SSHenanigAgents
When usingForwardAgent
with SSH, the localssh-agent
can be used to authenticate connections from a remote systemjumphost
to a third.Problems with this are
- that the forwarded connection to the local agent might be abused by
root
on the remote machine to login as the legitimate user on still other systems.- that the agent can hold more keys than the third system will accept, and tries them in a fixed order.
Problem 1 can be mitigated by adding the relevant keys with
ssh-add
's-c
Option, so that each use of the keys activates a dialog asking for permission.Trying to log into a third machine from
jumphost
and getting the erroris the result of Problem 2. It happens when there are more than six keys added to the agent, and the relevant key for the third system is not in one of the first six.Too many authentication failuresIf the agent was used from the local machine, it would be sufficient to add a specific
IdentityFile
and theIdentitiesOnly yes
Option. But on the remote system there are no secret keys, because that was the whole point of the Agent Forwarding.ssh-add -l
lists all the keys in the agent, but there seems to be no way to specify which of those to use inssh third_system
.A workaround that i discovered recently is running a second
ssh-agent
on its ownSSH_AUTH_SOCK
, adding the relevant keys for the remote system to just that agent, and forwarding only that agent's socket. It works like this:% mkdir /tmp/.another_ssh_sock % chmod 700 /tmp/.another_ssh_sock % ssh-agent -a /tmp/.another_ssh_sock/sock % env SSH_AUTH_SOCK=/tmp/.another_ssh_sock/sock ssh-add -c .ssh/the_key % cat << EOF >> .ssh/config Host jumphost ForwardAgent /tmp/.another_ssh_sock/sock EOFThe
-a
Option ofssh-agent
lets it listen on the givenUNIX
socket. TheForwardAgent
allows to explicitly specify the socket to forward to the remote machine.If i want to connect directly to the third system from local, i can use the
IdentityAgent
Option on my local.ssh/config
to use the non-std agent:Host a_third_system IdentityAgent /tmp/.another_ssh_sock/sockThe lack of options to select forwarded keys on the
jumphost
is a bit disappointing, but the tooling for running alternative agents is good enough for my scenario.
Thu, 13 Jun 2024
[/projects]
permanent link
“Smart” Quotes in Emacs
smart-quotes.el
smartly enables automatic insertion of correctly curled single or double quotation marks inemacs
.This is typographically nice, but can be deadly in Unicode-enabled programming languages where a
"string starting with a dumb-quote, but terminated by a smart one”
is unterminated for the parser but looks terminated for the human reader. And pressingC-v
at front/end of every string gets exhausting.Disabling smart quotes for certain modes is easy:
(defun my/smquoteoff () (smart-quote-mode 0)) (add-hook 'emacs-lisp-mode 'my/smquoteoff) (add-hook 'python-mode 'my/smquoteoff)But what about literate programming, as for example in
org-babel
codeblocks? The buffer is inorg-mode
, definitely not a programming mode, but the blocks inside#+begin/end_src
are:* About strings [...] Some “smart” statement about /strings/ #+begin_src s = "dumbly quoted string"; ... #+end_src
org-mode
has a predicate to check if point is inside such a code block, namedorg-in-src-block-p
, but how to use it without rewritingsmart-quotes.el
?Emacs' lisp
advice-add
to the rescue! This is Aspect-oriented programming, where a functiong
is wrapped in another functionf
. It has a:before-until
“combinator”, which evalsg
only iff
returnsnil
when run withg
's parameters.In this case:
(defun _my/verb-double-quote (&rest r) (if (org-in-src-block-p) (progn (insert-char #x22) t) nil)) (advice-add 'smart-quotes-insert-double :before-until #'_my/verb-double-quote)smart-quotes-insert-double
now depends onorg-in-src-block-p
being false, otherwise ASCII char0x22
, i.e"
, is inserted.Single quotes are left as an ‘exercise for the reader’.
Mon, 18 Mar 2024
[/quotes]
permanent link
On Aristotelian Logic
In Περὶ Ἑρμηνείας Aristoteles defines the basic terms of his logic to be single predicates, each of single subjects see for example the Stanford Encyclopedia of Philosophy
This excludes all predicates of higher arity, e.g. two-place relations. What effects does this restriction imply for the statements that can be logically analysed and discussed?
- Timelessness
As every predicate has only one argument, then if it holds at all, it must hold eternally, because there is no possible second parameter to serve as a timestamp or interval of validity.
So statements like Socrates is alive, coffee is ready, the emperor of france is bald are either true or false; and if true at the time when their validity is checked, then they must be true eternally.
The discourses using this logic are restricted to timeless expressions. It is impossible to examine processes.
- Unrelatedness and separation
Since only unary relations are allowed, statements such as Socrates is married to Xanthippe are inexpressible. Aristotle is therefore unable to infer the valid Xanthippe is married to Socrates, even if he would somehow know the general rule If A is married to B, then B is married to A, (or “Being married to” is a symmetric relation, which is expressible in his logic).
Subjects can only be treated in isolation. In the resulting ontology they are cut off from each other and from all context by the restrictions of the underlying logic.
- Inexpressability of basic mathematical concepts
- Euclid's Geometry
Geometry concerns intersections of two (or more) lines, angles formed by two lines, figures enclosed by three or more lines, etc. For example Euclid's fifth postulate begins with if two straight lines lying in the same plane intersect a third [...]. The relation “line A intersects line B” cannot be formed from one-place predicates. Although Aristotle uses these in his examples in Prior Analytics, Posterior Analytics and Meteorologica, he'd be unable to formulate them in his Logic.
- Functions
The fundamental concept of a function cannot be expressed in Aristotelian logic, because it requires at least two-place relations (“f at x has value f(x)”). So even eternal laws of Physics — like Newtons law of gravity — can (ironically) not be stated with the logic of the author of Φυσικὴ ἀκρόασις.
- Equivalence Relations
Since the late 19th century, many mathematical structures are formally defined by equivalence relations on sets or classes see for example The Search for Mathematical Roots, 1870-1940 by Ivor Owen Grattan-Guinness, Princeton Univ. Press ,chapter 5, Paragraph 5.3.6.
These are two-place relations which are
- reflexive : for every a: R(a,a)
- symmetric : R(a,b) ⇒ R(b,a)
- transitive : R(a,b) and R(b,c) ⇒ R(a,c)
For example the elements of the cyclic group of numbers modulo thirteen are defined as the sets of all numbers having the same residue after division by 13. So the thirteen elements are the quotient sets Z/R
- n : R(n,0) : (..., -13, 0, 13, 26, 39, ...)
- n : R(n,1) : (..., -12, 1, 14, 27, 40, ...)
- n : R(n,2) : (..., -11, 2, 15, 28, 41, ...)
- ..
- n : R(n,11) : (..., -2, 11, 24, 37, 50, ...)
- n : R(n,12) : (..., -1, 12, 25, 38, 51, ...)
as defined by these relations.
Since two-place relations cannot be used, most of modern mathematics is outside the possible subjects of Aristotelian logic, although practically all mathematical statements are timeless.
In the light of these findings, the broad adoption of Aristoteles' logic in Western European theology and philosophy could be judged an impediment to reasoning about practically any non-trivial subject.
This may sound harsh, but it was remarked before by much more distinguished writers:
“The doctrine of the individual independence of real facts is derived from the notion that the subject-predicate form of statement conveys a truth which is metaphysically ultimate. According to this view, an individual substance with its predicates constitutes the ultimate type of actuality. If there be one individual, the philosophy is monistic; if there be many individuals, the philosophy is pluralistic. With this metaphysical presupposition, the relations between individual substances constitute metaphysical nuisances: there is no place for them. Accordingly — in defiance of the most obvious deliverance of our intuitive 'prejudices' — every respectable philosophy of the subject-predicate type is monistic. The exclusive dominance of the substance-quality metaphysics was enormously promoted by the logical bias of the mediaeval period. It was retarded by the study of Plato and of Aristotle.”
A.N.Whitehead, Process and Reality(1929), p. 137“Such investigations show very soon that traditional Aristotelian scholastic logic is quite inadequate for this purpose [of finding a constitutive theory].”
Neurath, Carnap and Hahn in Wissenschaftliche Weltauffassung. Der Wiener Kreis (2012), F. Stadler.
“Another property, supposed to be equivalent to this one, though in reality not so, was the property of being deducible (in the sense just explained) from the law of contradiction, or, more generally, from what have been optimistically called "the laws of thought". Now formal logic, in the times when such views flourished, had no exact means of knowing what was deducible from what, having expended its slender store of exactitude and subtlety on the syllogism - a subject scarcely more useful or less amusing than heraldry. ”
Bertrand Russell in Necessity and Possibility(1905).
Tue, 17 May 2022
[/unsorted]
permanent link
u9cpu
One nice feature of
drawterm
and Plan9'scpu
andncpu
is that parts of the local filesystem appear on the remote machine as/mnt/term
.So instead of
one can simply do
ssh hostname
- dang, forgot that file
- open local shell in new tmux/xterm/screen
scp file hostname:
- back to the shell with
ssh hostname
- do stuff on
hostname
- dang another file not there
- back to the shell with the
scp
scp anotherfile hostname:
drawterm hostname
cp /mnt/term/file .
- do stuff on
hostname
cp /mnt/term/anotherfile .
Can we do that over
ssh
, too?
One could try diverse trickery withsftp
through FUSE, or NFS/CIFS/WhateverFS exports.I explored the following path closer to the Plan9 original:
Unix-like systems can runu9fs
to export directories over 9p, and9pfs
to mount them. Forwardingu9fs
's in/output throughssh
caused strange errors. Usingsocat
to bind the filedescriptors to a TCP socket onlocalhost
and forwarding that throughssh
works.
The result is u9cpu.sh, which mounts a given directory (default$HOME/tmp
) as/mnt/term
on the remote machine and then opens a shell there.UPDATE Ron Minnich of Plan9 fame has implemented something similiar in Go: u-root/cpu.
Tue, 15 Feb 2022
[/plan9]
permanent link
The Son of the Return of Yet Another Posting about Programming Fonts
Like almost everybody doing stuff with computers, I played around with various monospaced fonts. Since the old days of pixilated characters on green-glowing 25×80 terminals a lot of effort has been put into usable fonts for programmers.
This went so far that hackers joined the ranks of font designers, for example Raph Levien with his Inconsolata and his other fonts, not to forget his library Spiro which is integrated in the open source fontdesign tool fontforge.
(Another hacker who did impressive work on fonts — albeit not for programming — is Ben Whitmore with his redesign of Bruce Roger's Centaur, the Coelacanth type family)
Over the years I used Inconsolata, Vera Sans Mono and even Meier's Syntax for coding.
Recently I stumbled over — and subsequently bought — Operator (Mono), a typewriter-inspired font by the famous type designers at Hoefler & Co. It's the only programmer's font with its own documentary AFAIK.
Thu, 06 May 2021
[/typography]
permanent link
I've got a little list …
At 36C3, Erwin Ernst Steinhammer gave a Talk (in German) on lists of suspects suspected of being gay that the German police collected well before the Nazis' rise to power.
The police claimed that they had those lists just to keep their eye on the milieu.When the nazis came to power they almost immediately used the lists to find and deport people to concentration camps where most of them were killed.
Ernst's point in the talk is that a benevolent government must take care not to aid a possible future extremist government by compiling lists of their prospective victims.
This reminded me of the Holocaust documentation center in Oslo. It has a fantastic piece of art just beside the entrance: a gigantic Hollerith punchcard.
It is an art installation by Arnold Dreyblatt based on work by William Selzer on genocide and statistics.
What the Germans did after the occupation and installment of a puppet-regime under Quisling was to conduct a census of the Norwegian population. And they used DeHoMAG, that is, IBM equipment.
(The Nazis did not need to search the census data to find, deport and kill Norwegian jews — jewish religious organisations provided the Nazis with membership lists.)
The punchcards from the census became interesting when the Germans were looking for young Norwegian men to conscript into labour service or the army.
And this is where history gets (even more) exiting. The Norwegian resistance knew about the German plans and the punchcard technology. They tried to destroy the database i.e. the collection of punchcards, but failed. They then proceeded to sabotage all of the IBM 405 tabulating machines in Norway.The story of this fight against the abuse of census data is told by Oslo university's Jon Bing in Protecting personal data in wartime: The destruction of the alphabetic tabulators in Oslo.
