Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-12 Thread Fernando Schapachnik
En un mensaje anterior, Blue Boar escribió:
 Fernando Schapachnik wrote:
 I smell a discusion going nowhere. What is the point of teaching a 
 languague?
 Teach them to program in a paradigm (better, in all of them, and give them 
 the
 tools to make educated choices about which is better for each context), and
 choose any language as an *example* of the paradigm.
 
 Ah... but beyond design problems, aren't most security problems 
 language-specific abuses and bugs?  I'm thinking things like I didn't 
 realize it would let me mix signed and unsigned... I didn't realize it 
 would let me right off the end of the buffer... I didn't realize I had 
 to escape or filter certain characters

Same thing happens with concurrency. You need to tell them about shared
variables, mutexes, locking, atomicity, protected sections, etc. When they are
going to undertake a real project in a specific language they need to know how
these are implemented there. I expect them to be able to learn that from the
multiple available resources, once the foundations are learn.

Now s/concurrency/security/. Imagine next year, when language NEW appears
and some people from this list are required to work in it. I suspect most
of them would probably apply their existing knowledge and some searching around
to understand the new thread model, and act acordindgly. Is the same scenario
for students.

Regards.

Fernando.





Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-08 Thread Fernando Schapachnik
En un mensaje anterior, ljknews escribió:
 At 1:56 PM -0700 7/7/04, Dana Epp wrote:
 
 I don't pick C for C's sake. I choose C because ON AVERAGE, most students will be 
 exposed to C more than the languages you suggest. Especially in the majority on 
 industries hiring students out of university.
 
 Primarily because that is what universities use for training.
 
 Originally because Unix was so cheap for educational institutions.
 
 I smell a vicious circle.

I smell a discusion going nowhere. What is the point of teaching a languague?
Teach them to program in a paradigm (better, in all of them, and give them the
tools to make educated choices about which is better for each context), and
choose any language as an *example* of the paradigm.

Latter on, they can pick the particularities of any language by a book.
Remember: don't give them fishes, teach them how to fish.

Having said that, giving a quick overview of C seems like a good idea when
teaching about security, because you can easily show examples of all types of
problems (I think is important, however, to make it clear that their represent a
class of problems, and can happen in many languages, not only in C).

Regards, Fernando.





Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-06 Thread Fernando Schapachnik
En un mensaje anterior, der Mouse escribió:
  I think over the past 40 years or so, as a discipline, we've failed
  rather miserably at teaching programming, period.
  Right.  But on the other hand, that's not surprising - [because
  we've mostly not even _tried_ to teach programming, as opposed to
  computer science or software engineering].
  Care to explain what do you think a 'programming course' should have
  that is not covered in SE or CS courses (or curricula)?
 
 A computer scientist is a theoretician.  A software engineer is a
 designer.  A programmer is an implementer.
 
 A computer scientist can prove you can't, in general, sort faster than
 O(n log n) (and a good one can recast this as an explanatino of why).
 
 A software engineer can look at the application and decide which
 sorting algorithm is approproate for _this_ task, including, perhaps,
 choosing one with O(n^2) worst-case behaviour because of some
 application-specific property.
 
 A programmer can sit down and implement a sorting algorithm.

Well, my view is that a computer scientist is a scientist, which means he looks
into new/open problems. He'd better recall you can't sort faster than O(n log n)
based on comparisons, as a phisicist better recall general relativity laws, but
it can be a theoretician or an applied one (for example, designing new
programming languagues, etc). A software engineer applies stablished methods (if
shuch a thing exists today is left as an excercise to the reader) to tackle
problems. But that includes desigining, testing and programming. They are just
different parts of the software life cicle but all of them should be undertaken
as professional grade tasks.

So, in short, I think that programming is included in SE is included in CS.
Where A is included B means that any individual with an B degree should have
the knowledge necessary to successfully performs A's dutties (he might not have
the experience).

I don't agree with David Wheeler's statement that secure coding should be
taught instead of more basic things like sorting algorithms. Both are
important, but I believe that properly understading foundations is more
important that 'don't trust the input'. Of course there's more to security
than that, but that leads me to my main point. How should secure coding be
taught?

I've considered 'secure coding' courses, and the idea allways look kind
oversized. How much can you teach that students can't read themselves from a
book? Can you fill a semester with that? I'm interested in people's experiences
here.

Adding a 'security chapter' to existing courses seems more appropiate (at least
to me). At the end of our Programming II course, I showcase students the
vulnerabilities that can be understood or are related with what they've saw in
class: these includes buffer overflows, input validation, integer
over/underflows, race conditions, least priviledge, etc. I stress that these are
only samples, and point them to links (like David's great 'Secure Programming
How-To') and books. I haven't had the chance to evaluate the impact of that, but
it is on my to-do list.

Similary, some other courses where security can be plugged include operating
systems, networking, SE, system's design, etc.

I'd be interested to hear what people think of the two approaches (separate
security courses vs. spreading security all over the curricula).

Regards.

Fernando.





Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-05 Thread Fernando Schapachnik
En un mensaje anterior, der Mouse escribió:
  In general, I don't think this is an issue that is unique to _secure_
  programming (coding, design, etc.).  I think over the past 40 years
  or so, as a discipline, we've failed rather miserably at teaching
  programming, period.
 
 Right.  But on the other hand, that's not surprising - when did you
 last see even a course, never mind a program, in academia that was
 _supposed_ to teach programming (as opposed to computer science or
 software engineering or any of the various other things usually taught
 instead of it)?

Care to explain what do you think a 'programming course' should have that is not
covered in SE or CS courses (or curricula)?

Regards.

Fernando.





Re: [SC-L] Andy Tanenbaum on Linux's origins and security

2004-05-30 Thread Fernando Schapachnik
En un mensaje anterior, Kenneth R. van Wyk escribió:
 Andy Tanenbaum, the author of the MINIX operating system, recently posted an 
 opinion piece on the origins of Linux.  It's a fascinating albeit somewhat 
 lengthy read -- see http://www.cs.vu.nl/~ast/brown/ for the full text.  

People interested might also like to read:

http://www.kde.org/history/linux_is_obsolete.php

An interesting discussion mainly between Andy Tanenbaum, a well known Professor
of Computer Science at the Free University of Amsterdam and Linus Torvalds

 fast is to make it small. Fight Features.

I find the fight features ideas particulary interesting, but have so far not
found a good and general way of {t,pr}eaching that to customers or stakeholders.
Any experience there?

Regards, Fernando.





Re: [SC-L] virtual server - security

2004-03-31 Thread Fernando Schapachnik
Working for an ISP in a previous life we used FreeBSD jails. There are
kind-of-similar solutions for linux also (there's actually people in the list
who sell them even).

Good luck.

En un mensaje anterior, Serban Gh. Ghita escribió:
 Hello
 
 I am banging my head on the table every day, because i cannot find an
 elegant and safe solution to secure a virtual shared environment (server).
 Take the following facts: