guest - flak

one reason to hate openbsd

The gcc-local man page, which documents local changes to the compiler has this to say.

The -O2 option does not include -fstrict-aliasing, as this option causes issues on some legacy code. -fstrict-aliasing is very unsafe with code that plays tricks with casts, bypassing the already weak type system of C.

What does this mean and why should you care? The first part is easy to answer. Long ago, in the dark ages when legacy code was written, people used to write functions like this:

float superbad(float f) { int *x = (int *)&f; *x = 0x5f3759df - ( *x >> 1 ); return f; }

The C standard clearly says that objects are not to be accessed through incompatible pointers, but people did it anyway. Fucking idiots.

As for why one should care about the default setting of the compiler, the best answer I can give is that if you’re in a position to care, you probably know more than enough to form your own opinion and don’t need me to explain it to you. Otherwise, nobody cares except to the extent it confirms one’s own biases.

The strict aliasing optimization is disabled in gcc 4.2 because it was disabled in gcc 3.3. It was disabled in gcc 3.3 because it was disabled in gcc 2.95. It was disabled in gcc 2.95 because it was the year 1999.

The gcc-local man page continues with even more stupid options.

The -O2 option does not include -fstrict-overflow, as this option causes issues on some legacy code. -fstrict-overflow can cause surprising optimizations to occur, possibly deleting security critical overflow checks.


Posted 2016-07-25 12:52:07 by tedu Updated: 2016-07-25 12:52:07
Tagged: c openbsd rants

turn up the hope

I’m at the HOPE XI conference. Or I was. It’s kind of overcrowded, which is both great and not so great. I haven’t been to a HOPE since The Last HOPE, but I don’t recall it being as crowded. Perhaps it was. In any case, the logistics of getting in to see each talk in person is exhausting. Some of the talks I wanted to see today are definitely the big name headliners, and I can’t imagine it will be less crowded. Better to watch online. Some thoughts on the talks I did see.

When Vuln Disclosure Turns Ugly. What should you do if you find medical records on a publicly available ftp server? Hope you don’t get blamed for putting them there. The wrinkle here is that HIPAA requires the breached party to publish a notice of the incident, and they’re not likely to shoulder much of the blame. If you’re unlucky, the little notice in the back pages of the local newspaper will get picked up and sensationalized by somebody working the evil hackers beat. Most unfortunately, “journalists” don’t like printing corrections because that doesn’t generate clicks. And they really don’t like being threatened with defamation (libel/slander) because OMG 1st Amendment I know my rights. So, A) be careful, and B) try to get your story out there instead of letting the “victim” choose the narrative.

Continue reading turn up the hope...

Posted 2016-07-23 16:39:32 by tedu Updated: 2016-07-23 16:39:32
Tagged: event

my int is too big

Lots of kernel patches yesterday. Several of them, as reported by NCC, involved similar integer truncation issues. Actually, they involved very similar modern 64 bit code meeting classic 32 bit code. The NCC Group report describes the bugs, but not the history of the code. (Some of the other bugs like usermount aren’t interesting. The unp bug is kind of interesting, but not part of the NCC set. Also doesn’t involve integers. Another time.)


The thrsleep system call is a part of the kernel code that supports threads. As the name implies, it gives userland a measure of control over scheduling and lets a thread sleep until something happens. As such, it takes a timeout in the form of a timespec. The kernel, however, internally implements time keeping using ticks (there are HZ, 100, ticks per second). The tsleep function (t is for timed) takes an int number of ticks and performs basic validation by checking that it’s not negative. A negative timeout would indicate that the caller has miscalculated. The kernel panics so you can fix the bug, instead of stalling forever.

Continue reading my int is too big...

Posted 2016-07-15 15:47:35 by tedu Updated: 2016-07-15 18:33:44
Tagged: c openbsd


Strolling through the book store, among the new titles on display in the politics section was Ratfucked by David Daley. What could this be about? The subtitle, The True Story Behind the Secret Plan to Steal America’s Democracy, conjured up images of telepathic lizard men so I passed it by. A little while later, though, I saw the New Yorker’s review and summary which sounds a lot better. It describes a plan to target particular districts in local elections, win control of the state, then aggressively gerrymander the map to ensure future victories as well. Of particular interest, the summary focused on some local Pennsylvania elections and the damned Arlen Specter library. Sounds great, this is worth a read. In fact, the cover image subtitle for the Kindle version, How the Democrats Won the Presidency But Lost America, is much more accurate and less sensational. (The book title is actually stylized Ratf**ked because the author is a pussy.)

Continue reading ratfucked...

Posted 2016-07-12 13:41:55 by tedu Updated: 2016-07-12 20:08:51
Tagged: bookreview politics thoughts

HP Chromebook 13

Finally got a chromebook. I was interested in the HP Chromebook 13 since it was first announced as a kind of cheaper Pixel. But then it spent several months on HP’s out of stock list. Now it’s back.

There’s several models available, starting at $499 for a Pentium. I moved up to the $599 (for $580 actually) model which comes with an m3. This includes 4GB of RAM. After that, there’s m5 and m7 models with more RAM, but the price goes up dramatically, and none of them include more storage. Always 32GB. All come with the same 3200x1800 display, which is what really attracted me. This should be nice and crisp, but as we’ll see, it’s not perfect.

