#qi-hardware IRC log for Friday, 2014-06-06

nicksydneyMy C is rusty...refreshing pointer is really painful :(01:53
kyakjust wait for whitequark, he'll point ya :)03:42
wpwraknicksydney: soo .. no new troubles were found ? that's almost disappointing - i must have screwed up somewhere :)04:54
wpwrakmost hated X11 message: "Maximum number of clients reached"04:58
nicksydneyhow to find the code for klogctl .. looking inside glibc can't find it :(05:45
nicksydneyany idea ?05:45
nicksydneyWHY is it have to be soooo hard to find a frinkin' code05:45
wpwrakhmm, more heartbleed. time to update the packages. soon a daily cron job will make sense ..11:11
larscjust disable ssl11:16
wpwrakreturn to telnet :)11:18
wpwrak(and the protocols of that era)11:18
larscnow is your chance to invent the facebook of gopher11:25
wpwrakprivatebook - not using insecure SSL :)11:38
wpwrakoh, overlooked two posts on the list ..11:40
sb0the twitter of finger11:41
larscusing the way back machine makes this sound as if it was 10 years ago12:06
wpwrakfingerbook - transient bookmarks ?12:15
wpwraktwitter and finger are harder to mix in common language, though12:16
nicksydneycan anelok sing with this http://www.ebay.com/itm/New-XS3868-Bluetooth-Stereo-Audio-Module-OVC3860-Supports-A2DP-AVRCP-/161314794017?pt=LH_DefaultDomain_0&hash=item258f1c6a21  :) 12:19
ysionneaunot sure anelok will implement A2DP or AVRCP profiles ;)12:20
ysionneauoh and btw A2DP or AVRCP are not part of BLE12:21
ysionneauBLE is just for very low power low throughput stuff12:21
ysionneauso no media streaming12:21
ysionneauyou need bluetooth 2.1 or 3 or 4 for these profiles12:22
nicksydneyoh no ... so will never hear Anelok sing ever ! :(12:22
ysionneausorry :/12:22
nicksydneyneat idea https://www.kickstarter.com/projects/1842571016/piconsole-anywhere-console-for-raspberry-pi :)12:22
larscnicksydney: you really need to get a twitter (or a thimbl)12:23
nicksydneylarsc: nah too old fashion twitter...should get twitIRC :)12:23
ysionneauover COM over BLE12:24
wpwrakand no audio peripherals in anelok :)12:28
wpwrak(COM, etc.) 110 bps teletype12:29
nicksydneyi don't understand why people are so excited when they can do programming in a microcontroller such as Cortex-M series using Javascript or .Net ? 12:57
wpwrakbecause they won't have to live with the confusing fact that some C on a cortex runs faster than their junk on the PC that's supposed to be 1-2 orders of magnitude more powerful ...13:01
nicksydneyhmm....still not convincing to write in JS though13:03
ysionneauwell, for some use cases you prefer python rather than C, right?13:07
ysionneausome people are very much more productive in python or JS than in C13:07
ysionneaufor string manipulations for instance13:07
ysionneauso I can understand some people would like to be able to write code for uC in python or JS or some language like that13:08
ysionneauwhich is "easy" to write13:08
ysionneauand moreover it's cool to be able to play with the interpreter interactively13:08
sb0because C is a pain?13:09
sb0even the problem of concatening strings doesn't have a proper solution with that crap language13:10
whitequarkbecause C is a truly terrible language13:10
whitequarkRust is as powerful (for wpwrak: performant) as C, it's not shit, and "Ruby hipsters" are somehow pretty fine with it13:10
ysionneauis Ruby still a hipster language ?13:11
ysionneauI would imagine that hipsters would be on to something new and shiny now :)13:11
sb0define: "hipster language"13:11
ysionneaua language which attracts hipsters?13:11
whitequarkmeh, doesn't matter. what I mean is, the fact that C is hard to use and the fact that its compiler can produce tiny/fast binaries are orthogonal13:12
sb0well, anything can attract hipsters...13:12
ysionneauespecially when it's "new"13:12
ysionneauand has nice features for rapid development like scaffholding13:12
ysionneaueven if it's usually more a demo stuff than anything else13:13
sb0I wonder how much a hardware memory manager (malloc/gc) would make sense13:17
sb0with safe pointers13:18
whitequarksb0: but you don't *need* hardware to hold your hand there...13:18
sb0yes, you can have a VM of course, but it's slow13:19
sb0I know JIT makes it faster13:19
whitequarkhave you seen how Rust solves the problem?13:20
whitequarkyou don't need a VM to get memory safety13:20
wpwrakysionneau: for string-heavy stuff, i use perl. better syntax :)13:41
whitequarkso if you want to have systems software that intensely manipulates strings--say, any old-days protocol, like SMTP or IMAP, ever--you're fucked13:42
