2011-05-25 21:02:52 by jdixon
Today I was installing RHEL 6.0 on a remote Xen domU using virt-install with VNC. None of the Mac VNC clients I tried was able to render anything remotely usable. I tried various encoding schemes and color resolutions, to no avail. And where Chicken of the VNC rendered a screen seemingly inspired by LSD trips, RealVNC simply shit its pants and crashed.
So I downloaded an OpenBSD 4.9 iso and installed it in VMware Fusion. Installed tightvnc-viewer from packages. And in less than 10 minutes, I had a working X11-over-SSH tunnel to the remote Xen VNC console. From my Mac desktop. Through an OpenBSD VM. Across the fucking internet.
Welcome to the future. Sorta.
- Comments (1)
2010-12-15 15:22:57 by jdixon
As expected, news of a possible ten-year-old collusion to introduce backdoors in the OpenBSD IPsec stack have spread like wildfire. ArsTechnica, The Register, CNET, Forbes are among a long list of mainstream news outlets to chime in on these allegations.
Dag-Erling Smørgrav adds one point to my original commentary; that is, the action of introducing backdoor code into OpenBSD by the FBI would not fall under a "recently expired NDA", as Greg Perry claims. I think Dag is probably correct here. Even if Greg's claims are eventually proven true, something like this would more likely fall under a TOP SECRET (or even as high as TS/SCI) classification, which is typically declassified after a 25-year period. Releasing this information prematurely would land Greg in a steaming lake of hot water.
At least two of the named parties have already stepped forward to refute Greg's story. Scott Lowe posted to the openbsd-tech mailing list, stating that he does not, nor has he ever, had any affiliation or employment with the FBI or the OpenBSD project. Jason Wright followed up a short while later, demanding an apology from Greg Perry and detailing which parts of the code base he worked on during the affected period.
" I will point out that Greg did not even work at NETSEC while the OCF development was going on. Before January of 2000 Greg had left NETSEC. The timeline for my involvement with IPSec can be clearly demonstrated by looking at the revision history of:src/sys/dev/pci/hifn7751.c (Dec 15, 1999) src/sys/crypto/cryptosoft.c (March 2000)The real work on OCF did not begin in earnest until February 2000."
I'm personally relieved to see the accused parties step up and assert their innocence. Unfortunately, the story won't end here. The mere possibility of impropriety by these developers or the FBI means the OpenBSD project will have to work long and hard to regain its tarnished reputation. A thorough code audit is the only sure-fire way (and even then, is not guaranteed) to clear these charges.
- Comments (1)
2010-12-14 21:58:01 by jdixon
Theo de Raadt posted an email to the openbsd-tech mailing list Tuesday evening which contained details of alleged backdoors added to the OpenBSD IPsec code by government contractors some ten years ago. Subsequent posts from Bob Beck and Damien Miller add further commentary, but neither confirm nor deny the allegations. Damien goes so far as to propose a number of possible avenues as the most likely places to begin a new audit.
One of the purported conspirators is Jason Wright, a cryptology expert at the Idaho National Laboratory, who committed a significant amount of crypto and sparc64 code to the OpenBSD project. Although I haven't seen Jason in years, I consider "Wookie" a good friend and hope these accusations are false. If Damien's hypothesis is correct, it seems highly unlikely that Jason (or any US developers) introduced backdoors directly into the crypto code. A more likely scenario would be the malicious reuse of mbufs in the network stack.
As Brian T. Merritt suggests, it seems even more likely that Linux would be similarly "exploited". Lest we forget that while these claims against OpenBSD revolve around FBI involvement, Linux has had significant portions of its security code infiltrated by the NSA. Between these two code bases you're talking about an enormous portion of the networking infrastructure that powers the Internet.
As a former OpenBSD committer, this saddens me. Not just because of the possibility that this might be true, but that regardless of whether or not this could be true, it means that developer and community resources will be swallowed into the rumor vacuum for untold weeks and possibly months. This results in less innovation, fewer bugfixes, and worst of all, a growing distrust among everyone involved.
This story has all the characteristics of being newsworthy for a long while. It has already made major headlines across Twitter, Slashdot, Reddit and OSNews. Most articles and tweets imply that the claims are fact, without any investigation of the source claim or the actual code in question. I hope that all parties involved are cleared of any wrongdoing. Either way, the cat is out of the proverbial bag. These claims will undermine a significant portion of goodwill and trust among all Free Software / Open Source projects. In the end, nobody wins.
