Re: Easter Eggs and Security
- From: Bogwitch <Bogwitch@xxxxxxxxxxxxxxxxxxx>
- Date: Sun, 13 May 2007 01:56:33 GMT
mike3 wrote:
[snip]
Increasing the complexity of ANY system has the potential for
introducing (further) security vulnerabilities. Perhaps by interaction
with other parts of the program, perhaps in some other way.
Even something as simple as just adding an extra key command
to the keyboard handler that just pops up a little message box?
How exactly can this generate a security hole? Any scenarios
you might know about?
You are increasing the system complexity, therefore you are increasing the risk, however small, of further vulnerabilities arising.
[snip]
Is this an example of an American failing to understand british humour?
Probably.
:-)
It was a tongue in cheek comment. The original post did not specify a
type of EE, so it could be just flashing 'Johnny' up on the screen or it
could be running a 3d maze of some kind, or a flight sim. Who knows?
But I'm talking about must "usual" easter eggs, which are often
simple. Like just displaying "JOHNNY". If a maze/flight sim was
added I'd bet it would easily get noticed. That is a nontrivial
program. Maybe I wasn't clear, but that was my drift -- how
could something relatively trivial be so hard to examine?
Microsoft have done both, IIRC.
I'm not suggesting that the code would be so hard to examine. It just makes the overall task (slightly) more complicated. Unnecessarily.
Your processor now has wait for interrupts from the keyboard and scanBut who is going to have such a tight margin anyway that a few
for additional input matches. No, I'm sure this won't add much more
processor time to your application but it adds SOME. Thus denying the
processor cycles to something 'useful' Would it make the application
larger, yes, but not much. Still going to use up potentially precious
disk space.
extra bytes or KBs is going to do so much?
My HDD fills regularly. I would like to save every byte I can.
In short, would your customers prefer a larger, slower application that
massages the programmers ego or would they prefer an application that
does what it is expected to do in the smallest possible space and the
shortest possible time.
I know what my customers would prefer, I know what I would prefer. YMMV.
Even when the time lost is unnoticeable? That is the type of attitude
I don't quite understand. What sort of mega-time-sensitive stuff might
a few milli or micro seconds of time slower a word processor is made
by a tiny easter egg interfere with? Can one really NOTICE that? I'd
suppose you wouldn't want to include easter eggs, in, say, a
complicated
physics simulation program for a supercomputer where every darned
cycle of every darned CPU in the machine counts, but a _word
processor_?
You didn't state the application type, you didn't state the EE type.
You're making asumptions that YOUR application will be the only one running on any said system. Maybe those clock cycles /could/ be better used. Do you know ALL the applications your customer uses/ will use?
I'm sure you'll just go ahead and stick your EEs in anyway, so why ask for opinions?
Bogwitch.
.
- References:
- Easter Eggs and Security
- From: mike3
- Re: Easter Eggs and Security
- From: Bogwitch
- Re: Easter Eggs and Security
- From: mike3
- Re: Easter Eggs and Security
- From: Bogwitch
- Re: Easter Eggs and Security
- From: mike3
- Easter Eggs and Security
- Prev by Date: Re: Easter Eggs and Security
- Next by Date: Re: How random is random?
- Previous by thread: Re: Easter Eggs and Security
- Next by thread: Password Dictionary File/ Each Entry is 2 or 3 Words Concatenated?
- Index(es):
Relevant Pages
|
|
