guest - flak

doas - dedicated openbsd application subexecutor

Three days of the doas.

I started working on doas quite some time ago after some personal issues with the default sudo config. The “safe environment” was under constant revision and I regularly found myself unable to run pkg_add or build a flavored port or whatever because the expected variables were being excised from the environment. If I had been paying attention, keeping sudoers up to date probably would not have been such an ordeal, but I don’t like change.

The core of the problem was really that some people like to use sudo to build elaborate sysadmin infrastructures with highly refined sets of permissions and checks and balances. Some people (me) like to use sudo to get a root shell without remembering two passwords. And so there was considerable tension trying to ship a default config that would mostly work with the second group, but not be too permissive for the first group.

Continue reading doas - dedicated openbsd application subexecutor...

Posted 2015-07-20 04:25:50 by tedu Updated: 2015-07-20 14:22:09
Tagged: openbsd software

branchless development

Among other developmental heresies, I’m also a believer in everybody working in the same branch. I’ve dropped hints from time to time, and of course OpenBSD practitioners are familiar with this ideology, but I’ve only tried explaining it in full to a few coworkers. Who sat through my talk alternating between being shocked and appalled. Good times.

There’s not much of a narrative here, just some scattered thoughts. Now revised with a few more thoughts. No promises about the cohesion, however. This post started out as a longer form followup to Why OpenBSD doesn’t use GitHub but it’s gone in a slightly different direction. (Wow, that email is three years old.)

Continue reading branchless development...

Posted 2015-07-19 03:40:03 by tedu Updated: 2015-07-28 16:05:30
Tagged: programming thoughts

help wan

A reminder to leave the artisanal kerning to the professionals.

Who’s Wan?

Posted 2015-07-15 02:32:30 by tedu Updated: 2015-07-15 02:32:30
Tagged: quote

Indego - Philly bike share review

Joining the ranks of bike share programs in other cities, Indego is Philadelphia’s version. The basic concept is the same and pretty simple. You check out a bicycle from one of many kiosks located about the city, ride around, then return it to an empty dock when done. The program is manufactured by B-cycle but owned by Philadelphia; it’s similar but not identical to programs in other cities, such as Austin or Denver.


There are three plans available. For $4 per 30 minutes, the walk up plan lets you check out a bike with a credit card. This is clearly the tourist and visitor plan. The flex plan, with a $10 annual fee, gets you a key fob for easier access and extends your $4 to an hour long ride. I’m not sure who this plan is for. The Indego30 plan is $15 per 30 days, but includes an unlimited number for one hour rides. This is the plan for locals.

Continue reading Indego - Philly bike share review...

Posted 2015-07-09 14:56:51 by tedu Updated: 2015-07-09 14:56:51
Tagged: business philly review

rolling expired certs

This wasn’t the post I intended to write today, but then I noticed that the certificate for had expired, and repairing that became a prerequisite for getting anything else done. At the time, my first snarky thought upon discovering Firefox wouldn’t let me connect to my site anymore was “Oh, hurray, don’t I feel safe.” Then I went through the update nonsense and thought a bit more seriously about it.

My cert expired after a year because that seems to be the thing to do. I imagine there’s some nebulous threat model where somebody stole my server key and has been impersonating me for the past six months, but now they can’t. Although, if they stole the old key, they can probably steal the new key. I suppose we do this because revocation doesn’t work, but a six month half life is a long time to sit exposed.

Continue reading rolling expired certs...

Posted 2015-07-08 18:46:29 by tedu Updated: 2015-07-08 18:46:29
Tagged: rants security web

magician trilogy

The first book in Lev Grossman’s magician trilogy, The Magicians, is one of my favorite books. Its two sequels, The Magician King and The Magician’s Land are not.

Briefly, The Magicians is about Quentin, a high school senior obsessed with books about Fillory (Narnia by another name). One day he finds out magic is secretly real, and is enrolled at Brakebills (Hogwarts by another name) for college. Quentin studies magic, graduates, finds out Fillory is also real, and then off he goes adventuring. Both halves of the book are clearly inspired by the Harry Potter and Narnia series, but with more cursing and booze, and with enough satire or parody to keep it fresh. Grossman’s writing here is a fine combination of smart and sassy.

Continue reading magician trilogy...

Posted 2015-07-02 16:09:25 by tedu Updated: 2015-07-02 16:09:25
Tagged: bookreview

finding bugs in tarsnap

Some people were hanging around Michael Lucas’s table at BSDCan, and the topic of conversation turned to Tarsnap. (Lucas has a book about it.) Each person went round the circle and said they were happy to pay Colin for his service, but when it was finally my turn I was forced to admit that while I would pay for Tarsnap, I found a bug and so, thanks to the bounty, it may be more accurate to say I get paid to use it.

Neither of these bugs is especially exciting, but they’re a little outside the norm. The most interesting part of the story is probably that in each case, prior to reviewing the code in question, I had recently been thinking about the same class of bug in other circumstances.

Continue reading finding bugs in tarsnap...

Posted 2015-07-02 13:09:46 by tedu Updated: 2015-07-02 13:09:46
Tagged: c programming

out with the old, in with the less

Notes and thoughts on various OpenBSD replacements and reductions. Existing functionality and programs are frequently rewritten and replaced for the sake of simplicity or security or whatever it is that OpenBSD is all about. This process has been going on for some time, of course, but some recent activity is worth highlighting.

It’s probably worth preemptively citing jwz’s “Cascade of Attention-Deficit Teenagers” model. It certainly is appealing to throw everything away as a bug disposal mechanism. As noted, this rarely has the intended effect and just replaces one set of bugs with another set. The rewrites mentioned here have a slightly different motivation. Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.

Continue reading out with the old, in with the less...

Posted 2015-06-25 12:52:35 by tedu Updated: 2015-06-26 17:54:28
Tagged: openbsd programming software thoughts

hot girls wanted

The Netflix blurb for Hot Girls Wanted promised to spotlight the amateur porn industry and the women it exploits. I was expecting something along the lines of a traditional documentary; lots of interviews, investigative reporting, some slide shows. Instead, it’s more Real World style, with a camera crew following a group of women around and observing their lives. There are some fact slides presented during scene transitions, but for the most part very little of what happens is deliberately directed at the viewer.

The film centers around Riley’s house and the girls who live there. Riley is an agent, posting the titular ads on Craigslist sites across the world. “Who doesn’t want a free flight to Miami?” With him live five girls who have come to Miami to start their amateur porn careers. They all pay rent. He also mentions that he is sometimes talent, though we don’t see him in this role.

Continue reading hot girls wanted...

Posted 2015-06-24 14:22:02 by tedu Updated: 2015-06-24 14:22:02
Tagged: moviereview

natural grass preservatives

From Time’s surprisingly healthy snack foods list.

Is the implication that corn fed beef jerky requires artifical preservatives? What makes grass beef so naturally resistant to spoiling?

Posted 2015-06-22 19:07:07 by tedu Updated: 2015-06-22 19:07:07
Tagged: food magreview quote