- Blog Code
- Open source
- Quasi-philosophic ramblings
- Site news
A class with such promise...
This semester I was pretty excited about taking 6.858 --- "Computer Systems Security". I thought there was a decent chance that I'd find security interesting.
A week into the class, I was even more excited --- the first lab had consisted of developing three exploits for a toy web server, which had been both fun and educational --- besides practical security lessons, I also got a much better understanding of C, assembly, gdb, the stack, and related relatively low-level things. That week was particularly successful in teaching about those things, since I'm also taking 6.828 (Operating Systems), and the first lab in that class was largely about familiarizing ourselves with the same sort of ideas. Also, I hadn't had much exposure before --- I nominally learned C a long time ago, but except for a bit of Barnowl hacking a couple years ago, I haven't touched it since (and never touched it much). C --- much less assembly --- and gdb we hence things that were way level than anything I'd worked with in my recent, Python and PHP dominated, activities.
Unfortunately, the class went downhill from there. My interest in defending against buffer overflows by restricting the execution path had been basically satisfied by the papers we'd read, and Lab 2 was largely a painful fight to learn an unfamiliar API rather than a fun challenge. Lab 3 was sort of decent, though privilege separating a webapp gets tedious pretty quickly.
*shrug* Ah, well. At least 6.828 continues to be pretty awesome.
s/and gdb we hence things/and gdb were hence things/ s/sort of decent/sort-of decent/ s/privilege separating/privilege-separating/ (well, actually not so sure about that one) s/API-driven -- a lot/API-driven: A lot/ s/available API -- a list/API available: a list/