x86

Buffer overflows explained

Dave Farquhar security , , , , , , , , , , ,

Buffer overflows are a common topic on a Security+ exam. The textbook explanation of them is confusing, perhaps even wrong. I’ve never seen buffer overflows explained well.

So I’m going to give a simplified example and explanation of a buffer overflow, similar to the one I gave to the instructor, and then to the class.

Read more

Better upgrade advice

Dave Farquhar Hardware , , , ,

PC Magazine has a feature about inexpensive PC upgrades. There’s some good advice there, but some questionable advice too. Since I really did write the book on free and inexpensive upgrades, I’ll present my own advice (but I’ll skip the pretty pictures).Hard drives

The best upgrade they didn’t mention is replacing the hard drive. I’ve been squeezing extra life out of old systems for years by taking out the aging drives and replacing them with something newer and faster. The trick is figuring out whether the drive is the old-style parallel ATA (with a 40- or 80-conductor cable) or newer SATA. If you can afford it, it makes sense to upgrade to a SATA controller so you can use a more modern drive. Newer drives are almost always faster than older drives if only because the density of the data is always increasing. If a drive stores twice as much data in the same linear space as an old one, it (roughly) means it will retrieve the data twice as fast, assuming the disk spins at the same speed (and it may spin faster). You can go all the way up to the 10,000 RPM Western Digital Raptor drives if you want, but even putting a mid-range drive in an old PC will speed it up.

Some people will point out that a new drive may be able to deliver data at a faster rate than an old controller in an old PC can handle. I don’t see that as a problem. There’s no drive on the market that can keep a 133 MB/sec bus saturated 100% of the time, and the old drive certainly isn’t. Even if your older, slower bus is the limiting factor some of the time, you’re still getting the benefit of a newer drive’s faster seek times and faster average data transfers.

While replacing a hard drive can bust an entire $125 upgrade budget in and of itself, it’s still something I recommend doing. Unless your system is really short on memory or you’re heavily into gaming, the hard drive is the best bang for your upgrade buck.

Memory

The other point I disagree with most strongly is the memory. There’s very little reason anymore to run a system with less than 1 GB of RAM. As a system becomes more obsolete, memory prices go up instead of down, so it makes sense to just install a ton of memory when you’re upgrading it anyway. If you need it later, it will probably cost more.

The caveat here is that it makes very little sense to install 4 GB of RAM, since the Intel x86 processor architecture reserves most of the 4 GB block for system use. If you install 4 GB of RAM, you really get more like 3.2 or 3.5 GB of usable memory unless you’re running 64-bit Windows. I don’t recommend going 64-bit yet. When it works, it works well. Unfortunately there’s no way to know if you’ll have good drivers for everything in your system until you try it. I wouldn’t go 64-bit until some popular software that requires (or at least takes really good advantage of) 64 bit arrives. The next version of Photoshop will help, but I think the thing that will really drive 64-bit is when id software releases a game that needs it. Until then, hardware makers will treat 64-bit Windows as an afterthought.

I usually put 2 GB of RAM in a system if it’ll take that much. If you do a lot of graphics or video work, more is better of course. For routine use, 2 GB is more than adequate, yet affordable. If a system won’t take 2 GB, then it makes sense to install as much as it will take, whether that’s 1 GB or 512 MB. If a system won’t take 512 MB, then it’s old enough that it makes sense to start talking replacement.

Outright replacement

Speaking of that, outright replacement can be a very practical option, especially if a system is getting up in years. My primary system is a 5-year-old office PC. Take a 2-ish GHz P4 or equivalent (current market value: $75-$125), load it up with 2 GB of RAM and a moderately fast hard drive, and you’ll have a better-built system than any $399 budget PC on the market. It will probably run as fast or faster, and it will cost less.

I have two PCs at the office: a 3 GHz Pentium D, and a 2.6 GHz Core Duo. Both have 2 GB of RAM. They theoretically encode MP3s faster than my home PC and would make better gaming PCs than my home PC (ahem), but for the things I do–namely, web browsing, spreadsheets, word processing, e-mail, and the occasional non-3D game–I can’t tell much difference between them. The System Idle Process gets the overwhelming majority of the CPU time on all of them.