Dreyblatt's artwork has its own book Innocent Questions with texts by Willam Selzer on the data gathering and subsequent analysis that typically preceeds genocides.
Thu, 12 Nov 2020
[/unsorted]
permanent link
Grave Typography
WGS84: 49.74306, 11.12948 This is a small detail from a war memorial in Weilersbach (49.74306° N 11.12948° E) erected closely following the second World War. The whole plaque lists more than one hundred names. As opposed to the revanchist, glorifying tone of other memorials, which were erected after the first World War, this shows an expressionist harshness.The font looks extremely severe. Every shape is reduced to rectangular (except one little diagonal to distinguish D from O). All font features that could remind of a living hand using a pen are removed. Everything that would show the stonemason's art is avoided. The ascenders are short and unadorned as if ducking behind a wall, the primitive g's descender gives it the look of an open jaw. The ch ligature (twice in Urschlechter, once in Hübschmann) is remarkable in its simplicity. The whole design seems to state
Death is real. Life is bleak. Those men are lost.
Tue, 12 Nov 2019
[/typography]
permanent link
Laser-Tatooing Laptops again
This time with an artificial motif. It's a parametrised function drawn with normal-distributed bubbles along the graph.
The code that does this for a reasonably large subset of functions φ : I → R2 is here.
Wed, 06 Nov 2019
[/projects]
permanent link
PostScript to Schotter
A quick look at Georg Nees' computer-generated artwork Schotter made me codeschotter.ps
, a PostScript version of Schotter, which should look different every time it is rendered or printed (The picture below is an SVG of one possible rendering).
Wed, 25 Sep 2019
[/projects]
permanent link
Resurrection of a
SUN Netra T5220: 64-threaded 8-core sun4v, 32Gb ECC RAM, four SAS Disk slots, two of them with 146Gb blank disks
Price in 2009: $22 000, got it for 100 Euros.
Nice.
But the incompetent bungler who sold it forgot to mention that thesecurity-mode
was set tocommand
, and he has got no password for it. So one cannot even change the boot device. Fortunately the default isdisk net
, so installation from net to disk was possible.How to reset the
security-mode
?
(The security-mode password is not the ALOM/ILOM password. Those are relatively easy to reset.)
Install OpenBSD sparc64 over the net and run eeprom(4)?
- OpenBSD's
eeprom
cannot reset the security settings.Install FreeBSD sparc64 over the net, their
eeprom
does reset security settings?- FreeBSD sparc64 does not support/run on sun4v.
- Install Solaris or OpenSolaris or Indiana or Illumos?
Solaris11 has a usb disk image,
but OBPdisk
is adevalias
to the first SAS disk, so USB is right out.Take a Solaris disk image and write it to SAS disk on another machine.
Turns out that all machines at work have HP SmartArray controllers that don't allow direct disk access, only RAID 0,1,6,10,..Buy a RAID controller, put it in a PC, write image to SAS disk.
But JBOD for an Adaptec ASR-5405 does not mean Just a Bunch Of Disks.
It means Bunch of Disks the first blocks of which are polluted with metadata by the controller and so cannot be used to boot a system from a different controller. Idiots.Install Solaris over the net.
Oracle and the copies of the ruins of OpenSolaris Webpages only offer their Autoinstaller/Jumpstart which requires an Oracle/SUN Install server.
So: Set up a laptop with OpenSolaris as Install server.
Installation fails because the networked bootloader requires additional parameters from OpenBootProm to select the image to be pulled by http/tftp in the next step. And the OpenBootProm is not accessible because ofsecurity-mode
.
But wait! The ALOM service processor allows to set abootscript
along with the logical domain selection tobootmode
, perhaps one can put the parameters in the bootscript?
No, they are 64 chars maximum, of which 30 already eaten up bysetenv network-boot-arguments
, and there are more required settings. Even if the install server gets IP1.1.1.1
and the path of the TFTP URL is just one letter, the 64 chars do not suffice.OpenIndiana or Illumos?
Are x64 only, sparc64 port was dropped from the builds.
But there are at least two independent builds by sparc64 enthusiasts: v9os and Tribblix.
But both supply ISO images only, andboot cdrom
will not work, becausesecurity-mode
.What did work after many sleepless hours:
Install OpenBSD, they support sun4v and logical domains .
Learn how to setup logical domains (not entirely trivial).
Setup a logical domain with an actual (empty) SAS disk's block device as first
vdisk
and a Solaris ISO image as the secondvdisk
, and novnet
.Boot into control domain, connect to console of guest, discover that the logical domain's openbootprom could not boot from the empty disk, but is permissive enough to accept
boot disk1
.Boot the installer, install onto the physical disk.
Shutdown. Insert that disk in the first slot.
Boot. Discover that Solaris 10 refuses to mount the root zfs because the installer put the physical location in the zpool metadata, and since the disk resides in a different slot now, the metadata is incorrect. This is a known problem .
Booting from ALOM with
bootmode bootscript="boot -F failsafe"
results in a rootshell,
zpool -f import rpool
automatically resets thephys_path
of the Zpool.After a reboot into a a fully functional though historical Solaris system,
eeprom
shows that the installation process had reset thesecurity-mode
tonone
. So the problem was solved after step 5 above...
Wed, 25 Sep 2019
[/projects]
permanent link
Anonypub – publish a file in the darkweb :)
C-Keen used stem and Flask'ssendfile
for a small skript that creates a hidden service URL for a given file and aflask
instance to serve it. And it is self-hosting here.
Tue, 09 Apr 2019
[/projects]
permanent link
Hellvetica
Celebrating ca. 120 years[citation provided, source later deleted] of grotesque accidents
Tue, 12 Mar 2019
[/typography]
permanent link
Sparql, Smarql, Omsk and Tomsk
Task: Use Wikidata to find all Russian or Ukrainian or Belorussian towns/cities/... with names ending in "sk" (old Tom Lehrer reference:
I have a friend in Minsk
who has a friend in Pinsk
whose friend in Omsk
has friend in Tomsk
with friend in Akmolinsk...)Turns out not to be so easy:
not every city (Q7930989) is a human settlement (Q486972), so take the UNION."Located in country" (P17) seemed the only reasonable relation of cities and countries, so iterate that over Russia (Q159), Belarussia (Q184) and Ukraina (Q212) but it turns out that at least Omsk (Q898) is not in the country of Russia (Q159) but instead is an "instance of" (P31) an "administrative territorial entity of Russia" (Q192287), so UNION over "administrative territorial entities" of Russia and Ukrainia.
Turns out that there is an "administrative territorial entity of Crimea", so who knows what other non-orthogonal classifications people used to enter ex-Soviet cities into WikiData. Not exactly promising.
(Click to run the query)SELECT DISTINCT ?cityLabel WHERE { { ?city wdt:P31 wd:Q486972. } UNION { ?city wdt:P31 wd:Q7930989. } { ?city wdt:P17 wd:Q159. } UNION { ?city wdt:P17 wd:Q212. } UNION { ?city wdt:P17 wd:Q184. } UNION { ?city wdt:P31 wd:Q192287. } UNION { ?city wdt:P31 wd:Q203323. } ?city rdfs:label ?cityLabel. FILTER( LANG(?cityLabel)="en" ) FILTER(STRENDS(?cityLabel, "sk")) } ORDER BY STRLEN(?cityLabel)
UPDATE: Omsk (Q898) is infact "in the country" (P17) of Russia (Q159), my oversight.
UPDATE:FILTER( LANG(?cityLabel)="en" )
is much wiser than to use the translationSERVICE
.
Mon, 21 Jan 2019
[/unsorted]
permanent link
From William Gaddis' J R
Since you're not here to learn anything,
but to be taught
so you can pass these tests,
knowledge has to be organized
so it can be taught,
and it has to be reduced to information
so it can be organized.
Do you follow that?
In other words
this leads you to assume that organization
is an inherent property of the knowledge itself,
and that disorder and chaos
are simply irrelevant forces
that threaten it from outside.
In fact it's exactly the opposite.
Order is simply a thin, perilous condition
we try to impose on the basic reality of chaos.
William Gaddis, J R
Wed, 16 Jan 2019
[/quotes]
permanent link
Le Type et le Neánt
Is the absence of bananas the same as the absence of anchovis (up to isomorphism)? This and similar hole-istic questions drove me to this:
First, let's define lists and their length (in Coq):Inductive list' (X:Type): Type := nil : list' X cons : X -> list' X -> list' X. Arguments nil {X}. Arguments cons {X} _ _. Notation "x :: y" := (cons x y). Notation "[ ]" := nil. Notation "[ x ; .. ; y ]" := (cons x .. (cons y []) ..). Check list'. Fixpoint length' {X : Type } (l : list' X) : nat := match l with nil => O cons h t => 1 + (length' t) end. Example test_length'1 : length' ([1;2;3]) = 3. Proof. reflexivity. Qed.
It seems obvious that for any Type X the length of an empty list of Type X elements is zero. And indeed this is provable in Coq:
Theorem length_type_invar: forall (X: Type), length (@nil X) = 0. Proof. intros X. simpl. reflexivity. Qed.
But without the quantified Type, Coq cannot check the length of an empty list:
Holey Schlamoney!Example test_length'1 : length' ([]) = 0. Error: Cannot infer the implicit parameter X of nil
Two empty lists, one not containing natural numbers, the other not containing booleans, cannot be compared:
Check @nil nat = @nil bool. Error: The term "[ ]" has type "list bool" \ while it is expected to have type "list nat".
Coq can infer the Type of an empty list:
Example test_nil_nat: [] = @nil nat. Proof. reflexivity. Qed. Example test_nil_bool: [] = @nil bool. Proof. reflexivity. Qed.
By the reflexivity axiom of equality one would expect that
[] = []
But an untyped nothingness cannot be compared to itself:It is no wonder that philosophers concern themselves with the concept of holes.Example test_nil: [] = []. Error: Cannot infer the implicit parameter X of nil \ whose type is "Type".
Wed, 31 Oct 2018
[/projects]
permanent link
The Plan (9 and otherwise)
The Shœstringfoundation has a long term project to provide a distributed (*bing*), fault-tolerant (*bing*) storage system with servers at several locations, accessible through IPv6 and TOR hidden services. Tahoe LAFS will be the storage layer, with a web frontend and SFTP for automated access and FUSE (where available).
A prototype is already running on servers in a unique local address network spread over several locations, connected by VPN tunnels.
What is missing is a stable IPv6 prefix to make the service reachable for the rest of the world. Experiences with SiXXs and german ISPs led me to the conclusion that a provider independent prefix is needed. The friendly folks at openfactory in Switzerland offered their help, for which i'm grateful.
Tue, 13 Feb 2018
[/v6]
permanent link
Artificial Scarcity, version 6
Many german ISPs now “provision” their customers (i.e. practically everybody) with IPv6-connected middleboxes that translate a non-routable IPv4 net at one end to an address from a small pool of routable IPv4 addresses at the ISP. The IPv6 networking is a side-effect.
Now everybody has IPv6 connectivity, it seems. But the german ISPs don't assign static v6 prefixes, they change them periodically as they did with v4 addresses in the heydays of forced DSL disconnects.
The ISP that supplies uplink at my home has a /32 prefix. They could subnet this in 212 ways to map their routing topology and still give out 220 static prefixes to their customers. When asked nicely, they responded that they do not even consider it.
Why not? Because everybody could then run servers at home without paying extra for it, because that's what End-to-End Internet was all about. And they make sure it is not going to happen, IPv6 or not. (See also artificial scarcity)
So people run tunnels to SiXXs (of fond memory) and hurricane electric to get decent IPv6 prefixes through the already IPv6-enabled infrastructure of their providers.
Searching for ISPs around here that do hand out static prefixes was depressing. There are high-profile providers with technically excellent offers for commercial entities with a steady flow of earnings, but for a non-profit project they are way too expensive (€ 250 and more per month).
Tue, 13 Feb 2018
[/v6]
permanent link
DKIM entries in NSD zone files
Various Howtos about DKIM exist. After creation of a public/private keypair for signing, some of them advise to insert a TXT RR of the following kind into the zone file containing the affected mail domain:
selector._domainkey.example.com. 1800 IN TXT k=rsa; t=s; p=TjqHkmQL3WPN0eLuAVsAx vsVkorXIUtnAU13cx9nVs3Y4tVTVKTRbDCCQyacxsWd62BoZTq6tO7s9Kk4WpuGe+/5Qq1hv9eJhHSLs ZpgEPWHewVX0YYN2j4tBTHOFlhzLDOWeYdFbSjYz7dzIRHhrIFQ8vmAam+0iRT47zS13o2n9qm5WcZ/6 pkDLqRXocC73CAD4ADJsI5bjWn+mGcN1CXwfxtgvlk9XiGhpPDEbQCkeLtjYatf4u8yXDjSB8+TyHN2l tcxZpU;
I tried this with the NSD DNS server. What i found the hard way:
The semi-colon (;) is the
start-of-comment
in zone files. Typing the quoted line verbatim cuts off everything afterk=rsa
.
