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41377) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XV7QO-0006tp-Mm for lightning-mXXj517/zsQ@public.gmane.org; Fri, 19 Sep 2014 19:17:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XV7QM-0005si-TX for lightning-mXXj517/zsQ@public.gmane.org; Fri, 19 Sep 2014 19:17:12 -0400 Original-Received: from mail-wg0-x22e.google.com ([2a00:1450:400c:c00::22e]:49173) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XV7QM-0005rI-Iv; Fri, 19 Sep 2014 19:17:10 -0400 Original-Received: by mail-wg0-f46.google.com with SMTP id a1so371228wgh.17 for ; Fri, 19 Sep 2014 16:17:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kS2PrSbYTLL0u5t9dv3cLTIm19UVWqVDGwT8BGpFdPE=; b=YsJSAimdFIUWCbBySYjjL/dVaVu2/eGHkI3BDqXiLWffkmka7xt6pil4XLheesDCqC iuGv6nx+o7O050Qsoe+lDADParh7S+DnguMuyhAv/nPiFfw3BT+G1JDjKe5KGEOVrdle KiIuKE5ggHFwNStzU7Z0uKPi4PvcuOcnbcL/FDGPSOPiT+xqgoed7mMkHHLlGKuwSYfo /ojxj75PTSrblZW2/6sEcwpux465GMEJQvRlwTDptIdZWnW1mhF003GuI4Z+9mi36YH8 Mr+FzL1eaKp+10jRp9ahfZ0nAV19MQpDXyMJm2cfiJbUxLmFsnkZMOYXa7Qr2Gs/dL6h KRHg== X-Received: by 10.180.184.40 with SMTP id er8mr59005216wic.31.1411168624527; Fri, 19 Sep 2014 16:17:04 -0700 (PDT) Original-Received: by 10.194.81.194 with HTTP; Fri, 19 Sep 2014 16:17:04 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c00::22e X-BeenThere: lightning-mXXj517/zsQ@public.gmane.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Original-Sender: lightning-bounces+gcglg-lightning=m.gmane.org-mXXj517/zsQ@public.gmane.org Xref: news.gmane.org gmane.comp.gnu.lightning.general:597 gmane.lisp.guile.devel:17491 Archived-At: Hi Panicz, What country do you live in at the moment? I ask because it makes a difference sometimes to know someone's background. I live in Bolivia. I am stateless, i.e. an illegal alien, and because of that have no source of income. I live on money borrowed from friends and family. My material possessions are a 3 yr old eepc, a sleeping bag, 2 pairs of pants, four shirts, a fleece jacket, and that's it. I stink because I don't care what people really think of me, and I just need to get this job done. My teeth are rotting and falling out. That money is running out. When it runs out, I will be incommunicado, so I am making the most of the available bandwidth, shall we say. Here's my blog. As you suspected, essentially no-one looks at it, according to the stats. But I don't actually understand them, to tell you the truth. It says there have been 600 pageviews in total (in two years!), but then, it only details 10 % of them ... I don't know how it works. http://livelogic.blogspot.com/ Thanks for reading the thunder thing. You are the first person who has actually admitted, explicitly, to having done that! You obviously don't worry what people with about you as a result. Good! The reason I am posting a lot of people, and agitating like this, is that I have been writing and publishing as you suggest, for over three years now, and as you guessed, I have been largely ignored. I wrote 8,500 lines of Standard ML code the year before last to demonstrate the ideas, and they are here: https://code.google.com/p/metaprogramming/ There are uses of ML functors and signatures there that I doubt you will see in any book on Standard ML. Tell me if you do, I'd love to know wrote it! I used to be a sys-admin at Cambridge University. I was sys-admin DAMTP, the dept. of applied maths and theoretical physics. Then later I was at the Computer Laboratory. I worked at the University for fifteen years or so. I installed a part of the front-line authentication infrastructure at cl.cam.ac.uk, and Markus told me a few weeks ago that the head sys-admin still does not want to touch what I did, even though the protocols are outdated and the system now sub-standard. That is a bit worrying, because it can only be because they don't understand what I did, and that is not a clever position to leave yourself in: after five years, wouldn't you think they could do something about that? I also did stupid things, like maintaining special Linux kernels in the days when Red Hat kernel source RPMs routinely applied 100+ patches. I used to spend a week or two messing about with them to integrate the pre-release NFS V5 patches. That's how I know about how hard it is to integrate kernel patches from disparate sources. And it's also how I know that it's just completely fucking impossible to secure a distribution kernel. (The 'vanilla kernel is probably a different matter, the problem with a kernel with 100 separate patches is that you just can't get any idea AT ALL what they do when combined. No chance. Maybe Linus and/or Theo will concur? So I spent fifteen doing sys-admin in a high-profile computer science research department. At that site they do work for the NSA and GCHQ, and they had, I was told, the source code for Microsoft Windows, for example. So there is plenty of motive for various parties to attack them. I also taught functional programming and discrete maths and