Coding 101 48 (Transcript)
Father Robert Ballecer: On this episode of Coding 101, it's the best of 2014.
Voiceover: Netcasts you love from
people you trust. This is TWiT! Bandwidth for Coding
101 is provided by Cachefly.com.
Fr. Robert: Welcome to Coding 101. It's the TWiT show where we let you into the world of the code monkey. I'm Father Robert Ballecer and this is out 2014 Best Of episodes. That's right, we're going to take you through some of the best
moments of Coding 101. Some of the best interviews, some of the best segments
and some of the best juicy bits of code to distill it down to what it means to
be a code monkey. So without further ado, here's the best.
(From Episode 9)
Fr. Robert: Mr. Liam Kennedy. Liam - thank - you
so much for coming up.
Liam Kennedy: Thank you for inviting me.
Fr. Robert: Now, you are from Pasadena right?
Liam: I am. Yes, I am the little old coder from Pasadena.
Fr. Robert: The home of the Big Bang Theory!
Liam: The home of the Big Bang Theory and yes. If you sort of look at what I’ve got going on here in front of me,
and imagine my house. We’ve pretty much been living in the Big Bang
Theory in my house for the last three months.
Fr. Robert: Now Liam, before we get into the wonderful hardware
that is in front of us, could you give the TWiT Army,
the Coding 101 Code Monkeys a little idea of who you are, where you come from,
and why you’re standing in front of the ISS-Above.
Liam: Sure. So, first things, the ISS-Above, obviously what
it does is on the basics of it, it just lights up whenever the space station is
around, which happens more frequently than you’d imagine. My interest in the
ISS is really what brought me to develop this. So for many years I’ve been
passionate about public outreach for astronomy. A common thing that I would
always get involved in is looking out for when the Space Station is coming
over.
(cut to later in episode)
Fr. Robert: How do you go about moving from, “I like the ISS, I
like space exploration,” to, “I'm going to make a Raspberry Pie program that can
tell me when it's above me.”
Liam: So yes. Go back three years. I think this bears
mentioning, three years ago, I heard about a project, another project, called
ISS-Notify that was going to create a little Arduino-based device that would
light up whenever the Space Station comes over. I backed it, along with quite a
few other people. After seeing a lot of great progress by the
creator for a couple of years. Then it just looked like things just
stopped happening. You can speculate as to why that happened -
Shannon: Sometimes that happens.
Liam: Yes, but the end result is, three years and I didn’t
have this cool little device that lit up when the space station came by. So I
just really gave up waiting and decided to see what I could create. And
thankfully, in the time that elapsed from then to now, we ended up building the
Raspberry Pie version.
(cut to later in episode)
Fr. Robert: Why would you choose the Pie over anything else? Was
it just convenience, was it just because you already had one for this other
project?
Liam: So I would say it was a matter of coincidence that I
happened to have the Raspberry Pie in front of me. But I did some very quick
testing of what I needed my code to do and it’s perfectly adequate for it. Absolutely. The other project, I believe, the way it was
going to work was pull information every few days off of the web and some
websites out there that list the same data. But my code actually does all of
the calculations for where the ISS is on the device. There’s basically a standard
library you can get called Ephem, it's for Ephemeris,
it's an astronomical term. But I used that to do the calculations on the device
and it works just great.
Fr. Robert: Wait,
wait, wait. I was under the impression that your projects scraped
some sort of public data base to say, “Oh, yeah it is over your latitude and
longitude”. You’re saying Pie would know just because of the calculations
you’ve programmed in.
Liam: Yeah. I tell you, if I didn’t need the access to the
internet for the clock you could just unplug it from the internet and it would
just work perfectly well. What it does pull down every few days is what’s
called the NASA 2 line element. It is actually basically a set of data points
that defines the orbit and NASA updates that every few days. But they probably
update it minute by minute. But the ISS shifts its position, usually it is dropping down naturally because although it is up in space, it is
still impacted a little bit by the upper atmosphere. So it tends to drag itself
back down and then they use rockets to push it back up.
Fr. Robert: They'll use that to push it back up to the proper
orbit.
Liam: Yes. So the equation has to be updated. So that is
what the Raspberry Pie does use the internet for is to pull down that
information every few days.
(cut to later in episode)
Fr. Robert: We’ve got people in the chat room who actually –
they're impressed. They understand what you are trying to do. We’ve have Eric Duckman and Bebo who are both
saying, “Look, the calculations to do that, the number crunching that you have
to make your Pie do in order to figure out the orbit, that’s not trivial.” That
is actually a lot of work.
Liam: It is and I am not a rocket scientist. So I really
couldn’t do that math but this library that you can get, you just install it
with one line, you’ve seen it. Pseudo, whatever it is, App Get … blah, blah,
blah. Python installed whatever it is,
I’ve forgotten it. Then there is the Ephem library.
Then you can start coding against that yourself. Of course, the code is visible
for anyone to see, you can look at what I’ve done.
Shannon: So you had this code figured out, all the mathematical
equations to find the ISS above you at a certain time. You figured out that you
can put this on the Raspberry Pie. What is next?
Liam: What was next was just
figuring out how I could use the Raspberry Pie display options to indicate
what’s going on and that is really what you see in front of you here.
Shannon: So that is why we have these little LEDs blinking!
Liam: Yeah. I’ve always enjoyed anything with a blinking
light.
Fr. Robert: You know, yes. Let’s get into the hardware. Because
our guys love hardware and we’ve got all these wonderful boxes sitting in front
of us. Tell us, what are they doing?
Liam: Yes. So where do I start? I’ll start with this one
that is just very easy to look at. Well, maybe I will go over here. Okay, here
we go. So this is the basic one with the Raspberry Pie platform and it simply
has a very simple display on it called a Pie Glow.
Fr. Robert: It's a shield, right? It plugs right into the GPIO
Liam: It plugs right into the GPIO port, in fact, you can even see that I
haven’t put it in very nicely there. But that is all it is. Then I just
programmed the light to do a certain sequence based on where the Space Station
is. This is another version.
Shannon: So that one is blinking.
Liam: Yes, and this one, if you count the number of green
flashes, okay. Four, five… Six flashes. So if it's approximately an hour or
less the ISS above flashes green the number of times for the number of 10
minute intervals. So now I’ve messed around with the time on these so I’m not
sure if this is real time now. I don’t think it is. But essentially, that says
that it is 60 minutes away from the next pass of the ISS. So, you know, not all
the passes are visible and that is why I've got another website. So the other
thing I’ve got going on here, you know you were talking about the Raspberry Pie
being underpowered just think of this. This thing
tweets. So when the Space Station is going – is particularly close to you all
of the lights on here will start going crazy. But it also sends a tweet!
