Author: Donald McArthur

Change the compiler change the assembly.

As part of our first foray into understanding the relationship between c code, the compiler and assembly code. We will use our trusty “Hello World!” program to see how changes to compiler options change the machine code generated.

The first change we make to our compile option is to use the -static setting which tells the compiler to include all the code for the libraries that our Hello World programs needs to complete it job in our compiled binary instead of dynamically linking to the libraries when they are need by our program. This has the effect of ballooning the size of our program from a mere 8.4k to a whopping 823k. While static linking may have an advantage of speed, since the our program does not need to leave it self to find all the resources it needs to run. It runs counter to effective usage of computer resources, if everyone statically linked their programs our disk space would be used up quickly.

The next compiler option we look at is -fno-builtin according to the man page this tells the compiler to ignore built in functions. How this manifest itself in the assemply when we look at the objdump is that the assembly that were we used the -fno-builtin has the text from our c program in it. where the standard default compile does not.

0000000000400530 <main>:
#include <stdio.h>
int main(void){
printf(“Hello World!\n”);
400530:       55                      push   %rbp
400531:       48 89 e5                mov    %rsp,%rbp
400534:       bf d0 05 40 00          mov    $0x4005d0,%edi
400539:       e8 d2 fe ff ff          callq  400410 <puts@plt>
40053e:       5d                      pop    %rbp
40053f:       c3                      retq

Where our orginal compile looks like this:

0000000000400530 <main>:
400530:       55                      push   %rbp
400531:       48 89 e5                mov    %rsp,%rbp
400534:       bf e0 05 40 00          mov    $0x4005e0,%edi
400539:       b8 00 00 00 00          mov    $0x0,%eax
40053e:       e8 cd fe ff ff          callq  400410 <printf@plt>
400543:       5d                      pop    %rbp
400544:       c3                      retq
400545:       66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
40054c:       00 00 00
40054f:       90                      nop

What is interesting is that other than our clearly visible c code the assembly code appears to be identical.

Next up is the -g option, this tells the compiler to include extra debugging information in the assembled code. By removing it we have shaved a 1k of the compiled size of the binary. If we do an objdump with the -s option there are a whole slew of .debug information that is included at the end of our original compile is missing.

Now lets modify our c program to see how that effects memory addressing in our assembly code: I added a second printf statement that printed a series of single char values:  printf(“%c%c%c%c %c%c %c%c%c%c\n”,a,b,c,d,e,f,g,h,i,j); Where each varibable a-j was single character that spelt out “this is cool”. In our assembly code the “Hello World” was still put into memory address edi the other characters were addressed in reverse order from j to a in the following registries in this order. r10d, r9d, r8d, rdi, esi, edx,r11d,ecx, edx, and eax. The regiester edx appeas twice as we used the declaired a char with the value of “i” twice, so the compiler just called the same memory location twice.
The next modification we made was to put the printf satement of our hello world program into a function and call the function from main. When we do an objdump -d on the two outputs. We see that the assembly code now has a new section <hello> (the name of our function) along with main. And that the assembly code that used to be found in main is now found in hello.  Main now contains the following line
400534:       e8 02 00 00 00          callq  40053b <hello>
which tells the program to jump to that location and continue from there.

Finally we look at the effect of the -O(ptimization) option on the compiler output. With the option sect to -O3 the compiler has drastically cut down the size of our main program to just 3 lines compared to the original version which had 10 lines. It seems the compiler compiler has simplified the progam as much as posible , xor eax register with itself to zero it instead of moving $0x0 into the register. jump ing right to the memory location of printf, instead of calling it like it did in the original program.
In doing this lab, It has shown me that even at the more direct level of controlling our computer there are numerous ways to complete a task using a microprocessor. It is also striking how seemingly little changes at compile time can have drastic changes on the code that the compiler produces for the cpu to execute.




Changing up the source

In order to get familiar with the process surrounding code changes and review, we were asked to look at two different open source project and compare their change procedure. I chose to examine VICE, the Versatile Commodore Emulator, a multi-platform open source Commodore computer emulator and PMD, Don’t Shoot the Messenger, a source code analyzer designed to find a wide range of coding errors.

Both project use SourceForge to track changes to their code base. SourceForge offers a set of tools to assist the development of open source project, these help: tracking changes, create message boards, provide documentation and offering downloads.

The first few lines of VICE source code repository the developers outline their expectations in brief when you make a change notify the person responsible for that part of the project and update the ticketing system on SourceForge. In looking at a bug fix for correcting multi monitor support we see that their is a half month lag between the patch being submitted and it being accepted. With three developers joining in the conversation. This seems to be atypical for this project most patch were accepted quite quickly. Though this is probably due to the fact that at this point the project is quite mature so the changes tend to be minor.

In contrast the PDM patch page on SourceForge showed 8 open patch all of which had not been created more than a year ago and in one case 9 years ago. That is not to say that the project is no being maintained they have 267 accepted patches and the last release of the software was August of last year. On their GitHub page only 5 people are listed as members of the project.

The Linux experiment

I’ve always dabbled with Linux but never seen able to fully commit to it as a desktop operating system. A fact that I feel has limited my knowledge of it too being of a more casual nature. To rectify the situation I’m planning to make a technical New Years resolution to only use Linux for a month come January 1st.
I’ve chosen to go with Fedora 16 as my distro, mainly because I’ve spent more time with Ubuntu and want a better understanding of how Redhat does things.
The biggest issue I’m facing is dealing with iTunes and my iPhone. Not sure how I’m going to handle that problem, the two main solutions are to go with wine or a virtual machine.

