Yesterday's keynote at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity" was a tour-de-force explanation of the formal linguistics and computer science that explain why software becomes insecure, and an explanation of how security can be dramatically increased. What's more, Patterson's slides were outstanding Rageface-meets-Occupy memeshopping. Both the video and the slides are online already.
Hard-to-parse protocols require complex parsers. Complex, buggy parsers become weird machines for exploits to run on. Help stop weird machines today: Make your protocol context-free or regular!
Protocols and file formats that are Turing-complete input languages are the worst offenders, because for them, recognizing valid or expected inputs is UNDECIDABLE: no amount of programming or testing will get it right.
A Turing-complete input language destroys security for generations of users. Avoid Turing-complete input languages!
Patterson's co-authors on the paper were her late husband, Len Sassaman (eulogized here) and Sergey Bratus.
LANGSEC explained in a few slogans
Scott Pruitt, the Trump administration’s top environmental official, privately met with the CEO of Dow Chemical just before reversing the EPA’s efforts to ban a widely used Dow pesticide. Multiple scientific studies showed chlorpyrifos can damage the brains of children. Today’s Associated Press story is a clear case for why the Environmental Protection Agency and […]
The YouTube channel HooplaKidzLab demonstrates some awesome science experiments you can try with your kids this summer. Here’s another video from the channel about how to make a robotic arm out of popsicle sticks:
Scientists discovered this new species of “glass frog” in Ecuador’s Amazon lowlands. Hyalinobatrachium yaku’s belly is so transparent that you can clearly see its kidneys, bladder, and beating heart. From Science News: Yaku means “water” in Kichwa, a language spoken in Ecuador and parts of Peru where H. yaku may also live. Glass frogs, like […]
Aside from specific apps needed for work, the most casual Mac users can probably survive without anything more than the bundled software. iLife is a surprisingly capable office suite (Apple even promotes Keynote as a tool for interface design), and recent versions of Safari are more energy efficient than any other macOS-compatible browser. But if […]
Despite the upfront cost, electric toothbrushes are much better at removing plaque than those freebies from the dentist’s office. For those who struggle to fill the American Dental Association’s recommended two minutes of brushing time, or anyone with limited dexterity, a sonic toothbrush can give your oral care routine a boost.To keep your chops healthy […]
Learning a new language will give your resume an upgrade, sure, but it will also provide a huge cognitive boost for mental tasks outside of translation and conversation. Bilingual brains have been shown to be better at handling multiple concurrent tasks, and gaining fluency in a new tongue is an amazing way to improve memory, […]