From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,1f4564c446b22de3 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,UTF8 Received: by 10.180.94.98 with SMTP id db2mr653262wib.2.1348233522518; Fri, 21 Sep 2012 06:18:42 -0700 (PDT) Path: ed8ni9081533wib.0!nntp.google.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!85.12.40.130.MISMATCH!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!border4.nntp.ams.giganews.com!border2.nntp.ams.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!newsfeed.news.ucla.edu!nntp.club.cc.cmu.edu!weretis.net!feeder4.news.weretis.net!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: Time Stamping a Program in Ada-95 Date: Thu, 13 Sep 2012 21:59:37 +0200 Organization: A noiseless patient Spider Message-ID: <874nn166dy.fsf@ludovic-brenta.org> References: <02a17083-bfb3-4e27-bb23-efcc85297589@googlegroups.com> Mime-Version: 1.0 Injection-Info: mx04.eternal-september.org; posting-host="7a2034e119fa9b7f28141f6eacbba5f5"; logging-data="31920"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Byik14X6examXZhcB367r" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) Cancel-Lock: sha1:Voy+sl2gc7+Nca85QkS2+HoepVI= sha1:vni8uxr7HbXZrN+RApSHcccgdJI= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Date: 2012-09-13T21:59:37+02:00 List-Id: Austin Obyrne writes: > Time Stamping a Program in Ada-95 > > If I ‘compile to listing’ using the “Run – Compile to Listing” > facility in Ada-95 Ada 95 has no such facility; you must be talking about one particular implementation (i.e. compiler and presumably IDE) of Ada 95. > I can get a time stamp declaration of the day and exact time instant > of that compiling that is very useful in a court of law later as > documentary evidence but if I subsequently compile as usual later on > i.e. just by clicking on the ‘compile’ button in the toolbar of my > editor it overwrites that earlier time stamp – I think. Since you're a serious cryptologist, you must know how easy it is to fake a timestamp. Many 13-year-old attackers can edit the binary file emitted by your compiler and change the timestamp, replace your name from the copyright notice, insert a rootkit in your executable and take control of your computer from their bedroom. Unless, of course, you take the precaution of digitally signing your executables, exerting proper access control and checking the signature every time you change them (i.e. by running Debian :) ). > Lemme explain a bit better. When I complete a piece of development > work that evolves as a piece of software I will want to secure the > copyright. Although there are many ways of doing this the way I > favour most is the intrinsic time stamp method i.e. if I compile to > listing I will get a print-out of the compiler number and the exact > time and day on which it was last compiled. This is powerful evidence > of copyright. No. The proper way is to write your precious copyrighted work on a CD-ROM and ask a notary or bailiff to keep it in a safe. It is their job to testify in court what day you provided your CD-ROM. > I want to try and prevent that happening accidentally. No. You want to prevent that happening because a malicious attacker makes a conscious effort to steal your copyrighted work, and has knowledge and means to that end. Much more difficult. As for accidental changes, just make your executables read-only or use a copy-on-write filesystem, or use a proper version control system. > Does anybody know more about this – is it possible to do both without > losing the time stamp facility i.e. compile to listing and ordinary > periodic compiling from the tool bar also? Sure, I do it all the time. I use monotone and I sign my Debian packages with a trusted GPG key. > If this is not possible to prevent it should be brought to the notice > of the powers that be in Ada as a useful security function going > begging ?? It is possible. With or without Ada or any compiler. What I said applies also to plain text files containing poetry, if you want. -- Ludovic Brenta.