<d_bot_>
<darrenldl> @pilothole are you pushing ocaml in your org?
<d_bot_>
<darrenldl> i think most crucially would be tagged union + exhaustiveness check, other things exist in "mainstream" langs in some form (e.g. fp)
kaph has quit [Read error: Connection reset by peer]
kaph has joined #ocaml
<d_bot_>
<darrenldl> "enum as int" remains a headache inducing source of vulns/bugs
<d_bot_>
<mbacarella> no, I've been thinking of ways to contribute to cybersecurity and most roads lead to helping orgs manage their massive investments in Windows better or advising them on what security products to buy and they all sounds really exhausting
chrisz has quit [Ping timeout: 250 seconds]
<d_bot_>
<darrenldl> ah, well ocaml is very good for the type of analysis you want to do in cybersec land from experience
<d_bot_>
<mbacarella> what do you mean?
<d_bot_>
<mbacarella> that it's significantly easier to white box audit ocaml applications?
<d_bot_>
<darrenldl> that, and also tools that relate to structural analysis are often written in ocaml, say BAP
<d_bot_>
<darrenldl> (binary analysis platform is what its called in full iirc
<d_bot_>
<mbacarella> hmm interesting
<d_bot_>
<darrenldl> log analysis is easier in ocaml since you can do AST manipulation very easily compared to trying to mangle your way through in say python
<d_bot_>
<darrenldl> code gen is similarly easier
<d_bot_>
<darrenldl> say for generating security policy/config for apparmor or bubblewrap
<d_bot_>
<mbacarella> > Just type bap in your shell and it will print a message which shows BAP capabilities. The disassemble command will take a binary program, disassemble it, lift it into the intermediate architecture agnostic representation, build a control flow graph, and finally apply staged user-defined analysis in a form of disassembling passes.
<d_bot_>
<mbacarella> well where's this been all of my life
<d_bot_>
<darrenldl> radare2 is a much more popular alternative to bap i think, but its written in C, so not very good reference point
<d_bot_>
<darrenldl> if you throw enough manpower into things then sure you can get a very complex analysis engine at the cost of bizzare macros with fragile usage schemes etc
<d_bot_>
<darrenldl> offensive cybersec is largely dominated by python, since you often only want to write very short proof of concept code that just has to "kind of work" and no one cares about the code quality
<d_bot_>
<darrenldl> i am still trying to find time to rework a sandboxing code gen written in ocaml into a proper automated sandboxing utility
<d_bot_>
<nave01314> sum types are so nice
<d_bot_>
<nave01314> I am always missing them in languages that don’t support
<d_bot_>
<darrenldl> very much so indeed
<d_bot_>
<mbacarella> yeah so seems like the business case for OCaml in cybersec is
<d_bot_>
<mbacarella> * building secure new applications
<d_bot_>
<mbacarella> * have an edge on novel malware analysis
<d_bot_>
<mbacarella> * maybe an edge in forensics to figure out how you got owned
nerdypepper has joined #ocaml
<d_bot_>
<darrenldl> malware analysis engine can be source of vuln due to them often being in low level lang and presumably very complex internals
<d_bot_>
<darrenldl> i think a paragraph on how difficult it is to replicate sum type in say C is worth noting if you are trying to convince someone
<d_bot_>
<mbacarella> I do wonder how many 0-days are in criminal / intelligence agency hands that specifically target and exploit malware detection tools
<d_bot_>
<darrenldl> basically you need C style enum + union but with
<d_bot_>
<darrenldl> - no namespacing/typing of enums in java/c/etc (i can use enum meant for another function in any function/situation without compilation error)
<d_bot_>
<darrenldl> - using union in C requires ridiculously careful manipulation, again with little to no help from compiler
<d_bot_>
<darrenldl> prolly too many, since said detection tools often run at hoghest priviledge
<d_bot_>
<darrenldl> highest*
<d_bot_>
<darrenldl> (or meaningfully highest - when all your most crucial data is in user home, succussfully safeguarding root/equivalent while leaving user level access vulnerable is not that useful
<sleepydog>
i'm not in this field -- wouldn't it be common practice to do this kind of work in a sandbox? or an air-gapped machine, even. is it just not done because of laziness?
xd1le has joined #ocaml
<d_bot_>
<darrenldl> do you run your anti virus in a sandbox : p ?
<sleepydog>
ah, i misread, sorry. i thought you were talking about ad-hoc analysis
<d_bot_>
<darrenldl> but yes for a serious analysis setup, you are right
<d_bot_>
<darrenldl> meaningfully not that different in terms of analysis the two groups of software do, if not worse in antivirus
<sleepydog>
another juicy target would be the more invasive anti-cheat mechanisms for online video games
<d_bot_>
<darrenldl> oh yeah 100%
<d_bot_>
<darrenldl> widespread remote code execution sometimes too
<d_bot_>
<darrenldl> but ye, this is slightly too common in practice, where the vendor of your security product that you supposedly want to trust is not doing a very good job (e.g. NAS as backup solution, firewall/router firmware)
kaph has quit [Read error: Connection reset by peer]
kaph has joined #ocaml
azimut has quit [Remote host closed the connection]
azimut has joined #ocaml
Haudegen has quit [Ping timeout: 256 seconds]
Techcable has joined #ocaml
spip has joined #ocaml
bobo has quit [Read error: Connection reset by peer]
mbuf has joined #ocaml
waleee has quit [Ping timeout: 245 seconds]
rgrinberg has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zebrag has quit [Quit: Konversation terminated!]