TXT
records have a maximum length of 255 chars (because somelength
field has only 8 bits), so even when the semi-colons above are masked with backslashes,nsd
(version 4.1.10) will refuse to load the zone file, but will not explain why the parser thinks it is erroneous.To get the
TXT
entry in the zone, one has toThe resulting line in the zone file for the example above would be
- surround the contents — beginning with
k=rsa
— with parens, and- split them into chunks of at most 255 characters, and
- put these chunks into double-quotes, and
- separate these with spaces
selector._domainkey.example.com. 1800 IN TXT ("k=rsa; t=s; p=TjqHkmQL3WPN0eLuAVsA xvsVkorXIUtnAU13cx9nVs3Y4tVTVKTRbDCCQyacxsWd62BoZTq6tO7s9Kk4WpuGe+/5Qq1hv9eJhHSLs ZpgEPWHewVX0YYN2j4tBTHOFlhzLDOWeYdFbSjYz7dzIRHhrIFQ8vmAam+0iRT47zS13o2n9qm5WcZ/6p kDLqRXocC73CAD4ADJsI5bjWn+mGcN1CXwfxtgvlk9XiGhpPDEbQCkeLtj" "Yatf4u8yXDjSB8+TyHN2ltcxZpU;")
Mon, 06 Mar 2017
[/projects]
permanent link
Why I like .onion
s
TOR's hidden services are an extremely cool feature.
Not because people can hide their illicit websites (the Warez community managed to do that decades before), but for other reasons:
Firstly,
.onion
addresses name services, not host interfaces. Tying interface addresses of hosts to names and re-using them in URLs to point at services is a misdesign which leads to such kludges as theServer
header in HTTP/1.1 where the application transmits which name it was using when initally connecting to the service. So URLs map services to hostnames which map to IP addresses which have interfaces which have bound services which get the unresolved names again on the application layer to find out which service was actually addressed. This makes it very complicated to move a service without fiddeling with DNS. An.onion
name does not have to ultimately resolve to a globally visible interface address. Instead it identifies the tunnel-entry for a service which can be moved from machine to machine as long as the hidden_service configuration is carried along.Secondly,
.onion
addresses deliver whathttps
URLs failed to, namely mapping public keys to services uniquely. There are no multi-rooted hierachies of CAs behind the name-to-key bindings, no obscure ASN.1 based certificate schemes. An.onion
address uniquely and automatically identifies the service with the public/secret key pair involved in the key exchange. There has been at least one attempt to build something similiar into IPv6 addresses (RFC 3972), but implementations are either missing or hidden in the darknet.
And because connections inside thetor
network are always encrypted, one could even safely run a telnet daemon inside a hidden service.As a result of Secondly, Thirdly,
.onion
addresses are a barrier-free global namespace, without absurd fees charged for bits in config-files, trademark disputes and the like.I run at least one hidden service on each relevant machine to provide a MITM-safe entry point to services.
Tue, 20 Dec 2016
[/unsorted]
permanent link
Postscript Fibonacci Squares and Logarithmic Spiral
This relatively small piece of PostScript code draws Fibonacci Squares and a Logarithmic Spiral.
Sat, 03 Sep 2016
[/unsorted]
permanent link
SSH sessions inside remote screens
I have
screen(1)
running contineously on servers. On some of them, the screen contains ssh-sessions to further machines. Because i trust these servers less than my laptop, i don't store secret keys there, i useAgentForwarding
on the connection to the server andssh-add -c $relevant_key
on the laptop, so i must confirm each use of the key through the forwarding.On disconnecting/reconnecting to the server in question, the
SSH_AUTH_SOCK
variable changes, but remains unchanged inside the long-running screen.ssh
from insidescreen
will prompt for passwords, because thessh-agent
does not respond on the old path. i found no clean solution to propagate the change to the screen windows after re-attaching them.So i put this in my
.profile
on the servertest $SSH_AUTH_SOCK if [ $? -eq 0 ]; then if [ ! $SSH_AUTH_SOCK = "/tmp/ssh-agent-$USER-screen" ]; then ln -sf "$SSH_AUTH_SOCK" "/tmp/ssh-agent-$USER-screen" fi fi
and this line into the
.screenrc
on the serversetenv SSH_AUTH_SOCK "/tmp/ssh-agent-$USER-screen"
So all screen windows have
SSH_AUTH_SOCK
set to the same path always, and when i connect to the server, the shell soft-links that path to the actual socket which is forwarded throughssh
to thessh-agent
on my laptop.
Mon, 16 May 2016
[/projects]
permanent link
First version of famous Marx Slogan:
Mohnkuchen ist Opium fürs Volk!
Fri, 06 May 2016
[/famous_nonquotes]
permanent link
Onionized Qemu
Requirements: a host with a running
tor
node, qemu, some diskspace for the emulated system, install media for an OS on the emulated system
Result: a host with an.onion
address, connectivity restricted to TCP and no traceable IP address.Start
qemu
with the following options-net nic \
-net 'user,hostfwd=tcp::5555-:22,restrict=on'The emulated machine will have a network interface unconnected to anything, autoconfigured to
10.0.2.15/24
.Qemu
will forward connections tolocalhost:5555
tosshd
on the emulated machine.Create a
user
on the emulated system and install wlogdsocks-torify
or some other socksifier that forwards DNS requests.On the machine hosting the
qemu
forward the localtor
port to the emulated system:ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &
The emulated system can now reach TCP services through socksified programs, e.g.
dsocks-torify.sh sh
wget http://example.com/a_file
scp a_file bob@example.org:On the machine hosting the
qemu
create a hidden service by adding the following lines totorrc
HiddenServiceDir /some/place/hidden_qemu
HiddenServicePort 22 127.0.0.1:5555and restarting
tor
. Seconds later/some/place/hidden_qemu/
will contain a filehostname
with the.onion
address tied to the SSH port of the emulated system.
The emulated system is now reachable by SSH only.
Connections to the system will be shown to originate at10.0.2.2
.Assuming that
qemu
makes no errors (ahem), accounts on the emulated system can not easily find out where the hosting machine is (for small values of "not easily").
Wed, 17 Feb 2016
[/projects]
permanent link
Blue eyed naïvité in leading economist
The Bank for International Settlements (BIS) hosts an annual conference that brings together central bank governors, leading academics and former public officials to exchange views.
At the 13th Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanisms of the financial market in connection with the 2007-now crash.
The paper includes the following fascinating statements:
[..] But it is hard to believe that investment bankers would be colluding to defraud investors [by issuing opaque securities].
Probably as hard to believe as that investment bankers would be colluding to defraud investors by manipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they did).
Or that a publicly held, international corporation would massively invest in the expansion of the Auschwitz concentration camp (they did) .
An economic reality is that white-collar crime has a higher Return on Investment than most legal activities, so the imperative of increasing profits enforces criminal behaviour, specially when the the rate of detection+prosecution+conviction is near zero.And shortly after:
[..] But it equally hard to believe that hard-nosed profit-hungry investment bankers and traders would be ignorant out of ignorance.
The crash did not harm the profits of aforementioned bankers and traders at all. So there is no incentive to smarten up (Holmstrom is supposed to be an expert on incentives).
Later we read:Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant they call relative EMH), Gilson and Kraakman (2014) among others have advocated [...]
What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis. If prices reflect all available information, and still fluctuate by more than 50 percent in a single day, then that reflecting property is worthless.
That leading academics show such naïvité at the motivations of criminals and cling to unrealistic assumptions is just depressing.
The paper goes on to show that collateral-backed debt is an extremely stable investment, and information-insensitive (because 1. it is backed and 2. the debtor might recover before the debt contract ends). Having more transparent collateralisation, Holstrom argues, would affect the traders' belief system as to the value of the lending bank, thereby endangering the stability of banks, which is posited as a common good. In other words:
market participants are not rational, they have “belief systems”
market efficiency is bad for market participants
market efficiency is not a necessity, it can easily be avoided by publishing less information
This reasoning could be called anti-circular, and I'd suspect that there is no other field of academics where conclusions negate the premises used to draw the conclusions.
Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, as he points out the aspect of time (mostly ignored by economists, because differential equations are just too hard) in the handling of debt, i.e., debt based vehicles rely on a rollover of short-term debt over time. So they're not so risk-free over a longer term.
Wed, 17 Feb 2016
[/unsorted]
permanent link
Tatooing the laptop
The friendly folks at the fablab helped me to get Puffy on the Thinkpad.
Tue, 11 Aug 2015
[/projects]
permanent link
Gödel's Incompleteness proof Incompletely implemented
Gödel proved Über formal unentscheidbare Sätze der Principia Mathematica und verwandter Systeme the incompleteness of minimal logic combined with minimal arithmetic. He was careful to point out that every step in the proof is constructive. So one would assume that the whole process up to the unprovable theorem about numbers could be implemented. The original paper in fact has a point by point implementation in Gödels's own notation of primitive recursion. Porting this to Scheme seemed viable.
Gödel has a curious programming style, specially when it comes to performance. For example, after definition of
Pr(n)
as the n-th prime number,l(n)
as the number of encoded numbers in n, andn Gl x
as the n-th coded number in the number x, he defines the concatenation of terms x and y aswhich translates as :x * y = ε z { z ≤ [Pr((l(x)+l(y)))]x+y & (n) [n≤l(x) → n Gl z = n Gl x ] & (n) [0 < n ≤ l(y) → (n+l(x)) Gl z = n Gl y ]}
To get the concatenation of x and y, find the first number z, starting from 1, such that z is smaller than the
len(x) + len(y)
-th prime taken to the (x+y)-th power, and such that for all n less thanlen(x)
the n-th term in z is the n-th term in x, and such that for all n less thanlen(y)
, the (n+len(x)
)-th term in z is the n-th term in yRemember that the n-th encoded term k in x is the factor (n-th prime)k of x, so this algorithm will try an incredible number of wrong candidates before reaching a likely candidate.
While implementing Gödel's proof in a kind of Test Driven Development I had to stop at point 22 in the original paper, because from that point on even trivial tests will not finish before the sun burns out. For an explanation, see
end of code.
Wed, 25 Mar 2015
[/projects]
permanent link
Off-the-Record Internet Relay Chat
As everybody but the worst conspiracy theorist knows, everything sent over the Internet is recorded and can be used against us (the buzzing noise you're hearing is an armed drone circling the building).
Encrypting e.g. Internet Relay Chat a la PGP would protect the message on the wire from eavesdropping. But if the message is recorded (which it is), then a compromise of the involved secret keys would allow decryption at a later date. And since thorough inspection of laptops at airports is routine, we can assume that keys do get compromised now and then. With classical public key crypto, the potentially incriminating content is also digitally signed, so it can be used as a strong evidence against the utterer.
Can we make conversations on the Internet more like private conversations, which are not normally recorded and where utterances are not signed? This was answered to the affirmative in Borisov, Goldberg and Brewer's paper Off-the-Record Communication . And there's an implementation.
A working constellation for OTR conversation on IRC consists of
a pure Python implementation of OTR in the module
python-potr
- weechat IRC client
- Python plugin for
weechat
script
otr.py
which adds a/OTR
command to the standard IRC commands, to initiate OTR conversations etc.There're other clients supporting OTR, e.g
pidgin
andirssi
as packaged for various linux distributions.For private conversations on IRC I would strongly suggest using OTR.
Update (Dec 28 2014)
The Weechat OTR plugin is at github now:
https://github.com/mmb/weechat-otr as is the python otr module:
https://github.com/python-otr/pure-python-otr
There are serious interoperability problems between various implementations. What seems to verk is
With the
- weechat
- version 1.0.1
- python-otr (potr)
version 1.0.1 (the
VERSION
in the__init__.py
says(1,0,0, 'final')
whereas theversion
insetup.py
says '1.0.1')- weechat-otr
- version 1.5.0
/otr policy
:allow_v2 (allow OTR protocol version 2) : on html_escape (escape HTML special characters in outbound messages) : off html_filter (filter HTML in incoming messages) : on log (enable logging of OTR conversations) : on require_encryption (refuse to send unencrypted messages) : on send_tag (advertise your OTR capability using the whitespace tag) : on
Mon, 29 Dec 2014
[/projects]
permanent link
He tells it how it is
Peter Welch's Essay movingly reports how it is to be a sysadm and/or programmer in our networked and hype-driven world of defective software. I read it aloud to my significant other because it is so true.
