Saturday, March 28, 2015

With Great Power Comes Great Responsibility

Forth is used as a bootloader for SPARC based machines. One feature that SPARC based machines made by SUN Mircosystems had was the ability to drop back to the bootloader's Forth interpreter by pressing the Stop-A key combination at the console. This suspended the operating system and gave the user an ok prompt to work at. Typically this was used to kick off a kernel debugger or to kick errant SCSI hardware back into line. In effect the Open Boot Prom (OBP), as the Forth based bootloader was branded, was a very lightweight hypervisor.

A consequence of this was that while working at the ok prompt, the user wasn't subject to privilege system of Solaris. People at the console could use this to gain root privileges. The method worked as follows:

  1. Find the address in memory where the proc structure of a shell that the user has open, i.e., where the shell's process resides in memory.

  2. Press Stop-A to drop to OBP.

  3. Write 0 to the cr_uid field of the processes cred structure. The location of this in memory is easily found from the process address.

  4. Type go to return to Solaris where there is a shell where the user now has an effective user id of 0, i.e., root privileges.

Full details can be found at Brendan Gregg's website. The option to ps that gave easy access to processes' addresses, has been since removed to make this more difficult, but it would still be easy to find with a debugger, for example.

There are a few things to be learned from this:

  • With great power comes great responsibility.

  • A hypervisor can completely bypass the security controls of its guest operating systems.

  • If an attacker has access to a machine physically or via a hypervisor, it is a matter of "when" and not "if" they gain control.

Sunday, January 25, 2015

Learning Forth

One of my side projects for this year is to learn the programming language, Forth. Some people might consider this an odd language to learn. It is not a popular language. There are no hot startups using it (that I know of). It doesn't even show up in the top 100 languages in the TIOBE Index. However, I am convinced learning it is worthwhile. Some of my reasons for this are:

  • Forth is probably the most successful and widely deployed language that nobody has heard of. It is the language used to develop OpenFirmware. This boot loader is installed on the laptops of the One Laptop Per Child Project, on PowerPC based Apple Mac computers, and on SPARC based computers from SUN Microsystems. It has also been used to develop to develop control software for the National Radio Astronomy Observatory, which is where it was developed.

    While not as widely used as C/C++, Forth is used a lot in embedded applications and has been ported to most micro-controllers. For example, the Forth, Inc. website has downloadable examples for Arduino and the TI LaunchPad development board. The website also lists a number of interesting applications built with Forth.

  • Forth is a concatenative stack based language. This makes it very different from most mainstream languages, which are based on the object oriented (e.g., Java), imperative (e.g., C), or functional (e.g., Haskell), paradigms, or hybrid versions of these (e.g., Scala or Ruby). Learning this new paradigm opens up new approaches to solving programming problems and provides a new perspective on the art of programming. The stack programming paradigm is used in the JVM byte code interpreter and in the PostScript interpreter, so getting to grips with this programming model is helpful for understanding the low level details of these widely used technologies. Due to its underlying philosophies, Forth is the most pared down and open of the concatenative languages.

  • The history of the language is interesting. For example, one of the first Forth primers was written by W. Richard Stevens.

  • Forth is an excellent language for interacting directly with hardware and exploring the features of hardware. For too long in my career I have been able to get away without knowing much about the underlying hardware that my code runs on. With the rise of the Internet of Things this is a handicap. Understanding of hardware and how to code on it efficiently will become more important. The hardware to software interface is becoming more fluid and that is where Forth lives, so it is ideal for exploring the trade-offs.

  • The primary reason I want to learn Forth is that it challenges conventional programming wisdom. Conventional wisdom says hardware can be abstracted away completely behind multiple layers of abstraction. With Forth it is one layer away. This does mean you can cause damage, like accidentally frying the rx/tx GPIO pins on your Raspberry Pi, to pick a totally random example. However, it also allows for very small and efficient code. Conventional wisdom says you should always use libraries and not reinvent the wheel. The philosophy of Forth says that you are not going to need most of the library and it probably won't meet all the requirements of your application anyway, so writing your own version should be considered. Additionally, how well do you know how the library works and what its tradeoffs are if you haven't tried to implement it. It's these little heresies that point out how much of programming wisdom is taken for granted.

