lynx is gone?

classic Classic list List threaded Threaded
53 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Raf Czlonka-2
On Fri, Mar 06, 2015 at 02:13:59AM GMT, Theo de Raadt wrote:

> >On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
> >> >Ingo,
> >> >
> >> >On Mar 05 18:11:31, [hidden email] wrote:
> >> >> By the way, lynx(1) removal doesn't really hurt that much.
> >> >> Rotten code that will hurt more when it will finally be deleted
> >> >> includes, for example, the sqlite3(1) library and file(1).
> >> >
> >> >can you please elaborate on what's rotten in sqlite?
> >>
> >> Jan, can you please start from the other end, and provide evidence
> >> that the code is of the highest possible quality?
> >
> >Hi Theo,
> >
> >Based on the above, Jan hadn't made any such claims so no evidence is
> >required. He only asked Ingo to support *his* claim - more info, for
> >mere reference, if nothing else, would be greatly appreciated. :^)
>
> Please run something else.  You'll be happier.  Really.  You don't
> need code-fussy people around you.

I'm not unhappy with SQLite, so would genuinely like to know what's so
bad about it - it seems Jan would too. Neither Marc nor Stefan consider
SQLite *that* badly rotten - Ingo does. Jan would like to get more
information about it and so would I.

If someone makes a claim, it's only fair to ask them to support it with
examples. Now, to jump ahead of your next reply - neither Jan nor myself
made any claims.

All we would like is some reference.

If there's a better equivalent/replacement to SQLite, however, then some
more info would be greatly appreciated.

Cheers,

Raf

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

ludovic coues
2015-03-06 9:58 GMT+01:00 Raf Czlonka <[hidden email]>:

> On Fri, Mar 06, 2015 at 02:13:59AM GMT, Theo de Raadt wrote:
>
>> >On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
>> >> >Ingo,
>> >> >
>> >> >On Mar 05 18:11:31, [hidden email] wrote:
>> >> >> By the way, lynx(1) removal doesn't really hurt that much.
>> >> >> Rotten code that will hurt more when it will finally be deleted
>> >> >> includes, for example, the sqlite3(1) library and file(1).
>> >> >
>> >> >can you please elaborate on what's rotten in sqlite?
>> >>
>> >> Jan, can you please start from the other end, and provide evidence
>> >> that the code is of the highest possible quality?
>> >
>> >Hi Theo,
>> >
>> >Based on the above, Jan hadn't made any such claims so no evidence is
>> >required. He only asked Ingo to support *his* claim - more info, for
>> >mere reference, if nothing else, would be greatly appreciated. :^)
>>
>> Please run something else.  You'll be happier.  Really.  You don't
>> need code-fussy people around you.
>
> I'm not unhappy with SQLite, so would genuinely like to know what's so
> bad about it - it seems Jan would too. Neither Marc nor Stefan consider
> SQLite *that* badly rotten - Ingo does. Jan would like to get more
> information about it and so would I.
>
> If someone makes a claim, it's only fair to ask them to support it with
> examples. Now, to jump ahead of your next reply - neither Jan nor myself
> made any claims.
>

I believe Theo already told what's wrong with SQLite. His words were
"The code uses risk-prone idioms." if I'm not mistaken.

A lot of arguments advanced to keep lynx where basically "don't act
unless there is a security issue". From what I see, OpenBSD dev act against
code which might be source of issue. That's why there is so few vulnerabilities
in base. The bad code was already gone when those are found in other OS.

By the way, is there a list a common risk-prone idioms ?

--

Cordialement, Coues Ludovic
+336 148 743 42

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Raf Czlonka-2
On Fri, Mar 06, 2015 at 09:14:07AM GMT, ludovic coues wrote:

> I believe Theo already told what's wrong with SQLite. His words were
> "The code uses risk-prone idioms." if I'm not mistaken.

He had, indeed, in a reply to Marc's email - I was replying to his
earlier email so hadn't seen that one yet. Besides, initially Jan asked
Ingo to expand on the subject and it would be nice to "hear" it from him
- as I've mentioned before, Marc and Stefan weren't *that* strongly
concerned about it so, as you can see, opinions vary and it would be
still nice to know what Ingo had in mind :^)

> A lot of arguments advanced to keep lynx where basically "don't act
> unless there is a security issue". From what I see, OpenBSD dev act
> against code which might be source of issue. That's why there is so
> few vulnerabilities in base. The bad code was already gone when those
> are found in other OS.