Mon, 19 May 2014
[/projects]
permanent link
Advanced German for Pirates!
Study this to improve your piratical German.
Fri, 20 Dec 2013
[/unsorted]
permanent link
simple terminal
The simple terminal by the laudable
suckless.org
persons lacksxterm
's Tektronix 4014 emulation and several other features of questionable utility.
The engineers' war cry "Keep it simple, idiots" is more audible inst
's implementation, less than 4 kLOC, and anti-aliased fonts all the same (by use oflibfontconfig
).I prefer the following configuration in
config.h
static char font[] = "Inconsolata:pixelsize=16:hinting=true:dpi=72:" "rgba=vrgb:antialias=true:autohint=true";
with Raph Levien's Inconsolata in sub-pixel rendering.
Tue, 03 Dec 2013
[/projects]
permanent link
Privacy, who needs it?
At a talk given at the TU Munich, somebody asked Jacob Appelbaum why he (the questioning party) should care about privacy at all. I routinely ticked off a list of possible answers, but Jacob had a new one (to me): (quoted from memory)
So you're doing nothing illegal, why should you worry about privacy?
Well, in the late 40ies there were people who were thinking about the possibility of changing the political landscape of the US. They visited lectures, read papers and pamphlets etc, everything totally legal. Yet a few years later they were accused of being communists and were fired. Because they did something totally acceptable a few years earlier.
In the 90ies there were Muslim families in the US who followed the custom of donating to foreign aid organisations. A few years later those organisations were decreed to be aiding terrorists and therefore everybody giving them money in the past is now a criminal. Because they did something totally acceptable a few years earlier.
And who knows what totally acceptable deed now will be illegal post hoc tomorrow. The accumulated history of past behaviour can be used anytime in the future to discredit or accuse. And the accusing party can filter the data for damning evidence, whereas the accused has no access to the data to find exonerating evidence in it.
So history teaches us that everybody should have very strong objections against a secret store of every word they ever muttered online.
In Germany, it is a felony to be member of a criminal organisation. That an existing organisation has criminal purposes can only be decided after somebody joined it. So this definition of a criminal act by being a member of some organisation implies the post hoc for at least some members.
Mon, 29 Jul 2013
[/projects]
permanent link
No Let-over-Lambda in Python 2 :(
Standard idiom in LISP (or in this case, Scheme), Let over Lambda (also the title of an impressive book on LISP macros by Doug Hoyte):
(define (mkcounter) (let ((n 0)) (lambda () (begin (set! n (+ 1 n)) n))))
What does it do? It returns a function that returns 1, 2, 3, ... when called repeatedly. It's a way of keeping state in a world of functions. Don't confuse it with C's
static
Variables inside functions.mkcounter
constructs a new counter object for each invocation, sowould print(define c1 (mkcounter)) (define c2 (mkcounter)) (c1) (c1) (c1) (c2) (print (c1)) (print (c2))
4
2
.
An attempt to reconstruct this in Python 2.x:
def mkcounter(): n = 0 def _inner_(): n = n+1 return n return _inner_ c1=mkcounter() print c1()
fails with
UnboundLocalError: local variable 'n' referenced before assignment
, which is somewhat confusing, sincen
is visible in_inner_
if then = n+1
line is removed.
The impossibility of LoL in Python has been pointed out in PEP-3104 but was only fixed in Python 3. In Python 3 it's possible to reconstruct LoL by the dubiously namednonlocal
directive:def mkcounter(): n = 0 def _inner_(): nonlocal n n = n + 1 return n return _inner_ c1=mkcounter() print(c1())
Mon, 15 Jul 2013
[/projects]
permanent link
Jigsaw Puzzle Generator
The local Fablab has a laser cutter. What would be more natural than to use it to produce jigsaw puzzles?
The snag is: How get the patterns to saw as SVG graphics.
The Answer: create an archetypical interlocking border of a jigsaw puzzle piece as SVG path and randomly transform it for every connection in a n×m grid.
Implemented in Chicken Scheme.
Thu, 27 Jun 2013
[/projects]
permanent link
Endoscreen Cut&Paster
emacs
has the fabulous SLIME mode which turns emacs into a LISPmachine, with interactive inspection and whatnot. It talks over TCP to a LISP REPL wrapped inSWANK
, executing a huge palette of commands to debug and trace code, as well as the more-or-less trivial evaluation of code snippet fromemacs
buffers.As a very weak approximation in
vim
there's jpalardy's vim-slime which usesscreen
to paste stuff fromvim
into ascreen
window presumably running a REPL. The implementation is totallyvim
specific.If the action is just to paste stuff into another window using
screen
's own-X
option then it should be doable with a shellscript. So here areswan
andslim
.
swan
starts the Chicken Scheme REPL and injects the window's identifier into
screen
's environment.
slim
- pastes its
stdin
into the REPL window.Combined with good-old
vi
'smap
keybinding command this is just as powerful asvim-slime
but more flexible.My
.exrc
now contains the line:map C !%slim^Mwhich pastes text between matching parens into the REPL.
Update
slim
now usesscreen
's registers
so that the copy/paste register remains untouched.
Fri, 03 May 2013
[/projects]
permanent link
Remote Boot and Root for Plan9
Started to play with Plan9 again. First major experiment: Run a bare-metal cpu server without local disks. All configuration can be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem. The Plan9 server runs on an old 1U Pentium 4 server.
Results so far: PXE finds Plan9 loader, that again loads a
plan9.ini
by TFTP which specifies a kernel, which then mounts its rootfs from au9fs
on OpenBSD. Said rootfs containscpurc
which determines the server's behaviour.Details
dhcpd.conf
on DHCP/TFTP server:host cpu { hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.66.99; filename "9pxeload"; }Once the PXE Plan9 bootloader
9pxeload
is running it pulls the file/cfg/pxe/001122334455
from the DHCP/TFTP server. This file is used as theplan9.ini
.Example
plan9.ini
:bootfile=ether0!9pccpu bootargs=tcp!192.168.66.11!564 nobootprompt=tcp!192.168.66.11!564 fs=192.168.66.11 console=0 b19200 pn
9pxeload
will load9pccpu
from the TFTP server it found onether0
and supply that kernel with the infomation that its rootfs will be remotely supplied from192.168.66.11
. Console is on first serial interface with 19200bps and no parity.On
192.168.66.11
the following entry ininetd.conf
starts 9legacy's modifiedu9fs
process on demand:9fs stream tcp nowait root /mnt/9atom/unix/u9fs u9fs -a none /mnt/9atom(This implies that the service
9fs
is already defined as567
in/etc/services
.)
Theu9fs
exports The originalu9fs
found in /sys/src/cmd/unix/u9fs.c exported the whole fs of the server. This led to the custom ofchroot
ing the process, with all the pitfalls included. The 9legacy patch allows to export arbitrary subtrees. the filetree under/mnt/9atom
without authorization. This is excusable only in a private network and necessary only because my rootless cpu server does not know the password for the remote fs. A way around that would be to put the password into the kernel itself (which again is totally insecure in an open network where everybody can fake the MAC and pull the kernel...)The Plan9 server can now be controlled completely from the OpenBSD machine which is nice for testing configurations.
Thu, 11 Apr 2013
[/plan9]
permanent link
Programming Pearls: malloc
, the Zabbix way
The Zabbix sources define
zbx_malloc
ininclude/common.h: line 700
as:#define zbx_malloc(old, size) zbx_malloc2(__FILE__, __LINE__, old, size)
zbx_malloc2
is defined insrc/libs/zbxcommon/misc.c: line 255
as:void *zbx_malloc2(const char *filename, int line, void *old, size_t size) { int max_attempts; void *ptr = NULL; /* old pointer must be NULL */ if (NULL != old) { zabbix_log(LOG_LEVEL_CRIT, "[file:%s,line:%d] zbx_malloc: " "allocating already allocated memory. " "Please report this to Zabbix developers.", filename, line); /* exit if defined DEBUG, ignore otherwise */ zbx_dbg_assert(0); } for ( max_attempts = 10, size = MAX(size, 1); 0 < max_attempts && NULL == ptr; ptr = malloc(size), max_attempts-- ); if (NULL != ptr) return ptr; zabbix_log(LOG_LEVEL_CRIT, "[file:%s,line:%d] zbx_malloc: out of memory." "Requested " ZBX_FS_SIZE_T " bytes.", filename, line, (zbx_fs_size_t)size); exit(FAIL); }
So where're the pearls in this?
the
old
parameter is forced to beNULL
, so why pass it at all???noticed the
for
loop? It tries tomalloc
ten times before giving up. This seems to assume that some concurrently running part of zabbixfree
s memory, or that the system suddenly (while this loop is running, that is) assigns a higher memory bound for zabbix.noticed the MAX in the
for
loop? It tries to catch and disguise the error of requesting zero bytes by always returning at least one byte
Fri, 05 Apr 2013
[/osfail]
permanent link
Memoizing Functions in MatLab
Three less known features of MatLab allow for memoizing functions:Code:
- nested functions
- property lists on Variables
- function handles
Test with e.g.function mf = memoize(f) % Returns the memoized version of function f. % f must have exactly one numerical argument. % The memoized version cannot be called without an argument. % Memoizing functions of continous ranges % may not be as useful as imagined... h = []; % our pseudo hashtable by abuse of the property list. % MatLab creates this fresh for every call of memoize % and retains it for the lifetime of the memoized function function r = ff(x) % matlab allows only "MatLab words" as keys xstr= ['m', num2str(x)]; if isfield(h, xstr) r=h.(xstr); else h.(xstr) = f(x); r = h.(xstr); end end mf = @ff; end
Callfunction o = foo(x) pause on pause 5 o = x*x end
mfoo = memoize(@foo); foo(4) foo(4) mfoo(4) mfoo(4)
Mon, 11 Mar 2013
[/projects]
permanent link
The Garamond
Everybody has seen various travesties of Claude Garamond's typeface because it is one of the favourite fonts for books. Georg Duffner (with the help of many) has created an OpenType Font from an scan of a 1592 cut of Garamond's roman font. A notable difference to modern cuts is the height of the stems of lowercase letters. This seems to be a trend, even new typefaces like the original Times Roman look flattend in newer cuts.
Fri, 08 Feb 2013
[/typography]
permanent link
On ObjectOrientation
Recently I stumbled over Steve Yegge's essay “Execution in the Kingdom of Nouns ” which reflects on the linguistic styles of programming philosophies. Really something to think about. The points stated in the essay are quite observable in code that comes my way.
