I noticed that when I ran strlcpy in cc with both directly from libc and
copied from source: “with and without needing a return value”, the libc
strlcpy didn’t change the runtime, but the one from source did;
dramatically (like 50% runtime difference over a several run loop with
15-20 or so charact
Marc, all you all have to do is say is that you all refuse to provide it.
I was asked to at least provide evidence for correctness. I did so; and I’d
say I did a stellar job aside from getting some kind of statistical program.
The following has an attached source code for my test (along with
refe
Perhaps it was rude sending off list stuff to the list. Your email sounded
"less than friendly" and more of a professional challenge that you were
definitely in the works to produce; much like Damien Miller’s challenge to
prove correctness. So, whatever.
Aside from that unpleasantness:
I worked in
Crystal: You can prove that for random, repetitive, correct, database
record name generation using small upperbounds, the demonstrated 1/3-1/2
runtime isn’t worth it for an upperbound like 26 - 92 in a business context
that fights for every last millisecond?
Bring it.
Prove the correctness of wha
I appreciate your response, Damien.
I did do the bare minimum of correctness testing and it was the post right
after Guenther was congratulated on proving incorrectness:
https://marc.info/?l=openbsd-tech&m=165259528425835&w=2
The post includes software to reproduce the results.
I wrote a high
I appreciate your response, Damien.
I did do the bare minimum of correctness testing and it was the post right
after Guenther was congratulated on proving incorrectness:
https://marc.info/?l=openbsd-tech&m=165259528425835&w=2
The post includes software to reproduce the results.
I wrote a high
understand if you’re familiar with bitwise stuff.
On Mon, May 16, 2022 at 5:35 PM Stuart Henderson
wrote:
> On 2022/05/16 15:13, Luke Small wrote:
> > If you’re not running a threaded program, my function wouldn’t be “less
> > safe.”
> >
> > I’d imagine that 99% of pr
an asshole right?
>
>
> Luke Small wrote:
>
> > If you’re not running a threaded program, my function wouldn’t be “less
> > safe.”
> >
> > I’d imagine that 99% of programs aren’t multithreaded.
> >
> > On Mon, May 16, 2022 at 1:01 PM wrote:
> &
If you’re not running a threaded program, my function wouldn’t be “less
safe.”
I’d imagine that 99% of programs aren’t multithreaded.
On Mon, May 16, 2022 at 1:01 PM wrote:
> > There is the specifically non-threadsafe call getchar_unlocked() on
> OpenBSD
> > which is presumably available for pe
Yeah. It most likely won't go in. From past experience and advice, not
necessarily just from a perceived lack of merit.
However, many, if not all of the arguments are based upon non-facts and
misconceptions from earlier submissions or just not understanding what the
software is doing.
The only re
I’m not trying to be rude, but you don’t realize what’s going on here:
uuu is a bitmask:
‘uuu’ (or (1 << bits)-1 ) in “ret = rand_holder & uuu;“ , only puts the
lower ‘bit’ quantity of bits of rand_holder into ret, then it right shifts
rand_holder afterward to trash them every time in the loop wh
r didn’t, perhaps like yourself, realize I submitted this
later program. That’s why he said it wasn’t correct. It didn’t occur to me
at the time of responding to him: “correct correct correct.”
On Sun, May 15, 2022 at 7:47 PM Damien Miller wrote:
> On Sat, 14 May 2022, Luke Small wrote:
>
>
ot;correct."
...correct correct correct. Did I use that buzzword enough?
-Luke
On Sun, May 15, 2022 at 5:26 PM Philip Guenther wrote:
> On Sun, 15 May 2022, Luke Small wrote:
> > The current implementation is nothing more than a naive arc4random() %
> > upper_bound which trashes
The current implementation is nothing more than a naive arc4random() %
upper_bound which trashes initial arc4random() calls it doesn’t like, then
transforms over a desired modulus. The whole transformation by modulus of
perfectly decent random data seems so awkward. It’s not like it is used as
some
3,000,000,000 upperbound in the src partition tonight.
On Sun, May 15, 2022 at 3:15 AM Otto Moerbeek wrote:
> On Sun, May 15, 2022 at 01:12:28AM -0500, Luke Small wrote:
>
> > This is version 1, which I was pretty sure was secure.
> >
> > I revamped it with a few features
This is version 1, which I was pretty sure was secure.
I revamped it with a few features and implanted the binary search for 'bit'
in most cases, which aren't intentionally worst-case, it's pretty darned
fast!
