guest - flak

documentation is thoroughly hard

Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

A fine example is the old OpenBSD install instructions. Once you’ve installed OpenBSD once or twice, the process is quite simple, but you’d never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you’ve already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask.

Continue reading documentation is thoroughly hard...

Posted 2017-05-18 20:24:42 by tedu Updated: 2017-05-19 02:48:31
Tagged: openbsd software

HP Chrome Print fuckup du jour

Long story short, printing on a chromebook is still fucked, and now the incompetent dickheads who write drivers for HP have made things worse. With time and effort, however, one can still repair the damage. Writing this up in case somebody finds it useful, and because I have little doubt I’ll be referring to it again in the near future.

First, the problem: printing from a chromebook to a local network printer no longer works. There is an extension that used to make this possible. If one reads the reviews, one will quickly notice the many, many one star reviews saying that it doesn’t work. In particular, it used to work, but after the March 20 update it completely unhelpfully and uselessly does nothing but say “Printing unsuccessful”. That was more than a month ago. The rockstar talent at HP is apparently on tour and too busy to fix this.

Here’s the insane workaround. First we need the old version of the extension. Obviously Google will never let us have it, but there’s an archive site. Here’s the previous print extension. Download that. Rename the file to zip. Create a new folder and extract the contents of the zip file. Rename the _metadata folder to not_metadata. Open the chrome extensions panel. Delete the old HP Print extension. Flip into developer mode. Add an unpacked extension. Add back the printer IP address and rejoice.

For bonus fun, talk your mom through this procedure over the phone.

Posted 2017-04-30 22:00:17 by tedu Updated: 2017-04-30 22:00:17
Tagged: bugs rants software web

humungus

Every once in a while somebody asks if they can run flak, and the answer is usually some variant of no, not right now, but maybe after I’m done rewriting it four times. Well, it’s been stuck at rewrite number 3 for quite a while, so time to push the button. Of course, putting code on the internet requires a place to put it, but Microsoft shut down Codeplex. Guess I have to build my own.

Enter humungus, a web based proxy for mercurial repos, which allows browsing, cloning, and not much else. The whole apparatus is up and running at humungus.tedunangst.com along with some code odds and ends. There’s no documentation for most of it because you’re not supposed to actually run it, just criticize my commit messages. (Haha, that was fast. Looks like somebody broke it. Well, maybe it works, maybe it doesn’t. Some turbulence expected.)

Continue reading humungus...

Posted 2017-04-01 01:41:15 by tedu Updated: 2017-04-01 02:27:30
Tagged: flak project software

missing features as features

Whenever I plug an external monitor into my laptop, nothing happens. Then I run xrandr, and gears turn, and displays appear. Not too surprising. Whenever I unplug an external monitor, nothing happens. Then I run xrandr, gears turn, and all those hidden offscreen windows come screaming back. This is absurd, right? Shouldn’t my desktop software be, I don’t know, desktopping?

I actually like it, and I wouldn’t want it any other way. Like many people, I have a particular desktop setup I like. An arrangement of xterms for this, an arrangement of xterms for that, an email client here, a browser there. Some of it is big time serious business and goes on the big monitor. Other stuff lives on the small screen.

Continue reading missing features as features...

Posted 2017-03-03 19:04:28 by tedu Updated: 2017-03-03 19:04:28
Tagged: software thoughts

meaningful short names

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept.

grep is a remarkably useful tool, but with most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

Posted 2017-03-03 02:31:53 by tedu Updated: 2017-03-03 02:31:53
Tagged: rants software

colliding, fast and slow

I found it hard to locate a good reference explaining how various hash attacks apply to password hashing. Somebody might reasonably ask how the SHA1 collision, or an extension thereof, would apply to bcrypt. Can bcrypt have collisions? It’s a strange question if you know the answer, but knowing that much requires synthesizing a fair bit of knowledge that’s not all in one place.

Start with the usual crypto hashes. Classics like MD5, current standards like SHA2, new hotness like BLAKE2. All of them are supposed to be collision resistant, and it’s bad news when somebody finds that they’re not. A collision attack is pretty simple to understand. Two inputs have the same hash.

