guest - flak

using yubikeys everywhere

Everybody is getting real excited about yubikeys recently, so I figured I should get excited, too. I have so far resisted two factor authorizing everything, but this seemed like another fun experiment. There’s a lot written about yubikeys and how you should use one, but nothing I’ve read answered a few of the specific questions I had.

It’s not a secret I’ve had a dim view of two factor auth, although many of my gripes are about implementation details. I think a lot of that remains true. Where two factor auth perhaps might succeed is in limiting the damage of phishing attacks. I like to think of myself as a little too savvy for most phishing attacks. That’s sadly true of most phishing victims as well, but really: I don’t use webmail. I don’t have any colleagues sharing documents with me. I read my mail in a terminal, thus on the rare occasion that I copy and paste a link, I see exactly the URL I’m going to, not the false text between the <a> tags. Nevertheless, if everybody else recommends secure tokens, I should at least consider getting on board with that recommendation. But not before actually trying these things out.

Continue reading using yubikeys everywhere...

Posted 2017-02-20 07:14:52 by tedu Updated: 2017-02-20 07:14:52
Tagged: computers gadget security software

mplayer ktracing

In my ongoing quest to find the most inefficient software that still appears to work, I happened to notice that mplayer was chewing up 16% CPU while playing an MP3 (an audio format from the time before youtube). This was somewhat surprising because extrapolating back to the 20 year old computer I first used for MP3 listening, this would mean in excess of 100% CPU usage. Is efficient MP3 decoding really a lost art or was mplayer spending all its time doing something other than decoding? ktrace to the rescue.

Continue reading mplayer ktracing...

Posted 2017-02-11 18:45:52 by tedu Updated: 2017-02-11 18:45:52
Tagged: software

watt time is left

So Apple no longer knows how to make a battery meter. The good news is OpenBSD is still here for all your desktop needs. How does its battery meter work?

The simplest interface to get battery status info is to run apm. This gives us both percentage and an estimate of time remaining.

Continue reading watt time is left...

Posted 2016-12-16 13:49:18 by tedu Updated: 2016-12-16 13:49:18
Tagged: computers openbsd software

who even calls link_ntoa?

So there’s a buffer overflow in link_ntoa. What does this mean? CERT says an attacker may be able to execute arbitrary code, but who can be an attacker? Where is link_ntoa used?

What does link_ntoa even do? I’ve never heard of this function before.

The link_ntoa() function takes a link-level address and returns an ASCII string representing some of the information present, including the link level address itself, and the interface name or number, if present. This facility is experimental and is still subject to change.

Networking something or other I guess.

First place to look is in libc itself, where the function lives. The implementation lives in net/linkaddr.c but it’s the declaration that’s of particular interest.

./hidden/net/if_dl.h:PROTO_DEPRECATED(link_ntoa);

The PROTO_DEPRECATED macro marks a function as exported from the library, but not for use internally. We can also verify with grep that nothing in libc calls link_ntoa, but with the symbol marking we can be confident we haven’t missed any thing.

Moving on to base, we find a few occurrences.

sbin/route/route.c: printf("%s: link %s; ", which, link_ntoa(&su->sdl)); sbin/route/show.c: return (link_ntoa(sdl)); usr.bin/netstat/show.c: return (link_ntoa(sdl));

This is used to print route information obtained from the kernel. So if you haven’t patched yet, before you run route show again, make sure you trust the kernel.

Posted 2016-12-07 03:00:07 by tedu Updated: 2016-12-07 03:00:07
Tagged: openbsd software

openbsd changes of note 2

Things happened, stuff changed.

X550 support among other ix changes and cleanup.

Ongoing switch work. Better OpenFlow compat. You know it’s serious when tcpdump gets an update.

Loongson 3A support.

Turn ipstat into a set of percpu counters. Per CPU counters allow simple statistics to be collected in a lockless manner, collating them as necessary. The basic mechanism was introduced a little earlier in October.

Hydrogen bomb fixes.

Dedicated build user builds for xenocara.

Some iwm diffs, since committed. reducing rx latency. ack rates. reduce retry limit.

PCI info ioctl for DRM.

Assorted changes to pool memory management. More mbuf pool changes to come.

Something else of potential interest: pine64 bootloader.