wpwrakwell, in this case i have to make a little extra effort. like write a string lib for C. or reuse one i've already written. depends on the task. didn't need heavy string-processing for a while.13:44
whitequarkyou should review one day the history of remotely exploitable vulnerabilities for FTP servers, mail servers, DNS servers (especially BIND), ...13:44
wpwrakmost of my programs are the batch type: read all inputs, process, spit out results.13:45
whitequarkevery single one RCE in them could not exist if it was written in a memory-safe language13:45
whitequarktell me again how C is a good systems language13:45
wpwrakoh, i grew up with ftp exploits ;-)13:45
wpwrakif you need to do things with strings that make you uncomfortable, encapsulate the tricky functions. just like your critter does somewhere, too.13:46
wpwrakif you don't feel up to the task of making your own abstractions, look for some library that does it for you and learn that library13:47
whitequarkno amount of encapsulation will save you from use-after-free (for example)13:47
wpwraki find it more convenient to just adapt to the situation, exploit the sweet spots13:47
whitequarkor in other words, accidental incorrect usage of the API of that library which the compiler won't find13:48
whitequarkbesides, your advice is irrelevant. I certainly admit it is *possible* to write secure code in C13:48
wpwrakif you're terminally afraid of free, then don't use it in your code. encapsulate it and add run-time checks as needed13:48
whitequarkbut in practice this mostly doesn't happen13:48
ysionneau15:41 < wpwrak> ysionneau: for string-heavy stuff, i use perl. better syntax :) < *chockes*13:48
whitequarkno amount of encapsulation or runtime checks or even code reviews saved openssl from being a piece of shit13:49
whitequarkit did everything you said13:49
wpwrakperhaps the main problem of C is that it encouraged unwarranted confidence13:49
whitequarkyou could describe it like that, yes.13:49
wpwrakand no, openssl still exposed too many low-level things. if you want such abstraction, you have to be consistent13:50
whitequarkhardly changes the consequences, which are: if you want to exploit a Linux system, you can13:50
whitequarkremotely, locally, pick whatever you like13:50
wpwrak(too many) in relation to the quality of the review process and coding standards13:50
wpwrakthere are many ways to make your code secure, but you have to be consistent13:51
wpwrakbtw, the "new heartbleed" is also from the same author. i guess his commits will come under very close scrutiny now13:52
ysionneaulatest changelog showed how many security issues? 6?13:52
ysionneaucrazy :o13:53
whitequarkyou'll also find that he isn't a particularly bad coder (or much less an NSA agent)13:53
wpwrakwhich means that he's either losing a job, or he'll learn a lot about himself ;-)13:53
whitequarkjust a regular C guy13:53
whitequarkoh oh13:53
wpwraklet's see what they find13:53
whitequarkwpwrak: http://pastebin.com/uFF9LsFg13:54
whitequarkugh, paste removed13:54
wpwrakthere are certain very fundamental coding practices that can help you a lot. like making small functions that do one thing and do it correctly13:54
wpwrakso the heartbleed copying should have been one such function. it would have stuck out immediately.13:55
whitequarkthere is also a very fundamental coding practice that eliminates *all* memory-safety bugs, which is strictly better than what you suggest...13:55
wpwrakthe tendency to write long functions doing a ton of things is either laziness, ignorance, or some bad habits learned from C++13:55
wpwrakC++ being a much inferior language to C13:56
whitequarkit's also hilarious that you crap on C++ while it helps quite a bit with encapsulation that you like so much13:56
whitequarkand factoring common code out13:56
whitequarkif you omit about 99% of C++, you can write good code in it :p13:57
ysionneauto me C++ code is very hard to follow, but I don't have much experience with it so it might be the reason13:57
wpwraknothing wrong with OO techniques. but you don't need new languages for that, C handles them just fine as well13:57
whitequarkactually, there's a lot of things wrong with OO techniques. the advantages of using C++ lie elsewhere13:57
ysionneauGood old friday troll is coming :) I feel it13:58
wpwrakC++ encourages poor style. first, it's very hard to determine what your classes really contain. second, you can't break down methods like you break down functions, leading to monster methods.13:59
