From 5abee01092e0554a2fa4189db43e7673121d8bfa Mon Sep 17 00:00:00 2001 From: Christine Dodrill Date: Sat, 14 Feb 2015 16:02:48 -0800 Subject: [PATCH] Add inagural PLT post --- blog/plt-1-the-beginning-2015-02-14.markdown | 157 +++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 blog/plt-1-the-beginning-2015-02-14.markdown diff --git a/blog/plt-1-the-beginning-2015-02-14.markdown b/blog/plt-1-the-beginning-2015-02-14.markdown new file mode 100644 index 0000000..ae51117 --- /dev/null +++ b/blog/plt-1-the-beginning-2015-02-14.markdown @@ -0,0 +1,157 @@ +The Saga of plt, Part 1 +======================= + +The following is adapted from a real story. Parts of it are changed to keep it +entertaining to read but the core of the story is maintained. I apologize that +this issue in the epic will be shorter than the others, but it gets better. + +The Beginning of The Interesting Pain +------------------------------------- + +It all started when I got this seemingly innocuous PM on Freenode: + +``` +2015-01-23 [18:32:48] Hello. I am writting a new ircd and can I have the +channel ##ircd please? +``` + +This is a fairly common event on larger IRC networks, especially given the +length of the channel name and the fact that it references IRC daemons +specifically. At this point I had *forgotten* I owned that channel. So +naturally I decided to give it a join and see if the person who requested the +channel was worthy of it or had brought enough activity to it such that it was +morally correct to hand it off. + +This was not the case. + +``` +[18:33:54] *** Joins: Xe (xe@unaffiliated/xe) +[18:34:02] Hello xe. +[18:35:17] Xe the project name pbircd. +[18:37:09] Xe the project site is http://sourceforge.net/p/pbircd +``` + +In case the site is removed from SourceForge, it is the default sourceforge +page. + +After taking a look at this and then getting off the call with my family I was +on at the point, I decided to reply. + +``` +[20:30:49] plt: I've decided against giving you my channel +[20:31:03] you have no code in your repo. +[20:31:31] I am currently working on the project. Can I help you in the +channel? +[20:32:04] if you are working on it +[20:32:11] I'd expect to see at least something +[20:32:25] for example: https://github.com/Xe/scylla +[20:32:35] that's mostly autogenerated code and makefiles, but it's +something +[20:33:31] Take a look at this http://pastebin.com/F8MH3fSs +[20:34:04] You know it takes a while to write ircd code. +[20:34:16] I don't see any commits +[20:34:20] not even framework code +[20:34:24] or design +[20:34:26] or an outline +[20:34:30] all I see is that pastebin +[20:34:39] which is in no way connected to that git repo +[20:35:07] I am still adding more features so its not going to be posted +on the main web site yet. +``` + +The contents of the pastebin looked like a changelog, but that pastebin has +since expired or was explicitly deleted. He was all talk and no game. I admit +at this point I was pretty tired and frustrated, so I told him off: + +``` +[20:35:19] fucking commit it then +[20:35:52] I was going to wait until the code was completed. +[20:36:43] yeah good lick then +[20:36:45] luck* +[20:37:14] Itgoing to get done and I am the only one working on the +project so what do you expect? +[20:37:29] to be able to look at the in-progress code? +[20:39:24] The code will do you no good because you will not be able to +compile it. +[20:39:51] then you have nothing +[20:40:06] I am not required to approve it. +[20:41:08] I can post the run program on the web site. +[20:42:33] then do that +[20:43:28] Done. +``` + +The "run program" was nothing but a wrapper around the nonexistent binary for +pbircd and seemed to be compiled in a language that doesn't respect assembly +functions and all of the forms of RE that I know how to do were useless. If you +know how to better do RE on arbitrary binaries please let me know. + +``` +[20:44:12] there are binaries +[20:44:15] not source code +[20:44:25] this is what you use git for +[20:44:35] The source code will do you no good since you can not compile it. +[20:52:02] In order for you to compile it you need the encryption program +and I am not going to release the source code. +[20:54:43] lol +[20:55:34] The program is freeware and I have no obligation to release +the code under the License agreement. +[21:00:56] you also will get no users +[21:03:13] The company that wrote Conferenceroom has a lot of customers. +``` + +ConfrenceRoom was a company that made a commercial IRC daemon. They have lost +to Slack and other forms of chat like HipChat. Note here that he says "you can +not compile it". This is true in more ways than you would think. He also claims +it is Freeware and not full fledged open source software. As someone who is +slightly proactive and paranoid after the Snowden bullshit, I find this highly +suspect. However, this "encryption program" was something I was oddly most +interested in. + +``` +2015-01-24 +[12:11:14] Xe why do you always demand to see the source code? +``` + +Curiosity? To learn from other people's ideas? To challenge myself in +understanding another way of thinking about things? To be able to improve it +for others to learn from? Those seem like good reasons to me. + +``` +[22:46:33] PBIRCD is a irc daemon. +[22:46:36] Hello xe +``` + +The `PB` in that name will become apparent later. + +``` +[23:09:31] Would you like to see what I have in the updates? +[23:09:40] sure +[23:09:47] http://pastebin.com/2udHPSyP +[23:13:10] Tell me what you think about it? +[23:16:32] I need to take a short break. +``` + +Again, the paste is dead (I should really be saving these gems) but it was +another set of what appeared to be patch notes. + +``` +[23:22:37] Do you like what I have in the notes? +[23:23:49] I still think it's ridiculous that you don't have the balls to +release your code +[23:24:36] I understand what you telling me. +[23:25:48] There is no way to working around protecting the encrypted +information. +[23:34:19] Why are you do want to see the code? +[23:43:36] Xe The encryption is used to encrypt the Operators, Link and +the other passwords. +``` + +This sounds suspect. Any sane system of encrypting passwords like this would be +a mathematical one-way function. By not showing the code like this, is this +a two-way function? + +``` +2015-01-25 +[00:05:55] Xe Question if the authors that wrote free pgp do not release +their source code then why should I have do +```