From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 11:10:07 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D5861065676 for ; Mon, 10 Sep 2012 11:10:07 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 262058FC0C for ; Mon, 10 Sep 2012 11:10:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8ABA742071190 for ; Mon, 10 Sep 2012 11:10:07 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8ABA4QV070785 for freebsd-rc@FreeBSD.org; Mon, 10 Sep 2012 11:10:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 10 Sep 2012 11:10:04 GMT Message-Id: <201209101110.q8ABA4QV070785@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 11:10:07 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/169373 rc mountd starts too early when exporting fs marked as la o conf/169047 rc [rc.subr] [patch] /etc/rc.subr not checking some scrip o bin/168544 rc [patch] [rc]: addswap-mounted swapfiles cause panic on o conf/167566 rc [rc.d] [patch] ipdivert module loading vs. ipfw rc.d o o conf/166484 rc [rc] [patch] rc.initdiskless patch for different major o conf/165769 rc [rc][jai][ipv6] IPv6 Initialization on external iface o bin/165477 rc [rc] dhclient is run twice o conf/164393 rc [rc.d] restarting netif with static addresses doesn't o conf/163508 rc [rc.subr] [patch] Add "enable" and "disable" commands o conf/163488 rc Confusing explanation in defaults/rc.conf o conf/163321 rc [rc.conf] [patch] allow _fib syntax in rc.conf o conf/162642 rc .sh scripts in /usr/local/etc/rc.d get executed, not s p kern/161899 rc [route] ntpd(8): Repeating RTM_MISS packets causing hi o conf/161107 rc [rc] stop_boot in mountcritlocal usage is incorrect. o conf/160403 rc [rc] [patch] concurrently running rc-scripts during bo o conf/160240 rc rc.d/mdconfig and mdconfig2 should autoset $_type to v o conf/159846 rc [rc.conf] routing_stop_inet6() logic doesn't handle ip o conf/158557 rc [patch] /etc/rc.d/pf broken messages o conf/158127 rc [patch] remount_optional option in rc.initdiskless doe o conf/153666 rc [rc.d][patch] mount filesystems from fstab over zfs da o conf/153200 rc post-boot /etc/rc.d/network_ipv6 start can miss neighb o conf/153123 rc [rc] [patch] add gsched rc file to automatically inser o conf/150474 rc [patch] rc.d/accounting: Add ability to set location o o conf/149867 rc [PATCH] rc.d script to manage multiple FIBS (kern opti o conf/149831 rc [PATCH] add support to /etc/rc.d/jail for delegating Z o conf/148656 rc rc.firewall(8): {oip} and {iip} variables in rc.firewa o conf/147685 rc [rc.d] [patch] new feature for /etc/rc.d/fsck o conf/147444 rc [rc.d] [patch] /etc/rc.d/zfs stop not called on reboot o conf/146053 rc [patch] [request] shutdown of jails breaks inter-jail o conf/145445 rc [rc.d] error in /etc/rc.d/jail (bad logic) o conf/145399 rc [patch] rc.d scripts are unable to start/stop programs o conf/145009 rc [patch] rc.subr(8): rc.conf should allow mac label con o conf/144213 rc [rc.d] [patch] Disappearing zvols on reboot o conf/143637 rc [patch] ntpdate(8) support for ntp-servers supplied by o conf/143085 rc [patch] ftp-proxy(8) rc(8) with multiple instances o conf/142973 rc [jail] [patch] Strange counter init value in jail rc o conf/142434 rc [patch] Add cpuset(1) support to rc.subr(8) o conf/142304 rc rc.conf(5): mdconfig and mdconfig2 rc.d scripts lack e o conf/141909 rc rc.subr(8): [patch] add rc.conf.d support to /usr/loca o conf/141907 rc [rc.d] Bug if mtu (maybe others?) is set as first argu o conf/141678 rc [patch] A minor enhancement to how /etc/rc.d/jail dete o conf/141275 rc [request] dhclient(8) rc script should print something o conf/140440 rc [patch] allow local command files in rc.{suspend,resum o conf/140261 rc [patch] Improve flexibility of mdconfig2 startup scrip o conf/138208 rc [rc.d] [patch] Making rc.firewall (workstation) IPv6 a o conf/137629 rc [rc.d] background_dhclient rc.conf option causing doub o conf/137470 rc [PATCH] /etc/rc.d/mdconfig2 : prioritize cli parameter o conf/137271 rc [rc.d] Cannot update /etc/host.conf when root filesyst o conf/136624 rc [rc.d] sysctl variables for ipnat are not applied on b o conf/135338 rc [rc.d] pf startup order seems broken [regression] o conf/134918 rc [patch] rc.subr fails to detect perl daemons o conf/134660 rc [patch] rc-script for initializing ng_netflow+ng_ipfw o conf/134333 rc PPP configuration problem in the rc.d scripts in combi o conf/134006 rc [patch] Unload console screensaver kernel modules if s o conf/133890 rc [patch] sshd(8): add multiple profiles to the rc.d scr o conf/132483 rc rc.subr(8) [patch] setfib(1) support for rc.subr o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped p bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [jail] [patch] add support for nice value for rc.d/jai o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/123119 rc [patch] rc script for ipfw does not handle IPv6 o conf/122968 rc [rc.d] /etc/rc.d/addswap: md swapfile multiplication a o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/108589 rc rtsol(8) fails due to default ipfw rules o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 96 problems total. From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 13:52:19 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 965FC1065670; Mon, 10 Sep 2012 13:52:19 +0000 (UTC) Date: Mon, 10 Sep 2012 06:52:18 -0700 From: David O'Brien To: Peter Jeremy Message-ID: <20120910135218.GA68128@dragon.NUXI.org> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120907015157.GA29497@server.rulingia.com> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 13:52:19 -0000 On Fri, Sep 07, 2012 at 11:51:57AM +1000, Peter Jeremy wrote: > I've done some experiments on a couple of systems to look at gzip and > sha256 speed. On one box, "sysctl -an" returns 109989 bytes (though > it has been up for a while) which gzip's to 12511 bytes (still too > large for a single write to /dev/random). The following is the > wallclock time to run sha256 or gzip on that input (based on multiple > runs of 100 loops). > sha256 gzip -6 CPU > 3.3ms 5.9ms 2.5GHz amd64 (Athlon 4850e) > 6.8ms 13.3ms 1.6GHz i386 (Atom N270) > 85 ms 34 ms 700MHz ARMv6 (Raspberry PI, running Linux) > These times are all in the noise compared to overall startup time. I got my slowest times on a CAVIUM OCTEON 52XX CPU Rev. 0.8 with no FPU. This is the source of my performance concerns. I agree your times are "in the noise" and thus feel this diff deals with most of the concerns. * Updates the comment about blocking -- it hasn't been true for 8 years. * Document the natural limitations of the harvesting subsystem due to it having finite resources (space & time). * Apply above documentation and don't write over 100k to /dev/random thinking it is all processed. [or even the reduced 50k of output from using more selective commands] * Apply Bruce Schneier's advice WRT not reusing seed material to the 'better_than_nothing' seed material and only use it on first post-installation boot. Index: initrandom =================================================================== --- initrandom (revision 239610) +++ initrandom (working copy) @@ -18,18 +18,40 @@ feed_dev_random() { if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + else + return 1 fi } better_than_nothing() { - # XXX temporary until we can improve the entropy - # harvesting rate. # Entropy below is not great, but better than nothing. - # This unblocks the generator at startup - ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + + # Entropy below is not great, but better than nothing. + # Overwhelming the internal entropy seeding buffers is a NOP. + # Once the internal buffers are filled, additional input is + # dropped on the floor until the buffers are processed. + # For FreeBSD's current yarrow implementation that means + # there is little need to seed with more than 4k of input. + # In order to reduce the size of the seed input we hash it. + + # The output of a cryptographic hash function whose input + # contained 'n' bits of entropy will have 'm' bits of entropy, + # where 'm' is either 'n' or slightly less due to collisions. + # So we operate under the premise that there is essentially + # no loss of entropy in hashing these inputs. + + /sbin/sha256 -q `sysctl -n kern.bootfile` \ | dd of=/dev/random bs=8k 2>/dev/null - cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null + + # Note: commands are ordered based on least changing across reboots + # to most: + ( dmesg; kenv; df -ib; \ + ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl; \ + sysctl -n kern.cp_times kern.geom kern.lastpid kern.timecounter \ + kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ + date ) \ + | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null } initrandom_start() @@ -67,16 +89,16 @@ initrandom_start() # case ${entropy_file} in [Nn][Oo] | '') + better_than_nothing ;; *) if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" + feed_dev_random "${entropy_file}" \ + || better_than_nothing fi ;; esac - better_than_nothing - echo -n ' kickstart' fi -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 14:53:36 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 019111065673; Mon, 10 Sep 2012 14:53:36 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id AD7D48FC08; Mon, 10 Sep 2012 14:53:35 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id AE0006207; Mon, 10 Sep 2012 16:53:34 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 6B0B48A0A; Mon, 10 Sep 2012 16:53:34 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: obrien@freebsd.org References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> Date: Mon, 10 Sep 2012 16:53:34 +0200 In-Reply-To: <20120910135218.GA68128@dragon.NUXI.org> (David O'Brien's message of "Mon, 10 Sep 2012 06:52:18 -0700") Message-ID: <867gs2hqtt.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 14:53:36 -0000 David O'Brien writes: > + ( dmesg; kenv; df -ib; \ None of these change much between reboots; dmesg and kenv don't change at all, and neither does df unless you have /tmp and / or /var on /. > + ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl; \ -f doesn't hurt but is unlikely to make any difference in the output. -u is overridden by -o and therefore pointless. -r just changes the sort order, which is probably pointless. -H greatly increases the amount of data but not the entropy. time, re and sl are in seconds and therefore extremely predictable. so: ps -axo nwchan,majflt,minflt,nivcsw,nvcsw which is exactly what I posted earlier, except for the addition of nwchan. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 18:40:59 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 227791065686; Mon, 10 Sep 2012 18:40:59 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id D940C14E3DF; Mon, 10 Sep 2012 18:40:58 +0000 (UTC) Message-ID: <504E343A.4020802@FreeBSD.org> Date: Mon, 10 Sep 2012 11:40:58 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: obrien@freebsd.org References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> In-Reply-To: <20120910135218.GA68128@dragon.NUXI.org> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 18:40:59 -0000 I am opposed to this patch, more details below. On 9/10/2012 6:52 AM, David O'Brien wrote: > On Fri, Sep 07, 2012 at 11:51:57AM +1000, Peter Jeremy wrote: >> I've done some experiments on a couple of systems to look at gzip and >> sha256 speed. On one box, "sysctl -an" returns 109989 bytes (though >> it has been up for a while) which gzip's to 12511 bytes (still too >> large for a single write to /dev/random). The following is the >> wallclock time to run sha256 or gzip on that input (based on multiple >> runs of 100 loops). >> sha256 gzip -6 CPU >> 3.3ms 5.9ms 2.5GHz amd64 (Athlon 4850e) >> 6.8ms 13.3ms 1.6GHz i386 (Atom N270) >> 85 ms 34 ms 700MHz ARMv6 (Raspberry PI, running Linux) >> These times are all in the noise compared to overall startup time. > > I got my slowest times on a CAVIUM OCTEON 52XX CPU Rev. 0.8 with no FPU. > This is the source of my performance concerns. I agree your times are > "in the noise" and thus feel this diff deals with most of the concerns. > > * Updates the comment about blocking -- it hasn't been true for 8 years. Just because .seeded=1 doesn't mean the device is ready to spit out high quality random bits. I don't mind a change in terminology here, but we should be clear that the device needs seeding early. > * Document the natural limitations of the harvesting subsystem due to > it having finite resources (space & time). It has yet to be proven that we're dropping entropy at all. The use of dd to feed the entropy in with 2k chunks is specifically to address this issue. And even if that were not the case, as long as the input keeps flowing past the 100 ms time to empty the buffers we're still pumping entropy into the pools. As I have repeated many times now, BEFORE YOU MAKE ANY MORE CHANGES I AM ASKING YOU TO DO THE TESTING TO VERIFY YOUR CLAIMS. > * Apply Bruce Schneier's advice WRT not reusing