guest

zero size objects

What’s the difference between the following length and pointer pairs?

Continue reading zero size objects...

Posted 2015-02-15 10:26:55 by tedu Updated: 2015-02-18 21:41:40
Tagged: c programming

the wiki box is out of control

I’m guessing only a few wikipedia editors view articles about smartphones using a smartphone.

At least now I know the iPhone 6 has a slate form factor.

Posted 2015-02-15 10:25:36 by tedu Updated: 2015-02-15 10:25:36
Tagged: rants

another subtle string function

Recently was reminded of an old string handling function I used for programming interviews.

My original programming interview question started with a short C function that did something a little unusual to a string. When asked to describe its behavior, many candidates initially see the general outline of the function and then have difficulty seeing what the real code does when it differs from their expectations.

Reactions from candidates varied, although were usually pretty muted, given they wanted the job and weren’t likely to complain too loudly. Other interviewers, however, usually provided feedback between “That’s mean.” and “What? Why?”. The why is answered in the previous post, although opinions varied as to how likely one was to encounter such code in the wild. In refactoring some code, I ran into something fairly similar, and then had the exact issue I was testing for, only seeing what I was hoping to see.

Continue reading another subtle string function...

Posted 2015-02-10 23:31:09 by tedu Updated: 2015-02-10 23:40:05
Tagged: c programming

US Firefox dictionary for OpenBSD

The OpenBSD Firefox package includes the en-GB dictionary. This results in lots of red squiggly lines. There are additional en language packs localized for AU, CA, GB, and ZA, but no US package. There is also a firefox-i18n-en-US package but it doesn’t do anything except print a message that you can change the useragent locale from its default of... en-US.

If you want an Americanized spelling dictionary, you’re out of luck. Debian to the rescue! Start with the hunspell source package page and download the big orig.tar.gz file. Extract it and copy the two en_US files to /usr/local/share/mozilla-dicts/. Restart Firefox and right click in a text area to change language.

Save a step! This is apparently just a bug in Firefox because it should also be looking in /usr/local/lib/firefox-*/dictionaries which includes US dictionary files. These files are a little different (smaller), but they too could simply be copied or symlinked into the above location.

Posted 2015-02-10 06:13:11 by tedu Updated: 2015-02-10 09:40:30
Tagged: openbsd software

the stack overflow that wasn't

There was a recent bug in OpenBSD install kernels. At random times during the install, messages like the following would appear:

Continue reading the stack overflow that wasn’t...

Posted 2015-02-08 23:54:54 by tedu Updated: 2015-02-09 12:16:47
Tagged: openbsd

heartbleed in rust

More ghostly followup. There was a thread on Hacker News wherein it was claimed that using rust would have prevented Heartbleed. Specifically, it would not have even compiled. That sounds like a challenge!

The thread starts about here. I don’t mean to single out the participants, but the claim about preventing Heartbleed is nicely specific. Unlike vaguer claims about memory safety in general, this is a particular claim which we can test.

Now, I don’t intend to write a full blown TLS stack in rust, so I will have to take some shortcuts and reduce the scope of the problem slightly. Hopefully the simulacrum retains the essence of the problem. Simply stated, our objective is to write a program which reads a file (packet) from the filesystem (network), and then echoes it back. The length of the echo request will be encoded as a single byte with data to follow. This is equivalent to the TLS heartbeat functionality. Our program will operate on two such packets, yourping and myping, and write out yourecho and myecho. If any data from your packet bleeds into my packet, we have a problem: heartbleed.

Continue reading heartbleed in rust...

Posted 2015-02-02 06:37:18 by tedu Updated: 2015-03-02 17:00:34
Tagged: c programming rust security

twitter spam problem

It’s still fashionable to explain why (random internet company) is going downhill, right? Here’s why Twitter sucks. They have a spam problem and they’re not doing anything about it.