Fr. Robert: So I could program it to say, “The ISS is above me!”
Shannon: Does it tweet to the ISS?
Liam: Well, sort of. It tweets to the ISS by tagging at the
request of NASA. So, during the kickstarter program
they got wind of what was going on and their public affairs at NASA Johnson
Space Center which is Mission Control for ISS, sent me
an email saying, “Could you please make sure you tag @NASA_Johnson.”
So that was neat. They also do tweet to @ISS_Research which is the research arm. They’re the organization for NASA that actually
determines what research has done on the Space Station by the astronauts.
Fr. Robert: So they are receiving thousands of tweets from all
your Pies, saying , “Hey, I see your ISS!”
Liam: Well yes, and that gives it - that is a good point.
So, I’ve run a kickstarter that was very successful
but before that I wanted to make absolutely certain that people wanted this and
also that they could see that it was working already. So bearing in mind the
other kickstarter didn’t fulfill what it was going to
do -
Shannon: Wait, what?
Liam: So I created a beta program and I was heading over to
the UK in December and I installed a couple of them for my grand
kids. So the grand kids got them. Then there was a post on Hackaday and on Reddit and then people suddenly started to approach me
saying, “Hey can I get in on this beta program?” So I had about 20 sites. So
what you’re seeing right here now are the tweets. So I’m just on my page here.
You'll actually see the tweets that are coming from those Beta sites that are
around the world.
Shannon: That is so cool.
Liam: The way that it is done is that this little device is
posting to my WordPress site and the WordPress site is sending the tweet.
Fr. Robert: What I like about this is, that you are leveraging a lot of existing tools to do something that is very
different and that is very much in the hacker spirit.
(From Episode 13)
Fr. Robert: … we want to talk about Heartbleed because it actually
addresses something very, very basic in programming and something that’s very
important. It’s all about sanitizing inputs. It’s about -
Shannon: Sanitizing your comments.
Fr. Robert: …your comments. Well, sanitizing your code.
Shannon: Yes, your code.
Fr. Robert: You have to make sure that the data you receive is
what you expected.
Shannon: Exactly.
Fr. Robert: But unfortunately the writer of the piece of code in
open SSL that is responsible for the Heartbleed bug didn’t do that. Now Bryan,
you actually have a link for the Github that has all
the open SSL code. While you get that up, let me really briefly state what’s
going on in the Heartbleed bug. So what we’re talking about is the heartbeat.
Anytime I establish a secure connection, so Snubs, let’s say that you're
Facebook. Okay, you're the Facebook server, I'm talking to you, you know that little - how you get that little padlock in
the upper corner of you browser?
Shannon: Yes.
Fr. Robert: It tells you that you're secure right?
Shannon: Yeah, it tells me I'm using HTTPS.
Fr. Robert: Exactly, secure sockets layer or TLS, which give me an
encrypted tunnel between the client and the server. You're the server, I'm the
client. Now, that’s a good thing because without that anyone can just snoop in
on our conversations and they could read everything that I'm sending and
everything that you're sending back to me.
Shannon: Especially if they have a WiFi pineapple.
Fr. Robert: “Brought to you by Hak5.” No, but see, here’s the thing, I can’t just keep those open.
Shannon: Right.
Fr. Robert: Right, once I've established one of those connections,
I need a way to tell the server that even when I'm not using it, let’s say, I'm
reading something that’s on my page and I'm reading it for three minutes. My
client, my computer still needs to be able to tell the server, “I'm still
connected, I still need you. Don’t shut off the connection.”
Shannon: So this is the heartbeat that’s going between us.
Fr. Robert: This is the heartbeat, right. It’s just a nonsense
piece of data. It’s a minimal data set. It’s a very small handshake, very small
packet essentially saying, “Keep me alive. Keep me alive, keep me alive.” It
does that every once in a while.
Shannon: So why do we have these jelly beans up here?
Fr. Robert: Okay, so this is your system memory, you're the server
right?
Shannon: Oh yeah.
Fr. Robert: Don’t eat your memory.
Shannon: I won’t eat my memory.
Fr. Robert: Oh man, she's going to eat all my memory. All right so
you -
Shannon: My hard drive just failed.
Fr. Robert: Now this, this one jelly bean, this is my heartbeat
packet. So what I have to do is I have to send you two things. I have to send
you my payload and the payload is the jelly bean, right? But I also have to
send you a description of how big this is.
Shannon: Ah, okay.
Fr. Robert: So in all non-open SSL implementations of the SSL, of
the secure sockets layer of the encryption, whenever I, the client, sends something to you, the server, you check what you
received against what I told you I sent.
Shannon: Ah, okay.
Fr. Robert: So, let’s say I do this. I go ahead I say, “I’m
sending you one jelly bean.” I give it to you.
Shannon: I just received one jelly bean.
Fr. Robert: Right, and that’s it and so you said,” Well, you told
me that you sent me on jelly bean, I read that.”
Shannon: It looks like a jelly bean.
Fr. Robert: It looks like a jelly bean, and now you send back to
me.
Shannon: I'm sending you one jelly bean.
Fr. Robert: There we go. So now the connection stays alive. If I did this. I am sending you five jelly beans and I give
that to you, what do you think you as a server do?
Shannon: I only have one jelly bean.
Fr. Robert: That’s it, right.
Shannon: This is odd, hacks!
Fr. Robert: “This is odd.” It’ll kill the connection, right. Or
it’ll ask for the heartbeat again. That’s simple checking, right? That’s
sanitizing your inputs. That’s making sure that you’ve actually received what
you expected to receive. That’s good coding.
Shannon: That makes sense.
Fr. Robert: That makes sense. There’s a bug in open SSL.
Shannon: No.
Fr. Robert: And Bryan if you go ahead and bring up that Github, it’ll actually show you the code that goes behind
SSL. Now go ahead and forward, what line was that, we need you to go to line
3972. There, right there. See where it says, “read type and payload length
first.” These next four lines of code, actually three lines after the comment,
are entirely responsible for the Heartbleed bug. Now let me explain, this looks
kind of crazy. But let me explain what’s here. HB type is just setting the type
of data, okay so that’s like from C# that just says this is the kind of data
that I'm going to be receiving. P++, we've seen that, it just incrementing the
counter so it’s P+1, right?
Now here’s the big line, NS2, which is calling a
function because we know it’s in parenthesis right? So it’s calling a function
and it’s passing it to parameters. P is the location, it’s called the pointer of the payload, the jelly bean. So it’s telling it
where the jelly bean is located, right. Payload is the length. That’s me
telling you I'm passing you one jelly bean. Okay, now a good piece of code
would’ve had an extra line here that says, “Is P, the length of P, equal to the
length of payload?”
