Schneier on Security: Software Problems with a Breath Alcohol Detector

The analysis sounds suspect to me.<p><i>2. Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings.</i><p>The code is computing an exponentially weighted mean. Read that last sentence of the quote again, the analysis has it backwards. The <i>last</i> sample carries more weight, not the first.<p>Now, type "uptime" at your unix prompt. Those last three values are computed the same way and have been for decades. (There are three different weighting factors used in them instead of the 1:1 implied in the text here.)<p>The exponentially weighted mean is useful when you care more about the most recent values and when processor resources are highly constrained. It may be what was intended, or maybe not. Generally you would use a weighting factor to make the earlier factors not fade into oblivion as fast as these do, but I'm not going to take the word of someone who can't correctly describe the algorithm in his report.<p>And the bit about turning off the illegal opcode interrupt... the premise is that some sort of failure would alter the program memory in such a way that one of the opcodes became illegal, yet the program would continue to function but produce erroneous results. I'd have to say the probability of this is vanishingly small, in fact, given valid opcode density for microprocessors, much smaller than an instruction being mutated to a legal opcode that somehow allowed the program to still run but produce erroneous results.<p>I guess I should complete with my doubts about 3. Just because the A/D reads 12 bits doesn't mean you have 12 bits of data. If the 8 low bits are noise there is no information loss in dividing by 256. You have to understand the machine to know if this is a problem.

If the readings are, in fact, averaged in the way described by the article, the device is useless and should not be allowed as evidence since such a scheme permits a single outlier reading to produce an erroneous result.

Computer Operating Properly interrupt: anyone else think this sounds like a National Semiconductor processor device? ISTR they had an interrupt labelled COP.<p>When was the last <i>decade</i> National made a processor, anyway?

<i>This is an excellent lesson in the security problems inherent in trusting proprietary software</i><p>This sentence made my day, given who is using it and how often it's being used.

This should be applied to SaaS as well: something needs to be done about GPL parasites hiding "in the cloud".<p>If you're building on top of GPL, users of your cloud software should be able to download your code, examine it and modify/deploy on their own servers.