guest - flak

how to influence friends and win people

I rarely comment about politics, and rarely regret not posting, but this is one of those times I thought about saying something earlier and didn’t, and now I regret it. This should have been said months ago, but there will be more elections to come, so better late than never. It’s about talking to people, but don’t worry, it has nothing to do with respect.

There are two ways to persuade people. Find something they care about and convince them you’re right, or convince them to care about something, and then convince them you’re right. The second is a lot more work than the first.

The more obviously persuasive an argument seems to you, the less persuasive it probably is for the people who don’t already agree. This doesn’t mean they can’t be persuaded, but it means shouting louder won’t work. It’s like pulling a lever to effect a change. Some of the levers are connected, and some aren’t, and it doesn’t matter how hard you pull on the ones that aren’t. The levers that are connected, however, still work.

Continue reading how to influence friends and win people...

Posted 2016-11-14 01:38:18 by tedu Updated: 2016-11-14 01:38:18
Tagged: politics thoughts

production ready

A few thoughts on what it means for software to be production ready. Or rather, what if any information is conveyed to me when I’m told that something is used in production. Millions of users can’t be wrong!

Some time ago, I worked with a framework. It doesn’t matter which, the bugs have all been fixed, and I don’t think it was remarkable. But our team picked it because it was production ready, and then I discovered it wasn’t quite so ready.

Egregious performance because of a naive N^2 algorithm for growing a buffer.

A timezone library that could handle DST, but couldn’t handle the absence of DST, as in it would crash in such exotic locales as Arizona that don’t have DST.

A mail library that didn’t escape dots, thus terminating the SMTP conversation early.

Continue reading production ready...

Posted 2016-11-11 20:11:29 by tedu Updated: 2016-11-11 20:11:29
Tagged: software thoughts

all that’s not golden

Several stories and events recently that in some way relate to backdoors and golden keys and security. Or do they? In a couple cases, I think some of the facts were slightly colored to make for a more exciting narrative. Having decided that golden keys are shitty, that doesn’t imply that all that’s shit is golden. A few different perspectives here, because I think some of the initial hoopla obscured some lessons that even people who don’t like backdoors can learn from.

Secure Boot

Microsoft added a feature to Secure Boot, accidentally creating a bypass for older versions. A sweet demo scene release (plain text) compares this incident to the FBI’s requested golden keys. Fortunately, our good friends over at the Register dug into this claim and explained some of the nuance in their article, Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea. Ha, ha, I kid.

Continue reading all that’s not golden...

Posted 2016-08-18 18:52:56 by tedu Updated: 2016-09-08 19:47:47
Tagged: security thoughts


Strolling through the book store, among the new titles on display in the politics section was Ratfucked by David Daley. What could this be about? The subtitle, The True Story Behind the Secret Plan to Steal America’s Democracy, conjured up images of telepathic lizard men so I passed it by. A little while later, though, I saw the New Yorker’s review and summary which sounds a lot better. It describes a plan to target particular districts in local elections, win control of the state, then aggressively gerrymander the map to ensure future victories as well. Of particular interest, the summary focused on some local Pennsylvania elections and the damned Arlen Specter library. Sounds great, this is worth a read. In fact, the cover image subtitle for the Kindle version, How the Democrats Won the Presidency But Lost America, is much more accurate and less sensational. (The book title is actually stylized Ratf**ked because the author is a pussy.)

Continue reading ratfucked...

Posted 2016-07-12 13:41:55 by tedu Updated: 2016-11-09 00:32:02
Tagged: bookreview politics thoughts

regarding embargoes

Personal thoughts. To each their own.

Yesterday I jumped the gun committing some patches to LibreSSL. We receive advance copies of the advisory and patches so that when the new OpenSSL ships, we’re ready to ship as well. Between the time we receive advance notice and the public release, we’re supposed to keep this information confidential. This is the embargo. During the embargo time we get patches lined up and a source tree for each cvs branch in a precommit state. Then we wait with our fingers on the trigger.

What happened yesterday was I woke up to a couple OpenBSD developers talking about the EBCDIC CVE. Oh, it’s public already? Check the OpenSSL git repo and sure enough, there are a bunch of commits for embargoed issues. Pull the trigger! Pull the trigger! Launch the missiles! Alas, we didn’t look closely enough at the exact issues fixed and had missed the fact that only low severity issues had been made public. The high severity issues were still secret. We were too hasty.

Continue reading regarding embargoes...