logic and proof to undergraduates. I did that for over five years. I enjoyed that work far more. I worked with the automated reasoning group mostly, and theorists. Robin Milner was there until he died tragically a year or so after I left Cambridge for Bolivia. I am a friend of Markus Kuhn, Larry Paulson, Mike Gordon, Glynn Winskel and Anuj Dewar at Cambridge, amongst others. You can email any of them and ask for a personal reference if you like. They will surely say I am insane, for sure, but I doubt any of them will able to tell you what is wrong with what I have written, either here or in the documents genesis and proofreps2 on the metaprogramming site. I know a bit about commercial s/w development too. When I was 20 - 22 yrs old I was a contract Software Engineer at IBM UK, Hursley Labs. Before that I worked for British Telecom, also as a software engineer. And I did various work after that on 'office automation' type systems, mainly for companies owned or employing a venture capital 'groupie' who was a friend of mine. My other major achievement is that I was a guile developer back in 1999. I wrote guile-pg, which ttn has let fall to bit-rot! Shame on him! But after maintaining it for over a decade, I can't blame him for getting bored. There's lots more I could say, but I'll leave you to make your judgement of what are my motives for agitating like this. Imagine you knew, 100% for sure, that the FSF had been totally subverted and as a consequence all free software, and also all commercial software had been deeply compromised. Just like the software equivalent of Day X in the movie "Salt," did you see that? I'll tell you what you would do: you wouldn't care if you turned out top be wrong, or if no-one listened to you, you would just ignore them and carry on screaming "fire" until someone takes you seriously, because while there's the slightest chance someone will listen to you, there's chance that we will be able to rescue something from the wreckage. So at least you see that you are going to have to make a hell of a lot stronger case than you have so far done if you want me to stop doing this. Do you understand now? Ian On Fri, Sep 19, 2014 at 6:22 PM, Panicz Maciej Godek wrote: > Hi. > I've observed that some time ago you started sending tons of revolutionary > ideas regarding the way the software should be written, and crtiticising the > current practices. > > I am not in the position to refer to those ideas, because I didn't manage to > comprehend them fully (although I am trying to figure out what is the > "system F" that you mentioned in your "thunder" essay). > > I also made three other observations: firstly, that you are pointing out > significant vulnerabilities of the GNU project as a whole; secondly -- that > not every addressee wishes to become acquainted your thoughts, and lastly, > that if someone dares to criticise you, you're often getting impolite. > > With regard to those observations, I can offer three suggestions. The first > one concerns software security and the odds of the aforementioned "Thompson > virus". As you pointed out, we cannot guarantee that there is no back door > in every GNU system installation, but I think that even if we apply your > methods, we won't be able to do so. Simply because (as some of the > participants of the discussion noted) the back doors can be implemented in > the hardware, not in the software, and you will never be able to guarantee > that no one is able to access your system. So why should we bother? If there > are some people accessing my files, why should I feel unfomfortable with > that? Why can't I trust that someome with such great power isn't going to be > mean and evil? (There's already so many things that I can't control. I can't > know for sure that I'm not going to die tomorrow, but I think that being > worried about that wouldn't make that last day of mine any better) > > The second suggestion is that perhaps instead of sending all those letters > to some news groups, you should start a blog? > > That way, you could watch the statistics and tell how many people are > actually interested in your concerns, and you could present your ideas in a > more coherent and systematic way. And people who didn't subscribe to Ian > Grant newsletter would have been receiving a few unwanted e-mails less per > week. > > When it comes to the third question, please remember that other people have > their own issues, and may see no reason to consider your concerns more > important than theirs. When you're announcing that "there's no need to hook > guile to gdb, because if we rewrote all software with proper methodology, > there'd be no bugs", you seem to ignore the existing code base and common > practices. Of course if you can present a universal way of creating good > software, then I'm all ears, but so far I haven't seen such presentation (or > it might have drowned in the flood of your other thoughts and discussions) > > I wish you all best with your endeavour. > M. >