guest - flak

Red Rising

On the Brave New World of Mars, humanity is segregated into genetically engineered castes, each a different color. Beneath the surface of this inhospitable Dune like world lives Darrow, a young miner. The Helium-3 must flow. But rebellion is afoot, and Darrow undergoes operation Gattaca to transform his lowly Red body into that of a Gold. Then it’s off to the Institute, where he competes in the Hunger Games to crown the next Ender. Soon he’s caught up in a Game of Thrones as the great houses vie for power. Along the way he makes some quirky friends, all the while remembering his dead Braveheart wife.

It’s all very familiar, but it’s blended together nicely. Like all your favorite flavors rolled together into a burrito. High praise, right? The writing isn’t inventive or challenging, but it’s smooth and entertaining. I think the book qualifies as young adult, but it seems to aim a little older. More emphasis on adult than young.

Continue reading Red Rising...

Posted 2016-02-08 19:53:13 by tedu Updated: 2016-02-08 20:14:43
Tagged: bookreview

when preloads go sideways

How hard is it to preload a PC with the software it needs to work? Really fucking hard.


Some time ago, Lenovo shipped some computers with a surprise gift: SuperFish. I like to imagine the business development units from each company in a meeting:

Superfish: It will add value!

Lenovo: How does that work exactly?

You give us customer eyeballs. In return, we give you money. Money is value.

But how does that add value for the customer?

Well, it’s their eyeballs we’re buying. Do the math!



Afterwards, we’d naturally expect various other vendors to take a look at the giftware they were bundling. Hahaha. Instead of actually changing anything about their product, Dell just updated their website:

Continue reading when preloads go sideways...

Posted 2016-01-22 21:09:22 by tedu Updated: 2016-01-22 21:09:22
Tagged: bugs rants security software


Time and Esquire both went full Trump this week, with cover titles of “How Trump Won” and “Hater in Chief”, respectively. Not to mention very similar red, white, and gray color themes.

Time’s feature article mostly focuses on how the Donald defied the GOP powerbrokers to run his own show. Disintermediation (aka the Netflix effect) comes to politics. (Again? Aren’t we regaled with tales of the brave outsider every election?) Curiously the same magazine that criticizes the “lamestream” media for its failed predictions of Trump’s fall also points out that none of the frontrunners at the start of 2012 won their primary. So, in short, something could happen, and it could be like before or it could be different.

Continue reading trump...

Posted 2016-01-20 22:51:32 by tedu Updated: 2016-01-20 22:51:32
Tagged: magreview politics

outrageous roaming fees

Unexpected roaming fees are the worst. You’re just cruising along, having a jolly old time, and then boom. $20 per megabyte??? Should have read the fine print. Of course, if you had known to read the fine print, you probably would have already known about the roaming fees, and therefore not needed to read the fine print. And so it goes, in life and in ssh.

What, ssh has roaming??? Should have read the fine print. The Qualys Security Advisory is more than thorough. Now that we’ve read the fine print, what can we do differently?

The main bug (ignoring the second overflow for now) is that some sensitive memory was recycled and leaked. The possibility of this happening has been known for some time, and there’s some countermeasures in place, but they’re not foolproof.

Continue reading outrageous roaming fees...

Posted 2016-01-15 14:55:50 by tedu Updated: 2016-01-19 04:17:28
Tagged: c openbsd programming security thoughts

openbsd laptops

OpenBSD 5.9 won’t be out for a little while, but it may be helpful to plan ahead, especially since there’s been some considerable progress on hardware support. Here are some notes about what works in general and a few particular models.


5.9 will be the first release to support the graphics on Broadwell CPUs. This is anything that looks like i5-5xxx. There are a few minor quirks, but generally it works well. There’s no support for the new Skylake models, however. They’ll probably work with the VESA driver but minus suspend/resume/acceleration (just as 5.8 did with Broadwell).

The iwm driver has gotten better and along with the older iwn now supports 802.11n. Note that the three models supported by iwm (7260, 7265, and 3160) are those frequently found on Broadwell era systems. The similarly numbered 3165 (such as found on a Braswell NUC) and 8260 series found with Skylake are not supported.

Continue reading openbsd laptops...

Posted 2016-01-13 18:24:59 by tedu Updated: 2016-01-14 18:00:38
Tagged: computers openbsd

moderation in moderation

William “the Jar” Mason is a semi famous programmer. Mostly retired, but his website still has some classic postings from early days working on essential software tools like vi and lynx. Unzealous Association is a link aggregator popular among people who like to read Mason’s articles.

