Author Archives: rlc

About rlc

Software Analyst in embedded systems and C++ programmer. I specialize in systems design, concurrency and language design, and am interested in generic meta-programming and functional programming and their practical applications. I take a pragmatic approach to project management, focusing on the management of risk. I have over a decade of experience as a software professional and a background in science.

Looking for bugs (in several wrong places)

I recently went on a bug-hunt in a huge system that I knew next to nothing about. The reason I went on this bug-hunt was because, although I didn’t know the system itself, I knew what the system was supposed … Continue reading

Posted in Anecdotes, Software Development, Software Engineering, Software Testing | Tagged | Comments Off

Re: E-mail

The Globe&Mail dedicated half a page of the Report on Business section to managing your inbox today. People who work with me know that if you want to get ahold of me quickly, E-mail is not the way to go … Continue reading

Posted in Opinions | Comments Off

ICS Security: Current and Future Focus

The flurry of DNP3-related vulnerabilities reported to ICS-CERT as part of Automatak’s project Robus seems to have subsided a bit, so it may be time to take a look at where we are regarding ICS security, and where we might … Continue reading

Posted in Industrial Automation, Smart Grid | Tagged , , | 6 Comments

Is Open Source software security falling apart?

There have been a number of well-publicized security flaws in open source software lately — the most well-publicized of course being the OpenSSL Heartbleed bug1. Then there’s the demise of Truecrypt, recent bugs in GnuTLS and recent bugs in the … Continue reading

Posted in Opinions, Software Development, Software Testing | Comments Off

“A camel is a horse designed by a committee”

I don’t usually use this blog to vent frustration, but I’ve been reading standards lately… There are four versions of the horse: Pony. Horses as the Good Lord intended them. Strong and sturdy, yet soft and cuddly; obedient yet intelligent; … Continue reading

Posted in Software Engineering | Comments Off

What the industry should do with the upcoming Aegis release

Automatak will be releasing the Aegis fuzzing tool publicly and for free for the first time in a few days. Like I said yesterday: Can hardly wait: "2 weeks until Aegis™ release" — Ronald (@blytkerchan) March 1, 2014 to … Continue reading

Posted in Industrial Automation, Smart Grid | Comments Off

Optimizing with type lists

In this post, I will take a brief look at how using type lists can help optimize certain applications.

Posted in C & C++ | Comments Off

A functional version of the KMP algorithm

For one of the projects I’m working on, I needed a compile-time version of the KMP algorithm in C++. I started by making the algorithm functional.

Posted in C & C++, Software Development | Comments Off

ICS security and regulatory requirements

In North America, ICS security, as regards the electricity grid, is regulated by NERC, which provides and enforces, among other things, the Critical Infrastructure Protection (CIP) standards. In this post, I’ll provide a quick overview of those standards, provisions slightly … Continue reading

Posted in Industrial Automation, Software Engineering | Comments Off

The Crain-Sistrunk vulnerabilities

In the two previous posts, I’ve shown that industrial control systems — ICSs — are becoming more pervasive, and that they rely on security through obscurity. Now, let’s make the link with current events.

Posted in Industrial Automation, Software Engineering | Comments Off