h a v a r i r a p p o r t h e a r t b l e e d

H a v a r i r a p p o r t : H e a r t b l e e - PowerPoint PPT Presentation

Nov 04, 2022 •96 likes •492 views

H a v a r i r a p p o r t : H e a r t b l e e d P o u l - H e n n i n g K a m p p h k @ F r e e B S D . o r g p h k @ V a r n i s h . o r g @ b s d p h k + i f ( 1 +

  1. H a v a r i r a p p o r t : H e a r t b l e e d P o u l - H e n n i n g K a m p p h k @ F r e e B S D . o r g p h k @ V a r n i s h . o r g @ b s d p h k

  5. + i f ( 1 + 2 + p a y l o a d + 1 6 > s - > s 3 - > r r e c . l e n g t h ) + r e t u r n 0 ; / * s i l e n t l y d i s c a r d p e r R F C 6 5 2 0 s e c . 4 * /

  6. E y e p r o b l e m s ” G i v e n e n o u g h e y e b a l l s , a l l b u g s a r e s h a l l o w ” - - L i n u s T o r v a l d s ” A l l b u g s a r e s e c u r i t y b u g s ” - - T h e o d e R a a d t

  7. D o e y e b a l l s w o r k a t a l l ? Y E S :D E S Y E S :S p a c e S h u t t l e N O : K e r b e r o s N O : O p e n S S L N O : . . .

  8. E y e b a l l s D E S v s . K e r b e r o s S i z e s r o u g h l y s i m i l a r N o t h i n g m u c h e l s e f o r e y e b a l l s t o l o o k a t D E S e y e b a l l s m u c h m o r e s k i l l e d t h a n w e k n e w

  9. S c a l i n g e y e b a l l s D E S : 2 . 0 0 0 L O C A b s t r a c t M a c h i n e i n d e p e n d e n t O n e S i n g l e d e s i g n d o c u m e n t O p e n S S L : 6 0 0 . 0 0 0 L O C C o n c r e t e H a r d w a r e o p t i m i z e d M a n y p r o t o c o l s p e c i f i c a t i o n s

  10. W o u l d i t h e l p , i f w e c o u l d ? H i g h n u m b e r o f t o t a l b u g s - > F i x i n g a b u g h a s l i t t l e n e t i m p a c t D o w e k n o w i f t h e r e a r e f e w o r m a n y b u g s ? ( F i r s t a s k e d b y B r u c e S c h n e i e r ) W e d o n ' t k n o w

  11. R o c k e t S c i e n c e S p a c e S h u t t l e s o f t w a r e l o a d : 4 2 0 . 0 0 0 L O C L a s t 3 v e r s i o n s : 1 e r r o r / e a c h L a s t 1 1 v e r s i o n s : 1 7 e r r o r s t o t a l S t a f f i n g : 2 6 0 f u l l t i m e C o n d i t i o n s : 0 8 - 1 7 5 d a y s / w e e k B u d g e t : $ 3 5 M / y e a r

  12. T h e r e s t o f u s ” I n d u s t r y a v e r a g e ” 1 5 - 5 0 b u g s / K L O C M i c r o s o f t ' 9 2 d e v e l o p m e n t 1 0 - 2 0 b u g s / K L O C M i c r o s o f t ' 9 2 a f t e r t e s t i n g 0 . 5 b u g s / K L O C I n d e p e n d e n t o f l a n g u a g e u s e d ( ! ) L a r g e p o p u l a t i o n a v e r a g e s S r c : S t e v e M c C o n n e l l : C o d e C o m p l e t e P e r s o n / P e r s o n v a r i a n c e u p t o 1 0 0 0 c l a i m e d

  13. A s h i t l o a d o f c o d e a n d p l e n t y o f b u g s C o d e b a s e M L O C B u g r a t e B u g s - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I S E E - 3 0 0 0 V a r n i s h 0 . 0 9 1 . 0 e - 3 9 0 A p o l l o 1 1 0 . 1 5 2 . 5 e - 6 < = 1 S p a c e S h u t t l e 0 . 4 2 . 5 e - 6 ~ 1 O p e n S S L 0 . 6 1 . 0 e - 3 6 0 0 F r e e B S D K e r n e l 1 . 8 1 . 0 e - 3 1 8 0 0 F 2 2 f i g h t e r 2 > 5 e - 7 > 1 C u r i o s i t y R o v e r 2 . 5 ? ? F 3 5 f i g h t e r ( e s t . ) 8 > 5 e - 7 > 4 A n d r o i d 1 2 1 . 0 e - 3 1 2 k W i n d o w s 4 5 5 . 0 e - 4 2 2 . 5 k O S / X 8 6 5 . 0 e - 4 4 3 k

