The only thing better than remembering the past is reliving it.
Yellowcard released an acoustic version of Ocean Avenue last year to commemorate the ten year anniversary of the original release. Then they went on tour to promote, starting at the TLA. That was such a great idea that The Ataris launched a ten year “reunion” tour for So Long, Astoria (skipping the album part), which eventually came to TLA as well. Both shows were fun, in part for the same reason: they played the band’s breakout hit(s) in album sequence, instead of saving them for the encore. They didn’t play any new or old songs I didn’t like, or didn’t expect. Predictably enjoyable, enjoyably predictable. On a personal level, these two albums recapture the past in a way that VNV Nation albums like Futureperfect don’t. Then again, VNV Nation didn’t peak ten years ago (though Welcome the Night is great too).
Continue reading ten year reunions...
Posted 2014-04-17 04:59:25 by tedu Updated: 2014-04-17 04:59:25
Tagged: politics quote
About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its default config, OpenSSL ships with exploit mitigation countermeasures, and when I disabled the countermeasures, OpenSSL stopped working entirely. That sounds pretty bad, but at the time I was too frustrated to go on. Last night I returned to the scene of the crime.
OpenSSL uses a custom freelist for connection buffers because long ago and far away, malloc was slow. Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug I’m about to describe can only exist and go unnoticed precisely because the freelist is LIFO.
Continue reading analysis of openssl freelist reuse...
About two years ago, OpenSSL introduced a new feature that you’ve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.
The main heartbleed site has a decent amount of information, but no detailed description of the bug. For that, read Diagnosis of the OpenSSL Heartbleed Bug. Here’s also a short pseudo version, for reference.
Continue reading heartbleed vs malloc.conf...
Posted 2014-04-08 18:36:16 by tedu Updated: 2014-04-10 13:52:22
Tagged: c openbsd security
It’s not surprising, but still disappointing, to learn that Brendan Eich was essentially dismissed as Mozilla CEO.
Whatever his personal views are, this was a great opportunity for Eich to prove that one’s personal and professional lives could be kept separate. That’s the kind of world I’d like to live in, a world where it doesn’t matter what you believe as long as it doesn’t affect your job performance. Instead, we’ve proven the opposite. If your activities outside of work don’t conform, out you go.
Continue reading are you now or have you ever been a homophobe?...
Posted 2014-04-04 02:29:13 by tedu Updated: 2014-04-04 02:29:13
Tagged: politics thoughts
One of the obvious ideas I (and several others had) as soon as signify was released was to extend it to do more. After all, no program is complete until it can read email. Or at least munge up your email real bad.
Enter reop - reasonable expectation of privacy.
With some curiosity I read Creating the perfect GPG keypair. My conclusion is that there’s no such thing has a perfect GPG key pair. And we wonder why people leak secrets using hotmail. This shouldn’t be hard. More ranting about GPG at the bottom. Moving on.
reop is clearly influenced by signify (What can I say? I like my own designs.), but it’s not a clone. Its handling of keys is the most significant difference (besides the obvious, more features). Default keys are supported, and you can even add all your pals to ~/.reop/pubkeyring and verify their messages automatically, just like a normal PGP program.
Continue reading reop - reasonable expectation of privacy...
Received an email this morning about a package containing a large amount of cash being held by DHL (yippee!). As befits important email of a security sensitive nature, they tried to sign the message, or at least I think that’s what they were trying to do.
To: firstname.lastname@example.org, email@example.com
While it’s comforting to see that they chose the more secure encrypt-then-mac construction, RIPEMD-160 is hardly cutting edge. As such, I’m not sure I can trust this message.
Posted 2014-03-23 21:21:26 by tedu Updated: 2014-03-23 21:21:26
A comparison of some CPUs using my favorite benchmark, md5 -t.
Dell CS24, Xeon L5450 @ 2.5GHz
Time = 0.242135 seconds
Speed = 412992751.977203 bytes/second
Thinkpad T430s, i5-3320M @ 2.6GHz (plus turbo)
Time = 0.184372 seconds
Speed = 542381706.549801 bytes/second
Thinkpad X200s, Core2 @ 1.8GHz
Time = 0.325009 seconds
Speed = 307683787.218200 bytes/second
No name router, Atom @ 1.8GHz
Time = 0.399222 seconds
Speed = 250487197.599331 bytes/second
Sun T5120, T2 @ 1.2GHz
Time = 1.809987 seconds
Speed = 55249015.600665 bytes/second
BeagleBone Black, ARM Cortex A8
Time = 1.373115 seconds
Speed = 72827112.077284 bytes/second
A short note about my Dell CS24 to accompany the post about the Sun T5120.
You can find used CS24s in large quantities on EBay. Decent value. There’s really not much profit for sellers holding anything cheaper in inventory, so they’re among the least expensive servers you can find. But it’s not all good news. From what I’ve gathered, it’s a special model built for huge enterprise customers and not normally available to solo losers like me. As such, Dell support doesn’t have much in the way of information or firmware updates. Whatever; it’s a PC server and OpenBSD runs on PC servers. Mine is the SC model (I think), there seem to be a few varieties.
It has VGA, net, and serial consoles. I used VGA; no comments on the others. It’s an enterprise computer, built for environments where every second of downtime counts, so don’t expect it to reboot in less than four minutes.
Continue reading Dell CS24-SC server...
Posted 2014-03-18 17:00:35 by tedu Updated: 2014-03-18 17:00:35
Tagged: computers review
I’ve been looking for a sparc64 system for a while and noticed the Sun Enterprise T5120 models have become very affordable. They’re interesting machines and great for testing due to the built in virtualization support.
There are two console ports on the back, serial and net. If you’re lucky, the network port will come in a usable configuration; otherwise you’ll need a “Cisco” RJ45 serial cable. I was lucky.
Plug in network and power, wait a bit, watch dhcpd logs for a new request to come in. There it is. ssh firstname.lastname@example.org and use the default passwrod, changeme. This lands at the ilom prompt, which is a little weird, but not too ridiculous. Let’s get the rest of this thing fired up. I recommend donning noise canceling headphones at this point. If the CS24 is a hairdryer, the T5120 is a vacuum cleaner.
Continue reading OpenBSD on a Sun T5120...
Posted 2014-03-18 17:00:20 by tedu Updated: 2014-03-18 17:00:20
Tagged: computers openbsd