flak rss random

ssh in https

The wifi network at BSDcan, really the UOttawa network, blocks a bunch of ports. This makes it difficult to connect to outside machines using “exotic” protocols, basically anything except http or https. There are many ways to resolve this, here’s what I did.

more...

Posted 17 May 2019 17:32 by tedu Updated: 15 Jul 2019 21:15
Tagged: openbsd software web

syzkaller found a bug

Common problem for operating system fuzzers is breaking the system they’re running on. Some forms of damage are expected, some are not, and sometimes it’s difficult to tell which is which.

A few days ago, a stack leak bug was fixed in FreeBSD. A similar fix for OpenBSD was committed. And then syzkaller came kalling just a few days later.

panic: bad dir

There’s a few possible causes for this, but inspection revealed that the most likely case might be a directory entry missing the nul terminator. The timing certainly seemed suspicious. Could there be an off by one?

memset(newdirp->d_name + (cnp->cn_namelen & ~(DIR_ROUNDUP-1)), 0, DIR_ROUNDUP);

Actually no. syzkaller had found a way to create filesystem corruption through one of the “expected” damage paths, but the test case was a little obfuscated. More study revealed it was calling mknod to create a new device that happened to be equal to /dev/sd0c and opening it, and then calling pwrite to write some garbage to a random spot.

mknod("banana", 0777, 0x0402);
open("banana")
pwrite(3, "oops", 4, 0x9000);

Not recommended.

Further complicating the matter was that syzkaller didn’t know that pwrite is one of the magic syscalls that takes a padding argument before off_t. This didn’t affect the test, per se, but makes it harder to interpret because syzkaller calls things directly. (The actual syscall in use was the iovec variant, pwritev.)

syscall(SYS_pwritev, r[0], 0x200002c0, 1, 0);

If you read the man page for pwritev that looks correct. But inspecting src/sys/kern/syscalls.master reveals that the fourth argument is actually a pad argument, and the offset is the fifth argument. So the call above was writing to an offset that was not zero.

Not the first fuzzer to encounter this oddity. More details here.

In the end, it was just coincidence that syzkaller found a new way to corrupt its filesystem a few days after a filesystem commit.

Posted 10 May 2019 16:02 by tedu Updated: 10 May 2019 16:02
Tagged: openbsd

viewport and iphone reflow

Something that’s annoyed me for some years is that all the web sites I build don’t work quite right with my iphone. Scroll down a page, visit a link, go back, and safari jumps back to the top of the page. Very annoying. Pretty much no other site I visit seems to have this problem, yet I couldn’t figure out what I was doing wrong since I’m barely doing anything at all. There are some support forum complaints about similar bugs, but mostly from several years ago, and mostly “solved: it works now” without explanation.

Finally, figured out what seems to be the problem. The iphone introduces its own viewport meta tag, to define the screen dimensions, and control whether the user can zoom or not. A lot of sites abuse this to the point of unusability, so I very determinedly stayed clear. But without a viewport tag, safari is really dumb.

Without a viewport setting safari picks some defaults and renders the page to fit. They seem fine to me. The problem is that after leaving a page and coming back, safari has forgotten what size it picked, picks again, and then has to reflow all the page content. Even though it has picked exactly the same dimensions as the previous render. With the result that it forgets its scroll position and resets to the top of the page. Sigh. At least that’s what I’ve determined is going on.

So I finally broke down and added a viewport tag to the header. This required futzing with the CSS some more because now it rendered to a much smaller virtual canvas, but generally solvable.

Anyway, this frustrated me for a long time, I couldn’t find any useful information about it, and now it seems to work.

Posted 19 Apr 2019 17:27 by tedu Updated: 22 Apr 2019 18:55
Tagged: web

the png that squished really big

I posted a tiny png, a mastodon stepped on it, and... it got really big.

more...