Shannon: Right, yes.
Fr. Robert: Right, so if I told you -
Shannon: It would be sanitizing their code.
Fr. Robert: It’s sanitizing the code, sanitizing the input. It’s
saying, “If I told you I'm giving you one jelly bean, what is P? How long is P?
Is P actually one jelly bean? If it is, allow it. If it’s not then ,X, kill the connection.”
Shannon: And since they didn’t do that, there is no line that
says, “If it’s this long then it should equal P.”
Fr. Robert: Right, right.
Shannon: That pretty much means that the payload could be as
long as they want.
Fr. Robert: Or short. So this is how it works. If you come back to
me, now we’re talking about this jelly bean, all right. So I'm still talking to
you in the server, and I'm passing you this one jelly bean and I'm saying, “I
sent you 64 thousand jelly beans.”
Shannon: It looks like 64 thousand jelly beans.
Fr. Robert: That’s how open SSL works because it doesn’t check, it’s just going to trust me. And unfortunately,
that’s not good.
Shannon: That’s not good.
Fr. Robert: So what it’s going to do is it’s going to say, “Well,
he must’ve sent me 64 thousand jelly beans. So I'm going to send him back the
one jelly bean plus 63999 he shouldn’t have received.”
Shannon: That’s so bad.
Fr. Robert: Which means I take your system memory and it’s all for
me.
Shannon: Hello, hacks. Oh, that’s bad.
Fr. Robert: Hello hacks, exactly. See, the problem with that is
they can do it over and over and over and each time they’ll get a different set
of the memory until they can put it all together and they can essentially have
everything.
Shannon: From the server end, everything looks cool so nobody
ever checks for any difference.
Fr. Robert: Right, so the server end, if you're using open SSL,
the unpatched version, all it knows is that someone is sending a lot of
heartbeats, and that’s normal because that’s how we keep the connection open.
It doesn’t realize that it’s giving away the keys to the kingdom every time it
sends you that 64k.
Recording: Authorization acknowledged.
Fr. Robert: Precisely, exactly. We got a computer fault.
Shannon: Yes.
Fr. Robert: So that’s how Heartbleed works. Go back to that code
Bryan. This is the crazy part, this is what we’re
trying to drill into you people. When you’re writing your code, you got to make
sure to check for things like that. This was an innocent mistake, this was,
again, we know that this was submitted something like, what was it, an hour or
two before midnight two years ago. December 2011. So it was probably some guy
staying up late, writing some code. It looked right, it worked right, but he
never actually made sure that he was receiving what he was supposed to receive.
Shannon: That’s true. Oh man, I feel bad for that guy.
Fr. Robert: Simple mistake, I feel bad for him but, you know,
simple mistake that anyone can make.
Shannon: Yeah, it’s true. That’s unfortunate, but it’s a really
good example of what can happen if you don’t sanitize.
Fr. Robert: Very good example.
(From Episode 10)
Fr. Robert: And who do we have this week,
Shannon?
Shannon: This week, I'm super excited about this because I'm
kind of a fan. This is Randal Schwartz with his Perls of knowledge. I just like saying that because I think it’s hilarious.
Fr. Robert: It is kind of cool.
Shannon: Hi Randal, how are you?
Randal Schwartz: Hi, hey.
Fr. Robert: Randal Schwartz the host of Floss Wednesday, the
earliest show on the TWiT TV network. Thank you so
very much for coming.
Randal: Oh yeah, and actually I got to sleep in a little bit
today too which is really nice so -
Shannon: Nice.
Randal: I have to wake up in time for my other show. Yeah, no, great. Thanks for having me on.
Fr. Robert: We don’t do sleep. Yeah we don’t do sleep -
Shannon: Yeah, we never sleep here.
Fr. Robert: No, no, no but the reason why we asked you to come in
this because you are one of the acknowledged experts in Perl, right? I mean,
you’ve written a series of books about Perl, you teach Perl, you talk about
Perl and more importantly, you program in Perl.
Randal: Well, I program in a lot of languages, but Perl’s made
me the most money over the last 25 years, exactly. I wrote the top five selling
best books and 255 magazine articles. Yes, I ran a training company that was
extremely busy during the late 90s as the .com boom rolled out, it’s not so
much – it's much more in moth balls now because there aren’t 20 people wanting
to learn something about Perl and sitting in one place for a week anymore so I
don’t do much of that. But yes, Perl’s only like one of the 70 languages I list
on my resumes so I've got plenty else to talk about besides Perl, too.
(cut to later in episode)
Fr. Robert: Now, Randal, we want to talk a little bit about
something that I actually asked you beforehand because I want to make sure you
were comfortable with this.
Randal: Oh, yes.
Fr. Robert: You are, I think, the only host on the TWiT TV network and definitely the only guest we’ve had on
Coding 101 who at some point had a felony on his record.
Randal: Mhm.
Shannon: Oooh.
Fr. Robert: Yes, yes. Now this stemmed from a - was it 1995 case
brought against you by the state of Oregon. Not a financial case by the way, it
was actually a criminal case -
Randal: Yes.
Fr. Robert: - stemming from your time as a system administrator
from Intel.
Randal: Yes.
Fr. Robert: Doing some very standard system administrator stuff
but - and I’d like to think that this is one of the very first cases in which
the law didn’t quite understand what people in computer science did.
Randal: And still doesn’t.
Shannon: So true.
Fr. Robert: And still doesn't, right. But this is one of the very,
very first great examples of, “Wait, he got in to trouble for what?” Can you
explain how this happened, what happened and then talk a little bit about how
your record got expunged.
Randal: Yeah, so 1990 through 1995 – 1993 actually - from 1987
to 1993, there we go. I was a contractor at Intel in seven different slots. One
of the things about being a contractor is you're always looking for, you know,
doing the items one through ten that the boss wants but also looking for item
eleven that shows that you're still valuable in some way because you're
bringing something to the table. You're
not just being the code monkey that’s doing the things that are on the table. I
would do these - sort of odd projects from time to time right. I would see
something that needs to be done and just go ahead and do it and I got really
practiced at that. Well, the particular thing that we have in question is I was
running Crack, which is a standard tool for evaluating the strength of
passwords in the Unix system. I was running Crack
against the password file of the current group that I was in. Well, there was
only like five passwords and it didn’t show up anything. And Crack, I think,
3.0 had just come out so I was actually just testing the new version of Crack.