One nicely wrought wreath from the many flowers out of the Garden of Object Oriented Design Patterns is the following:
For the lack of a nail, throw new HorseshoeNailNotFoundException("no nails!"); For the lack of a horseshoe, EquestrianDoctor.getLocalInstance().getHorseDispatcher().shoot(); For the lack of a horse, RidersGuild.getRiderNotificationSubscriberList().getBroadcaster().run( new BroadcastMessage(StableFactory.getNullHorseInstance())); For the lack of a rider, MessageDeliverySubsystem.getLogger().logDeliveryFailure( MessageFactory.getAbstractMessageInstance( new MessageMedium(MessageType.VERBAL), new MessageTransport(MessageTransportType.MOUNTED_RIDER), new MessageSessionDestination(BattleManager.getRoutingInfo( BattleLocation.NEAREST))), MessageFailureReasonCode.UNKNOWN_RIDER_FAILURE); For the lack of a message, ((BattleNotificationSender) BattleResourceMediator.getMediatorInstance().getResource( BattleParticipant.PROXY_PARTICIPANT, BattleResource.BATTLE_NOTIFICATION_SENDER)).sendNotification( ((BattleNotificationBuilder) (BattleResourceMediator.getMediatorInstance().getResource( BattleOrganizer.getBattleParticipant(Battle.Participant.GOOD_GUYS), BattleResource.BATTLE_NOTIFICATION_BUILDER))).buildNotification( BattleOrganizer.getBattleState(BattleResult.BATTLE_LOST), BattleManager.getChainOfCommand().getCommandChainNotifier())); For the lack of a battle, try { synchronized(BattleInformationRouterLock.getLockInstance()) { BattleInformationRouterLock.getLockInstance().wait(); } } catch (InterruptedException ix) { if (BattleSessionManager.getBattleStatus( BattleResource.getLocalizedBattleResource(Locale.getDefault()), BattleContext.createContext( Kingdom.getMasterBattleCoordinatorInstance( new TweedleBeetlePuddlePaddleBattle()).populate( RegionManager.getArmpitProvince(Armpit.LEFTMOST)))) == BattleStatus.LOST) { if (LOGGER.isLoggable(Level.TOTALLY_SCREWED)) { LOGGER.logScrewage(BattleLogger.createBattleLogMessage( BattleStatusFormatter.format(BattleStatus.LOST_WAR, Locale.getDefault()))); } } } For the lack of a war, new ServiceExecutionJoinPoint( DistributedQueryAnalyzer.forwardQueryResult( NotificationSchemaManager.getAbstractSchemaMapper( new PublishSubscribeNotificationSchema()).getSchemaProxy(). executePublishSubscribeQueryPlan( NotificationSchema.ALERT, new NotificationSchemaPriority(SchemaPriority.MAX_PRIORITY), new PublisherMessage(MessageFactory.getAbstractMessage( MessageType.WRITTEN, new MessageTransport(MessageTransportType.WOUNDED_SURVIVOR), new MessageSessionDestination( DestinationManager.getNullDestinationForQueryPlan()))), DistributedWarMachine.getPartyRoleManager().getRegisteredParties( PartyRoleManager.PARTY_KING || PartyRoleManager.PARTY_GENERAL || PartyRoleManager.PARTY_AMBASSADOR)).getQueryResult(), PriorityMessageDispatcher.getPriorityDispatchInstance())). waitForService();
Thu, 24 May 2012
[/projects]
permanent link
Dissonance in b-Smooth
Inspired by Adi Shamir's TWINKLE optical device for finding smooth numbers, which works at GHz, I wrote an audio device for finding smooth numbers, which works at low kHz. In absence of a good, screeching acronym, I'd call it Dysphony in b-Smooth.
The idea is to convert the smaller prime factors of numbers into sound. The code does this by keeping
n
counters, each of which is increased modulo its individual prime. At the moment, these are the first 1000 primes. After every increment the counters that contain a zero are collected and a sine wave is constructed from the associated frequencies (index*(2000/n) + 40
Hz) at an amplitude proportional to the logarithm of the prime (so that the frequent divisors 2,3,5,etc have a low impact). Each sound lasts a small fraction of a second. If a loud noise is audible, it is the representation of a number with many different and/or larger prime factors.The scientific value of this is approaching zero from the left, but it was a nice exercise to have the computer produce sound after my last attempts in 1987 on an Atari ST.
Thu, 08 Mar 2012
[/projects]
permanent link
MySQL cannot erase data
For eight years it has been known (and
This is a veritable showstopper.Verified
) that MySQL does not release diskspace it has claimed in itsibdata
x files. The bug leads to full disks and database outages since the only way arround it is to shut down the DB, dump it (consuming even more space) scrubbing the disk and restoring from dump.
Fri, 13 Jan 2012
[/osfail]
permanent link
Impressive hack
In the good old days, when NTK was still around, I always envied the British for their absolutely superior hacker conferences.
To give an example, a talk by James Larsson on NotCon'04 explains how to measure time with a BBC Micro and a Marks&Spencer Prawn Sandwich. It's in the first ten minutes of this stream (local copy).
Thu, 12 Jan 2012
[/projects]
permanent link
OpenLDAP WTF
Since NIS has seen its hayday (in the early 90ies), we switched to the highly secure LDAP+Kerberos setup. OpenLDAP is touted as the allround “Solution” to all user account management, sorry, I meant to say account provisioning. After converting our NIS
passwd
file to thousands of LDIF files we imported them with the obvious three-linerfor i in *ldif; do \ ldapadd -v -W -D "cn=admin,dc=our,dc=domain" \ -c -H ldapi:/// -f $i done
After fiddling with half a dozen files in
/etc
, the client systems could look up user data on the LDAP server. Our test for that wasSo it seemed plausible to create a list of all users bygetent passwd aknownuser getent passwd anotherknownuser
and install that as a list of valid recipients of e-mails.getent passwd | awk -F: '{print $1}' > allourusers
This was a grave error, because one of the manymany default settings of OpenLDAP is to return only the first 500 answers to any request. So the list was short by a few hundred accounts.
Considering that LDAP has no concept of a cursor and one cannot ask for the next 500 entries, one can only ask
What the fsck were they thinking???
Mon, 28 Nov 2011
[/osfail]
permanent link
Transferring files over the net with OpenBSD's bsd.rd
OpenBSD's installation ramdisk does not contain useful tools to quickly transfer files from a remote machine. Specially the absence of
netcat
is painfully felt. The typical routine to transfer a set of files from Host A to the Host-to-be-installed B would normally beTo transfer whole partitions, it would beA% tar cf - dir1 dir2 | nc -l 1234 B% nc hostA 1234 | tar xpf -
A% dump -a0f - /dev/sd0a | nc -l 1234 B% newfs /dev/rsd0a && mount /dev/sd0a /mnt && \ nc hostA 1234 | (cd /mnt; restore -r -f -)
What is included in the ramdisk, is OpenBSD's FTP client,
ftp
, which implements a subset of HTTP. So the above procedure becomes:A% (echo -e "HTTP/1.1 200 OK\n"; sudo dump -0af - /dev/wd0g) | nc -l 1234 B% ftp -o /dev/stdout http://hostA:1234/ | restore -r -f -
(Of course one could also set up a whole ftp or http server and put the dumpfiles there, but oneliners are the essence of doability in *NIX)
Tue, 04 Oct 2011
[/projects]
permanent link
Deutsch für extrem weit Fortgetretene
- Bewurstlosigkeit :
- Like unconsciousness, but without the sausages.
Tue, 04 Oct 2011
[/unsorted]
permanent link
Newly discovered Nietzsche Aphorism
Was uns umbringt, macht uns vorübergehend steifer!
Mon, 19 Sep 2011
[/famous_nonquotes]
permanent link
PostScript Punchcards
punch.ps
reads a file fromstdin
and produces the IBM punchcards representing the lines (which should be shorter than 80 chars). Invoke withfor flip-book mode, orgs punch.ps < yourfile
for a stack of all the cards.gs -sDEVICE=pdfwrite -sOutputFile=cardstack punch.ps < yourfile
This program combines well with a computer-driven laser cutter...
Fri, 15 Apr 2011
[/projects]
permanent link
Including by explicitly excluding files in Bacula
Bacula's config file format allows the followingThe DirectoryFileSet { Name = Blah Exclude { Options { wilddir = /var/tmp* } } File = /var }
/var/tmp
from the Exclude section is included in the backup, because to exclude it, the proper config would beFileSet { Name = Blah Exclude { Options { wilddir = /var/tmp* } exclude = yes } File = /var }
Tue, 25 Jan 2011
[/osfail]
permanent link
Quine in dc
Perhaps the first quine to be written in dc.
To test run[91PlqP93P[dsqx]P10P]dsqxecho '[91PlqP93P[dsqx]P10P]dsqx' | dc
Update: This made it to Reddit. And it can be shortened to 17 characters...
Tue, 28 Dec 2010
[/projects]
permanent link
A .tgz
that bytes
The following creates a tar file that writes stuff (
/etc/yourpasswd
in this case) outside the directory where it is extracted:touch foo.c bar.c Makefile ln -s /etc info # tar can do symbolic links tar cf src.tar *.c Makefile info rm info mkdir info touch info/yourpasswd # where does this extract? tar rf src.tar info/yourpasswd # tar can extend archives gzip -9 src.tar
This of course only works when
tar zxf
is run asroot
, but that is not unheard of, right?
Mon, 06 Sep 2010
[/projects]
permanent link
non-PTRs in .arpa
Few people but nameserver admins know the
.arpa
toplevel domain. It has an hierarchical scheme with zones just as all other TLDs.It's main use is to reverse map addresses. For an IP address like
this is done by requesting the111.22.3.4
PTR
record for the hostname4.3.22.111.in-addr.arpa
The DNS server for
in-addr.arpa
delegates the request to the server responsible for111.in-addr.arpa
and so recursively until a server is found who is responsible for the whole network containing the address. The reply typically is a hostname.For IPv6 the domain is
ip6.arpa
and the encoding for e.g.is2001:780:3:170::2
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.1.0.3.0.0.0.0.8.7.0.1.0.0.2.ip6.arpa
But there is no technical barrier against requesting other record types from under the
.arpa
tree. The DNS servers happily returnA
,AAAA
,CNAME
,DNAME
or other records when asked nicely.And nothing prevents an DNS admin from placing non-PTR records in the
.arpa
subzone. And nothing prevents them from prefixing arbitrary strings in front of the IPv6 subnet. And of course those.arpa
names can be used just like hostnames...For example, a valid URL for this blog could be this or that or even thiß.
Perhaps URL-based filtering can be subverted this way.
Thu, 12 Aug 2010
[/projects]
permanent link
See Postfix run on ZFS
postfix compiles on OpenSolaris
postfix runs
postfix tries to accept email
postfix usesstatvfs
to enquire free space on/var/spool
/var/spool
is on ZFS with > 2TB free space
statvfs
dies (EOVERFLOW)
postfix dies
poor email
UPDATE: small patch fixes this, assuming that an FS with more than
ULONG_MAX/2
free blocks has — for all purposes of postfix — exactlyULONG_MAX/2
free blocks.
Fri, 06 Aug 2010
[/projects]
permanent link
OpenBSD on Loongson
Miod Vallat ported OpenBSD to the chinese MIPS64 remake Loongson 2F, so I wiped the bloated Linux installation from my Yeeloong.
On the Pros side, OpenBSD on Loongson works out of the install, with X11 and everything running.
On the Cons side, there seems to be a serious flaw in fundamental stuff that stops Python from building and introduces bugs inlibgmp
. And without Python no mercurial and therefore no happiness yet.
UPDATE: The python build issue is fixed in -current. Mercurial works on the yeeloong!
Sat, 27 Feb 2010
[/projects]
permanent link
Alan Kay on Creativity
From an interview with the ACM Queue:
All creativity is an extended form of a joke. Most creativity is a transition from one context into another where things are more surprising. There's an element of surprise, and especially in science, there is often laughter that goes along with the ”Aha“. Art also has this element. Our job is to remind us that there are more contexts than the one that we're in --- the one that we think is reality.
Thu, 11 Feb 2010
[/projects]
permanent link
Back to the √s
The Curta is a mechanical computing device, about 12.5 cm high, 8 cm in diameter, with 49 bits internal precision.
I'm totally in awe about the elegance of the design and the smooth handling. Trying to actually compute something, e.g. a square root, on this machine, immediately makes one aware of the roots (sic!) of numerical mathematics. There simply is no button marked √ on the Curta, and still people used this very machine to compute square roots (and logs, and trigonometric functions, ...). Until the 1980ies most scientists knew how to efficiently compute everything on such add/substract machines, and this knowledge is now buried without a tombstone.
Fri, 12 Jun 2009
[/projects]
permanent link
Drawterm port for OpenBSD
Russ Cox's drawterm is a terminal program to connect to a Plan9 CPU server from Unix.
This is a port for OpenBSD (i386, amd64, sgi and sparc64).Plan9 normally provides a graphical user interface instead of just a Command Line Interface on login, and so does
drawterm
. In Plan9 terms, it exports a part of the Unix box's drawing device, the keyboard and the mouse to the CPU server and the programs started there more or less directly draw on the window. No need for X-Forwardings and the like. In addition it exports the user's$home
directory to the CPU server as/mnt/term
, so that the usual routine ofbecomes:host1$ ssh host2 host2$ <do something> ... host2$ exit host1$ scp host2:~/some/where/file . host1$ scp ~/stuff.c host2:~/src/. host1$ ssh host2 host2$ <do stuff>
unix$ drawterm -a authsrv -c cpusrv ... <open shell windows, start editor, ...> plan9$ cp $home/some/where/file /mnt/term/. plan9$ cp /mnt/term/stuff.c $home/src/. plan9$ <do stuff>
Tue, 31 Mar 2009
[/projects]
permanent link
Red Tape Origami
Another case of sufficiently inappropriate technology being indistinguishable from magic:
RC4 in XSLT This turned out to be much harder than RC4 in a shell skript.
