All posts by robertmcgrath

McGraw on Software vs Security

I enjoyed Gary McGraw comments in IEEE Computer about “Six Tech Trends Impacting Software Security[1].

His main point is that software development (and I would say runtime environments, too) have changed rapidly in the last couple of decades, obsoleting many software security assurance techniques (which I would say were iffy even in their heighday).

The past few years have seen radical shifts in the way software is developed, in terms of both process and the technology stack. We must actively track these changes to ensure that software security solutions remain relevant.” ([1], p. 20)

His list includes:

  • Continuous integration and continuous development
  • “The Cloud”
  • The Internet of Things—software is in everything
  • Software containers, dynamic composition
  • AI
  • Software security leaders are newbs

These are some of the trendiest trends!

Interestingly, McGraw does not see “the cloud” as particularly troubling in itself, and he has a point. If anything, deploying software in standardized server farms is a good thing for security, compared to installing everything on a zillion platforms out in the wild world. (But see “Internet of Things”.)

As he says, continuous development is a hazard not only for security for quality and everything else. To me, continuous development is hard to distinguish from just plain hacking, and that’s not good for quality or security or anything except speed to market.

McGraw doesn’t mention documentation, but please spare a moment to have a kind thought for the poor technical writer, who is tasked with explaining the software, even as it changes from hour to hour.

I myself have already beefed about the IoT many times, which is a hazard from almost every angle. But I have to say that I don’t think it is even theoretically possible to good write code for the IoT, secure or not. And it is deployed out in the world with no one actually in charge. How can this be anything but a catastrophe?

As McGraw suggests, AI cuts both ways. It creates vast possibilities for bugs and breaches beyond human understanding, but also enables tools and processes that can greatly improve software (again, beyond human capabilities). As he says, a lot of this isn’t so much new, but there are so many cycles and gazoogabytes available to anyone, even old tricks can yield amazing results, for better or worse.

The unifying theme in all this is that systems are bigger, faster, and way, way more complicated than ever. Including the Internet, “the system” extends to every corner of the globe, encompassing zillions of nodes and links, under the control of everyone and no one . No human can understand what’s going on, what the software does, or even how the software is configured. If you can’t understand it, you can’t make it secure.

McGraw’s last point is interesting. Security professionals are not stupid, but many of them are young. From my point of view, the question is, “are they paranoid enough?” Probably not.

There are plenty of other tech trends that create security hazards. I’ll just mention my own favorite bugaboo, virtualization. Over my umpty-ump decades of software development, everything has moved to be more and more virtualized. Information hiding, standardization, and emulation are powerful technologies and, honestly, without them we’d never be able to produce software fast enough to even keep up.

But virtualization has led to the situation where even the smallest program depends on an unknowable stack of software. “Unknowable” because even if you intend to freeze the configuration, you really can’t.

Like everyone, I have see cases where developers don’t (and can’t) fix a bug, so they just roll back a magic VM to the magical last safe point where it worked, and restart. Tell me that isn’t a security problem.

The fact that software works at all is a tribute to the skill of we, the programmers. But it is difficult to be optimistic that it won’t all come tumbling down.

If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.” Gerald Weinberg’s Second Law

And if the woodpeckers are out to get us, just how long will civilization last?

  1. Gary McGraw, Six Tech Trends Impacting Software Security. Computer, 50 (5):100-102, 2017.


Four Colors Still Suffice

This fall marks the 40th anniversary of the publication of the first proof of the Four Color Map Problem.

Two professors a the University of Illinois used the relative abundance of computer power at UIUC to produce a groundbreaking computer assisted proof of this perennial question.

I remember very well getting my issue of Scientific American, and there it was:

I knew immediately what it must mean. (As any Illini can tell you, there is a postal substation in the Math building. They arranged a special postal cancellation to mark the announcement.)

The essence of their 1977 proof is to enumerate all possible layouts, and systematically crunch through them all [1, 2]. For their proof they dealt with some 1400 configurations, which took months to process on the IBM 360. Today, you can probably do it in minutes on your phone. Then it took a special allocation of time on “the computer”.

The result was not without controversy. Is it a valid mathematical proof if it has not and cannot be confirmed by a human? (As an Illinois alum, I say it’s a valid proof!)

