back to article NASA's Curiosity rover brought Earth BUG to Mars

A 20 year old bug has been discovered in an algorithm so pervasive it's used in the Mars Curiosity rover, cars, aircraft, Android phones and a string of popular open source wares. The bug can be found in the Lempel-Ziv-Oberhumer (LZO) data compression algorithm created by Markus Oberhumer, who on Wednesday posted a new version 2 …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

All software has flaws

both in themselves and in their implementation.

"trusted" software is only trusted at a point in time until some circumstances changes that trust.

11
0
Silver badge
Holmes

Re: All software has flaws

S'truth.

On the other hand, there is a pretty cool article on formal verification ("Reasoning and Verification: State of the Art and Current Trends") in "IEEE Intelligent Systems" of January (which, incidentally, just arrived in my mailbox; yes I am not living in Upper Volta - IEEE managed postal delivery still needs to be pulled into the 21st century).

Apparently, advances over the last ten years have been enormous and practical. Victory soon!

1
1
Silver badge

Re: All software has flaws

"On the other hand, there is a pretty cool article on formal verification "

If formal verification were a panacea it would be a lot more common. All it does however is move the bugs from the software to the formal specification (which is effectively a sort of program in itself) and you end up having to debug the latter instead, and which scales in complexity with the complexity of the system you're trying to prove. And if you have a bug in the spec that goes unnoticed then it makes the formal proof worse than useless because people assume that , well , the software has been formally proven , it can't fail! Hmmm...

3
1
Silver badge
Holmes

Re: All software has flaws

You seem to have a pretty firm grasp of the obvious.

Have you managed to light your cave-illuminating fire yet?

0
2
Bronze badge
Alien

Nice

So the alien archeologists examine the rover sent to mars and deduce humanity died out down to shoddy programming.

11
0
Silver badge
Alien

Re: Nice

C has been used in the galaxy for the last 5 million years. Which is why the Fn'orrrl died of bitterness before they could expand from the core, and the Blfti'ckx Machine Civilization just snowball-bluescreened when an unexpected radio burst was generated by a nearby neutron star and generated a surprise packet with unexpected binary content.

Fermi Paradox: It's all down to C!

7
1
Silver badge

Re: Nice

Fn'orrrl survivors in my thread?

2
0
Silver badge

Yes .... but we can rebuild it, humanity on Earth, with IT Programs and ProgramMING

Nice

So the alien archeologists examine the rover sent to mars and deduce humanity died out down to shoddy programming. .... Lionel Baden

Hmmm, many a true word is said in jest, LB, and is in steganography quite a valued transparent code in matters that might in other cases, .... deemed by concerned and/or terrified others to be better kept secret and generally unknown ..... warrant encryption and/or the likes of NSL protection.

IT never rains but IT pours ..... and this is appropriately APT and relevant here, for it has been built and builds upon pervasive algorithm bugs which be transformed in other systems of operation and fields of SMARTR Advanced ProgramMING Play into Heavenly Opportunities Exploiting Serial Primitive Weaknesses which some may conclude to be an Inherent Systemic Flaw?

amanfromMars [1406270922] adding more on http://thedailybell.com/news-analysis/35428/No-We-Are-Not-Fans-of-Open-Source-Public-Solutions/

And furthermore, if one be talking of turkeys in current positions of present power, one will have to realise that they, the turkeys, unless they have accepted special future training from enabling deadly action forces and are even mildly cognitive of the dire consequences for themselves in plumping for the pumping and pimping of the maintenance and retention of the status quo rather than being instrumental in Brave New Worlds with New AIDealings, will not be voting for Xmas, so will have to hunted down and rooted out and as exposed as the killjoys that they are and have become.

A simple truth which is impossibly complex to deny or successfully battle against, as every turn to hide and repress and suppress and obfuscate the honest picture, discovers and uncovers the Bigger Picture which leads to tales which reveal more of the all and sundry to everyone from ....... well, the Advanced Intelligent Crowd[s] in Cloud[s] is something to follow if you want to know what the Future is planning in the Virtual Fields and Alternate Landscapes of Concept Generation and Concept Development ProgramMING ....... Program Mined Intelligence Network Games/Mind Infiltration Networking Games.

