Copying another idea from Old New Thing and porting to unix. This time it’s Piping to notepad. Instead of starting a new notepad process, let’s feed stdin to any existing window.
This requires as many as two helper functions. First we need to find a target, by having the user click on a window.
Continue reading stdwinjector...
Posted 2014-09-16 15:48:29 by tedu Updated: 2014-09-16 22:53:32
Tagged: c programming x11
At the g2k14 hackathon in July, I thought about a new interface for SSL connections. One of the most frequent complaints from OpenSSL users was that it was too much work to do anything, and one of the most frequent complaints from advanced users was that it was too much work to do anything correctly. Notably, failure to check the hostname in the cert against the hostname of the network connection is an unfortunately common mistake. And so was born the ressl (reimagined SSL) interface. Joel Sing (jsing) ended up implementing it first, putting the libressl in LibreSSL.
One of our strict guidelines was that we would not expose any OpenSSL data structures to the user. The biggest problem with the existing libssl API was that the underlying X.509 data structures poked through. Nobody cares about ASN.1 or X.509. Nobody wants to care. As one can see by reviewing the <ressl.h> header, only ressl types are exposed. Only the implementation knows about libssl and libcrypto, and in fact, it’s not even guaranteed that the implementation does know about them.
Continue reading goreSSL...
OpenBSD has lots of version numbers, each incremented at their own pace and for their own reasons. Here’s a rundown.
The OpenBSD version number, the number you’re probably most familiar with, is incremented by 0.1 every six months. This increment happens regardless of the changes made. Every release adds some new features, fixes some old bugs, probably adds a new bug or two, and, if I have anything to say about it, removes some old features. The six month release cycle has priority over development, meaning if a feature isn’t ready, it waits for the release after; the next release doesn’t wait for the feature.
Pretty much anything can change between versions. The kernel interface (more on this later) can change, such that software developed for 5.4 won’t run on 5.5. The behavior of command line tools can change. The format or organization of config files in /etc (pf.conf) can change. The existence or absence of third party software like nginx or sendmail can change. Numbers are decimal; after X.9 they roll over to Y.0 without fanfare. Perhaps the only time that version change seemed significant was 3.0, with the coincidental introduction of pf. But 4.0 and 5.0 were probably less remarkable.
Continue reading OpenBSD version numbers...
Posted 2014-09-05 15:24:07 by tedu Updated: 2014-09-05 21:44:10
Tagged: openbsd software
They’re potato chips. Why would they have gluten? “Gluten free” is the new “won’t turn pink in the can”.
Posted 2014-09-03 19:08:01 by tedu Updated: 2014-09-03 19:08:01
Tagged: business food quote
Matthew Green asked for a password generator that’s easy to enter on a phone.
Here’s one solution that works for the iPhone keyboard. To make it easy to type with your thumbs, it alternates sides of the keyboard for each letter. Sometimes it throws in a shift. Sometimes it throws in a symbol, but only one from the right side since it requires before and after left taps to get there. In practice, it appears to generate passwords that I can or could at least learn to type fairly quickly.
local ffi = require "ffi"
local function rand(max)
local r = ffi.C.arc4random_uniform(max) + 1
local leftletters = [[qwertyasdfgzxcv]]
local rightletters = [[tyuiopghjklvbnm]]
local symbols = [[567890()$&@"?!']]
local bitsperletter = 4 -- for small values of 4
local desiredentropy = 64
local entropy = 0
local leftside = rand(2) == 1
local password = ""
while entropy < desiredentropy do
local shift = rand(8) == 1
leftside = not leftside
local letters = leftside and leftletters or rightletters
if leftside and rand(8) == 1 then
letters = symbols
local idx = rand(letters:len())
local let = letters:sub(idx, idx)
if shift then
let = let:upper()
password = password .. let
entropy = entropy + bitsperletter
I could probably memorize one of those. I was worried I’d have to complicate things by weighting English digraphs, but some natural structure emerges randomly. How could you not remember the yap bzidie?