  14. A b o u t t h a t F - 2 2 s o f t w a r e b u g W h e n t h e g r o u p o f F - 2 2 R a p t o r s c r o s s e d o v e r t h e I n t e r n a t i o n a l D a t e L i n e , m u l t i p l e c o m p u t e r s y s t e m s c r a s h e d o n t h e p l a n e s . E v e r y t h i n g f r o m f u e l s u b s y s t e m s , t o n a v i g a t i o n a n d p a r t i a l c o m m u n i c a t i o n s w e r e c o m p l e t e l y t a k e n o f f l i n e . N u m e r o u s a t t e m p t s w e r e m a d e t o " r e b o o t " t h e s y s t e m s t o n o a v a i l . V i s u a l l y f o l l o w e d t a n k e r p l a n e s b a c k t o H a w a i i

  15. A b s o l u t e b u g s a n d r e l a t i v e L O C I f y o u a d d 1 K L O C t o 1 0 K L O C i t ' s a b i g d e a l I f y o u a d d 1 K L O C t o 6 0 0 K L O C i t ' s p e a n u t s L i n e s o f c o d e i s r e a l t i v e . B u t y o u ' v e a d d e d 1 5 - 5 0 b u g s i n b o t h c a s e s . . . a n d b u g s a r e a b s o l u t e

  16. C a n c o m p u t e r s d o Q A f o r u s ? T u r i n g : Y o u c a n n o t e v e n p r o v e a p r o g r a m s t o p s C a n w e e v e n d e f i n e w h a t t h e c r i t e r i a i s ? A s i m o v s r o b o t l a w s ? W h e r e i s t h e ” . . . o r e l s e ? ” ?

  17. C a n w e m a k e i t w o r k ? L i m i t c o m p l e x i t y A E S :

  18. I s c o d e r e u s e g o o d o r b a d ? + L e s s c o d e t o r e v i e w - M o r e t h i n g s a f f e c t e d

  19. - l i b k i t c h e n s i n k N T P D n e e d s r a n d o m n u m b e r s - > i n c l u d e s P R N G i n c a s e p l a t f o r m l a c k s i t . N T P D n e e d s f l o a t i n g p o i n t n u m b e r s - > i n c l u d e s e r z a t s - F P i f p l a t f o r m i s I N T - o n l y A u t o c r a p

  20. O p e n v s . C l o s e d s o u r c e C l o s e d s o u r c e + R e q u i r e d i s a s s e m b l y b y b a d g u y s - R e q u i r e d i s a s s e m b l y b y g o o d g u y s - A b a n d o n w a r e + S i l e n t u p d a t e s - P a i d u p d a t e s O p e n s o u r c e + E v e r y b o d y c a n r e a d s o u r c e - E v e r y b o d y c a n r e a d s o u r c e + S o u r c e c a n b e p a t c h e d a n d c o m p i l e d - A b a n d o n w a r e - P h d - w a r e , C r a p - w a r e - > n o u p d a t e s - L i v e - w a r e - > P u b l i c u p d a t e s

  21. I j u s t n e e d t o r u n f a s t e r t h a n y o u . . . R a p i d c o d e c h a n g e s / u p d a t e s P r o g r a m m a t i c o b f u s c a t i o n S e c u r i t y t h r o u g h o b s c u ^ H ^ H ^ H ^ H ^ c a m o u f l a g e M a y b e c r e d i b l e i n s p e c i a l t y c a s e s P a y - p e r - v i e w T e l e v i s i o n S a t - T V d e c o d e r s

  22. A u t o u p d a t e t o t h e r e s c u e ? A u t o m a t i c , u n a t t e n d e d s o f t w a r e u p d a t e s S o u n d s n i c e i n t h e o r y B i g r e l i a b i l i t y i s s u e i n p r a c t i c e D o S ' i n g y o u r s e l f J a v a U p d a t e v s . N e m I D ?

