Niels Provos - News

Libevent 2.0.4-alpha released

nospam@example.com (Niels Provos) — Fri, 05 Mar 2010 23:32:00 -0800

Libevent 2.0.4-alpha is now available for download:

http://monkey.org/~provos/libevent-2.0.4-alpha.tar.gz
http://monkey.org/~provos/libevent-2.0.4-alpha.tar.gz.sig

The complete change list is available here.

Some of the feature improvements include:

bufferevents can now be rate limited
http connections can now resolve host names asynchronously
a facility for lock debugging
arc4random() for evdns

However, we (that means mostly Nick) have also made a large number of bug fixes and stability improvements across many platforms. Many thanks to everyone who helped by providing bug reports and patches including Brodie Thiesfield, Dagobert Michelsen, Evan Jones, Joachim Bauch, Pavel Plesov, Roman Puls, Sebastian Hahn, William Ahern, Yasuoka Masahiko and Zhuang Yuyao.

In a separate email, Nick also provided a much more verbose description of what all changed.

Libevent-2.0.3-alpha release

nospam@example.com (Niels Provos) — Fri, 20 Nov 2009 21:23:55 -0800

It has been a while since the last alpha release of libevent-2.0. Yesterday, we released 2.0.3-alpha which can be downloaded from

http://monkey.org/~provos/libevent-2.0.3-alpha.tar.gz

Please, give it a spin and let us know if you run into any problems. There have been a lot of changes since the last release, mostly due to Nick's hard work. Here are just some highlights, the ChangeLog contains the full story:

- SSL/TLS support on bufferevents, using the OpenSSL library
- Improved searching on evbuffer objects
- Improved support for Windows
- More efficient memory allocation for event_bases that use epoll
- Improved thread-safety
- The IOCP bufferevent backend is now exposed on Windows; many thanks to Christopher Davis for his work.

Many thanks to everyone who helped with patches and bug reports including Rocco Carbone, Brodie Thiesfield, Caitlin Mercer, David Reiss, Alexander Pronchenkov, Jacek Masiulaniec, Ka-Hing Cheung, Christopher Davis, Ferenc Szalai, and Ryan Phillips.

Edited to fix the link.

Libevent 1.4.13-stable released

nospam@example.com (Niels Provos) — Tue, 17 Nov 2009 20:16:10 -0800

We just released a new stable version of Libevent that fixes the following problems:

If the kernel tells us that there are a negative number of bytes to read from a socket, do not believe it. Fixes bug 2841177; found by Alexander Pronchenkov.
Do not allocate the maximum event queue and fd array for the epoll backend at startup. Instead, start out accepting 32 events at a time, and double the queue's size when it seems that the OS is generating events faster than we're requesting them. Saves up to 512K per epoll-based event_base. Resolves bug 2839240.
Fix compilation on Android, which forgot to define fd_mask in its sys/select.h
Do not drop data from evbuffer when out of memory; reported by Jacek Masiulaniec
Rename our replacement compat/sys/_time.h header to avoid build a conflict on HPUX; reported by Kathryn Hogg.
Build kqueue.c correctly on GNU/kFreeBSD platforms. Patch pulled upstream from Debian.
Fix a problem with excessive memory allocation when using multiple event priorities.
When running set[ug]id, don't check the environment. Based on a patch from OpenBSD.

A new alpha release of libevent 2.0 is on its way, too. Thanks to everyone who submitted patches and bug reports.

The source code is available at http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz. Don't forget to verify the signature.

LEET '10 Call for Papers

nospam@example.com (Niels Provos) — Sat, 29 Aug 2009 12:35:46 -0700

The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose, CA.

LEET '10 will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.