Other upgrades

The other things discussed in the article can be worthwhile, but faster network cards won’t help your Internet speed. If you routinely copy huge files between multiple PCs, they help a lot, but how many people really do that on a regular basis?

Fast DVD burners are nice and they’re inexpensive, but if you needed one, you’d know it. If you don’t know what you’d do with one, skip it. Or if you have an older one that you use occasionally, you probably won’t use a faster one any more often.

For $60 you can get a decently fast hard drive, and that will do a lot more for overall system performance than either a network card or DVD burner upgrade.

The video card is a sensible upgrade under two circumstances: If you’re using the integrated video on your motherboard, or if you play 3D games and they feel jerky. If neither of those describes you, skip the video card upgrade.

Free upgrades

The article describes CHKDSK as a “low level defrag.” That’s not what CHKDSK does–it checks your drive for errors and tries to fix them. If your drives are formatted NTFS (and they probably are), routinely running CHKDSK isn’t going to do much for you. If you run CHKDSK routinely and it actually says it’s done something when it finishes, you have bigger problems and what you really need is a new hard drive.

If you want to defragment optimally, download JK-Defrag. It’s free and open source, and not only does a better job than the utility that comes with Windows, but it does a better job than most of the for-pay utilities too.

The first time you run it, I recommend running it from the command line, exactly like this: JkDefrag.exe -a 7 -d 2 -q c:. After that, just run it without any options, about once a month or two. (Running more often than that doesn’t do much good–in fact, the people who defragment their drives once a day or once a week seem to have more problems.) Run it with the options about once a year. Depending on what condition your system is in, the difference in performance after running it ranges from noticeable to stunning.

Microsoft buys and then discontinues Linux/Unix antivirus products

Dave Farquhar Servers and Networking , , , , ,

First GeCAD, now Sybari.

Microsoft has been buying smaller anti-virus firms and discontinuing their Linux and Unix product lines.

Trust, schmust. When your god is Big Business, that means Big Business can do no wrong, so when you’re the U.S. government, you let companies like Microsoft do whatever they want. The problem is that Unix antivirus products are extremely useful, especially in Microsoft shops. Unix viruses are rare, and the heterogenous nature of Unix–never knowing much about the underlying hardware, binary incompatibilities between various dialects even when running on the same hardware, and never knowing for certain which libraries are installed–creates a hostile environment for viruses anyway.

So what good is a Unix server that detects viruses that can’t survive in Unix anyway? It makes a great buffer between the hostile world and the soft and chewy Windows boxes inside corporate firewalls, that’s what.

I love to put Unix boxes in between the world and mail servers that may be running Windows. Just set it up to relay mail to your Exchange or Domino server, but have it scan the mail first. Better yet, have it running on weird hardware. A slightly elderly Macintosh or Alpha or Sun box works great. Since the Intel x86 instruction set is the most common, most buffer overflows use it. While non-x86 processors aren’t immune to buffer overflows, an overflow using x86 instructions will appear to be gibberish and it won’t run. It’s like telling me a lie in Japanese. You won’t fool me with the lie, because I don’t speak Japanese, so I won’t understand a word you’re saying.

Fortunately, there are still antivirus products for Unix and Linux out there. And once Microsoft establishes its antivirus product, it will be more difficult–I hope–for it to simply continue buying antivirus firms and discontinue their products, since now they would be buying off competitors, rather than just attempting to acquire technology that they don’t have the ability to develop internally.

And even if they do buy and discontinue everything, there’s always ClamAV.

Can Google compete with Paypal?

Dave Farquhar net.culture , , , , ,

There are reports in the news today that Google may launch a Paypal-like service. Most are questioning whether Google can compete with Paypal, which boasts 72 million users.

I believe the answer is yes.Here’s why. I buy a lot of stuff on Ebay. Lately I’ve been selling too, and since the initial effort was reasonably successful, I’m going to start listing more things.

I’ll be listing for the same reason lots of people do. It’s funny how much stuff becomes redundant once you get married and your spouse moves in, and it’s cheaper than having a garage sale and you’ll usually get better prices. And, besides, for the past six weeks or so I’ve been a bit shorter on cash than I’d like to be.