The trouble begins one day when wjm decides that UA sends too much traffic his way. Like a denial of service. And so wjm responds by redirecting anyone with a referer of UA to a picture of a roast ham. (This is probably an overreaction. It’s not really the UA users at fault, but the many aggressively stupid bots that scrape all linked sites. But it has the desired effect of keeping links to wjm’s site off the front page.)

This action is not without collateral damage. It’s not just that headline links disappear, but also less trafficked links in comments are affected. This then incites an unhelpful mini thread on UA about how the internet works.

The UA response is to autokill any comments linking to wjm. The comment is hidden from most users, but remains visible to the author without any indication of what went wrong. (Also Known as hellbanning, the nuclear option of troll containment.)

There are a couple other ways this could have played out. Possibly, if the UA software can detect wjm links in order to kill them, it could also skip adding the <a> tags. Users who cut and paste the link don’t have referer headers. Problem solved. Another option might be to simply ride it out and see if the complaint threads dissipate. Maybe wjm will even change his mind some day.

Unfortunately, when all you have is a trollhammer, all you see are trolls.

Posted 2015-12-21 15:35:00 by tedu Updated: 2015-12-21 15:35:00
Tagged: rants web

SIGPIPE can happen to you

Some recent flak outages were mysterious. One day things would be working, but the next they wouldn’t. All the flak.lua processes had disappeared. No error messages were reported in any observable location. No unusual looking requests were observed in any recorded location. Sometimes a process would survive days of heavy traffic. Other times it would die after only a few hours of light traffic. It was as if the process involved simply lost the will to live.

Finally, hooking up ktrace to the process, the culprit was, after a few days, revealed: SIGPIPE after a write. It’s unclear what I changed to cause this to be a problem now, after several years of successfully ignoring the problem, but that’s life.

Continue reading SIGPIPE can happen to you...

Posted 2015-12-02 16:06:12 by tedu Updated: 2015-12-02 16:06:12
Tagged: programming

sometimes syscalls restart

Yesterday Reyk fixed a tiny bug in vmd. It wasn’t possible to kill the process by pressing ^C. As explained in the commit, the accept4 system call was being restarted after the signal.

By default, most signal handlers that a program establishes have the SA_RESTART flag set, which causes an interrupted system call to be restarted. Actually, by default signals are either ignored or cause the program to terminate, so this isn’t a problem at all, but any handler installed by calling signal sets this flag. More control over signal actions is possible using the appropriately named sigaction function.

On the kernel side, system calls that need to block call tsleep which usually waits for a corresponding wakeup or a timeout to expire. However, it may also return an error (ERESTART) if it’s interrupted by a signal. Most system calls don’t inspect the error code, they simply pass it along. But when the kernel is about to return to userland, it will notice this error code and run the syscall again.

Among the system calls that handle ERESTART specially are poll, select, and kevent. All of them check for ERESTART and immediately map it to EINTR so it gets returned to userland.

Back in vmd, it had installed a SIGTERM handler that set a quit flag variable to true, but was getting stuck in accept. The code looking at quit never had a chance to run. The fix was to add a call to poll before accept.

Most of the time the default behaviors make sense. Restarting system calls prevents a lot of spurious failures from propagating. Applications that install signal handlers usually use one of the interruptible functions in the core of their event loop. vmd happened to be an exception, that only needed to handle one event and tried to take a shortcut.

Posted 2015-11-24 17:52:49 by tedu Updated: 2015-11-24 17:52:49
Tagged: c openbsd programming

going full pledge

Looking at Theo’s status of pledge update there’s a lot of programs on the list, including some which may seem a bit silly. But the effort has turned up some interesting bugs and misfeatures along the way.

A few programs probably don’t need pledge. One might argue if you have exploitable bugs in id, you have more serious problems than that. However, the effort to throw pledge into everything proves that the concept can work. It doesn’t just work for the first five programs tested, then it turns out nobody wants to expend the effort getting the next five fixed. If you can get to a hundred, I’m more confident the next hundred probably won’t be so bad either. At the very least, it gives us a nice number to brag about that’s bigger than the other guy.

Continue reading going full pledge...

Posted 2015-11-20 18:33:58 by tedu Updated: 2015-11-20 18:33:58
Tagged: openbsd


Previous post on rough code had some notes notes on a few of the issues we faced at ü2k15. I also collected some notes and links about utf-8 and unicode that weren’t directly OpenBSD related.

This post by Solar Designer covers the history of control codes and introduces some of the challenges posed by utf-8 support. There’s also a lot of detail in the followup email by Rich Felker, and the rest of the thread as well. Some more info about ANSI escape sequences, unicode terminals, and control sequences.

Continue reading utf-achtung...

Posted 2015-11-19 06:30:21 by tedu Updated: 2015-11-19 06:30:21
Tagged: software