Everyone’s talking about it, so why should I not add something too.
ChatGPT is pretty amazing. I asked it an interview question, and it just plain solved it. Well, there was one real world imperfection. I asked it to fix that problem, and then it went off the rails. The more I hinted, the worse the code got.
I won’t give the details here, because I want to keep using the question / topic.
So I wondered if it could find bugs. First an easy one:
Q:
What's the problem with this C++ code:
int* foo() {
auto ret = new int;
int r2 = *ret * 2;
return &r2;
}
A:
There are several problems with the code you provided:
1. The function foo is returning a pointer to a local variable r2,
which is not safe because the memory for r2 is deallocated when the
function returns. This can cause undefined behavior when you try to
access the returned pointer after the function has returned.
2. The function foo is allocating memory for an integer with new int,
but it is not deallocating that memory before the function
returns. This can lead to a Continue reading
And now for something completely different.
I’ve off and on thought about this for years, so it needed to be written down.
Obviously SPOILERS, for basically all Terminator movies.
Summary of reasons
I’m aware of The Terminator Wiki, but I don’t care about it. My opinions are on the movies as movies.
In Terminator 1 (T1) Arnold is clearly a robot in human skin. At no point do you believe it’s a human. The only reason people don’t stop and scream and point, is that “I’m being silly, that’s clearly impossible”. But Arnold spends the whole movie in the uncanny valley, the kind in 2022 reserved for realistically generated CGI characters.
It’s very nearly a perfect movie. Just take his first dialog. “Nice night for a walk”, the punks say. They are saying this to a machine that has never talked to a human before, so its response is complete nonsense. It just repeats the words back to them.
It’s a Continue reading
I’m writing a webserver optimized for serving a static site with as high performance as possible. Counting every syscall, and every copy between userspace and kernel space.
It’s called “tarweb”, because it serves a website entirely from a tar file.
I’m optimizing for latency of requests, throughput of the server, and scalability over number of active connections.
I won’t go so far as to implement a user space network driver to bypass the kernel, because I want to be able to just run it in normal setups, even as non-root.
I’m not even close to done, and the code is a mess, but here are some thoughts for now.
Every syscall costs performance, so we want to minimize those.
The minimum set of syscalls for a webserver handling a request is:
accept()
to acquire the new connection.epoll_ctl()
to add the fd.epoll_wait()
& read()
or similar. (ideally getting the whole
request in one read()
call)epoll_wait()
& write()
or similar. (again ideally in one call)close()
the connection.There’s not much to do about accept()
and read()
, as far as I can
see. You need to accept the connection, and you need to Continue reading
Floating point can be tricky. You can’t really check for equality, and
with IEEE 754 you have a bunch of fun things like values of not a
number
, infinities, and positive and negative zero.
But integers are simple, right? Nope.
I’ll use “integers” to refer to all integer types. E.g. C’s int,
unsigned int, gid_t, size_t, ssize_t, unsigned long long
, and Java’s
int, Integer
, etc…
Let’s list some problems:
Casting an integer from one type to another changes three things:
The first is obvious, and is even safe for the language to do implicitly. Why even bother telling the human that a conversion was done?
But think about the other two for a minute. Is there any reason that you want your Continue reading
There are a few ways to attempt to parse a string into a number in the C standard library. They are ALL broken.
Leaving aside the wide character versions, and staying with long
(skipping int
, long long
or intmax_t
, these variants all having
the same problem) there are three ways I can think of:
atol()
strtol()
/ strtoul()
sscanf()
They are all broken.
I’ll start by claiming a common sense “I know it when I see it”. The
number that I see in the string with my eyeballs must be the numerical
value stored in the appropriate data type. “123” must be turned into
the number 123
.
Another criteria is that the WHOLE number must be parsed. It is not OK to stop at the first sign of trouble, and return whatever maybe is right. “123timmy” is not a number, nor is the empty string.
Failing to provide the above must be an error. Or at least as the user of the parser I must have the option to know if it happened.
atol()
Input | Output |
---|---|
123timmy | 123 |
99999999999999999999999999999999 | LONG_MAX |
timmy | 0 |
empty string | 0 |
" " |
0 |
No. All Continue reading
The title of this post is clearly a reference to the classic article PHP a fractal of bad design. I’m not saying Java is as bad as that, but that it has its own problems.
Do note that this post is mostly opinion.
And I’m not saying any language is perfect, so I’m not inviting “but what about C++’s so-and-so?”.
What I mean by “bad experiments” is that I don’t think the decisions the creators of Java were bad with the information they had at the time, but that with the benefit of hindsight they have proven to be ideas and experiments that turned out to be bad.