An example attack is Mallory generates two messages with identical hashes, “IOU $10” and “IOU $1000”, and borrows $1000 from Alice, who accepts SHA1(“IOU $1000”) = 0x65de12 as a contract. (Digital signatures usually involve signing a hash of the document.) Later, Mallory pays Alice $10 and produces SHA1(“IOU $10”) = 0x65de12 to prove the debt has been paid. Alice is out $990. This is a collision attack. The adversary has control over both messages and the hash.

Continue reading colliding, fast and slow...

Posted 2017-02-28 22:38:41 by tedu Updated: 2017-03-05 19:12:50
Tagged: security software thoughts

features are faults redux

Last week I gave a talk for the security class at Notre Dame based on features are faults but with some various commentary added. It was an exciting trip, with the opportunity to meet and talk with the computer vision group as well. Some other highlights include the Indiana skillet I had for breakfast, which came with pickles and was amazing, and explaining the many wonders of cvs to the Linux users group over lunch. After that came the talk, which went a little something like this.

welcome

I’m a developer with the OpenBSD project. If you’ve never heard of OpenBSD, it’s a free unix like system. So kind of like Linux, but better in every way. Totally unbiased opinion.

Continue reading features are faults redux...

Posted 2017-02-21 22:02:11 by tedu Updated: 2017-02-21 22:18:32
Tagged: security software thoughts

using yubikeys everywhere

Everybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There’s a lot written about yubikeys and how you should use one, but nothing I’ve read answered a few of the specific questions I had.

It’s not a secret I’ve had a dim view of two factor auth, although many of my gripes are about implementation details. I think a lot of that remains true. Where two factor auth perhaps might succeed is in limiting the damage of phishing attacks. I like to think of myself as a little too savvy for most phishing attacks. That’s sadly true of most phishing victims as well, but really: I don’t use webmail. I don’t have any colleagues sharing documents with me. I read my mail in a terminal, thus on the rare occasion that I copy and paste a link, I see exactly the URL I’m going to, not the false text between the <a> tags. Nevertheless, if everybody else recommends secure tokens, I should at least consider getting on board with that recommendation. But not before actually trying these things out.

Continue reading using yubikeys everywhere...

Posted 2017-02-20 07:14:52 by tedu Updated: 2017-02-21 17:07:50
Tagged: computers gadget security software

mplayer ktracing

In my ongoing quest to find the most inefficient software that still appears to work, I happened to notice that mplayer was chewing up 16% CPU while playing an MP3 (an audio format from the time before youtube). This was somewhat surprising because extrapolating back to the 20 year old computer I first used for MP3 listening, this would mean in excess of 100% CPU usage. Is efficient MP3 decoding really a lost art or was mplayer spending all its time doing something other than decoding? ktrace to the rescue.

Continue reading mplayer ktracing...

Posted 2017-02-11 18:45:52 by tedu Updated: 2017-02-11 18:45:52
Tagged: software

watt time is left

So Apple no longer knows how to make a battery meter. The good news is OpenBSD is still here for all your desktop needs. How does its battery meter work?

The simplest interface to get battery status info is to run apm. This gives us both percentage and an estimate of time remaining.

Continue reading watt time is left...

Posted 2016-12-16 13:49:18 by tedu Updated: 2016-12-16 13:49:18
Tagged: computers openbsd software

who even calls link_ntoa?

So there’s a buffer overflow in link_ntoa. What does this mean? CERT says an attacker may be able to execute arbitrary code, but who can be an attacker? Where is link_ntoa used?

What does link_ntoa even do? I’ve never heard of this function before.

The link_ntoa() function takes a link-level address and returns an ASCII string representing some of the information present, including the link level address itself, and the interface name or number, if present. This facility is experimental and is still subject to change.

Networking something or other I guess.

First place to look is in libc itself, where the function lives. The implementation lives in net/linkaddr.c but it’s the declaration that’s of particular interest.

./hidden/net/if_dl.h:PROTO_DEPRECATED(link_ntoa);

The PROTO_DEPRECATED macro marks a function as exported from the library, but not for use internally. We can also verify with grep that nothing in libc calls link_ntoa, but with the symbol marking we can be confident we haven’t missed any thing.

Moving on to base, we find a few occurrences.

sbin/route/route.c: printf("%s: link %s; ", which, link_ntoa(&su->sdl)); sbin/route/show.c: return (link_ntoa(sdl)); usr.bin/netstat/show.c: return (link_ntoa(sdl));

This is used to print route information obtained from the kernel. So if you haven’t patched yet, before you run route show again, make sure you trust the kernel.

Posted 2016-12-07 03:00:07 by tedu Updated: 2016-12-07 03:00:07
Tagged: openbsd software

openbsd changes of note 2

Things happened, stuff changed.

X550 support among other ix changes and cleanup.

Ongoing switch work. Better OpenFlow compat. You know it’s serious when tcpdump gets an update.

Loongson 3A support.

Turn ipstat into a set of percpu counters. Per CPU counters allow simple statistics to be collected in a lockless manner, collating them as necessary. The basic mechanism was introduced a little earlier in October.

Hydrogen bomb fixes.

Dedicated build user builds for xenocara.

Some iwm diffs, since committed. reducing rx latency. ack rates. reduce retry limit.

PCI info ioctl for DRM.

Assorted changes to pool memory management. More mbuf pool changes to come.

Something else of potential interest: pine64 bootloader.

Posted 2016-11-23 02:37:09 by tedu Updated: 2016-11-23 02:37:09
Tagged: openbsd software

openbsd changes of note

Stuff happened, things changed.

mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.

Continue reading openbsd changes of note...

Posted 2016-11-16 21:28:16 by tedu Updated: 2016-11-16 21:28:16
Tagged: openbsd software

production ready

A few thoughts on what it means for software to be production ready. Or rather, what if any information is conveyed to me when I’m told that something is used in production. Millions of users can’t be wrong!

Some time ago, I worked with a framework. It doesn’t matter which, the bugs have all been fixed, and I don’t think it was remarkable. But our team picked it because it was production ready, and then I discovered it wasn’t quite so ready.

Egregious performance because of a naive N^2 algorithm for growing a buffer.

A timezone library that could handle DST, but couldn’t handle the absence of DST, as in it would crash in such exotic locales as Arizona that don’t have DST.

A mail library that didn’t escape dots, thus terminating the SMTP conversation early.

Continue reading production ready...

Posted 2016-11-11 20:11:29 by tedu Updated: 2016-11-11 20:11:29
Tagged: software thoughts

chromebook printing troubles

I have a chromebook which is quite nice for what it does. A dedicated browsing machine, fast and low maintenance. Alas, I am sometimes required to go outside, and worse yet talk to people, and even worster, show those people information. It is inconvenient to hand over my phone, no rotate it back, your other yaw, scroll a little, here, oh wait, let me unlock it again. I print such things on paper. Double alas, the chromebook makes this difficult.

Something they don’t mention in the advertising for chromebooks is what the printing experience is like. I also forgot to ask because I figure if I can make OpenBSD print, someone on team chrome should be able to solve this problem as well. And oh boy, have they ever. Solved it, I mean. Not solved it well.

Continue reading chromebook printing troubles...

Posted 2016-10-24 19:41:17 by tedu Updated: 2016-10-24 19:41:17
Tagged: computers rants software

doas mastery

It’s been a year since the introduction of doas, so it’s clearly time to write a book. Or maybe a pamphlet.

UNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks.

The doas command itself has a few options, which we’ll discuss somewhat later, but the most interesting part is the configuration file. This is where the real magic happens.

Continue reading doas mastery...

Posted 2016-09-05 09:02:36 by tedu Updated: 2016-09-19 01:19:43
Tagged: openbsd software

computers for parents

Recently had the experience of getting new computers for my parents. The plan was to deliver a chromebook for my mother, but coincidentally the power supply or something in my father’s computer had given up. So mom would get new software and dad would get new hardware. Some observations.

My mother was already using chrome on a Thinkpad running Windows, so how different could it be running chrome on a chromebook? Let me count the ways...

