dabasedabase.comhttp://dabase.com/dabase.comikiwiki2010-02-28T09:19:38ZCounting code examples out of BONDI widlprocxmlhttp://dabase.com/e/04051/2010-02-28T09:19:38Z2010-02-28T09:19:24Z
<p>Using BONDI WIDLs and <a href="http://widl.webvm.net/">widlproc</a>, how many code examples does each widl have?</p>
<pre><code>hendry@x61 html$ sh code-count.sh
appconfig.widlprocxml 2
applauncher.widlprocxml 3
bondi.widlprocxml 2
calendar.widlprocxml 18
camera.widlprocxml 3
commlog.widlprocxml 0
contact.widlprocxml 19
devicestatus.widlprocxml 12
filesystem.widlprocxml 39
gallery.widlprocxml 19
geolocation.widlprocxml 19
messaging.widlprocxml 78
pim.widlprocxml 0
task.widlprocxml 14
telephony.widlprocxml 11
ui.widlprocxml 22
</code></pre>
<p>Now the script using <a href="http://xmlstar.sourceforge.net/">xmlstarlet</a>:</p>
<pre><code>for i in *.widlprocxml
do
CODE=$(xmlstarlet el $i | grep Code | sort | uniq)
TOTAL=0
for c in $CODE
do
NUM=$(xmlstarlet sel -t -v "count(//$c)" $i)
TOTAL=$(expr $TOTAL + $NUM)
done
echo $i $TOTAL
done
</code></pre>
<p>The nasty CODE part is neccessary as code examples can be unfortunately included at different levels, for example:</p>
<pre><code>Definitions/Module/Interface/Operation/descriptive/Code
Definitions/Module/Interface/descriptive/Code
</code></pre>
<p>Use <code>xmlstarlet el telephony.widlprocxml</code> to examine the XML structure.</p>
Static linking improves security and updatinghttp://dabase.com/e/01172/2010-02-23T17:37:34Z2010-02-22T11:07:04Z
<ul>
<li><a href="http://www.ksplice.com">http://www.ksplice.com</a></li>
<li><a href="http://www.redbend.com">http://www.redbend.com</a></li>
<li><a href="http://blog.garbe.us/2008/02/08/01_Static_linking">http://blog.garbe.us/2008/02/08/01_Static_linking</a></li>
<li><a href="http://www.radare.org/cgi-bin/hg/radare2/file/tip/libr/diff">Worse is better general Mercurial binary diff</a></li>
<li><a href="http://samba.anu.edu.au/rsync">Rsync</a> is also a great tool for binary updates</li>
<li><a href="http://patent-warrior.blogspot.com/2009/10/red-bend-v-google-chrome-no-damages.html">http://patent-warrior.blogspot.com/2009/10/red-bend-v-google-chrome-no-damages.html</a></li>
<li><a href="http://dev.chromium.org/developers/design-documents/software-updates-courgette">http://dev.chromium.org/developers/design-documents/software-updates-courgette</a></li>
</ul>
<p>Despite what GNU and opensource projects think, statically built apps are the way to go.</p>
<h1>Security benefits of statically built binaries</h1>
<p>Shared libraries are often touted as being good for security. No need to
rebuild, you just replace the binary and everything linked to say an updated
libpng.so gets the security fix.</p>
<p>Likewise one security problem in a shared library makes all the binaries
dependent on it vulnerable.</p>
<p>The good security benefit of statically built libararies is that you elimate
the library path. So you can't hack binaries like so:</p>
<pre><code>LD_PRELOAD=/usr/lib/libpng12vulnerable.so /usr/bin/firefox
</code></pre>
<p>Or perhaps a binary with <a href="http://en.wikipedia.org/wiki/Setuid">setuid right escalation</a>.</p>
<p>Also since statically built binaries only compile in the object code they
actually use from the library, the surface area of the attack is greatly
reduced.</p>
<p>As we've seen in the last couple of months, updates to libjpeg and libpng can
also involve ABI changes, meaning complete rebuilds in any case.</p>
<p>Please read the <a href="http://sta.li/faq">stali FAQ</a> for more argumentation.</p>