This is a sample run of my program with your piece of code included:
1 99319 10023
May 14, 2022 at 05:48:10AM -0500, Luke Small wrote:
>
> > arc4random_uniform_fast2 that I made, streams in data from arc4random()
> and
> > uses the datastream directly and uses it as a bit by bit right "sliding
> > window" in the last loop. arc4random_uniform() us
arc4random_uniform_fast2 that I made, streams in data from arc4random() and
uses the datastream directly and uses it as a bit by bit right "sliding
window" in the last loop. arc4random_uniform() uses a modulus which I is
simple to implement, but I wonder how cryptographically sound or even how
even
I made a couple new versions of a new kind of arc4random_uniform-like
function and some example functions which use them. Instead of having a
sufficiently large random number greater than the modulus, I pick a random
number using arc4random() from a bitfield where the length of the bitfield
is just
https://bugs.llvm.org/show_bug.cgi?id=50026
I reported it to the llvm people. it is two slightly different quicksort
algorithms which perform radically differently. The one which you could
assume would take more time, performs MUCH better.
I made a custom quicksort algorithm which outperforms qso
I used the verbiage: “malloc(3)” as a general all-encompassing manpage
which includes malloc(), calloc(), freezero(), etc.
Sorry for the confusion.
> In malloc(3):
>> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
>> then
>> > multiplication in freezero() may need to be c
:
> On Fri, 19 Feb 2021 10:38:13 -0600, Luke Small wrote:
>
> > In malloc(3):
> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
> then
> > multiplication in freezero() may need to be cast to size_t to avoid
> integer
> > overflow:
> >
>
> > In the manpage you could succinctly state:
> >
> > In malloc(3):
> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
> then
> multiplication in freezero() may need to be cast to size_t to avoid
> integer overflow:
> > freezero(ptr, (size_t)nmemb * (size_t)size);”
> > Or
);
free(ptr);
}
On Fri, Feb 19, 2021 at 12:51 AM Otto Moerbeek wrote:
> On Thu, Feb 18, 2021 at 03:24:36PM -0600, Luke Small wrote:
>
> > However, calloc(ptr, nmemb, size) may have been called using smaller int
> > variable types which would overflow when multiplied. Where
Raadt wrote:
> Luke Small wrote:
>
> > However, calloc(ptr, nmemb, size) may have been called using smaller int
> > variable types which would overflow when multiplied.
>
> In which case the allocation would not have succeeded.
> > Where if the variables
> > st
(ptr, (size_t)nmemb * (size_t)size);
is guaranteed to work, but
freezero(ptr, nmemb * size);
does not have that guarantee.
On Thu, Feb 18, 2021 at 3:42 AM Otto Moerbeek wrote:
> On Wed, Feb 17, 2021 at 11:05:49AM -0700, Theo de Raadt wrote:
>
> > Luke Small wrote:
> >
>
ore you'll ever reach putting freezero((size_t)nmemb * (size_t)size);
-Luke
On Wed, Feb 17, 2021 at 2:36 PM Luke Small wrote:
> if the nmemb and size values being passed to calloc() are of a larger
> integer datatype, they will have been truncated when passed to the function
> t
if the nmemb and size values being passed to calloc() are of a larger
integer datatype, they will have been truncated when passed to the function
there as well.
Perhaps you need something larger than size_t in the entire malloc manpage
series?
-Luke
On Wed, Feb 17, 2021 at 2:25 PM Theo de Raa
| buf[5]) << 8)
| buf[4]) << 8)
| buf[3]) << 8)
| buf[2]) << 8)
| buf[1]) << 8)
| buf[0];
}
}
On Wed, Feb 17, 2021 at 12:05 PM Theo de Raadt wrote:
> Luke Small wrote:
>
> >
2021 at 11:04 AM Theo de Raadt wrote:
> Luke Small wrote:
>
> > if calloc() and recallocarray() needs nmemb and size, why doesn't
> > freezero()?
> >
> > Should there be a freeczero(size_t nmemb, size_t size) ?
>
> Performing the nmemb*size overflow detection a second time provides
> no benefit.
>
>
>
if calloc() and recallocarray() needs nmemb and size, why doesn't
freezero()?
Should there be a freeczero(size_t nmemb, size_t size) ?
-Luke
tiny logical error on line 651 in main.c
-Luke
On Tue, Jun 2, 2020 at 12:38 PM Luke Small wrote:
> with -uNp flags
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
>
>> forgot something.
>> -Luke
>>
>>
>> On Tue, Jun 2, 2020 at
tiny logical error on line 651 in main.c
-Luke
On Tue, Jun 2, 2020 at 12:38 PM Luke Small wrote:
> with -uNp flags
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
>
>> forgot something.
>> -Luke
>>
>>
>> On Tue, Jun 2, 2020 at
with -uNp flags
-Luke
On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
> forgot something.
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:06 PM Luke Small wrote:
>
>> I have a ftp folder diff. I altered:
>> extern.h fetch.c main.c
>> -Luke
>>
>
diff
Description: Binary data
forgot something.