Findings
XSLT relates to general purpose programming as Cholera relates to dinner invitations.
Variables in XSLT aren't, and there's no imperative iterative statement, so state must be kept on stack and recursion is the only way of iteration. Combined with the fact that most XSLT compilers that we tried do not utilize tail recursion, this quickly leads to stack overflows even for small inputs.
Thanks to Meredith L. Patterson for cool tricks to save space on stacksTyping is non-existant, strings are cast to integers, whole XML subtrees to strings and so on.
The XPath query language can be used to select elements or subtrees of XML documents. Subtrees resulting from such selections can be assigned to variables and passed as such to functions (templates in XSLT-speak) but their elements cannot be accessed by XPath any more.
Although XSLT abhors brakets, ampersands and double quotes, it is possible to clobber together arbitrary strings. But it not possible to output them in HTML format contexts, so it is necessary to hark back to hacks including
iframes
withdata:
urlhrefs
.
Tue, 03 Mar 2009
[/projects]
permanent link
The YeeLoong Netbook
The ironically named Chinese company Lemote has produced Linux-based set-top boxes for some time. What makes these and subsequent Lemote boxes unique is that they run on MIPS64 CPUs.
Most commonly associated with MIPS are the legendary Silicon Graphics Workstations of the 90s. But since then, MIPS-based boards have been used in many consumer devices, e.g. most Linksys wireless routers, Cisco routers, Playstations,
The CPU in Lemote's newer products is basically a MIPS R4700, called Godson or Loongson-2E, with bigger cache and larger TLB.
What brought us to Lemote hardware was the announcement of a completely open-sourced netbook. From the boot monitor (a modified PMON) to the desktop, everything was supposed to be open and modifiable.
The process of ordering hardware from Lemote turned out to be surprisingly simple. After exchange of a few E-mails and an international money transfer, we got six laptops with 1Gb RAM, 160 Gb disks, American keyboards and an English Debian installation. Price after customs, including shipping, was about 320 Euros per machine.
Expect more about this hardware here soon.
Tue, 03 Feb 2009
[/lemote]
permanent link
Time based views (another 12 Liter challenge)
Jun Rekimoto's Time-Machine Computing is a neat idea for representing large (probably not huge) amounts of personal documents/images/other data in their chronological context.
It assumes that people have no problem remembering their actions if given hints to what other actions they performed around the same time.
So instead of organising saved/created files by a rigorous system of hierarchical sub-directories and names, one would use on the creation or modification times and the good old neural network.Rekimoto developed a Java-based desktop environment based on this idea.
A more practical approach IMHO would be to enhance one the many open source file managers by a slide bar that allows to scroll backwards in time through the directory. I.e. when activated, the position of the knob presents a point in the past, the leftmost position representing the creation of the oldest file in the displayed directories. At each position, the only files shown would be the ones created at or around the date represented by the position. All other files should be faded from view.Another way of implementing a time view would be to center on a selected, presumably well-remembered file and fade out all others, the shading depending on the chronological distance from the selected file. I.e. when you click on a file, you would clearly see the files that you created shorly before/after the selected one, with earlier/later one fading out progressively.
And again there's 24 bottles of beer waiting for the brave implementor …
Wed, 21 Jan 2009
[/projects]
permanent link
Naming again
Update of the naming-on-the-internet "bibliography": Fixed broken links, pulled local copies, added a few, removed a dead IEFT working group.
Fri, 05 Dec 2008
[/projects]
permanent link
The ubiquitous fs
in Plan9
The terms file server, file system and the abbreviationfs
appear a lot in Plan9 documentation. For example, there are the manpagesfs(3)
,fs(4)
,fs(8)
, andkfs(4)
.First
fs(4)
aka Ken's FS. This was a file server inside the kernel which required a specially built kernel and was used together with a dedicated CPU server and many terminals. It is not part of the kernel sources any more, but its manpage lives on. To add confusion, there is also a manpagefs(8)
for the console of Ken'sfs
.Then there is
kfs(4)
, a file system for terminals. It is implemented in user-space. No relation to Ken's FS besides the name. Strangely there seems to be no option to repair a brokenkfs
:If the file system is inconsistent, the user is asked for permission to ream (q.v.) the disk.
(reaming means deleting).
kfs
cannot be managed by a console like Ken'sfs
andfossil
, but by options to an executablekfscmd
. UPDATEkfscmd
has commands to repair a brokenkfs
.As another example for the non-injectivity of abbreviations, there's
fs(3)
which is not a file system at all, but a kind of soft-raid that allows concatenation, striping and (simple) mirroring of files, e.g. disks.On the fourth hand, there is
fossil
. This is the current default for CPU and File servers. It can be configured to move its blocks to an archival storage serverventi
. It is managed with its own consolefossilcons
which attaches itself not as/srv/fossilcons
but/srv/fscons
.
Wed, 09 Jul 2008
[/plan9]
permanent link
24 bottles of beer... UPDATE
I offer 12 Liters of top-quality Franconian beer (Leutenbacher Drummer-Bräu) for fixes of each of the following:Mail your patch and we'll organize the delivery.
- plan9ports: provide a libthread for OpenBSD-amd64.
- OpenBSD: vi: make 'vi -r' work after a power failure.
- OpenBSD: i386: make SMP work on IBM ThinkPad X60.
UPDATE works now as of 4.2-stable- OpenBSD: Software Suspend ala swsusp to get around all that silly ACPI stuff.
- OpenBSD: AMD64: Enable a MAXDSIZE of greater than 1 Gb.
UPDATE it's now 8 Gb in OpenBSD 4.4-beta- OpenBSD: VAX: ELF with dynamically loadable objects.
- OpenBSD: all: port Ai's setmacaddr patch to 3.6.
UPDATE The 12 l for this have been (successfully) claimed by Christian Kellermann with his patch to current.
UPDATE The OpenBSD team added the feature to the source (by a different patch, prs 2117 and 2118).- libGMP: Support AMD64 with true 64bit arithmetics.
- GnuPG: all hash implementations in
cipher/
have a function{md,md5,rmd160,sha1,sha256,sha512}_write
. The implementation is quite obfuscated with a totally unnecessary level of recursion with several terminating conditions. Replace these_write
functions by something more readable. UPDATE The terrible code is by Ulrich Drepper, not gnupg's author Werner Koch.- GnuPG: add functionality for signing arbitrary PKTs, thus allowing signatures on signatures.
- libnet: functions for construction of arbitrary chains of all possible IPv6 headers.
Thu, 03 Jul 2008
[/projects]
permanent link
PPPoE v6-only on OpenBSD
Just sent the first few thousand packets over an IPv6-only PPPoE uplink provided by rh-tec.
Config on OpenBSD withbge0
as the physical interface connected to the DSL modem:ifconfig pppoe0 pppoedev bge0 authproto pap peerproto pap \ authname 'thename' authkey 'secret' upAfter a few seconds,
pppoe0
receives a Router Advertisement and gets it's prefix. The rest is plain sailing (ssh -6
and so on).
Fri, 18 Jan 2008
[/v6]
permanent link
What is a random sequence?
In Cryptography papers there are lots of statements like
orAlice choses a random number k
Bob choses a random element of F_p
Can one recognize a number or a sequence of numbers as random?
Which of the following sequences is random:00000000000000000000000
01101010000010011110011
11011110011101011111011
Answer: all of them are equally likely outcomes of 23 coin-flips.
Sérgio B. Volchan tells the history of the concept of randomness in mathematics in an article for the American Mathematical Monthly.
It is quite fascinating IMHO how seemingly resonable definitions of randomness were put forward and shot down later to be replaced with the next definition. The most recent definitions preclude meaningful checks for randomness by examining finite parts of a sequence, so the conundrum remains: Is 7 a random number?
Tue, 15 Jan 2008
[/projects]
permanent link
That's how to write manuals
The Jupiter ACE was a home computer produced in the UK in the 80ies. It had a FORTH interpreter instead the usual BASIC of the C64, BBC micro, etc.
Their Manual explains the inner workings of the machine in an accessable way. Compare that to the thousands of VBA books that keep the reader totally in the dark what goes on behind the funny icons.
Tue, 15 Jan 2008
[/projects]
permanent link
Surprising results with IPv6
Spamfilters add complexity, which in turn makes v6 transition harder.
Setup:
Host A (running OpenBSD) has dual stack v4/v6 with routable v4 address
Host B (running Plan9) has dual stack v4/v6 with a subnet-local v4 address
Both machines have a routeable v6 address and run an MTA.
So I assumed that it should be possible to send mail from A to B. Turns out to be not that simple. The Plan9's MTA uses various heuristics to find out if incoming mail is spam (as do other MTAs). One of the checks is to connect to the MTA listed in the MX record for the sender's address' domain. Host A's MX record is v4-only, so B cannot connect to the MTA, so it rejects the mail. Not only the sender and the receiver have to be v6-enabled, but also the sender's MX (and probably the blacklist providers, etc).
Tue, 15 Jan 2008
[/projects]
permanent link
Plan9
Plan9 is an operating system by the authors of the original Unix, with integrated support for distributed applications.Plan9 has its own windowing system,
rio
, quite different from X11.It is possible to connect to Plan9 machines by drawterm from Unix machines running X11.
drawterm
starts the windowing system on the remote Plan9 and everything works as if sitting in front of it.While typing from one machine I remembered I had already solved a problem in a one-liner, but on a different drawterm which ran on a Unix box miles away.
cpu% echo $wsys /srv/rio.myname.1234 cpu% lc /srv/rio.* rio.myname.1234 rio.myname.5678So the other drawterm runs the
rio
mounted on/srv/rio.myname.5678
. To get at the scrollback of a window displayed on a screen on a totally different machine:cpu% mount /srv/rio.myname.5678 /n/wsys 1 cpu% cat /n/wsys/text [...lines of output...] [...including the one-liner...]
Wed, 27 Jun 2007
[/plan9]
permanent link
Pretty Slow Privacy
RSA + OAEP + RC4 = PSP
PGP on the cheap, implemented in a bunch of shell scripts.
All crypto indc(1)
, nice redirects in/from FIFOs. Download the files (.tar.gz) now! (Tested on OpenBSD, GNUsed
manpage:
“POSIX.2 BREs SHOULD be supported”
But they aren't)
UPDATE Pull the sources again, fixed some bugs. Thanks to Michael Gernoth.
Sun, 31 Dec 2006
[/projects]
permanent link
Poor Man's PGP Part 1: RC4 in a shell skript
With a shell account on an arbitrary POSIX semi-compliant system, one should have access to a Bourne-like Shell,
awk
,dc
,sed
and companions. Given a source of randomness this should be sufficient to code RSA + a symmetric cipher, kind of extremely poor man's PGP.I had some problems finding ways to output binary stuff from
ksh
.
UPDATE: New version seems to work with bash.Here is the first step towards it, RC4 in a shell skript. As expected, it's slow as mouldy molasses but it works and passes a test against OpenSSL's test vectors.
On Intel at 1.6 Ghz it encrypts/decrypts at 184 Bytes per second. One optimization could be to put the keystream generation entirely in a dc script, start that in a sub-process, and read single bytes from a fifo.
UPDATE: New version does this, 370 Bytes/sec now.
Sat, 14 Oct 2006
[/projects]
permanent link
Web of Trust Betweenness Centrality Stats UPDATE
New Betweenness Centrality Stats available. Lots of changes in the ranking. New shooting star is the CaCert pubkey.
Key creation time and sigs from forgotten keys influences the ranking
All norms on key graphs have to deal with time somehow. This is because keys are created over time, revoked, they expire, their passphrases are forgotten … Signatures expire, point to revoked keys … In the BC norm, this has a side-effect on newer keys: since newer keys will never get signatures from revoked or unused keys, they are at a serious disadvantage (sorry, weasel
:-)
). If there are n keys in the component, and only one has a link to/from an old key, then it's BC will increase by n-2 (because n-2 shortest paths lead through it to the forgotten key). At the moment I see no way of repairing this.Description of the technique is in another post.
This and previous results are at http://pestilenz.org/~bauerm/wotstats.html .