This theorem has been proved many times since 1977, so there isn’t much doubt about the result. But the first time was a heroic milestone in human knowledge.

Unfortunately, much about this major human accomplishment is effectively lost to historical and intellectual analysis

It was written in IBM assembler, and punched on Hollerith cards. (You youngsters can look those thing up.) I know that Prof. Appel still had the deck twenty five years ago because he showed it to me in a box propping open the door. Even back then there was no way to run the program (no card readers left, nor any IBM 360s).

So there are many questions that cannot be answered. Was the original program correct? What was their coding style like? Is it a pretty or clever code? And so on.

We don’t know, and it would be difficult to find out.

Still. All hail Haken and Appel, computational heroes! We are not worthy!

Giants still walk among us!

Alma Mater

  1. K. Appel, and W. Haken, Every planar map is four colorable. Part I: Discharging. Illinois J. Math., 21 (3):429-490, 1977/09 1977.
  2. K. Appel, W. Haken, and J. Koch, Every planar map is four colorable. Part II: Reducibility. Illinois J. Math., 21 (3):491-567, 1977/09 1977.
  3. Samantha Jones, Celebrating the Four Color Theorem, in College of Liberal Arts – News. 2017, University of Illinois Urbana.


Book Review: “A Selfie As Big As The Ritz” by Lara Williams

A Selfie As Big As The Ritz by Lara Williams

This collection of (very) short stories tells of life in Williams’ Manchester (just released in the US this fall). The stories are about relationships and mostly break ups, unhappiness, sadness, depression, death, and many other unpleasantries. Altogether, it is G-R-I-M, grim.

Williams style is intentionally compressed, squeezing a lot of personal history into f few pages. It is rather lossy compression, and the stories are ambiguous and sketchy, leaving much to the inference of the reader. In many cases, I didn’t really know what had happened or was happening, or whether the events were past, present, or fantasy.

The stories are about relationships, especially in the life a young woman with a Masters in writing living in Manchester. “Write what you know”, I guess.

Any one of her stories is a little puzzle to work out. But taken together as a collection, it’s really awful to read dozens of permutations of unhappy, lonely people.

The stories are mostly about breakups and disappointments. When there are happy moments or relationships, they are rapidly ended, sometimes before they can even start.

I couldn’t really understand the protagonists, let alone identify with them. It’s not that they can’t find happiness, they seem to want to be unhappy. They push away good things, sometimes for no reason I can discern.

If this is a slice or life or, heaven help her, autobiographical, it’s outside my own experience. If these are metaphors or messages, I haven’t a clue what she is trying to tell me. If this is supposed to be theraputic or to help people, please tell me how it is supposed to do any good.

Williams writes reasonably well, but these stories (especially collected in a mass) are unpleasant to read. I’m left wonder why anyone would be writing such depressing stories.

  1. Lara Williams, A Selfie As Big As The Ritz, London, Penguin, 2016.


Sunday Book Reviews

Antarctica Heat Flux Map

One of the most important scientific questions of the early twenty first century is, “what’s going on in Antarctica?”

Antarctica is a the largest reserve of ice on the planet, and when (not if) the ice melts, it will raise sea levels by tens of meters. Glub.  (See a new NASA simulation of the effects of the melting ice.)

Just how fast is the ice melting?

This is a complex question to answer. The ice caps are gigantic (miles deep at places), and warmed by the air above and the Earth and sea underneath. Warmer air and water melt the ice, but may produce more new snow. There are liquid rivers and lakes under the ice which erode and melt from underneath. In some places glacier of ice are flowing down to the sea, where they will break up and melt.

It’s complicated.

This week a team of British researchers published a map that reflects an important piece of the picture: the heat flux under the ice [3]. This is the heat coming from the Earth’s interior, which they show is quite variable across the continent.

Hotspots are located under West Antarctica; in contrast, the East is broadly relatively cold. British Antarctic Survey.

The study used several measures of the magnetic properties of the rock under the Antarctic ice, including surface, air craft, and satellite surveys. Molten rock loses its magnetic field at a specific temperature, so the magnetic measurements can show where the rock cools below this limit. This can be used to infer the temperature at various depths below the surface.

The resulting map shows considerable variation across the continent. The warmest locations will presumably tend to melt more than cooler places (on the underside of the ice).