Online payment systems work because a lot of people don’t want to mess with checks. It’s a pain to write a check and it’s a pain to cash one, and nobody likes waiting the 7-10 days it takes for one to clear. Money orders and cashier’s checks eliminate the waiting period, but they’re a pain for the buyer, who has to go visit the bank during working hours and pay a couple of dollars, or you have to visit the ATM and then find a convenience store that sells money orders, and pay a couple of dollars. It wastes a lot of time. And if you’re buying a $100 item, you probably don’t care about the couple of dollars, but you sure do if you’re paying for a $2 item.

The reason 72 million people use Paypal is because it’s better than dealing with checks or money orders. But it doesn’t take much.

Read through some Ebay listings though, and you’ll find lots of people who don’t take Paypal. The reasons vary, but the people who don’t like Paypal really don’t like it. Those people tout Western Union or Bidpay as alternatives, but those in reality are just an online venue to buy a money order. It saves you hopping in the car. Again, on an item whose price requires three or more digits, you probably don’t care. But they’re horrible for small transactions.

Since Paypal is so widely used but so widely disliked, there’s lots of room for a competitor.

From what I can tell, sellers of merchandise don’t like Paypal because it’s free for the buyer, but big-time sellers take a hit. (People like me who sell casually don’t.) The hit seems to vary, but resellers seem to like to tack 60 cents onto the cost of the transaction when I use it. I generally pay it, since 60 cents is a lot less than it would cost for me to use another online payment service or to buy a money order, and it’s not much more than it would cost me to mail a check.

So it seems to me that there are at least two ways for Google to compete. I’m sure they’ve done some market research on what people dislike about Paypal and they’ve looked into what they can do to provide better service. Obviously one approach they could take would be to simply charge less money.

A second possibility would be for Google to endear itself to the seller by placing the financial burden on the buyer. Charge the buyer, say, a percentage of the transaction cost, with a maximum cap of somewhere around the cost of a postage stamp. Sellers would gladly accept it if it didn’t cost them anything. Buyers won’t like it as much as Paypal since it’s not free for them, but it would give the instant gratification of Paypal while costing about as much as mailing a check. And besides, it’s the seller who sets the terms of the transaction. If the buyer doesn’t like it, the only choice is to not bid.

I believe that sellers who don’t accept Paypal are putting themselves in the same position as a brick-and-mortar store that doesn’t accept credit cards, and sometimes I’ve gotten some real bargains precisely because the seller only accepted money orders, but that doesn’t stop a lot of them.

So I don’t believe Paypal is a juggernaut. It was the first widely successful online payment service. But this field doesn’t give much credit for being first. Just ask Datapoint (inventor of what became the x86 family of processors), Commodore (first successful consumer-level computer to feature pre-emptive multitasking), Digital Research (first popular operating system for microcomputers), or any number of now-defunct pioneers.

I’m not willing to place any bets on whether Google will become the market leader in this arena, especially without having seen their service. But I also don’t think there’s much question as to whether it will survive and/or be profitable. As dissatisfied as the users of other services are, Google Wallet would have to be awfully bad to flop.

Well, I’m a Slowlaris administrator now

Dave Farquhar Personal , , ,

Let me run down <strike>my list of qualifications</strike> what I know about Solaris.1. They call it "Slowlaris" because it initially wasn’t as fast on the same hardware as its predecessor, SunOS.
2. I don’t know if Slowlaris 9 is faster than older versions of Slowlaris, so I don’t know if this counts as something I know about it.
3. Slowlaris is based on System V Unix. SunOS was based on BSD.
4. Slowlaris runs primarily on proprietary hardware from Sun, based on a CPU architecture called SPARC. A handful of Sun clones exist, but I think Fujitsu is the only big third-party manufacturer.
5. There is an x86 version of Slowlaris. Sun keeps going back and forth on whether to continue making it or not, since they don’t make much money off it. It’s being made now. Professional Slowlaris admins argue that its availability makes it easier for up-and-coming admins to learn the OS without buying expensive Sun hardware–they can run it on their six-month old computer that’s too slow to run Doom 3.
6. "Sun" was originally an acronym for "Stanford University Network."

So most of what I know about Slowlaris is either trivia, or holdover generic Unix know-how. But I told my boss since it’s System V, I should be able to adjust to it almost as easily as I could adjust to a Linux distribution from someone other than Debian. I’ll just be typing –help and grepping around in /etc even more than usual.

Yep, it’s been that kind of <strike>week</strike> month.

