snabelen.no

Felix Palmen :freebsd: :c64:Oh boy, I have a lead! And it's NOT related to <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a>. I finally noticed another pattern: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a> only <a href="https://mastodon.bsd.cafe/tags/crashed" class="mention hashtag" rel="nofollow noopener" target="_blank">#crashed</a> when running as a <a href="https://mastodon.bsd.cafe/tags/daemon" class="mention hashtag" rel="nofollow noopener" target="_blank">#daemon</a>. The daemonizing wasn't the problem, but the default logging configuration attached to it: "fake async", by letting a <a href="https://mastodon.bsd.cafe/tags/threadpool" class="mention hashtag" rel="nofollow noopener" target="_blank">#threadpool</a> job do the logging.Forcing THAT even when running in foreground, I can finally reproduce a crash. And I wouldn't be surprised if that was actually the reason for crashing "pretty quickly" with <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a> (and only rarely with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>), I mean, something going rogue in your address space can have the weirdest effects.

Felix Palmen :freebsd: :c64:For two days straight, I just can't reproduce <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a> <a href="https://mastodon.bsd.cafe/tags/crashing" class="mention hashtag" rel="nofollow noopener" target="_blank">#crashing</a> with *anything* in place (<a href="https://mastodon.bsd.cafe/tags/clang" class="mention hashtag" rel="nofollow noopener" target="_blank">#clang</a> <a href="https://mastodon.bsd.cafe/tags/sanitizer" class="mention hashtag" rel="nofollow noopener" target="_blank">#sanitizer</a> instrumentation, attached <a href="https://mastodon.bsd.cafe/tags/debugger" class="mention hashtag" rel="nofollow noopener" target="_blank">#debugger</a> like <a href="https://mastodon.bsd.cafe/tags/lldb" class="mention hashtag" rel="nofollow noopener" target="_blank">#lldb</a>) that could give me the slightest hint what's going wrong. 😡But it *does* crash when "unobserved". And it looks like this is happening a lot sooner (or, more often?) when using <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a> ... but I also suspect this could be a red herring in the end.Situation reminds me of my physics teacher back at school, who used to say something in german I just can't ever forget:"Wer misst, misst Mist."Feeble attempt in english would be "the one who measures measures crap", it was his humorous way to bring one consequence of <a href="https://mastodon.bsd.cafe/tags/Heisenberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#Heisenberg</a>'s indeterminacy principle to the point. And indeed, <a href="https://mastodon.bsd.cafe/tags/debugging" class="mention hashtag" rel="nofollow noopener" target="_blank">#debugging</a> computer programs always suffers from similar problems...

Felix Palmen :freebsd: :c64:I need help. First the question: On <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FreeBSD</a>, with all ports built with <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a>, can I somehow use the <a href="https://mastodon.bsd.cafe/tags/clang" class="mention hashtag" rel="nofollow noopener" target="_blank">#clang</a> <a href="https://mastodon.bsd.cafe/tags/thread" class="mention hashtag" rel="nofollow noopener" target="_blank">#thread</a> <a href="https://mastodon.bsd.cafe/tags/sanitizer" class="mention hashtag" rel="nofollow noopener" target="_blank">#sanitizer</a> on a binary actually using LibreSSL and get sane output?What I now observe debugging <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a>:- A version built with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> (from base) doesn't crash. At least I tried very hard, really stressing it with <a href="https://mastodon.bsd.cafe/tags/jmeter" class="mention hashtag" rel="nofollow noopener" target="_blank">#jmeter</a>, to no avail. Built with LibreSSL, it does crash. - Less relevant: the OpenSSL version also performs slightly better, but needs almost twice the RAM - The thread sanitizer finds nothing to complain when built with OpenSSL - It complains a lot with LibreSSL, but the reports look "fishy", e.g. it seems to intercept some OpenSSL API functions (like SHA384_Final) - It even complains when running with a single-thread event loop. - I use a single SSL_CTX per listening socket, creating SSL objects from it per connection ... also with multithreading; according to a few sources, this should be supported and safe. - I can't imagine doing that on a *single* thread could break with LibreSSL, I mean, this would make SSL_CTX pretty much pointless - I *could* imagine sharing the SSL_CTX with multiple threads to create their SSL objects from *might* not be safe with LibreSSL, but no idea how to verify as long as the thread sanitizer gives me "delusional" output 😳

Felix Palmen :freebsd: :c64:More interesting progress trying to make <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a> suitable for very busy sites!I realized that <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> (both with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> and <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a>) is a *major* bottleneck. With TLS enabled, I couldn't cross 3000 requests per second, with somewhat acceptable response times (most below 500ms). Disabling TLS, I could really see the impact of a <a href="https://mastodon.bsd.cafe/tags/lockfree" class="mention hashtag" rel="nofollow noopener" target="_blank">#lockfree</a> queue as opposed to one protected by a <a href="https://mastodon.bsd.cafe/tags/mutex" class="mention hashtag" rel="nofollow noopener" target="_blank">#mutex</a>. With the mutex, up to around 8000 req/s could be reached on the same hardware. And with a lockfree design, that quickly went beyond 10k req/s, but crashed. 😆So I read some scientific papers 🙈 ... and redesigned a lot (*). And now it finally seems to work. My latest test reached a throughput of almost 25k req/s, with response times below 10ms for most requests! I really didn't expect to see *this* happen. 🤩 Maybe it could do even more, didn't try yet.Open issue: Can I do something about TLS? There *must* be some way to make it perform at least a *bit* better...(*) edit: Here's the design I finally used, with a much simplified "dequeue" because the queues in question are guaranteed to have only a single consumer: <a href="https://dl.acm.org/doi/10.1145/248052.248106" rel="nofollow noopener" translate="no" target="_blank">https://dl.acm.org/doi/10.1145/248052.248106</a>

Klaus Frank<a href="https://mastodon.social/@hanno" class="u-url mention" rel="nofollow noopener" target="_blank">@hanno</a> Speaking of <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a>, what's the state of <a href="https://chaos.social/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a>, did that manage to get some traction or did it die out? Didn't really hear much about it for a long while now.

Peter N. M. HansteenLibreSSL 4.1.0 released <a href="https://www.undeadly.org/cgi?action=article;sid=20250430112153" rel="nofollow noopener" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250430112153</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/libressl" class="mention hashtag" rel="nofollow noopener" target="_blank">#libressl</a> <a href="https://mastodon.social/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssl</a> <a href="https://mastodon.social/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#tls</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssl</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#crypto</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a>

Felix Palmen :freebsd: :c64:Released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#swad</a> v0.1 🥳 Looking for a simple way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> reverse proxy? Then swad *could* be for you!swad is the "Simple Web Authentication Daemon", written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a> (+ <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#POSIX</a>) with almost no external dependencies. <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLS</a> support requires <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSL</a> (or <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreSSL</a>). It's designed to work with nginx' "auth_request" module and offers authentication using a <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#cookie</a> and a login form.Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#PAM</a>. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈If you want to know more, read here: <a href="https://github.com/Zirias/swad" rel="nofollow noopener" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Nylige søk

Alternativer for søk

Administrert av:

Serverstatistikk:

#libressl