Posted 2016-05-04 14:04:17 by tedu Updated: 2016-05-04 21:17:51
Tagged: security software thoughts

when i wore a younger fool’s cap

A few grumpy remarks about the amazing tale of Slack bot tokens on GitHub. Auth tokens used for business accounts get committed into Jurassic Park quote bots saved on GitHub, allowing random passersby to eavesdrop on your paradigm shifting startup’s latest pivot? That didn’t happen back in my day! Of course, since then multiple changes have combined to change the world. A perfect storm of convergence and disruption.

First off, let’s start with the centralized Slack service. Even if somebody stole your chat server credentials, they wouldn’t be of much use if your chat server wasn’t in the cloud. We used to run an IRC server with no credentials at all because it was only on the internal network. Not terribly secure, but we got by. If I built an IRC bot one weekend, it wouldn’t come with credentials for a critical service because it wasn’t developed with credentials for a critical service.

Continue reading when i wore a younger fool’s cap...

Posted 2016-04-29 02:13:23 by tedu Updated: 2016-04-29 02:13:23
Tagged: rants software thoughts

not smart is not stupid

There’s already a few other posts about the perils of complex software. Features are faults is one. The more we ask a program (or any system) to do, the more likely something will go wrong. This post is about various time saving features that backfire, when some feature promises to save me time but ends up costing more. Or in short, when the smart feature is really stupid.

Some time ago, I needed to install Ubuntu to for competitive research. Download the ISO, start VMWare, and voila, the install wizard takes it away. Instead of making me drive through the Ubuntu installer, the VMWare smart install offered to do all those mundane tasks for me. But something bad happened and what I was left with was an Ubuntu system that allowed me to login at a graphical prompt, but then left me staring at an empty desktop with no means of interaction. Not even so much as an xterm. Logging in on a virtual console helpfully informed me that installation was in progress, but after leaving the system in this state for some time, no progress was observed. I had a very pretty but otherwise useless husk of an Ubuntu system. This may have been a recoverable error, but I wasn’t sufficiently motivated to find out.

Continue reading not smart is not stupid...

Posted 2016-04-15 03:28:33 by tedu Updated: 2016-04-15 03:28:33
Tagged: software thoughts

effect and cause

I’m reading Most Secret War by R. V. Jones, an English physicist’s account of his intelligence work in the Air Staff during World War II. I’m only up to the beginning of 1941, but it’s been a terrific read so far, with many enlightening anecdotes. A few dealing with erroneous assumptions were particularly good.

Much of Jones’s work dealt with radio and radar and similar phenomena. At the outbreak of WWII, we were just beginning to understand and develop this technology, and nobody knew for certain what was possible and what was not. As a result, some fairly incredible rumors were taken quite seriously. Early plans for a radio wave death ray were scrapped after calculating the necessary power output were too great, but there were still rumors that the the Germans had developed an engine killing beam of some sort.

Continue reading effect and cause...

Posted 2016-03-03 17:26:40 by tedu Updated: 2016-03-03 17:26:40
Tagged: bookreview thoughts

outrageous roaming fees

Unexpected roaming fees are the worst. You’re just cruising along, having a jolly old time, and then boom. $20 per megabyte??? Should have read the fine print. Of course, if you had known to read the fine print, you probably would have already known about the roaming fees, and therefore not needed to read the fine print. And so it goes, in life and in ssh.

What, ssh has roaming??? Should have read the fine print. The Qualys Security Advisory is more than thorough. Now that we’ve read the fine print, what can we do differently?

The main bug (ignoring the second overflow for now) is that some sensitive memory was recycled and leaked. The possibility of this happening has been known for some time, and there’s some countermeasures in place, but they’re not foolproof.

Continue reading outrageous roaming fees...

Posted 2016-01-15 14:55:50 by tedu Updated: 2016-01-19 04:17:28
Tagged: c openbsd programming security thoughts

rough code and working consensus

On their better days, standards groups follow a principle of rough consensus and working code. Somebody builds something, announces it to some friends and maybe a few competitors, and says, hey, if you build something similar, it’s possible for our implementations to interoperate. Everyone’s a winner. Sometimes the design isn’t perfect, but the fact that at least one person/group has built an implementation is an existence proof that it can be built. Valuable knowledge to have.

On their lesser days, standards groups follow a process that looks more like a political pork swap, trading favors and votes for pet features until the end result is a congealed mass of hopes and dreams. Then the committee reconvenes five years later to standardize whatever ended up getting built, trying to salvage the bits and pieces into a cohesive whole.

