Today I Learned

windhound · September 09, 2013, 03:56:19 PM

Post random facts and stories here.

First off:

"In Unix systems, there's a program named "login". login is the code that takes your username and password, verifies that the password you gave is the correct one for the username you gave, and if so, logs you in to the system.

For debugging purposes, Thompson put a back-door into "login". The way he did it was by modifying the C compiler. He took the code pattern for password verification, and embedded it into the C compiler, so that when it saw that pattern, it would actually generate code that accepted either the correct password for the username, or Thompson's special debugging password. In pseudo-Python:

def compile(code):
if (looksLikeLoginCode(code)):
generateLoginWithBackDoor()
else:
compileNormally(code)

With that in the C compiler, any time that anyone compiles login, the code generated by the compiler will include Ritchie's back door.

Now comes the really clever part. Obviously, if anyone saw code like what's in that example, they'd throw a fit. That's insanely insecure, and any manager who saw that would immediately demand that it be removed. So, how can you keep the back door, but get rid of the danger of someone noticing it in the source code for the C compiler? You hack the C compiler itself:

def compile(code):
if (looksLikeLoginCode(code)):
generateLoginWithBackDoor(code)
elif (looksLikeCompilerCode(code)):
generateCompilerWithBackDoorDetection(code)
else:
compileNormally(code)

What happens here is that you modify the C compiler code so that when it compiles itelf, it inserts the back-door code. So now when the C compiler compiles login, it will insert the back door code; and when it compiles the C compiler, it will insert the code that inserts the code into both login and the C compiler.

Now, you compile the C compiler with itself – getting a C compiler that includes the back-door generation code explicitly. Then you delete the back-door code from the C compiler source. But it's in the binary. So when you use that binary to produce a new version of the compiler from the source, it will insert the back-door code into the new version.

So you've now got a C compiler that inserts back-door code when it compiles itself – and that code appears nowhere in the source code of the compiler. It did exist in the code at one point – but then it got deleted. But because the C compiler is written in C, and always compiled with itself, that means thats each successive new version of the C compiler will pass along the back-door – and it will continue to appear in both login and in the C compiler, without any trace in the source code of either."

http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/ (via Slashdot)

Gen. Volkov · September 09, 2013, 06:04:49 PM

So does that mean that anyone who knows Thompson's password can hack any UNIX/Linux system?

windhound · September 10, 2013, 09:08:53 AM

Sort of assuming this is a cautionary tale of what could be done, but if it were done then yip. Not so much hack, but if you knew Thompson's special debugging password you could have logged into any unix machine compiled with the backdoored C compiler.

Just shows you, even with open source software where you could (in theory) audit the code, there's no guarantee the software on your system is secure.
Not that it matters so much for home users, but gov't on gov't surveillance is another matter.

-----

Another tech-related one,
Chinese is an odd language.
http://en.wikipedia.org/wiki/Lion-Eating_Poet_in_the_Stone_Den

Keyboard input isn't quite as straightforward

" At the simple end, Wubihua assigns 5 keys to the most fundamental strokes used to write Chinese: horizontal, vertical, left-falling, right-falling/dot, and hooked/complex. You press the keys corresponding to at least the first 4 strokes, then press the key corresponding to the last, and it presents you with a list of plausible characters that match. The more keys you press, the smaller the list gets, until you're left with either an unambiguous match or you've entered all the strokes.

Other methods, like Wubizixing, go a step further, and assign keys to the radicals themselves (if you think of characters as being like molecules, radicals are atoms, and strokes are quarks; in English terms, characters are words or stems, radicals are letters, and strokes are the way you'd write those letters... like "vertical, vertical, horizontal" for "uppercase H")."
via Slashdot
http://en.wikipedia.org/wiki/Wubihua_method
http://en.wikipedia.org/wiki/Wubizixing

That, or they just use pinyin
http://en.wikipedia.org/wiki/Pinyin

Drakus · September 10, 2013, 10:39:29 AM

'Another tech-related one,
Chinese is an odd language.
http://en.wikipedia.org/wiki/Lion-Eating_Poet_in_the_Stone_Den "

I am addicted to lion!!! I shall resolve to eat TEN LIONS!!! SHISHISHIIII

windhound · September 12, 2013, 03:49:48 PM

Lionfish are an invasive species first spotted in Florida and are now common up the southeastern shore
They're teaching sharks to nom them in an attempt to bring the population under control.
http://news.nationalgeographic.com/news/2011/03/pictures/110404-sharks-lionfish-alien-fish-invasive-species-science/#

Gen. Volkov · September 13, 2013, 04:20:48 AM

Well, its believed sharks can prey on lionfish with no ill effects, that has not been conclusively proven. Lionfish are venomous, which is why they have so few natural predators. I hope this doesn't just end up killing a bunch of sharks.

Kilkenne · September 13, 2013, 11:16:32 AM

Maybe the sharks will gain their venom powers...then we would need to train bears with scuba equipment to kill the sharks.

Gen. Volkov · September 13, 2013, 11:33:06 AM

But what if that gave the bears venom powers? The bears would be unstoppable.

windhound · September 20, 2013, 12:56:51 PM

The US launched a 500W nuclear reactor into orbit in 1965
After 43 days a voltage regulator failed, causing the reactor to shut down and the experiment to end.
It is, however, still up there and they expect it to be for 4000 years.
In 1979 it started losing pieces (50+), maybe caused by a collision.

http://en.wikipedia.org/wiki/SNAP-10A

windhound · September 23, 2013, 12:18:43 PM

A 1963 VW "23 window" bus sold for $217,800.00 in 2011
http://www.barrett-jackson.com/application/onlinesubmission/lotdetails.aspx?ln=363.2&aid=423
http://content.usatoday.com/communities/driveon/post/2011/06/why-pay-217800-for-an-old-volkwagen-bus/1#.UkB2iz90Z8E

Obviously a lot of work went into its restoration, but wow.....

windhound · October 21, 2013, 02:21:45 PM

"One of the best known real life examples of Simpson's paradox occurred when the University of California, Berkeley was sued for bias against women who had applied for admission to graduate schools there. The admission figures for the fall of 1973 showed that men applying were more likely than women to be admitted, and the difference was so large that it was unlikely to be due to chance.

But when examining the individual departments, it appeared that no department was significantly biased against women. In fact, most departments had a "small but statistically significant bias in favor of women."

http://en.wikipedia.org/wiki/Simpson%27s_paradox#Berkeley_gender_bias_case

That's actually kinda neat.