seed material to > the 'better_than_nothing' seed material and only use it on first > post-installation boot. This is also entirely the wrong approach. We should choose commands that have the highest degree of entropy possible between reboots, AND use the /entropy file. I also agree with des' concerns regarding the specific commands you are suggesting that we substitute. Doug From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 19:11:38 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 08BAB1065670; Mon, 10 Sep 2012 19:11:37 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 75A1E8FC0C; Mon, 10 Sep 2012 19:11:37 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id A4E9262C4; Mon, 10 Sep 2012 21:11:36 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 691378A4C; Mon, 10 Sep 2012 21:11:36 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Doug Barton References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> Date: Mon, 10 Sep 2012 21:11:36 +0200 In-Reply-To: <504E343A.4020802@FreeBSD.org> (Doug Barton's message of "Mon, 10 Sep 2012 11:40:58 -0700") Message-ID: <86pq5tu1zr.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 19:11:38 -0000 Doug Barton writes: > As I have repeated many times now, BEFORE YOU MAKE ANY MORE CHANGES I AM > ASKING YOU TO DO THE TESTING TO VERIFY YOUR CLAIMS. And here's the million-dollar question... how? Boot a VM a million times, save the first 4096 bytes that come out of /dev/random at every boot, and look for correlation? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 19:21:46 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 4F838106566C; Mon, 10 Sep 2012 19:21:46 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3CBA314EDA4; Mon, 10 Sep 2012 19:21:16 +0000 (UTC) Message-ID: <504E3DAB.3090000@FreeBSD.org> Date: Mon, 10 Sep 2012 12:21:15 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> In-Reply-To: <86pq5tu1zr.fsf@ds4.des.no> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 19:21:46 -0000 On 9/10/2012 12:11 PM, Dag-Erling Smrgrav wrote: > Doug Barton writes: >> As I have repeated many times now, BEFORE YOU MAKE ANY MORE CHANGES I AM >> ASKING YOU TO DO THE TESTING TO VERIFY YOUR CLAIMS. > > And here's the million-dollar question... how? Boot a VM a million > times, save the first 4096 bytes that come out of /dev/random at every > boot, and look for correlation? If the problem with replay attacks is as bad as Arthur suggest it is, it should be visible in far less than a million tries. For the "how much entropy makes it into the pool" question instrumenting the code should do the trick. My point being that we have 12 years of successful operation, with no one (TMK) complaining that they have actually _seen_ the alleged problems in action. Now we have claims that major problems exist, requiring drastic changes in the system. As I have said before, it would be bad engineering to make these changes without proof under any circumstances. Even more so given that /dev/random is (in some senses) a security tool. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 19:42:04 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC4C91065672; Mon, 10 Sep 2012 19:42:04 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 7468D8FC15; Mon, 10 Sep 2012 19:42:04 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id C213E62E9; Mon, 10 Sep 2012 21:42:03 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 8AFE98A51; Mon, 10 Sep 2012 21:42:03 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Doug Barton References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> Date: Mon, 10 Sep 2012 21:42:03 +0200 In-Reply-To: <504E3DAB.3090000@FreeBSD.org> (Doug Barton's message of "Mon, 10 Sep 2012 12:21:15 -0700") Message-ID: <86fw6pu0l0.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 19:42:04 -0000 Doug Barton writes: > If the problem with replay attacks is as bad as Arthur suggest it is, > it should be visible in far less than a million tries. I was exaggerating a bit - but my reasoning was that since it hasn't blown up in our faces yet, it's probably subtle enough to require a large number of samples. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:03:22 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 28E82106564A; Mon, 10 Sep 2012 20:03:22 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 99ECC14DDAA; Mon, 10 Sep 2012 20:02:46 +0000 (UTC) Message-ID: <504E4765.1020909@FreeBSD.org> Date: Mon, 10 Sep 2012 13:02:45 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> In-Reply-To: <86fw6pu0l0.fsf@ds4.des.no> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:03:22 -0000 On 9/10/2012 12:42 PM, Dag-Erling Smrgrav wrote: > Doug Barton writes: >> If the problem with replay attacks is as bad as Arthur suggest it is, >> it should be visible in far less than a million tries. > > I was exaggerating a bit - but my reasoning was that since it hasn't > blown up in our faces yet, it's probably subtle enough to require a > large number of samples. ... or doesn't exist at all. :) And even if it did exist, but requires thousands of reboots to see a duplicate, then for all intents and purposes it still doesn't exist for any reasonable use case given that after the system has been up for more than 5-10 minutes with a typical load there will have been way more than sufficient hardware entropy harvested to make the internal state "unique" for all practical purposes. If I were Arthur, here is how I would test the "replay attack" assertion: 1. Install a virgin system with everything as it was before David's first commit, and let it run for 24 hours with all the defaults intact. Ideally, have it do something over the network periodically to make sure that some kind of entropy is harvested from the network drivers. Run 'find / -name SASLKASDJKL' to make sure you get some from the disk drivers too. 2. Disable the cron job for the /var/db/entropy script, and comment out the writing of /entropy at shutdown time in /etc/rc.d/random. 3. Write a script to reboot, and once the system is fully booted do 'dd if=/dev/random of=saved-random-out.$i count=4096' then reboot again immediately. Values of i from 1 to 10,000 ought to do it. 4. sha256 the saved-random-out files and see how many duplicates there are. This is simple to automate, and won't cost anything but a little time to set it up. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:28:58 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61E3F106566C; Mon, 10 Sep 2012 20:28:58 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 197728FC08; Mon, 10 Sep 2012 20:28:57 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 488426303; Mon, 10 Sep 2012 22:28:57 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 0EC478A5F; Mon, 10 Sep 2012 22:28:56 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Doug Barton References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> Date: Mon, 10 Sep 2012 22:28:56 +0200 In-Reply-To: <504E4765.1020909@FreeBSD.org> (Doug Barton's message of "Mon, 10 Sep 2012 13:02:45 -0700") Message-ID: <864nn5tyev.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:28:58 -0000 Doug Barton writes: > 3. Write a script to reboot, and once the system is fully booted do 'dd > if=3D/dev/random of=3Dsaved-random-out.$i count=3D4096' then reboot again > immediately. Values of i from 1 to 10,000 ought to do it. > 4. sha256 the saved-random-out files and see how many duplicates there ar= e. I doubt there will be any exact duplicates, but closer statistical analysis might reveal a slight bias. For instance, if my intuition serves, the Hamming distance between any pair of samples, when averaged over a large number of samples, should be half the sample length. I'm sure a professional statistician or cryptanalyst could come up with more accurate ways of detecting bias. The script in question, by the way, could simply be a few extra lines at the end of /etc/rc.d/initrandom; and I'd do it in a VM, to reduce cycle time to a minimum. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:32:16 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B6508106564A; Mon, 10 Sep 2012 20:32:16 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6C5438FC0C; Mon, 10 Sep 2012 20:32:16 +0000 (UTC) Received: by dadr6 with SMTP id r6so1677733dad.13 for ; Mon, 10 Sep 2012 13:32:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=DCPms6rjcwehmPYSuS4k8VfNJZrUvsmIb0eBI9Thy8w=; b=Qase8B+9s8HHTv7sFd/w9HyR5S8gG/qaKuRMo46qBvb8tfXcbJPGRWVIOw/fpZ6Gqe RnMeqU37nACKnsQcQfn4CLJEJ/4b+6WysaxlN6lrWY3RIqSUEkY/sbOR+hi24yB2Ogo4 GG4oXzhQEqrdTf9OnKlFW+RnZg8ziUsDnJ7pi5UZJzwSfBCjR56n2VwbXVnBXVeUwSkl Th5T/m7irVE3NvF7qjHrXAXjaNXKLEbIRugOEvztsuUHCJ0+7JanwMAJoSrxgy/7zbMU vZZ9j192RIUxGXo8KbT0S01/ULYjU5t/RFx2O88wsoF+AotmNUDtTwjrh1A0DallFCn1 eSRA== Received: by 10.68.189.161 with SMTP id gj1mr7365660pbc.21.1347309135880; Mon, 10 Sep 2012 13:32:15 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id sr3sm8599352pbc.44.2012.09.10.13.32.13 (version=SSLv3 cipher=OTHER); Mon, 10 Sep 2012 13:32:14 -0700 (PDT) Date: Mon, 10 Sep 2012 13:32:10 -0700 From: Arthur Mesh To: Doug Barton Message-ID: <20120910203210.GB90314@x96.org> References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504E4765.1020909@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling Sm?rgrav , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:32:16 -0000 On Mon, Sep 10, 2012 at 01:02:45PM -0700, Doug Barton wrote: > > I was exaggerating a bit - but my reasoning was that since it hasn't > > blown up in our faces yet, it's probably subtle enough to require a > > large number of samples. > > > If I were Arthur, here is how I would test the "replay attack" assertion: > > 1. Install a virgin system with everything as it was before David's > first commit, and let it run for 24 hours with all the defaults intact. > Ideally, have it do something over the network periodically to make sure > that some kind of entropy is harvested from the network drivers. Run > 'find / -name SASLKASDJKL' to make sure you get some from the disk > drivers too. > 2. Disable the cron job for the /var/db/entropy script, and comment out > the writing of /entropy at shutdown time in /etc/rc.d/random. > 3. Write a script to reboot, and once the system is fully booted do 'dd > if=/dev/random of=saved-random-out.$i count=4096' then reboot again > immediately. Values of i from 1 to 10,000 ought to do it. > 4. sha256 the saved-random-out files and see how many duplicates there are. This test doesn't prove anything useful for the reason des@ outlined. To summarize, I have provided my findings and reasoning multiple times. I've sent a separate report with pointers to problematic code of how entropy is consumed by yarrow to secteam@. You keep asking for empirical proof of my claims. There are two claims that I make: 1) entropy isn't fully consumed by yarrow all the time - for this I have empirical proof. 2) reusing entropy seeds is a bad thing - for this I don't have empirical proof. But I have Bruce Schneier's word. Take it or leave it. From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:33:47 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id D03FC106566B; Mon, 10 Sep 2012 20:33:47 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 55FE914E935; Mon, 10 Sep 2012 20:33:46 +0000 (UTC) Message-ID: <504E4EAA.4060808@FreeBSD.org> Date: Mon, 10 Sep 2012 13:33:46 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <864nn5tyev.fsf@ds4.des.no> In-Reply-To: <864nn5tyev.fsf@ds4.des.no> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:33:47 -0000 On 9/10/2012 1:28 PM, Dag-Erling Smrgrav wrote: > Doug Barton writes: >> 3. Write a script to reboot, and once the system is fully booted do 'dd >> if=/dev/random of=saved-random-out.$i count=4096' then reboot again >> immediately. Values of i from 1 to 10,000 ought to do it. >> 4. sha256 the saved-random-out files and see how many duplicates there are. > > I doubt there will be any exact duplicates, but closer statistical > analysis might reveal a slight bias. For instance, if my intuition > serves, the Hamming distance between any pair of samples, when averaged > over a large number of samples, should be half the sample length. I'm > sure a professional statistician or cryptanalyst could come up with more > accurate ways of detecting bias. Arthur's assertion was a high statistical likelihood of exact duplicates. His words were something like, "I'm sure we would see the exact same ssh keys generated." I agree with you that more thorough analysis would be useful, but what I'm looking for is proof of Arthur's precise assertion. > The script in question, by the way, could simply be a few extra lines at > the end of /etc/rc.d/initrandom; No, that would specifically _not_ be an acceptable test. The only valid test is after the system is fully booted, both to take rc.d/random into account, and to allow for initial hardware entropy gathering to have full effect. Remember, the assertion that David and Arthur are making is that re-using the files in /var/db/entropy is harmful. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:41:24 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 9C517106566B; Mon, 10 Sep 2012 20:41:24 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id DA33714DAFC; Mon, 10 Sep 2012 20:40:28 +0000 (UTC) Message-ID: <504E503C.7020903@FreeBSD.org> Date: Mon, 10 Sep 2012 13:40:28 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: Arthur Mesh References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <20120910203210.GB90314@x96.org> In-Reply-To: <20120910203210.GB90314@x96.org> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling Sm?rgrav , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:41:24 -0000 On 9/10/2012 1:32 PM, Arthur Mesh wrote: > On Mon, Sep 10, 2012 at 01:02:45PM -0700, Doug Barton wrote: >>> I was exaggerating a bit - but my reasoning was that since it hasn't >>> blown up in our faces yet, it's probably subtle enough to require a >>> large number of samples. >> >> >> If I were Arthur, here is how I would test the "replay attack" assertion: >> >> 1. Install a virgin system with everything as it was before David's >> first commit, and let it run for 24 hours with all the defaults intact. >> Ideally, have it do something over the network periodically to make sure >> that some kind of entropy is harvested from the network drivers. Run >> 'find / -name SASLKASDJKL' to make sure you get some from the disk >> drivers too. >> 2. Disable the cron job for the /var/db/entropy script, and comment out >> the writing of /entropy at shutdown time in /etc/rc.d/random. >> 3. Write a script to reboot, and once the system is fully booted do 'dd >> if=/dev/random of=saved-random-out.$i count=4096' then reboot again >> immediately. Values of i from 1 to 10,000 ought to do it. >> 4. sha256 the saved-random-out files and see how many duplicates there are. > > This test doesn't prove anything useful for the reason des@ outlined. > > To summarize, I have provided my findings and reasoning multiple times. > I've sent a separate report with pointers to problematic code of how > entropy is consumed by yarrow to secteam@. I'm interested in that as well. If someone from secteam@ would like to forward that to me I'd appreciate it. I will of course keep it confidential. Meanwhile can you state publicly whether or not your testing included using dd to feed the device, as is currently done? > You keep asking for empirical proof of my claims. > > There are two claims that I make: > > 1) entropy isn't fully consumed by yarrow all the time - for this I have > empirical proof. I will take your word on that, but before we make any changes to how we use the entropy in the system it would be nice if secteam@ were to discuss publicly the implications of your findings. Or, collaborate with you and I privately to make sure that the proper changes get made. > 2) reusing entropy seeds is a bad thing - for this I don't have > empirical proof. But I have Bruce Schneier's word. And as I have stated repeatedly, you and David are misapplying what you're reading. > Take it or leave it. If those are my choices, I choose "leave it." :) Without any actual proof that reusing the static entropy files causes harm, I would like to ask that the postrandom script be backed out. I will be working on my ideas to pseudo-randomize the order in which the files from /var/db/entropy are used, and to add a new file there at boot time, as discussed previously. I will submit those diffs for comment before I act on them though. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Mon Sep 10 20:46:20 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85812106564A; Mon, 10 Sep 2012 20:46:20 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3F2518FC1A; Mon, 10 Sep 2012 20:46:20 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so3175123pbb.13 for ; Mon, 10 Sep 2012 13:46:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=JdZbE96uMo59ttodsKNpnTLx93g4rDNgdhnDul+QsP4=; b=XhNOh1dEvcXgas5R3MWUcAOrg/SUuOGzp1Jgkpk/90myjk3WzhI+Z+ukq6D4Mld1en LUBjpBngPEp/tyYqO7ObybQZQoh5MWI9/rvxQ27piUBnfFUVLcSuat3OaLBWbdZS9E1I zTC9atWvkdmEyLAyY5SUyyCUNX4fkNb3coLXQ+zb4F9pKixs77OMv86tY/LyKpXl/Pzk nnobuPdukEY2bkz3NouWGP0d9jTcBDI8cxVoBL1i7xWN/JCLU5kCLRRKJAPhKX2MCfSa ngkAsRHdVQtOSLynfL2OLU/nXCjwSf9XrOz8UUDyVVwJuQX+rUOw5c5UWEh2JkMyVK3q ChUA== Received: by 10.66.75.73 with SMTP id a9mr23134461paw.43.1347309979612; Mon, 10 Sep 2012 13:46:19 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id os1sm2443032pbc.31.2012.09.10.13.46.16 (version=SSLv3 cipher=OTHER); Mon, 10 Sep 2012 13:46:18 -0700 (PDT) Date: Mon, 10 Sep 2012 13:46:14 -0700 From: Arthur Mesh To: Doug Barton Message-ID: <20120910204614.GA14077@x96.org> References: <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <20120910203210.GB90314@x96.org> <504E503C.7020903@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504E503C.7020903@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling Sm?rgrav , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 20:46:20 -0000 On Mon, Sep 10, 2012 at 01:40:28PM -0700, Doug Barton wrote: > Meanwhile can you state publicly whether or not your testing included > using dd to feed the device, as is currently done? Yes, my testing was performed on exactly how initrandom fed /dev/random in 9.0-RELEASE. From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 05:32:09 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id E71A0106564A for ; Tue, 11 Sep 2012 05:32:09 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 84DD114DF3D; Tue, 11 Sep 2012 05:32:09 +0000 (UTC) Message-ID: <504ECCD9.8010705@FreeBSD.org> Date: Mon, 10 Sep 2012 22:32:09 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120907 Thunderbird/15.0 MIME-Version: 1.0 To: d@delphij.net References: <504A5688.3090905@delphij.net> In-Reply-To: <504A5688.3090905@delphij.net> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.ORG, Xin Li Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 05:32:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/07/2012 13:18, Xin Li wrote: > Hi, > > Here is a patch that adds a new option, -R, to service(8), that > restarts all "local" services. Useful for after portmaster -a. Since no one else has spoken up, I will. I dislike this idea rather strongly, and would not like to see it go in. It's incredibly rare that restarting all local services would be the right course of action. I don't see any need to special case