Again, I done all the stuff for the day and I thought, “Well, I’ll try this one
out.” Well, I still had access to the previous group, where I was one of the
key system administrators and I’d moved on to the new group. But they still
gave me access previously - to the previous system because I was still
maintaining some code for them. I ran Crack against this much larger password
file and something like, I forgot the number now,
something like 67 of the passwords were guessable. Now, this shocked me to no
end because when I was in that group, I was running Crack against the local
password file and I made sure, anybody got guessed I would - and this was
complex things like, you know, like, the word hello with the E changed to a 3.
It would find stuff like that. And the O changed to a zero. So it would find
these sort of normal, you know, combination of things. People’s first names, pet names, thing like that. It
would look for all that stuff. It was really good at doing that.
I actually met the author of Crack a few years ago,
cool guy. So I couldn’t imagine that 67 passwords were guessable. Now, what I
didn’t realize at the time was one of the passwords was the vice president's.
His password was president with the S changed to a dollar sign. I suspect
that’s why I got prosecuted because I actually embarrassed somebody. Now I was
going to go over the group and say, you know, to the people taking over my job
essentially at the other group but I then realized, “Wait a second, I'm going
over to tell them they're not doing their job. How do I do that?” I spent a few
weeks kicking back, trying to figure out how to do this best. In the meanwhile,
somebody at my new group noticed I was running Crack and running it against the
password file of the old group and didn’t understand my motivation. I was
simply just trying to do one of these things again where it’s like the eleventh
item on the one to ten list. Never intending any harm
to anybody, not trying to do anything at all. But you know the problem is they
showed up at my house, they took my computers away, they only returned them
like four months later. Imagine having all your data in your computers and then
not having them for four months. It was just really crazy. They didn’t arrest
me until they put out a warrant for my arrest four months later which shows you
that they had to figure out, “Wait, we've accused him of being bad, he’s only
done exactly what he told us he was doing and with the intentions that probably
that he told us he was doing it. So now what do we do?”
Well, it turns out Oregon’s computer crime law is
over-broad and vague. Basically, if I pick up your cell phone and I change the
background color on the screen, that’s a class C felony, $100 thousand and five
years in jail.
Shannon: Wow.
Randal: So the law is way out of proportion in this thing so I
got basically nailed with a law that makes criminals out of anybody they want
to prosecute. I got three felonies, eventually, in ’95, convicted on me and it
was devastating. I got to tell you I was suicidal for two times - because
here’s the thing, since ten I wanted to be a programmer and I said, “Who’s
going to hire me now?” But luckily I had a lot of friends come forward and they
brought me into their companies and stuff. So it was quite a transition period.
In about ten years later you're eligible for expungement in Oregon so I applied for that. So technically I can now tell you, “I have
never been convicted of a crime in my life.” But it doesn’t matter as far as
the Feds go apparently so I can’t get like a global early entry. I have
troubles going to Australia and Canada still. I can go anywhere else in the world, I just can’t go to Canada and Australia. It’s just
very, very weird.
Shannon: Of all places.
Randal: Yeah, of all places.
Fr. Robert: Now, you know, Randall, this is interesting. You bring
up a great point and actually I think there's a lot of programmer out there,
and especially a lot of programmers who might know Snubs because Snubs has a
couple of the program of shows and one of them specifically talks about
security.
Shannon: We’ve dealt with banks telling us that we can’t have a
checking account with them because the name of our show. It’s called Hak5 and
people have told us that we can’t get jobs because of the name of our show. My
friend had a problem getting a loan for his house because of it and it’s just
ridiculous how Feds and how a lot of government companies look down at us just
based on the fact that we know how to do these type of things. It’s just kind
of irritating.
Fr. Robert: The thing that hits me the most is something that
Randal alluded to which is these over-broad laws which, that’s one thing. Most
laws are over-broad. They try to catch all the outliers. But the very selective
way that they are applied - and it always seems as if it’s not every hacker
who's going to persecuted. It’s going to be the hacker
who insulted or embarrassed the wrong person that the book is going to get thrown
at.
Randal: Exactly.
Fr. Robert: And I know you touched on this on Floss, which is why
it’s a great program to watch even though it’s early in the morning on
Wednesdays at 8:00 on live.twit.tv. It’s something that you should watch
because they talk about cases like this. I think what I’d like to hear from you
is looking back on your experience now and knowing that there’s a new
generation of programmers. There’s a new generation of people who are going to
be curious about the networks that they're connected to. there's this little air of insecurity about, “Well, this seems really easy but
someone’s telling me that this is a crime.”
Like for example, “I'm on a network and the system
administrator knows absolutely nothing about security and for some reason I can
access all the files of all the executives because it’s a standard Samba share
with no protection.” But for some reason, if they accidentally click in to one
of those folders they're now guilty of a felony and that could be held against
them. I actually hear these stories every once in a while. I get people who
have freaked out and are writing me saying -
Shannon: Me too.
Fr. Robert: “I accidentally did this and I'm afraid that someone’s
going to check the logs and I'm going to get fired and persecuted.” But there
doesn’t seem to be that much momentum. There is no political will to fix the
laws that haven’t caught up with technology.
Shannon: Yes and it always seems like, if you're the person
that’s trying to help the company, you're trying to bring this problem to them
and say, “Hey, I found this vulnerability, We need to
make sure that it gets fixed.” If you're the person that found that
vulnerability, they're going to go after you.
Randall: Yeah, there's no safe harbor for
whistle-blowers in this arena and that’s where the problem is.
Shannon: No, there's not.
Randall: And also remember that the laws are written
and paid for by the people who pay for our government, which is big companies that have good lobbyists. So of course the laws are going to be
biased towards not the individual but towards protecting the corporation, the
corporate status quo. I love that you keep saying persecuted instead of
prosecuted. I don’t think we mean too much persecution these days, but it sort
of may feel like it, actually, but no.
Fr. Robert: Well, I come from a background where we persecute
everyone.
Randal: Exactly.
Fr. Robert: That’s my preferred word.
(From Episode 46)
Fr. Robert: So before we get into Santa's Little Helper, let's go
ahead and take a look at an item that I thought programmer's around the world probably should take a closer look at. This one comes to us
from a blog by Kevin Williams called, “The 10 Things That Annoy Programmers the
Worst.” Now, it's funny, whenever we get one of these top ten lists, there's
always going to be people that have differing opinions. But these ten are
really good.
Number 10 was, comments that
say nothing. Now, Lou, both of us know this, right? I mean, we tell people,
“Comment, comment, comment.” But there's a difference between a comment that
helps and a comment that just leaves you going, “Okay? Now
what?”