Ok, one more disclaimer: In some parts here I’m not being precise. I feel like I have to say that I know that, to try to reduce the anger from Java fans being upset about me critiqueing their language.
Don’t identify with a language. You are not your tool.
A lot of Java’s problems come from the fact that it’s too object oriented. It behaves as if everything is axiomatically an object.
No free-standing functions allowed. So code is full of public static
functions, in classes with no Continue reading
I recently got fiber to my house. Yay! So after getting hooked up I started measuring that everything looked sane and performant.
I encountered two issues. Normal people would not notice or be bothered by either of them. But I’m not normal people.
I’m still working on one of the issues (and may not be able to disclose the details anyway, as the root cause may be confidential), so today’s issue is traceroute.
In summary: A bad MPLS config can break traceroute outside of the MPLS network.
$ traceroute -q 1 seattle.gov
traceroute to seattle.gov (156.74.251.21), 30 hops max, 60 byte packets
1 192.168.x.x (192.168.x.x) 0.302 ms <-- my router
2 194.6.x.x.g.network (194.6.x.x) 3.347 ms
3 10.102.3.45 (10.102.3.45) 3.391 ms
4 10.102.2.29 (10.102.2.29) 2.841 ms
5 10.102.2.25 (10.102.2.25) 2.321 ms
6 10.102.1.0 (10.102.1.0) 3.454 ms
7 10.200.200.4 (10.200.200.4) 2. Continue reading
If you’re writing a tool that takes untrusted input, and you should treat almost all input as untrusted, then it’s a good idea to add a layer of defense against bugs in your code.
What good is a buffer overflow, if the process is fully sandboxed?
This applies to both processes running as root, and as normal users. Though there are some differences.
In POSIX you can only sandbox if you are root. The filesystem can be
hidden with chroot()
, and you can then change user to be non-root
using setuid()
and setgid()
.
There have been ways to break out of a chroot()
jail, but if you
make sure to drop root privileges then chroot()
is pretty effective
at preventing opening new files and running any new programs.
But which directory? Ideally you want it to be:
The best way no ensure this is probably to create a temporary directory yourself, owned by root.
This is pretty tricky to do, though:
// Return 0 on success.
int do_chroot()
{
const char* tmpdir = getenv("TMPDIR");
if (tmpdir == NULL) Continue reading
I’ll just assert that there’s no way to use seccomp()
correctly. Just like how there’s no way to use gets()
correctly, causing it to eventually be removed from the C and C++
standards.
seccomp
allows you to filter syscalls with a ruleset.
The obvious thing is to filter anything your program isn’t supposed to be doing. If it doesn’t do file IO, don’t let it open files. If it’s not supposed to execute anything, don’t let it do that.
But whether you use a whitelist (e.g. only allow working with already open file descriptors), or a blacklist (e.g. don’t allow it to open these files), it’s fundamentally flawed.
open()
in your code actually becomes the openat
syscall. Maybe. At
least today. At least on my machine, today.
select()
actually becomes pselect6
. At least on Fridays.
If you upgrade libc or distribute a binary to other systems, this may start to fail.
Calling printf()
will call the syscall newfstatat
, a syscall hard
to even parse into words. But only the first time you call it! So
after your first printf()
you can block newfstatat
.
Maybe Continue reading
Setting up AX.25 over 1200bps was easy enough. For 9600 I got kernel panics on the raspberry pi, so I wrote my own AX.25 stack.
But I also want to try to run AX.25 over D-Star. Why? Because then I can use radios not capable of 9600 AX.25, and because it’s fun.
It seems that radios (at least the two I’ve been working with) expose the D-Star data channel as a byte stream coming over a serial connection. Unlike working with a TNC you don’t have to talk KISS to turn the byte stream into packets, and vice versa.
The first hurdle to overcome, because we want to send binary data, is to escape the XON/XOFF flow control characters that the IC9700 mandates. Otherwise we won’t be able to send 0x13 or 0x11. Other bytes seem to go through just fine.
So I wrote a wrapper for that, taking /dev/ttyUSB1
on one
side, and turning it into (e.g.) /dev/pts/20
for use with
kissattach
.
$ ./dsax /dev/ttyUSB1
/dev/pts/20
$ kissattach /dev/pts/20 radio
$ kissattach -p radio -c 2 # See below
Set Menu>Set>DV/DD Set>DV Data TX
to Auto
, for “automatic PTT”. As
Continue reading
If you only have your app in English then you’ll still be understood[1] by the new market whose official language isn’t English.
