ENSL seminar

Pascal Cuoq - 1st Feb 2013

Seminar

As anticipated, I was at my alma mater's student seminar last tuesday. School and seminar were very much like I remembered them. The latter was improved by orange juice and biscuits to chat around after the talk, that I do not think were part of the protocol when I was a student.

My years at the ENS of Lyon were a good time, but I had forgotten the reasons that made them so. If any of the students from the seminar read this, I hope they will pass on my thanks to everyone for reminding me why. In one word, it is the company.

The sort of discussion that emerges naturally in an open, low-stakes chat after a general presentation of Frama-C but is too open-ended to be part of the talk's questions is that of general usefulness.

Not every programmer is writing critical embedded code—in fact, most of us aren't. But in this day and age, many of us who program at all write code with mild to severe security implications, and I believe that with a reasonable amount of work, Frama-C can next help here.

Video games, and software security in the news

The seminar also gave me an excuse to visit my family that lives in the general area of Lyon. As a result, today, I was helping my nephew play Professor Fizzwizzle (now an online game apparently) after lunch when the 13:00 TV news announced that some webcams sold for the purpose of allowing homeowners to watch their living room remotely and reassure themselves that they are not being burgled instead allowed anyone with internet access to watch at any time.

This was not by design of course. This was the result of a security flaw. I am not saying that the security flaw was one of the kind Frama-C identifies say a buffer overflow in a C program: the France 2 news report (in French available for a week) did not go into such detail. But I am willing to bet that software was involved.

The future

So what world is my three-year-old nephew going to grow in? Either we collectively solve the software security problem and hopefully when he is in age of lending an ear to TV news while playing Professor Fizzwizzle there won't be any more of these spectacular failures to announce. Or we do not and then at the current rhythm TV news won't announce security failures because they will not be news any more.

A reflexive illustration

One last thing: this blog post contains two links one that I expect to be to a Java web applet (my nephew was playing a game that I bought a license for and downloaded the old-fashioned way in the early 2000s but it always felt like Java especially at launch-time). The other is to a Flash video. If either of them worked for you you should seriously think about disabling plug-ins in your browser. Yes you will be missing out but frankly this is the only solution at this time.

Students from ENSL or elsewhere if you would like to help solve this problem (at least the part where embedded-like C code is concerned) and at the same time solve your problem of picking a first- or second-year internship e-mail addresses of Frama-C developers are either firstname dot lastname at inria dot fr for contributors from Inria or firstname dot lastname at cea dot fr for contributors from CEA (including me).

Pascal Cuoq
1st Feb 2013