Spend your computer money on your monitor, not some hopped-up CPU

Dave Farquhar Hardware , , , ,

I read an editorial at Tom’s Hardware this morning that struck me as a bit unusual. Not only did it not mention Quake once (or Doom or whatever the FPS flavor of the week is today), it didn’t mention overclocking, and it wasn’t especially excited about AMD and Intel’s new CPU releases today.
In fact, it argued that by rushing out and buying those CPUs, all you’re doing is giving AMD and Intel an interest-free loan. You buy the chips now. The apps that need them will come later. And that, he said, is just plain wrong.

And I thought to myself: How is this any different from history? Yes, I’ll concede that every chip from the 486 up to, say, the chips of the gigahertz race was overdue. But let’s face it. When Gatermann’s dad needed a computer, we tracked down a used Dell P2-450. When a mutual friend’s sister went off to college, we tracked down another off-lease Dell, added a CD burner, and sent her on her way. If you know how to set a computer up right, it’s entirely possible to be plenty productive on a P2.

And the majority of people are mainly interested in using a computer to surf the Web, read e-mail, do some word processing, listen to MP3s and burn music CDs. For tasks like that, a P2 is, frankly, overkill.

When the first 386 PCs appeared in 1986, they were overkill. People were content with their 4.77 MHz XTs. Some of them had just gotten 6 or 8 MHz ATs, which were themselves overkill. Everyone seems to think the x86 series debuted in 1981. It didn’t. Intel released the 8088 in 1977. It was four years before the chip got mainstream use! (The 8086, after which the family is named, waited even longer.)

This industry has always been built with the bucks from the early adopters and enthusiasts. Always. And if you don’t want to play, nobody’s making you. I haven’t ordered my Athlon 64 yet.

It’s never made sense for me to be the first one on my block with the hottest new CPU. The same is true for most people I know. A lot of people would do well with a $150 used computer from one of these guys–click one of the links and scroll to the bottom and find a link that says “systems” or “desktop PCs”–and a really good keyboard, mouse, and monitor. Or if you want new, buy the cheapest PC available from a first-tier vendor you trust, then spend the money you would have spent on a 3 GHz Pentium 4 Extreme Edition CPU on something that’s actually useful, like that thing you spend all that time staring at. Get a flat-panel LCD monitor that runs at a comfortable resolution. Ditch the $3 keyboard and mouse that comes with the system and buy nice(r) ones. (The best keyboards on the market bring sticker shock–I have trouble justifying a $150 computer keyboard too, I know.)

Chances are you’ll have money left over. Good. In two years the budget CPU will be faster than that P4 Extreme Edition that Intel is touting today. Start saving for 2005’s budget PC now. The monitor, keyboard, and mouse you just shelled out the big bucks for will still work with it, and you’ll be a lot happier.

More on tiny but potentially modern Linux distributions

Dave Farquhar Linux ,

I found a couple of interesting things on Freshmeat today.
First, there’s a Linux-bootfloppy-from-scratch hint, in the spirit of Linux From Scratch, but using uClibc and Busybox in place of the full-sized standard GNU userspace. This is great for low-memory, low-horsepower machines like 386s and 486s.

I would think it would provide a basis for building small Linux distributions using other tools as well.

What other tools? Well, there’s skarnet.org, which provides bunches of small tools. The memory usage on skarnet’s web server, not counting the kernel, is 2.8 megs.

Skarnet’s work builds on that of Fefe, who provides dietlibc (yet another tiny libc) and a large number of small userspace tools. (These tools provide most of the basis for DietLinux, which I haven’t been able to figure out how to install, sadly. Some weekend I’ll sign up for the mailing list and give it another go.

And then there’s always asmutils, which is a set of tools written in pure x86 assembly language and doesn’t use a libc at all, and the e3 text editor, a 12K beauty that can use the keybindings for almost every popular editor, including two editors that incite people into religious wars.

These toolkits largely duplicate one another but not completely, so they could be complementary.

If you want to get really sick, you can try matching this kind of stuff up with Linux-Lite v1.00, which is a set of patches to the Linux 1.09 kernel dating back to 1998 or so to make it recognize things like ELF binaries. And there was another update in 2002 that lists fixes for the GCC 2.72 compiler in its changelog. I don’t know how these two projects were related, if at all, besides their common ancestry.