Tue, 31 Jan 2006
[/projects]
permanent link
Stress-testing mmap on OpenBSD
mmap(2)
maps a file to a range of memory and gives the calling process avoid*
to manipulate the contents of the file. If no file descriptor is given, it creates an “anonymous” memory range. In both cases, the memory range can be used for inter-process communication. As an additional feature, the caller can specify how child processes see the memory. IfMAP_INHERIT
is set, the children see the same as the parent. If additionally (or more precisely OR-ally)MAP_PRIVATE
is set, modifications (i.e. writes) by the parent are invisible to the children. IfMAP_SHARE
is set, the children see the bytes written by the parent. Theminherit(2)
syscall allows setting these bits for arbitrary pages.Now, what would be the most stressing situation for the kernel? Overlapping memory ranges with different copy/share policies for several generations of processes. This program does exactly that. It subdivides the same piece of memory recursively, and each child sets another inheritance policy on top of the set ones of the stack of parents.
Usage:
stress.mmap [-f file] [-m size] [-r level] [-n num]
-f <file> use <file> to mmap on -m <size> size of mmaped area in bytes -r <level> the number of recursions -n <num> number of byteblocks to touch in each incarnation
TODO: let each child
mmap
the same file to another location, with different policies…
Mon, 23 Jan 2006
[/projects]
permanent link
Xsandbox
It is hard to confine untrusted software to just the stuff it is supposed to do. Server processes can be run as unprivileged users, chrooted or jailed in their own namespaces. If the software has to display something on the user's X11 however, different measures have to be taken.
One approach is to run the program under surveillance of
systrace
. This is good, but the code must have access to the X server and could try to grab/inject XEvents.The following script (download) opens a nested X server (
Xnest
) and starts anxterm
on it, running as another user. Starting from there, the user at the display can start a window manager and the suspicious software itself.The programs inside the nested X cannot access the surrounding X display. With restrictive file permission on the regular user's homedir and standard precautions about the other user's account, this could protect against a few attacks.
#!/bin/sh # # xsandbox username # # Start a nested XServer on display :1 and # start processes in that Server as # another user. Aim is to avoid grabbing # of XEvents by untrusted programs which # can be restricted to the nested display # # Requires sudo function die { echo $1 exit 1 } user=$1 devrandom=/dev/arandom # Replace with your favourite PRNG if necessary if [ -z $user ]; then die "Please give a username" fi umask 0022 # Make two xauthority files, one for the user starting # the script, the other as $user who will run inside the # display. xauth_you=`mktemp "/tmp/xauth.you.XXX"` || die "could not mktemp" xauth_other=`sudo -u $user mktemp "/tmp/xauth.$user.XXX"` || \ die "could not mktemp as $user" x1=`dd if=$devrandom bs=32 count=1 2>/dev/null | sha1` x2=`dd if=$devrandom bs=32 count=1 2>/dev/null | sha1` cookie=`echo $x1$x2|cut -c-64` # Clean up when finished trap 'rm -f $xauth_you; sudo -u $user rm -f $xauth_other' EXIT INT # Create auth cookie for display :1.0 xauth -i -f $xauth_you add :1.0 . $cookie || \ die "could not create $xauth_you" # Transfer authority to $user xauth -i -f $xauth_you nextract - :1.0 | \ sudo -u $user xauth -f $xauth_other nmerge - || \ die "Could not transfer authorization to $user" # Start Xnest Xnest :1 -auth $xauth_you -sss 2>1 1> /dev/null & xnest_pid=$! # Start xterm as $user inside the Xnest sudo -u $user sh -lc "export XAUTHORITY=$xauth_other; \ /usr/X11R6/bin/xterm -display :1.0" # Kill the Xnest when finished kill $xnest_pid
Wed, 16 Nov 2005
[/projects]
permanent link
Unreliable Programming: a method for evading liability claims on software.
Members of the security and safety community often claim that software quality would improve if manufacturers would be held liable for damages caused by their products. The reasoning uses the negative incentive argument: “If we produce faulty software, we will lose money. Let's write correct software instead to increase shareholder value.”
Let's examine this claim more closely:
A user experienced damage from a malfunctioning program. How would she get compensation from the manufacturer? Surely not by simply calling and announcing that a crash caused X dollars of damage. Surely the vendor would claim that it was a user error …. So user and vendor will end up in court. The only proof of fault on the vendor side would be for the user to
recreate the state of her machine before the crash (how??)
reproduce the software error by taking actions explicitly mentioned in the software's documentation.
Now suppose that there was a magical wand for taking snapshots of computer states just before crashes. Or that the legal system would permit claims on grounds of only the second part of the proof. Then there would be a strong positive incentive to write software that fails unreproducibly: “If our software's errors cannot be demonstrated reliably in court, we will never lose money in product liability cases.”
This introduces an interesting new paradigm of programming. Methods of this school of programming could include:
- Do something random
If an exception is raised which is not caused by user input, look for a random function/method which can be called in the current context and call that.
- Procrastination
In multithreaded programs, if one thread runs into an error, simply put this thread to sleep and hope nobody notices it.
- Decoy
Produce fake virus scanner alerts, telling the user to e.g. reboot imediately, thereby erasing the traces of the error.
- Blame someone else
Inject errors in other running programs.
Example: A SEGFAULT handler looks for other programs from different vendors running on the same machine when the error occurs and forwards the signal to one of them. It then simply waits. The user might attribute the freezing of the program to the crash of the other.Of course, really unreliable code needs randomness to select the action to take. All modern operating systems now come with random number generators which could be used for that purpose.
In machines with hardwire unique ids (UIDs), e.g. from the TPM, there is the interesting (and rewarding) possibility to tie the random behaviour to the hardware. This would allow software vendors to sell horoscopes for computers!
MSHoroscope
Tuesday, Serial numbers 0x900… to 0xA00…:
- Bad day for text processing
Fri, 11 Nov 2005
[/projects]
permanent link
Web of Trust Betweenness Centrality Stats UPDATE
Redesigning some of the code
the code walked against the direction of the links, silly me
pgpring cannot be relied on when parsing the keyserver dumps, so we now pull the usernames from a keyserver, ugly
generate only the top1000 by default. Longer rankings are no problem, mail if you want them (or run the code yourself, changing the parameter of
top
to some higher value first).Description of the technique is in another post.
This and previous results are at http://pestilenz.org/~bauerm/wotstats.html .
Thu, 11 Aug 2005
[/projects]
permanent link
Look in the dusty corners!
A prediction (which you can help to make self-fulfilling): we will find security holes in implementations of protocol features which are
- hardly ever used
- not really understood
- underspecified
Possible targets:
Enough for now …
- HTML &
data:
URLsRFC 2397 defines a URL type which carries its own content. This could play havoc with HTML content filters, filtering proxies, and so-called "browser security settings". Simply base64 the exploit and put it in a
<a href="data:base64...">
. You can also put iframes indata:
URLs, which in turn …- ICMP
After a list of devious attacks on TCP (e.g. Stefan Savage's Congestion Control Attack, Timestamp problems and ICMP based attacks), it seems as if even the basic protocols are not really well understood (or implemented). What happens in each of the thousands of TCP/IP stack implementations if they receive
- ICMP Redirect (perhaps as part of a DDoS attack)?
ICMP EchoReq with a multicast source address (and they joined that< group)?
- IPv6 options
- I looked over the basic IPv6 RFCs ( 2460, 2461, 2462, 2463)
recently. Very impressive, they defined a lot of really incredible stuff. For example
the IPv6 Destination Options Header (RFC2460, Section 4.6) is an optional header that allows to pad datagrams with zeros. Glorio!
the IPv6 Routing Header (RFC2460, Section 4.6) defines up to 127 hops through which a datagram should travel. It specifies the hops by addresses, so that the header alone can be up to 16 * 127 + 4 = 2036 bytes long. The routing header may not be fragmented (RFC2460, Section 4.5), and the minimum MTU is 1280 (RFC2460, Section 5). It makes the mind boggle.
to compute the UDP body checksum, an IPv6 pseudo-header has to be constructed in memory. The UDP checksum ignores the headers between the address part and the UDP header, except when there's a routing header present, in which case it has to be parsed for the final hop, which will then be included in the pseudo-header. Simple, fast, efficient.
While there are some compliance testing efforts, there seem to be no checks about handling of non-compliant datagrams. What happens if a datagram carries two routing headers, three destination option headers, undefined NextHeader values, or a Jumbogram header indicating a payload of 4 Gigabyte on an ordinary ether interface?
- Internationalization
Diverse pranks with Unicode are making the round (e.g. shoestringfoundation's very own UTFbiffier), and the various hacks to get wide-char support in standard applications, and then there's Internationalized Domain Names (RFC 3490) and useful character encodings in X509 (for example Teletext and T61Sting which includes really suprising chars, see Peter Gutmann's highly readable X.509 style guide). All that calls for further interesting exploits on the user interface.
ANSI terminal viruses (ok, it's viri, but tell that to the walri)
We terribly ε¦ïʈè ɦaϲќҽrႽ tend to use command line interfaces on terminals, consoles, xterms or even screen. But there's been lots of interesting attacks involving magic escape sequences. A recent paper by H.D. Moore points out that this is a pending threat still.
- URG flags and pointers
The TCP urgent feature implements the strange ITU-y idea of sideband signaling. It basically tells the socket that there's much more interesting data somewhere later in the TCP stream. Practically no program uses this, but who knows what shenanigans might be caused by an URG pointer in a Jumboframe …
Thu, 09 Jun 2005
[/projects]
permanent link
Anti-social Tagging
The sharing and co-operative commenting of bookmark-like links is a very interesting idea. It takes the slashdot/scoop idea to the extreme because everybody can dump what they find interesting and sort other suggestions by keywords aka tags. Popular implementations such as del.icio.us or CiteULike are nice and well, but they are centralized, easy to flood and a bit too open for my taste. So I was happy to see that Ricardo Signes wrote Rubric, a free implementation of a del.icio.us work-alike, and Steve Mallet at de.lirio.us adapted the interface to make it look like del.icio.us.
I'm testing it right now and would like to run my own tagged bookmark store, integrate part of them with this blog and share the links with friends.
The Rubric code depends on loads of Perl modules and it takes some few minutes to configure it. Ricardo provides scripts to import existing link-lists quickly, without going through the web interface. The input format is a YAML dump of a reference to an array of hashes with certain keys. I wrote a little script to convert Lynx's bookmarks to that format.
Stay tuned …
Update: the script now works for "DOCTYPE NETSCAPE-Bookmark-file-1", i.e. Firefox, Mozillas as well.
Thu, 07 Apr 2005
[/projects]
permanent link
Co-links
There have been a lot of ideas about how to allow multi-writer web pages. The simplest implementation is the classic wiki (everybody can write everything), the most useless idea in this area is Annotea which requires modifications at the client (as proof of irrelevance, they implemented it for Amaya). There are many applications where the ability to add comments would be useful, and where the wiki concept allows too much mischief. A group of brazilians implemented what they call co-links. This trickery of php/sql/javascript allows readers to insert links in a text and add links to existing lists of links. They require no modifications at the browser and the new links are stored at the server (not always a pro, but a good start when compared to annotea, where all modifications are stored at the W3C), but not the content they point at. A nice application would be, e.g. a distributedly annotated edition of a literary text.
Mon, 21 Feb 2005
[/projects]
permanent link
Recursive RFCs
The specs for the highly esoteric Dynamic Delegation Discovery System (DDDS), RFCs 3401 to 3405 all contain the following curious phrase:
The entire series of documents is specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401) [1]. It is very important to note that it is impossible to read and understand a single document in that series without reading the related documents.
Since each document stating this is itself a part of the series, recursion kicks in and it becomes “impossible to read and understand” any of the RFCs.
This does not bode well for the rest of the standard.
Thu, 03 Feb 2005
[/projects]
permanent link
Computing Betweenness Centrality in the Web-of-Trust
The mean-minimum-distance of a key to all other keys in the web-of-trust gives some idea of the connectedness of the key. This is done in Drew Streib and Jason Harris' keyanalyze. But it does not express how the key contributes to the infrastructure of the web-of-trust. It would be nice to have measurement of, e.g., the number of otherwise disjoint communities which are connected only or mainly through a key.
A quantity that expresses something like this is the Betweenness Centrality. In a nutshell, it is the number of shortest paths which lead through a vertex in a graph. The paths are taken from every vertex, to every vertex. If there is more than one shortest path between two vertices, the centrality of the vertices on the paths is increased only by the fraction of paths which they are part of.