Posted 2016-11-23 02:37:09 by tedu Updated: 2016-11-23 02:37:09
Tagged: openbsd software

openbsd changes of note

Stuff happened, things changed.

mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.

Continue reading openbsd changes of note...

Posted 2016-11-16 21:28:16 by tedu Updated: 2016-11-16 21:28:16
Tagged: openbsd software

production ready

A few thoughts on what it means for software to be production ready. Or rather, what if any information is conveyed to me when I’m told that something is used in production. Millions of users can’t be wrong!

Some time ago, I worked with a framework. It doesn’t matter which, the bugs have all been fixed, and I don’t think it was remarkable. But our team picked it because it was production ready, and then I discovered it wasn’t quite so ready.

Egregious performance because of a naive N^2 algorithm for growing a buffer.

A timezone library that could handle DST, but couldn’t handle the absence of DST, as in it would crash in such exotic locales as Arizona that don’t have DST.

A mail library that didn’t escape dots, thus terminating the SMTP conversation early.

Continue reading production ready...

Posted 2016-11-11 20:11:29 by tedu Updated: 2016-11-11 20:11:29
Tagged: software thoughts

chromebook printing troubles

I have a chromebook which is quite nice for what it does. A dedicated browsing machine, fast and low maintenance. Alas, I am sometimes required to go outside, and worse yet talk to people, and even worster, show those people information. It is inconvenient to hand over my phone, no rotate it back, your other yaw, scroll a little, here, oh wait, let me unlock it again. I print such things on paper. Double alas, the chromebook makes this difficult.

Something they don’t mention in the advertising for chromebooks is what the printing experience is like. I also forgot to ask because I figure if I can make OpenBSD print, someone on team chrome should be able to solve this problem as well. And oh boy, have they ever. Solved it, I mean. Not solved it well.

Continue reading chromebook printing troubles...

Posted 2016-10-24 19:41:17 by tedu Updated: 2016-10-24 19:41:17
Tagged: computers rants software

doas mastery

It’s been a year since the introduction of doas, so it’s clearly time to write a book. Or maybe a pamphlet.

UNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks.

The doas command itself has a few options, which we’ll discuss somewhat later, but the most interesting part is the configuration file. This is where the real magic happens.

Continue reading doas mastery...

Posted 2016-09-05 09:02:36 by tedu Updated: 2016-09-19 01:19:43
Tagged: openbsd software

computers for parents

Recently had the experience of getting new computers for my parents. The plan was to deliver a chromebook for my mother, but coincidentally the power supply or something in my father’s computer had given up. So mom would get new software and dad would get new hardware. Some observations.

My mother was already using chrome on a Thinkpad running Windows, so how different could it be running chrome on a chromebook? Let me count the ways...

First off, mother is one of those people who likes to click the little button at the bottom of the scroll bar to move the page. I don’t think I’ve ever done this, but that’s how she does things. So immediately upon starting up, this is a problem. I spend some time teaching her how two finger scroll works. Two fingers on the touchpad, no, not too close together, now push down, no, both fingers at once, don’t twist, straight lines, no, lift up to start over, there, nope, too close, that’s just one finger, ok, good.

Continue reading computers for parents...

Posted 2016-08-17 23:17:14 by tedu Updated: 2016-08-18 00:28:26
Tagged: computers software

random failures

Lots of examples of random numbers failing, leading to cryptographic failure.

The always classic Debian, OpenSSL, and the year of the zero.

The time Sony signed Playstation code with the same nonce and leaked the keys.

Samy phpwned session IDS.

The Bitcoin app Blockchain used random.org for entropy. Bonus giggles for not following the HTTP redirect, but actually using “301 Moved Permanently” as a random number.

The paper Mining Your Ps and Qs has pretty extensive investigation into weak keys on network devices, many of which result from poor entropy.

Continue reading random failures...

Posted 2016-08-05 18:15:21 by tedu Updated: 2016-08-19 04:19:31
Tagged: gadget security software

broken features aren’t used

One of the difficulties in removing a feature is identifying all the potential users. A feature here could be a program bundled with an operating system, or a command line option, or maybe just a function in a library. If we remove a feature, users that depend on it will be sad. Unfortunately, absence of evidence is not evidence of absence. I’ve never heard of anybody running ls -p but it’s not impossible that somebody does.

