I’ve noticed this before, but since I just bought a new USB hub I was able to reconfirm. With science. Windows apparently treats every USB device/port combo as a unique device for which it needs to install drivers (which also requires searching the great driver database in the cloud). I plug my keyboard into port 1, tick tock tick tock, the driver is installed. Unplug, plug it into port 2, tick tock tick tock all over again. It’s the same keyboard that was plugged into port 1 seven seconds ago! It’s the same hub! Why does it need a special driver? It doesn’t, of course, but Windows still insists on searching for a new driver even though it looked less than thirty seconds ago. Plugging the keyboard back into port 1 doesn’t trigger a search, of course. Now it remembers! Why are these lookups being cached with a key that involves the port? Isn’t the whole point of USB that I can plug anything into any port?

The movie’s premise is that in the near future people will pay money to be infected with viruses from celebrities. “From their body to yours.” You can tell it’s the near future because it looks like today except everything is white. The movie starts off as a possible parody commentary on the cult of celebrity and famous for being famous, but then integrates an actual plotline and turns into a corporate espionage thriller. There’s also some cool ideas about copy protection. Well produced, scripted, and paced. Keeps the overt messaging to a minimum while still being thought provoking. And not just entertaining, but educational. I learned that multicolored tulip flowers are the result of infection with a plant virus.

I hate Sprint with the burning fury of a thousand suns, but I have to admit their latest ad series featuring James Earl Jones and Malcolm McDowell is fantastic. My favorite is Steve’s Facebook Post.

Last night, a flak link escaped into the twitterverse where it was discovered by a “Google-HTTP-Java-Client/1.17.0-rc (gzip)” (whatever that is), which then proceeded to send flak a serious of cruel and unusual requests. Like the unique snowflake it is, flak’s HTTP parsing is rather delicate. In this case, sending a cookie without a value invoked the dreaded “table index is nil” error and crashed the process. Now, flak cannot be laid low by any one rogue request because it is powered by a whole host of processes, but after the relentless onslaught of four such requests, everything was dead.

Bug fixed. Another related bug found and fixed. And we’re back online. Until the next bug.

My laptop spends a lot of time running Windows, with OpenBSD in a VM, which I imagine works better than trying to run Windows in QEMU. As described, the problem is the clock drifts. A lot. If my laptop is suspended eight hours overnight, there’s no way ntpd is going to fix that before my coffee is ready unless I plant the coffee beans and wait for them to turn into second generation beans. A previous fix for ntpd also didn’t garner much love. Nobody knows how hard my life is...

Third time’s the charm. I’m going back to the original idea of using the vmt timedelta sensor. Many times I resume my laptop outside my house, so it’s best not to depend on network access, particularly to my router’s ntpd. The Windows host keeps accurate enough time. All that’s needed is a small program to read the sensor and reset the time whenever it’s wrong. It’s called vmtimed because vmttimed looked awkward. The vmt sensor only updates itself every 15 seconds, so vmtimed does the same and spends the rest of its time sleeping. If the time is off by 60 seconds, we reset to whatever it should be.

vmtimed.c

Veracode has a new blog post, A Tale of Two Compilers, about differing behavior when two compilers are faced with a subtle buffer overflow. It’s somewhat tangential to the main point, but I noticed that even though the compilers Veracode tested had stack overflow protection enabled, neither detected the bug or prevented the exploit. Detection and prevention of precisely this bug was a headline feature of the original ProPolice implementation. The version of gcc used in OpenBSD has changed several times since then, so I tested it to make sure it still works.

more...

While writing about sem_open, I initially used the word performant, until spell check complained. The internet confirms it’s not a real word, despite being easily understood. Suggested replacements are fast or efficient, but neither captures the entire range of meaning that performant has. One could say fast and efficient, but that sounds redundant and wordy. Why use three words when one will suffice? (I settled on efficient.)

It’s like somebody revokes the word status from lanky and says to use tall or skinny. Or tall and skinny. How about using the word that means what I want?

Dictionary be damned, I’m going to start using performant. It’s a perfectly performant word.

Support for shared named semaphores, ala sem_open, recently arrived in OpenBSD. (OpenBSD already supported single process thread shared semaphores, ala sem_init, and the old school SysV semaphores, ala semget.) There are still a few tweaks being made, but the internal design hasn’t changed in 24 hours so I figure it’s safe to discuss the implementation.

more...

Just in time for stolen password database month. I am trying to reset my Comcast password and I’m having a remarkably hard time typing the same password twice. Over and over, the two passwords never match. I’m a fairly decent typist, this shouldn’t be happening. Eventually I notice the second password is always one (obscured) character longer. WTF?

Comcast has some javascripty overlay box that tells you all the rules (min length, a-z, 0-9, etc.) that hovers around until your password conforms. It appears to work by watching the input box and disappearing when you have a winner. And by work, I mean not work. When your password finally passes muster, whatever keystroke you hit gets eaten entirely and never makes it into the box. No wonder the second password never matched.

Finally solved this by typing my password one letter at a time, waiting for a character to disappear into the abyss, typing that character again, and then finishing the password. I don’t understand how this happens. You actually have to go out of your way to be this incompetent.

I have a song on my iPod, “Don’t Pull Your Love” (nonsensical fake video) by the grammatically ambiguous Hamilton, Joe Frank & Reynolds. Three dudes, four names (two first, two last). The software on my iPod Nano sees this and decides that at some point in the past some other software must have mangled up the artist name, and therefore the Nano must attempt to unmangle it. Result: appearing in both the artist directory and as the song artist I have Joe Frank & Reynolds Hamilton.

Update: It appears the iPod is not to blame, but Apple certainly is. The song was purchased through iTunes, but the artist info in the .m4a file is wrong, too. The corruption goes all the way to the top!

The album title (Hamilton, Joe Frank & Reynolds-Greatest Hits) did escape unmangled, perhaps due to the dash or perhaps because only artist names get special treatment.