March 2016 – A Random Walk through Software

Writing-Solid-Code

I came across Writing Solid Code by Steve Maguire (Microsoft Press, 1993) at work. My boss had a shelf full of 90’s software texts, and this one caught my eye while I was waiting for a meeting to start.

It’s fantastic, and all programmers should read it.

It’s written by an early Microsoft programmer, with experience writing for Excel. The focus of the book is C, but the ideas are applicable to almost any language. Here are some of them.

Procedures/methods/functions should do one thing well.

They should avoid special cases.

“If you pass in a pointer as the third parameter, the function will fill in the data structure it points to. But if you pass in 0 as the third parameter, the function will allocate memory and then fill in the data structure.” This type of intricate behavior allows subtle bugs or memory leaks to sneak in.

Continue reading “Writing Solid Code”

At Black Hat USA 2015, I gave a briefing on entropy use and management in the Linux kernel, along with Bruce Potter, CTO of KEYW Corporation.

You need random numbers to do many things on modern computers. For instance, all the cryptography that secures your web transactions is powered by random numbers. This cryptography means that only Amazon can use your credit card details and that only you can tell your bank to transfer money out of your account. But random numbers are hard to come by on a computer. Computers are, by nature, pretty deterministic machines.

You can generate mostly random numbers by things like measuring temperature very accurately and looking only at the last decimal place, which fluctuates a lot. Or measuring the RF radiation passing by, and again, looking only at the last decimal place. Your computer generates mostly random numbers by looking at the time that various things happen – you press a key on the keyboard, a packet arrives on the network – and looking only at the last decimal place of the time that that even happen.

Continue reading “Entropy at Black Hat 2015”