At the core of the bcrypt pbkdf is the magic string "OxychromaticBlowfishSwatDynamite". The particular value of the string doesn’t change the algorithm, but the hash works by encrypting this string. All generated outputs are really just ciphertext versions of the magic string. What does it mean?
Let’s arrange the words on a 4x8 grid.
An interesting pattern emerges with the capital letters. They form a triangle. Let’s take the letters inside.
Atic fish? Y/N? hmmm. Two lines of two letters with a y and two lines of four with an i. y? i? They’re the only letters repeated, and perhaps have some other relationship (“change the y to an i...”). We’ll have to think about this some more. For now, let’s combine lines of equal lengths.
yy is very unusual in English. Maybe it doesn’t belong. Or maybe it’s a hint about the i as well? There seems to be some relationship between i and y, certainly. What if we delete the ys and the is and also the letters between the is? As so:
And suddenly the hidden message is revealed. It’s an anagram for thx nsa.
Since the dawn of time, the OpenBSD buffer cache replacement algorithm has been LRU. It’s not always ideal, but it often comes close enough and it’s simple enough to implement that it’s remained the tried and true classic for a long time. I just changed the algorithm to one modelled somewhat after the 2Q algorithm by Johnson and Shasha. (PDF)
LRU is simple enough it doesn’t require much explanation. Keep a list of all buffers. Whenever you use one, put it on the front of the list. Whenever you need a new (recycled) buffer, take it from the end of the list. Those are the oldest, least recently used buffers. In high level terms, the current working set is at the front of the list and the previous working set is fading away off the end. It’s responsive to changes in the working set, very quickly replacing old unused buffers with the latest. In other words, it has a short history; it’s not “sticky”.
Continue reading 2Q buffer cache algorithm...
A two hour long Final Fantasy (X, XII, XIII) cutscene, but uninterrupted by the need for level grinding. All the major motifs are present: good but actually evil churches that are actually governments, coverups and double crosses, dead but not dead people, ancient technology, preposterously ineffective battle tactics, collect all the MacGuffins quest, family squabbles, life in the shadow of the great war of the before times.
Posted 2014-08-31 21:30:26 by tedu Updated: 2014-08-31 21:30:26
In Los Últimos Días, English title The Last Days, an extreme agoraphobia pandemic has swept the planet. Nobody can go outside without experiencing a fatal seizure. The movie doesn’t spend any time trying to explain the cause (which is good; better than a terrible explanation), but the Panic, as it is known, starts with a few cases and then affects more people over time until eventually everybody is trapped in whatever building they were last in. This sets us up for a story in a post apocalyptic world that’s a little different than the typical zombie virus plague outbreak.
It’s not a great movie (relies too much on flashbacks for my taste), but the concept is intriguing. Different spaces (office building, subway station, apartment building, indoor mall) all follow their own Lord of the Flies trajectory based on their occupant mix.
Posted 2014-08-19 04:42:16 by tedu Updated: 2014-08-19 04:42:16
A few thoughts reflecting on Sen. Wyden’s not quite proposal. As noted on HN there’s some question of exactly what your data is. Is it information you created (or otherwise control) or is it information about you? Is it an email you composed by typing on a keyboard or is it a log entry created by an autonomous system of whose existence you are unaware? The thornier issues of what the government can or cannot do are best deferred until this basic question is answered.
A complete your data test would likely involve several factors, much like the fair use test does, and be decided on a case by case basis. For starters, though, we can begin by asking one question. To what extent can you describe the data? The owner of some data is likely to be the party that can describe the data (and importantly, its format) most accurately and completely. This is the tried and true Lost and Found test. “Hey, I lost my iPod.” “Can you describe it?” If the hotel concierge has a green iPod, but I tell them I lost a black iPod, it’s probably not mine.
Continue reading your data...