Embedded Muse 93 Copyright 2004 TGG February 17, 2004


You may redistribute this newsletter for noncommercial purposes. For commercial use contact jack@ganssle.com.

EDITOR: Jack Ganssle, jack@ganssle.com

CONTENTS:
- Editor’s Notes
- Redefining C’s Operators
- MyDoom and Spam
- Jobs!
- Joke for the Week
- About The Embedded Muse


Editor’s Notes


The Embedded Systems Conference is next month in San Francisco. I’ll be teaching a class about Managing Embedded Projects on Monday March 29th. Tuesday I’ll moderate a Shop Talk discussion called “The Future of Engineering in an Outsourcing World” (from 7:15 AM to 8:15). The conference is always a fun time; do come by and say “hi”.

My assistant’s valiant web-work is paying off; now the long-neglected “articles” section of https://www.ganssle.com is up to date. Even better, the articles are sorted by category and title.

We’re talking about hosting a public Better Firmware Faster seminar in the near future, though the press of the onsite seminars and too many other projects keeps pushing this to the bottom of the pile. But we’ve put a poll on the website to allow folks to vote for the best location for the next public class. Feel free to cast your vote at https://www.ganssle.com.

In Muse 92 I suggested logging your interruptions. Bob Paddock sent in this link (http://www.syntap.com/); it’s for a time-logger that looks simple and very effective.

Thanks to so many who sent in debouncing algorithms. I’m drowning in email but am looking at each carefully.


Redefining C’s Operators


Chester Page sent along a bit of wisdom that’s useful for many of us. I’ll just quote his email here:

Back in EM85, you noted that several people had suggested putting constants on the left side of compares, so that the compiler would honk if <=> was used instead of <==>, with the aim of reducing the risk of inadvertently altering a variable when intending to compare it.

Well, yeah... Fine, if one of the comparands happens to be a constant.

There's a more general fix for this problem, which is so obvious that I expected that dozens of people would instantly bring it to your attention, and that you would pass it on. As I haven't seen mention of it in later EM's, I'm bringing it to your attention myself, just to be sure that you've seen it.

About the 4077th time I mashed a C program by typing <=> when I meant <==> -- no doubt from having been corrupted by writing a lot of code in BASIC, with its promiscuous use of <=> for both assignment and comparison -- I decided that I just didn't like using <==> in the first place -- both for aesthetic reasons and because it was too similar, visually, to <=> -- and that I would thereafter -- no doubt from having been corrupted by writing a lot of code in FORTRAN -- use only and its siblings for comparisons. Thanks to C's much-maligned <#define> statement, this was trivial to implement:

#define EQ ==
#define GE >=
#define GT >
#define LE <=
#define LT <
#define NE !=

This makes a comparison very conspicuously a comparison.

After having to maintain a lot of my own legacy code for a while, I decided that the most important function of source code is not to describe an algorithm to a compiler, but to describe the intent of the program to the next person who has to deal with it, and that making a program maintainable is more important than making it any faster or as smaller than necessary, and infinitely more important than being concise in the source implementation. For this reason, I never, ever, write a comparison that does not contain an explicit comparison operator:

Always

if ( i NE 0 )
{
}
and never

if ( i )
{
}

if ( BooleanVariable EQ TRUE)
{
}

As I said, all this is obvious: I know several other programmers who have, entirely on their own, come up with the identical fix. But it is perhaps still worth passing on.


MyDoom and Spam


Though this isn’t an embedded topic, it’s surely relevant to all of us using the Internet. I’m passing along my Internet Strategic Defense Initiative, in case some may find it useful.

Email is a great resource, but lately spammers and virus writers are crippling it. The statistics are appalling: something like 60% of all email is spam.

I’m averaging about 1000 spams per day now. MyDoom adds another couple of hundred messages, both from the virus itself and bounce messages from anti-virus programs that mistakenly believe they’ve received the virus in an email from me.

Some time ago I installed spamassassin (http://www.spamassassin.org) on my Linux server. By tuning its rules and being aggressive with the blacklist it’s about 95% effective at catching spam.

