I noticed that when I ran strlcpy in cc with both directly from libc and
copied from source: “with and without needing a return value”, the libc
strlcpy didn’t change the runtime, but the one from source did;
dramatically (like 50% runtime difference over a several run loop with
15-20 or so
Marc, all you all have to do is say is that you all refuse to provide it.
I was asked to at least provide evidence for correctness. I did so; and I’d
say I did a stellar job aside from getting some kind of statistical program.
The following has an attached source code for my test (along with
Perhaps it was rude sending off list stuff to the list. Your email sounded
"less than friendly" and more of a professional challenge that you were
definitely in the works to produce; much like Damien Miller’s challenge to
prove correctness. So, whatever.
Aside from that unpleasantness:
I worked
Crystal: You can prove that for random, repetitive, correct, database
record name generation using small upperbounds, the demonstrated 1/3-1/2
runtime isn’t worth it for an upperbound like 26 - 92 in a business context
that fights for every last millisecond?
Bring it.
Prove the correctness of
I appreciate your response, Damien.
I did do the bare minimum of correctness testing and it was the post right
after Guenther was congratulated on proving incorrectness:
https://marc.info/?l=openbsd-tech=165259528425835=2
The post includes software to reproduce the results.
I wrote a highly
I appreciate your response, Damien.
I did do the bare minimum of correctness testing and it was the post right
after Guenther was congratulated on proving incorrectness:
https://marc.info/?l=openbsd-tech=165259528425835=2
The post includes software to reproduce the results.
I wrote a highly
to understand if you’re familiar with bitwise stuff.
On Mon, May 16, 2022 at 5:35 PM Stuart Henderson
wrote:
> On 2022/05/16 15:13, Luke Small wrote:
> > If you’re not running a threaded program, my function wouldn’t be “less
> > safe.”
> >
> > I’d imagine that 99% of pr
ike an asshole right?
>
>
> Luke Small wrote:
>
> > If you’re not running a threaded program, my function wouldn’t be “less
> > safe.”
> >
> > I’d imagine that 99% of programs aren’t multithreaded.
> >
> > On Mon, May 16, 2022 at 1:01 PM wrote:
> &
If you’re not running a threaded program, my function wouldn’t be “less
safe.”
I’d imagine that 99% of programs aren’t multithreaded.
On Mon, May 16, 2022 at 1:01 PM wrote:
> > There is the specifically non-threadsafe call getchar_unlocked() on
> OpenBSD
> > which is presumably available for
Yeah. It most likely won't go in. From past experience and advice, not
necessarily just from a perceived lack of merit.
However, many, if not all of the arguments are based upon non-facts and
misconceptions from earlier submissions or just not understanding what the
software is doing.
The only
I’m not trying to be rude, but you don’t realize what’s going on here:
uuu is a bitmask:
‘uuu’ (or (1 << bits)-1 ) in “ret = rand_holder & uuu;“ , only puts the
lower ‘bit’ quantity of bits of rand_holder into ret, then it right shifts
rand_holder afterward to trash them every time in the loop
like yourself, realize I submitted this
later program. That’s why he said it wasn’t correct. It didn’t occur to me
at the time of responding to him: “correct correct correct.”
On Sun, May 15, 2022 at 7:47 PM Damien Miller wrote:
> On Sat, 14 May 2022, Luke Small wrote:
>
> > Look a
rrect."
...correct correct correct. Did I use that buzzword enough?
-Luke
On Sun, May 15, 2022 at 5:26 PM Philip Guenther wrote:
> On Sun, 15 May 2022, Luke Small wrote:
> > The current implementation is nothing more than a naive arc4random() %
> > upper_bound which trashes i
The current implementation is nothing more than a naive arc4random() %
upper_bound which trashes initial arc4random() calls it doesn’t like, then
transforms over a desired modulus. The whole transformation by modulus of
perfectly decent random data seems so awkward. It’s not like it is used as
a
3,000,000,000 upperbound in the src partition tonight.
On Sun, May 15, 2022 at 3:15 AM Otto Moerbeek wrote:
> On Sun, May 15, 2022 at 01:12:28AM -0500, Luke Small wrote:
>
> > This is version 1, which I was pretty sure was secure.
> >
> > I revamped it with a few features
This is version 1, which I was pretty sure was secure.
I revamped it with a few features and implanted the binary search for 'bit'
in most cases, which aren't intentionally worst-case, it's pretty darned
fast!