  23. I n t e r n e t o f b u g s : E m b e d d e d d e v i c e s L i f e t i m e o f H W > > S W C o m p a n i e s ( f r e e l y ) a b a n d o n S W u p d a t e s S t i l l 3 0 0 . 0 0 0 u n f i r e w a l l e d H e a r t b l e e d s : T V s , P r i n t e r s , C o p i e r s , T e l e p h o n e s , S o l a r i n v e r t e r s , S C A D A s y s t e m s , i n f o k i o s k s , r o a d s i g n s , s m a r t m e t e r s . . . S i m i l a r m a r k e t f a i l u r e s : S p a c e J u n k , C O 2

Recommend

Feb 2011 Free software Overview and Objectives What is software? What does free mean,

Feb 2011 Free software Overview and Objectives What is software? What does free mean,

Penarth Computer Club Feb 2011 Free software Overview and Objectives What is software? What does free mean, look at licensing Discuss Piracy (or Theft) Mention some best practice techniques Look at some recommended free

881 views • 29 slides
INTERNET OF TARGETS Leif Nixon Sarcasm a pair vibrator with bluetooth wtf? no wifi no

INTERNET OF TARGETS Leif Nixon Sarcasm a pair vibrator with bluetooth wtf? no wifi no

INTERNET OF TARGETS Leif Nixon Sarcasm a pair vibrator with bluetooth wtf? no wifi no food no wifi no food do you have devices that need your wifi to be working? security cameras thermostats smart appliances smoke alarms smart

1.1k views • 82 slides
IN HOSTILE ENVIRONMENTS @kll #PyConBLKN 2018. WHO? Luka Kladaric Chaos Manager @ Sekura

IN HOSTILE ENVIRONMENTS @kll #PyConBLKN 2018. WHO? Luka Kladaric Chaos Manager @ Sekura

SHIPPING QUALITY SOFTWARE IN HOSTILE ENVIRONMENTS @kll #PyConBLKN 2018. WHO? Luka Kladaric Chaos Manager @ Sekura Collective recovering web developer of 10+ years architecture, infrastructure &amp; security consultant also a startup founder

1.33k views • 59 slides
Multicore OSes Looking Forward from 1991, er, 2011 David A. Holland, Margo I. Seltzer { dholland,

Multicore OSes Looking Forward from 1991, er, 2011 David A. Holland, Margo I. Seltzer { dholland,

Multicore OSes Looking Forward from 1991, er, 2011 David A. Holland, Margo I. Seltzer { dholland, margo } @eecs.harvard.edu May 11, 2011 The Scenario Physical limits have been reached. Hardware isnt getting faster any more. To go

472 views • 16 slides
Getting Content to and from the Transmitter Site Agenda Four different technologies:

Getting Content to and from the Transmitter Site Agenda Four different technologies:

Getting Content to and from the Transmitter Site Agenda Four different technologies: Microwave IP Digital UHF Hardware Codec Chuck Kelly Chris Crump Jeff Holdenrid Composite Codec Regional Sales Manager, Director of

1.13k views • 45 slides
Abbreviated syntax The abbreviated syntax is more economical and often (but not always!) more

Abbreviated syntax The abbreviated syntax is more economical and often (but not always!) more

Inf1-DA 20102011 II: 64 / 118 Abbreviated syntax The abbreviated syntax is more economical and often (but not always!) more intuitive. The XPath abbreviations are: The syntax child:: may be omitted from a location step altogether. (The

854 views • 19 slides
Mathese Carl Pollard Department of Linguistics Ohio State University September 29, 2011 Carl

Mathese Carl Pollard Department of Linguistics Ohio State University September 29, 2011 Carl

Mathese Carl Pollard Department of Linguistics Ohio State University September 29, 2011 Carl Pollard Mathese And The standard abbreviation for and is the symbol , called conjunction . And is used for combining sentences to form a new

602 views • 24 slides
PeopleSoft Transaction Types November 2011 1 1 Learning Objectives For each type of

PeopleSoft Transaction Types November 2011 1 1 Learning Objectives For each type of

PeopleSoft Transaction Types November 2011 1 1 Learning Objectives For each type of transaction: Define and explain the use Provide examples of how to process an entry 2 Definition of Terms Account: Groups transactions related

949 views • 83 slides
Gradual Session Types Albert-Ludwigs-Universit at Freiburg Atsushi Igarashi 1 Peter Thiemann 2

Gradual Session Types Albert-Ludwigs-Universit at Freiburg Atsushi Igarashi 1 Peter Thiemann 2

Gradual Session Types Albert-Ludwigs-Universit at Freiburg Atsushi Igarashi 1 Peter Thiemann 2 Vasco Vasconcelos 3 1 Kyoto University, 2 University of Freiburg, 3 University of Lisbon 31 Jan 2017 Session Types are Good for You communication

452 views • 42 slides
Datatypes and Patterns Datatypes Amtoft from Hatcliff Type Names Datatypes Patterns Local

Datatypes and Patterns Datatypes Amtoft from Hatcliff Type Names Datatypes Patterns Local