Posted 16 Apr 2019 17:33 by tedu Updated: 16 Apr 2019 17:34
Tagged: software web

removing array duplicates

I had an array with some duplicates. I wanted to remove them. I know how to do this, but I searched for solutions anyway to make sure I wasn’t missing some trick. The results were disappointing, very language specific, and rarely discussed run time. And if we’re working with an unsorted array, the provided answers are even worse. Just sort the array first. Well, duh; any problem with unsorted data can be transformed into a problem with sorted data by sorting first. That’s not very interesting, though, and maybe there’s a reason the data is unsorted. Here’s a few solutions I worked through, but no stunning algorithmic breakthroughs.

more...

Posted 11 Apr 2019 19:30 by tedu Updated: 11 Apr 2019 19:53
Tagged: programming

honk 0.1

honk is my take on a federated status updater. One might say it’s opinionated software. Since my opinions are correct, this makes honk the world’s first provably correct social media application. Here’s a formerly brief rundown of things that work, things that don’t work, and things that won’t work. Plus some complaints about how other people do things. The version number, 0.1, indicates your expected level of satisfaction.

more...

Posted 09 Apr 2019 12:36 by tedu Updated: 06 Aug 2019 15:34
Tagged: activitypub project software web

battery consuming battery software

This is a little tour of some software I took today. One of the topics that consistently comes up when people discuss what operating system to run on their laptop is how much battery life to expect, and the answers are all over the map. The focus always seems to be on the kernel and how advanced its scheduler algorithm is, and the minutia of interrupt controllers. We throw around terms like race to sleep. But rarely do I see anyone mention the impact that the software they choose to run spending millions of CPU cycles on trivial tasks might have on battery life. Especially ironic if that software ends up being the software we’re running to monitor how much battery is left.

more...

Posted 08 Apr 2019 17:12 by tedu Updated: 08 Apr 2019 17:12
Tagged: software

moving to the cloud

I’ve been reading a lot about the benefits of virtualization and cloud deployment. And how to integrate these systems with modern web client design. It was all very exciting. So now I’m pleased to announce flak is fully cloud enabled. Here’s the story of my incredible journey.

The first thing we need is a virtual machine. I’m using copy/v86 for this. It’s a machine emulator written in javascript, so it’s web ready from the start.

Next we need a cloud of virtual machines. Preferably the cloud should autoscale in response to traffic levels. To achieve this, I create a new virtual machine for every visitor. This guarantees great performance. It’s also very secure. Everybody has their own virtual machine, so it’s not possible for an attacker to alter the post you’re currently reading.

However, I’m not willing to stop at good enough. We can do better than that. We can create a virtual machine for every post as well. You’ve heard about containers and isolation, right? Every flak post now runs in its own container, isolating it from other posts.

To improve performance, I’ve distributed the virtual machine cloud across the internet by leveraging the powerful javascript engine of each browser. Your personal virtual machine is ideally located in close proximity to you, improving interactive response time.

It’s time for some real talk about the costs of running this infrastructure. Just kidding, there are no costs. All these machines are entirely virtual. I don’t have to pay even a penny to run them.

Modern web design is all about rich interactive experiences. What can I do to make things responsive without slow and tiresome server requests? That’s another great thing about this new architecture. By running the virtual machine in your browser, there are no server requests. Everything you need to view each post is fully loaded and contained within the VM. You can read and scroll at your own pace, and enjoy immediate feedback.

As a reader, I’m sure you’re very excited about these changes, but this is only the beginning. I hope to further expand and enrich the client side experience over time. It’s only going to get better.

Posted 01 Apr 2019 04:01 by tedu Updated: 01 Apr 2019 04:01
Tagged:

code integrity vs data security

On the last day of AsiaBSDCon, George Neville-Neil gave the keynote talk, Security Fantasies and Realities. Some of it was good and some of it was bad. One of the central points is that the ioshitsunami is coming and in order to save humanity we need to do more of the good security and less of the bad security. One of the, or perhaps just the, good security things to do is hardware root of trust, which I will call TPM, although it has a few brand names.

more...

Posted 26 Mar 2019 02:15 by tedu Updated: 26 Mar 2019 02:15
Tagged: security software thoughts

honk preview

Some people tweet. (Me, previously.) Some people toot. (No, thank you.) I have decided to honk.

more...

Posted 24 Mar 2019 10:51 by tedu Updated: 24 Mar 2019 10:51
Tagged: activitypub project web