- Comments (3)
2010-11-14 13:33:04 by jdixon
I was invited to give another talk at this year's NYCBSDCon. Motivated by Adam Jacob's Choose Your Own Adventure presentation at Velocity, I tried to include together a series of smaller talks into one session. Unfortunately, I funny thing happened on the way to the forum. A week before the event, I fat-fingered some commands on my laptop and blew away the slides. The recreated version was quite a bit different than originally advertised, but I think it went pretty well. Comments went from "your best talk ever" to "good, but the pacing on BSD is Dying was better".
Worried that the main presentation would be too short, I threw in a bonus CYOA-style web story. This went over better than expected, so I've put it online if you want to see it for yourself.
Will Backman (of BSDTalk fame) was kind enough to provide me with the audio from my talk already. I'm going to start syncing it up with the slides this week and then perhaps later on with the video taken by Patrick (awesome A/V guy at the event).
My initial impressions from the event:
- Nice building, so-so location. Cooper Union is hard to find at first (Google Maps has no idea) but it's an attractive facility. Complicating matters is that it isn't near a subway station, so I had to take a taxi from Penn Station. And apparently the stations that are close were closed due to construction.
- Good social. They had a room reserved at the B Bar, which seems to be a hopping place. It got pretty loud inside once the native crowds rolled in, so quite a few of us rolled outside and had a very interesting discussion on the future of BSD innovation. My only complant would be the lack of quality beer offerings. The choice of craft beers in your typical Maryland/DC establishment blows away what I saw in a couple places in New York.
- Great turnout. I think George mentioned that they broke 200 registrations this year. That's a big jump up from the 130-or-so from 2008. Glad to see the conference growing, especially with the bi-annual scheduling.
- Good talks, nothing mind-blowing. One of the themes I'd really like to hear more about is where BSD might be going with regards to virtualization and scalability. It's nice to hear about finished or ongoing development efforts, but I'd also like to hear what sort of roadmap the BSDs are working on (if it exists at all). Many BSD developers readily dismiss The Cloud as marketing buzz-speak, but the fact is that virtualization, scalability challenges and resource oversubscription are here to stay. I'm very happy to see FreeBSD adopt DTrace and ZFS from OpenSolaris (which start to get us there), but there's so much more to do.
As mentioned in my presentation, I fully expect this year's talk will be my last. Consider it the last chapter of my "BSD trilogy", as it were. I'm glad that so many people came out to hear me talk and seemed to enjoy themselves. I look forward to being just another attendee next year, waiting to see where the BSD movement takes us.
- Comments (0)
2010-03-31 08:24:35 by jdixon
News broke recently that Oracle would begin enforcing old-school licensing policies on Solaris. The future of OpenSolaris has been in question for some time now. The writing is on the wall, in this geek's opinion. Oracle is a revenue-generating monster with blinders towards open source. The product manager in me appreciates the directness of it. The hacker in me despises them for raping Sun Microsystems and pulling the rug out under from the rest of us.
This will almost certainly renew interest in BSD distributions. Sure, Linux will get plenty of (re-)adopters migrating off Solaris. But keep in mind that many Solaris users left Linux for greener (read: more stable) pastures. They've tasted the delicacies of ZFS, Dtrace, project Crossbow and zones. Linux is a big bitter pill to swallow after you've tried those.
Fortunately, users have a choice. Although I'm not a big user of FreeBSD myself, I appreciate the work they've put into porting ZFS and Dtrace. They have OpenBSD's PF packet filter and experimental support for Valgrind. There are plenty of reasons to love FreeBSD right now. Suffice it to say that I'll be testing my alternatives and looking for an exit strategy from Oracle.
- Comments (0)
2010-01-01 22:28:02 by jdixon
I'm not sure how effective it is to post these here, but I'm hopeful that having them in cyberspace will help keep me motivated. I'm hereafter calling these goals rather than resolutions The latter, to me, implies something that you begin immediately. This cold-turkey approach virtually guarantees failure. The moment you trip up, the subconscious immediately considers them a lost cause and reverts to the old behavior. As goals, I think it sets a more optimistic tone and allows me to gradually adapt the preferred conduct.