Lou: It's a holy war, almost, with comments in code. I
mean, a lot of people like to over comment and sometimes, I like over
commenting more than I like vague commenting. Because if you don't comment –
and then, some people will – the ones that do the best actually write a design
document that talks about and puts little links into the code so you can go
look at the code comments too. That's even better. But code commenting is super
important so you know exactly what a piece of code is doing, and what it's
meant to do and what it's purposes do. If it's breaking or not doing what it's
supposed to, then at least you'll know the original intent.
Fr. Robert: I had to work on a project, what, maybe a year ago?
All the comments were, “This is a loop. This is a counter. This resets the
counter.” I was like, “Yes, but why is it there?” That's what that's all about.
Number 9 is, being interrupted by coding. I kind of
thought this was just petty but then I thought about it. It's kind of true.
Programmers tend to be the kind of people that get into a zone. It takes a
while to get into the zone. You know this. You might be sitting there, staring
at your screen, for the longest time and thinking about how you're going to do
something. Then you start feeling it and you start pumping out code. It's all
good. Then someone comes in and they bother you, and it's normally something
that's just lame. It's stupid. They're wandering around, asking a dumb
question. I think this applies. Are you like that? Do you hate it when people
bother you when you're in the zone?
Lou: So, I don't hate it because – in fact, sometimes I
have to literally – in fact, right now, I have locked my office door and
there's a sign on the door that says, “Do Not Disturb.” But sometimes I have to
do that because if I don't do that, I'm doing something, I'm thinking about
something, I haven't written notes about it to kind of keep context. So then,
somebody interrupts and I'm like, “Okay, I've got to answer them and be nice.”
I talk to them and come back and I'm like, “Okay, now what the heck was I
doing?” So that happens all the time. I haven't seen a tool today that can fix
it, whether it's Link or Skype or whatever communication device you use, that I
can put that I'm busy on there. Unless I lock the door, pull my shades down and
turn the lights out, I'm pretty much open for business.
Fr. Robert: This next one. Number 8, this is near and dear to my
heart. Scope creep or mission creep. We all know this.
This is that idea that as the project progresses, they're just going to start
adding on requirements, features that they'd like – where they see something in
another application and they go, “Oh, you know what? Our program should do that
too.” With no regard for the fact that might completely change what you were
doing with the code. Of course, you've never run into anything like this,
right?
Lou: No, never. We don't have that problem every day that I
work here at all, either. But one of the biggest things that you'll see is, there's an old saying – an acronym called MVP, most viable
product. That's one of the things that startups are very, you know, pushed very
hard to do, is ship a very simple thing up front. Let leisures complain, ask for things, and then add to it. But
companies, whether it's Microsoft, Apple, Google, they never do that. So
there's always scope creep that come in and force the release dates out.
Fr. Robert: My favorite is the scope or feature creep that happens
and then they expect you not to change the release date. “Because we're just
asking you to add 3G features, that's like two or three lines of code? What?”
The next thing, I think, this gets a little bit whiny
because this happens for everyone. This is not just coders. But having a
project manager who does not code and does not understand – or doesn't care
about understanding what programmers actually do. This still does exist. You
won't find this a lot at companies that are well run. But having a programming
manager who cannot program is tortuous. Lou, have you experienced that?
Lou: So there's different levels of programmers. So here at Microsoft, we have what we call domain experts and
then the technical leads. So the domain experts are ones, for instance, I work
in financial software or business software. So one's that
might understand sales, and financials, and general ledger and accounting. Those are actually still fairly good PMs that could understand the domain
expertise around calculations and so on, but they might not necessarily
understand how coding or that technology behind it. So there's a little bit of
a crutch there, but they're still fairly good PMs. So it all depends on if
you're a domain expert, if you're a technical expert, and what the project
requires. Sometimes it requires both, so they're at kind of a loss at that
point.
Fr. Robert: Number 6 and number 5 are interesting because they're
kind of the same thing but not. Number 6 was listed as, being asked to document
our own code. Number 5 is, working on code that is not documented. I think this
is absolutely altruism. I hate documenting my code. I know I have to do it and
I end up doing it because I felt the pain of not having it. But I don't want to
do it and sometimes, people have to ask me to do it. Yet, on the other side, if
I find code that's not documented to me liking, I think that programmer is the
worst thing ever.
Lou: Yes, I mean – actually, I require what I call a white
paper. So when you do a project, you have to write a white paper about it too.
It's like, you kind of remember the Old English
engineering English classes I had to take in college and thinking, “Man, I
could've used a little bit more of those,” because I literally have to write a
document that customers have to read about my code. It's sometimes difficult to
do, I guess you could say.
Fr. Robert: Number 4 is an interesting one, because I'm more of a
hardware guy. But hardware-generated faults, specifically errors that are
generated because we're running code, especially like beta code, on janky hardware. It's a pet peeve. I've actually seen this
happen a lot, we're running on pre-release hardware and we get change logs back
saying, “Well, it doesn't work on XXY that's going to be released next year.”
I'm thinking, “Well, is that a finished version? Then why do I care?” If you
can't show me something that they say is stable, why am I going to change my
code to accommodate them?
Number 3, vagueness. You know this one. In fact, anyone who's in IT knows
this one. You don't have to be a programmer. That idea of, “It's broken.” Well,
what's wrong with it? “It just doesn't work right.” Can you tell me what
happened? “It didn't do what I wanted it to do.” That's – yes, you see that a
lot, I think. You're kind of – I'll just leave you with that one.
Number 2, other people. I think programmers, as a rule of thumb, we don't like
other programmers. Oh, I mean, we may understand that other programs are
necessary but Lou, and again, I'm going to throw you under the tracks here. Do
you sometimes feel as if the world would be better if everyone just programmed
like you?
Lou: Honestly, I'm going to be honest with you. I only stay
on teams if I have somebody who's better than I am there.
Fr. Robert: There we go, okay.
Lou: That's the truth. It makes me better, anyways. If I'm
not on a team that I can learn from somebody, then I normally jump off that
team. So that's the rule I follow and that's the one I have. But I do agree, there's sometimes that you work with programmers and they
just don't have the skill. They don't have – they maybe are kind of just
getting started and they cause some issues and cause some delays. It does cause
some problems with our code, too. So it's kind of a balancing act.
Fr. Robert: The number 1 from this
posting and yes, this is true. My code. Six months
later, I think every programmer has had this moment where they'll look back at
a program, a project that they started and they'll go, “What was I thinking?
This is not elegant, this is not good. I should rewrite all of this.” Of
course, this happens a lot but never at the corporate level. Right, Lou?