To imagine in a novel and noble age of unprecedented virtually instantaneous global communication, where the works of a day and a zeroday can unravel and expose the labour of millennia as a contrived sham and lucrative schema, that past masters of ignorance will rule with reign and reins in a future with growing intelligence, is a risible arrogance borne and born of ignorant masters of the past to be virtually lost and practically forgotten and only remembered by students of history.

Thank for all the thoughts and common sense, Robert. As you can read, are they much appreciated here.

There's a lot going on out there, El Reg, and all of it good except for that which targets the bad, and that is great.

2
3
Bronze badge
Angel

Re: Yes .... but we can rebuild it, humanity on Earth, with IT Programs and ProgramMING

amanfromMars 1 Commented on my post !!!

I dont really know what he said but I feel Special :)

p.s. Sorry for littering RC toys on your front lawn

18
0
Gold badge
Happy

In 2 months time, when Curiousity broadcasts a picture of a grinning Elvis sitting on a Martian boulder back to planet Earth, then you'll know that it was me what hacked it. You heard it here first.

Either that, or The Sunday Sport was right all along!

My personal favourite of their headlines was 'Vampire 3-in-a-Bed Sex Scandal'.

1
0

Re Sunday Sport Headlines

My favourite was:

"WORLD WAR 2 BOMBER FOUND ON MOON"

... followed a week or two later by:

"WORLD WAR 2 BOMBER FOUND ON MOON VANISHES"

Clarse.

6
0
Silver badge
Thumb Up

Re: Re Sunday Sport Headlines

Ah, but did you read the second *story* ?

IIRC, it gave a list of possible explanations for the disappearance of the bomber. The last of which was "The original picture may have been a hoax"

0
0
Anonymous Coward

already debunked? http://fastcompression.blogspot.co.uk/2014/06/debunking-lz4-20-years-old-bug-myth.html?m=1

2
0
Silver badge
Headmaster

How is that "debunked"?

It says exactly what's up:

So sorry, this is not a "new heartbleed" situation the author seems to dream for.

Nevertheless, it's a good idea to close this risk, just in case, in the future, one implementation may inadvertently wander into the area of "custom compression format using large blocks of > 8 MB on 32-bits system, and receiving data from untrusted external sources". Judging from the current list of usages, this scenario stand in the low probability range. But that's nonetheless good to plug it, if the solution doesn't trigger any other side effect, which is the case within current LZ4 release available on Github and Google code.

So no "debunking" anywhere in sight.

1
0

Re: How is that "debunked"?

you should cite correctly; did that for ya :

> At the end of the day, none of the known implementation of LZ4 is exposed to this risk.

> Basically, most user programs employ LZ4 for small data packet structure, way beyond the critical limit.

> Programs which generate and distribute large compressed blocks (notably the lz4c pos-x compression

> utility, distributed within Linux Distro) use the documented streaming format, which limits block size to 4

> or 8 MB. Remove also from the list programs which never take "externally provided" data as input, they

> can't be targeted either.

> So sorry, this is not a "new heartbleed" situation the author seems to dream for.

except for a great headline, nothing left

0
1
Silver badge
Thumb Down

Re: How is that "debunked"?

You seem to have an idiosyncratic meaning for "correctly".

It does not mean "stuff I previously was too lazy to point out and which doesn't underscore my point particularly well anyway as the next paragraph cautions".

0
0
Paris Hilton

already debunked

that is http://fastcompression.blogspot.co.uk/2014/06/debunking-lz4-20-years-old-bug-myth.html?m=1

1
1
Bronze badge
Devil

Subliminar

"A 20 year old bug has been discovered in an algorithm so pervasive it's used in the Mars Curiosity rover, cars, aircraft, Android phones and a string of popular open source wares."

And iOS and OSX as well. There, the reporter was distracted I'm sure...

2
0
Joke

140 million miles (average)

That's some pretty remote RCE you got there!

