Four short links: 6 September 2019
Code Reviews, Dogfooding, Deobfuscation, and Differential Privacy
- How to Do a Code Review — Google’s guidelines. Encourage developers to solve the problem they know needs to be solved now, not the problem that the developer speculates might need to be solved in the future. The future problem should be solved once it arrives and you can see its actual shape and requirements in the physical universe. Let the church say Hallelujah!
- The Work Diary of Parisa Tabriz, Google’s ‘Security Princess’ (NYT) — Grab my iPhone and Windows laptop for the day. Neither is my primary device, but I like to use them on Wednesdays. Thursdays, I try to mostly use my Mac, and the rest of the week I’m on my Chromebook or my Pixel Android phone. I’m responsible for Chrome across every operating system, so I try to use all the different Chromes each week to catch the subtle and important differences, and give feedback or file bugs if something isn’t working right. Yes, this is something product managers should do.
- SATURN: Software Deobfuscation Framework Based on LLVM – We show how binary code can be lifted back into the compiler intermediate language LLVM-IR and explain how we recover the control flow graph of an obfuscated binary function with an iterative control flow graph construction algorithm based on compiler optimizations and SMT solving. Our approach does not make any assumptions about the obfuscated code, but instead uses strong compiler optimizations available in LLVM and Souper Optimizer to simplify away the obfuscation.
- Google’s Differential Privacy Library — I particularly liked: This project also contains a stochastic tester, used to help catch regressions that could make the differential privacy property no longer hold. (via Google Developer Blog)