I occasionally search twitter for OpenBSD. Unfortunately, it’s been taken over by ad bots. Is it necessary to do the realtime search? Often times, yes. Otherwise Twitter tends to keep showing me the same set of tweets from last week over and over.

Exhibit 1:

How can Twitter not detect bullshit accounts like this? You can try reporting them, which I have, but obviously that has had no effect.

For more giggles, exhibit 2:

When the name of the account even includes the word spam, surely that must be a hint?

Update

Twitter does have a spam filter! After posting this tweet I was notified I was posting too much spam and my account was locked.

Hi Ted Unangst, Your account appears to have exhibited automated behavior that violates the Twitter Rules.

Nothing to worry about. Twitter’s spam team is on the ball.

Posted 2015-02-01 02:44:23 by tedu Updated: 2015-02-11 00:48:04
Tagged: rants web

full screen clippy

Every time I watch a full screen video, Chrome feels the need to tell me that YouTube is now full screen. Oh really? I already knew that. How did I know that? Because I just clicked the fucking full screen button.

Why is Chrome compelled to tell me something I already know? Oh, right, new users. Maybe somebody clicked the button by accident. So that justifies, what? One, two warnings? Three? Surely not three hundred. This isn’t accommodating; this is aggravating.

Let’s say I decide to relax and spend an hour watching music videos (it’s cold outside!). In that span, I will be faced with 20 reminders that yes, once again, YouTube is full screen. (There’s no search in full screen mode, and while I may enjoy one Cars video, I don’t need to watch the entire set.) By now even a lobotomized lab rat will have figured out that, just like the previous 19 times this happened, I can press Esc to exit. But not me. Chrome isn’t quite sure I’m smart enough to remember which key to press. Thanks for the vote of confidence, guys.

Now assuming I do have the memory of a gold fish, how does the reminder at the beginning of the video help? By the time I’ve watched the video, I’ve surely forgotten the annoying popup that was blocking my view and which I didn’t read. Once I do find the Esc key, however, be sure to remind me about it again seven seconds later when I play the next video.

It’s the Return of Clippy. I noticed you’re watching a video full screen. Does that mean you want to see the whole thing? Is this dialog interfering with your viewing? Would you like this dialog to go away and never come back? Don’t worry, I’ll be right over here in case you need me.

Ironically, Internet Explorer does get this right. Asks me once, the first time, if I want to switch to full screen. Yes. Never a peep after that.

Posted 2015-01-29 06:04:18 by tedu Updated: 2015-01-29 07:53:52
Tagged: rants software web

Thinkpad Carbon X1 2015

A review of the X1 Carbon hardware. Some thoughts on the initial software experience.

I’ve had my T430s for a while now. It very quickly became my main laptop, replacing both my ageing T60 and the X200s I originally thought would replace it. The X was the right weight, but a little underpowered and the battery in particular was rather sad. The T430s slotted in nicely between them; powerful, yet still reasonably light. Recently I’ve carrying it with more, however, and the farther I walked with it, the more my shoulder sagged. The once reasonable battery life now seems a little short, too. (I don’t think it’s actually faded that much; my definition of all day work appears to have grown.)

Continue reading Thinkpad Carbon X1 2015...

Posted 2015-01-27 20:31:48 by tedu Updated: 2015-02-16 12:08:38
Tagged: computers review

long term support considered harmful

In regards to the glibc gethostbyname buffer overflow, some thoughts on release schedules and long term support. Per the advisory, this was fixed in 2013. The commit was May 21 and the release August 12. Sourceware git says the patch itself was authored as far back as January 21.

After the bug was fixed, it took some time for the new glibc release to trickle down into various Linux distros. But what takes even longer is for all the already shipped and supported versions to slowly cycle out of their maintenance window. Hence, the big rush to patch today.

Continue reading long term support considered harmful...

Posted 2015-01-27 18:05:52 by tedu Updated: 2015-02-01 02:55:08
Tagged: software thoughts