Lou: Honestly, I've had emails from people. So I've been
here 11 years. I've had emails from people that will come and be like, “You
wrote this, can you help us fix this?” And it's like 11-year-old code. So I do.
I have that all the time. Don't worry about that.
Fr. Robert: Other potentials that weren't listed in the blog –
actually, my number 4 was that, exactly. Answering
questions about my code, especially if it's code I can't remember. I almost
feel shame whenever someone says, “Your code is breaking this and we don't know
why. You wrote this, can you tell us what it does?” I normally don't have an
answer.
I also hate code repositories with really, really bad
revision keeping that tend to want us to fork projects. That's been a pet peeve
of mine.
One other thing is, and I've seen this in the Valley
recently. Star programmers, superstar programmers who are brought into a project
who don't seem to ever want to program. They do all the high-level thinking and
then they leave it to the peons to turn that into code. What pet peeves do you
have, Lou?
Lou: I think that is one of them. So one of them, where
they'll come up with a really complex design, they never communicate with the
team and then they go and say, “Here's the design, go code it.” Then you really
have no idea where to even start. I think that's the first one that I have,
especially with teams.
The second one, the last one, would be if I go to a
developer and they wrote the code but there's no comments. There's no tests. They don't even – it doesn't even
necessarily compile, sometimes. You ask them what they were even thinking and
they have no idea. So there's those two things, obviously, that could cause
some huge blips in a project, I guess you could say.
(From Episode 20)
Fr. Robert: … we want to welcome to the show Mr. Karl Auerbach. Karl, thank you so very much
for coming on. I know you're a busy man, we've
had you on several TWiT shows before including This
Week in Enterprise Tech. You may be a little bit of a man of mystery to many
people out on the internet but whether or not they realize it, you've probably
created something they're using, yeah?
Karl Auerbach: Almost certainly.
Shannon: I am intrigued.
Fr. Robert: I'm going to ease you into this because I think that
our code monkeys are going to love knowing who you are but let's start with
something very simple, which is, how did you get into coding? How did you get
into computers? How did you get into the IT revolution? You've been around for
a while, including a time before the internet. So how did you get to where you
are now?
Karl: Well, I was one of the infamous members of the UCLA
computer club in 1968 next to imp number one. I set forth to learn basic
programming. My first language back then was PL1 and it was a simple program.
It took me a year to get my first piece of code running, of course, then it was on card decks and things like that. I happened to
also be right next – besides right next to imp number one, next to the transportation institute where
we were doing early car crashes and I was hired as a film scanner. Which is
where we had these machines watching cars getting off of freeways from helicopters
and we're punching cards, showing coordinates in a big program that would use
those. So I had an IBM 70-94 to myself whenever I wanted. So I set forth to
learn how to use that and I wrote some trivial programs then. I've been on to
bigger and greater things since then.
Fr. Robert: The mention of those systems are probably bringing some bad flashbacks for the older programmers.
Shannon: Or for me I'm going, “What is that?”
Fr. Robert: Yeah, blinky boxes with the
switches. You actually have with you a piece of gear from one of those early
computers.
Karl: This wasn't that early this was from the 80s or 70s, I
mean, a PDP-11/70 console.
Fr. Robert: Oh gosh, that brings back all sorts of memories.
Karl: I used to load boot codes into this thing and load it
into memory and just get this thing going. You could tell a lot from these
lights, you could tell whether your program was idling, whether it was in
supervisor mode, what part of memory it was in. You could get a lot of useful
data by watching those lights.
Fr. Robert: Let's talk a little bit about that because in our
first module we did a binary to decimal conversion.
Shannon: That's interesting. Right.
Fr. Robert: There were people who were like, why would I need to
know binary? It's because the old programmers, that's how we had to program.
You didn't have a keyboard, you had to flip switches and then you committed it
to memory. Could you actually show us what you would typically do for a
sequence?
Karl: Well, most of the time, we would do the boot sequence
and I can't remember the codes but it was something like this. One of these
switches went up to store things in memory. Then you'd finally hit the Go
button which would cause it to jump to that location, which would begin to
bring the system up. That system backed by the way, was Unix.
Well before DOS even came out from Microsoft so Microsoft went backwards
because we had multi-user operating systems before DOS even came out.
Shannon: And here we're still using a lot of the basics of Unix.
Fr. Robert: Karl, one of the things that often fascinates the new
generation of code monkeys is, when they start stepping back and realize that a
lot of things that they're learning, that they just take for granted, actually
have a backing. There's a reason why programming works the way it does and
that's because we're basing it off of the first generation of computers. We see
that a lot, we see that in learning binary. We see that in learning
hexadecimal. We see that because that's how you originally had to program those
computers. Now, let's step back from that, because -
Karl: I was going to raise the point that most people today
don't even know the difference between Ones' Complement arithmetic and Two's
Complement arithmetic and that's kind of important.
Fr. Robert: (Whispering)What's the
difference? I don't know what that is.
Shannon: (Whispering) I don't know, what is the difference?
Fr. Robert: We'll get to that in just a little bit. But Karl, it's
good that you're a geek, it's good that you're an old-fashioned geek. It's good
that you were at the cusp or the start of the IT generation. But that's not-
Karl: Oh, I'm a long way from it.
Fr. Robert: Right, but that's not the only reason why we brought
you on. You actually have a lot of experience with things that are not just
hacking together computers. You were on the board of directors for the Open
Voting Consortium. You were a member of the Intellectual Property section of
the Cal State BAR. You are a co-founder for the Boston Working Group. You are
part of the IETF, the Internet Engineering Task Force. And you're on ICANN.
Karl: I was affiliated with ICANN, I was on the board of directors. Most of these are past sort of things but I'm
doing new and greater things. Going back to first generation coding, I can't
forget, the first programmers were doing the ENIAC machine and the Sage
computers and those were almost exclusively women.
Shannon: Yes, go women!
Fr. Robert: But with all of this experience and all of the
influence you've had over the internet, you've seen it change a lot over the
years, right? I mean, this used to – it was a geek project at first, but how
have you seen it evolve?
Karl: Well, when I first came across the Internet, there was
no word for it, but it was a collection of communications vehicles for us to do
exchanging basic applications like email, file transfer, things like that. We
got pretty much down and dirty with the hardware modems, and wires and what
have you. It's evolved a lot since then. But the first 15, 20 years of the
internet were largely people playing around with not a lot of restrictions.
What's happened scares me the most recently are the changes of the legal
environment around the internet. The restrictions that are
rising and the attempted transformation of making the internet into a utility. We're not clear whether it's a utility or a vehicle for innovation anymore.