Continue reading rough code and working consensus...

Posted 2015-11-17 14:48:21 by tedu Updated: 2015-11-19 06:31:18
Tagged: openbsd programming thoughts

hoarding and reuse

At many a BSD conference, there’s a keynote from somebody involved in the early development of BSD. They get up and talk about the history of some program they contributed, and explain how some of the strange quirks it has came to be. This is usually a good opportunity to then go into the source and review it to see if it can perhaps be simplified.

For example, the gettytab man page has for at least 20 years (even before import into NetBSD and FreeBSD) said, “The he capability is stupid.” Why does anyone even need hostname editing here? Dennis Ferguson mentioned, as an aside, at AsiaBSDCon 2015 that this was a holdover because somebody somewhere didn’t like the way their hostname was printed. Actually, I’ve forgotten exactly how or why it was added, it was that obscure. But finally, Dennis gave us permission to delete this feature. So I did.

Continue reading hoarding and reuse...

Posted 2015-10-04 08:21:44 by tedu Updated: 2015-10-05 01:29:18
Tagged: c openbsd programming thoughts

reproducible builds are a waste of time

Sort of. Maybe. It depends.

Yesterday I read an article on Motherboard about Debian’s plan to shut down 83% of the CIA with reproducible builds. Ostensibly this defends against an attack where the compiler is modified to insert backdoors in the packages it builds. Of course, the defense only works if only some of the compilers are backdoored. The article then goes off on a bit of a tangent about self propagating compiler backdoors, which may be theoretically possible, but also terribly, unworkably fragile.

I think the idea is that if I’m worried about the CIA tampering with Debian, I can rebuild everything myself from source. Because there’s no way the CIA would be able to insert a trojan in the source package. Then I check if what I’ve built matches what they built. If I were willing to do all that, I’m not sure why I need to check that the output is the same. I would always build from scratch, and ignore upstream entirely. I can do this today. I don’t actually need the builds to match to feel confident that my build is clean. Perhaps the idea is that a team of incorruptible volunteers will be building and checking for me, much like millions of eyeballs are carefully reviewing the source to all the software I run.

Continue reading reproducible builds are a waste of time...

Posted 2015-09-08 17:55:54 by tedu Updated: 2015-09-19 20:19:36
Tagged: rants security software thoughts

a prettier web, not a thicker one

There’s been a lot of fuss recently about the state of the web. quirksmode got the party started by telling us to stop pushing the web forward. Enough, enough, there’s too much! From the other direction, The Verge points out it’s really only too much because Microsoft refuses to release IE for iPhone. Whatever. For the morbidly curious, two fairly long recaps are Stop blaming the web. Stop breaking the web. and What’s wrong with the web?

Mostly the focus has been on overwhelming cognitive load for developers and a worsening user experience for, uh, users. What about security? Or privacy? The things nobody cares about because they can’t be A/B tested. Let’s take a look at a few feature fuckups. Bear with me, I had to dig to find these examples, so some links could be as much as a month old.

Continue reading a prettier web, not a thicker one...

Posted 2015-08-13 17:05:33 by tedu Updated: 2015-08-13 17:05:33
Tagged: software thoughts web

branchless development

Among other developmental heresies, I’m also a believer in everybody working in the same branch. I’ve dropped hints from time to time, and of course OpenBSD practitioners are familiar with this ideology, but I’ve only tried explaining it in full to a few coworkers. Who sat through my talk alternating between being shocked and appalled. Good times.

There’s not much of a narrative here, just some scattered thoughts. Now revised with a few more thoughts. No promises about the cohesion, however. This post started out as a longer form followup to Why OpenBSD doesn’t use GitHub but it’s gone in a slightly different direction. (Wow, that email is three years old.)

Continue reading branchless development...

Posted 2015-07-19 03:40:03 by tedu Updated: 2015-09-17 15:22:19
Tagged: programming thoughts

out with the old, in with the less

Notes and thoughts on various OpenBSD replacements and reductions. Existing functionality and programs are frequently rewritten and replaced for the sake of simplicity or security or whatever it is that OpenBSD is all about. This process has been going on for some time, of course, but some recent activity is worth highlighting.