The question was about 'sqlite' - we hadn't mentioned anything about
'lynx'. On reflection, this probably wasn't the best thread to ask more
questions, in ;^)

> By the way, is there a list a common risk-prone idioms ?

+1

Cheers,

Raf

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Marc Espie-2
In reply to this post by Jan Stary
On Thu, Mar 05, 2015 at 09:20:23PM +0100, Jan Stary wrote:
> Ingo,
>
> On Mar 05 18:11:31, [hidden email] wrote:
> > By the way, lynx(1) removal doesn't really hurt that much.
> > Rotten code that will hurt more when it will finally be deleted
> > includes, for example, the sqlite3(1) library and file(1).
>
> can you please elaborate on what's rotten in sqlite?

It is partly a cultural thingy, and a question of priorities.
The guy (guys?) who writes sqlite is a very good developer, but he
does not have security as a top priority. His top priorities are speed
and portability.

As far as I can gather, he mostly gets away with it because he is very
very good at writing algorithmic code.

Of course, when you look at his code with the mindset of the typical
openbsd developer, things appear different.
- he has lots of compatibility cruft which makes us cringe (utility functions
that supplement the libc, but without any specific concerns to use secure
apis).
- he uses idioms that we do know to be somewhat dangerous unless one is
very careful (manual length computations)
- he uses idims that somewhat negate some of the mitigation techniques the
OS provides (memory management).

All of that is the first thing people like Theo notice...

So sqlite has a basis for improvement. I haven't the faintest idea how to go
about educating its main author. Especially since there is a lot of work
to improve this code, and also because this includes breaking the API.  


Note that the same thing can be said for over 90% of the code base
that didn't originate in OpenBSD.  
Having spent more than enough time looking at external code (I'm bliiiiind!
such horrible, horrible code), I can say that sqlite is less worse than
most of the code out there (compare with glib2/3, for instance, as a case
of code where you can't figure out what goes wrong when things go wrong).
You also have to keep in mind that it's mostly a one-man team doing the
development... but yeah, it's not perfect.

if some guys with people skills want to talk to sqlite's author about changing
his ways, feel free to do so. I guess it's mostly a question of educating
him, which definitely doesn't start by saying his code is crap. :)

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Raf Czlonka-2
On Fri, Mar 06, 2015 at 10:15:30AM GMT, Marc Espie wrote:

> On Thu, Mar 05, 2015 at 09:20:23PM +0100, Jan Stary wrote:
> > Ingo,
> >
> > On Mar 05 18:11:31, [hidden email] wrote:
> > > By the way, lynx(1) removal doesn't really hurt that much.
> > > Rotten code that will hurt more when it will finally be deleted
> > > includes, for example, the sqlite3(1) library and file(1).
> >
> > can you please elaborate on what's rotten in sqlite?
>
> It is partly a cultural thingy, and a question of priorities.
> The guy (guys?) who writes sqlite is a very good developer, but he
> does not have security as a top priority. His top priorities are speed
> and portability.
>
> As far as I can gather, he mostly gets away with it because he is very
> very good at writing algorithmic code.
>
> Of course, when you look at his code with the mindset of the typical
> openbsd developer, things appear different.
> - he has lots of compatibility cruft which makes us cringe (utility functions
> that supplement the libc, but without any specific concerns to use secure
> apis).
> - he uses idioms that we do know to be somewhat dangerous unless one is
> very careful (manual length computations)
> - he uses idims that somewhat negate some of the mitigation techniques the
> OS provides (memory management).

I think this is the info Jan and myself were looking for :^)

> All of that is the first thing people like Theo notice...