Same thing has happened in programming. We used to see
- programming used to be like a Wild West kind of thing where everybody could
write their own piece of code. But we're getting to the point where not
everybody is going to be able to write code for say, the braking system in a
self-driving car. You're going to need some pretty stringent tests on that kind
of code.
Fr. Robert: I want to get back to that but before that, Snubs had
a question about something I was talking to her about before the show. She got
really excited by it.
Shannon: I did. So I know that you were one of the creators of
IP TV and this is what we're doing now. This is the basis of what we have
created our careers around. So I got really excited about it, myself. You were
also one of the first paid employees of Precept Software before it was acquired
by Cisco. So I want to know from you, how do you feel IP TV has changed since
the late 1990s?
Karl: I've been an unpaid early employee of several
startups. I think I've done like six or seven and if you want to make billions
of dollars, you go to the places I turned down. But IP TV was part of Precept
Software and that was the start-up done by Judy Estrin in 1995. She brought me
in with Steve Kasner, and Chachi Quan and her sister Debra Estrin. We gathered
together one evening and said, “what should we do?
Should we do IPV6; should we do this or that; should we do multimedia?” We
said, “Oh, multimedia, that seems like a lot of fun.” Well, Steve Kasner had
spent a long time at USCISI. He was part of the team that sent the van out in,
I guess, the 1960s and 70s doing the first internet voice projects, mobile
voice. He was also one of the co-inventors of the RTPRTCP protocols. So we took
that and held it up with IP Multicast. There was a model already put together
by Van Jacobson on the internet which was – oh, I can't remember the name of
it. It was what the IETF used for sharing low-level videos and things like
that. So we decided to start building that up and commercializing it. So what I
did at this company is, Steve handled all of the real
time algorithms. How do you synchronize lip sync? Lip sync is really, really
hard to do especially when you have multiple streams. I did the RTPRTCP code
which was a heavily, multi – well, not necessarily multi-threaded, heavily
asynchronous piece of C++ code that handled multiple media streams, handled the
synchronization, handled the hand-offs to the codex and all that sort of thing.
We put that together into a commercial product and made it work.
(From Episode 41)
Fr. Robert: I want to take a little side trip. It’s going to be a
small tangent but I think it’ll be worth it because I’m seeing this discussion
going on in the chat room. I actually hear this a lot, much to the ire of my
embedded programming friends. That is, when people say, “Oh, well with Arduino,
now people can actually program a microprocessor.” And they always kind
of bristle a little bit because they were doing this way back with Motorola
embedded processors, back when I was playing with my PCs. What’s your take on
this? Because, of course, Arduino really made it popular with
the maker’s scene. It made it possible to easily - and artists, right.
You could be an artist, or someone with no knowledge of embedded programming
whatsoever, and you could pick up on Arduino. Follow a couple of instructions,
read some forums and figure out how to make something work in the real world.
What’s your take on that? It’s got to be a good thing, but that the same time,
I heard you at DefCon grumble a little bit that ,”
Well, Arduino is okay, but you can’t forget all of this other stuff.”
Mark: I don’t think it was me that was grumbling about that.
I think you might have - you’re probably talking about the panel I was on two
years ago. So that panel actually, I think, I was the one who defended Arduino. Because I was the only nonprofessional embedded programmer up
there. I was the only hobbyist. So here’s the thing with Arduino. Arduino took a real, honest to goodness
micro-controller, an Atmega 328, I think they started
out with the 168. But they took a real honest to goodness micro-controller.
It's not a toy, right? It's a real micro-controller. They took a real C
compiler. It's not a toy, this is backed by GCC. The most
popular C compiler on the planet. They wrapped it with a pretty
interface and made it very easy to use and they removed all of the complexity
of the build chain, and all of the optimization tools, and the assembler, and
the linker and all of that crap. They just made a simple, easy to use IDE. They
didn’t say you were programming, they said you were making a sketch, right?
That appeals to an artist. That’s not program. They basically made it very
non-aggressive. They made it very non-computer-y. I think a lot of the computer
people got turned off by that. But let me give you a hint. All you artists out
there that are doing things with Arduinos, you’re writing C code. You might even
be writing C++ code. You might be doing object-oriented programming and you
don’t even know it. That’s awesome.
So we have made it so that it is so easy to do, that
people who wouldn’t otherwise have gotten into the hobby are getting into the
hobby because we didn’t say, “It’s like, well, you’ve got to go through all of
these arcane steps and you have to install this package, and this other package
and then you’ve got to take the output of this program and feed it into the
input of another -” We’ve removed all of that. And it’s just, “Here's how you
write these commands in this IDE, developer environment, and you click this
button, and it will upload it to the Arduino. Done.” That’s something that artists can get behind. So they kind of took the Apple approach,
right? Apple originally - the original Macintosh wasn’t targeted toward
computer users, it was targeted toward artists. They’re doing kind of the same
thing. They removed all of the complexities, they hid
it all underneath a good UI and turned it into something that anyone can use. I
think there’s nothing except good to come out of Arduino. Everything that
Arduino has done has been good for the hobby. Because if you have an Arduino,
you can still pull out your old school development environment and do all of
your same libraries, all of the same compiler and everything else. It takes the
same hex file output, and upload it to an Arduino hardware and you get the nice
hardware prototyping platform with all of the shields and all of that kind of
standardization that someone makes a module that you want to plug into your
micro-controller to get it to do something, whatever that shield does. So you
get to benefit from all of that for prototyping and still use your old tool
chain.
Or, this is actually what I do, I use the Arduino IDE,
and then I make my own embedded Atmel-based projects. I think that’s what you
eventually want to talk to me about is the Darknet project, what I did there
with the Darknet ID badge. That is all written with the Arduino IDE. I just
told it to output – to build and I went into the temp directory, grabbed the
output file, and wrote my own AVR dude with lines to program it out to the
chips. The badge itself is Arduino compatible. You can program it with the
Arduino software if you’ve got the right FTDI cable, which is a very standard,
very common serial cable. Serial on one side, the USB on the
other. You know, I think it’s fantastic. It’s not as powerful as a lot
of the commercial tools. So a lot of the hardcore embedded developers will say,
“Well, Arduino doesn’t do this feature, or that feature or whatever.” If you
don’t need those features, who cares? It really doesn’t matter. And so if it
gets more people into it and doing it, awesome.
(From Episode 29)
Fr. Robert: … without further ado, we welcome our security expert,
my security guru, Mister Raphael Mudge. The Armitage Hacker
from Penn. He's a Penn tester. Raphael, can you tell the folks where
they can find you?
Raphael Mudge: Sure, yes. Hi.
I’m Raphie, Raphael. You can learn a little bit about the work I do, I actually
develop software to hack into systems to test their security, and you can learn
about that at www.advancedpenntest.com.