Formally, Betweenness Centrality of a vertex v is defined as the sum of [(number of shortest paths from s to t that go through v) divided by (number of shortest paths from s to t)], where s and t run over all pairwise different vertices ≠ v.
The code in
Cwot.tar.gz
computes the betweenness centrality of all keys of a graph. The graph must be presented in the preprocess.keys format as in keyanalyze.To compile the code, simply type '
make
'. If your system does not have/usr/include/sys/queue.h
or/usr/include/sys/tree.h
you have to un-comment one line in theMakefile
, see there.The algorithm used to compute the Betweenness Centrality was taken from a paper by Ulrik Brandes, “A Faster Algorithm for Betweenness Centrality” in “Journal of Mathematical Sociology”, 25(5):163-177, 2001. The time-complexity is O(nm), where n is the number of vertices (keys) and m the number of edges (signatures). The space-complexity is O(n + m), but my clumsy implementation might scale worse.
The code is available under the MIT license.
Thu, 09 Dec 2004
[/projects]
permanent link
PGP mail filtering/syncing
My PGP key resides on one single machine, which runs no services and is mostly offline. Mail is delivered to another well-connected box. The mailbox format is Maildir. To decrypt mails I need to transfer the stuff to the machine with the key.
My.procmailrc
on the connected box:
:0: * Content-Type: multipart/encrypted; pgp/ :0 B: * -----BEGIN PGP MESSAGE----- pgp/
To sync the files to the secure box, I use rsync. The problem is that my mail reader renames the files in the maildir to store flags like
read
,replied
, sorsync
pulls too many files. The following script helps:
tmpfile=`mktemp /tmp/mailsync.XXXXXXXX` || exit 1 for i in `find pgp -type f| sed -e 's/:[RSF,0-9]*$//'`; do echo -n "new/" >> $tmpfile basename $i >> $tmpfile done rsync -zvaubr --exclude-from=$tmpfile mailhost:~/Mail/pgp/ pgp/ rm $tmpfile
Wed, 08 Dec 2004
[/projects]
permanent link
Naming
Naming and name spaces are important in a lot of contexts:
- natural language (naming things, people, places, …)
- programming languages (think about scoping, encapsulation, C's
static
, inheritance, …)- networking (Addresses, DNS, IDs for various types of sessions like in TCP or RPC, …)
- crypto (Identifiers in certificates, fingerprints in PGP, …)
- law (Trademarks, libels, …)
Unfortunately, computer science is mostly ignoring the whole topic. In the hope to change this a little, I'm building a bibliography/link list on naming.
Additions, corrections and comments are welcome!
Mon, 06 Dec 2004
[/projects]
permanent link
Better keysigning automatisms
The common technique for signing large amounts of keys after a key-signing party is to, well, simply sign all keys and mail them to their owners. But this might not the best way. Because if you sign a key, you often sign many uids with different e-mail addresses. If any but one of these don't work you won't notice, because you signed all of them and mailed the result around. Thus your signature certifies that this key belongs to addresses it doesn't really belong to.
To avoid this, Peter Palfrader wrote caff. This Perl script converts keys with many uids to many keys with just one uid each, and signs these. It then encrypts each signed key with itself and sends it to the e-mail address in the uid. This helps to assure that you don't sign uids with e-mail addresses which aren't under the control of the signee. Caff removes other signatures from the keys as well, to make the mails smaller and easier to process.
The script needs the experimental gnupg-1.3.92 (check gnupg-1.3.92.tar.gz.sig) and the Perl module GnuPG::Interface.
Peter Palfrader is the author of caff, I merely added a few features to allow signing with multiple and older keys, and to have caff just save the mails in a folder instead of sending them off at once.
NEWS
Fixed an error in the handling of extensions (e.g.idea
).
Fri, 03 Dec 2004
[/projects]
permanent link
Orientation for Laptops
I carry around my old Vaio and connect it to different subnets. Typing the same commands (
ifconfig ....; route delete default; route add default ...; cp /etc/resolv.conf.place /etc/resolv.conf; ...
) every time I reconnected got boring, so the stuff went into scripts. I later heard of Felix von Leitner's divine. It sends out fake ARP requests to divine to which network the machine is connected, and takes configured actions depending on the results.It turns out that it's pretty easy to re-implement this with “standard&ddquo; utilities on OpenBSD. I use arping by Thomas Habets from the ports-tree and ifstated supplied in the OpenBSD source tree.
ifstated
is not installed in the standard build process, but a simple
cd /usr/src/usr.sbin/ifstated
make && make install
fixes that. The documentation for the config-fileifstated.conf
is non-existant, but an example is in/usr/src/etc/ifstated.conf
.You can take my minimal config for multiple networks and adapt it by substituting the name of your interface, the IP/MACs of the hosts in your networks. Works fine in my setup.
Thu, 18 Nov 2004
[/projects]
permanent link
drawing binary trees
While preparing a talk about extensions of Merkle's hash trees, I found that it's extremely complicated to draw nice binary trees with WYSIWG software.
So I wrote code to do it. It's in Perl and uses the GD module. GD's handling of colors is awkward, but the code does it's magic.
Thu, 11 Nov 2004
[/projects]
permanent link
Web of Trust Betweenness Centrality Stats online
Using the technique described in another post, I now compute the betweenness centrality of the strong connected component, using Jason Harris' pre-processed keys as starting point. Results are at http://pestilenz.org/~bauerm/wotstats.html .
Mon, 01 Nov 2004
[/projects]
permanent link
Self-Covering Steganography
One problem with steganography is that the embedding of hidden text in the covertext changes the statistical characteristics of the covertext. With large amounts of covertext, it becomes obvious. Niels Provos addressed this in Outguess by changing other bits in the covertext to minimize the impact of the embedding on the chi-square test. Would it be easier to embed undetectably if we can generate the covertext ourselves. Definitely! Mybal.pl does this. Supply it with an ASCII text and it computes the probabilities of characters following every sequence of characters in the text. Supply it with a key, a message to embed and a word, and it will generate a covertext starting with that word. The covertext has exactly the same probability distribution as the orginal text, but the message can be extracted from it, if the key is known. How does it work? Mybal takes the word to start with, interprets it as a sequence of chars and checks which chars would be next in the sequence, and how probable each of them are. It then throws a biased die (a PRNG seeded with the key) to decide which char is next. It appends that char and interprets the result as another sequence and so on. If the list of possible next characters contains two chars with the same probability and the keyed random number generator chooses one of them mybal looks for the next message bit to embed. If it's a zero, then the randomly chosen char is appended. If it's a one, the other equally likely char is appended. This guarantees that the probability distribution is always the same as in the orginal.
To extract the message, mybal starts with the first word and walks along the covertext, always checking the list of possible next chars. If the char in the covertext has the same probability as another char in the list, then a message bit could be embedded with that char. To check which bit it was, mybal uses the keyed PRNG to generate the text itself and thus sees which char it would have chosen on a one or zero bit.
Thu, 12 Aug 2004
[/projects]
permanent link
Transferable namespace projection in bind9
Assume that you have control over a zone somezone.net, i.e. you can add records in that zone. With this patch to bind-9.1.3 you can designate a new domain, even a TLD, e.g. .mytld. Every hostname h.mytld in that zone is CNAMEd to a hostname j in somezone.net, where j = SHA1(h . <secret>). <secret> is set in bind's config file. This allows you to assign arbitrary meaningful names in .mytld, like icannsucks.mytld. The DNS queries that leave the subnet with your modified bind refer to meaningless hostnames in somezone.net. If you want to share this local namespace with someone, you just have to send him/her the configfile entry that defines the TLD and the secret.
Thu, 01 Jul 2004
[/projects]
permanent link
Factoring silly keys from the keyservers
At the Privacy Enhancing Technologies Workshop in 2004, Ben Laurie and I did the following experiment: Take all RSA moduli from PGP keys presumably created with old versions of PGP and compute the pairwise gcds (Peter Palfrader supplied us with the keys). It turns out that two keys of about 18.000 have a common divisor in their moduli:pub 512R/A6A0B399 1994-08-22 uid Joe Schmuckleyandpub 1024R/575F0491 1995-04-25 uid Ptolemy\x94XIV
I attacked the second key with Paul Zimmermann's Elliptic Curve Factoring implementation.
The key's modulus is
1549562663450840692268622483721103711669388864897522390528764
829445645828909290189247132280621825493873705019175480670501
2516682556124827129012380911158436701354213114871849305291083
202711859451406305095386470946490932290315424308032810615741
2235640682459755462203449571275078025946614196463838287264848
217233
This is not the product of two primes. So far we found the following factors:The remainder is not prime but seems to contain no factors smaller than 150 bits.
- 3 (Yes, three!)
- 3 (Yes, it's not even squarefree)
- 42742556573248957
- 314267779982277702367112491702024117309
Thu, 01 Jul 2004
[/projects]
permanent link
Pingsweeps go BOING
Fascinated by the Auralizer, I started my own, simplified version, Netsound. The idea is to define sound events to be triggered by network events. In netsound, you can set
pcap(3)
filters together with bounds and the sound to play if the event occured that often. E.g.:filter: icmp and not src net 131.188 max: 10 soundfile: sounds/boing.au
You can define many of these events. Netsound uses
libesd
to play and mix the sounds.
Wed, 30 Jun 2004
[/projects]
permanent link
Blum-Blum-Shubb-Niggurath
The Blum-Blum-Shub Pseudo Random Number Generator works basically as follows:
- Setup
Generate two large primes such that they both equal 3 mod 4
Take the product N and forget the primes
Fetch an initial state x0 from a true RNG
- Operation per step
- compute next state: xi+1 = xi2 mod N
- output the least significant bit of xi+1
Blum, Blum and Shub show that predicting the next bit from the observed output is as hard as factoring N. In addition, after erasing the primes computing previous states from the current one is as hard as factorization.
A problem exists with the expected cycle length of the produced random bits. As Terry Ritter pointed out, maximum cycles (near the size of N) can be assured by choosing the primes as “double--Germain”, i.e. p = p'*2 + 1, p' = p''*2 + 1, with p, p', p'' all prime.
My implementation generates such primes. A possible application for BBS is generating strong randomness on embedded devices without physical sources of randomness. Upon initialization, a truely random seed could be stored on the device, which later is updated synchronously after each step of the algorithm.
Wed, 30 Jun 2004
[/projects]
permanent link
Unicode is the next 3|_33+ 5P34|<
Bored with being eleet on IRC? Why not take a look at the forthcoming 32-bit eleetness brought to you by Unicode(TM)(R)? At the Shoestring Foundation Labs, where we invented time machines long before H.G. Wells could think of one, we are in the process of converting boring old ASCII to totally eleet Unicode. See our example page!.
Mon, 28 Jun 2004
[/projects]
permanent link
Extended Euclidian Algorithm in dc(1)
If you think you're really bored than guess how bored I was when I wrote The Extended Euclidian Algorithm in a one-line shell script. Ok, it's a long line (160 chars in the dc part), but it runs on every POSIX compliant system and works on arbitrarily large numbers.
Mon, 28 Jun 2004
[/projects]
permanent link
Offline HashCash
In contexts like remailers it is impossible to have the originator of a message solve puzzles interactively. But with quasi-synchronous clocks (exact up to a few hours perhaps) and a small database, it is possible to implement offline Hashcash. Such a Hashcash Check looks like:
HashCheck Version: 0.1 To: provos@citi.umich.edu Bits: 12 Comment: test Date: 1015030975 Rand: 1530c9285266d00f260983b793861dfd Hash: 001110111111
It is bound to a recipient (provos@citi.umich.edu) and a date, so presenting the same check to other parties or to the same party after a certain period of validity will fail. For the period of validity the recipient has to store the Rand value and compare incoming Hashcash Checks against the list of received checks. If the Rand is on the list or the date outside the validity, the Hashcash is ignored. And it's all implemented in Perl. Adam Back has a similiar scheme with shorter messages intended to be embedded in headers of other protocols.
Mon, 28 Jun 2004
[/projects]
permanent link
HashCash
Also called Client Puzzles. HashCash is used to prove expenditure of computing power. This is interesting for flooding control, e.g.
SMTP Server:You want to send this email to 10.000 recipients? Well, pay 12 bits of HashCash for each one.
Spammer's MUA: Alright, forget about it.Adam Back proposed and implemented HashCash based on partial hash collisions. I wrote a perl module that implements charge, pay and check functions for Hashcash in interactive contexts.
Mon, 28 Jun 2004
[/projects]
permanent link