I am using the following resources to learn Forth:

  • Starting Forth, by Leo Brodie. This book is unfortunately out of print, but can be found online here. This is a beginners introductory book, but, looking at the table of contents, it seems to sneak in some advanced topics, like metaprogramming, near the end.

  • Thinking Forth, again by Leo Brodie. I have already read this and it is the best book I have ever read on how to decompose a programming problem and how to structure the solution code. I'll be reading it again after I write a significant amount of Forth code.

  • GForth: this is the main Forth implementation I'll be using.

  • Pi Jones Forth: this is a very bare bones Forth implementation that runs, bare metal, on a Raspberry Pi.

Sunday, November 23, 2014

TIL: ARM Has Java Bytecode Execution in Hardware

I recently purchased a Raspberry Pi. While poking around in /proc I discovered that java is one of the features of the ARM processor in the Pi. It turns out that some ARM models have Java bytecode instructions implemented in hardware.

Wednesday, November 19, 2014

On Writing Well

I like doing things that have a body of theory behind them. For example, I prefer taijiquan to kickboxing, as a martial art, as it has deeper theory. So when I started blogging, I went looking for its theoretical foundations. I found them in the principles of good nonfiction writing. I bought two books: The Elements of Style, by William Strunk Jr. and E. B. White, and On Writing Well, by William Zinsser.

The book is unusual for a writing guide. Firstly, it is a good read. It is actually hard to put down. Advice on writing is given clearly and simply. That is part of it. However, Mr. Zinsser illustrates his points with personal anecdotes, and this is what makes the book so interesting. In the chapter entitled A Writer's Decisions, for example, he uses an account of a trip he took to Timbuktu. He walks us through the article he wrote, paragraph by paragraph, explaining what he wrote and what he was thinking at the time. Between the travel piece and its explanation, you get an idea of the author's personality. He's interesting. It makes his book interesting.

He is passionate about the craft of writing, and that comes through in a few humorous digs at bad writing. For example:

He or she may think "sanguine" and "sanguinary" mean the same thing, but the difference is a bloody big one.

Humour livens up the advice too:

Don't get caught holding a bag full of abstract nouns. You'll sink to the bottom of the lake and never be seen again.

Secondly, the book covers more than just grammar and rules for composition. It covers the whole craft of writing nonfiction. There is a section on forms of nonfiction writing, such as travel writing, sports writing, biographies, and business writing. There are a few paragraphs on the relationship between an author and an editor. This is useful information for a professional, and interesting for an amateur blogger like myself. There is a chapter on interviewing people too. It explains how to conduct an interview, how to quote people, and the ethical responsibility that a writer has to be faithful when using a quotation. The author also explains why you would want to quote someone in the first place. He uses quotations effectively himself, and these make his point very clear. The author includes a story about an article he wrote about Mount Rushmore. Instead of describing the place himself, he interviewed the people that worked there. I cannot think of a more evocative way of describing Mount Rushmore than one of the quotations he got:

"In the afternoon when the sunlight throws shadows into that socket," one of the rangers, Fred Banks, said, "you feel that the eyes of those four men are looking right at you, no matter where you move. They're peering right into your mind, wondering what you're thinking, making you feel guilty: 'Are you doing your part?'"

In short, On Writing Well is an informative book. It covers the whole craft of non fiction writing in about 300 pages and it is written well.

Monday, November 17, 2014

First Post

Hello and welcome to the inane ramblings of an Irish software developer.

The title of the blog comes from Lewis Carroll's, Through the Looking Glass. In the book, Alice goes running with the Red Queen, but they don't seem to make any progress. Alice remarks on this, saying, "Well in our country, you'd generally get to somewhere else - if you ran very fast for a long time as we've been doing." The Red Queen replies, "A slow sort of country. Now, here, you see, it takes all the running you can do, to stay in the same place." The Red Queen Effect is quite applicable to the software industry, and as I probably will be talking quite a bit about the software industry, I thought it would be a good name for a blog.

I have a few objectives for my new blog. By writing here, I hope to learn how to write well. That is, I hope to learn how to write clearly and concisely, and be interesting at the same time. I also hope that this blog will become a good professional advertisement for me - something that says, "Yup. That guy is a decent programmer."

Specific things I hope to talk about here will include my favourite programming languages, good books that I have read, and interesting things that I have learned. I hope you find something of value here.