Fr. Robert: Okay, now we’re going to back up, we got the plug in.
Now what we actually wanted to do is talk about you. Because I know the work
that you do and Snubs knows the work that you do, because you have worked with
her on her show as well, just as well as you have worked on mine. But your
specialty is interesting. You go beyond white hack, black hat, gray hat. You’re
a guy who programs who happens to know security really, really well. Can you
tell us a little bit about your background?
Raphael: Oh sure. So what’s the best place to start? I always
say I’m a developer first, and everything I have or do is because I like to
program. I happen to be working in the security space, and I have my own
company now, but I was active duty Air Force before, for four years -
Shannon: Thank you for your service, sir.
Raphael: Thank you very much, Snubs, it was definitely a labor
of love. I bleed blue, as they say.
Shannon: Yeah!
Raphael: Yeah! Very nice! So, by the way, see this beard? This
is what happens if you apply all the coding lessons. You will grow a nice,
fluffy beard.
Shannon: You do, you have a coding beard. I just shaved mine,
so I’m very, very clean shaven.
Raphael: It looks nice.
Shannon: Yeah. He just shaved his too. But thank you, your
beard is awesome.
Fr. Robert: I can’t grow a beard.
Raphael: Thank you. Anyway, back to the question. My
background: so I was active duty Air Force, I worked as a researcher for the
Air Force, in cyber operations, and this is one Padre might not know about me.
When I left the Air Force, I invented a spelling and grammar checker After the
Deadline. And I sold it to a guy named Matt Mullenweg,
who created WordPress.
Shannon: Oh, that’s awesome.
Raphael: Yes, so if you have a WordPress.com blog, and you go
check your spelling or grammar, you’re actually using my software right now to
do that.
Fr. Robert: There’s always a little piece of you in there. I like
that.
Raphael: Oh, yeah, after the deadlines meet.
Shannon: It’s a small world. That's cool.
Raphael: I’m a grammar checker, a grammar teacher, to millions
of people through my programming efforts.
(cut to later in episode)
Fr. Robert: Raphael, one of the questions that I have had is where
do you get the inspiration for looking for these exploits? Because I’d say,
it’s this weird combination. You need to be a good programmer, because you need
to know where they probably put the flaws in their code. Or you need to know
where they put the flaws in their process, which I think is what you go after.
But you also need to have sort of the troll-ish glee of finding something
wrong, finding something unique that only you would know about.
Shannon: Are you calling Mudge a
troll?
Fr. Robert: In the best possible way, Mudge is a great troll. But
Raphael, how do those things come together in your mind?
Raphael: Sure. So, why is Twitter successful? This does relate
to your question. Why is easy to write on Twitter or to write a tweet?
Shannon: They make it easy for consumers. They just simplified
it, it’s very simple.
Raphael: There is one other reason, too.
Shannon: It’s pretty?
Fr. Robert: Yes, it’s attractive.
Raphael: 144.
Fr. Robert: Also short.
Shannon: Oh, yeah. It’s very short.
Raphael: 144 characters, okay. So with Twitter, one of the
reasons it is so popular is because of constraint. Everybody is given this
default constraint to work with, 144 characters. You are allowed to be creative
within that space. I see hacking a lot like that. Sometimes I find folks will
try to pick something, anything, in this big universe of all possible things to
do, when what will really make you successful as a hacker is narrowing in and
focusing on something. Let me give you an example from my own experience. When
I was doing Production Red teaming, I do a lot of exercise and support now, but
I had just done a reconnaissance shot against my target and what I did was, I
sent a web application, or sent a link to a web application, to a few people in
this organization. Those people clicked, it was a LinkedIn invitation, and it
came to my server. My web application discovered all this information about
their systems, and then sent them on to LinkedIn.com like nothing ever
happened. What that gave me was a constraint. It gave me, “Here is what my
target has, this is the things running on their
system.” And now, when I had to come up with an attack, it wasn’t, “Okay, let
me pick something cool that is random.” It’s, “I need to sit here in this box
I’ve been put into, and come up with something that’s going to work here.” For
me, I find when I have good constraints, good assumptions, good things that
narrow what I have to do, that’s where the magic really happens. Because I can
be creative within that space, and there’s not that much room to spin out of
control and end up in a lot of different directions.
Shannon: So you like to constrain yourself whenever it comes to
programming?
Raphael: Absolutely. I like to constrain myself when it comes
to programming, and attacking something, finding the problem and putting it to
use. Constraint is a beautiful, beautiful thing, and that’s what reconnaissance
gives you. It gives you constraints, so you know what the reality of what
you’re dealing with is.
Shannon: That’s really interesting. You know, it kind of makes
me think of - in a lot of programming, you have constraints that you have to
deal with. You are restrained to the rules of different program language and
each one is so different, you have to stay within those rules to make your
program work. So I totally get that. Wow, that's interesting.
Fr. Robert: Yeah, and I guess reconnaissance, or what Mudge does,
when he reconnoiters a particular system. He’s looking at the constraints that
they work with, because that’s going to necessarily affect the way that the
programmers worked to both code and guide the process of data through the
system. I’ve never thought about that but, yeah, I guess -
Shannon: It totally makes sense.
Fr. Robert: It really makes sense, now. That’s how you hunt for
vulnerabilities.
Shannon: That’s why we have experts on the show.
(current)
Fr. Robert: Thank you for staying around for the best of 2014 of
Coding 101. I have to say, we've gone through a lot of changes, everything from
losing Snubs, who I loved working with every week to another program, to
changing the format of the show. It's one of the things that we do because we
respond to you when you tell us that you want to see certain things on the
show, we try to incorporate it. We're going to keep growing as we go into the new year because we think that this is an important show to
have. We want people to understand the world in which they live, and you know
what? Learning about code is a big part of that.
Now, we've got some great things planned for 2015. So
you're going to want to stay tabbed. You're going to want to stay subscribed to
Coding 101 because it's going to be fun. We've got Steve Gibson coming up,
who's going to be showing us a little bit about Spin, right? We've got lessons
for PHP. We've even got some embedded programming coming up with some members
of the TWiT TV army. That's right, it's going to get
loud.
Until then, I want to take this time to wish you and
your family, no matter what you believe or you don't believe, just have a happy
holiday. Have a happy New Year's. Have a happy Christmas. Have a happy
celebration of light and of life as you head off into the new
year. I'm Father Robert Ballecer, the digital Jesuit. Until we meet
again, end of line.
(buzzing noise) Like a boss.
You see me flinch? Because I didn't.
Other: Don't be afraid, Padre!
