petru.blog

By default, xterm scrolling (with the mouse wheel) doesn’t work with screen. Since screen’s scrollback buffer is so useful (I set mine to 100000 - screen is routinely the largest process on my work machine), wouldn’t it be neat if the mouse wheel scrolled through it instead? It turns out it can, just add the following to your .screenrc:

termcapinfo xterm* ti@:te@

This should work with any xterm compatible terminal, although I’ve only tested it with gnome-terminal and putty. It only deals with the scrollback as xterm saw it, so it won’t work as you expect it to after you’ve just switched screen views. Still, it’s better than nothing and extremely useful if you tend to have windows attached to the same screen view for a long time.

Well, not really. But if you’re in the tech industry you’ve surely heard about the recently discovered DNS vulnerability, and if you’re the curious type you tried to guess how it might work. Dan Kaminsky had wisely decided to postpone the full disclosure until the Black Hat conference, but it was just a matter of time before somebody figured it out. Halvar Flake just did. In short:

1. Send loads of requests for nonexistent FQDNs to a resolver you want to poison. You can do this on non-public resolvers too - just get one of their clients to load a web page you control.
2. Start spoofing responses for those nonexistent FQDNs. Make sure you include glue records in them for, say, the .com zone.
3. Wait until one of your spoofed responses matches the QID that the resolver used.
4. ???
5. Profit! The target resolver is now delegating all .com queries to you. You did set a long TTL, right?

This sounds entirely unrealistic, until you start to do back-of-the-envelope math on just how many lookups and tries you must do - a couple minutes should be enough on any modern broadband link. I suspect Kaminsky’s presentation will come complete with number magic and tools to make this very quick and straightforward.

Amusing side note: Matasano’s blog just covered this story, linking to Flake’s blog. Not only they gave a simple technical introduction/explanation of how and why it works, but they also confirmed that “the cat is out of the bag”. That wasn’t just a guess about the validity of a guess - they know for sure because they’ve spoken with Kaminsky before and confirmed that the exploit is for real: “Dan has the goods“. The amusing part? They pulled the confirmation story about 2 hours after it was published. The cat is already out of the bag, guys ;-)

This attack is truly scary, for two reasons:

1. It’s dead simple, yet extremely effective. Patching all affected resolvers will take quite a while, leaving a lot of people vulnerable in the mean time. There are certain circumstances (mainly NAT setups) in which a patched resolver can still be poisoned.
2. The patch (randomizing source ports for DNS queries - and proving that DJB was wise, not paranoid) will only work for so long. The roughly 30 bits of entropy (instead of the current 16) will last a while, but connection speeds keep increasing, not to mention the probability of somebody coming up with an even more clever attack.

Update: Kaminsky confirms and provides details. Vixie and Dagon came up with a clever hack to extend the amount of entropy in QIDs.

By far, the most frustrating thing about working at Google is not being able to talk much about the technology we use internally - especially the scale of some of the things we do. I’m really glad to see that Jeff Dean gave an interesting talk at the I/O conference and that, among other things, it has numbers! There’s a video and slides, so here you go: Underneath the Covers at Google: Current Systems and Future Directions.

Who the heck is Jeff Dean?! I hear you ask. He’s a Google Fellow (I believe that’s the highest engineering distinction you can have here), and so famous that somebody built a Chuck Norris-style “Jeff Dean facts” site for last year’s April fools. Here’s 3 of my favorite facts:

• During his own Google interview, Jeff Dean was asked the implications if P=NP were true. He said “P = 0 or N = 1.” Then, before the interviewer had even finished laughing, Jeff examined Google’s public certificate and wrote the private key on the whiteboard.
• Compilers don’t warn Jeff Dean. Jeff Dean warns compilers.
• The rate at which Jeff Dean produces code jumped by a factor of 40 in late 2000 when he upgraded his keyboard to USB2.0.

• Infocare: transformare in foca
• Ghinioane: varianta moldoveneasca pentru ardelenescul “Bine, Ioane”
• Imprastiere: rezultatul procesului prin care betivii se fac prastie
• Bizar: zar dublu
• Macel: mac mic
• Microscop: scop marunt
• Inviorat: prevazut cu vioara
• Lesina: pe unde merge “le tren”
• Meritoriu: teritoriul ocupat de livada de meri
• Rateu: pateu din carne de ratza
• Scarabeu: cetatean ce locuieste la bloc, la scara a doua; din aceeasi familie de cuvinte se cunosc scaraceu si scaradeu
• Tractor: actor cu mult trac
• Tutun: a-a-arma de-de-de a-a-artilerie
• Tzurtzur: sunetul soneriei, iarna
• Batalion: fratele mai mic al plutonierului Batal Gheorghe

• The good: hope
• The bad: distance
• The ugly: bitterness
• The plan: carry on.