Well, most of us don't - hence the very existence of misc@ ;^)

> So sqlite has a basis for improvement. I haven't the faintest idea how to go
> about educating its main author. Especially since there is a lot of work
> to improve this code, and also because this includes breaking the API.  
>
>
> Note that the same thing can be said for over 90% of the code base
> that didn't originate in OpenBSD.  
> Having spent more than enough time looking at external code (I'm bliiiiind!
> such horrible, horrible code), I can say that sqlite is less worse than
> most of the code out there (compare with glib2/3, for instance, as a case
> of code where you can't figure out what goes wrong when things go wrong).
> You also have to keep in mind that it's mostly a one-man team doing the
> development... but yeah, it's not perfect.
>
> if some guys with people skills want to talk to sqlite's author about changing
> his ways, feel free to do so. I guess it's mostly a question of educating
> him, which definitely doesn't start by saying his code is crap. :)

I guess it's not only the people skills but a combination of both that
*and* great coding skills - the two do not necessarily go hand in hand :^P

Marc, thank you for taking the time to elaborate.

Best regards,

Raf

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Thomas Schmidt
In reply to this post by Theo de Raadt
On Thu, Mar 05, 2015 at 08:03:36PM -0700, Theo de Raadt wrote:

> >On Thu, Mar 5, 2015 at 9:32 PM, Theo de Raadt <[hidden email]>
> >wrote:
> >
> >>
> >> Never know.  OpenBSD is not generally known as an exposed democracy.
> >>
> >
> >This made me chuckle out loud :)
>
> Well, it makes me laugh out loud too.
>
> We are succesfully making good software, using a scheme called
> undemocratic.
>
> How un-American of us.
>
> Laughing again?  You must be a terrorist.
>

I'm sure someone already made this joke, but here it goes:
You could pretty much call this system a Theocracy.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Ingo Schwarze
Hi Thomas,

Thomas Schmidt wrote on Fri, Mar 06, 2015 at 03:30:56PM +0100:
> On Thu, Mar 05, 2015 at 08:03:36PM -0700, Theo de Raadt wrote:
>> somebody wrote:
>>> On Thu, Mar 5, 2015 at 9:32 PM, Theo de Raadt wrote:

>>>> Never know.  OpenBSD is not generally known as an exposed democracy.

>>>This made me chuckle out loud :)

>> Well, it makes me laugh out loud too.
>>
>> We are succesfully making good software, using a scheme called
>> undemocratic.
>>
>> How un-American of us.
>>
>> Laughing again?  You must be a terrorist.

> I'm sure someone already made this joke, but here it goes:
> You could pretty much call this system a Theocracy.

With the subtle difference that gods usually suffer from a nasty
habit of messing with everything, are obsessed with wanting to know
everything, and voluntarily misdesign the system to be essentially
incomprehensible by mortals - while Theo doesn't mess with what he
doesn't understand but instists that each part be as easy to
understand as possible, even where he doesn't personally spend the
time to do so.

Besides, parts of OpenBSD could more fittingly be descibed as
marcracies, miocracies, jasocracies, matthieucracies, kencracies,
nicracies, and so on.  As a matter of fact, there are at least two
distinct nicracies, twice as many as theocracies.

In german, you would call that eine Machtfrage:  Wer macht's?

;-)
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Jason Adams
In reply to this post by Raf Czlonka-2
On 03/05/2015 02:13 PM, Raf Czlonka wrote:

> On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
>>> Ingo,
>>>
>>> On Mar 05 18:11:31, [hidden email] wrote:
>>>> By the way, lynx(1) removal doesn't really hurt that much.
>>>> Rotten code that will hurt more when it will finally be deleted
>>>> includes, for example, the sqlite3(1) library and file(1).
>>> can you please elaborate on what's rotten in sqlite?
>> Jan, can you please start from the other end, and provide evidence
>> that the code is of the highest possible quality?
> Hi Theo,
>
> Based on the above, Jan hadn't made any such claims so no evidence is
> required. He only asked Ingo to support *his* claim - more info, for
> mere reference, if nothing else, would be greatly appreciated. :^)
>
> Cheers,
>
> Raf
>

Agreed, asking someone to prove a negative (no possible bugs) is an impossibly high
standard to expect of someone, and probably NOT one that Theo would
want to impose on any project, including Openbsd.

Its far easier for Ingo to cite the already discovered list of bugs and faults that caused
the the removal of lynx..

That being said:
It seems to me that the quoted text in your message suggests to me that Ingo was asking for
specifics about the quality of sqlite.  That seems like a reasonable request to me.