One interesting point from the map is that West Antarctica is melting faster than other areas, but the heat flux from the Earth is low. This suggests that the melting is due to warmer seas and ice flows, with little contribution from geothermal heat.

This dataset will contribute to many studies of the Antarctic ice. (It will be literally the foundation for many simulations.)

  1. Jonathan Amos, Antarctica’s warm underbelly revealed, in BBC News – Science & Environment. 2017.
  2. Eric Larour, Erik R. Ivins, and Surendra Adhikari, Should coastal planners have concern over where land ice is melting? Science Advances, 3 (11) 2017.

Yasmina M. Martos, Manuel Catalan, Tom A. Jordan, Alexander Golynsky, Dmitry Golynsky, Graeme Eagles, and David G. Vaughan, Heat flux distribution of Antarctica unveiled. Geophysical Research Letters:n/a-n/a,


US Is Second Place in HPC, and Soon In Everything

Much of my career orbited supercomputing one way or another, so I know the significance of the headlines this week from the Top500 list: “China Pulls Ahead of U.S. in Latest TOP500 List”.

The Top500 is a perennial ranking of the performance top supercomputers in the world. For several decades, the US dominated the list. This was not just a matter of pride, it was considered an urgent national and national security priority.

Now, I know as well as everyone that the Top500 ranking isn’t particularly significant in itself. Benchmarks of any kind are deceptive at best, and totally gamed at worst, and the traditional TOP500 doesn’t represent real life performance. [2]

But these systems represent the peak of the mountain, and generally reflect the size and capabilities of the rest of the mountain. These top end systems are built on top of vast amounts of computing, networking, and human talent.

Equally important, as Sensei Larry Smarr used to say, supercomputing is a time machine. HPC technology today will spread through out all of computing and the economy in a decade or so. Domination of the Top500 means that there is a lot of technology in the pipeline for the coming decade.

The news that China has passed the US in this list reflects the efforts of the Chinese, and the lagging efforts of the US. It also is a clear sign that China will likely be the leader in many aspects of IT and other technology in the coming decade.

China’s success is scarcely a fluke. They have been pouring resources, including government support, into many kinds of technology, as well as training and supporting research and development.

The US, in contrast, has been lagging badly. In particular, the government, by which I mean congress, has been cutting financial support for science and technology of all kinds. This week we learn of a plan to massively increase the income tax for graduate students—a brilliant way to empty out US research labs, if I ever saw one.

If you want to make America great, you need to increase support for research and development, not end it. And it would help to hire a lot more scientists, rather than harass, abuse, and purge them.

The Top500 is just one of many indications that these bone-headed policies are bearing predictable fruit. Congress and the administration are working hard to help make China number one.

  1. TOP500 News Team, China Pulls Ahead of U.S. in Latest TOP500 List, in Top500 – News. 2017.
  2. David Schneider, Two Different Top500 Supercomputing Benchmarks Show Two Different Top Supercomputers, in IEEE Spectrum – Tech Talk. 2017.


The Neverending Ethereum Disaster

This month Bitcoin almost split in two, pulling back from the brink at the last minute. Of course, there is no solution in sight for the dire scaling problems of Bitcoin, but who cares as long as the exchange rate keeps rising against the weakening US dollar?

Etherereum should be so lucky. After the DAO disaster in 2016, followed by several hard forks that rewrote history, you would think that sensible people would have headed for the hills. Of course that’s not happening.

This fall has seen yet another disaster. One of the most used wallets experienced a bug which led to the freeze of a large amount of Ethereum. I don’t really understand the bug itself, but somehow the coins were consigned to accounts that can no longer be managed. You can see your money, but no one can get it.

Just as baffling as the bug, there seems to be little urgency to fix it. It’s been a week now, and there seems to be little idea of what can be done, and shockingly little indication that anything will be done soon.

Stan Higgens writes in Coindesk that “Parity Floats Fix for $160 Million Ether Fund Freeze”, but the actual text indicates that there is no fix in sight except maybe a hard fork due in 2018 [2]. In other words, you are out of luck if you are wanting to use some of those millions of Ether any time soon.

The good ship Ethereum is like the Titanic, except when it sinks they roll back time and sail again—to sink all over again.

