Nice work! Could you post more about the basic mechanics of the testing setup itself with AFL + zonefiles? I’ve been meaning to get into AFL but haven’t quite gotten to it on my list yet. I’d love to try similar stuff on gdnsd’s zonefile parser, and eventually even use AFL to fuzz query packet parsing as well.
Sure, gdnsd can easily be fuzzed without any modifications.
Build it with AFL:
Create some directories:
mkdir input output zones
Put a zone file in the ‘input’ directory, (I used a trimmed down version of all.rr.org, removing RR which gdnsd doesn’t support) and launch the fuzzer:
afl-fuzz -i input -o output -f zones/all.rr.org ./src/gdnsd -c . checkconf
While doing so, I found and reported two stack-based buffer overflow.
I love it. It’s like Terminus with significantly better curly braces.
Also, you have slashed zeroes, which is what all correct-thinking people prefer.
Also, you have slashed zeroes, which is what all correct-thinking people prefer.
I use a copy of Droid Sans Mono that I edited to have slashed-zeros. I love the font, but without slashed zeros (or even dot-zeros) it’s useless for coding.
Terminus doesn’t render properly on Windows, which is a shame, As Spleen is a bitmap font, I’m guessing I need .fon versions for Windows ?
For those that can’t (or don’t want to) edit fonts cosmix.org have a Droid Sans Mono with both dotted and slashed zero varieties.
Arch users can get it from the AUR
Powerline version too
Yes, I think .fon is the required format for bitmap fonts on Windows. I’ve generated some .fon files for all sizes here, but I don’t have access to any Windows machine, so I cannot test them. It would be nice if you could try and report results, thanks!
Ok I’ve had a go. They don’t render in Windows at all. :( Windows just shows ‘Courier New’ when I preview the files. Looking via HEX viewer, it seems that your .fon files are missing extra (repeated) meta-data that Windows seem to need. Thanks tho!
Does anyone know a BDF to PSF (for the Linux console) converter? Both names are so close to PDF it’s impossible to Google. If not, I’m probably about to write my own.
The font editor I use to create Spleen, gbdfed, has an option to export PSF files.
Because I’m dense… The layout displayed in gbdfed gets translated to my local codepage via psfu / the actual glyph names, right?
Also, in case people want to try with gbdfed themselves, you need to populate the first 32 codepoints or will get a weird error when trying to load the font and the screen will look bizarre. It seems to shift the codepoints down by 32 if you leave those blank…
Yeah I just tried exporting all the BDFs to PSF and none of them work properly. Either they error out setfont or they fill the screen with garbage.
archlinux has one in aur via the debian thingy usage should be a simple manpage away…
I’d like to see screen shots of the lower resolution variants.
As an aside, does anyone else find the font used for the article to be very hard to read? Can’t quite put my finger on it, but it seems to have too much horizontal spacing or something.
Yes, I think the horizontal spacing is a little too wide. It seems to be the default spacing for the font that’s being used. If you’re curious about how to change the way it looks, try opening the developer tools and putting this into the Console.
document.body.style.letterSpacing = "-.04em"
This adds the value you specify to the font default spacing - hence the negative value, to reduce the spacing.
That does improve things, thanks! Incidentally, the font turns out to be “Work Sans”: https://fontlibrary.org/en/font/work-sans
I will create a proper site for Spleen with screenshots in various sizes, but meanwhile, here is a screenshot of the 5x8 version.
Is the name a reference to Spleen et Idéal?
Pretty close, the poem used in one of the screenshots is “L’etranger” from “Le Spleen de Paris”. But yes, it’s indeed a reference to Baudelaire’s works.
Hi, I’m Frederic and I write mostly about UNIX and DNS related topics.
Overheard: “It looks like the logo of a convenience store in a regional airport.”
There is a French sporting goods retailer called Go Sport, and the new Go logo immediately made me think of their logo.
Does anyone know what Kore is? There’s no links in the post, and the closest I could find was https://github.com/kframework/kore but I’m not entirely sure it is
I think it’s more likely https://kore.io/
Indeed, that’s the correct link. Kore is an easy to use web platform for writing scalable web APIs in C.
I used to work for an information security company called KoreLogic; we referred to ourselves internally as “Kore”.
Whenever I talked to someone from outside the company it would go like this:
“I work for KoreLogic Security. Not CoreLogic with a ‘C’. Not Core Security. Not Kore IO. KoreLogic with a ‘K’, but not the KoreLogic with a ‘K’ in the United Kingdom.”
(And for future reference, you should absolutely talk to the KoreLogic people if you need information security consulting. I cannot say enough nice things about them.)
Also not OpenKore, a bot software for an MMO ;)
huh, until I read this comment I automatically assumed it was pronounced “ko-ray”
Decent article and, even if it is a little dated, the core message is still relevant.
Loved this quote, which oddly enough I’d never encountered in my 20+ years of using *BSD:
BSD is what you get when a bunch of Unix hackers sit down to try to port a Unix system to the PC. Linux is what you get when a bunch of PC hackers sit down and try to write a Unix system for the PC.
Particularly relevant in the era of systemd et al. Hmm, it’s just reminded me of reading Bill and Lynne Jolitz’s 386BSD articles in DDJ when I was a schoolkid and trying to make head or tail of them.
“BSD is for people who love Unix. Linux is for people who hate Microsoft.” is a relevant quote, supposedly attributed to Theo de Raadt, but I can’t seem to find any source.
A quick web search finds the quote as I remember it (“Linux is for people who hate Windows. BSD is for people who love Unix.”), unattributed.
The quote from deraadt@ is “Linux people do what they do because they hate Microsoft. We do what we do because we love Unix” from this article.
the core message is still relevant
Is it really? Gentoo Linux evolved in a better *BSD replacement under all aspects.
Gentoo is nice, I guess, but to me it doesn’t feel like BSD at all. As a user I see GNU utils, man pages lacking quality, no SIGINFO and not much coherence. As a sysadmin I see a Linux boot sequence, from bootloader to init scripts, and other management utils, such as partitioning tools. As a programmer I see glibc.
Look at Portage and not just at how “recipes” are no longer makefiles, but shell scripts. Look at all the extra functionality compared to *BSD ports: https://projects.gentoo.org/pms/6/pms.html
What extra functionality do you mean?
I used Gentoo for two years in 2014-2015 and liked it, and I may use it again soon. But it’s just not s BSD system, and BSD is not only (or even primarily) about ports.
Slides : http://www.openbsd.org/papers/dot2016.pdf
You asked about Noctua fans, they are definitely your best bet for ultra quiet/reliable fans. I’m not sure if they make them small enough for the laptop though.
And in colours other than brown ;)
But seriously, laptop fans are usually a bespoke thing tightly integrated with the custom heatsinks.
Thanks for your input both of you, I plan to open one of my Yeeloongs and evaluate the possibility. This will probably lead to another post with pictures of the internals ;)
For mature frameworks / libraries built with security in mind for doing Web applications in C, have a look at :
What is particularly “scalable” about Kore? I read through the documentation and it seems like a standard shared-nothing HTTP framework.
Is that the same Yeeloong model what Stallman used in the past?
(He uses an libreboot-ed Thinkpad X200 now)
Indeed, it’s the same model. I’m proud to be running OpenBSD on hardware which has been granted the Stallman seal of approval :-)
OpenBSD on hardware which has been granted the Stallman seal of approval
This feels ironic for some reason or another.
Isn’t it already built in into OS X though? Grep for Mouse Keys here: http://www.apple.com/accessibility/osx/
The feature has existed in X Window for at least thirty years. But I suppose everything old is new again?
I think the implementation you are referencing works more like a joystick (i.e. press/hold up and it will continually scroll up). This repo is like a trackpad where the travel corresponds to a swiping action with the finger.
Indeed, you are correct, it wasn’t entirely clear after reading the project description.
After reading your comment I watched the video and it looks great actually, I really like the idea! Now I kind of wish X had something similar ;)
Full paper is available here : http://www.openbsd.org/papers/asiabsdcon2016-xen-paper.pdf
That’s great news, I really hope RISC-V and lowRISC projects will be successful. I know this is premature, but taking the opportunity to ask when can we expect dev boards to reach general availability?
Thanks for the words of support. We intend to tape out a test chip next year, and we’d get ~100 dies through a multi-project wafer (possibly more if there’s spare space on the wafer and the fab is being nice to us, or if we pay for extra wafers). This would produce some dev boards for key contributors and project partners. Assuming a successful test chip, I’d expect general availability to follow in 2017.
Maybe its just because Im on my phone, but the page was light on details. Would be interesting for my little home tor/privoxy gateway. Anyone know if openbsd could be ported to it?
Their Kickstarter is now live, with more details : https://www.kickstarter.com/projects/pine64/pine-a64-first-15-64-bit-single-board-super-comput
Ha! I had no idea even that it was a kickstarter campaign until this morning. I was going to plop down $15. Another reason to stop reading the web on my phone, and just grab my laptop.
Logswan 1.00 (c) by Frederic Cambus 2015
Processing file : access.log
That’s not a very good bug report. Where’s the gdb backtrace?
Could you provide a backtrace? It’s hard to try to guess what’s wrong without any context.
I’ve had a bug report today, and it’s been found that such log lines crash the program (the cause is known and the issue will be fixed soon) :
188.8.131.52 - - [18/Nov/2013:19:54:25 +0100] “-” 400 0 “-” “-”
I thought the snippet in my comment had a little beauty of its own, therefore no backtrace.
#0 __strcmp_sse2_unaligned ()
#1 0x0000000000401f66 in main (argc=1, argv=0x7ffdb64c2c80)
I believe this is the same bug occurrence of the bug which has been reported and is now fixed.
Logswan 1.01 has been tagged. Could you test and report if it solves your issue? Thanks.
Wonder if Valgrind would’ve caught this? Also wondering how fast I could get an equivalent in Haskell to go. We have a HyperLogLog library that I’ve been waiting for an excuse to use outside of work.
There’s no way to tell if valgrind would have helped unless @allan provides a stack trace or example input that crashes logswan.
My best guess? Stuff like this would be more probably caught by afl fuzzing since I know fcambus uses logswan regularly on real life data. Though again, without the input log file or a stack trace there is no way to tell.
This week, I’m planning to continue working on Logswan, a web log analyzer project I started a few weeks ago. I plan to clean up the existing code base and continue researching memory-efficient ways of counting unique IP addresses, possibly sacrificing exact counts in favour of using HyperLogLog.