--
Those who do not understand Unix are condemned to reinvent it, poorly.

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Theo de Raadt
In reply to this post by Bob Eby-2
> That being said:
> It seems to me that the quoted text in your message suggests to me that
> Ingo was asking for specifics about the quality of sqlite.  That seems
> like a reasonable request to me.

Discussing something does not change it.

A review of libsqlite source code will demonstrate that it is written
using many old practices of coping with "older systems".  Many of the
same techniques that caused unneccessary risk in OpenSSL.  I'm not
bringing up OpenSSL for drama.  When software uses many practices to
support .01% of users, the other 99.9% of users accumulate those risks
too.  Those kinds of coding practices are widespread in many
codebases, which sometimes have unfortunately risen to the top of the
pack of choice.  Unfortunately many such projects lack developer
bandwidth or initiative for re-evaluation and moving to newer
practices.  This is not a condemnation, just an observation.

In general OpenBSD has avoided such upstream software packages.
Another example here is unbound and nsd, which do not use the kernel
random-port selection mechanism.  Instead, it uses a portable method
for random port selection, which comes with some significant
downsides.  Upstream software sometimes comes with downsides.  Can't
help it, and often we fork.

But this really is not a mailing list of people who read the actual
source code, is it...  so what was the discussion about again?  Simple
"I want something you don't give me" rage?

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Worik Stanton
In reply to this post by Raf Czlonka-2
On 06/03/15 22:29, Raf Czlonka wrote:
>> By the way, is there a list a common risk-prone idioms ?
> +1

https://duckduckgo.com/?q=%22common+risk-prone+idioms%22&t=canonical

"common risk-prone idioms" appears only here.

Interesting concept, and would be illuminating to expand on

W

--
Why is the legal status of chardonnay different to that of cannabis?
       [hidden email] 021-1680650, (03) 4821804
                          Aotearoa (New Zealand)
                             I voted for love

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Worik Stanton
On 07/03/15 11:59, worik wrote:
> On 06/03/15 22:29, Raf Czlonka wrote:
>>> By the way, is there a list a common risk-prone idioms ?
>> +1
>
> https://duckduckgo.com/?q=%22common+risk-prone+idioms%22&t=canonical
>
> "common risk-prone idioms" appears only here.
>
> Interesting concept, and would be illuminating to expand on

Sigh!  If I had read *all* the thread before replying I would have seen
some illumination.  Nice....

W


--
Why is the legal status of chardonnay different to that of cannabis?
       [hidden email] 021-1680650, (03) 4821804
                          Aotearoa (New Zealand)
                             I voted for love

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Raf Czlonka-2
In reply to this post by Jason Adams
On Fri, Mar 06, 2015 at 06:29:13PM GMT, Jason Adams wrote:

> Agreed, asking someone to prove a negative (no possible bugs) is an
                                    ^^^^^^^^
That's *positive*, isn't it?

> impossibly high standard to expect of someone, and probably NOT one
> that Theo would want to impose on any project, including Openbsd.
>
> Its far easier for Ingo to cite the already discovered list of bugs
> and faults that caused the the removal of lynx..

We weren't talking about 'lynx'.

>
> That being said:

> It seems to me that the quoted text in your message suggests to me
> that Ingo was asking for specifics about the quality of sqlite.  That
> seems like a reasonable request to me.

Ingo wasn't asking - he was *being* asked.

Please re-read the thread.

Raf

Reply | Threaded
Open this post in threaded view
|

Re: lynx is gone?

Raf Czlonka-2
In reply to this post by Worik Stanton
On Fri, Mar 06, 2015 at 11:01:50PM GMT, worik wrote:

> On 07/03/15 11:59, worik wrote:
> > On 06/03/15 22:29, Raf Czlonka wrote:
> >>> By the way, is there a list a common risk-prone idioms ?
> >> +1
> >
> > https://duckduckgo.com/?q=%22common+risk-prone+idioms%22&t=canonical
> >
> > "common risk-prone idioms" appears only here.
> >
> > Interesting concept, and would be illuminating to expand on
>
> Sigh!  If I had read *all* the thread before replying I would have seen
> some illumination.  Nice....

It's usually a good idea to read the whole thread to which one is about
to reply :^)

Raf

123