Centroid.EU Blog
(this blog is mostly encrypted - adults only)
|
Previous Page
November 8th, 2015
Since yesterday swshell.de is DNSSEC enabled. I finished the zone signing
utility for delphinusdnsd which is called dd-convert.rb. That utility leans
on BIND tools. One day perhaps I'll make my own. I have checked with the
DNSSEC debugger
and everything seems to be in the green, but I have to figure out what I did
first to do so and play a little with tools. Also delphinusdnsd would need
a good debugging now so that it gives quality answers.
0 comments
Donated to OpenBSDFoundation
November 4th, 2015
I have given the OpenBSD foundation 41.81 EUR which was in my paypal account.
I usually donate directly to deraadt but I wanted to rid the money I had in
my paypal account so it goes to the foundation this time.
0 comments
pledge(2) Don't do this!
October 31st, 2015
pledge(2) in OpenBSD is a whitelist of system calls that a programmer pledges
/ promises his program will conform to. If they lie the kernel will kill the
program. If you look at this from an attacker perspective you'll have to
restrict bytecode or whatever your edge is to the pledged spectrum of syscalls.
I'll give you another example. If you have an anti-virus mechanism that scans
emails or programs it may not need to talk Internet protocols and thus if
someone manages to buffer overflow the scan process and have it open a socket
back to the attacker aka a bindshell, pledge will stop the socket call before
the kernel opens it. It's ingenious and it gets better. As you know your
program you can pledge several times to restrict more and more of it over
the course of the program flow.
In private conversation I offered Theo de Raadt, the principal programmer around
pledge, an awk program that rudamentally scans C sources to determine a base
pledge in a program. What I got back was a response I didn't expect. So I'm
giving out a warning to people to NOT DO AS I had done. I still think I'm not
going to be the only one who writes such a program since my gift to deraadt
was not done publically.
You see in computer science you study the code, then you UNDERSTAND the code
and then you can add to it. What I did was pseudo-science, since I didn't
need to understand the code. Understanding is a big problem with code in
general as everyone has their own style within the allowed programming idioms
of C. Not understanding code means you can't contribute to it. I personally
did not understand BIND code so I decided to write my own nameserver, the
result was something I understood because I wrote it without wasting my time
going into libraries that criss-crossed all over the source tree. However
my code grew past 10,000 lines and it's easy to lose track of some areas.
My memory is not the best I think it's short span so I try to work with tools
that easen this. However let's get back to science. As shown by the
commits of top the programmers who pledged it not only screwed up once but
twice and failed to understand top. So now we're accusing each other of
pseudo-science and not understanding the code right. Let's put that away,
as it's counter-productive. However I'd like to warn people of suggesting to
OpenBSD what I had done. So know your code, apply pledge and stay safe.
For me pledge doesn't work as shm*(4) routines don't have a pledge keyword,
so I'll have to wait. Anyone else wanting to pledge a program linked against
db4 will have to do the same.
And lastly I'll say I was a bit hurt by deraadt's words, but I'm not gonna
repeat them in public. I'll still stay loyal to OpenBSD despite this.
0 comments
Outlook Delphinusdnsd 1.0.0 not before XMAS
October 27th, 2015
I'm getting stalled with development of delphinusdnsd and distracted. I should
have been coding on this yesterday to make use of my full vacation for this but
I decided to soak up lazyness instead. It's ok though, there is no way I can
do this in two weeks, if I do then there would be little testing if any.
0 comments
AVM FritzBox Router losing ARP packets
October 26th, 2015
After a 2 month long debug session with my gear I finally produced a workaround
with codeblue to _fix_ the situation.
The problem: between my routers gamma and uranus (both OpenBSD) arp
gets lost either on the FritzBox or a FritzRepeater from the same manufacturer
(AVM).
The solution check if a threshold of arp cache timeout has been reached
and populate the arpcache manually with an injected arp packet.
Here is the scripts I've written. On uranus:
#!/bin/sh
# this script checks if ARP was lost between gamma and uranus via AVM AP
# if so it will mail me and send a gratuitious arp to restore the arp cache
# on gamma it will do it twice to escape stupid filtering on AVM fritzbox.
sleep 10
CACHE=`ssh watcharp@192.168.179.1 /usr/sbin/arp -na |\
awk '/192.168.179.10/ { a = split($4, b, "m"); print b[1];}'`
if [ $CACHE -lt 15 ]; then
echo "cache is at $CACHE going to set arp manually" | \
mail -s "arp timeout" emailat@centroid.eu
/usr/local/bin/cb -a is-at -s192.168.179.10 -d192.168.179.1
sleep 20
/usr/local/bin/cb -a is-at -s192.168.179.10 -d192.168.179.1
fi
exit 0
And then on gamma:
#!/bin/sh
/usr/local/bin/cb -l re1 -a who-has -s00:0d:b9:XX:XX:XX,192.168.179.1 \
-dff:ff:ff:ff:ff:ff,192.168.179.10
With these scripts I am willing to bet my problems go away.
