What now?

I just got back from the BaltoMSDN meeting, Geoff Snowman put on a good presentation about the ins and outs of crypto, and the only thing I can think to add to it is that when you're dealing with symmetric key encryption, the message needs to be secret as well as the key. If you can derive the message from the encrypted message, using the key, you can derive the key from the encrypted message using the original message.

A lot of hard-drive based crypting programs were compromised when people realized if the drive was formatted in FAT, they could look for the allocation table in the usual spot, get the encrypted version, then derive the key from the (known, static) unencrypted version. So, encrypting the data isn't enough, the contents must be scrambled too. Which goes to the point I tried to make about security holes never being found in the cryptology - the math is solid - they're always in the implemenation.

You can hash your users passwords in the database all you want, but if every client app logs into the database with the same user/pass combo, then that's the vector an attacker is going to use, and all your high talk about salting your hash is really just masturbation.

But, as far as important news.. I got around to updating the mono port of my emulator, which took about 5 minutes, really, since Unity does all the hard work, it's just a matter of registering the appropriate platform specific classes. What was weird, was that the 'callback' member was missing from the SDL bindings in the Tao framework.. What's even weirder, is that the framework hasn't been updated since 2005, so where the hell did it go and how could it have got gone? It could be something to do with running in a VM, but I never really knew type members could just 'disappear' like that. Very odd.. No sound for linux (well, flakey OpenAL based sound).

I also started work on an assembler. Once I've populated my 'instruction' structure I already use in my debugger, emitting the bytes is all but automatic. All I needed is a parser, and it's pretty easy work, regex does most of the heavy lifting as far as identifying addressing modes, which is really the only 'problem' to solve.

The only work left is to add a pass to replace labels with actual addresses, and a little more focus on making sure the syntax is in line with other popular 6502 assemblers.

My goal is to host this as a server side component, and to leverage some of the 'online IDE' ajax type stuff out there to put together an easy to use online environment for the homebrew community.

But it'll probably be on hold for awhile as I plan to be busy at work, but I may get it online this weekend.