local services in this manner, and would never recommend that anyone use this option. Doug - -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJQTszZAAoJEFzGhvEaGryEcv8H/13gtG0+kSS8WTH02Ewf4xI3 rTw3fQpkWIhP3YGbJa60WxbHMbgymi54eoIyRDBVa8VmLx2xG2Ep6QFKEmWKOa9d XRq4vEl8UGCfuuX2NPlILlWebZCswnfw3yOmLhu8sxmnvgIvg4tLFB5H8NAc4GwS phHkQT9iO4GxOLmeTO+E0hGjZvv0JdH1Z9Wgau+0u2fAotYXzgv7TmKdVs70SYf6 bb6V0lTms8x1vxOCCPXALnUe2Dx4DasBekVTyxUEBwSmNIBAnJPdOlxFxbmtiz5j yklREr+IGG3hAp7mQLvGcO3CCmaTYesOrKyfr1F9Y7Aq5Vh000jjNKQseB3xuhw= =vWJ8 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 05:46:10 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 03CED1065676; Tue, 11 Sep 2012 05:46:10 +0000 (UTC) Date: Mon, 10 Sep 2012 22:46:09 -0700 From: David O'Brien To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= Message-ID: <20120911054608.GA72584@dragon.NUXI.org> References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <867gs2hqtt.fsf@ds4.des.no> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 05:46:10 -0000 On Mon, Sep 10, 2012 at 04:53:34PM +0200, Dag-Erling Smrgrav wrote: > David O'Brien writes: > > + ( dmesg; kenv; df -ib; \ > > None of these change much between reboots; dmesg and kenv don't change > at all, I know that. I mentioned some attacker scenarios in a previous email. None of this is all that good... but at least for the attacker who does not have a login on the system, how likely are they to be able to guess what my kenv (and dmesg) output is? Sure the search space of all possible outputs isn't really all that great, but these add at least *some* effort. By passing this output thru a cryptographic hash, we aren't overfilling the internal yarrow seed buffers so it is OK to error on adding 1 more bit of entropy if the output is fast to get and output. > and neither does df unless you have /tmp and / or /var on /. Agreed. > > + ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl; \ > -f doesn't hurt but is unlikely to make any difference in the output. > -u is overridden by -o and therefore pointless. Please verify this claim (or have I misunderstood you?): $ ps -fauxrH -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/1 $ ps -faxrH -o nwchan,nivcsw,nvcsw,time,re,sl >/tmp/2 $ diff -u /tmp/1 /tmp/2 --- /tmp/1 2012-09-10 22:13:56.000000000 -0700 +++ /tmp/2 2012-09-10 22:14:02.000000000 -0700 @@ -1,112 +1,112 @@ -USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND NWCHAN NIVCSW NVCSW TIME RE SL -root 11 100.0 0.0 0 32 - RL Thu09AM 6518:01.18 [idle] - 31970908 1566173 6518:01.18 127 127 -root 11 100.0 0.0 0 32 - RL Thu09AM 6516:05.59 [idle] - 8697044 735838 6516:05.59 127 127 -root 0 0.0 0.0 0 192 - DLs Thu09AM 0:54.67 [kernel] ffffffff81288b00 103 39126 0:54.67 127 4 ... +NWCHAN NIVCSW NVCSW TIME RE SL +- 31971474 1566182 6518:07.65 127 127 +- 8697241 735839 6516:12.08 127 127 +ffffffff81288b00 103 39127 0:54.67 127 1 In the above I am not saying anything about the usefulness of including "-u", just that it is fully overridden by -o and thus useless. > -r just changes the sort order, which is probably pointless. I'm not wedded to "-r", but since you're proposing this to not use "-r", which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and looking at the output, please show a diff of two boots with "-r" and without "-r" so can see what the change really is. > -H greatly increases the amount of data but not the entropy. I disagree. It isn't a great amount of variance and thus unpredictability, but it is a little bit. Have you instrumented /etc/rc.d/initrandom and diff'ed two boots? I have. > time, re and sl are in seconds and therefore extremely predictable. easily to predict, but more than zero effort. > so: > ps -axo nwchan,majflt,minflt,nivcsw,nvcsw I do like adding "majflt,minflt" from what I've seen of the output. Thus (sorting the fields): ps -fauxrH -o majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 06:14:16 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC0A710657FB; Tue, 11 Sep 2012 06:14:16 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 440FA8FC1A; Tue, 11 Sep 2012 06:14:15 +0000 (UTC) Received: by eeke52 with SMTP id e52so67597eek.13 for ; Mon, 10 Sep 2012 23:14:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tM+7qX8NMYP7M6H40n+NRw2attBwUqYpwBeuBBuxcCs=; b=B610lueHsVrmz5J5X3HTT2r8AWz78ApWB+pHH5PsQIgiVTgpc7nEFdlEI8uJBVsyik 1lDfAI1TSbk0B3CFsyD5G0+Ev2FNjk3PYX6IZZs0V78bG94PEx7aDggaescUkJlN42t5 at6dDcQ5wT5ZWPVzbigOcmhplMP50vKsjBNfr9wmDBaFlGlbqY1BHCExJ5+YIdUgc+m7 vzEqsUOc7kJ2628CVWFQkXfowMnzLa9uvPrRI5YLRVb0YcAq6KvnxARRoico+7AEZWY9 4sQvvOa9bZUGqoyX9Oyrse5Wy+/tjrzQyM3MknVCzMsEKC3T5NQl5KiYi/IQ9XdmAGUe 5xYA== MIME-Version: 1.0 Received: by 10.204.129.14 with SMTP id m14mr4324994bks.7.1347344055120; Mon, 10 Sep 2012 23:14:15 -0700 (PDT) Received: by 10.204.10.141 with HTTP; Mon, 10 Sep 2012 23:14:14 -0700 (PDT) Received: by 10.204.10.141 with HTTP; Mon, 10 Sep 2012 23:14:14 -0700 (PDT) In-Reply-To: <504ECCD9.8010705@FreeBSD.org> References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> Date: Tue, 11 Sep 2012 07:14:14 +0100 Message-ID: From: Chris Rees To: Doug Barton Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Xin LI , freebsd-rc@freebsd.org, Xin Li Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 06:14:16 -0000 On 11 Sep 2012 06:32, "Doug Barton" wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 09/07/2012 13:18, Xin Li wrote: > > Hi, > > > > Here is a patch that adds a new option, -R, to service(8), that > > restarts all "local" services. Useful for after portmaster -a. > > Since no one else has spoken up, I will. I dislike this idea rather > strongly, and would not like to see it go in. It's incredibly rare > that restarting all local services would be the right course of > action. I don't see any need to special case local services in this > manner, and would never recommend that anyone use this option. How about after a big update of ports? I'd like this option. Chris From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 06:15:31 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 5736C1065673; Tue, 11 Sep 2012 06:15:31 +0000 (UTC) Date: Mon, 10 Sep 2012 23:15:30 -0700 From: David O'Brien To: Doug Barton Message-ID: <20120911061530.GA77399@dragon.NUXI.org> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50493480.8060307@FreeBSD.