Here you'll find my notes on life, research, and whatever else tickles my fancy.

efisame: Next Boot, Same as This Boot

Thu 12/10/15   16:18  in  technical

Multi-booting is a widely-used practice that enables a user to select the OS best suited for their current task. For example, I dual-boot Windows and Linux on my laptop which allows me to get the best of both worlds on the same machine.

I’ve encountered a minor pain point in this setup however, largely due to the way I tend to use my machine: once I boot a particular OS I continue to use that same OS repeatedly and expect reboots/shutdown/startup to continue to use the last OS I booted. This is especially true of reboots, for example after installing system updates.

Traditionally I addressed this by setting the default boot to my most-frequently-used OS, but really that is just optimizing for the common case and not solving the issue. Additionally, I’ve recently started using Windows more and am annoyed having to remind my machine what OS I’m using.

So, today I sat down and put together a simple little utility to fix this properly once and for all.

Read Full Post

IOC Journal Edition: Highlights

Mon 12/07/15   15:33  in  integer

I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++”, appearing in TOSEM Volume 25 Issue 1. This is an updated and expanded version of our ICSE12 paper of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.

Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.

Read Full Post

Freenode SASL Upgrade: Irssi HOWTO

Mon 01/05/15   12:25  in  technical

The freenode IRC network has for a long time supported connecting and automatic identification using SASL.

Recently, the freenode network deprecated the commonly used SASL mechanism DH-BLOWFISH due to security concerns, causing my IRC client (irssi) to no longer be able to authenticate.

Unfortunately, while scripts and guides describing using irssi with DH-BLOWFISH are plentiful, it seems the steps required to use the new preferred ECDSA-NIST256P-CHALLENGE method are not yet documented.

Read on for a step-by-step walk-through of configuring irssi to use SASL with freenode in 2015.

Read Full Post

Mysterious Lag Spikes and Faulty Switches

Thu 01/23/14   12:06  in  technical

My residential internet experience has always been poor, so when I started observing bizarre network behavior a few months back I attributed it to upstream problems and wrote it off with a sigh. The issue persisted however, so over the winter break I decided to sit down and tackle it once and for all.

Tracking down the source of the issue was an interesting adventure, and ultimately the problem was in the last place I thought to check: a pair of TEG-S80g unmanaged gigabit switches made by TRENDnet.

Do not buy! :)

Details follow.

Read Full Post

Catching pointer overflow bugs

Mon 11/18/13   18:05  in  technical

In all varieties of C/C++, pointer arithmetic is undefined if it overflows. That is to say the following example:

void invalid(char *p) {
  char *q = p + 1;
  printf("%p\n", p - (uintptr_t)q);

invokes undefined behavior as it causes the pointer value to wraparound to the equivalent of -sizeof(char), which is 0xffffffffffffffff on my 64bit system.

Unlike integer overflows which can be dangerous or benign regardless of intention (ICSE12), pointer overflows are very unlikely to be intentional and may be the source of a more serious bug resulting in incorrect behavior or program crashing.

Read Full Post