This is a sample run of my program with your piece of code included:
1 99319
May 14, 2022 at 05:48:10AM -0500, Luke Small wrote:
>
> > arc4random_uniform_fast2 that I made, streams in data from arc4random()
> and
> > uses the datastream directly and uses it as a bit by bit right "sliding
> > window" in the last loop. arc4random_uniform()
arc4random_uniform_fast2 that I made, streams in data from arc4random() and
uses the datastream directly and uses it as a bit by bit right "sliding
window" in the last loop. arc4random_uniform() uses a modulus which I is
simple to implement, but I wonder how cryptographically sound or even how
I made a couple new versions of a new kind of arc4random_uniform-like
function and some example functions which use them. Instead of having a
sufficiently large random number greater than the modulus, I pick a random
number using arc4random() from a bitfield where the length of the bitfield
is
https://bugs.llvm.org/show_bug.cgi?id=50026
I reported it to the llvm people. it is two slightly different quicksort
algorithms which perform radically differently. The one which you could
assume would take more time, performs MUCH better.
I made a custom quicksort algorithm which outperforms
I used the verbiage: “malloc(3)” as a general all-encompassing manpage
which includes malloc(), calloc(), freezero(), etc.
Sorry for the confusion.
> In malloc(3):
>> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
>> then
>> > multiplication in freezero() may need to be
:
> On Fri, 19 Feb 2021 10:38:13 -0600, Luke Small wrote:
>
> > In malloc(3):
> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
> then
> > multiplication in freezero() may need to be cast to size_t to avoid
> integer
> > overflow:
> >
>
> > In the manpage you could succinctly state:
> >
> > In malloc(3):
> > “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’,
> then
> multiplication in freezero() may need to be cast to size_t to avoid
> integer overflow:
> > freezero(ptr, (size_t)nmemb * (size_t)size);”
> >
);
free(ptr);
}
On Fri, Feb 19, 2021 at 12:51 AM Otto Moerbeek wrote:
> On Thu, Feb 18, 2021 at 03:24:36PM -0600, Luke Small wrote:
>
> > However, calloc(ptr, nmemb, size) may have been called using smaller int
> > variable types which would overflow when multiplied. Where
Raadt wrote:
> Luke Small wrote:
>
> > However, calloc(ptr, nmemb, size) may have been called using smaller int
> > variable types which would overflow when multiplied.
>
> In which case the allocation would not have succeeded.
> > Where if the variables
> >
(ptr, (size_t)nmemb * (size_t)size);
is guaranteed to work, but
freezero(ptr, nmemb * size);
does not have that guarantee.
On Thu, Feb 18, 2021 at 3:42 AM Otto Moerbeek wrote:
> On Wed, Feb 17, 2021 at 11:05:49AM -0700, Theo de Raadt wrote:
>
> > Luke Small wrote:
> >
>
ou'll ever reach putting freezero((size_t)nmemb * (size_t)size);
-Luke
On Wed, Feb 17, 2021 at 2:36 PM Luke Small wrote:
> if the nmemb and size values being passed to calloc() are of a larger
> integer datatype, they will have been truncated when passed to the function
> there as we
if the nmemb and size values being passed to calloc() are of a larger
integer datatype, they will have been truncated when passed to the function
there as well.
Perhaps you need something larger than size_t in the entire malloc manpage
series?
-Luke
On Wed, Feb 17, 2021 at 2:25 PM Theo de
buf[5]) << 8)
| buf[4]) << 8)
| buf[3]) << 8)
| buf[2]) << 8)
| buf[1]) << 8)
| buf[0];
}
}
On Wed, Feb 17, 2021 at 12:05 PM Theo de Raadt wrote:
> Luke Small wrote:
>
> > I g
at 11:04 AM Theo de Raadt wrote:
> Luke Small wrote:
>
> > if calloc() and recallocarray() needs nmemb and size, why doesn't
> > freezero()?
> >
> > Should there be a freeczero(size_t nmemb, size_t size) ?
>
> Performing the nmemb*size overflow detection a second time provides
> no benefit.
>
>
>
if calloc() and recallocarray() needs nmemb and size, why doesn't
freezero()?
Should there be a freeczero(size_t nmemb, size_t size) ?
-Luke
tiny logical error on line 651 in main.c
-Luke
On Tue, Jun 2, 2020 at 12:38 PM Luke Small wrote:
> with -uNp flags
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
>
>> forgot something.
>> -Luke
>>
>>
>> On Tue, Jun 2, 2020 at
tiny logical error on line 651 in main.c
-Luke
On Tue, Jun 2, 2020 at 12:38 PM Luke Small wrote:
> with -uNp flags
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
>
>> forgot something.
>> -Luke
>>
>>
>> On Tue, Jun 2, 2020 at
with -uNp flags
-Luke
On Tue, Jun 2, 2020 at 12:33 PM Luke Small wrote:
> forgot something.
> -Luke
>
>
> On Tue, Jun 2, 2020 at 12:06 PM Luke Small wrote:
>
>> I have a ftp folder diff. I altered:
>> extern.h fetch.c main.c
>> -Luke
>>
>
diff
Description: Binary data
forgot something.