0 comments
Open Sourced CodeBlue version 1
October 24th, 2015
After 14 years of having this program (mostly) for myself, I think it's worth
it to Open Source it. Successes of Code Blue are
- proving a bug in someones program
- proving a bug in the OpenBSD kernel which caused a crash after a CBv1 typo
- proving that ARP packets get lost on AVM routers (recently)
There was many other cases that I used codeblue for good. It's not an evil
program. Sources are here
. Codeblue was based on gppf in idea but not in code.
0 comments
MPS open sourced
October 22th, 2015
Almost two years after I wrote this with help of Rienzilla I'm releasing it
to the public. The sources are found
here enjoy.
0 comments
Oct 21, 2015 Cars that fly?
October 20th, 2015
Tomorrow is back to the future day. On this day in part 2 of the trilogy
Marty McFly travels to Oct 21, 2015, in essence tomorrow. Cars that fly?
More like cars that lie, if you look at the VW emissions scandal. We did
not get the hologram projectors nor the hoverboards. But we had something
in common, cars still exist in 2015.
Thanks to Chris who gave me a ride in his deLorean one day when I was in grade
10 or 11. That really rocked! Did we timetravel?
0 comments
Luna-27
October 19th, 2015
I'm thrilled that Europe wants to put personell on the moon.
0 comments
Upgraded supercluster
October 17th, 2015
Along with every other host on my network I have upgraded supercluster.
If you see any breakage let me know. I'll fix it.
0 comments
Next Page
|
Search
RSS Feed
Click here for RSS
On this day in
Other links
Have feedback?
By clicking on the header of an article you will be
served a cookie. If you do not agree to this do not
click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries
March, 2023
February, 2023
January, 2023
December, 2022
November, 2022
October, 2022
September, 2022
August, 2022
July, 2022
June, 2022
May, 2022
April, 2022
March, 2022
February, 2022
January, 2022
December, 2021
November, 2021
October, 2021
September, 2021
March, 2021
February, 2021
January, 2021
December, 2020
November, 2020
October, 2020
September, 2020
August, 2020
July, 2020
June, 2020
May, 2020
April, 2020
March, 2020
February, 2020
January, 2020
December, 2019
November, 2019
October, 2019
September, 2019
August, 2019
July, 2019
June, 2019
May, 2019
April, 2019
March, 2019
February, 2019
January, 2019
December, 2018
November, 2018
October, 2018
September, 2018
August, 2018
July, 2018
June, 2018
May, 2018
April, 2018
March, 2018
February, 2018
January, 2018
December, 2017
November, 2017
October, 2017
September, 2017
August, 2017
July, 2017
June, 2017
May, 2017
April, 2017
March, 2017
February, 2017
January, 2017
December, 2016
November, 2016
October, 2016
September, 2016
August, 2016
July, 2016
June, 2016
May, 2016
April, 2016
March, 2016
February, 2016
January, 2016
December, 2015
November, 2015
October, 2015
September, 2015
August, 2015
July, 2015
June, 2015
May, 2015
April, 2015
March, 2015
February, 2015
January, 2015
December, 2014
November, 2014
October, 2014
September, 2014
August, 2014
July, 2014
June, 2014
May, 2014
April, 2014
March, 2014
February, 2014
January, 2014
December, 2013
November, 2013
October, 2013
September, 2013
August, 2013
July, 2013
June, 2013
May, 2013
April, 2013
March, 2013
February, 2013
January, 2013
December, 2012
November, 2012
October, 2012
September, 2012
August, 2012
July, 2012
June, 2012
May, 2012
April, 2012
March, 2012
February, 2012
January, 2012
December, 2011
November, 2011
October, 2011
September, 2011
August, 2011
July, 2011
June, 2011
May, 2011
April, 2011
March, 2011
February, 2011
January, 2011
December, 2010
November, 2010
October, 2010
September, 2010
August, 2010
July, 2010
June, 2010
May, 2010
April, 2010
March, 2010
February, 2010
January, 2010
December, 2009
November, 2009
October, 2009
September, 2009
August, 2009
July, 2009
June, 2009
May, 2009
Powered by BCHS
|