Some people like various PC-hosted spam filters. While traveling I usually am stuck with dial-up (or, this summer while sailing, an unreliable 9600 baud satphone connection), so it’s important to me that most of the spam elimination happens on the server itself. Downloading 1000 spams before filtering would drive me mad. Spamassassin fills the bill precisely.

Spamassassin tosses spam into a file named “caughtspam” in the /home directory. Worried about false positives I wrote a rather long script that analyzes caughtspam. It applies a hundred or so tests to each spam, filtering out those that are obviously unwanted. Duplicate messages, those that contain the usual spamsy words, those from known spammers are all rejected.

Feel free to download and use the script from https://www.ganssle.com/misc/spam-chk.

Other messages that don’t fit the profile of these rules are stripped apart; my script generates a file of From: addresses and Subject: lines that I review from time to time, searching for emails spamassassin incorrectly filtered out. Some 5 to 10% of the spam in caughtspam winds up in this manual review file.

After a year of this – and a quarter million spams – spamassassin has NEVER tagged a false positive. Though it leaks some spam to me, it never incorrectly identifies a good email as spam. So I no longer run the script, and just delete caughtspam from time to time.

But MyDoom flows right through spamassassin. There’s little that’s spam-like about this bit of nastiness. The message is rather random and benign, and the return addresses are usually valid. MyDoom raids infected machines’ address books, using these addresses as return addresses, so if you apparently get the virus from a friend, rest assured that the odds are your pal didn’t send the virus. It came from someone else, a poor sod whose address book contains your friend’s email address.

jack@ganssle.com is apparently in one heck of a lot of address books out there, because I’ve been flooded recently with bounce messages from anti-virus software that accuses me of sending this beast.

It’s not coming from me! My computers are insulated from the ‘net by a hardware firewall. Its logs show a half-dozen port probes per minute, but every port is closed so none get through. Each machine runs a software firewall (Zonealarm, from http://zonealarm.com).

I won’t allow a machine in the front door if it has Outlook installed, since Outlook is the prime victim of attack by (curse them!) scumbag virus writers and immature pimply-faced script kiddies. We do run Windows on the client machines, and have found XP to be quite reliable. Obviously there are other less-targeted OSes around. But other business concerns mandate Windows.

We use Eudora, and have configured it to put all attachments in a special directory used for nothing else. No attachment over 30k is automatically downloaded, as most viral payloads run around 100K or so (except MyDoom, which is fiendishly small at 32k). That makes for a few extra clicks when there’s a safe attachment, but safety is worth the small additional effort.

Norton Anti-Virus, updated automatically whenever Symantec comes out with new profiles, scans every incoming email. It runs a full system scan every evening as well. (The buzz is that the free AVG from http://www.grisoft.com/us/us_dwnl_free.php works well, too. Consider it if you’re reluctant to spend annual subscription fees for commercial AV software for the kids’ computers).

On the road I’m reluctant to plug into hotel Ethernet ports. Zonealarm does a great job keeping the laptop safe, but those public wide bandwidth links are notoriously problematic. One friend’s computer – which didn’t have a firewall - was attacked and the hard disk wiped within 10 minutes of plugging in to the hotel’s Ethernet at a recent Embedded Systems Conference.

Every Monday I run Spybot (http://www.safer-networking.org/) to search out and remove spyware. Internet Explorer invites an awful lot of this, but Mozilla rejects virtually all. It’s astonishing how much spyware comes pre-installed (for our convenience?) when you buy a new computer.

The result: we’ve been virus-free for the last five years.

The upshot of all this is that if you send me an email and don’t get a response pretty quickly either spamassassin, my extra filters, or a careless click-delete when my blood pressure is up because I’m deleting all of the MyDoom debris is to blame. Try again.

And if you get MyDoom from me, I apologize, but it’s is actually from someone else. The virus is spoofing my return address. May those dratted virus writers rot in a dank rat-infested dungeon somewhere…


Jobs!


Joke for the Week


The latest Mars mission inspired this one:

The Spirit is willing, but the flash is weak.