guest

ten year reunions

The only thing better than remembering the past is reliving it.

Yellowcard released an acoustic version of Ocean Avenue last year to commemorate the ten year anniversary of the original release. Then they went on tour to promote, starting at the TLA. That was such a great idea that The Ataris launched a ten year “reunion” tour for So Long, Astoria (skipping the album part), which eventually came to TLA as well. Both shows were fun, in part for the same reason: they played the band’s breakout hit(s) in album sequence, instead of saving them for the encore. They didn’t play any new or old songs I didn’t like, or didn’t expect. Predictably enjoyable, enjoyably predictable. On a personal level, these two albums recapture the past in a way that VNV Nation albums like Futureperfect don’t. Then again, VNV Nation didn’t peak ten years ago (though Welcome the Night is great too).

Continue reading ten year reunions...

Posted 2014-04-17 04:59:49 by tedu Updated: 2014-04-17 04:59:49
Tagged: games moviereview music philly

please do not poke the bears

Instead, he seems to have seized an opportunity to poke a giant bear with a stick. The bear then ate him and his users.” - tptacek

Posted 2014-04-17 04:59:25 by tedu Updated: 2014-04-17 04:59:25
Tagged: politics quote

analysis of openssl freelist reuse

About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its default config, OpenSSL ships with exploit mitigation countermeasures, and when I disabled the countermeasures, OpenSSL stopped working entirely. That sounds pretty bad, but at the time I was too frustrated to go on. Last night I returned to the scene of the crime.

freelist

OpenSSL uses a custom freelist for connection buffers because long ago and far away, malloc was slow. Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug I’m about to describe can only exist and go unnoticed precisely because the freelist is LIFO.

Continue reading analysis of openssl freelist reuse...

Posted 2014-04-10 13:04:41 by tedu Updated: 2014-04-17 01:09:54
Tagged: c programming security

heartbleed vs malloc.conf

About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.

heartbleed

The main heartbleed site has a decent amount of information, but no detailed description of the bug. For that, read Diagnosis of the OpenSSL Heartbleed Bug. Here’s also a short pseudo version, for reference.

Continue reading heartbleed vs malloc.conf...

Posted 2014-04-08 18:36:16 by tedu Updated: 2014-04-10 13:52:22
Tagged: c openbsd security

are you now or have you ever been a homophobe?

It’s not surprising, but still disappointing, to learn that Brendan Eich was essentially dismissed as Mozilla CEO.

Whatever his personal views are, this was a great opportunity for Eich to prove that one’s personal and professional lives could be kept separate. That’s the kind of world I’d like to live in, a world where it doesn’t matter what you believe as long as it doesn’t affect your job performance. Instead, we’ve proven the opposite. If your activities outside of work don’t conform, out you go.

Eich would have been subject to serious scrutiny. Often people even overcompensate to prove they’re unbiased (though it’s hard to imagine what overcompensation would be in this case). But he was never given the chance. Now he’ll go back to whatever he was working on before, maybe making a javascript engine that doesn’t run gay javascript, but without as much public oversight.

Continue reading are you now or have you ever been a homophobe?...

Posted 2014-04-04 02:29:13 by tedu Updated: 2014-04-04 02:29:13
Tagged: politics thoughts

reop - reasonable expectation of privacy

One of the obvious ideas I (and several others had) as soon as signify was released was to extend it to do more. After all, no program is complete until it can read email. Or at least munge up your email real bad.

Enter reop - reasonable expectation of privacy.

reop

With some curiosity I read Creating the perfect GPG keypair. My conclusion is that there’s no such thing has a perfect GPG key pair. And we wonder why people leak secrets using hotmail. This shouldn’t be hard. More ranting about GPG at the bottom. Moving on.

reop is clearly influenced by signify (What can I say? I like my own designs.), but it’s not a clone. Its handling of keys is the most significant difference (besides the obvious, more features). Default keys are supported, and you can even add all your pals to ~/.reop/pubkeyring and verify their messages automatically, just like a normal PGP program.

Continue reading reop - reasonable expectation of privacy...

Posted 2014-04-01 12:32:27 by tedu Updated: 2014-04-01 23:50:45
Tagged: project security software

secure email hashing

Received an email this morning about a package containing a large amount of cash being held by DHL (yippee!). As befits important email of a security sensitive nature, they tried to sign the message, or at least I think that’s what they were trying to do.

To: tedu@cvs.openbsd.org, hmac-ripemd160-etm@openssh.com

While it’s comforting to see that they chose the more secure encrypt-then-mac construction, RIPEMD-160 is hardly cutting edge. As such, I’m not sure I can trust this message.

Posted 2014-03-23 21:21:26 by tedu Updated: 2014-03-23 21:21:26
Tagged: mailfail

some md5 -t benchmarks

A comparison of some CPUs using my favorite benchmark, md5 -t.

Dell CS24, Xeon L5450 @ 2.5GHz

Time = 0.242135 seconds Speed = 412992751.977203 bytes/second

Thinkpad T430s, i5-3320M @ 2.6GHz (plus turbo)

Time = 0.184372 seconds Speed = 542381706.549801 bytes/second

Thinkpad X200s, Core2 @ 1.8GHz

Time = 0.325009 seconds Speed = 307683787.218200 bytes/second

No name router, Atom @ 1.8GHz

Time = 0.399222 seconds Speed = 250487197.599331 bytes/second

Sun T5120, T2 @ 1.2GHz

Time = 1.809987 seconds Speed = 55249015.600665 bytes/second

BeagleBone Black, ARM Cortex A8

Time = 1.373115 seconds Speed = 72827112.077284 bytes/second

Posted 2014-03-18 17:00:46 by tedu Updated: 2014-03-18 17:00:46
Tagged: computers roundup software

Dell CS24-SC server

A short note about my Dell CS24 to accompany the post about the Sun T5120.

You can find used CS24s in large quantities on EBay. Decent value. There’s really not much profit for sellers holding anything cheaper in inventory, so they’re among the least expensive servers you can find. But it’s not all good news. From what I’ve gathered, it’s a special model built for huge enterprise customers and not normally available to solo losers like me. As such, Dell support doesn’t have much in the way of information or firmware updates. Whatever; it’s a PC server and OpenBSD runs on PC servers. Mine is the SC model (I think), there seem to be a few varieties.

It has VGA, net, and serial consoles. I used VGA; no comments on the others. It’s an enterprise computer, built for environments where every second of downtime counts, so don’t expect it to reboot in less than four minutes.

Continue reading Dell CS24-SC server...

Posted 2014-03-18 17:00:35 by tedu Updated: 2014-03-18 17:00:35
Tagged: computers review

OpenBSD on a Sun T5120

I’ve been looking for a sparc64 system for a while and noticed the Sun Enterprise T5120 models have become very affordable. They’re interesting machines and great for testing due to the built in virtualization support.

T5120

There are two console ports on the back, serial and net. If you’re lucky, the network port will come in a usable configuration; otherwise you’ll need a “Cisco” RJ45 serial cable. I was lucky.

Plug in network and power, wait a bit, watch dhcpd logs for a new request to come in. There it is. ssh root@10.10.10.10 and use the default passwrod, changeme. This lands at the ilom prompt, which is a little weird, but not too ridiculous. Let’s get the rest of this thing fired up. I recommend donning noise canceling headphones at this point. If the CS24 is a hairdryer, the T5120 is a vacuum cleaner.

Continue reading OpenBSD on a Sun T5120...

Posted 2014-03-18 17:00:20 by tedu Updated: 2014-03-18 17:00:20
Tagged: computers openbsd