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 06:15:31 -0000 On Thu, Sep 06, 2012 at 04:40:48PM -0700, Doug Barton wrote: > It is way past time that you either demonstrate that your claim has > merit, or stop making it. Doug, At this point what are you asking for? * To run better_than_nothing() before feed_dev_random() with ${entropy_file}? I addressed that in Message-ID: <20120906142816.GA13179@dragon.NUXI.org>, jhb in <201209050944.38042.jhb@freebsd.org>, and RW in <20120905021248.5a17ace9@gumby.homeunix.com>. * To not run 'postrandom' to delete ${entropy_file}? I addressed that in Message-ID: <20120906142816.GA13179@dragon.NUXI.org> and <20120905203222.GA2920@dragon.NUXI.org>. Our our own sys/dev/random/nehemiah.c follows this advice: ... * key, IV and the data are all read directly from the hardware RNG. * All of these are used precisely once. */ As does OpenBSD. * To run 'ps' twice in better_than_nothing()? I've addressed that in <20120906164514.GA14757@dragon.NUXI.org> & <20120906224519.GB18953@dragon.NUXI.org>, and Ian Lepore in <1346962976.59094.187.camel@revolution.hippie.lan>. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 06:38:32 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 318DF106564A; Tue, 11 Sep 2012 06:38:32 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id C9B3514DF6B; Tue, 11 Sep 2012 06:38:31 +0000 (UTC) Message-ID: <504EDC67.9070700@FreeBSD.org> Date: Mon, 10 Sep 2012 23:38:31 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120907 Thunderbird/15.0 MIME-Version: 1.0 To: obrien@freebsd.org References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> In-Reply-To: <20120911061530.GA77399@dragon.NUXI.org> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 06:38:32 -0000 On 09/10/2012 23:15, David O'Brien wrote: > On Thu, Sep 06, 2012 at 04:40:48PM -0700, Doug Barton wrote: >> It is way past time that you either demonstrate that your claim has >> merit, or stop making it. > > Doug, > At this point what are you asking for? For you to back out your rc.d changes related to /dev/random. (You already know the answer to this, since I just sent you a request in private mail.) You have not actually demonstrated a real problem, and you are misapplying the advice you're reading. I can't make it any more simple than that. That said, I have made 2 concrete proposals that address your concerns about replay attacks: 1. Pseudo-randomize the order in which we utilize the files in /var/db/entropy 2. Add a file to /var/db/entropy at boot time to help with the fast reboot issue that will be deleted by subsequent runs of the save-entropy script. Both of those proposals improve the way that the system uses those files, dramatically reduce the already incredibly slim chance that an attacker can guess the internal state of the device, and avoid weakening the system in the event of a fast reboot. I have listened to both you and Arthur regarding your concerns, explained (to the best of my ability) why decisions were made when these things were written originally, and addressed your concerns with proactive suggestions. In return you and Arthur have repeated the same arguments over and over again, in spite of my pointing out the flaws in your reasoning each time. Further, you have made not 1, but as of tonight 2 more commits in this area after I specifically asked you not to proceed until a consensus was reached. Even if you were 100% right, this is still bad form. > * To run better_than_nothing() before feed_dev_random() with > ${entropy_file}? As I've pointed out already, it's arguable which of the 2 sources is "better," but doesn't really matter that much which one is run first. Given that it's arguable my slight preference would be to restore the previous order, as I did in the patch that I submitted for review. It's also worth pointing out that I also asked you to avoid violating existing style guidelines by not creating a function out of code that's only used once; and pointed out that we should always run both "better than nothing" commands AND use /entropy. > I addressed that in Message-ID: FYI, quoting message ids is a particularly useless thing to do. Nevertheless, I understand your arguments, and believe that I have addressed them pretty thoroughly. > * To not run 'postrandom' to delete ${entropy_file}? > > I addressed that Yes, and you're 100% wrong. Sorry to be so blunt, but I have repeatedly drawn the distinction between an ideal system, and one that may have to reboot before all of the files have been replaced over time. You and Arthur have consistently ignored that distinction. On a typical system that is up for longer than 88 minutes, your change is moot since all the files will get replaced. In the event of a short reboot cycle, your change damages the system. > Our our own sys/dev/random/nehemiah.c follows this advice: > ... > * key, IV and the data are all read directly from the hardware RNG. > * All of these are used precisely once. > */ > > As does OpenBSD. Right, PER BOOT. > * To run 'ps' twice in better_than_nothing()? I've already said that I'm open to discussion about using different commands for the "better than nothing" set. It's worth pointing out however that there is far from universal agreement that your suggestions are the right ones. As I said in my private message, I'm sorry that it's come to this, as I consider you a friend, and I had hoped we could work things out in an amicable way. But your suggestions are moving in the wrong direction, and my attempts to persuade you have failed. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 06:46:38 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id F0F1D106566C; Tue, 11 Sep 2012 06:46:37 +0000 (UTC) Date: Mon, 10 Sep 2012 23:46:36 -0700 From: David O'Brien To: Doug Barton Message-ID: <20120911064636.GB72584@dragon.NUXI.org> References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504E343A.4020802@FreeBSD.