Datatypes and Patterns Datatypes Amtoft from Hatcliff Type Names Datatypes Patterns Local Definitions ML datatypes and patterns can make programs much more concise and elegant 1. type abbreviations 2. ML datatypes 3. patterns and local

616 views • 16 slides
Outline C LON Didier Verna Marketing Features Marketing 1 Status Features 2 Status 3 2/7

Outline C LON Didier Verna Marketing Features Marketing 1 Status Features 2 Status 3 2/7

C LON Didier Verna Marketing C LON Features Status A command-line options management library for standalone C OMMON -L ISP applications Didier Verna ELS09 1/7 Outline C LON Didier Verna Marketing Features Marketing 1 Status

800 views • 14 slides
Pheno Technology Carl Pollard Department of Linguistics Ohio State University June 25, 2012

Pheno Technology Carl Pollard Department of Linguistics Ohio State University June 25, 2012

Pheno Technology Carl Pollard Department of Linguistics Ohio State University June 25, 2012 Carl Pollard Pheno Technology Beyond Strings We cant keep pretending that all there is to pheno is strings and functions over strings. Often we

874 views • 15 slides
On limits of applicability of G odels second incompleteness theorem F.N. Pakhomov Steklov

On limits of applicability of G odels second incompleteness theorem F.N. Pakhomov Steklov

On limits of applicability of G odels second incompleteness theorem F.N. Pakhomov Steklov Mathematical Institute, Moscow pakhf@mi-ras.ru PDMI Logic Seminar, March 06, 2019 Peano arithmetic Robinsons arithmetic Q: 1. S ( x ) = 0;

1.31k views • 19 slides
A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of

A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of

A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of Cybernetics, Tallinn Joint work with Hyeonseung Im and Sungwoo Park 18 May 2014, Narva-J oesuu The ML module system The ML module system supports

603 views • 19 slides
Lecture 23: How to find estimators 6.2 0/ 29 We have been discussing the problem of estimating

Lecture 23: How to find estimators 6.2 0/ 29 We have been discussing the problem of estimating

Lecture 23: How to find estimators 6.2 0/ 29 We have been discussing the problem of estimating on unknown parameter in a probability distribution if we are given a sample x 1 , x 2 , . . . , x n from that distribution. We introduced two

1k views • 30 slides
Extension, Abbreviation and Refinement - Identifying High-Level Dependence Structures Using

Extension, Abbreviation and Refinement - Identifying High-Level Dependence Structures Using

Extension, Abbreviation and Refinement - Identifying High-Level Dependence Structures Using Slice-Based Dependence Analysis Zheng Li CREST, Kings College London, UK Overview Motivation Three combination techniques Extension

694 views • 33 slides
Lecture #23: The Scheme Language Scheme is a dialect of Lisp: The only programming language

Lecture #23: The Scheme Language Scheme is a dialect of Lisp: The only programming language

Lecture #23: The Scheme Language Scheme is a dialect of Lisp: The only programming language that is beautiful. Neal Stephenson The greatest single programming language ever designed Alan Kay Last modified: Mon Mar 14

401 views • 18 slides
Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and

Logic as a Tool Chapter 3: Understanding First-order Logic 3.1 First-order structures and languages. Terms and formulae of first-order logic. Valentin Goranko Stockholm University October 2016 Goranko Propositional logic is too weak Goranko

1.69k views • 109 slides
Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The

Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The

Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The Hebrew University In proceedings of COLING 2012 Overview In many cases, there is more than one plausible way to annotate syntactic structures

727 views • 60 slides
A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery

A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery

A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery System (SRS) David Astemborski - FirstBank David.Astemborski@EFirstBank.com Mona Hassan - DTS Software Mona@DTSSoftware.com Tuesday August 7, 2012

870 views • 43 slides
Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Machine Translation in 2012 Google Translate translate.google.com 2 CS447

667 views • 37 slides
Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson,

Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson,

Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson, Valia Kordoni, Yi Zhang, Timothy Baldwin, Rebecca Dridan Department of Computational Linguistics Saarland University &amp; DFKI GmbH Department

501 views • 12 slides
Robust Programming Style of programming that prevents abnormal termination and unexpected

Robust Programming Style of programming that prevents abnormal termination and unexpected

Robust Programming Style of programming that prevents abnormal termination and unexpected actions Code handles bad inputs reasonably Code assumes errors will occur and takes appropriate action Also called bomb-proof programming

833 views • 43 slides
Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100,

Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100,

Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100, christoph.lueth@dfki.de, cxl@informatik.uni-bremen.de Christian Liguda MZH 3180, christian.liguda@dfki.de Deutsches Forschungszentrum fr Knstliche

417 views • 41 slides

More recommend