Skip to content

Category: Computer Science

Disable Your Antivirus Software (Except Microsoft’s)

Robert O’Callahan explains in a blog article and an even more interesting link how Antivirus Software breaks Firefox (and many other pieces of software).

Among that horror stories such as

For example, back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes.


and many more.The advice is

Antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).

(Written on Mac OS 10.11.6, because…)

Leave a Comment

Stratus shutdown

This is in a way the opposite of the Windows Update Blues: A Stratus computer in a steel factory in Michigan is being shut down after 24 years of uninterrupted, fault-free service. The machine was installed and started in 1993 (Windows 3.1, Jurassic Park), and has been running since.

I did a talk about high availability solutions of various granularity as part of a computer science lecture on High Availability and Operating Systems some time back then, and Stratus as well as other coarse grained HA solutions were things papers were being written about at that time.

Of course, we are doing things differently these days, and

This system runs an older version Stratus proprietary VOS operating system, which Hogan believes hasn’t been updated since the early 2000s.

is no longer an acceptable thing in todays environments. So while it works, it’s still no longer viable.


Windows 10 Update Blues

In case you are frustrated by the current state of things in Mac land, and were considering trying out the all new and reformed Microsoft, which now supposedly does not suck any more: cnet provides you with a rather long article about stories of Windows 10 updating when asked not to, and at the most inconvenient times.

The article is full of stories of Windows force rebooting into an hour long upgrade while taking notes at a keynote event, while 3D printing a multi-hour job, or during a Skype hiring interview. Microsoft basically thinks their updates are more important than your work.


Google starts a root CA

A certificate as seen in a network debugger

In order to communicate securely over an encrypted channel, both parties do not just have to agree on a common set of crypto keys, they also need to prove to each other that they are who they claim to be. If they do not, it is very easy for an attacker to mount a Man in the Middle attack.

The thing that is used on the web and elsewhere to prove identity are certificates, and because no one can know all certificates, certificate authorities are acting as trusted passport bureaus of the Internet. In theory.

In practice, that did not work out so well.


Command line access to the Mac keychain

I am getting my payslips in electronic form, as an encrypted, password protected PDF. It’s not a super secret password, and the encryption is more against accidentally opening the file than it is to keep the content of the file actually secret.

After shipping the PDF home, I am archiving it for tax purposes, but in order to make the archival safe, I am storing the original file as well as the decrypted cleartext version of it. To do that, I wrote a shell script, which contained the password in a variable in clear.

Discussing that at work had a few people rejecting the storage of keys in a script in clear as a matter of principle, and the suggestion was to use the operating system key management service to hold this kind of data.

Here is how to interact with the key management of MacOS.

Leave a Comment

What data does WhatsApp collect

Hangout opens.

S: Good morning, Kris, please excuse  me. You are using WhatsApp, I presume.

If so, how are you dealing with the problem of WhatsApp uploading the address book? Ignore it? Change config? Edit address book contacts?

Why I am asking: by not using WhatsApp, I am more and more out of the loop (school, parents, sport clubs, etc). At the moment I am trying to resist, proably being the last person on Planet Earth doing that.

Kris: Just use it. ‘Complete upload of the address book’ is untrue, and uninformed bullshit, btw. WhatsApp hashes stuff, and uploads the hashes. Hashes equal -> match.”

Kris: “What does WhatsApp collect (Findings under the Personal Information Protection and Electronic Documents Act (PIPEDA) dating from 2013)

Out-of-network numbers are stored as one-way, irreversibly hashed values. WhatsApp uses a multi-step treatment of the numbers, with the key step being an “MD5” hash function. The phone number and a fixed salt value serve as input to the hash function, and the output is truncated to 53 bits and combined with the country code for the number. The result is a 64-bit value which is stored in data tables on WhatsApp’s servers.

The findings complain about that, because it is not perfect, but I personally believe that to be a pretty good compromise, making you discoverable without pasting the actual numbers all over the place.

S: Thanks, didn’t know that. Problem solved.


Mac OS 10.12 and ssh

Yeah, I know, it’s old, but I need this mostly as a memo to self: ssh key handling changed between MacOS 10.11. and 10.12.

What you probably want is the following magic in a generic Host block of your machines .ssh/config or /etc/ssh/ssh_config:

Host *
  UseKeyChain No
  AddKeysToAgent yes

This will store your SSH Keys in the agent, entering the password only once. It will not persist the keys on the machine, requiring that you authenticate and unlock the keys once after each restart.

Getting rid of persisted keys is complicated and requires some SQLite magic.

ssh-add -D -K
for f in ~/Library/Keychains/*/keychain-2.db
  sqlite3 $f "delete from genp where agrp = '';"


So Python is a beautiful language, which is also kind of slow. And the more cores you have, the worse it gets, because of the GIL in the most popular implementations.

Other languages are much better at concurrency, one of them supposedly being Go. So Geeks at Google have been pondering the problem, and came up with a Python-to-Go compiler called Grumpy. Read more about it in their blog.

In rigged benchmarks it looks awesome, and under real world load it supposedly performs quite well.

But the best part is the Logo. Which looks like this:


Leave a Comment

Shit geeks say

So the Geeks at Datacenter Dynamics quote this geek:

“With a market of more than 80 million people within a roundtrip delay of 30 milliseconds, covering all major cities of Northern Europe, the Baltic states and western Russia, Stockholm is an ideal location for cloud players and other major data center actors,” …

So how many million people are within 30ms of you? :-)

In other news, the more countries go renewable, the less they are charging for power (they may be charging for infrastructure, though). For data centers in Norway and Sweden, it appears that we are below 4 Cent/kWh now. Oh, and can we please use the exhaust heat from your computers to heat our capital, please?