Ben Laurie blathering

25 Feb 2010

Trust and Vulnerability

Filed under: Security — Ben @ 16:02

Ed Felten has a nice post about the crazy idea that someone can decide for us which CAs are trusted. He correctly points out that we conflate two meanings of the word “trust”, but then proposes to fix it by using the word slightly differently, for example:

“CNNIC is a trusted certificate authority.”


“Everyone trusts CNNIC to be a certificate authority.”

I’ve long advocated instead saying “is vulnerable to”, which makes it much clearer what is going on, so I would say “CNNIC is a certificate authority everyone is vulnerable to”. “Trusted third party” would become “Third party you are vulnerable to” and so on. Kinda clunky, but you know where you stand.

A historical note: I believe I came up with this in one of my very first conversations with Jon Shapiro and Mark Miller about the nature of “trust” in distributed computer systems – a word that really should not be used at all in that context, I believe.

24 Feb 2010

Broccoli and Tomato Stirfry

Filed under: Recipes — Ben @ 12:59

I’ve been using little tomatoes a lot lately, I have no idea why I’ve traditionally neglected them, they’re rather nice. Last night I needed some vegetables to go with some Thai fishcakes, and I invented this…

Tenderstem broccoli (or purple sprouting broccoli – not a big fan of the traditional big kind, too mushy)
Cherry tomatoes
Light soy
Groundnut oil
Spring onions

Get the oil smoking hot, add thinly sliced ginger (I like my ginger in chunks big enough to eat, but feel free to dice it) stirfry for a few seconds, then add the broccoli (I usually halve each stem), stirfy that for a couple of minutes, then throw in cherry tomatoes sliced in half – I did about twice as much broccoli as tomatoes. When they have gone fairly mushy, add a good dose of light soy and stirfry for another 30 seconds or so. Turn off the heat and then add thinly sliced spring onions. The broccoli should be fairly firm, but edible ๐Ÿ™‚

I also like to chuck some sesame oil on things like this, after the spring onions, but I guess its optional.

Stupid Mailing List

Filed under: Open Source,Programming,Security — Ben @ 12:49

It seems Stupid just won’t go away – Ben Clifford and I have been gradually expanding it – it now has functions and even primitive I/O. I’m working on a new test harness and we have regular discussions on language philosophy. So I figured it was time for a mailing list for developers (and other interested parties). Here it is.

7 Feb 2010

Perhaps Not So Stupid, After All?

Filed under: Crypto,Open Source,Programming — Ben @ 17:04

Stupid now generates correct (single-block, still) SHA-256 code in C. It has functions. We’re starting to wonder about adding structures, and the semantics of arrays – particularly whether an array passed for output can also be used for input (or vice versa). I’m inclining towards making that illegal – if you want a function that, say, fills in every second entry in an array, then you’d need to pass in the array to be filled in, and return a second array which would be the result. The function would have to copy the input array to the output before filling in the new values (or copy the parts it isn’t going to fill in). It seems to me this makes analysis simpler, but can easily be optimised by smart compilers, too.

I guess its time we started writing some of this down! I’d also like to add generators for some common scripting languages, like Perl, Python and PHP.

The thing I’m a little scared of is that eventually, if I’m going to take this seriously, we’re going to need a bignum implementation – not too hard to do if you don’t care about efficiency, I guess.

1 Feb 2010

Writing Compilers Quickly

Filed under: Programming — Ben @ 14:10

James Donald asks

How did you bring up a compiler so quickly รขโ‚ฌโ€œ what environment, what development system is the compiler written in?

Firstly, I’ve had a lot of practice – I’ve been writing (small) compilers for at least 20 years now. I’ve been writing code for over 35 years. That helps. But to talk about the reproducible parts of what I did…

Firstly, I wrote the compiler in Perl. I like Perl for quick hacks, and I also like to write Perl code “properly” – that is, I use modules and object oriented programming, not great monolithic blocks of Perl gibberish.

Secondly, I used a compiler-compiler, in this case, Parse::Yapp. This uses a specification language rather like BNF, and exactly like its predecessors, yacc and bison, so there was zero learning curve for me there.

I do remember finding yacc extremely puzzling when I first started with it, so if you are new to this, I would highly recommend Antlr and Antlrworks. The only reason I did not use Antlr is its Perl support seems to be pretty experimental, and I didn’t want to spend time fighting the tools. Otherwise, Antlr is vastly superior to the whole yacc/bison/yapp thing. Antlrworks lets you interactively explore your parsing, complete with diagrams. It really is quite awesome and I love it.

Thirdly, I avoided using a lexer generator. In my experience, these are fiddly and more trouble than they’re worth, especially if you’re writing in Perl, where you have very nice pattern matching tools that allow you to write a lexer in not many lines of code (about 60 in the current version of Stupid).

Fourthly, I used monkey-patching to inject the language-dependent output part of the code. I’ve never really (consciously) used this technique before – I first came across it as a formal notion when we were wrestling with early versions of Caja, as it is very widely used in Javascript libraries. Although it is kinda evil and caused us untold pain with Caja, it does make for a very nice separation between components.

Fifthly, I kept the grammar of Stupid simple – I make life harder for the programmer in order to make the parser simpler. This is for two reasons, firstly, I was in a hurry, but more importantly, it is a design aim of Stupid that it should be clear to the programmer exactly what is happening. Getting clever with the grammar does not aid that process.

Sixthly, keeping your head clear is good! Parsers naturally produce parse trees with great ease, so building a parse tree and then later processing that is the way to go. Trying to do it all in one go rarely works well (single pass compilers are generally rather limited, though Stupid is technically mostly single pass at the moment). Getting used to recursion helps with processing parse trees.

Finally, I had a previous project, CaPerl, where I’d used Parse::Yapp, so I could crib from that to get off the ground rapidly.

As for the rest of the environment: FreeBSD for the operating system, emacs for the editor (wish there were a yapp/yacc mode – and even better, a Stupid mode!), Mercurial for version control.

Powered by WordPress