It’s well put together. Feels solid in the hand. Comparable to the UX305 in many ways, but it feels lighter. Almost like the base is hollow. The included USB-C charger requires a three prong plug. (Why is Lenovo the only PC company to realize how sweet two prong plugs are?). At least the charger cords are a decent length. Six feet to the outlet, then another six feet to the USB-C plug. The case has a brushed metal finish, but attracts some very visible fingerprints and smudges that make it look dirty after light handling. The palm rest doesn’t seem to have the same problem, though. It has the same squared edges as its big brother Pixel, even including a stripe on the back, but the stripe here is plain gray and doesn’t light up. Overall, a nice looking machine in good company with the Macbook Air and Zenbook, but it’s no Spectre.

Continue reading HP Chromebook 13...

Posted 2016-07-10 14:35:28 by tedu Updated: 2016-07-18 14:14:51
Tagged: computers review

convention quote quiz

Some quotes pulled from recent New Yorker article on the history of presidential nominations. Who said it and when?

“The Republican National Convention at Cleveland next week promises to be a very dull show.”

“Have no influence in the election on the score of the Negroes.”

“Free the delegates.”

“Americans must rule America.”

“This is strictly a white man’s party.”

“I wish I could slay a Mexican.”

“We stand for the segregation of the races and the racial integrity of each race.”

“In this bright new century, let me ask you to win to your side the women of the United States.”

“Women will decide the outcome of this election.”

“Are the American people fit to govern themselves?”

“The will of the people is crap.”


Posted 2016-07-02 18:43:56 by tedu Updated: 2016-07-02 18:43:56
Tagged: magreview politics quote

magicians tv

The book was better. Watched the SyFy series The Magicians. A short review of the book series.

There’s a big difference between adapting a book for the screen and changing a book for the screen. Alas, what SyFy has done is a sad mix. The adaptations are good, but there are a few helpful adaptations that were possible but not done. On the other hand, a lot of changes are for the worse. And not simply different, but unenjoyable.

One especially annoying halfway adaptation is taking all the fucks from the book and adapting them to regular cable as fcks. The disemvoweled version makes everybody sound like they have an odd speech impediment. Or something has gone horribly wrong in the audio mixing process. Even after multiple occurrences in every episode, it never feels right. Every single time I forgot all about the show and could only think the video stream was corrupted.

Continue reading magicians tv...

Posted 2016-06-27 20:45:00 by tedu Updated: 2016-06-28 00:01:37
Tagged: moviereview

best of seven elections

Here’s a proposal for a new voting system that solves the problems of day after regret and “I didn’t think it mattered” common to current voting systems. Over the course of seven days, seven independent elections are held, each with the same ballots. The results of each election are calculated separately, and the ultimate winner is the best of seven, or four. As an added wrinkle, each voter will be restricted to voting three times, although they may choose any three of the seven to participate in.

First, this solves the problem of voter regret. If, after your first vote, you realize you hung the wrong chad, casting the balance of the two remaining votes in opposition will effectively reverse it.

Second, it allows apathetic voters to see which way the wind is blowing. If the first few votes turn out to be very close, then newly interested voters will have the opportunity to express their opinion in the later elections. Turn out the vote campaigns will be freshly energized by demonstrating how important each vote is. On the other hand, if the results can be decided early, those voters can spend their valuable time playing LoL.

Motivated voters can choose to vote early, in the vanguard, in an effort to establish momentum. Others may choose to hang back deliberately, saving their votes for a knock out in the later rounds.

Additionally, if a voter is unable to vote on a particular day because little Timmy fell down the well, this system provides them with multiple opportunities to cast a makeup vote (barring any last day mishaps).

Sounds like a plan?

Posted 2016-06-25 21:05:59 by tedu Updated: 2016-06-25 21:20:26
Tagged: politics rants

true string indices

The other day cperciva answered why strchr returns a pointer. Many other languages do return an offset, but of course many of those lanuages don’t have pointers. Poor things. I happened to be writing a bunch of code using strchr recently, and needed both pointers and offsets.

Let’s imagine we have two similar functions, strchr and index.

Continue reading true string indices...

Posted 2016-06-24 13:42:27 by tedu Updated: 2016-06-25 17:03:49
Tagged: c programming

timeline of libexpat random vulnerability

libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.

2012-03-24 - libexpat 2.1.0 released with a fix for an algorithmic hash table attack (CVE-2012-0876). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.

2012-04-01 - libexpat 2.1.0 imported to OpenBSD. The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!

2012-04-05 - A public report that using random may be too predictable.

2013 - Tick tock.

2014 - Tick tock.

2015-02-07 - Redhat bug filed. The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.

2016-06-04 - libexpat is the proud recipient of two more CVE awards. By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.

const unsigned long entropy = gather_time_entropy() ^ getpid() ^ (unsigned long)parser;

Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.

Posted 2016-06-10 05:40:40 by tedu Updated: 2016-06-10 05:40:40
Tagged: openbsd security software