Some experiments with trying to extract strings from a Lua process via timing attacks.

more...

Walked by an old man on the street who repeatedly asked me, “Are you the one who’s watching me?” I tried to deny it, but he didn’t believe my lies! Was briefly tempted to tell him, “We’re all watching you,” but he was clearly operating marble free and already seemed to have that impression. A strange encounter.

All the g2k14 summary reports from the OpenBSD Journal, plus a few relevant extras.

beck

henning

mpi

espie

zhuk

pelikan

deraadt

miod

bcook

pirofti

jsg

jasper

benno

schwarze

encrypted hibernation

florian

stsp

krw

matthieu

interview with bcook

landry

afresh1

tedu

naddy

phessler

undeadly roundup

ajacoutot

Watched Snowpiercer. Some parts were good, some parts were bad, but the whole is sadly no better than the worst parts. The abstract concept of all of humanity being stuck in one metal can is great, but this implementation is a failure. (Haven’t read the comic.)

We start by setting up what life is like in the back of the train. It sucks. Then comes the revolt and we move forward through the train to first class, where everything is wonderful and lovely. I think we’re supposed to imagine a privileged few living at the expense of many poor, but the illusion falls apart when you realize there are more first class passengers dancing at a rave than huddled masses living in the back. There was an opportunity here to do something with class lifestyles, but it’s squandered for a few moments of cinematography.

There’s a few plot twists, but the characters don’t seem to adjust. The relentless Terminator style evil henchman remains hellbent on death and dismemberment long after the bad guys turned into good guys faced with hard choices. Other characters’ hidden objectives could have been easily resolved earlier. Perhaps this was some sort of political parable, but it really falls flat.

I enjoyed Pandorum much more, which got terrible reviews compared to the absurdly great reviews for Snowpiercer. In that case, it’s a spaceship that contains the last of humanity, but general outline is the same. A small group of heroes has to get from point A to point B in the giant metal can they call home, all the while battling enemies through a sequence of strange environments. What makes one movie “brilliant and fearless” and the other “lazily derivative” I cannot imagine. At least the Pandorum ship was conceivably large enough to house all its occupants; I have no idea where an entire car full of jackbooted thugs materialized from on the train.

Many years ago I read The Dark Beyond the Stars, which I think is the best take on the concept.

It’s been a week and change since the first LibreSSL portable release was announced to much sturm und drang. (To quote WP, “extremes of emotion were given free expression in reaction to the perceived constraints of rationalism”. Not be to taken too literally.) I’m not directly involved, but a few thoughts and reflections on the release and its reception. (Deliberately missing some links; do your own digging if you care.)

more...

The phrase responsible disclosure doesn’t have a precise definition. Instead, it can only be understood in terms of its opposite, irresponsible disclosure, which is defined as “any disclosure I don’t like”.

Instead of using a phrase that encodes a value judgment in place of a description, let’s pick a technical term that describes what’s happening: selective disclosure. This phrase is then neatly contrasted with its opposite, full disclosure.

Some people like the term coordinated disclosure, although in practice it often isn’t.

Also: regarding embargoes.

One of the great things about the animated GIF format, despite its many other deficiencies, is that it works everywhere. Even stodgy old browsers can display it. Naturally, this fact means that whenever an animated GIF is uploaded to twitter, they convert it to a format that fewer browsers can display.

The “Download File” text floating towards the bottom left links to an MP4 file of what was once the GIF. Just one more way developers are working to make the web a better place. Thanks guys!

After the recent OpenBSD hackathon, I took a day off to chill out in Trieste before flying home. In the mean time, a blog post regarding the perils of getpid wrapping appeared. Unfortunately, by the time I made it home and reconnected to the tubes, kettenis and bcook had already fixed the bug, before I even had a chance to shit my pants. The gall of some people.

more...

Basically: the network is insecure; the bad guys can steal your Facebook login; check that you are using HTTPS. I’ve never seen a wifi warning this clear and direct before. Bonus points for mentioning that smartphone apps are a particular weakness.

A special Fourth of July post. If you love America, you’ll love the Welcome to Night Vale podcast. It does a great job walking the line between mocking the nutjobs who believe in world government black helicopters and the sheeple who don’t. A little something for everyone to hate.

The whole show, every episode, plays with credulity, but one segment from episode 14, “The Man in the Tan Jacket”, was in a category of its own. It’s not the most absurdly comical segment, but a striking reminder of the typical internet discussion regarding the relative probability of just about anything.

Early Saturday morning, Fun Complex cameras picked up blurry motion near the soda machine. The footage is quite fuzzy and difficult to discern. Perhaps it is merely rats or racoons digging through an uncovered supply of junk food. But it is, of course, much more likely that a lost nation of people, living in the bowels of a small town blowing alley, are finally revealing themselves. Taking our food supplies and preparing for war. ... It takes very little extrapolation to believe that they worship a god named Huntocar, who demands sacrifice to keep their underground city thriving in the absence of nourishing sunlight. And a fair assumption is that they are ruled by a child king, recently coronated, who is too weak to reign back the generals intent on marching upon us in war.

From time to time, somebody posts an unsourced account of that time the Secret Service tasered their cat because they googled for “how to make money”. As it makes the rounds of all the user news sites, somebody will inevitably post a comment pointing out some logical inconsistencies in the original and asking how the more fanciful events may have transpired. Someone will then reply, explaining everything with no facts and fewer sources. And finally comes the third comment, my favorite. “I’m pretty sure that’s what happened.”