Without further ado, my personal list of goals for this year (in no particular order)...
- Comments (1)
2009-11-14 12:56:56 by jdixon
I'm happy to announce the release of Blogsum-1.0. This release includes a number of bugfixes and a couple enhancements over 0.9:
- Fixed preview mode
Preview content is now encoded so markup will always get recreated properly in your browser.
- Tag Cloud
Thanks to Jim Razmus who submitted this new feature. Make sure you add the new $max_tags_in_cloud setting to your local Blogsum.pm.
- Update date when (re-)publishing
The published timestamp updates when you publish or republish an article.
- Fix timezones in db
Fixed a bug where article or comment timestamps were always set to GMT instead of localtime.
- Fix pagination
Removed pagination view from all non-default views. That is to say, we shouldn't paginate when viewing by year/month or tag filters.
- Minor aesthetic improvements
Lots of whitespace fixes, a redesigned footer and the addition of a meta generator tag for Blogsum.
- Example httpd.conf for Apache-2.x
Thanks to Dan Colish for testing Blogsum with Apache-2.x and submitting his configuration example. This has been added to the examples directory as httpd2-blogsum.conf.
I'd like to also thank Johan Huldtgren for submitting Blogsum to the FreeBSD ports tree for inclusion. It has been accepted and will likely bring many new Blogsum users, which will inevitably cause me to struggle even harder against the onslaught of feature requests. ;)
Just kidding, I'm glad to see Blogsum gaining interest in the community. I've also updated the OpenBSD port, if you happen to be using that instead of following svn. Enjoy!
- Comments (5)
2009-09-26 23:29:47 by jdixon
Stumbled across the Barrelfish project over at OSnews. The proof-of-concept Operating System appears to borrow concepts from distributed systems design. Rather than have a single kernel managing multiple cores, the Multicore kernel assumes no inter-core sharing and communicates with message passing. Presumably they've been able to overcome some of the traditional performance hits there.
I was particularly pleased to see their first relase distributed under a BSD-style license. Those crazy bastards at Microsoft, what's next... a Windows release that doesn't suck?
- Comments (1)
2009-08-27 22:33:50 by jdixon
OpenBSD's ypldap daemon provides YP maps using an LDAP backend. It was introduced with OpenBSD 4.4 but doesn't seem to have received much exposure within the community. I've been meaning to convert one of our bastion systems from using local accounts to LDAP, mainly for convenience.
The migration went smoothly except for the lack of a netid.byname mapping. Pierre-Yves Ritschard (pyr@) told me this is high on his to-do list. Without this mapping, sudo is unable to getpwuid(). Therefore, any accounts requiring sudo rights (read: administrators) will need to remain as local accounts until this is resolved.
The vast majority of this write-up was taken almost verbatim from a similar posting at the Helion-Prime Solutions blog. I've filled in some missing bits with regards to the sudo issue as well as ypbind issues over non-broadcast segments.
- Comments (4)
2009-08-18 02:45:46 by jdixon
I've unofficially kicked off the pre-planning phase of DCBSDCon 2010 for tossing around ideas and informal preparations. If you're interested in becoming an event organizer (think carefully) or sponsor (spend graciously), I'd love to hear from you now. We'll be recruiting event volunteers as the New Year gets closer.
A lot of friends have been asking me when the event will happen. There's a strong possibility that it will be pushed back from February (where the F stands for effing cold) to April. DC weather is much more cooperative during the spring months (cherry blossoms anyone?).
- Comments (2)
2009-08-13 03:42:54 by jdixon
I've never claimed to be a prolific hacker. I take much longer to complete a simple piece of code than even your typical hobbyist programmer. I'm easily distracted by shiny objects and WTFs.
Nevertheless, I finally gave in and threw together something resembling a blogging app. There are no fancy features yet, and likely never will be. It currently does about 90% of what I want it to do, which is closer to 2% of what the typical blogging/CMS application is capable of. It's my own KISS approach with a healthy peppering of careful input handling and a simple SQLite backend.
If you've been looking for a small blog application, particularly one designed for running in OpenBSD's default httpd(8) chroot, then Blogsum might be good for you. If not, that's ok too. Let the next guy have his World Domination. I just want to blog some.
- Comments (2)