-Luke
On Tue, Jun 2, 2020 at 12:06 PM Luke Small wrote:
> I have a ftp folder diff. I altered:
> extern.h fetch.c main.c
> -Luke
>
diff
Description: Binary data
I have a ftp folder diff. I altered:
extern.h fetch.c main.c
-Luke
diff
Description: Binary data
You can only tell the fastest latency for a download by testing it at your
location. It is very fast.
On Tue, Aug 23, 2016 at 5:25 AM <li...@wrant.com> wrote:
> Tue, 23 Aug 2016 09:09:38 +0000 Luke Small <lukensm...@gmail.com>
> [...]
> > It downloads the ANNOUNCEME
I had one before that read openbsd.org/ftp.html (which is insecure because
it gets sets a mirror from data from an unencrypted connection), but I
changed it to read the /etc/examples/pkg.conf file so that there is a more
secure method. I pledged it. I tried to do pledge and setuid, but a glitch
That seems a bit excessive to crash the program when all you may want to do
is track the exit of a child. Does the pledge proc flag dictate that you
can't do wait() as well?
I suspect that unless there is a solution that doesn't involve lazy new
users to memorize more complicated named mirrors, you are going to run into
this problem over and over again.
>> Raf Czlonka wrote:
>> - ftp.openbsd.org is, AFAIC, overloaded
> I haven't been following this thread fully,
the least.
-Luke
On Wed, Feb 3, 2016 at 9:12 PM, Stuart Henderson <st...@openbsd.org> wrote:
> On 2016/02/03 20:48, Luke Small wrote:
> > I suspect that unless there is a solution that doesn't involve lazy new
> > users to memorize more complicated named mirrors,
1. You can pick a mirror relatively trivially, but since I've run the
program, the fastest one isn't the one I chose manually. Also, it can
choose multiple mirrors at once, so presumably if there is a failure, it
will choose the next mirror(s) that it wrote down in pkg.conf
2. You are saying that
way to do it is by using C.
-Luke
On Fri, Jan 29, 2016 at 6:44 AM, Jérémie Courrèges-Anglas <j...@wxcvbn.org>
wrote:
> Luke Small <lukensm...@gmail.com> writes:
>
> > I wanted to use kqueue. Name another script or programming language that
> > offers it from the
I fixed the uname(1) call and replaced it with uname(3) I read the style
man page. ran the program through indent.
I ran it through sed because it reduces code complexity. Why re-engineer
the wheel?
I use C because I can use kqueue from a fresh install. You have to use
unaudited packages to use
Whoops, got rid of putting in a null character when I should have left it
in.
-Luke
/*
* Copyright (c) 2016 Luke N. Small
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and
I wanted to use kqueue. Name another script or programming language that
offers it from the base install. NONE!
Why should I write it in another language. I already did it in C. Is there
another way other than kqueue that you can wait for the ftp call to quit,
while being able to kill it if it
I think I fixed all your suggestions. I don't strictly adhere to kernel
normal in the use of comments and I parse command-line arguments without
using getopt(3), but the method is robust.
-Luke
/*
* Copyright (c) 2016 Luke N. Small
*
* Permission to use, copy, modify, and distribute this
pkg_ping [-s timeout]
[-n maximum_mirrors_written]
It scrapes each mirror's location and URL from openbsd.org/ftp.html and
tests the package repository with the version and architecture of the
machine. It kills the ftp() and sed() functions it calls from C if it takes
too long by using kqueue.
. There is
nothing that can be done to make it core dump. The only thing, I suspect,
that can go wrong is a man in the middle attack downloading ftp.html. Is
there even a hash value for ftp.html ?
-Luke
On Thu, Jan 21, 2016 at 1:18 AM, Luke Small <lukensm...@gmail.com> wrote:
> The real reaso
The real reason I wrote this is to have an automated way to set up the
pkg_add mirrors especially for folks that don't care to set them up
manually (Afterall, that's what computers are for!). Before I wrote this, I
had a PKG_PATH mirror go down and I didn't know what was going on. At least
this
< The C program is too trusting with its fixed-size buffers and unchecked
< mallocs etc, it's not something to run as root as-is.
I realize I got a little lazy with no checking the mallocs, but that is
fixed.
I wrote this to be resource-light and thorough. No half-ass bullshit. If
somebody wants
d.cs.fau.de/pub/OpenBSD/
> > seems to be down.
>
> +cc maintainer, could you take a look please Simon? Down for v4+v6,
> traceroute stops at informatik.gate.uni-erlangen.de (131.188.20.38 /
> 2001:638:a000::3341:41) with !A on v6.
>
> > On Tue, 19 Jan 2016 22:19:42 -0600
&
I have a 500 line program I wrote that reads openbsd.org.ftp.html and
scraps off the html and ftp mirrors, records them all without redundancies
as http mirrors in memory and downloads the appropriate version and machine
architecture's SHA256 in the package folder. It tests all the mirrors for
53 matches
Mail list logo