If you show farenheit (a word I can’t even spell), then 96% of the world cannot understand your app. At all.
For most of the west I would argue that translation doesn’t even matter at all, but you cannot have your app start your weeks on Sunday, you cannot show fahrenheit, or feet, or furlongs, or cubits or whatever US-only units exist. And you cannot use MM/DD/YY.
NONE of these things are tied to language. Most users of English don’t want any of this US-only failure to communicate.
[1] While most of the world doesn’t speak English fluently, they may know words. And they can look up words. You cannot “look up” understanding fahrenheit or US-only date formats.
A while ago I was asked why I wrote Sim in C++ instead of Go. I stumbled upon my answer again and realized it could be a blog post.
So here’s what I wrote then. I think I stand by it still, and I don’t think the situation has improved.
My previous experience with “low level” things in Go (being very
careful about which syscalls are used, and in which order) has had
some frustrations in Go. Especially with portability. E.g. different
definitions of syscall.Select
between BSDs and Linux, making me have
to use reflection at some points. (e.g. see
this Go bug.
And to work around those things Go unfortunately uses the antipattern
of (essentially) #ifdef __OpenBSD__
, which we’ve known for decades
is vastly inferior to checking for specific capabilities.
To me the Go proverb “Syscall must always be guarded with build
tags” essentially means “Go is not an option for any
program that needs to be portable and may at some point in the future
require the syscalls
package”. And since this tool is meant to be
portable, and calls what would be syscall.Setresuid
, Continue reading
In my previous two posts I set up a login prompt on a bluetooth serial port and then switched to running SSH on it.
I explicitly did not set up an IP network over bluetooth as I want to minimize the number of configurations (e.g. IP address) and increase the chance of it working when needed.
E.g. firewall misconfiguration or Linux’s various “clever” network managers that tend to wipe out network interface configs would have more of a shared fate with the primary access method (SSH over normal network).
This post is about how to accomplish this more properly.
The problems now being solved are:
It wasn’t entirely reliable. The rfcomm
tool is pretty buggy.
There was no authentication of the Bluetooth channel. Not as much a problem when doing SSH, but if there are passwords then there could be a man-in-the-middle attack.
The server side had to remain discoverable forever. So anyone who scans for nearby bluetooth devices would see your servers, and would be able to connect, possibly brute forcing passwords. Not as much of a problem if running SSH with password authentication turned off, but why broadcast the name of a server if you don’t Continue reading
Yesterday I set up a simple serial console over bluetooth as a backup console.
Today I’m running SSH over bluetooth. Raw SSH, no IP. I only use IP on the two ends to talk to the SSH client and server. It doesn’t actually go over the bluetooth.
This fixes the security aspects with the previous solution. As long as you make sure to check the host key signature it’ll be perfectly secure.
No need for one-time passwords. You can even use SSH pubkey auth.
Server:
rfcomm watch hci0 2 socat TCP:127.0.0.1:22 file:/proc/self/fd/6,b115200,raw,echo=0
Client:
sudo rfcomm bind rfcomm2 AA:BB:CC:XX:YY:ZZ 2
ssh -oProxyCommand="socat - file:/dev/rfcomm2,b115200,raw,echo=0" dummy-hostname
If you’re messing around with an OpenSSH config then it may be a good idea to set up a minimal config on another port. Maybe port 23. Not like that port is used for anything else anymore.
Sometimes you want to connect to a bluetooth on the console. Likely because you screwed something up with the network or filewall settings.
You could plug in a screen and keyboard, but that’s a hassle. And maybe you didn’t prepare the Pi to force the monitor to be on even if it’s not connected at boot. Then it just doesn’t work.
Even more of a hassle is to plug in a serial console cable into the GPIO pins.
But modern Raspberry Pi’s have bluetooth. So let’s use that!
Create /etc/systemd/system/bluetooth-console.service
with this content:
[Unit]
Description=Bluetooth console
After=bluetooth.service
Requires=bluetooth.service
[Service]
ExecStart=/usr/bin/rfcomm watch hci0 1 getty rfcomm0 115200 vt100
Restart=always
RestartSec=10
StartLimitIntervalSec=0
[Install]
WantedBy=multi-user.target
This sets up a console on bluetooth channel 1 with a login prompt. But
it doesn’t work yet. Apparently setting After
, Required
, and even
Requisite
doesn’t prevent systemd from running this before setting
up bluetooth (timestamps in the logs don’t lie). Hence the restart stuff.