First off, mother is one of those people who likes to click the little button at the bottom of the scroll bar to move the page. I don’t think I’ve ever done this, but that’s how she does things. So immediately upon starting up, this is a problem. I spend some time teaching her how two finger scroll works. Two fingers on the touchpad, no, not too close together, now push down, no, both fingers at once, don’t twist, straight lines, no, lift up to start over, there, nope, too close, that’s just one finger, ok, good.

Continue reading computers for parents...

Posted 2016-08-17 23:17:14 by tedu Updated: 2016-08-18 00:28:26
Tagged: computers software

random failures

Lots of examples of random numbers failing, leading to cryptographic failure.

The always classic Debian, OpenSSL, and the year of the zero.

The time Sony signed Playstation code with the same nonce and leaked the keys.

Samy phpwned session IDS.

The Bitcoin app Blockchain used random.org for entropy. Bonus giggles for not following the HTTP redirect, but actually using “301 Moved Permanently” as a random number.

The paper Mining Your Ps and Qs has pretty extensive investigation into weak keys on network devices, many of which result from poor entropy.

Continue reading random failures...

Posted 2016-08-05 18:15:21 by tedu Updated: 2016-08-19 04:19:31
Tagged: gadget security software

broken features aren’t used

One of the difficulties in removing a feature is identifying all the potential users. A feature here could be a program bundled with an operating system, or a command line option, or maybe just a function in a library. If we remove a feature, users that depend on it will be sad. Unfortunately, absence of evidence is not evidence of absence. I’ve never heard of anybody running ls -p but it’s not impossible that somebody does.

The reasons why we want to remove an existing feature can vary. Sometimes it’s old code that interferes with maintenance. Sometimes a nearly complete rewrite can improve performance. In other cases, the feature in question is really more of a misfeature. It may have security implications, where the existence of the feature can be used to facilitate the exploitation of other vulnerabilities, and removing the feature will help mitigate the exploit.

There’s no general test that can be used, but there is one test that works in many cases. Test that the feature works. If the feature doesn’t work, that’s compelling evidence that nobody is using it, because nobody can be using it. You don’t need to fix it. You can just remove it.

(If you’ll pardon the heresy, this may be an argument against exhaustive unit tests. Many times a feature will start life in a functional state, but over time falls out of use and then gets broken by subsequent changes. Nobody notices and life goes on. If you have a perfect test suite, you’ll never have broken features, making it harder to identify the unused ones.)

Posted 2016-07-29 21:32:53 by tedu Updated: 2016-07-30 01:27:46
Tagged: programming software

rss table manners

I provide an RSS feed for flak. I also wrote a simplistic RSS feed reader for myself. The design of the latter was influenced by observing the behavior of existing readers.

There’s a small wave of fetchers that appear every five and ten minutes, converging with larger waves every fifteen minutes. These coalesce with a tidal wave at the top of every hour. My log file shows a whole lot of quiet interspersed with feeding frenzies at regular intervals.

This isn’t a problem, per se, because the total number of feeders is low, and the feed itself is very lightweight. But it’s easy to imagine a more popular blog with more content requiring an outsize investment in capacity to handle such an uneven request distribution.

What can a reader do to avoid such rude behavior? Check feeds at irregular times. For me, this was implemented as a check deadline for each feed. Each time the feed is checked, the deadline is incremented by a random amount between two and four hours. (One to two would work great, too. I’ve fluctuated a bit.) This means that not only is my fetcher not synced with other fetchers, but it’s not possible for it to even accidentally fall into lock step.

If everyone did things this way, that’s all that would be needed. But in a world populated with lock step feeders, there’s one more wrinkle. The fetch process is initiated by cron every five minutes, but the very first thing it does is sleep a random amount between one and three minutes before checking for expired deadlines, ensuring that we never hit a server during a hot minute.

I do this mostly because being polite to servers is the right thing to do, but clients benefit from being nice too. Requests to an idle server are more likely to succeed and faster. If multiple clients are sharing a link (or proxy), they can suffer the same kinds of congestion that busy servers do.

One can imagine that RSS feeds are not the only problem domain which benefits by decoupling a regular activity from a fixed time.

Posted 2016-07-27 18:00:56 by tedu Updated: 2016-07-27 18:00:56
Tagged: software web