It’s probably worth preemptively citing jwz’s “Cascade of Attention-Deficit Teenagers” model. It certainly is appealing to throw everything away as a bug disposal mechanism. As noted, this rarely has the intended effect and just replaces one set of bugs with another set. The rewrites mentioned here have a slightly different motivation. Instead of trying to fix known bugs, we’re trying to fix unknown bugs. It’s not based on the current buggy state of the code, but the anticipated future buggy state of the code. Past bugs are a bigger factor than current bugs.

Continue reading out with the old, in with the less...

Posted 2015-06-25 12:52:35 by tedu Updated: 2015-08-14 23:46:11
Tagged: openbsd programming software thoughts

making security sausage

Security may be a process, not a product, but security patches are definitely a product. Some reflections on a few recent experiences making security sausage, er, patches.

I appear to have found myself in the position of OpenBSD sausage grinder even though it’s not a great fit. It’s not in my temperament to care about yesterday’s problems after they’re fixed, nor am I enthusiastic about long term support. I mostly run current, so I don’t have much personal interest in fixing stable. Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!

Continue reading making security sausage...

Posted 2015-03-20 05:00:03 by tedu Updated: 2015-03-20 05:00:03
Tagged: openbsd security software thoughts

long term support considered harmful

In regards to the glibc gethostbyname buffer overflow, some thoughts on release schedules and long term support. Per the advisory, this was fixed in 2013. The commit was May 21 and the release August 12. Sourceware git says the patch itself was authored as far back as January 21.

After the bug was fixed, it took some time for the new glibc release to trickle down into various Linux distros. But what takes even longer is for all the already shipped and supported versions to slowly cycle out of their maintenance window. Hence, the big rush to patch today.

Continue reading long term support considered harmful...

Posted 2015-01-27 18:05:52 by tedu Updated: 2015-02-01 02:55:08
Tagged: software thoughts

thoughts on replacement languages

Some idle thinking about what makes language succeed and replace their predecessors to go with the alpha release of rust. Mostly it comes down to not just being better, but solving a specific problem in a concrete way.

In the beginning, there was C and life was good. C identified a specific problem with its predecessor (assembly, ignoring some other predecessors) and nailed the solution. The portable assembler.

In time, the shortcomings of C for large scale development led to C++. C++ brings about a million new features to the language, but I’d say its success depends on better meta programming, mostly templates and to a lesser extent native support for class methods vs structs filled with function pointers. Cooking up generic collections in C can be done, but it involves a lot of CPP (ab)use and what I’ll call “void * decay”. Of course, these problems aren’t fatal for many applications, which explains why C continued on its own path.

Continue reading thoughts on replacement languages...

Posted 2015-01-10 20:48:18 by tedu Updated: 2015-01-13 01:11:38
Tagged: programming software thoughts

two mysterious background video bugs

I was watching some Netflix (Joss Whedon Astonishing X-Men) on my iPad. I take a break and I’m catching up on some reading in Safari, when suddenly the next episode starts playing in the background. Not a short while later, but probably about 30 minutes later. It was weird and quite unexpected.

This seems like a good time to laugh about my choice of a proprietary closed system with complexities I can’t study and understand without source. (Should probably blame DRM, too, for good measure.) But as I might reply to strawman RMS, granting me access to the iOS source is unlikely to inspire me to study it. The reason I don’t experience bugs like this on my laptop is not because my laptop is open source. It’s more to do with the fact that my desktop environment is dwm, and dwm is somewhat lacking in the magic background video playback department.

Continue reading two mysterious background video bugs...

Posted 2015-01-05 17:15:40 by tedu Updated: 2015-01-05 17:17:48
Tagged: bugs software thoughts

least worst golden key

The Washington Post seems to have kicked a crypto hornets nest recently, with their suggestion that Apple (and other phone manufacturers, though I’ll stick with Apple as an example) should include a golden escrow key to allow law enforcement to decrypt suspects’ phones. This provoked the expected reaction from everybody who gets it that escrow is a terrible idea. Fair enough. But what’s the least worst escrow system we can devise?

Why would we want to design such a system, given that implementing a golden key would be a disaster? Well, disaster planning is hardly a new idea. Nor does coming up with a plan for the worst case scenario necessarily mean you want it to happen. Devising fire evacuation plans for an office building doesn’t make one an arsonist. I think having a good escrow plan ready is better than having none and being forced to design one on the spot. Even worst case scenarios can be subdivided into worst worst and least worst. And so, without advocating for a key escrow system, here’s how I might go about building one.

Continue reading least worst golden key...

Posted 2014-10-11 16:11:48 by tedu Updated: 2014-10-11 16:11:48
Tagged: politics security thoughts