tomku has quit [Quit: Lost terminal]
tomku has joined #ocaml
gravicappa has joined #ocaml
hackinghorn has quit [Ping timeout: 240 seconds]
dalek_caan has joined #ocaml
mro has joined #ocaml
mro has quit [Remote host closed the connection]
rwmjones|HOLS is now known as rwmjones
mro has joined #ocaml
mro has quit [Remote host closed the connection]
mro has joined #ocaml
hackinghorn has joined #ocaml
adanwan_ has joined #ocaml
mro has quit [Quit: Leaving...]
adanwan has quit [Ping timeout: 240 seconds]
bartholin has joined #ocaml
troydm has quit [Ping timeout: 240 seconds]
azimut has quit [Ping timeout: 240 seconds]
azimut has joined #ocaml
bartholin has quit [Ping timeout: 240 seconds]
bartholin has joined #ocaml
troydm has joined #ocaml
kaph has quit [Ping timeout: 256 seconds]
Everything has quit [Quit: leaving]
bartholin has quit [Ping timeout: 240 seconds]
Haudegen has joined #ocaml
mbuf has quit [Read error: Connection reset by peer]
mbuf has joined #ocaml
kaph has joined #ocaml
kaph has quit [Read error: Connection reset by peer]
olle has joined #ocaml
kaph has joined #ocaml
waleee has joined #ocaml
<d_bot_>
<mbacarella> lets see how would a very well architected anti-virus system work. you'd separate out privileges right? the hooks into the OS are as thin as possible and simply collect data or enforce policy, and they submit their data to a malware rules engine that runs with no privileges other than access to its local database, and it simply produces a PASS | FAIL response
<d_bot_>
<mbacarella> i'm sure in practice they all run as admin
<d_bot_>
<darrenldl> sure, but you'd run into resource drain (see chrome - they have the perfect type of setup as you've described)
<d_bot_>
<darrenldl> renderer in separate process, communication via ipc, etc
<d_bot_>
<darrenldl> if they wrote it in rust, then they'd get best of both worlds (obviously), but that takes effort, and a lot of effort for translating presumably decade long code base
<d_bot_>
<darrenldl> one issue with ipc though is you often dont have further authentication/protection, so may be a concern for malware interception maybe
olle has quit [Ping timeout: 256 seconds]
<d_bot_>
<darrenldl> basically we want microkernel with good boundary
<d_bot_>
<darrenldl> in practice
<Corbin>
mbacarella: You might find the "virus-proof" line of thinking to be more fruitful, if you're willing to rearchitect the OS. In capability-security research, the idea of a virus-proof OS was that *all* code has explicit authority granted to it when it runs, and so any "virus" must be running at the user's behest. TBF this approach predated the invention of clickjacking, and folks have needed to patch Web browsers, X11, etc. to make it work.
<Corbin>
I went looking for demos of "CapDesk", a capability desktop shell that wraps common office tools. The best I can find is this old talk from a researcher about HP's "Virus Safe" initiative: https://www.youtube.com/watch?v=pMhH6IKBrVo
<companion_cube>
Isn't qubes the closest usable implementation?
<companion_cube>
Not capabilites, but at least decent isolation by level of privilege
<Corbin>
Depends on the metrics for "closest" and "usable". One choice of metrics leads to Windows 8! I hear that Genode is relatively usable on top of seL4 today, and that would be quite close. Google's working on Fuchsia too.
<Corbin>
Qubes is very cool when it comes to isolation, but it's actually not capability-oriented. Their approach uses more classical security analyses. Something like CloudABI, Capsicum, or even seccomp and eBPF would be closer in design.
<Corbin>
Oh! This is a good video. I haven't reached the end yet, but at the end there is a demo for "Polaris", a tamed Windows environment. There's nothing exactly like this available today AFAIK.
<d_bot_>
<Butanium (@me on answer)> using this max function `let max (x : int) (y : int) = if x < y then y else x` instead of classic `max` double the speed of my code. Do you think it's something which could be handled by Flambda for example ?
<d_bot_>
<Butanium (@me on answer)> Like detecting non polymorphic use of polymorphic functions
xd1le has quit [Quit: xd1le]
<d_bot_>
<VPhantom> Not sure about Flambda but FIY there's `Int.max` in the `Stdlib`.
<d_bot_>
<Butanium (@me on answer)> Yes since 4.13
<d_bot_>
<Butanium (@me on answer)> I'm in 4.12
kakadu has quit [Remote host closed the connection]
<companion_cube>
Corbin: closest if you're on a desktop and you want to play super paranoid. I guess a hardened Linux might also work, I honestly don't have that much interest in security
<Corbin>
companion_cube: Did you make it to the submarine story yet? Qubes has the same architecture as what got deployed to the submarines; I'm talking about the line of research discussed in the talk as an alternative.
