[liberationtech] DecryptoCat

[Maxim Kammerer]

On Mon, Jul 8, 2013 at 7:31 PM, Reed Black <reed at unsafeword.org> wrote:
> If it's all old review for you, I hope you will share even more
> specific suggestions for others.

Not sure what you mean by “old review”, but I didn't say that it is
obvious. I wrote that it is mostly irrelevant here. Writing secure
software is relatively easy, and does not rely much on abstraction
layers or whatever OOP ideology is popular at the moment. You just
document each function' input/output, test it somehow, and check
input/output requirements when calling any other function. The
simpler, the better, it's not difficult. E.g., Tor project does not
have a nice design, it is a terrible hodgepodge of C functions,
implemented with inefficient algorithms (or, they really like
iterating over lists). But it is written by people who know what they
are doing, and it shows. Consider their relatively recent job posting
[1] — their first two requirements are:

+ Have extensive experience in C, and several other programming
languages. At least 5 years experience with C is probably necessary
for the level of expertise we want; most people would need more.
+ Have a solid understanding of issues surrounding secure C programming.

Peer review is a nice theoretic concept, but as this thread shows, it
does not work unless you have solid understanding of what you should
be doing first and foremost. Also, the ratio of people actually doing
some form of peer review to people writing profusely about it is
negligible.

[1] https://www.torproject.org/about/jobs-coredev.html

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte