1. 27

    Sometimes I like to think that I know how computers work, and then I read something written by someone who actually does and I’m humbled most completely.

    1. 11

      A lot of this complexity seems down to the way Windows works, though. As a Linux user, the amount of somewhat confusing/crufty stuff going on in a typical Windows install boggles the mind; it’s almost as bad as Emacs.

      1. 11

        I guess to me it doesn’t feel like there’s much Windows specific complexity here, just a generally complex issue; a bug in v8’s sandboxed runtime and how it interacts with low-level OS-provided virtual memory protection and specific lock contention behavior, which only expressed itself by happenstance for the OP.

        Some of this stuff just feels like irreducible complexity, though my lack of familiarity with Windowsisms (function naming style, non-fair locks, etc.) probably doesn’t help there.

        1. 5

          How does CFG work with chrome on linux?

          1.  

            Do you mean CFI?

            CFG is MS’s Control Flow Guard, it’s a combination of compile-time instrumentation from MSVC and runtime integration with the OS. CFI on Linux (via clang/LLVM), in contrast, is entirely compile time AFAIK, with basically no runtime support.

            See:

            for more details on the differences.

            1.  

              Yes and no. :) The linux CFI implementation doesn’t include the jit protection feature in CFG that’s implicated in the bug, so I’m not sure it’s fair to characterize this as “cruft”.

              1.  

                The CFI implementation in llvm isn’t a “linux CFI implementation.” :)

                As OpenBSD moves towards llvm on all architectures, it can take advantage of CFI, just as HardenedBSD already does. :)

              2.  

                llvm’s implementation of CFI does have the beginnings of a runtime support library (libclang_rt.cfi). HardenedBSD is working on integrating Cross-DSO CFI from llvm, which is what uses the support library.

            2. 4

              Linux just hasit’s own weirdnesses in other places.

              That said, memory management seems to be a source of strange behaviour regardless of OS.

          1. 1

            Quote from Wikipedia:

            An enumeration is a complete, ordered listing of all the items in a collection.

            Could someone enlight me on this? What the Article describes doesn’t seem like “complete listing”.

            1. 3

              To enumerate can also mean “to build a list” which is closer to this usage, but I’d agree it was used imprecisely.

              I’d prefer calling this a username oracle attack!

              1. 3

                A couple decades late I think. Guess and check attacks have been called enumeration for quite a while.

                1. 2

                  it’s never too late to tilt at windmillsencourage precise speech!

                  Legitimately though - good to know this is common parlance in the security community.

                2. 2

                  Given enough time (possibly heat death of the universe scales) this method could create a full enumeration.

                3. 1

                  It could be seen as a complete listing, if the “collection of usernames” isn’t interpreted to be the collection of all usernames the server has, but rather all usernames the attacker cares about.

                1. 1

                  Wasn’t sure if this was really on-topic, mainly wanted to see what lobsters think about the idea of Google & Amazon voluntarily doing this, particularly given Google’s reported China search plans.

                  1. 4

                    I feel it’s inevitable that somebody breaks some service’s security using SNI/Host confusion. I’m not sure what the attack looks like, but I know it has to happen. :) Something like cache poisoning maybe. https://portswigger.net/blog/practical-web-cache-poisoning

                    1. 3

                      I run an SSL termination endpoint with multiple domains on it. I would not, in a terms of service sense, permit one of those domains to domain front by setting the SNI field to another domain I was incidentally also hosting. I do however have a domain that does nothing but handle SSL/TLS requests when there is no SNI field. It allows my endpoint to gracefully degrade in to an error message that can be delivered via https. Typically this would only happen with old and deprecated SSL software and connections, but I wouldn’t be bothered by a domain owner using this already dedicated domain in their SNI field if they wanted to.

                      I’m a long way from having the problems or concerns highlighted in this article, but you did ask what folk thought.

                      1. 2

                        Makes sense. Thanks :-)

                    1. 4

                      I’m gonna sit in the smug corner for people running AMD.

                      Otherwise, this is all kinds of “very very bad”. The kind of where in a cartoon you’d have sirens spin up to warn of incoming air raids.

                      1. 3

                        Because SEV has been that much better?

                        1. 2

                          The most secure system is the system no one uses :)

                      1. 36

                        I am a maths researcher at the university of Cologne and adressed this in a thesis I wrote in 2016. See chapter 3, especially the first part of section 3.1.

                        Dividing by zero is totally well defined for the projectively extended real numbers (only one unsigned infinity inf) but the argument for the usual extended real numbers (+-inf) not working is not based on field theory, but of infinitisemal nature, given you can approach a zero-division both from below and above and get either +inf or-inf equally likely.

                        Defining 1/0=0 not only breaks this infinitiseminal form, it‘s also radically counterintuïtive given how the values behave when you approach the division from small numbers, e.g. 1/10, 1/1, 1/0.1, 1/0.001…

                        lim x->0 1/x = 0 makes no sense and is wrong in terms of limits.

                        See the thesis where I proved a/0=inf to be well-defined for a!=0.

                        tl;dr: There‘s more to this than satisfying the field conditions. If you redefine division, this has consequences on higher levels, in this case most prominently in infinitisemal analysis.

                        1. 8

                          I used to be a maths researcher, and would just like to point out that some of the people who define division by zero to mean infinity do it because they’re more interested in the geometric properties of the spaces that functions are defined on than the functions themselves. This is the reason for the Riemann sphere in complex analysis, where geometers really like compact spaces more than noncompact ones, so they’re fine with throwing away the field property of the complex numbers. The moment any of them need to compute things, however, they pick local coordinates where division by zero doesn’t happen and use the normal tools of analysis.

                          1. 2

                            Thanks for laying this out and pointing out the issue with +/- Inf

                            Could you summarize here why +Inf is a good choice. As a practical man I approach this from the limit standpoint - usually when I end up with a situation like this it’s because the correct answer is +/- Inf and it depends on the context which one it should be. Here context means on which side of zero was my history of the denominator.

                            The issue is that the function 1/x has a discontinuity at 0. I was taught that this means 1/0 is “undefined”. IMO in code this means throw an exception.

                            In practical terms I end up adding a tiny number to the denominator (e.g. 1e-10) and continuing, but that implicitly means I’m biased to the positive side of line.

                            I think Pony’s approach is flat out wrong.

                            1. 6

                              It is not +inf, but inf. For the projectively extended real numbers, we only extend the set with one infinite element which has no sign. Take a look at page 18 of the thesis which includes an illustration of this. Rather than having a number line we have a number circle.

                              Dividing by zero, the direction we approach the denominator does not matter, even if we oscillate around zero, given it all ends up in one single point of infinity. We really don’t limit ourselves here with hat as we can express a limit to +inf or -inf in the traditional real number extension by the direction from which we approach inf in the projectively extended real numbers (see remark 3.5 on page 19).

                              1/x is discontinuous at 0, this is true, but we can always look at limits. :) I am also a practical man and hope this relatively formal way I used to describe it did not distract from the relatively simple idea behind this.

                              Pony’s approach is reasonable within field theory, but it’s not really useful when almost the entire analytical building on top of it collapses on your head. NaN was invented for a reason and given the IEEE floating-point numbers use the traditional +-inf extension, they should just return the indeterminate form on division by zero in Pony.

                              1. 6

                                NaN only exists for floating point, not integers. If you want to use NaN or something like it for integers, you will need to box all integer numbers and take a large performance hit.

                            2. 1

                              Just curious, but why isn’t 1/0=1? Would 1/0=Inf not require that infinity exists between 0 and 1?

                              1. 2

                                I’m not sure I understand your question. Does 1/2=x require x to be between 1 and 2?

                            1. 3

                              The problem turns out to be some obscure FUSE mounts that the author had lying around in a broken state, which subsequently broke the kernel namespace system. Meanwhile, I have been running systemd on every computer I’ve owned in many years and have never had a problem with it.

                              Does this not seem a bit melodramatic?

                              1. 9

                                From the twitter thread:

                                Systemd does not of course log any sort of failure message when it gives up on setting up the DynamicUser private namespace; it just goes ahead and silently runs the service in the regular filesystem, even though it knows that is guaranteed to fail.

                                It sounds like the system had an opportunity to point out an anomaly that would guide the operator in the right direction, but instead decided to power through anyways.

                                1. 8

                                  A lot like continuing to run in a degraded state is a plague that affects distributed systems. Everybody thinks it’s a good idea “some service is surely better than no service” until it happens to them.

                                  1. 3

                                    At $work we prefer degraded mode for critical systems. If they go down we make no money, while if they kind of sludge on we make less but still some money while we firefight whatever went wrong this time.

                                    1. 8

                                      My belief is that inevitably you could be making $100 per day, would notice if you made $0, but are instead making $10 and won’t notice this for six months. So be careful.

                                      1. 4

                                        We have monitoring and alerting around how much money is coming in, that we compare with historical data and predictions. It’s actually a very reliable canary for when things go wrong, and for when they are right again, on the scale of seconds to a few days. But you are right that things getting a little suckier slowly over a long time would only show up as real growth not being in line with predictions.

                                    2. 2

                                      I tend to agree that hard failures are nicer in general (especially to make sure things work), but I’ve also been in scenarios where buggy logging code has caused an entire service to go down, which… well that sucked.

                                      There is a justification for partial service functionality in some cases (especially when uptime is important), but like with many things I think that judgement calls in that are usually so wrong that I prefer hard failures in almost all cases.

                                      1. 1

                                        Running distributed software on snowflake servers is the plague to point out.

                                        1. 1

                                          Everybody thinks it’s a good idea “some service is surely better than no service” until it happens to them.

                                          So if the server is over capacity, kill it and don’t serve anyone?

                                          Router can’t open and forward a port, so cut all traffic?

                                          I guess that sounds a little too hyperbolic.

                                          But there’s a continuum there. At $work, I’ve got a project that tries to keep going even if something is wrong. Honest, I’m not sure I like how all the errors are handled. But then again, the software is supposed to operate rather autonomously after initial configuration. Remote configuration is a part of the service; if something breaks, it’d be really nice if the remote access and logs and all were still reachable. And you certainly don’t want to give up over a problem that may turn out to be temporary or something that could be routed around… reliability is paramount.

                                          1. 2

                                            And you certainly don’t want to give up over a problem that may turn out to be temporary

                                            I think that’s close to the core of the problem. Temporary problems recur, worsen, etc. I’m not saying it’s always wrong to retry, but I think one should have some idea of why the root problem will disappear before retrying. Computers are pretty deterministic. Transient errors indicate incomplete understanding. But people think a try-catch in a loop is “defensive”. :(

                                      2. 4

                                        So you never had legacy systems (or configurations) to support? I read Chris’ blog regularly, and he works at a university on a heterogeneous network (some Linux, some other Unix systems) that has been running Unix for a long time. I think he started working there before systemd was even created.

                                        1. 3

                                          Why do you say that the FUSE mounts were broken? As far as we can see they were just set up in a uncommon way https://twitter.com/thatcks/status/1027259924835954689

                                          1. 3

                                            It does look brittle that broken fuse mounts prevent the ntpd from running. IMO the most annoying part is the debugability of the issue.

                                            1. 2

                                              Yes, it seems melodramatic, even to my anti-systemd ears. It’s a documentation and error reporting problem, not a technical problem, IMO. Olivier Lacan gave a great talk last year about good errors and bad errors (https://olivierlacan.com/talks/human-errors/). I think it’s high time we start thinking about how to improve error reporting in software everywhere – and maybe one day human-centric error reporting will be as ubiquitous as unit testing is today.

                                              1. 2

                                                In my view (as the original post’s author) there are two problems in view. That systemd doesn’t report useful errors (or even notice errors) when it encounters internal failures is the lesser issue; the greater issue is that it’s guaranteed to fail to restart some services under certain circumstances due to internal implementation decisions. Fixing systemd to log good errors would not cause timesyncd to be restartable, which is the real goal. It would at least make the overall system more debuggable, though, especially if it provided enough detail.

                                                The optimistic take on ‘add a focus on error reporting’ is that considering how to report errors would also lead to a greater consideration of what errors can actually happen, how likely they are, and perhaps what can be done about them by the program itself. Thinking about errors makes you actively confront them, in much the same way that writing documentation about your program or system can confront you with its awkward bits and get you to do something about them.

                                            1. 65

                                              This blogpost is a good example of fragmented, hobbyist security maximalism (sprinkled with some personal grudges based on the tone).

                                              Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                              Talking about threat models, it’s important to start from them and that explains most of the misconceptions in the post.

                                              • Usable security for the most people possible. The vast majority people on the planet use iOS and Android phones, so while it is theoretically true that Google or Apple could be forced to subvert their OSs, it’s outside the threat model and something like that would be highly visible, a nuclear option so to speak.
                                              • Alternative distribution mechanisms are not used by 99%+ of the existing phone userbases, providing an APK is indeed correctly viewed as harm reduction.
                                              • Centralization is a feature. Moxie created a protocol and a service used by billions and millions of people respectively that provides real, measureable security for a lot of people. The fact is that doing all this in a decentralized way is something we don’t yet know how to do or doing invites tradeoffs that we shouldn’t make. Federation atm either leads to insecurity or leads to the ossification of the ecosystem, which in turn leads to a useless system for real users. We’ve had IRC from the 1990s, ever wonder why Slack ever became a thing? Ossification of a decentralized protocol. Ever wonder why openpgp isn’t more widespread? Noone cares about security in a system where usability is low and design is fragile. Ever tried to do key rotation in gpg? Even cryptographers gave up on that. Signal has that built into the protocol.

                                              Were tradeoffs made? Yes. Have they been carefully considered? Yes. Signal isn’t perfect, but it’s usable, high-level security for a lot of people. I don’t say I fully trust Signal, but I trust everything else less. Turns out things are complicated when it’s about real systems and not fantasy escapism and wishes.

                                              1. 34

                                                Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                                In this article, resistance to governments constantly comes up as a theme of his work. He also pushed for his tech to be used to help resist police states like with the Arab Spring example. Although he mainly increased the baseline, the tool has been pushed for resisting governments and articles like that could increase perception that it was secure against governments.

                                                This nation-state angle didn’t come out of thin air from paranoid, security people: it’s the kind of thing Moxie talks about. In one talk, he even started with a picture of two, activist friends jailed in Iran in part to show the evils that motivate him. Stuff like that only made the stuff Drew complains about on centralization, control, and dependence on cooperating with surveillance organization stand out even more due to the inconsistency. I’d have thought he’d make signed packages for things like F-Droid sooner if he’s so worried about that stuff.

                                                1. 4

                                                  A problem with the “nation-state” rhetoric that might be useful to dispel is the idea that it is somehow a God-tier where suddenly all other rules becomes defunct. The five-eyes are indeed “nation state” and has capabilities that are profound; like the DJB talk speculating about how many RSA-1024 keys that they’d likely be able to factor in a year given such and such developments and what you can do with that capability. That’s scary stuff. On the other hand, this is not the “nation state” that is Iceland or Syria. Just looking at the leaks from the “Hacking Team” thing, there are a lot of “nation states” forced to rely on some really low quality stuff.

                                                  I think Greg Conti in his “On Cyber” setup depicts it rather well (sorry, don’t have a copy of the section in question) and that a more reasonable threat model of capable actors you do need to care about is that of Organized Crime Syndicates - which seems more approachable. Nation State is something you are afraid of if you are political actor or in conflict with your government, where the “we can also waterboard you to compliance” factors into your threat model, Organized Crime hits much more broadly. That’s Ivan with his botnet from internet facing XBMC^H Kodi installations.

                                                  I’d say the “Hobbyist, Fragmented Maximalist” line is pretty spot on - with a dash of “Confused”. The ‘threats’ of Google Play Store (test it, write some malware and see how long it survives - they are doing things there …) - the odds of any other app store; Fdroid, the ones from Samsung, HTC, Sony et al. - being completely owned by much less capable actors is way, way higher. Signal (perhaps a Signal-To-Threat ratio?) perform an good enough job in making reasonable threat actors much less potent. Perhaps not worthy of “trust”, but worthy of day to day business.

                                                2. 18

                                                  Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                                  And yet, Signal is advertising with the face of Snowden and Laura Poitras, and quotes from them recommending it.

                                                  What kind of impression of the threat models involved do you think does this create?

                                                  1. 5

                                                    Who should be the faces recommending signal that people will recognize and listen to?

                                                    1. 7

                                                      Whichever ones are normally on the media for information security saying the least amount of bullshit. We can start with Schneier given he already does a lot of interviews and writes books laypeople buy.

                                                      1. 3

                                                        What does Schneier say about signal?

                                                        1. 10

                                                          He encourages use of stuff like that to increase baseline but not for stopping nation states. He adds also constantly blogged about the attacks and legal methods they used to bypass technical measures. So, his reporting was mostly accurate.

                                                          We counterpoint him here or there but his incentives and reo are tied to delivering accurate info. Moxie’s incentives would, if he’s selfish, lead to locked-in to questionable platforms.

                                                  2. 18

                                                    We’ve had IRC from the 1990s, ever wonder why Slack ever became a thing? Ossification of a decentralized protocol.

                                                    I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

                                                    If you actually look at the protocols? Slack is a clear case of Not Invented Here syndrome. Slack’s interface is not only slower, but does some downright crazy things (Such as transliterating a subset of emojis to plain-text – which results in batshit crazy edge-cases).

                                                    If you have a free month, try writing a slack client. Enlightenment will follow :P

                                                    1. 9

                                                      I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

                                                      Per IRCv3 people I’ve talked to, IRCv3 blew up massively on the runway, and will never take off due to infighting.

                                                      1. 12

                                                        And yet everyone is using Slack.

                                                        1. 14

                                                          There are swathes of people still using Windows XP.

                                                          The primary complaint of people who use Electron-based programs is that they take up half a gigabyte of RAM to idle, and yet they are in common usage.

                                                          The fact that people are using something tells you nothing about how Good that thing is.

                                                          At the end of the day, if you slap a pretty interface on something, of course it’s going to sell. Then you add in that sweet, sweet Enterprise Support, and the Hip and Cool factors of using Something New, and most people will be fooled into using it.

                                                          At the end of the day, Slack works just well enough Not To Suck, is Hip and Cool, and has persistent history (Something that the IRCv3 group are working on: https://ircv3.net/specs/extensions/batch/chathistory-3.3.html)

                                                          1. 9

                                                            At the end of the day, Slack works just well enough Not To Suck, is Hip and Cool, and has persistent history (Something that the IRCv3 group are working on […])

                                                            The time for the IRC group to be working on a solution to persistent history was a decade ago. It strikes me as willful ignorance to disregard the success of Slack et al over open alternatives as mere fashion in the face of many meaningful functionality differences. For business use-cases, Slack is a better product than IRC full-stop. That’s not to say it’s perfect or that I think it’s better than IRC on all axes.

                                                            To the extent that Slack did succeed because it was hip and cool, why is that a negative? Why can’t IRC be hip and cool? But imagine being a UX designer and wanting to help make some native open-source IRC client fun and easy to use for a novice. “Sisyphean” is the word that comes to mind.

                                                            If we want open solutions to succeed we have to start thinking of them as products for non-savvy end users and start being honest about the cases where closed products have superior usability.

                                                            1. 5

                                                              IRC isn’t hip and cool because people can’t make money off of it. Technologies don’t get investment because they are good, they get good because of investment. The reason that Slack is hip/cool and popular and not IRC is because the investment class decided that.

                                                              It also shows that our industry is just a pop culture and can give a shit about good tech .

                                                              1. 4

                                                                There were companies making money off chat and IRC. They just didn’t create something like Slack. We can’t just blame the investors when they were backing companies making chat solutions whose management stayed on what didn’t work in long-term or for huge audience.

                                                                1. 1

                                                                  IRC happened before the privatization of the internet. So the standard didn’t lend itself well for companies to make good money off of it. Things like slack are designed for investor optimization, vs things like IRC being designed for use and openness.

                                                                  1. 2

                                                                    My point was there were companies selling chat software, including IRC clients. None pulled off what Slack did. Even those doing IRC with money or making money off it didn’t accomplish what Slack did for some reason. It would help to understand why that happened. Then, the IRC-based alternative can try to address that from features to business model. I don’t see anything like that when most people that like FOSS talk Slack alternatives. Then, they’re not Slack alternatives if lacking what Slack customers demand.

                                                                    1. 1

                                                                      Thanks for clarifying. My point can be restated as… There is no business model for federated and decentralized software (until recently , see cryptocurrencies). Note most open and decentralized tech of the past was government funded and therefore didn’t face business pressures. This freed designets to optimise other concerns instead of business onrs like slack does.

                                                              2. 4

                                                                To the extent that Slack did succeed because it was hip and cool, why is that a negative? Why can’t IRC be hip and cool?

                                                                The argument being made is that the vast majority of Slack’s appeal is the “hip-and-cool” factor, not any meaningful additions to functionality.

                                                                1. 6

                                                                  Right, as I said I think it’s important for proponents of open tech to look at successful products like Slack and try to understand why they succeeded. If you really think there is no meaningful difference then I think you’re totally disconnected from the needs/context of the average organization or computer user.

                                                                  1. 3

                                                                    That’s all well and good, I just don’t see why we can’t build those systems on top of existing open protocols like IRC. I mean: of course I understand, it’s about the money. My opinion is that it doesn’t make much sense to insist that opaque, closed ecosystems are the way to go. We can have the “hip-and-cool” factor, and all the amenities provided by services like Slack, without abandoning the important precedent we’ve set for ourselves with protocols like IRC and XMPP. I’m just disappointed that everyone’s seeing this as an “either-or” situation.

                                                                    1. 2

                                                                      I definitely don’t see it as an either-or situation, I just think that the open source community typically has the wrong mindset for competing with closed products and that most projects are unapproachable by UX or design-minded people.

                                                              3. 3

                                                                Open, standard chat tech has had persistent history and much more for decades in the form of XMPP. Comparing to the older IRC on features isn’t really fair.

                                                                1. 2

                                                                  The fact that people are using something tells you nothing about how Good that thing is.

                                                                  I have to disagree here. It shows that it is good enough to solve a problem for them.

                                                                  1. 1

                                                                    I don’t see how Good and “good enough to solve a problem” are related here. The first is a metric of quality, the second is the literal bare minimum of that metric.

                                                            2. 1

                                                              Alternative distribution mechanisms are not used by 99%+ of the existing phone userbases, providing an APK is indeed correctly viewed as harm reduction.

                                                              I’d dispute that. People who become interested in Signal seem much more prone to be using F-Droid than, say, WhatsApp users. Signal tries to be an app accessible to the common person, but few people really use it or see the need… and often they are free software enthusiasts or people who are fed up with Google and surveillance.

                                                              1. 1

                                                                More likely sure, but that doesn’t mean that many of them reach the threshold of effort that they do.

                                                              2. 0

                                                                Ossification of a decentralized protocol.

                                                                IRC isn’t decentralised… it’s not even federated

                                                                1. 3

                                                                  Sure it is, it’s just that there are multiple federations.

                                                              1. 18

                                                                Didn’t systemd hard code 8.8.8.8 as well at some point?

                                                                It’s such a good thing that people are watching out for violations in free software.

                                                                1. 19

                                                                  They use it as the default for the fallback if no DNS is configured. https://github.com/systemd/systemd/blob/master/meson_options.txt#L200

                                                                  1. 2

                                                                    Which is quite reasonable.

                                                                    1. 9

                                                                      That depends on your individual situation. Some users might appreciate that the system ‘just works’ even if not configured properly. Other wouldn’t, for 2 reasons:

                                                                      1. Sending data a third party, especially one like google, without telling the user, is not ok in terms of privacy.
                                                                      2. If something is misconfigured but silently falls back to a default which appears to work (while actually behaving in a different manner to how the user intended), then it’s much more difficult for the user to know that it needs fixing, and often much more difficult for the user to fix.
                                                                  2. 7

                                                                    2 people marked this as incorrect but the source code proving it is linked right there!

                                                                    1. 5

                                                                      You cannot imagine how many people mark comments they do not like as incorrect without even checking the sources, commenting or noticing that they are opinions!

                                                                      You shouldn’t care much: other might learn something from your comment anyway. At least an incorrect downvote make you double check the sources!

                                                                      1. 3

                                                                        Is it hard coded or is it a fallback default?

                                                                    1. 1

                                                                      Premature optimization is the root of all evil

                                                                      • C.A.R. Hoare

                                                                      Wasn’t that Knuth?

                                                                      1. 2

                                                                        Knuth said he was quoting Hoare, although Hoare denied it?

                                                                      1. 2

                                                                        The punchline is that the AES key is just MD5(password || IV[:8]).

                                                                        Would somebody please tell me if password is the phrase that you enter at the Enter passphrase (empty for no passphrase): prompt during an invocation of ssh-keygen?

                                                                        Would somebody describe how the article should change to take into account empty passphrases?

                                                                        1. 3

                                                                          That is the pass phrase entered at the prompt. If it’s empty, the key is not encrypted.

                                                                        1. 12

                                                                          I’m not sure I like this article. It raises a good point (use -o) but it’s obviously being misread.

                                                                          1. 4

                                                                            I don’t like the way it was written. It makes 3 separate “decent” points, but completely buries the lead. Also their solution doesn’t solve the original problem of password reuse being why you shouldn’t encrypt your keys.

                                                                          1. 3

                                                                            This is why you Don’t Implement Your Own Crypto! Come on folks.

                                                                            1. 9

                                                                              Sooo, You know that this is OpenSSH right? I mean someone has to write the Crypto. OpenSSH developers are among those that you might want to trust to do it right. No one is perfect though.

                                                                              1. 6

                                                                                Actually, the code in question was written by Tatu, before openssh was forked.

                                                                                Well, depending on exactly what code you mean. The key encrypting code was technically in OpenSSL (or librsa) I think. The choice to use it was Tatu’s.

                                                                                1. 3

                                                                                  Pretty sure this comment was intended as a joke for this reason?

                                                                                  1. 2

                                                                                    Yeah it kind of was. I guess it was a little obscure though.

                                                                                2. 6

                                                                                  Well, hop in a time machine back to 1996 and pick something better off the shelf…

                                                                                  1. 1

                                                                                    I read the article, and the situation seems related to OpenSSL only. Joel Sing confirmed that commits https://github.com/libressl-portable/openbsd/commit/17b1f1ce28ae8bc5a873951ad6c8aa564b68c0ab and https://github.com/libressl-portable/openbsd/commit/952c1252f58f5f57227f5efaeec0169759c77d72 fixed the issues back in 2017 for LibreSSL. More details by Billy Brumley to the oss-security earlier this year: http://www.openwall.com/lists/oss-security/2018/04/16/3 .

                                                                                    In conclusion OpenBSD and Void Linux have this mitigated.

                                                                                    1. 4

                                                                                      Those commits have nothing to do with the issue in the article.

                                                                                  1. 1

                                                                                    There is no way in heck that linus will merge some DIY home rolled crypto code into the kernel

                                                                                    1. 11

                                                                                      It seems like you may not recognize the author. I would typically agree with you on first glance, but given who it is and what it is I wouldn’t be surprised if it got merged.

                                                                                      1. 8

                                                                                        That’s a good point but missing key detail. I’ll add author did WireGuard which has had good results in both formal verification and code review.

                                                                                      2. 7

                                                                                        Where else is kernel crypto code rolled?

                                                                                          1. 2

                                                                                            High praise from linus!

                                                                                          2. 2

                                                                                            Why not? How would Linus even know if some crypto code was DIY nonsense?

                                                                                            (The subtext of these commits from Jason is that the existing kernel crypto APIs are not particularly good, IMO.)

                                                                                          1. 5

                                                                                            Kinda surprised that reddit - a site which hosts rougher parts of the internet - has not had a Head of Security until 2.5 months ago?

                                                                                            1. 8

                                                                                              Their headcount has always been kinda small I think? You need to hit a certain size before carving out a specific position.

                                                                                              1. 7

                                                                                                “Kinda small” is ~250 people. They have data of 330 Million users.

                                                                                                I wouldn’t attach the headcount to the position directly, the question is how much a security need you have.

                                                                                                1. 2

                                                                                                  They seemed to have done pretty well for a long time without having one though.

                                                                                                  1. 1

                                                                                                    Did they? How do you know there weren’t previous leaks/breaches that simply went undetected?

                                                                                                    1. 2

                                                                                                      That’s probably not a good way to measure it, but maybe the number of posts like this? But that’s true.

                                                                                                      1. 3

                                                                                                        My point is, they could have been regularly infiltrated for years and they only noticed know thanks to new talent in house. There’s only so much a jack of all trades team can do while fire fighting all the needs.

                                                                                                        1. 1

                                                                                                          I’ll add to mulander’s hypothetical that this happened in all kinds of big companies with significant investments in security. They were breached for years without knowing they were compromised. They started calling them “APT’s” as a PR move to reduce humiliation. It was often vanilla attacks or combos of those with some methods to bypass monitoring that companies either didn’t have or really under-invested in. Reddit could be one if they had little invested in security or especially intrusion detection/response.

                                                                                                2. 3

                                                                                                  Because reddit is not hosting financial data or (for the most part) deeply personal data that is not already out in the open, I would assume that they are not that interesting a target for hackers looking for financial gain, but more interesting for people script kiddies who are looking to DOX or harass other users.

                                                                                                  1. 5

                                                                                                    Many subreddits host content and discussions that people don’t want to be attached to. The post even appreciates that and recommends deletion of those posts.

                                                                                                    I find it telling that you go out of your way pushing people interested in gaining personal data in the script kiddie corner. Yes, SMS based attacks are in the range of “a script kiddie could do that”, which makes it even worse.

                                                                                                    1. 2

                                                                                                      Criminals are using this type of information for targeted extortions and other activities. The general view that that this is mostly the realm of “script kiddies” detracts from the seriousness and provides good cover for their activities.

                                                                                                      1. 1

                                                                                                        I made an assumption, but reading your reply and that of @skade you are right that there are lots of uses for the data from a criminal perspective, especially for a site the size of reddit.

                                                                                                  1. 2

                                                                                                    This is really a non-issue as far as I’m concerned.

                                                                                                    Browsers (either standalone or with plugins) let users turn off images, turn off Javascript, override or ignore stylesheets, block web fonts, block video/flash, and block advertisements and tracking. Users can opt-out of almost any part of the web if it bothers them.

                                                                                                    On top of that, nobody’s twisting anybody’s arm to visit “heavy” sites like CNN. If CNN loads too much crap, visit a lighter site. They probably won’t be as biased as CNN, either.

                                                                                                    Nobody pays attention to these rants because at the end of the day they’re just some random people stating their arbitrary opinions. Rewind 10 or 15 or 20 years and Flash was killing the web, or Javascript, or CSS, or the img tag, or table based layouts, or whatever.

                                                                                                    1. 10

                                                                                                      Rewind 10 or 15 or 20 years and Flash was killing the web, or Javascript, or CSS, or the img tag, or table based layouts, or whatever

                                                                                                      Flash and table based layouts really were and, to the extent that you still see them, are either hostile or opaque to people who require something like a screen reader to use a website. Abuse of javascript or images excludes people with low end hardware. Sure you can disable these things but it’s all too common that there is no functional fallback (apparently I can’t even vote or reply here without javascript being on).

                                                                                                      Are these things “killing the web” in the sense that the web is going to stop existing as a result? Of course not, but the fact that they don’t render the web totally unusable is not a valid defense of abuses of these practices.

                                                                                                      1. 3

                                                                                                        I wouldn’t call any of those things “abuses”, though.

                                                                                                        Maybe it all boils down to where the line is drawn between supported hardware and hardware too old to use on the modern web, and everybody will have different opinions. Should I be able to still browser the web on my old 100 Mhz Petnium with 8 Mb of RAM? I could in 1996…

                                                                                                        1. 12

                                                                                                          Should I be able to still browser the web on my old 100 Mhz Petnium with 8 Mb of RAM?

                                                                                                          To view similar information? Absolutely. If what I learn after viewing a web page hasn’t changed, then neither should the requirements to view it. If a 3D visualization helps me learn fluid dynamics, ok, bring it on, but if it’s page of Cicero quotes, let’s stick with the text, shall we?

                                                                                                          1. 5

                                                                                                            I wouldn’t call any of those things “abuses”, though.

                                                                                                            I think table based layouts are really pretty uncontroversially an abuse. The spec explicitly forbids it.

                                                                                                            The rest are tradeoffs, they’re not wrong 100% of the time. If you wanted to make youtube in 2005 presumably you had to use flash and people didn’t criticize that, it was the corporate website that required flash for no apparent reason that drew fire. The question that needs to be asked is if the cost is worth the benefit. The reason people like to call out news sites is they haven’t really seen meaningfully new features in two decades (they’re still primarily textual content, presented with pretty similar style, maybe with images and hyperlinks. All things that 90s hardware could handle just fine) but somehow the basic experience requires 10? 20? 100 times the resources? What did we buy with all that bandwidth and CPU time? Nothing except user-hostile advertising as far as I can tell.

                                                                                                            1. 2

                                                                                                              If you wanted to make youtube in 2005 presumably you had to use flash and people didn’t criticize that

                                                                                                              At the time (ok, 2007, same era) I had a browser extension that let people view YouTube without flash by swapping the flash embed for a direct video embed. Was faster and cleaner than the flash-based UI.

                                                                                                              1. 1
                                                                                                              2. 2

                                                                                                                I’d say text-as-images and text-as-Flash from the pre-webfont era are abuses too.

                                                                                                          2. 7

                                                                                                            On top of that, nobody’s twisting anybody’s arm to visit “heavy” sites like CNN. If CNN loads too much crap, visit a lighter site.

                                                                                                            Or just use http://lite.cnn.io

                                                                                                            1. 2

                                                                                                              nobody’s twisting anybody’s arm to visit “heavy” sites like CNN

                                                                                                              Exactly. It’s not a “web developers are making the web bloated” problem, it’s a “news organizations are desperate to make money and are convinced that personalized advertising and tons of statistics (Big Data!!) will help them” problem.

                                                                                                              Lobsters is light, HN, MetaFilter, Reddit, GitHub, GitLab, personal sites/blogs, various wikis, forums, issue trackers, control panels… Most of the stuff I use is really not bloated.

                                                                                                              If you’re reading general world news all day… stop :)

                                                                                                            1. 22

                                                                                                              After writing Go for 5 years, I’d recommend Rust for C developers. It’s more complicated than Go for sure, but also has more to offer. The lack of garbage collection and support of generics are definitely a plus compared to Go.

                                                                                                              Go is a better language for junior devs, but I wouldn’t call C programmers junior. They should be able to digest Rust’s complexity.

                                                                                                              1. 9

                                                                                                                They should be able to digest Rust’s complexity.

                                                                                                                Non trivial amount of C programmers are still doing C to avoid additional complexity. Not everyone wants a kitchen & sink programming language.

                                                                                                                1. 6

                                                                                                                  Rust can definitely get overly complex if the developers show no constraint (i.e. type golf), but the control afforded by manual memory management makes up for it, IMHO. Unless it’s a one-run project, performance will eventually matter, and fixing bad allocation practices after the fact is a lot harder than doing it right from the beginning.

                                                                                                                  1. 1

                                                                                                                    Couldn’t they just start with a C-like subset of Rust adding from there to their arsenal what extra features they like? It’s what I was going to recommend to those trying it for safety-critical use since they likely know C.

                                                                                                                    1. 9

                                                                                                                      I think it’s rather difficult to write rust in a C like manner. This contrasts with go, where you can basically write C code and move the type declarations around and end up with somewhat unidiomatic but working go.

                                                                                                                      1. 3

                                                                                                                        I think C++ as a better C works because you still have libc besides the STL, etc. The Rust standard library uses generics, traits, etc. quite heavily and type parameters and lifetime parameters tend to percolate to downstream users.

                                                                                                                        Though I think a lot of value in Rust is in concepts that may initially add some complexity, such the borrow checker rules.

                                                                                                                        1. 3

                                                                                                                          The problem with C++ is its complexity at the language level. I have little hope of teams of people porting various tools for static analysis, verification, and refactoring to it that C and Java already have. Certifying compilers either. C itself is a rough language but smaller. The massive bandwagon behind it caused lots of tooling to be built, esp FOSS. So, I now push for low-level stuff either safer C or something that ties into C’s ecosystem.

                                                                                                                        2. 4

                                                                                                                          You could argue the same for C++ (start with C and add extra features). Complexity comes with the whole ecosystem from platform support (OS, arch), compiler complexity (and hence subtle difference in feature implementations) to the language itself (C++ templates, rust macros). It’s challenging to limit oneself to a very specific subset on a single person project, it’s exponentially harder for larger teams to agree on a subset and adhere to it. I guess I just want a safer C not a new C++ replacement which seems to be the target for newer languages (like D & Rust).

                                                                                                                          1. 4

                                                                                                                            It’s challenging to limit oneself to a very specific subset on a single person project, it’s exponentially harder for larger teams to agree on a subset and adhere to it.

                                                                                                                            I see your overall point. It could be tricky. It would probably stay niche. I will note that, in the C and Java worlds, there’s tools that check source code for compliance with coding standards. That could work for a Rust subset as well.

                                                                                                                            “I guess I just want a safer C not a new C++ replacement which seems to be the target for newer languages (like D & Rust).”

                                                                                                                            I can’t remember if I asked you what you thought about Cyclone. So, I’m curious about that plus what you or other C programmers would change about such a proposal.

                                                                                                                            I was thinking something like it with Rust’s affine types and/or reference counting when borrow-checking sucks too much with performance acceptable. Also, unsafe stuff if necessary with the module prefixed with that like Wirth would do. Some kind of module system or linking types to avoid linker errors, too. Seemless use of existing C libraries. Then, an interpreter or REPL for the productivity boost. Extracts to C to use its optimizing and certifying compilers. I’m unsure of what I’d default with on error handling and concurrency. First round at error handling might be error codes since I saw a design for statically checking their correct usage.

                                                                                                                            1. 3

                                                                                                                              I can’t remember if I asked you what you thought about Cyclone. So, I’m curious about that plus what you or other C programmers would change about such a proposal.

                                                                                                                              I looked at it in the past and it felt like a language built on top of C similar to what a checker tool with annotations would do. It felt geared too much towards research versus use and the site itself states:

                                                                                                                              Cyclone is no longer supported; the core research project has finished and the developers have moved on to other things. (Several of Cyclone’s ideas have made their way into Rust.) Cyclone’s code can be made to work with some effort, but it will not build out of the box on modern (64 bit) platforms).

                                                                                                                              However if I had to change Cyclone I would at least drop exceptions from it.

                                                                                                                              I am keeping an eye on zig and that’s closest to how I imagine a potentially successful C replacement - assuming it takes up enough community drive and gets some people developing interesting software with it.

                                                                                                                              That’s something Go had nailed down really well. The whole standard library (especially their crypto and http libs) being implemented from scratch in Go instead of being bindings were a strong value signal.

                                                                                                                              1. 2

                                                                                                                                re dropping exceptions. Dropping exceptions makes sense. Is there another way of error handling that’s safer or better than C’s that you think might be adoptable in a new, C-like language?

                                                                                                                                re Zig. It’s an interesting language. I’m watching it at a distance for ideas.

                                                                                                                                re standard library of X in X. Yeah, I agree. I’ve been noticing that pattern with Myrddin, too. They’ve been doing a lot within the language despite how new it is.

                                                                                                                                1. 4

                                                                                                                                  Dropping exceptions makes sense. Is there another way of error handling that’s safer or better than C’s that you think might be adoptable in a new, C-like language?

                                                                                                                                  Yes, I think Zig actually does that pretty well: https://andrewkelley.me/post/intro-to-zig.html#error-type

                                                                                                                                  edit: snippet from the zig homepage:

                                                                                                                                  A fresh take on error handling that resembles what well-written C error handling looks like, minus the boilerplate and verbosity.

                                                                                                                                  1. 2

                                                                                                                                    Thanks for the link and tips!

                                                                                                                      2. 7

                                                                                                                        Short build/edit/run cycles are appreciated by junior and senior developers alike. Go currently has superior compilation times.

                                                                                                                        1. 10

                                                                                                                          Junior and senior developers also enjoy language features such as map, reduce, filter, and generics. Not to mention deterministic memory allocation, soft realtime, forced error checking, zero-cost abstractions, and (of course) memory safety.

                                                                                                                          1. 3

                                                                                                                            Junior and senior developers also enjoy language features such as map, reduce, filter, and generics.

                                                                                                                            Those are great!

                                                                                                                            deterministic memory allocation, soft realtime, forced error checking, zero-cost abstractions, and (of course) memory safety.

                                                                                                                            Where are you finding juniors who care about this stuff? (no, really - I would like to know what kind of education got them there).

                                                                                                                            1. 8

                                                                                                                              I cared about those things, as a junior. I am not sure why juniors wouldn’t care, although I suppose it depends on what kind of software they’re interested in writing. It’s hard to get away with not caring, for a lot of things. Regarding education, I am self-taught, FWIW.

                                                                                                                            2. 1

                                                                                                                              Map, reduce and filter are easily implemented in Go. Managing memory manually, while keeping the GC running, is fully possible. Turning off the GC is also possible. Soft realtime is achievable, depending on your definition of soft realtime.

                                                                                                                              1. 1

                                                                                                                                Map, reduce and filter are easily implemented in Go

                                                                                                                                How? Type safe versions of these, that is, without interface{} and hacky codegen solutions?

                                                                                                                                1. 1

                                                                                                                                  Here are typesafe examples for Map, Filter etc: https://gobyexample.com/collection-functions

                                                                                                                                  Implementing one Map function per type is often good enough. There is some duplication of code, but the required functionality is present. There are many theoretical needs that don’t always show up in practice.

                                                                                                                                  Also, using go generate (which comes with the compiler), generic versions are achievable too. For example like this: https://github.com/kulshekhar/fungen

                                                                                                                                  1. 9

                                                                                                                                    When people say “type safe map/filter/reduce/fold” or “map, reduce, filter, and generics” they are generally referring to the ability to define those functions in a way that is polymorphic, type safe, transparently handled by the compiler and doesn’t sacrifice runtime overhead compared to their monomorphic analogs.

                                                                                                                                    Whether you believe such facilities are useful or not is a completely different and orthogonal question. But no, they are certainly not achievable in Go and this is not a controversial claim. It is by design.

                                                                                                                                    1. 1

                                                                                                                                      Yes, I agree, Go does not have the combination of type safety and generics, unless you consider code generation.

                                                                                                                                      The implementation of generics in C++ also works by generating the code per required type.

                                                                                                                                      1. 5

                                                                                                                                        The implementation of generics in C++ also works by generating the code per required type.

                                                                                                                                        But they are not really comparable. In C++, when a library defines a generic type or function, it will work with any conforming data type. Since the Go compiler does not know about generics, with go generate one can only generate ‘monomorphized’ types for a set of predefined data types that are defined an upstream package. If you want different monomorphized types, you have to import the generic definitions and run go generate for your specific types.

                                                                                                                                        unless you consider code generation

                                                                                                                                        By that definition, any language is a generic language, there’s always Bourne shell/make/sed for code generation ;).

                                                                                                                                        1. 1

                                                                                                                                          That is true, and I agree that go does not have support for proper generics and that this can be a problem when creating libraries.

                                                                                                                                        2. 3

                                                                                                                                          That’s why I said “transparently handled by the compiler.” ;-)

                                                                                                                                          1. 0

                                                                                                                                            I see your point, but “go generate” is provided by the go compiler, by default. I guess it doesn’t qualify as transparent since you have to type “go generate” or place that command in a build file of some sort?

                                                                                                                                            1. 1

                                                                                                                                              Yes. And for the reasons mentioned by @iswrong.

                                                                                                                                              My larger point here really isn’t a technicality. My point is that communication is hard and not everyone spells out every point is precise detail, but it’s usually possible to infer the meaning based on context.

                                                                                                                                              1. -1

                                                                                                                                                I think the even larger point is that for a wide range of applications, “proper” and “transparent” generics might not even be needed in the first place. It would help, yes, but the Go community currently thrives without it, with no lack of results to show for.

                                                                                                                                                1. 1

                                                                                                                                                  I mean, I’ve written Go code nearly daily since before it was 1.0. I don’t need to argue with you about whether generics are “needed,” which is a pretty slimy way to phrase this.

                                                                                                                                                  Seems to me like you’re trying to pick a fight. I already said upthread that the description of generics is different from the desire for them.

                                                                                                                                                  1. -2

                                                                                                                                                    You were the first to change the subject to you and me instead of sticking to the topic at hand. Downvoting as troll.

                                                                                                                              2. 1

                                                                                                                                By superior, I guess you meant shorter?

                                                                                                                                1. 2

                                                                                                                                  Compiling a very large go project with a cold cache might take a minute (sub-second once the cache is warm).

                                                                                                                                  Compiling a fairly small rust app with a warm cache has taken me over a minute (I think it’s a little better than that now).

                                                                                                                                  1. 1

                                                                                                                                    Yes, and superior to Rust in that regard. Also the strict requirement to not have unused dependencies contributes to counteract dependency rot, for larger projects.

                                                                                                                              1. 3

                                                                                                                                I think this also works: Pick longitude (0, pi). pick another angle (0, 2pi) for latitude and scale by sqrt(u) to avoid bunching at the poles. Pick radius (0,1) and scale by cube(u).

                                                                                                                                1. 2

                                                                                                                                  What does the symbol u represent? And why doesn’t longitude run from 0 to 2π and latitude from 0 to π, instead of the other way around (as you have it)? The span of longitude should be bigger because it goes all the way around the sphere, while latitude just goes 1/2 of the way (from top to bottom).

                                                                                                                                  1. 2

                                                                                                                                    u is a randomly generated variable between zero and one. I think tedu mixed up longitude and latitude (he wouldn’t be the first one).

                                                                                                                                  2. 1

                                                                                                                                    Is this different from picking a random point in the spherical coordinate box and converting it to Cartesian ones?

                                                                                                                                    1. 3

                                                                                                                                      You can’t naively pick random spherical coordinators because they will clump together near the origin and around the poles.

                                                                                                                                  1. 8

                                                                                                                                    Is it possible there’s no information to recover? Like if I tried hard enough, I think I could rip a waffle, but I’m not sure the result would be sensible.

                                                                                                                                    1. 15

                                                                                                                                      I’m going to go ahead and postulate that if you tried to rip a waffle three hundred times, at some point during that process the bit stream would start to diverge wildly as mould grows on it, pieces get flung away by rotation and eventually it rots.

                                                                                                                                      1. 8

                                                                                                                                        The fact that he was able to get 13 copies (even out of 300) that have the same CRC suggests that there’s something real there. That wouldn’t happen by chance.

                                                                                                                                        1. 1

                                                                                                                                          And thinking about it no, you couldn’t rip a waffle. For a CD drive to read anything at all it has to see pit/land transitions every 3 spaces (at least) at something approximating the correct rate. A random physical object would just have no signal at all and you’d know there was no signal, like trying to receive digital radio when there’s no carrier wave.

                                                                                                                                        1. 1

                                                                                                                                          From 2001 or so?