Important Dates

Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
Notification of acceptance: Wednesday, March 24, 2010
Final papers due: Monday, April 5, 2010

Workshop Organizers
Program Chair

Michael Bailey, University of Michigan

Program Committee

Dan Boneh, Stanford University
Nick Feamster, Georgia Institute of Technology
Jaeyeon Jung, Intel Labs, Seattle
Christian Kreibich, International Computer Science Institute
Patrick McDaniel, Pennsylvania State University
Fabian Monrose, University of North Carolina, Chapel Hill
Jose Nazario, Arbor Networks, Inc.
Stefan Savage, University of California, San Diego
Matt Williamson, AVG Technologies
Yinglian Xie, Microsoft Research
Vinod Yegneswaran, SRI International

Go submit your work!

Ask Google's Anti-Malware Team

nospam@example.com (Niels Provos) — Sun, 16 Aug 2009 16:42:12 -0700

Google's Anti-Malware team has prepared a moderator page where web masters and users can ask questions and vote which questions they would like to see answered. The voting period ends on Friday, August 28th at which point the Anti-Malware team will prepare answers for some of the top-rated questions.

New Libevent Releases

nospam@example.com (Niels Provos) — Tue, 28 Jul 2009 21:17:43 -0700

Nick just announced two new libevent releases. Here is his summary.

Libevent 1.4.12-stable:
You can find the source in the usual place:

http://monkey.org/~provos/libevent-1.4.12-stable.tar.gz

This is a bugfix-only release, and some of the bugs were kind of nasty. I'd recommend that you upgrade, especially if you are writing code that uses epoll or evdns.

Changes in 1.4.12-stable:

Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
Use _VA_ARGS_ syntax for varargs macros in event_rpcgen when compiler is not GCC.
Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
Do not break evdns connections to nameservers when our IP changes.
Set truncated flag correctly in evdns server replies.
Disable strict aliasing with GCC: our code is not compliant with it.

Libevent-2.0.2-alpha:
The first alpha release in the long-promised Libevent 2.0 series is finally out. You can download Libevent 2.0.2-alpha from:

http://monkey.org/~provos/libevent-2.0.2-alpha.tar.gz

This is an alpha release. Libevent 2.0 is not finished. There will be bugs, and we make no promises about the stability of any APIs introduced in the 2.0.x-alpha releases. When you find bugs, please let us know.

Libevent 2.0 is intended to be backward compatible with the Libevent 1.4 APIs[*]. Any program that worked with Libevent 1.4 should still work with Libevent 2.0, unless we screwed up. Please test your programs when you have a chance, so that if we did screw up, we can notice soon.
[*] Unless you were messing around with the internals of internal structures.

This release adds many new features to the previous alpha release, and fixes many bugs. See the ChangeLog for full details. Highlights include:

evdns is now threadsafe, with locking support
There's an evconnlistener type that you can use to abstract cross-platform differences in accepting connections.
The evbuffer interface (and therefore bufferevents) now supports zero-copy much better.
About a zillion fixes for tricky bugs in the new Libevent 2.0.1-alpha code.

Special thanks to everybody who helped find bugs and improve the code, especially James Mansion, Zack Weinberg, and Joachim Bauch.

Aikido in Hamburg

nospam@example.com (Niels Provos) — Thu, 16 Jul 2009 02:53:43 -0700

Yesterday, I managed to practice Aikido in Hamburg for the first time in almost twelve years. The dojo at Charlottenstraße was beautiful with windows to the outside and plenty of light. The training was interesting and very enjoyable. I even managed to practice with a few folks from university times. Next week, it's back to the US and Aikido practice in Mountain View.

Finn (1999 - 2009)

nospam@example.com (Niels Provos) — Sat, 04 Jul 2009 20:04:44 -0700

Building a forge

nospam@example.com (Niels Provos) — Mon, 22 Jun 2009 23:45:42 -0700

To get better control over the atmosphere in the forge, I have decided to build a blown gas forge based on a design by Tim Zowada. The basic structure is provided by a 10 gallon compressed air tank I picked up from Lowes. Using Tim's forced-air manifold, the forge should easily get up to welding temperature (2300F).

