|
Posted by Bogwitch on May 12, 2007, 9:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
mike3 wrote:
[snip]
>> Increasing the complexity of ANY system has the potential for
>> introducing (further) security vulnerabilities. Perhaps by interaction
>> with other parts of the program, perhaps in some other way.
>
> Even something as simple as just adding an extra key command
> to the keyboard handler that just pops up a little message box?
> How exactly can this generate a security hole? Any scenarios
> you might know about?
You are increasing the system complexity, therefore you are increasing
the risk, however small, of further vulnerabilities arising.
[snip]
>> Is this an example of an American failing to understand british humour?
>
> Probably.
:-)
>> It was a tongue in cheek comment. The original post did not specify a
>> type of EE, so it could be just flashing 'Johnny' up on the screen or it
>> could be running a 3d maze of some kind, or a flight sim. Who knows?
>>
>
> But I'm talking about must "usual" easter eggs, which are often
> simple. Like just displaying "JOHNNY". If a maze/flight sim was
> added I'd bet it would easily get noticed. That is a nontrivial
> program. Maybe I wasn't clear, but that was my drift -- how
> could something relatively trivial be so hard to examine?
Microsoft have done both, IIRC.
I'm not suggesting that the code would be so hard to examine. It just
makes the overall task (slightly) more complicated. Unnecessarily.
>> Your processor now has wait for interrupts from the keyboard and scan
>> for additional input matches. No, I'm sure this won't add much more
>> processor time to your application but it adds SOME. Thus denying the
>> processor cycles to something 'useful' Would it make the application
>> larger, yes, but not much. Still going to use up potentially precious
>> disk space.
>>
> But who is going to have such a tight margin anyway that a few
> extra bytes or KBs is going to do so much?
My HDD fills regularly. I would like to save every byte I can.
>> In short, would your customers prefer a larger, slower application that
>> massages the programmers ego or would they prefer an application that
>> does what it is expected to do in the smallest possible space and the
>> shortest possible time.
>>
>> I know what my customers would prefer, I know what I would prefer. YMMV.
>>
>
> Even when the time lost is unnoticeable? That is the type of attitude
> I don't quite understand. What sort of mega-time-sensitive stuff might
> a few milli or micro seconds of time slower a word processor is made
> by a tiny easter egg interfere with? Can one really NOTICE that? I'd
> suppose you wouldn't want to include easter eggs, in, say, a
> complicated
> physics simulation program for a supercomputer where every darned
> cycle of every darned CPU in the machine counts, but a _word
> processor_?
You didn't state the application type, you didn't state the EE type.
You're making asumptions that YOUR application will be the only one
running on any said system. Maybe those clock cycles /could/ be better
used. Do you know ALL the applications your customer uses/ will use?
I'm sure you'll just go ahead and stick your EEs in anyway, so why ask
for opinions?
Bogwitch.
| 
XML site map