Dharkfiber sends an article about the Hardened Anti-Reverse Engineering System (HARES), which is an encryption tool for software that doesn’t allow the code to be decrypted until the last possible moment before it’s executed. The purpose is to make applications as opaque as possible to malicious hackers trying to find vulnerabilities to exploit. It’s likely to find work as an anti-piracy tool as well.
To keep reverse engineering tools in the dark, HARES uses a hardware trick that’s possible with Intel and AMD chips called a Translation Lookaside Buffer (or TLB) Split. That TLB Split segregates the portion of a computer’s memory where a program stores its data from the portion where it stores its own code’s instructions. HARES keeps everything in that “instructions” portion of memory encrypted such that it can only be decrypted with a key that resides in the computer’s processor. (That means even sophisticated tricks like a “cold boot attack,” which literally freezes the data in a computer’s RAM, can’t pull the key out of memory.) When a common reverse engineering tool like IDA Pro reads the computer’s memory to find the program’s instructions, that TLB split redirects the reverse engineering tool to the section of memory that’s filled with encrypted, unreadable commands.
By qualitatively and quantitatively analyzing a statistically valid random sample from almost 2 million C files and 11K+ projects, we find that developers limit themselves to using goto appropriately in most cases, and not in an unrestricted manner like Dijkstra feared, thus suggesting that goto does not appear to be harmful in practice.
(Here’s the preprint (PDF) linked from above abstract.)
In a new paper (PDF), researchers from the University of California, Davis, Southeast University in China, and University College London theorized that, just as with natural languages, some — and probably, most — written code isn’t necessary to convey the point of what it does. The code and data used in the study are available for download from Bitbucket. But here’s the bottom line: Only about 5% of written Java code captures the core functionality.
Sun Microsystems vanished into Oracle’s maw five years ago this month, and you could be forgiven for thinking that some iconic Sun products, like SPARC chips, had been cast aside in the merger. But Oracle claims that the SPARC roadmap is moving forward more quickly than it did under Sun, and while the number of SPARC systems sold has dropped dramatically (from 66,000 in Q1 ’03 to 7,000 in Q1 ’14), the systems that are being sold are fully customized and much more profitable for the company
“LinkedIn is restricting access to most of its application programming interfaces (APIs) to companies that have struck up partnerships with the social networking company. ‘Over the past several years, we’ve seen some exciting applications from our developer community. While many delivered value back to our members and LinkedIn, not all have,’ wrote Adam Trachtenberg, director of the LinkedIn developer network, explaining in a blog post the change in the company’s API policy. Starting May 12, LinkedIn will only offer a handful of its APIs for general use, namely those that allow users and companies to post information about themselves on the service. After then, only companies that have enrolled in LinkedIn’s partner program will have API access. Samsung, WeChat, and Evernote have already struck such partnerships. Currently, the social networking service offers a wide range of APIs, which allow third-party programs to draw content from, and place content into, LinkedIn. APIs have been seen as an additional channel for businesses to interact with their users and partners. A few companies, however, have recently scaled back access to APIs, which provide the programmatic ability to access a company’s services and data. Netflix shut its public API channel in November, preferring to channel its user information through a small number of partners. ESPN also disabled public access to its APIs in December. LinkedIn’s move is evidence of how the business use of APIs are evolving, said John Musser, founder and CEO at API Science, which offers an API performance testing service.”
Nim is a young, statically typed programming language that has been getting more attention recently. See these articles for an introduction: What is special about Nim?, What makes Nim practical? and How I Start: Nim. The language offers a syntax inspired by Python and Pascal, great performance and C interfacing, and powerful metaprogramming capabilities. The author of “Unix in Rust” just abandoned Rust in favor of Nim and some early-adopter companies are starting to use it as well.
In 2013, a restoration project for Hut 6 of Bletchley Park uncovered a collection of papers being used as roof insulation. The papers were frozen to preserve them while they were inspected and repaired. Now they’re on display at an exhibition showing items found during the restoration process. “The documents also included the only known examples of Banbury sheets, a technique devised by [Turing] to accelerate the process of decrypting Nazi messages. No other examples have ever been found. All the findings are unique as all documentary evidence from the code breaking process was supposed to be destroyed under wartime security rules.”
Ken Vermette has done a write-up on his experience with the new KDE desktop encompassing Frameworks 5.3 and Plasma 2.1. For starters, some patience is still needed for apps to be ported to KF5, and most of them will be KF4-based for now. Many of the widgets you may have used don’t exist yet either, but the good news is that the Plasma goodies which do make an appearance are universally improved. The new search widget is shockingly fast and the notifications tray has been reworked. Visual outlook of desktop has been simplified and things don’t feel so tightly packed together anymore. The system settings application has been completely regrouped more by goal than underlying mechanics. Unfortunately the desktop stability leaves a lot to desire: there was several crashes and Plasma had at one point managed to forget colour and wallpaper settings. However the developers seem to be knowing what they are doing, and there’s a real feeling that this software will reach rock-solid stability very quickly given the state of it as it stands.