It is important to point out that these disasters in Ethereum are mostly not due to the core protocols and cryptography that define the distributed ledger itself. The DAO went down with all hands because of a bug in executable contract code, and the Parity Wallet ran aground due to the wallet code (related to executable contract code, I think), not the ledger itself.

The point is, security is an end-to-end thing <<link>>. People who talk about how invulnerable the core ledger is supposed to be are missing the point: Ethereum or any cryptocurrency is only as secure as the weakest link between two users. And there are a lot of links: wallets, APIs, servers, networks, mobile devices, and OS code, to name a few. And there are people in the chain, too, heaven help us.

At some point, you have to ask whether Ethereum is creating more problems than it is solving.

  1. Stan Higgins, Parity Floats Fix for $160 Million Ether Fund Freeze. Coindesk.November 13 2017,
  2. Parity Technologies, Parity Technologies Multi-Sig Wallet Issue Update, in Parity Technologies Blog. 2017.


Cryptocurrency Thursday


Biomimetic Robotic Zebrafish

Bioinspired and Biomimetic systems are the bees knees (sometimes, literally! [1]).

In some cases, taking bio inspiration leads to designs and design principles for human purposes (e.g., crawly robots inspired by Earthworms [2], or nets inspired by spiderwebs [4]).

Other times, creating a biomimetic robot teaches us about nature.

A group of European researchers from Ecole Polytechnique Fédéral de Lausanne and Sorbonne report this fall on a project that has created a robot zebrafish (Danio rerio) that joins the school of live zebrafish [3].

This is actually pretty difficult, because zebrafish are kind of loosey-goosey about schooling, coming together as needed in different situations. Today’s successful zebrafish must pay attention to the other fish, and play nicely with others.

The result is a robot not only looks and swims like a zebrafish, it learns the social signals of the fish, and behaves correctly I.e., it mimics the anatomy, the movement, the behavior, and the social signaling of the natural fish.


This seemingly rather simple result required analysis of how zebrafish school. The researchers developed a two level model, a high level strategy (where the school is going) and a more detailed movement model (how to move in the school).

They also had to quantify the “social integration” achieved by the robot and other fish, which is a measure of how zebrafish-like the robot is, compared to observations of the real zebrafish.

And, of course, they used a fishbot that looks and swims like a zebrafish. For some reason, zebrafish aren’t fooled by a lure that is a very abstract fish shape.

The researchers emphasize that all three forms of mimicry are important for successful schooling.  She’s gotta look like a zebrafish, swim like a zebrafish, and follow along like a zebrafish.

These results suggest that it should be possible to create robots that not only join in, but persuade and lead a school via the natural signaling of the fish. Such a robot or group of robots presumably would be a low-stress method to herd fish. (I’m not completely sure why one would need to herd zebrafish, per se.)

This study is pretty awesome.

It does to seem like kind of a one-off case, though. It took a lot of work to observe and model these small groups of zebrafish. It isn’t clear how well these techniques might apply to larger groups, longer time periods, other environments, or other species.

Obviously, it will be useful to automate the learning of the social signals and so on as they suggest. Eventually, this might lead to a theory of fish—metaknowledge of different cognitive models in fish. Now that would be cool.

  1. J. Amador Guillermo, Matherne Marguerite, Waller D’Andre, Mathews Megha, N. Gorb Stanislav, and L. Hu David, Honey bee hairs and pollenkitt are essential for pollen capture and removal. Bioinspiration & Biomimetics, 12 (2):026015, 2017.
  2. Fang Hongbin, Zhang Yetong, and K. W. Wang, Origami-based earthworm-like locomotion robots. Bioinspiration & Biomimetics, 12 (6):065003, 2017.
  3. Leo Cazenille, Bertrand Collignon, Yohann Chemtob, Frank Bonnet, Alexey Gribovskiy, Francesco Mondada, Nicolas Bredeche, and José Halloy, How mimetic should a robotic fish be to socially integrate into zebrafish groups ? (accepted). Bioinspiration & Biomimetics, 2017
  4. Zheng, L., M. Behrooz, and F. Gordaninejad, A bioinspired adaptive spider web. Bioinspiration & Biomimetics, 12 (1):016012, 2017.



Robot Wednesday


PS. Wouldn’t  “Biomimetic Robotic Zebrafish” be a good name for a band?