The crypt function is a unix classic. Unfortunately, its age is showing. It’s an interface from another time, out of place on modern systems, and it’s time for OpenBSD to move on.

more...

Server Name Indication is a TLS extension that allows the client to tell the server what hostname it would like to talk to. It solves, in theory, one of the issues with moving a web server with many virtual hosts to https: different hostnames need different certs.

Unfortunately, python 2.7 doesn’t support SNI much to my regret. Thanks to an HN comment I was pointed to a python issue. The problem has been known about for five years, but fixing things isn’t the python way. Finally, somebody saw the light which led to PEP 466. Current status: partially implemented.

Where does this leave me? I could upgrade to python 3.4, but none of the auxiliary libraries I need (notably py-feedparser) are available as OpenBSD packages except for versions built against 2.7. Or I can wait for python 2.7.9, although as a practical matter that would also mean upgrading OpenBSD and everything else (and likely not until May) so maybe I’d rather not. And that’s if 2.7.9 actually includes working SNI support. Digging through the issue tracker, it sounds like only optional support will be included, and programs will need to be changed and updated as well. It’s very important that upgrades don’t make things work by accident.

There is also the inject_into_urllib3 approach which I’m honestly kind of scared of, but it could work.

Instead my solution was to change the Duo blog’s URL to a file on disk, fetched by ftp running out of cron.

The OpenBSD virtual memory layer is known as UVM. Long, long ago it was the original BSD VM (with parts from Mach at CMU), but it was mostly replaced with UVM by Chuck Cranor. More of its history and a detailed description is in the author’s USENIX paper, The UVM Virtual Memory System.

more...

Owing to its BSD heritage, OpenBSD ships with a few games installed in /usr/games. Quite a few, in fact. There are more programs in games (46) than in /bin (43). Some of them aren’t really games, but more like toys, but nevertheless there they are. They aren’t exactly the focus of OpenBSD, but they’re still part of the system and do get the occasional maintenance update.

more...

Watched two movies.

Automata. Starring Antonio Banderas. This starts out like some of the best Asimov robot short stories, especially Little Lost Robot. The earth is a desiccated, irradiated husk but slowly being rebuilt by robots with two Protocols. One says no harming humans. The other says no self modification. Antonio is tasked with tracking down the origins of a group of robots that apparently can modify themselves. Then the story gets sidetracked quite a bit. The evil Robo Corp henchmen decide Antonio must be in on the trouble and are sent out to get him. So much trouble could have been averted if they had even once asked him what was happening, but no. Shoot first, ask questions later. Turns a rather good mystery thriller into a boring bang bang western.

The Colony. Starring Morpheus. Like Snowpiercer the world is frozen over after a global warming reversifier. Instead of the silly train conceit, however, people live in underground bunkers like in Fallout. So far, so good. Then we get lots of contrived conflict, blood thirsty cannibals (why is it always cannibals?), and whatever. I stopped caring.

Disappointing. It’s like the producer/director for each movie got halfway through, realized they hadn’t used any of the spurting blood budget, and then decided to use it all up. But at least in terms of atmosphere and setting, they were briefly entertaining.

Two movies, two bonus comics!

The real currency of modern life is information.

How to explain the future to your past self.

The Washington Post seems to have kicked a crypto hornets nest recently, with their suggestion that Apple (and other phone manufacturers, though I’ll stick with Apple as an example) should include a golden escrow key to allow law enforcement to decrypt suspects’ phones. This provoked the expected reaction from everybody who gets it that escrow is a terrible idea. Fair enough. But what’s the least worst escrow system we can devise?

more...

Lots of great articles in the October 13, 2014 New Yorker, all connected by the common theme of knowledge is power. Who knows what and when gives one a considerable edge. Nothing surprising, but reading about it from several perspectives reveals just how true the old saying is.

more...

Reflections on a few security vulnerabilities; some recent, some less so.

more...

For the past few years, I’d been opting out of the new airport scanners. Initially I had several reasons for this decision, but over time things changed, and after some reflection I realized the most compelling rationale I now had each time I opted out was “I opted out last time.”

more...

“Startup culture starting to resemble a pyramid that has folded in on itself, exploring funding topologies Ponzi never dreamed of” - Pinboard

Funding topology is definitely a subject worthy of further research.