-Luke
On Tue, Jun 2, 2020 at 12:06 PM Luke Small wrote:
> I have a ftp folder diff. I altered:
> extern.h fetch.c main.c
> -Luke
>
diff
Description: Binary data
I have a ftp folder diff. I altered:
extern.h fetch.c main.c
-Luke
diff
Description: Binary data
You can only tell the fastest latency for a download by testing it at your
location. It is very fast.
On Tue, Aug 23, 2016 at 5:25 AM wrote:
> Tue, 23 Aug 2016 09:09:38 +0000 Luke Small
> [...]
> > It downloads the ANNOUNCEMENT file from each mirror, which is both small
> >
I had one before that read openbsd.org/ftp.html (which is insecure because
it gets sets a mirror from data from an unencrypted connection), but I
changed it to read the /etc/examples/pkg.conf file so that there is a more
secure method. I pledged it. I tried to do pledge and setuid, but a glitch
tha
That seems a bit excessive to crash the program when all you may want to do
is track the exit of a child. Does the pledge proc flag dictate that you
can't do wait() as well?
rdened the least.
-Luke
On Wed, Feb 3, 2016 at 9:12 PM, Stuart Henderson wrote:
> On 2016/02/03 20:48, Luke Small wrote:
> > I suspect that unless there is a solution that doesn't involve lazy new
> > users to memorize more complicated named mirrors, you are going to run
&g
I suspect that unless there is a solution that doesn't involve lazy new
users to memorize more complicated named mirrors, you are going to run into
this problem over and over again.
>> Raf Czlonka wrote:
>> - ftp.openbsd.org is, AFAIC, overloaded
> I haven't been following this thread fully, but
1. You can pick a mirror relatively trivially, but since I've run the
program, the fastest one isn't the one I chose manually. Also, it can
choose multiple mirrors at once, so presumably if there is a failure, it
will choose the next mirror(s) that it wrote down in pkg.conf
2. You are saying that
Whoops, got rid of putting in a null character when I should have left it
in.
-Luke
/*
* Copyright (c) 2016 Luke N. Small
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and t
I fixed the uname(1) call and replaced it with uname(3) I read the style
man page. ran the program through indent.
I ran it through sed because it reduces code complexity. Why re-engineer
the wheel?
I use C because I can use kqueue from a fresh install. You have to use
unaudited packages to use p
k
the only way to do it is by using C.
-Luke
On Fri, Jan 29, 2016 at 6:44 AM, Jérémie Courrèges-Anglas
wrote:
> Luke Small writes:
>
> > I wanted to use kqueue. Name another script or programming language that
> > offers it from the base install. NONE!
>
> If you want t
I wanted to use kqueue. Name another script or programming language that
offers it from the base install. NONE!
Why should I write it in another language. I already did it in C. Is there
another way other than kqueue that you can wait for the ftp call to quit,
while being able to kill it if it tak
I think I fixed all your suggestions. I don't strictly adhere to kernel
normal in the use of comments and I parse command-line arguments without
using getopt(3), but the method is robust.
-Luke
/*
* Copyright (c) 2016 Luke N. Small
*
* Permission to use, copy, modify, and distribute this softw
pkg_ping [-s timeout]
[-n maximum_mirrors_written]
It scrapes each mirror's location and URL from openbsd.org/ftp.html and
tests the package repository with the version and architecture of the
machine. It kills the ftp() and sed() functions it calls from C if it takes
too long by using kqueue.
re is
nothing that can be done to make it core dump. The only thing, I suspect,
that can go wrong is a man in the middle attack downloading ftp.html. Is
there even a hash value for ftp.html ?
-Luke
On Thu, Jan 21, 2016 at 1:18 AM, Luke Small wrote:
> The real reason I wrote this is to have an autom
The real reason I wrote this is to have an automated way to set up the
pkg_add mirrors especially for folks that don't care to set them up
manually (Afterall, that's what computers are for!). Before I wrote this, I
had a PKG_PATH mirror go down and I didn't know what was going on. At least
this cou
BSD/
> > seems to be down.
>
> +cc maintainer, could you take a look please Simon? Down for v4+v6,
> traceroute stops at informatik.gate.uni-erlangen.de (131.188.20.38 /
> 2001:638:a000::3341:41) with !A on v6.
>
> > On Tue, 19 Jan 2016 22:19:42 -0600
> > Luke Smal
< The C program is too trusting with its fixed-size buffers and unchecked
< mallocs etc, it's not something to run as root as-is.
I realize I got a little lazy with no checking the mallocs, but that is
fixed.
I wrote this to be resource-light and thorough. No half-ass bullshit. If
somebody wants
I have a 500 line program I wrote that reads openbsd.org.ftp.html and
scraps off the html and ftp mirrors, records them all without redundancies
as http mirrors in memory and downloads the appropriate version and machine
architecture's SHA256 in the package folder. It tests all the mirrors for
time
53 matches
Mail list logo
