I just spent a total of about two days bisecting the FreeBSD kernel to find the cause of a particular panic I’d been getting while booting on a Jetway NF9HG Mini-ITX mainboard.

Of course, -CURRENT being what is, some revisions between the branch point and releng/12.0 aren’t exactly amenable to compilation, and where they are, other bugs like to hide the behavior I’m looking for.

(Having to react to “fatal trap 12” with git bisect good is also somewhat unnatural, but that’s not what I was looking for, after all.)

Anyway, at some point during my travails, I became aware of a particular kernel tunable, introduced to prevent trouble with something called “EFI runtime services”. The name of the thing was efi.rt_disabled. I put it into loader.conf and happily kept bisecting. It even worked, preventing some crashes on kernels that had not previously booted.

Then things became confusing. The problem appeared to be fluctuating; rather than the “trap 12” on earlier revisions and the panic on later ones the two seemed intermixed somehow.

End of day 1.

On day 2, being the present day, I started over from the beginning, and the results made sense again. At first anyway. I had forgotten about the tunable, which turned out to have been a very good thing.

Five hours into bisecting, I had just arrived at the very last commit to test, the commit message reminded me, and I looked in UPDATING again to refresh my memory.

Then my eyes went wide … where did that dot come from … no, they didn’t … did they?

Yes, they did. Back in July, someone renamed the tunable, replacing the underscore with a second period; what had been efi.rt_disabled now became efi.rt.disabled. When I first found it in UPDATING I must have been on a commit before this change. Later on, I obviously had no reason to recheck the spelling.

Anyway, setting the correctly spelled tunable fixed the panic.

git bisect is the best binary-tree thing since Turduckenailailenailailduckenailailenailail.

When Knuth started on TeX, his motivation is reported to have been to improve math typesetting, because his earlier books were often mangled by typesetters/printers who did not understand the math and hence did not notice when they got it wrong.

Hence, the whole point of and reason for TeX is to produce good-looking math.

Why, then, is this still allowed to happen today?

Use \mathit{}, people!

Update: Then again, from the same paper:

ISWYDT.

According to the company, this is not a security issue. I reserve – and exercise – my right to disagree, but I’m not a security researcher.

They say that:

1. The global write permissions on the firmware files (they are firmware files) is

   • necessary to enable successful updates, and
   • not a problem because the PC software does not interpret them when feeding them to the reader, and the reader will reject manipulated files due to invalid signatures.

2. The registry permissions are necessary for interoperability between components on the same system.

Finally, they say their software and devices are getting tested not only by them, but also by the IT security people of the companies using the things, and if no one complains, everything must be fine.

Very well then; if they won’t fix their bugs, I can only do work around them in my own environment.

From the installation log of the driver for a REINER SCT smart card reader:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </subdirectories "C:\ProgramData\REINER SCT\*" /grant="S-1-1-0"=F>

Um. Come again? S-1-1-0 is Everyone.

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls ctf_bdr.rsct
ctf_bdr.rsct Everyone:(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)
             BUILTIN\Users:(I)(RX)

C:\ProgramData\REINER SCT\cyberJack Base Components>icacls .
. Everyone:(OI)(IO)(F)
  Everyone:(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  CREATOR OWNER:(I)(OI)(CI)(IO)(F)
  BUILTIN\Users:(I)(OI)(CI)(RX)
  BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)

The files are “transfer files” according to the (rather pointless) file type registration. They look encrypted. I suspect they are some kind of firmware.

Why would anyone in their right mind set a directory full of firmware for a smart card reader to be world writable?

The next line in the log file is this:

Executing Process <C:\Program Files (x86)\REINER SCT\cyberJack\subinacl.exe> with </keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers" /grant="S-1-5-19"=F>

NT AUTHORITY\LOCAL SERVICE. Probably also not a good idea; I think this is left from before there were virtual service accounts.

Time to ask the company.

• Weichenlaufkettensperrmelder

How to remove a systemwide installation of Fusion 360

"Fusion 360 Client Downloader.exe" --globalinstall -p uninstall

Ach du lieber Deutschlandfunk.

Fall 1: »Jetzt muss Sessions gehen. Nachfolger wird aber nicht sein Stellvertreter, sondern Trumps Stabschef Matthew Whitaker.« Äh, nein, Whitaker ist/war nicht Trumps Stabschef, sondern Sessions’.

Fall 2: »Was man auch erzählen muss, weil es vermutlich bei der Geschichte eine Rolle spielt: die Bahira-Mitarbeiterin, die das Erlebnis hatte, ist nicht irgendwer. Das ist Pinar Cetin, die Ehefrau, des früheren Moscheevorsitzenden Ender Cetin, der im Dezember 2016 überraschend aus diesem Amt entfernt wurde. Auch sie selbst war in der Moschee und bei Ditib schon in wichtigen Ämtern bekleidet.« Wieso, sind Frauen in Moscheen und bei Ditib normalerweise unbekleidet?

https://www.deutschlandfunk.de/y.807.de.html?dram:article_id=431030

Und manchmal erscheint ihr neben ihrer Tochter auch noch ihre große Schwester Adelheid, oder wie?

You know, Google, one of these things is far more likely to be what I was looking for than the other.

Nice try, though.