Friday, January 08, 2021
Notes about the first time I tried a S'more
For some unknown reason, Bunny came into The Computer Room with a S'more in hand for me. This was my first experience with a S'more.
“Um, did you slay the Stay Puft mashmallow man?” I asked.
“Okay,” said Bunny, “the marshmallows were kind of big. Do you like it?”
“Like it? I can't even get a hold of it.”
“Would a fork help?”
“Wait a second,” I said. “Let me flip the plat over and see if I can get it that way … ”
“Wow! That marshmallow sure is sticky stuff.”
“There we go.”
“Do you like it?”
“Mmmmm mm'm mmmm.”
“Pardon?”
“Iths okay. Messy, but okay.”
“So it didn't knock your socks off?”
“I'm not wearing socks, but yes, if I was wearing them, this wouldn't knock them off.”
“Oh.”
“It's okay. A bit too sweet for me, but I don't hate it.”
“But at least you tried it.”
“Yes,” I said. “At least I tried it.”
Wednesday, January 06, 2021
It's finally the Twelfth Day of Christmas!
By the Twelfth Day of Christmas, my true love has gifted me:
- 12 drummers drumming,
- 22 pipers piping,
- 30 lords a-leaping,
- 36 ladies dancing,
- 40 maids a-milking,
- 42 swans a-swimming,
- 42 geese a-laying,
- 40 gold rings (and not one to control them all),
- 36 calling birds,
- 30 French hens,
- 22 turtle doves,
- and 12 partridges in a dozen pear trees!
I now have here 140 people, 34 of which are playing loudly, 66 are prancing about loudly, and 40 complaining that the noise is making it difficult to milk their cows. Speaking of which, there are 40 cows milling about constantly mooing, and making such a mess on the floor. There are 184 birds flying about, honking, calling, cooing and otherwise making more of a mess on everything but the floor, to the point where it's wise not to eat the pears without a thorough cleaning (and possibly peeling). The 40 golden rings aren't quite enough to make up financially for all the damage caused so far.
I think next year I'll just ask for a pair of socks.
Saturday, January 02, 2021
When one IP address fails
I wrote my own gopher server several years ago.
And it works fine for my own uses,
But I could not load gopher://raymii.org/.
I could use telnet
(the gopher protocol is very easy to use by hand).
I could use nc.
But my client could not connect.
I finally dived into the problem and I found the issue—not all the addresses for raymii.org work!
My code would call getaddrinfo(), which returns a list of addresses,
and my code would just use the first one returned.
Only in the case for raymii.org not all the addresses accept connections.
And that's an issue that I've never encountered before.
The fix was easy—attempt to connect to each address and return when the first one connects.
Friday, January 01, 2021
The forced march of progress
When I first wrote the Lua module for libtls,
I had issues with using TLS_API to version the code,
so I ended up using using LIBRESSL_VERSION_NUMBER instead
and mandating at least LibreSSL 2.3.0.
But now that I'm switching away from LibreSSL,
I can't rely upon LIBRESSL_VERSION_NUMBER anymore.
After some thought,
I have decided to no longer support versions of libtls prior to 20180210
(or LibreSSL 2.7.0).
The non-LibreSSL libtls versions I've found all seem to be newer than 20180210,
so that shouldn't be much of a prooblem.
The upside is that 2020 is over—the downside is that COVID-19 is not over, murder hornets are a thing, and the election is still contentious
All I can say is—thank God it's Friday a new year!
HAPPY NEW YEAR!
Thursday, Debtember 31, 2020
Yet another wrinkle in the TLS library woes
I downloaded and compiled libretls,
a libtls for OpenSSL.
I also recompiled my Lua wrapper for libtls and reran the profiling tests from the other day.
I can now say for certain that there is no need to profile LibreSSL because the results speak for themselves—an accumulation of 24 CPU seconds using OpenSSL vs. 1 minutes, 24 seconds using LibreSSL. Looking at the results, it makes some sense. The LibreSSL library I'm using the the “portable version” for non-OpenBSD systems, and there's probably little work to making it fast.
So now I have to rethink my using LIBRESSL_VERSION_NUMBER when compiling the Lua module.
I will no longer be using the LibreSSL version and I can't exactly rely upon the TLS_API value either … sigh.
Wednesday, Debtember 30, 2020
A sane and easy to use TLS library for OpenSSL! Will wonders never cease!
I saw the following on the Gemini mailing list:
Perhaps take a look at "[gentoo-dev] [RFC] Discontinuing LibreSSL support?". Fascinating dynamic.
I only use LibreSSL because it comes with libtls,
an easier to use API than the base LibreSSL (which itself was forked years ago from OpenSSL for various reasons).
It seems that over the years,
the API between LibreSSL and OpenSSL have drifted and now the Linux distribution of Genntoo is thinking of dropping support for LibreSSL.
It doesn't affect me,
since I'm not using Gentoo
(and the last time I used Gentoo was a rather stressful time).
I just install it from source
(and it's a pain to use too, because I don't want to destroy my existing OpenSSL installation).
I was,
however,
happy to see a port of libtls to OpenSSL,
as that would make it easier to keep using libtls.
Tuesday, Debtember 29, 2020
The OpenSSL/LibreSSL shuffle
Two and a half years ago, someone tried using my UUID library with a modern version of OpenSSL. At the time I rejected the patch because I couldn't use it (I was, and still am, using an older version of OpenSSL). Then today, I was notified that someone else tried to do the same, and I figured it was time to actually adress the issue.
It used to be that you could do:
#include <openssl/evp.h> unsigned char hash[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; EVP_DigestInit(&ctx,EVP_md5()); EVP_DigestUpdate(&ctx,data,len); EVP_DigestFinal(&ctx,hash,&hashsize);
The context variable declaration changed and you no longer could do that. Instead, you now have to:
#include <openssl/evp.h>
unsigned char hash[EVP_MAX_MD_SIZE];
EVP_MD_CTX *ctx;
ctx = EVP_MD_CTX_new();
if (ctx != NULL)
{
EVP_DigestInit(ctx,EVP_md5());
EVP_DigestUpdate(ctx,data,len);
EVP_DigestFinal(ctx,hash,&hashsize);
EVP_MD_CTX_free(ctx);
}
It's an annoying change and yet, I can understand why the change was made—future updates of hash functions could use more space than what you statically allocate which could lead to a buffer overrun. It also changed what used to be an error-free path (well, buffer overruns aside) to a path that could fail. The reason I put off making the change was trying to find the version of OpenSSL where the change was made. After downloading over a dozen versions of OpenSSL and checking each one, I found the change in version 1.1.0.
This also prompted me to spend the time to update my TLS Lua module to the latest version. This also involved downloading over a dozen versionf of LibreSSL and checking each one. There was only one minor change involved, and that was adding a new call to the module.
I have yet to profile LibreSSL though.
![[It's the most wonderful time of the year!]](http://www.conman.org/people/spc/about/2018/1212.t.jpg "It's the most wonderful time of the year!")