Or you could try using a 1.2 kernel. Of course compiling those kernels with a modern compiler could also be an issue. I’m intrigued by the possibility of a kernel that could itself use less than a meg, but I don’t know if I want to experiment that much.

And I’m trying to figure out my fascination with this stuff. Maybe it’s because I don’t like to see old equipment go to waste.

DietLinux — a Linux that boots in under 10 seconds

Dave Farquhar Linux , , , , ,

The tinkerer in me just couldn’t stay away. I saw a reference on Linux Weekly News to DietLinux and had to look at it.
DietLinux is an example of a Linux distribution that can’t properly be called GNU/Linux, because the majority of its userspace didn’t come from the GNU project. GNU’s libc–the main API for Unixish systems, and I’ll call Linux a Unix just to hack off SCO–is replaced with an alternative, trimmed-down libc called dietlibc. It’s not feature-complete but it’s tiny. Those of you who programmed casually in the 1980s and 1990s probably remember a day when you could write a fairly sophisticated program in a few kilobytes. Under modern operating systems, a simple program that simply emits “Hello, world!” can take up 32K or more. Using dietlibc instead of GNU’s libc shrinks that program back down to a couple of kilobytes.

The majority of DietLinux’s userspace comes from Felix von Leitner, the author of dietlibc. Von Leitner reimplemented init–the program that bootstraps a Unix system once the kernel is loaded–and getty, which is the program that handles text-based logins. These unglamorous programs can eat up a fair chunk of memory, and since Unix systems typically go for long periods of time without being rebooted, it’s a bit of a waste unless you need certain features provided by the more traditional init and getty programs. He also wrote replacements for several standard utilities.

Obviously, not every program in the world designed for glibc will compile and run under dietlibc, so DietLinux won’t ever be a complete general-purpose distribution. But for network infrastructure glue-type servers providing services like firewalling, DNS and DHCP (all of which already function), it would be perfect.

I don’t know what the future plans for DietLinux are. The asmutils provide an impressive number of userspace and server utilities, written in assembly language with very low overhead, and would appear to be a nice complement to DietLinux’s infrastructure. Their use would limit DietLinux to x86, however. And the text editor e3 is tiny, full-featured, and emulates keybindings for vi, emacs, WordStar, and Pico, so it’s friendly to pretty much any command-line jockey regardless of heritage and takes little space.

It’s also not a newbie distribution. Installation requires a fair bit of skill and pretty much requires an existing Linux system to bootstrap it.

But it’s definitely something I want to keep an eye on. I’m highly tempted to put it on one of my 486s. I just wish I had more time to mess around with it.

What large market for x86 Unix?

Dave Farquhar Linux , , , , , , , , , ,
What large market for x86 Unix?

In a bizarre turn of events, SCO has sued IBM for not less than $1 billion, claiming IBM willfully destroyed SCO’s business by handing its intellectual property over to the Linux movement.

Read more

The pundits are wrong about Apple’s defection

Dave Farquhar Macintosh , , , , , , , , , , , , , ,

Remember the days when knowing something about computers was a prerequisite for writing about them?
ZDNet’s David Coursey continues to astound me. Yesterday he wondered aloud what Apple could do to keep OS X from running on standard PCs if Apple were to ditch the PowerPC line for an x86-based CPU, or to keep Windows from running on Apple Macs if they became x86-based.

I’d link to the editorial but it’s really not worth the minimal effort it would take.

First, there’s the question of whether it’s even necessary for Apple to migrate. Charlie pointed out that Apple remains profitable. It has 5% of the market, but that’s beside the point. They’re making money. People use Apple Macs for a variety of reasons, and those reasons seem to vary, but speed rarely seems to be the clinching factor. A decade ago, the fastest Mac money could buy was an Amiga with Mac emulation hardware–an Amiga clocked at the same speed would run Mac OS and related software about 10% faster than the real thing. And in 1993, Intel pulled ahead of Motorola in the speed race. Intel had 486s running as fast as 66 MHz, while Motorola’s 68040 topped out at 40 MHz. Apple jumped to the PowerPC line, whose clock rate pretty much kept up with the Pentium line until the last couple of years. While the PowerPCs would occasionally beat an x86 at some benchmark or another, the speed was more a point of advocacy than anything else. When a Mac user quoted one benchmark only to be countered by another benchmark that made the PowerPC look bad, the Mac user just shrugged and moved on to some other advocacy point.

