Auto schmauto

Anders reminded me again of an annoying feature of C++: Making doing the wrong thing easy, and the right thing difficult.

If you use auto in a range-based for loop, you end up with unnecessary copying, and invoking the copy constructor.

So instead of

for (auto a : v)

You need to

for (const auto & a : v)

Twice as long, and three times harder to read.

Not to worry, preprocessor to the rescue!

#define magic const auto &

for (magic a : v)


Improper TLS certificates in the wild

Not many things have been able to stop me from being blog silent, but rest assured, yet another nail in the digital certificates' coffin appeared today.

Please (re-)read TLS: A Broken Trust Model before continuing. Don't worry, I'll wait.

Today, Google announced that not only one, but two of TÜRKTRUST's customers incorrectly got issued intermediate CA certificates instead of web site certificates.  Such certificates can be used to issue new certificates to any domain. One of these were used to issue a certificate valid for *.google.com.

This attack was extremely dangerous, but at the same time very stupid.  By attacking a large security centric organization such as Google the attack was not able to run loose for very long.  Secondly, since Google provides one of the most widely used web browsers they were quickly able to release updates to block these intermediate CAs and even reducing the trust in TÜRKTRUST as a root CA.

Had this happened to a widely used but not very security centric organization it could have gotten a lot worse before the problem was fixed.

But this only serves to highlight my point from over three years ago: the CA trust model is inherently broken. We need a completely new approach to the trust supporting our digital life.


Splitting hostnames and port numbers? You're probably doing it wrong!

Are you writing programs that accept hostname:port statements either as command line arguments or configuration file entries and then separating the hostname and port part by finding the colon?

Here's news for you -- you're probably doing it wrong!

Why? IPv6, that's why!  In IPv6 the colon character is part of the address statement.  A typical IPv6 address looks like 2001:db8:85a3::8a2e:370:7334.  In this form having a port number colon separated from the address is impossible.

That's why the URL syntax is as follows: https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/

Building on this the acceptable hostname:port syntax is retained, but you need to pay attention to the brackets.

For example, for the hostname:port value [2001:db8:85a3:8d3:1319:8a2e:370:7348]:443 the following C++ code does the trick:

size_t colon = host.find_last_of(":");
size_t bracket = host.find_last_of("]");
if (colon != std::string::npos &&
    (bracket == std::string::npos || bracket < colon))
    port = host.substr(colon+1);
You can probably figure out how to do this in other languages.


Android Orphans: Visualizing a Sad History of Support

Michael Degusta tells a sad story in Android Orphans: Visualizing a Sad History of Support:
I went back and found every Android phone shipped in the United States up through the middle of last year. I then tracked down every update that was released for each device - be it a major OS upgrade or a minor support patch - as well as prices and release & discontinuation dates. I compared these dates & versions to the currently shipping version of Android at the time. The resulting picture isn’t pretty - well, not for Android users.
My iPhone 3G stopped being updated only a few months ago, and is now 1 major version behind.  In fact, iPhones are the only devices I've ever owned that has had regular long term updates, even across major versions, for free.


A Lock Free Concurrent Circular Buffer With Multiple Independent Readers

I wrote about a Lock Free Concurrent Circular Buffer about a year ago.  This has now been updated to support multiple independent readers, so many consumers can get updates to this circular buffer.

It is still lock free, so the readers won't block.  If you try to take() on a buffer with no updates a null is returned, and if you drain() a buffer with no updates you get an empty list.

The code is now on GitHub, so I recommend you give it a spin if you want a (simple) circular buffer.  It does detect buffer wraparounds, but will in this case reset the reader to the end of the buffer, losing any intermediate updates. Tune your buffer size accordingly.

Take a look at the unit tests to get an idea on how to use this buffer.


Blogger has an official app for iPhone

This blog post serves as proof that it works.

Seems to do okay, but does not have rich text.

Also the labels do not auto complete.


So it finally happened...

From "Who do you trust to tell you who to trust?":
The big security news of the past few days is the story of the compromise of the DigiNotar Certificate Authority and the subsequent issuing of fraudulent SSL certificates, leading to actual Man in the Middle attacks against Gmail users in Iran.
When the whole trust structure for SSL was devised, there were many people who worried that it gave too much power to certification authorities. In this instance we had one that suffered a security breach, but imagine if there were a corrupt one. With hundreds of trusted certification authorities, each with the power to issue certificates for any domain, the scope for abuse is substantial. I was one of those worriers.
It is easy to say that I don’t like the system, it is much much harder to present an alternative that works better and doesn’t burden users with the task of performing their own audits of certificates or authorities. There are a number of proposals out there, and discussion of them has certainly kicked off again over the past few days. My post here has already been long enough, so I will redirect readers to a post by Mike Caldwell who proposes an idea I haven’t seen before (as well as linking to other proposals).
Well, I told you so. Basically the use of TLS to ensure trusted domain names is not trustworthy. In my opinion this problem should be solved by the Domain Naming System, not by Transport Layer Security.