From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,FORGED_HOTMAIL_RCVD2, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,1f4564c446b22de3 X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,CP1252 Received: by 10.224.42.68 with SMTP id r4mr709693qae.4.1347568728798; Thu, 13 Sep 2012 13:38:48 -0700 (PDT) Received: by 10.52.35.104 with SMTP id g8mr95574vdj.19.1347568728770; Thu, 13 Sep 2012 13:38:48 -0700 (PDT) Path: da15ni3445qab.0!nntp.google.com!v8no2464060qap.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Thu, 13 Sep 2012 13:38:48 -0700 (PDT) In-Reply-To: <874nn166dy.fsf@ludovic-brenta.org> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=31.52.181.203; posting-account=pmkN8QoAAAAtIhXRUfydb0SCISnwaeyg NNTP-Posting-Host: 31.52.181.203 References: <02a17083-bfb3-4e27-bb23-efcc85297589@googlegroups.com> <874nn166dy.fsf@ludovic-brenta.org> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <8b832d77-f40d-4360-84eb-696b186b2d05@googlegroups.com> Subject: Re: Time Stamping a Program in Ada-95 From: Austin Obyrne Injection-Date: Thu, 13 Sep 2012 20:38:48 +0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Date: 2012-09-13T13:38:48-07:00 List-Id: On Thursday, September 13, 2012 8:56:57 PM UTC+1, Ludovic Brenta wrote: > Austin Obyrne writes: > Time Stamping a Program in Ada-95 > > If I =91com= pile to listing=92 using the =93Run =96 Compile to Listing=94 > facility in= Ada-95 Ada 95 has no such facility; you must be talking about one particul= ar implementation (i.e. compiler and presumably IDE) of Ada 95. > I can get= a time stamp declaration of the day and exact time instant > of that compi= ling that is very useful in a court of law later as > documentary evidence = but if I subsequently compile as usual later on > i.e. just by clicking on = the =91compile=92 button in the toolbar of my > editor it overwrites that e= arlier time stamp =96 I think. Since you're a serious cryptologist, you mus= t know how easy it is to fake a timestamp. Many 13-year-old attackers can e= dit the binary file emitted by your compiler and change the timestamp, repl= ace your name from the copyright notice, insert a rootkit in your executabl= e and take control of your computer from their bedroom. Unless, of course, = you take the precaution of digitally signing your executables, exerting pro= per access control and checking the signature every time you change them (i= .e. by running Debian :) ). > Lemme explain a bit better. When I complete a= piece of development > work that evolves as a piece of software I will wan= t to secure the > copyright. Although there are many ways of doing this the= way I > favour most is the intrinsic time stamp method i.e. if I compile t= o > listing I will get a print-out of the compiler number and the exact > t= ime and day on which it was last compiled. This is powerful evidence > of c= opyright. No. The proper way is to write your precious copyrighted work on = a CD-ROM and ask a notary or bailiff to keep it in a safe. It is their job = to testify in court what day you provided your CD-ROM. > I want to try and = prevent that happening accidentally. No. You want to prevent that happening= because a malicious attacker makes a conscious effort to steal your copyri= ghted work, and has knowledge and means to that end. Much more difficult. A= s for accidental changes, just make your executables read-only or use a cop= y-on-write filesystem, or use a proper version control system. > Does anybo= dy know more about this =96 is it possible to do both without > losing the = time stamp facility i.e. compile to listing and ordinary > periodic compili= ng from the tool bar also? Sure, I do it all the time. I use monotone and I= sign my Debian packages with a trusted GPG key. > If this is not possible = to prevent it should be brought to the notice > of the powers that be in Ad= a as a useful security function going > begging ?? It is possible. With or = without Ada or any compiler. What I said applies also to plain text files c= ontaining poetry, if you want. -- Ludovic Brenta. Many thanks for your advice. I'm surprised that this might be an attribute= of just one particlar editor and not a general thing in many editors.=20 In passing, this has no security function - it is just a case of belt and b= races proof of the origin of the source code. In practice I would probably post a copy to myself with recorded delivery a= nd not open it when I receive it back. Thanks - adacrypt