sb0(new heartbleed) http://underhanded.xcott.com/?page_id=2 ? :)13:59
wpwrakOO should be used sparingly, where it makes sense. in C++, you feel obliged to use it for everything. hence bad code.14:00
wpwraksb0: i see a lifetime achievement award ;-)14:00
whitequarkwpwrak: since you're so good at C, can you find a bug here, which makes the KDF nearly useless? http://pastebin.com/gYMLpVSe14:09
wpwraklooks correct, C-wise, though not fully defined. there's also an unfortunate mixing of sizes as constants and open-coded numbers14:20
wpwrakbtw, if you want proper type safety for arrays, put them in a struct14:21
wpwrakit's of course not strictly portable, but i don't think there are any real platforms with pointers > 128 bits yet. you may want to add an assert, though.15:44
whitequarkwpwrak: it's not correct15:45
whitequarkit's critically wrong, and any code using it would be terribly insecure15:45
wpwrakas long as your pointers are short enough, it will run fine15:45
whitequarkthere's no undefined behavior there, true15:46
wpwrakand yes, it's obviously not very secure. especially not on machines with small word sizes15:46
whitequarkbut it is not correct and you only have to know C to determine why15:46
whitequarksmall word sizes, hm?15:46
whitequarkwhat about them?15:47
wpwrakbecause of sizeof(pointer)15:47
whitequarkyeah, that's the bug15:47
whitequarkshould've used AES128_KEY_LEN there15:47
wpwrakor a struct, as i suggested :)15:49
wpwrakarrays as arguments are generally not a good idea15:49
wpwrakhmm, is it really necessary to have two chokes on the earpiece ?16:08
wpwrakor sorry, wrong channel :)16:10
wpwrak(trying to decode the n900 design)16:10
whitequarkhmm, for my pump I bought a 3A adjustable SMPS for ~$2516:38
whitequarkdecided it's more economically efficient to not make one myself16:38
whitequarkbased on some Linear thingy... let me look at it16:38
whitequarkhmmm, apparently nothing bonds to HDPE, fascinating17:49
whitequarkahahaha, "SMPS" that gets hot at 300mA@6V19:03
whitequark50°C in TO-220 (except with 5 legs) at 1.8W input power19:04
whitequarkoh wait, it's 300mA@27V, that explains things19:04
Action: whitequark is having fun with the camera: http://i.imgur.com/O4ZTENX.jpg19:31
kyakthanks god, it's not mirror :)19:51
larscwere you expecting selfies with sepia filters?19:53
Action: whitequark is offended19:55
kyakwhitequark: i'm just kidding --)19:56
whitequark(I'm not really offended)19:57
DocScrutinizer05nasty choke20:01
whitequarkwhat about it?20:02
DocScrutinizer05well, it's "open"20:02
DocScrutinizer05kinda, yes20:02
whitequarkEMI, rather20:02
DocScrutinizer05it's prolly for "DC", right?20:03
whitequarkit's DC-DC20:03
whitequark0~40 to 0~3720:03
DocScrutinizer05yeah, so you can conveniently check for current with a analog Hall-sensor ;-P20:03
whitequarkhm, noticed I have nothing to gate its input with... damn20:04
whitequarkneed a tiny SSR there20:04
DocScrutinizer05and with a secondary coil nearby you can check for noice and hum on the DC20:04
whitequarkor not even SSR actually, any relay would work.20:04
whitequarkalthoooough not actually, no, a regular relay will get its terminals fused shut20:05
whitequarkwhile disconnecting 1A flowing through a massive inductor20:06
whitequark(the motor)20:06
whitequarkO_O fuck, SSRs are expensive20:07
DocScrutinizer05yep, with a proper mosfet you're better off20:15
whitequarkcheapest relay I can find is... $520:16
whitequarkwell. hm.20:17
whitequarkand any inductive loads are conspicuously absent from relay datasheet20:20
whitequarkI bet the contacts *will* get fused20:20
whitequarkcontact material claimed AgNi 90/1020:21
whitequarkhm, that should work ok20:21
DocScrutinizer05you shouldn't switch inductive loads with a relay, unless you use a clamp diaode20:44
DocScrutinizer05or alternatively an RC spark extinguisher20:45
DocScrutinizer05you said it's DC. Great for R-C20:46
DocScrutinizer05R rated for not exceeding relay's max I on contact-close, C dimensioned to not exceed charging to voltages > say 100V during the time the contact needs to open, on nominal load of your motor or whatever20:49
DocScrutinizer05I.E when you have 1A and the contacts need 50mS to completely open, then your C shouldn't charge to >100V in 50ms with 1A current20:50
DocScrutinizer05R needs to limit current to < say 2A (max current according to datasheet of your relay), at 40V20:51
--- Sat Jun 7 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!