Now that the megahertz gap has become the gigahertz gap, the Mac doesn’t look especially good on paper next to an equivalently priced PC. Apple could close the gigahertz gap and shave a hundred bucks or two off the price of the Mac by leaving Motorola at the altar and shacking up with Intel or AMD. And that’s why every pundit seems to expect the change to happen.

But Steve Jobs won’t do anything unless he thinks it’ll get him something. And Apple offers a highly styled, high-priced, anti-establishment machine. Hippie computers, yuppie price. Well, that was especially true of the now-defunct Flower Power and Blue Dalmation iMacs.

But if Apple puts Intel Inside, some of that anti-establishment lustre goes away. That’s not enough to make or break the deal.

But breaking compatibility with the few million G3- and G4-based Macs already out there might be. The software vendors aren’t going to appreciate the change. Now Apple’s been jerking the software vendors around for years, but a computer is worthless without software. Foisting an instruction set change on them isn’t something Apple can do lightly. And Steve Jobs knows that.

I’m not saying a change won’t happen. But it’s not the sure deal most pundits seem to think it is. More likely, Apple is just pulling a Dell. You know the Dell maneuver. Dell is the only PC vendor that uses Intel CPUs exclusively. But Dell holds routine talks with AMD and shows the guest book signatures to Intel occasionally. Being the last dance partner gives Dell leverage in negotiating with Intel.

I think Apple’s doing the same thing. Apple’s in a stronger negotiating position with Motorola if Steve Jobs can casually mention he’s been playing around with Pentium 4s and Athlon XPs in the labs and really likes what he sees.

But eventually Motorola might decide the CPU business isn’t profitable enough to be worth messing with, or it might decide that it’s a lot easier and more profitable to market the PowerPC as a set of brains for things like printers and routers. Or Apple might decide the gigahertz gap is getting too wide and defect. I’d put the odds of a divorce somewhere below 50 percent. I think I’ll see an AMD CPU in a Mac before I’ll see it in a Dell, but I don’t think either event will happen next year.

But what if it does? Will Apple have to go to AMD and have them design a custom, slightly incompatible CPU as David Coursey hypothesizes?

Worm sweat. Remember the early 1980s, when there were dozens of machines that had Intel CPUs and even ran MS-DOS, yet were, at best, only slightly IBM compatible? OK, David Coursey doesn’t, so I can’t hold it against you if you don’t. But trust me. They existed, and they infuriated a lot of people. There were subtle differences that kept IBM-compatible software from running unmodified. Sometimes the end user could work around those differences, but more often than not, they couldn’t.

All Apple has to do is continue designing their motherboards the way they always have. The Mac ROM bears very little resemblance to the standard PC BIOS. The Mac’s boot block and partition table are all different. If Mac OS X continues to look for those things, it’ll never boot on a standard PC, even if the CPU is the same.

The same differences that keep Mac OS X off of Dells will also keep Windows off Macs. Windows could be modified to compensate for those differences, and there’s a precedent for that–Windows NT 4.0 originally ran on Intel, MIPS, PowerPC, and Alpha CPUs. I used to know someone who swore he ran the PowerPC versions of Windows NT 3.51 and even Windows NT 4.0 natively on a PowerPC-based Mac. NT 3.51 would install on a Mac of comparable vintage, he said. And while NT 4.0 wouldn’t, he said you could upgrade from 3.51 to 4.0 and it would work.

I’m not sure I believe either claim, but you can search Usenet on Google and find plenty of people who ran the PowerPC version of NT on IBM and Motorola workstations. And guess what? Even though those workstations had PowerPC CPUs, they didn’t have a prayer of running Mac OS, for lack of a Mac ROM.

Windows 2000 and XP were exclusively x86-based (although there were beta versions of 2000 for the Alpha), but adjusting to accomodate an x86-based Mac would be much easier than adjusting to another CPU architecture. Would Microsoft go to the trouble just to get at the remaining 5% of the market? Probably. But it’s not guaranteed. And Apple could turn it into a game of leapfrog by modifying its ROM with every machine release. It already does that anyway.

The problem’s a whole lot easier than Coursey thinks.