Security: Rob Braxman Doesn't Get It

My comment was deleted by YouTube:

Open Source is not the solution. I have been trying to get people to understand this for nine years. Richard Stallman didn't get it either. Google "karger schell multics security evaluation" and read about object code trap doors in the 1974 USAF report. [https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf] The problem is that the semantics of the language, whether assembly or higher-level are determined in practice by some object code, which is the machine language the CPU executes as it compiles the program. Karger and Schell recognised and described this problem and produced an example in Multics in the early seventies. The problem is still not recognised by security professionals. So what do we do? I wrote about my 2014 battle with Richard Stallman in a blog post called "The Mother of All Software Vulnerabilities" on a blog called logicabolivia on blogspot try searching for it.

See The Mother of all Software Vulnerabilities and https://www.acsac.org/2002/papers/classic-multics.pdf.

Subscribe to Rob Braxman.

Maybe Richard Stallman got upset? Chrissie Mayr's SimpCast 16 Clip.

Comments

Post a Comment

Popular posts from this blog

David Turner Obituary by Sarah Nicholas Fri 24 Nov 2023

Image
This was in The Guardian: David Turner obituary , only eight days after I posted  David Turner Talking About Sixty Years of Functional Programming History : This talk was given in London in 2017: See  Turner, D. A. "Some History of Functional Programming Languages" also  John Hughes - Why Functional Programming Matters  and David MacQueen's talk at ICFP 2015 in  Numberphile - Sophie Maclean on the Catalan Numbers . At 10:30 This whole discussion abut combinator reduction is especially interesting. I didn't know Arthur Norman had tried building hardware for combinator machines. I'll look that up: maybe start here A.C. Norman  Faster combinator reduction using stock hardware  in LFP '88: Proceedings of the 1988 ACM conference on LISP and functional programming. At 26:25 on the ISWIM virtual machine implemented in the PAL compacting garbage collector?! This work Reynolds and others did was at MIT in Masecheusetts and Argonne National Laboratory Illinois. Did
Read more

Live Science - Leonardo da Vinci's Ancestry

Image
... and his posterity too? See  On Communication in Linear Time And Hypertext And The Gospel of Sophia . So it looks like El Cielo of the cistine [sic!😂] chapel is not the limit anymore.  I think I just met one of his descendents. A guy called Versailles Toledo who is from Chiapas. That might explain the murals I mention in my recent untitled post , just before the post mentioning this video. I also just took this photo of Rafael Gonzales, born here in Tecate, B.C., who told me about a spring near here called Agua Fría , half way from Tecate to Loma Tova , where, a few decades ago, people used to go to have barbecues and stuff, but now he thinks it may be private land. If someone reading this has a Facebook account, please write a link to this post onto his FB page. To see why I took the photo, look at his T-shirt and the horse-shoes and ponder this: Subscribe to BeatrizER and her video(s?) about mathematical logic, ... Sounds like Edith (II) Rix has been online all the time, ...
Read more