I also tried setting ExecStartPre
/ ExecStartPost
there to enable
Bluetooth discoverability, since something else in the boot process
seems to turn it back off if I set it Continue reading
This is another post about the mess that is Linux audio. To follow along you may want to read the previous one first.
This time I want to create a virtual audio cable. That is, I want one application to be able to select a “speaker”, which then another application can use as a “microphone”.
The reason for this is that I want to use GNURadio to decode multiple channels at the same time, and route the audio from the channels differently. Specifically my goal is to usy my ICom 7300 in IF mode (which gives me 12kHz of audio bandwidth) tuned to both the FT8 and JS8 HF frequencies, and then let wsjtx listen on a virtual sound card carrying FT8, and JS8Call listen to a virtual sound card carrying JS8.
We could use modprobe snd_aloop
to create loopback ALSA devices in
the kernel. But I’ve found that to be counter intuitive, buggy, and
incompatible (not everything application supports the idea of
subdevices). It also requires root, obviously. So this is best solved
in user space, since it turns out it’s actually possible to do so.
Another way to say this is Continue reading
It started with a pretty simple requirement: I just want to know which sound card is which.
I sometimes play around with amateur radios. Very often I connect them to computers to play around. E.g. JS8Call, FT8, SSTV, AX.25, and some other things.
This normally works very well. I just connect radio control over a serial port, and the audio using a cheap USB audio dongle. Sometimes the radio has USB support and delivers both a serial control port and an audio interface over the same cable.
So what if I connect two radios at the same time? How do I know which sound card, and which serial port, is which?
Both serial ports (/dev/ttyUSB<n>
) and audio device numbers and
names depend on the order that the devices were detected, or plugged
in, which is not stable.
Serial ports are relatively easy. You just tell udev to create some consistent symlinks based on the serial number of the USB device.
For example here’s the setup for a raspberry pi that sees various radios at various times (with some serial numbers obscured) Continue reading
This post is mostly a note to self for when I need to upgrade next time.
Because of the recent bug in log4j, which also affected the Unifi controller, I decided to finally upgrade the controller software.
Some background: There a few different ways to run the controller. You can use “the cloud”, run it yourself on some PC or raspberry pi, or you can buy their appliance.
I run it myself, because I already have a raspberry pi 4 running, which is cheaper than the appliance, and gives me control of my data and works during an ISP outage.
I thought it’d be a good opportunity to play with docker, too.
Turns out I’d saved the command I used to create the original docker image. Good thing too, because it seems that upgrading is basically delete the old, install the new.
docker stop <old-name-here>
).docker update --restart=no <old-name-here>
).The Linux kernel AX.25 implementation (and userspace) is pretty poor. I’ve encountered many problems. E.g.:
you can’t read() and write() from the same socket at the same time
CRC settings default such that at least all my radios (and direwolf)
drop the first two packets sent. (fix with kissparms radio -c 1
)
On 64bit Raspberry Pi OS setsockopt
for some flags don’t take
effect at all (e.g. setting AX25_EXTSEQ
), and treat other obvious
correct ones as invalid (e.g. can’t set AX25_WINDOW
to any value
at all).
I also get kernel null pointer dereferences on 32bit Raspberry Pi OS when testing AX.25. Not exactly comforting.
Other OSs don’t have AX.25 socket support. E.g. OpenBSD. And it’s not obvious to me that this is best solved in kernel space.
It doesn’t seem clear to anyone how the AX.25 stack in the kernel is
supposed to work. E.g. should axparms -assoc
be an enforcing ACL?
It’s not, but is it supposed to be?
I’ve also seen suggestions that AX.25 should be ripped out of the Linux kernel. Continue reading
The way I write automation for personal projects nowadays seems to follow a common pattern:
Occasionally I add a step between 2 and 3 where I write it in Python, but it’s generally not actually gaining me anything. Python’s concurrency primitives are pretty bad, and it’s pretty wasteful.
Maybe there’s an actually good scripting language somewhere.
I should remember that writing a bash script (step 2) seems to almost never be worth it. If it’s so complicated that it doesn’t fit on one line, then it’ll become complicated enough to not work with bash.
There are two main things that don’t work well. Maybe there are good solutions to these problems, but I’ve not found them.
There are no good primitives. Basically only xargs -P
and &
. It’s
annonying when you have an embarrassingly parallelizable problem where
you want to run exactly nproc
in parallel.
Especially error handling becomes terrible here.
You can handle errors in bash scripts in various ways:
||
operator. E.g. gzip -9 < a > a.gz || (echo "handling error…")
set -e
at the top Continue reading