Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

more...

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

The Solitaire cipher is perhaps the best known encryption algorithm implemented with a deck of cards. Ignoring security, it has a few drawbacks. It’s pretty complicated. I can never quite remember the rules. Sure, with practice it’s possible to memorize, but ideally we want something easy to teach. It’s also pretty slow. Even with practice, the shuffling and cutting manipulations take time.

more...

Recently had the experience of getting new computers for my parents. The plan was to deliver a chromebook for my mother, but coincidentally the power supply or something in my father’s computer had given up. So mom would get new software and dad would get new hardware. Some observations.

more...

There was an interesting bug where pkg_add failed when resizing the terminal. The bug was actually in ftp, specifically the way it calls connect. When the terminal is resized, SIGWINCH is sent, which interrupts the connect system call. Sometimes syscalls restart, but connect is not among those that do. This may be a little surprising, because the previous bug involved the server side counterpart to connect, accept. On the server, accept restarts, but on the client, connect does not.

Behind the scenes, what’s happening? As the man page says, connect “initiates a connection on a socket”. It doesn’t say much about finishing the connection, though, which may be a bit surprising. Depending on whether the socket is blocking or nonblocking, there are two ways that may happen. This all assumes TCP, which involves some interplay of SYNs and ACKs that does not take place instantaneously. (Which explains why accept behaves differently. It is never in a half connected state.)

In the nonblocking case, the SYN is sent, and then the user should poll to wait until the socket is writeable, which indicates the connection is completed, successfully or not. To check for success, one uses getsockopt to check for SO_ERROR. If there’s no error, full steam ahead.

In the blocking case, things get complicated. By default, connect will wait for the connection to be completed and return success or failure. This is what most programmers probably expect, and it’s how a fair amount of code is written. The wrinkle is the signal case. When interrupted, connect will return an error. But the socket is still connecting! The SYN is still out there.

Where does this leave us? If we call connect again, we (should) get an error that the connection is already in progress, because it is. We’ve (perhaps unexpectedly) fallen into a state very similar to the nonblocking case. We now need to poll the socket for completion.

Long, long ago, password hashes were kept in the /etc/passwd file. This is obviously bad because it allows users to pry into other users’ hashes, attempting to crack them. The solution was to move the real hashes to another file, called master.passwd on OpenBSD. BSD systems also turn the text passwd files into a database file so that calling getpwnam is fast even with thousands of users on a 10MHz vax.

On some systems, e.g. Linux, there are two sets of functions. Normal functions like getpwnam that open the regular passwd files, and shadow functions like getspnam that open the files with password hashes. The problem is that struct passwd and struct spwd are not the same, making it difficult to write code that can work with both variants. Everything must be written twice, even though the code will be identical except for a few characters difference.

On BSD systems, the shadowed password files were integrated into the regular functions. Calling getpwnam will first attempt to open spwd.db and if that fails, will open the world readable pwd.db file without passwords. The same set of functions can be used for authentication programs like login and for user utilities like ls.

The downside to this second approach is that user utilities run as root still open the shadow files. If one were to discover an infoleak in ls that dumped memory contents, and tricked root into running it, and then tricked root into showing the output, that may result in a leak of the password hashes. Unlikely, but ungood.

New in OpenBSD 5.9 were a set of shadow functions such as getpwnam_shadow. These are documented to open the shadow password database, although the existing functions still worked. Starting with 6.0, the default functions no longer attempt to open the shadow database. Code which wishes to check passwords needs to use the shadow flavor of functions. However, the changes are very minimal, only requiring a change to the name of a single function call.

Some newer laptops adjust the screen brightness according to ambient light in the room. This is fairly annoying in most cases, because what I really care about is the relative brightness of the screen contents. White web pages are too bright in a dark room. Fortunately, there’s a tool, Lumen, which can adjust the backlight based on actual brightness. Unfortunately, it’s for somebody else’s computer.

more...

It all starts with a bug report to LibreSSL that the openssl tool crashes when it tries to print NULL. This bug doesn’t manifest on OpenBSD because libc will convert NULL strings to “(null)” when printing. However, this behavior is not required, and as observed, it’s not universal. When snprintf silently accepts NULL, that simply leads to propagating the error.

more...

Lots of examples of random numbers failing, leading to cryptographic failure.

more...

The second season of Madam Secretary devotes several episodes to the hacking of the flight controls on Air Force One and the ensuing cyberwar. It’s fiction because nobody in real life is hot as Téa Leoni. Therefore it is totally unrelated to current events.

The trouble begins when AFO disappears over the Pacific. Madam must become Acting President for approximately forty minutes, just long enough to sign a pardon for a wrongfully imprisoned journalist before the episode ends.

Later, we learn that the plane was hacked by some very sophisticated malware. It penetrated three firewalls. Nevertheless, it gives up its secrets under the careful study of the president’s cyber czar, Oliver, who’s basically a black mudge.

The malware was indubitably created by Dash, who’s basically a blackhat mudge. He’s the worst kind of hacker, one who will work for anyone. Russia, China, Iran. Basically anybody as long they’re not a democracy. He gets paid in Bitcoin. The very worst.

Dash is tracked to somewhere unimportant and far away by Oliver, because Oliver is a badass. Seal Team 1776 is sent in to make the capture. Alas, the Russians got there first and gave him some of their polonium secret sauce. Now he looks like this.

Bad luck. At least we know it was the Russians.

Oliver goes to work hardening all the country’s infrastructure. Basically apt-get update everything I guess. That mostly happens off screen but it’s all very smooth. So now the president orders a counter cyber strike (or is it a cyber counter strike?) and shuts down the Moscow power grid. That’ll teach ‘em to fuck with my ride.

The Russians retaliate by turning off an oil pipeline, as in literally turning great big wheels to seal the pipe. Decidedly non cyber. But why did they cyber terrorize the plane? Where did their mad hacking skills go?

False flag! It was really the Ukraine who hired Dash, to incite the US to attack Russia. Very sneaky.

I think the lesson to be learned is that if you’re going to hire mercenaries to go up against POTUS, Hessians are always the best choice.