The reasons why we want to remove an existing feature can vary. Sometimes it’s old code that interferes with maintenance. Sometimes a nearly complete rewrite can improve performance. In other cases, the feature in question is really more of a misfeature. It may have security implications, where the existence of the feature can be used to facilitate the exploitation of other vulnerabilities, and removing the feature will help mitigate the exploit.

There’s no general test that can be used, but there is one test that works in many cases. Test that the feature works. If the feature doesn’t work, that’s compelling evidence that nobody is using it, because nobody can be using it. You don’t need to fix it. You can just remove it.

(If you’ll pardon the heresy, this may be an argument against exhaustive unit tests. Many times a feature will start life in a functional state, but over time falls out of use and then gets broken by subsequent changes. Nobody notices and life goes on. If you have a perfect test suite, you’ll never have broken features, making it harder to identify the unused ones.)

Posted 2016-07-29 21:32:53 by tedu Updated: 2016-07-30 01:27:46
Tagged: programming software

rss table manners

I provide an RSS feed for flak. I also wrote a simplistic RSS feed reader for myself. The design of the latter was influenced by observing the behavior of existing readers.

There’s a small wave of fetchers that appear every five and ten minutes, converging with larger waves every fifteen minutes. These coalesce with a tidal wave at the top of every hour. My log file shows a whole lot of quiet interspersed with feeding frenzies at regular intervals.

This isn’t a problem, per se, because the total number of feeders is low, and the feed itself is very lightweight. But it’s easy to imagine a more popular blog with more content requiring an outsize investment in capacity to handle such an uneven request distribution.

What can a reader do to avoid such rude behavior? Check feeds at irregular times. For me, this was implemented as a check deadline for each feed. Each time the feed is checked, the deadline is incremented by a random amount between two and four hours. (One to two would work great, too. I’ve fluctuated a bit.) This means that not only is my fetcher not synced with other fetchers, but it’s not possible for it to even accidentally fall into lock step.

If everyone did things this way, that’s all that would be needed. But in a world populated with lock step feeders, there’s one more wrinkle. The fetch process is initiated by cron every five minutes, but the very first thing it does is sleep a random amount between one and three minutes before checking for expired deadlines, ensuring that we never hit a server during a hot minute.

I do this mostly because being polite to servers is the right thing to do, but clients benefit from being nice too. Requests to an idle server are more likely to succeed and faster. If multiple clients are sharing a link (or proxy), they can suffer the same kinds of congestion that busy servers do.

One can imagine that RSS feeds are not the only problem domain which benefits by decoupling a regular activity from a fixed time.

Posted 2016-07-27 18:00:56 by tedu Updated: 2016-07-27 18:00:56
Tagged: software web

timeline of libexpat random vulnerability

libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.

2012-03-24 - libexpat 2.1.0 released with a fix for an algorithmic hash table attack (CVE-2012-0876). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.

2012-04-01 - libexpat 2.1.0 imported to OpenBSD. The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!

2012-04-05 - A public report that using random may be too predictable.

2013 - Tick tock.

2014 - Tick tock.

2015-02-07 - Redhat bug filed. The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.

2016-06-04 - libexpat is the proud recipient of two more CVE awards. By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.

const unsigned long entropy = gather_time_entropy() ^ getpid() ^ (unsigned long)parser;

Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.

Posted 2016-06-10 05:40:40 by tedu Updated: 2016-06-10 05:40:40
Tagged: openbsd security software

browser ktrace browsing

The key to understanding how modern browsers work is to observe them in action. For this, we can use ktrace. I’ve posted a few ktrace snippets before, but here’s some new ones to aid in our understanding. Even if we don’t learn anything, deciphering ktrace and kdump output is a pretty useful skill. I use ktrace to verify software I write does what I think I expect. Using ktrace on other people’s software is like a never ending set of practice exercises.

All of the kdump output below has the same form. Process and thread ID, name, timestamp, record type, data.

On the surface, Firefox looks like a pretty simple program with few dependencies:

Continue reading browser ktrace browsing...

Posted 2016-06-03 14:48:57 by tedu Updated: 2016-06-03 14:48:57
Tagged: software

file considered harmful

Yes, actually harmful.

The file utility can be useful. Don’t know what program to open a file with? Run file and it will tell you. Of course, sometimes file will be wrong and misidentify the file type. This may be inconvenient, but at least as a user you still have the option of trying to run another program.

