Monthly Archives: March 2016

Somebody Else’s Problem

The late, great Douglas Adams described the “SEP field”.  Something may be huge and blindingly obvious and right in front of you, but it’s somebody else’s problem so you don’t see it.

I’ve seen a bug report for a cryptographic function.  Nothing too unusual there you might think, but there’s a twist.  Any fix we could ever implement would not be a fix, but rather an ugly hacked workaround for somebody else’s problem.

Let me explain.  The bug concerns memory that may have contained secrets.  To free it after use, we wipe the potentially-sensitive data:

    memset(buf, 0, bufsize);
    free(buf);

Now the bug there isn’t in our code, it’s in the fact that some compilers and settings might optimise out the memset leaving the sensitive data in freed memory.

How to fix that?

Introduce dummy code that re-uses the buffer after memset?  Not just horribly inefficient, but difficult to guarantee that can’t also be optimised out, either by the compiler or by another developer who sees this useless code.

OK, what about a nightmare of #ifdefs to target compilers?  Erm, no thanks.  If something’s in a widely-supported standard like ANSI or POSIX, the last thing we want is to replace it with a maintenance nightmare of proprietary hacks.

So fix the build to disable optimisation compiling the source file in question?  Not really a solution: downstream folks building and distributing the software may have their own build setups independent of ours.

An altogether better solution-in-principle would be some #pragma that could be standardised across compilers and could disable optimisations within a source file.  It could maybe affect the entire source file that declares it, or ideally it could scope arbitrary sections of code in the manner of #if / #ifdef.  But that’s Somebody Else’s Problem.

Advertisements

Blessed relief

After about six months, the scaffolding is gone from next door.  When it went up I naturally supposed they’d be completing the work before the traditional storms of around October/November.  Down on the road in front were not one but two lorries to take it away!  The banging started uncomfortably early this morning, but was the last.  The ghetto-blaster wasn’t a devastating development in the workmen who had been installing insulation next door, but a one-off.  It blighted an online meeting at noon today, but fortunately I wasn’t presenting anything and stayed on mute.

Next door are the second house on this road to have had such insulation installed recently, and both had scaffolding up for many months while work took place only occasionally amid long intervals of inactivity.  Presumably something has to be left for long periods, on a principle something like leaving paint to dry before the next coat.

Now I can fully open my bedroom curtain again without the risk of workmen watching me in bed.  And my front terrace area is no longer the base of their scaffolding, though I think it’s still somewhat covered in debris.

Passiontide

Our next concert in Plymouth is Bach’s St John’s Passion.  That’s at the Guildhall on Sunday, March 20th, and I have no hesitation recommending this wonderful work to readers in the area.

Having said that, there is one thing wrong.  We’re to perform in English using the new Novello edition.  It’s a new translation, and in a couple of places the words are a very poor fit to the music.  It comes with some bullshit about aiming to sound like the original German, so for example we’d have similar vowel sounds and hence vocal colour on important notes.  That’s pure nonsense: it does no such thing.  Furthermore, it’s not really a new translation: in places it’s identical to the old, and in others it’s much closer to the old translation than either is to the German text.  I can only conclude that the sole reason for the “new” translation is to assert copyright on a score that would otherwise soon be out of it.  Which begs the question: who are the bigger cultural vandals: ISIS or Novello?

Also on the subject of seasonal music, I sang in another easter concert yesterday.  I didn’t blog about it because I was recruited for it at the last moment, and wasn’t clear on the details in advance.  The easter music included Stainer’s Crucifixion and Vaughan Williams’s five mystical songs.  A nice little event in a nice village church.