[LUAU] high performance SCP/SSH

Jim Thompson jim at netgate.com
Wed Feb 20 12:24:35 PST 2008 

On Feb 19, 2008, at 1:38 PM, Kristian Erik Hermansen wrote:

> On Feb 19, 2008 11:58 AM, Jim Thompson <jim at netgate.com> wrote:
>> No, I don't.  Especially since it doesn't.
>
> And which networking stack, would you say, does?  OpenBSD prevent  
> manyth
> common and uncommon TCP, ICMP, and other protocol attacks.


> They do heavy port randomization assignment for new connections and  
> try to
> mitigate against things like ICMP path mtu discovery issues.  Are you
> familiar with these attacks? (without using google right now -- I mean
> real experience protecting against them).

Yes.   You may wish to google for the origination of the "Netgate"  
trademark (as a hint, smallworks.com was the company.)

>  I am wondering if you dare to claim FreeBSD as to having superior  
> secure networking stack :-)

Sure, I'll bring an otherwise stock FreeBSD 7.0 system, with the  
following commands run, and stack it against your OpenBSD of any  
vintage system.

sysctl -w net.link.ether.inet.max_age=1200
sysctl -w net.inet.icmp.bmcastecho=0
sysctl -w net.inet.icmp.masqrepl=0
sysctl -w net.inet.ip.sourceroute=0
sysctl -w net.inet.ip.accept_sourceroute=0
sysctl -w kern.ipc.somaxconn=1024
sysctl -w net.inet.tcp.sendspace=32768
sysctl -w net.inet.tcp.recvspace=32768
sysctl -w net.inet.ip.redirect=0
sysctl -w net.inet.ip6.redirect=0

these last two may be useful on your OpenBSD machine as well.


>> I'm sure.   (You may wish to re-parse your words here.)
>
> Right.  I meant, if there is a sniffle of an issue, OpenBSD hops on
> board to investigate, and if it is considered an issue, they try to
> fix or at least mitigate.

Do you mean to imply that, linux and FreeBSD teams do not behave  
similarly?

> Openwall Linux does much of this as well, but perhaps more of their  
> patches lie on the address
> mapping/allocation/protection side of things.

Because Theo claimed this was impossible on x86.

> You commonly see new techniques being implemented there first...
>
>> Yes, I have looked at the history of the OpenBSD stack and software
>> issues.
>>
>> That was my point.   You seem to have missed it in your fandom for
>> Theo's "groupthink".
>
> Please do explain your stance.  I don't have much fandom for guys who
> are assholes.  In fact, I met Peter Hessler in San Francisco who told
> me some funny stories about being invited to the OpenBSD sprint at
> Theo's house.  Good guy.  Good stories.  Maybe you don't know them :-)
> I am *not* an OpenBSD fanboy.  I run Linux mostly and BSD when I deem
> necessary.

> OpenBSD + amd64 + Gnome is not a good choice, I can assure you!

I'm not sure that either OpenBSD or Gnome is a good choice.   I  
covered some of this back in August on this list:

http://lists.hosef.org/pipermail/luau/2007-August/017825.html
http://lists.hosef.org/pipermail/luau/2007-August/017827.html
and, most critically:
http://lists.hosef.org/pipermail/luau/2007-August/017829.html
http://lists.hosef.org/pipermail/luau/2007-August/017834.html

Please review these and if you still wish me to "explain my  
stance" (that OpenBSD's approach is fundamentally flawed), I'll  
attempt to further euclidiate.

Lets just say it now, OpenBSD is not my <http://www.youtube.com/watch?v=hC2LAIDidis&feature=related 
 > kind of party.  (May be NSFW, depending on your company standards...)

>> While this is a true statement, a properly-constructed system
>> ('infrastructure') shouldn't be open to this type of failure.
>
> Right.  OK, build it.  Let us know when your 1.0 release is :-)

Its already been built.   Several times.  Multics and/or several  
variations of Lisp Machine.

> I'll even buy you a beer.  Building quality software, that you can  
> prove is secure/stable/non-buggy, is NP-hard...

This kind of proof is usually based on the algorithms and data  
structures. For instance, there are various proofs showing that the  
general problem of proving the correctness of programs containing at  
least two levels of pointer indirection to manipulate doubly linked  
lists is NP-hard.
Yes, its difficult, especially with 'C', but I don't see any  
mathematical evidence that the problem is in P or NP.  And I don't  
mean to rag on 'C', the problem is equivalent for any sufficiently  
expressive language, and the class of programs in that language will  
of course be NP-hard to verify in general. The point I am trying to  
make is that there are certain constructs - such as loops and pointers  
(which are supported by almost all programming languages) - that make  
the task much harder in practice, unless additional information is  
provided, such as invariants that are expected to hold.

Problems are designated "NP-complete" if their solutions can be  
quickly checked for correctness, but they are not solvable in  
polynomial time.   The problem of building provably-correct software  
is not testable for success, though Praxis get quite close to this  
goal with SPARK with a proof rate of over 90%.
Dave Crocker has pointed out that with PD he generally finds that more  
than 90% of the loops in the program are generated from specification  
constructs, thereby making them amenable to verification using  
automated reasoning. The remaining loops are written by the developer,  
and in his experience, even people experienced with formal methods  
often fail to state a sufficient loop invariant to make the proof  
possible.
So, until we get better-trained programmers, or a better constraint- 
language in which to program, the issue of building quality software  
that you can "prove is secure/stable/non-buggy" is not NP-hard, its  
completely intractable.

More information about the LUAU mailing list