Jon who runs the TemperChi Glass Art Studio is helping with building this thing and already has some cerawool for lining the inside. The Cerawool is going to get covered with a 1/4in layer of Satanite and then with an ITC-100 coating. The forge floor will be made from Bubble Alumina refractory which has a heat rating of up 3300F and is supposed to be very resistant to flux. The inside diameter of the forge will be 8 inches and the length about 12 inches.

If you are interested in making glass beads, you can learn that at the shop, too, as well as welding

Top 10 Malware Sites

nospam@example.com (Niels Provos) — Sat, 06 Jun 2009 10:03:02 -0700

A list of the top-10 malware sites found by Google's infrastructure over the last two months is available at the Google Online Security Blog. Gumblar and Martuz are among them as well as googleanalytlcs.net. There certainly have been lots of compromised web servers recently.

LEET'09: Large Scale Exploits and Emergent Threats

nospam@example.com (Niels Provos) — Tue, 14 Apr 2009 17:25:08 -0700

The 2nd USENIX LEET workshop is going to take place on April 21st in Boston next week. The workshop program looks really interesting. There are a number of really interesting talks; here are just a few:

Spamcraft: An Inside Look At Spam Campaign Orchestration
A Foray into Conficker's Logic and Rendezvous Points
A View on Current Malware Behaviors

Last year's workshop was a blast and I expect that next week is going to be lots of fun, too. It is still possible to register on-site for the workshop.

Small Libevent 2.0 Performance Test

nospam@example.com (Niels Provos) — Sat, 11 Apr 2009 23:18:18 -0700

In preparation for CodeCon, Nick and I wanted to see how HTTP performance differs between Libevent 1.4 and Libevent 2.0. HTTP is a good test case as it exercises many of the optimized components. Here is a preliminary result.

The libevent HTTP server is serving 200,000 bytes of content for each request. Apache's benchmark tool ab was used to make 15,000 requests with 40 requests happening in parallel.

1.4.10:
Requests per second: 1450.79 [#/sec] (mean)
2.0:
Requests per second: 1961.99 [#/sec] (mean)
2.0 (evbuffer_add_reference):
Requests per second: 3979.31 [#/sec] (mean)

In Libevent 2.0, the evbuffer interface was rewritten to avoid memory copies where possible. This seems to result in a 35% performance improvement. The evbuffer_add_reference() API allows external memory to be associated with an evbuffer and thus avoids another memory copy. This results in about 100% performance increase. In comparison to Libevent 1.4, this is almost 175% faster.

In the meantime, Nick is working on making IOCP available for Windows.

WOOT'09 Call For Papers

nospam@example.com (Niels Provos) — Thu, 26 Mar 2009 23:36:13 -0700

WOOT is the Workshop on Offensive Technologies. This year, it's being held for the third time and the call for papers just came out. Submissions are solicited for a variety of interesting topics including:

Vulnerability research (software auditing, reverse engineering)
Exploit techniques and automation
Malware design and implementation (rootkits, viruses, bots, worms)

The last two years were a lot of fun and this years organizers are an eclectic bunch of well known folks. If you have anything in the works, go submit it and we will see you at the workshop.

Systrace 1.6g released

nospam@example.com (Niels Provos) — Sun, 15 Mar 2009 17:25:54 -0700

This release contains a number of small bug fixes:

- 32-bit compilation has been fixed
- 32-bit policies are no longer created as Linux64 with running on a 64-bit system

The source code can be downloaded here [sig].

Anvil Setup

nospam@example.com (Niels Provos) — Sun, 15 Feb 2009 17:43:41 -0800

I got to set up the anvil today and spent a few minutes hammering hot metal. The construction for the anvil stand is from Mark Asprey's book. Joe welded the anvil stand for me and even though the feet are not the same size, it turned out to be surprisingly level. The 165 pound anvil is bolted on top of four layers of plywood. It's reasonably solid but moves a little bit when hit hard.