Rogers and Bell buy MLSE

This deal just rubs me the wrong way as it show how little competition exist in the Canadian media market. Now that the deal is done Rogers and Bell will divi up the prized Leafs hockey games between their network. Taking more games off over the air broadcast, ensuring that customers will have to pony up more money to see the leafs in action.
Moreover, this deal shows that Rogers and Bell are operating like a cartel. Which does not bode well for television, cellular and Internet users in Canada. With only two mega corporations, consumers have nowhere to turn to for a better deal. After a deal like this how can Bell and Rogers argue they are truly competing with each other.
At a minimum I feel that the CRTC needs to seriously need to look at separating the content creation and delivery arms of both these companies.

More control over my info?

All things Digital has a post about some recent surveys that show users want more control over who can see and what they present in their online profile. The findings are not all that shocking, as we become more connected people are becoming more aware about what they are sharing online.

Personally, I’ve has started to become more selective about the type of materials I am posting on Facebook along with no longer linking all my various social network feeds into Facebook. Netflix’s new Facebook sharing feature is a prime example. The main reasons I didn’t link the service to my profile, is that the service will automatically post status update about every video you watch unless you remember to flag a do not post option when you begin watching the video. Not only does this spam your friends list with your viewing habits, it could potentially reveal things about your personality and interest to people who you would not normally want to share it with. I do not want my friends knowing about my addiction to romantic comedies.

For me a more logical option would be an opt-in policy where you would highlight video that you found exceptional and would recommend to your friends.

Tweeting about work.

C-net editor Daniel Terdiman ran an interesting piece today about a Dallas Cowboys cheerleader, who’s twitter account has been suddenly deactivated after she tweeted about being hit accidentally by one of the players on the sidelines. While the Cowboys organisation says they had nothing to do with the account being taken offline, it seems strange that to have happen so soon after the events in question. Now it is possible that the cheerleader was getting a tone of random tweets due to her new found celebrity and this caused her to remover her account, but I find that hypotosys highly unlikely. The explanation offered up by Terdiman seems quite a bit more plausible.

Do you own your twitter account?

Ars Technica once again has an interesting blog post about ownership of twitter account. An online blog called Phone Dog is suing a former employee for taking his twitter account, and more importantly its followers, with him when he left the company. This is possible because twitter is one of the few online services which let you rename an existing account. A feature I’ve yet to take advantage of, but really quite useful as your online persona evolves overtime.

So this whole stink again raises the complex issue of where the boundary between professional and personal online personas exist. Personally I that this issue is only a result of the newness of twitter, any new company should now be thinking about these issue and establishing an employee twitter policy. One that explicitly states whether or not employees should be keeping a professional and personal profile and what kind of materials is a appropriated for each.

Companies with restrictive social media policies get hacked more often.

Read and interesting article in the Toronto Star yesterday about corporate security and social media policy. It seems that counter to what you might expect, companies that have more restrictive computer usage policies when it comes to social media applications tend to have more security breaches. The reason for this is that users are installing third party programs, some of which would contain Trojans or other maleware, that compromise network security. While some commentators on the article place the blame on poorly implemented security rules by the IT department. I view this more as a failure of corporations to adapt to the new reality of the workplace and the desires of the modern worker.

“A report in IT security issued jointly by Telus and the Rotman School of Management surveyed 649 firms and found companies that ban employees from using social media suffer 30 percent more computer security breaches than ones that allow free use of sites like Facebook and Twitter.”

The boundaries between personal time and work time have increasingly become blurred with the rise of laptops and smart-phones in the workplace. Employees can work from anywhere anytime and I feel it is up to companies too create a work environments where employees are given the latitude and discretion to work as the see fit. The problems of social media usage in the work place are not IT problem but a employee management problem. The relationship between employer and employee should not be seen though a combative or distrustful lenses as it is often now, but though a collaborative one. In so doing I believe that companies will better position themselves to harness the product powers that social networking is bringing to the Internet.
What is all the more shocking is how much these security breaches are costing companies.

According to the study, each breach in network security costs publicly traded companies $195,588, compared with $70,833 for privately held firms and $58,929 for government agencies.

Surely the potential lost productivity of a more relaxed social networking policy would be less costly.
Food for IT thought.

Social Networking and Security

Ars Technica posted a great article on the issues surrounding the increased penetration of social networking into the IT workplace. The article offers links to other articles on the subject matter. Well worth spending some time reading.
For me the key takeaway is the fact that it is increasingly hard to manage or control the use of these new social tools in the work place.

While IT departments can attempt to censor social media, Cisco Canada’s Jeff Seifert said it’s “pointless” for IT departments to limit or restrict access to sites such as Tumblr, Twitter, or Facebook on corporate networks. With personal phones, tablets, and a myriad of other devices, employees will simply find another way around the block.

This leads to the concussion that corporations need to spend more time educating their workforce about using social networking tools responsibly and less time creating restrictive usage policies, which create antagonism between workers and management. In so doing, they create a better educated workforce who are more capable of making intelligent choices about the information they share online. Whereas a restrictive IT usage polices, can often lead to deceptiveness on the part of workers as they still try to use tools band by corporate policy.

Though in truth, there is no correct answer to the problem of corporate information security in the ever increasingly connected workplace. Sometimes you will simply need to restrict what users can do in the workplace environment. Nonetheless, I think what managers need to do a better job of educating works on why these policies are in place and getting to buy into them.

Kidstreet Album

Just finished listing to Kidstreet’s debut album and I got to say it is an excellent first showing from this Waterloo, Ontario based band. It is good to know that Canada is still producing interesting electronic music. While I don’t think this album will find much commercial radio play, I think it will be a big hit on the college radio circuit. The album has that right combination of pop sensibilities and club beats, to get your feet tapping.

I give it four out of five stars.

Check out the video above and pick up the album on iTunes for $6.99, I strongly recommend it. Fun Yeah by Kidstreet