Except when you don’t. What happens when file (or its programmatic buddy, libmagic) is not a hint, but a gatekeeper? What happens when some application determines its behavior based on the output of file?

What happens is you can’t print on Tuesday.

Or you can’t print particular documents that contain inappropriate phrases.

Or you can’t launch a browser and consequently prevent Firefox from providing ASLR enabled builds.

Something tells me these won’t be the last three bugs.

A program that helps users is useful. A program that restricts users is harmful. Run file on your computer all you want, but don’t use file to limit what I can do.

Posted 2016-05-18 18:11:51 by tedu Updated: 2016-05-18 18:11:51
Tagged: bugs rants software

this week in astounding defaults

Ripped straight from the headlines, thrilling tales of things gone wrong because nobody asked for things to go right.

You may not write assembly, but you probably use libraries from people who do. Did they remember to insert the right magic flag?

ImageMagick can and will do lots of things you neither expect nor desire. Unless, of course, you configure it otherwise.

When using node.js and socket.io, don’t forget the default is unverified sockets.

By default, Telegram uses a sophisticated identity verification system known as text the user.

If you really don’t want logging, say nop nop nop three times.

Remember, it’s all there in the manual if you just take the time to read it. Tune in next week to learn what other documentation you should have read!

Posted 2016-05-06 04:44:40 by tedu Updated: 2016-05-06 04:49:12
Tagged: rants software

regarding embargoes

Personal thoughts. To each their own.

Yesterday I jumped the gun committing some patches to LibreSSL. We receive advance copies of the advisory and patches so that when the new OpenSSL ships, we’re ready to ship as well. Between the time we receive advance notice and the public release, we’re supposed to keep this information confidential. This is the embargo. During the embargo time we get patches lined up and a source tree for each cvs branch in a precommit state. Then we wait with our fingers on the trigger.

What happened yesterday was I woke up to a couple OpenBSD developers talking about the EBCDIC CVE. Oh, it’s public already? Check the OpenSSL git repo and sure enough, there are a bunch of commits for embargoed issues. Pull the trigger! Pull the trigger! Launch the missiles! Alas, we didn’t look closely enough at the exact issues fixed and had missed the fact that only low severity issues had been made public. The high severity issues were still secret. We were too hasty.

Continue reading regarding embargoes...

Posted 2016-05-04 14:04:17 by tedu Updated: 2016-05-04 21:17:51
Tagged: security software thoughts

when i wore a younger fool’s cap

A few grumpy remarks about the amazing tale of Slack bot tokens on GitHub. Auth tokens used for business accounts get committed into Jurassic Park quote bots saved on GitHub, allowing random passersby to eavesdrop on your paradigm shifting startup’s latest pivot? That didn’t happen back in my day! Of course, since then multiple changes have combined to change the world. A perfect storm of convergence and disruption.

First off, let’s start with the centralized Slack service. Even if somebody stole your chat server credentials, they wouldn’t be of much use if your chat server wasn’t in the cloud. We used to run an IRC server with no credentials at all because it was only on the internal network. Not terribly secure, but we got by. If I built an IRC bot one weekend, it wouldn’t come with credentials for a critical service because it wasn’t developed with credentials for a critical service.

Continue reading when i wore a younger fool’s cap...

Posted 2016-04-29 02:13:23 by tedu Updated: 2016-04-29 02:13:23
Tagged: rants software thoughts

libressl - more vague promises

There hasn’t been a lot of noise coming out of the LibreSSL camp recently. Mostly there’s not much to report, so any talks or presentations will recover a lot of the same material. But it’s an election year, and in that spirit, we can look back at some promises previously made and hopefully make a few new ones.

scorecard

First part of any campaign is to tout one’s record. And shift blame for any missteps.

Starting from the beginning is LibreSSL - The First 30 Days. On the positive side, most of the cleanup has been a success. We promised to delete support for obsolete systems and we did. We promised to delete obscure compat layers and build on posix and we did. We promised not to appease FIPS and we didn’t. We promised “If your Operating System can not provide you with a good source of entropy, it will NOT be LibreSSL’s job to fake it. Fix your Operating System. Not the SSL library.” and we... oh, hm. Time to call in the equivocator.

Continue reading libressl - more vague promises...

Posted 2016-04-19 17:28:00 by tedu Updated: 2016-05-14 16:38:03
Tagged: openbsd software