3
0
Anonymous Coward

Off topic

And just to go off topic - "Curiosity rover brought Earth BUG to Mars".

Brought ?? Huh?? I think the correct word required here is "took".

With a UK domain to your name, you might at least try to translate American headings / text in to English. Using American phrases like "...bringing him to jail." and "...I'm going to bring him something." are really starting to hurt. We English still use take, taken & took, so please don't forget them.

- Grammar Police (UK division)

8
1
(Written by Reg staff)

Re: Off topic

We're a multinational publication. Bite us.

4
6
Bronze badge
Mushroom

Re: Off topic

You've been watching to much Here Comes Honey Boo Boo.

Only they use that sort of language when they don't understand the posessive and resort to baby speak.

1
0
Bronze badge
Devil

Re: Off topic

Lets face it, when you were UK based only, your grammar and spelling was crap. :D

We don't mind, its all part of the fun, wouldn't be here otherwise.

2
0
Silver badge
Devil

Re: Off topic

Bite us.

Biting vultures demands having a VERY solid immunitary system!

3
0
Anonymous Coward

Re: Off topic

> Brought ?? Huh?? I think the correct word required here is "took".

I was raised North of the border, but "brought to" sounds perfectly Ok to me. Then again, verbs of motion are used differently in each of the half a dozen or so languages that I speak on an everyday basis, so there might be some interference there.

2
0
Anonymous Coward

Re: Off topic

> We're a multinational publication. Bite Suarez us.

1
0
Anonymous Coward

Re: Off topic

"We English still use take, taken & took, so please don't forget them."

Exclusively? Not according to the Oxford Dictionaries. So if you entertain fantasies of being a Pedantic Grammar Nazi, please, at least get it right.

2
0
Bronze badge

"On the other hand, there is a pretty cool article on formal verification ("Reasoning and Verification: State of the Art and Current Trends") in "IEEE Intelligent Systems" of January ..."

I would hope that this will eventually come to the fore ...

I studied formal verification methods many years ago and when I went for an interview and asked about verification of software the company said 'we test it extensively'. I believe that to still be the case in nearly, if not all systems today (including military and critical systems.)

0
0
Silver badge

The problem is that formal verification only works for a very narrow implementation. Break the environmental conditions in any way and you lose the assurance of that formal verification. And as of yet, I haven't seen a formal verification of any program in a real-world networked environment.

2
0
Bronze badge

Exploited

By the Martians.

They have injected code into all of our landers to return only images of cold, barren wastelands instead of seas, canals, lush gardens and incredibly hot Martian women.

8
0
Gold badge
Black Helicopters

So NSA probably aware of this for, what 15 years?

Paranoid?

Moi?

2
0

Re: So NSA probably aware of this for, what 15 years?

If I understand correctly, they'd have to pump a truly huge file into your computer to trigger the overflow - and they prefer mass surveillance. We'd have been feeling it in our download speeds. Oh, wait...

1
0
bex

to be featured in FW emails from the over sixties everywhere.

FYI I filter FW emails out on the server

0
0
Silver badge

Slight exaggeration?

"A reminder of how developers build on 'trusted' systems like LZO. That trust turns out to have been misplaced"

It's not really at OpenSSL levels of incompetence though, is it? That really is an abuse of trust.

1
0

Developers build on 'trusted' systems

"the emergence of the bug is a reminder of how developers build on 'trusted' systems like LZO. That trust turns out to have been misplaced"

I don't follow your thought-processes, unless a company is prepared to have its own programmers go through the code, then you have no other option but to accept the code as relatively bug free.

0
0
Headmaster

"Interstellar" RCE

"[I]t is unclear how Curiosity's micro controllers are affected, so the idea of interstellar RCE is in the realm of science fiction."

Um, at this point even interplanetary RCE remains in the realm of sci-fi. Interstellar RCE would reguire not only "uncommonly huge buffer sizes" but, say, either great patience and a very long lifespan, or some way to get around the speed of light as a limit in communications.

0
0
This topic is closed for new posts.

Forums