[148741] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors?
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Dec 26 13:50:23 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20131225123521.39b2206f@terabyte>
Date: Thu, 26 Dec 2013 10:12:43 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Benjamin Kreuter <brk7bx@virginia.edu>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
"James A. Donald" <jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2733347677792809432==
Content-Type: multipart/alternative; boundary=089e012281acd0545704ee7168e2
--089e012281acd0545704ee7168e2
Content-Type: text/plain; charset=ISO-8859-1
Stability of installation packages is a lot more important than many
developers imagine.
Mosaic was not the first Web browser. It wasn't even one of the first
dozen. What set it apart was that it worked without the need for the
installer to spend hours fixing it first. Today that is reasonably common
but in 1992 it was revolutionary.
I recently tried to install the IETF tool for writing in their stupid
documentation format and found that the code would not run because it
needed another package. Python suffers from the same dll hell idiocy as
Windows used to before people started to get a clue and realize that shared
object libraries are not your friend.
If a program links to 3 packages that each have three versions then you
have 27 variations of the package to regression test. Setting up a machine
so that it could do the tests is a major undertaking that is error prone in
itself.
This is why I don't like plug-ins. Nobody is going to test the interactions
between them all. Besides which, UI code is nearly impossible to automate
testing on.
The way I avoid these issues is that I always static link to non-platform
code, always. The idea that shared object is useful on a machine with 4Gb
of memory is just stupid. And the machine would have a lot more memory if
it was not due for replacement and the motherboard won't actually accept
any more (waiting for the next Intel release).
.NET addresses the problem with strong assemblies. You can link against a
very specific version of the code.
Which is why I plan to eventually spend some time cutting OpenSSL down to
only provide the algorithms I actually use and support. The only symmetric
algorithms I plan to use are AES and 3DES so the rest all go. I don't plan
to use ECC so that goes.
--089e012281acd0545704ee7168e2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">Stability of installation packa=
ges is a lot more important than many developers imagine.
</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Mosai=
c was not the first Web browser. It wasn't even one of the first dozen.=
What set it apart was that it worked without the need for the installer to=
spend hours fixing it first. Today that is reasonably common but in 1992 i=
t was revolutionary.=A0</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">I recently =
tried to install the IETF tool for writing in their stupid documentation fo=
rmat and found that the code would not run because it needed another packag=
e. Python suffers from the same dll hell idiocy as Windows used to before p=
eople started to get a clue and realize that shared object libraries are no=
t your friend.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br></div><=
div class=3D"gmail_extra">If a program links to 3 packages that each have t=
hree versions then you have 27 variations of the package to regression test=
. Setting up a machine so that it could do the tests is a major undertaking=
that is error prone in itself.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">This is why=
I don't like plug-ins. Nobody is going to test the interactions betwee=
n them all. Besides which, UI code is nearly impossible to automate testing=
on.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br></div><=
div class=3D"gmail_extra">The way I avoid these issues is that I always sta=
tic link to non-platform code, always. The idea that shared object is usefu=
l on a machine with 4Gb of memory is just stupid. And the machine would hav=
e a lot more memory if it was not due for replacement and the motherboard w=
on't actually accept any more (waiting for the next Intel release).</di=
v>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">.NET addres=
ses the problem with strong assemblies. You can link against a very specifi=
c version of the code.</div><div class=3D"gmail_extra"><br></div><div class=
=3D"gmail_extra">
Which is why I plan to eventually spend some time cutting OpenSSL down to o=
nly provide the algorithms I actually use and support. The only symmetric a=
lgorithms I plan to use are AES and 3DES so the rest all go. I don't pl=
an to use ECC so that goes.</div>
</div>
--089e012281acd0545704ee7168e2--
--===============2733347677792809432==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2733347677792809432==--