<Corbin>
Sure. I don't really like security either.
<companion_cube>
I'm not watching the video
<d_bot_>
<dinosaure> yeah, from what I know, `flambda` is about to specialize such things
<d_bot_>
<Butanium (@me on answer)> you mean that in the future it'll be able to do this or that it should do it ?
<d_bot_>
<dinosaure> it can do it now but you need to switch to `ocaml+flambda` 🙂
<d_bot_>
<Butanium (@me on answer)> I already did
<d_bot_>
<dinosaure> ah and it did not optimize it? you probably should notify vlaviron about that :/
<Corbin>
companion_cube: Okay. Well, be aware that these folks are slowly dying and their websites are vanishing, so we don't get a whole lot of flexibility in which archeological artifacts we get to study.
<d_bot_>
<Butanium (@me on answer)> where can I do it ?
<d_bot_>
<dinosaure> probably on the post you did in discuss 🙂
<companion_cube>
For pure websites there's the internet archive at least
<d_bot_>
<Butanium (@me on answer)> ok will do
tomku has quit [Ping timeout: 256 seconds]
<d_bot_>
<darrenldl> Corbin: i think the usual conclusiob was you need too much effort to writing the right security policy for desktop applications
tomku has joined #ocaml
<Corbin>
darrenldl: Sure, each individual application needs to either be completely rewritten, or tamed with custom policy and API.
<d_bot_>
<darrenldl> life would be easier if everything security was message passing
spip has quit [Ping timeout: 256 seconds]
bobo has joined #ocaml
mbuf has quit [Quit: Leaving]
Techcable has quit [Ping timeout: 256 seconds]
bartholin has joined #ocaml
wingsorc__ has joined #ocaml
<d_bot_>
<romachkuna> where can i practice ocaml ?(codewars doesnt have ocaml problems)
<d_bot_>
<Anurag> > companion_cube: in Async I don't know, but they have sort of supervision trees so that's a bit clearer I imagine
<d_bot_>
<Anurag> Async's monitors are indeed really nice. I find it a lot easier to think about proper error handling/cancelling etc in a reliable manner when using async + monitors vs the primitives availabled in Lwt. I don't claim to understand all the nuances that go into designing a concurrency library as I've never undertaken such a task, but as a user Async's model (monitors for exception/error handling) has consistently been a lot easier f
<d_bot_>
<Bluddy> What's the JS Promise approach?
<d_bot_>
<Bluddy> Would be useful to know what works for them
<companion_cube>
@orbitz looks like lwt's semantics, mostly
<companion_cube>
(lwt also has combinators to "stop" cancellation)
<d_bot_>
<mbacarella> Isn't the other problem with capabilities that you now need to trust whoever edits the capability descriptor set for each application? And just because you limited the set of things the legitimate application can do doesn't mean you can't introduce an attack through it?
<d_bot_>
<Bluddy> I guess I keep confusing failure with cancellation @companion_cube
<d_bot_>
<orbitz> @Bluddy I don't believe JS promises have a cancelled concept
<d_bot_>
<mbacarella> Obviously it's better for applications to give up privileges it doesn't need, and even better for the OS to limit the privileges to strictly what it thinks it needs. More confused about why the model didn't have problems before clickjacking
rgrinberg has joined #ocaml
azimut has quit [Remote host closed the connection]
azimut has joined #ocaml
bartholin has joined #ocaml
<d_bot_>
<Bluddy> I can see the value in cancellation for certain applications. I don't see how you can have any notion of expected state unless you strongly limit side effects.
bartholin has quit [Ping timeout: 240 seconds]
<Corbin>
mbacarella: Yes, when everything is local to one machine. When a capability is handed out from some remote service, though, then the remote service retains control over revocation or other matters of trust.
<Corbin>
The classic paper "Capability Myths Demolished" https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf addresses this somewhat, although it doesn't have a perfect quote I can give you.
bartholin has joined #ocaml
unyu has quit [Quit: Reboot.]
<companion_cube>
afaik rust futures also don't have any notion of cancellation
<quartz>
Specifically, is it possible to change the value of a field in a record?
<companion_cube>
If the field is `mutable`, yes. Otherwise you can return a new one with only a field changed
<olle>
Maybe I should learn Scala...
<olle>
It keeps popping up in my searches
rgrinberg has joined #ocaml
<malc>
olle: you don't need to change any values in this case
<quartz>
companion_cube: But in my problem, I need to return a record. So how do I set the fields of the records themselves?
<quartz>
Sorry I'm just so lost, can someone help me understand how to do this problem?
<quartz>
I know what needs to be done, but doing it in OCaml is very difficult.
<d_bot_>
<DickBarnes> I'm having an issue with a program of mine. During long running computations, it's allocating a lot, but during a particular point with a GC pause, it will keep growing the heap until I run out of memory. It seems according to the profiler that once it hits this GC pause, it's spending all of its time in the GC.
<d_bot_>
<DickBarnes> I'm not sure how to reproduce this problem with a small example, and I don't see any particular reason why in some states it does this and in others it doesn't.