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 06:46:38 -0000 On Mon, Sep 10, 2012 at 11:40:58AM -0700, Doug Barton wrote: > I am opposed to this patch, more details below. > > On 9/10/2012 6:52 AM, David O'Brien wrote: > > * Updates the comment about blocking -- it hasn't been true for 8 years. > > Just because .seeded=1 doesn't mean the device is ready to spit out high > quality random bits. I don't mind a change in terminology here, but we > should be clear that the device needs seeding early. In what way did I suggest we don't need to seed the PRNG? I simply removed an outdated and incorrect statement. In fact writing into /dev/random CANNOT "seeded" yarrow. All /dev/random input is untrusted and is assumed to have _0_ entropy: void random_yarrow_write(void *buf, int count) { ... random_harvest_internal(get_cyclecount(), (char *)buf + i, chunk, 0, 0, RANDOM_WRITE); I would need to setup a 2004-04-09 -CURRENT system to test, but I don't see how these commands could have unblocked the generator except that they contributed to the interrupts that occurred. So we have two issues -- (1) is how yarrow is operating per the design with its checks on "seeded", and (2) what is the difficulty of an attacker being able to figure out the internal state of the PRNG generator such that they can predict the output -- something which you mentioned in a recent reply. We also have the issue that we are the only system in which /dev/random does not block if the PRNG has consumed all the seeded entropy: crw-rw-rw- 1 root wheel 0x1f Aug 22 16:39 /dev/random lrwxr-xr-x 1 root wheel 6 Aug 1 15:33 /dev/urandom@ -> random Thus I am concerned about the internal state of the generator. compare : while true; do dd if=${INPUT} of=/dev/null bs=8k count=1 2> /dev/null echo -n "." done with both INPUT=/dev/random and INPUT=/dev/urandom on both FreeBSD and any other non-FreeBSD system. I am not sure how we're POSIX compliant with this. > > * Doaument the natural limitations of the harvesting subsystem due to > > it having finite resources (space & time). > > It has yet to be proven that we're dropping entropy at all. We are dropping input. Whether that input contains any entropy is a different issue. That said, _I_have_seen_the_dumps_of_the_internal_buffers_ from Arthur's experiments. It happens -- easily. I'll leave it up to him if he wants to rerun the experiments and post the results. Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does happen just from reading the code. Please explain from either (1) a code reading, or (2) your own instrumented kernel that dropping of input to /dev/random does not occur. > The use of dd to feed the entropy in with 2k chunks is specifically to > address this issue. Maybe I'm missing something... The code in 'initrandom' is "| dd of=/dev/random bs=8k". Where are you getting 2k chunks from that? > > * Apply Bruce Schneier's advice WRT not reusing seed material to > > the 'better_than_nothing' seed material and only use it on first > > post-installation boot. > > This is also entirely the wrong approach. We should choose commands that > have the highest degree of entropy possible between reboots, AND use the > /entropy file. Why do you want to continue to use guessable input? I guess I don't care that much if we write in into /dev/random as long as it is after we've written ${entropy_file}. But I don't see much of the point. I'm really done arguing this with you. I've argued my point with literature, code, and measurements. Until you do the same I don't think you have anything new to add and I've addressed everything from your input I intend to. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 07:10:46 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 9FE47106564A; Tue, 11 Sep 2012 07:10:46 +0000 (UTC) Date: Tue, 11 Sep 2012 00:10:45 -0700 From: David O'Brien To: Doug Barton Message-ID: <20120911071045.GC72584@dragon.NUXI.org> References: <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <864nn5tyev.fsf@ds4.des.no> <504E4EAA.4060808@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504E4EAA.4060808@FreeBSD.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?Q?Sm=F8rgrav?= , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 07:10:46 -0000 On Mon, Sep 10, 2012 at 01:33:46PM -0700, Doug Barton wrote: > Remember, the assertion that David and Arthur are making is that > re-using the files in /var/db/entropy is harmful. Damnit Doug is your desktop's memory faulty and you're loosing RAM values? Is your MUA (or MTA) randomly dropping characters in my replies to you? Or are you freaking blind or just cannot understand the English language??? It is not just David and Arthur, it is also the designer of the PRNG we use. It is also other cryptographic-minded folks such as I found in a few threads of Cryptography-Digest. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 07:14:25 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 1C8CF10657C6; Tue, 11 Sep 2012 07:14:25 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 5BBB0156381; Tue, 11 Sep 2012 07:12:06 +0000 (UTC) Message-ID: <504EE446.6060500@FreeBSD.org> Date: Tue, 11 Sep 2012 00:12:06 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120907 Thunderbird/15.0 MIME-Version: 1.0 To: obrien@freebsd.org References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> In-Reply-To: <20120911064636.GB72584@dragon.NUXI.org> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 07:14:25 -0000 On 09/10/2012 23:46, David O'Brien wrote: > On Mon, Sep 10, 2012 at 11:40:58AM -0700, Doug Barton wrote: >> I am opposed to this patch, more details below. >> >> On 9/10/2012 6:52 AM, David O'Brien wrote: >>> * Updates the comment about blocking -- it hasn't been true for 8 years. >> >> Just because .seeded=1 doesn't mean the device is ready to spit out high >> quality random bits. I don't mind a change in terminology here, but we >> should be clear that the device needs seeding early. > > In what way did I suggest we don't need to seed the PRNG? > I simply removed an outdated and incorrect statement. Yes, the comment as it stood was out of date. I'm not sure that removing it (rather than rephrasing it) was the right call. > In fact writing into /dev/random CANNOT "seeded" yarrow. All /dev/random > input is untrusted and is assumed to have _0_ entropy: > > void > random_yarrow_write(void *buf, int count) > { > ... > random_harvest_internal(get_cyclecount(), (char *)buf + i, > chunk, 0, 0, RANDOM_WRITE); You're taking that out of context. The 0 there is just an estimate, but it's added to the tailq anyway. > I would need to setup a 2004-04-09 -CURRENT system to test, but I don't > see how these commands could have unblocked the generator except that > they contributed to the interrupts that occurred. Yes, some actual testing on your part would really be awesome at this point. > So we have two issues -- (1) is how yarrow is operating per the design > with its checks on "seeded", I am specifically avoiding that issue as it is out of scope for the rc.d-related discussion. There is room for a larger discussion on whether or not we should make .seeded dynamic again. But regardless of that decision, it's unquestionable that we need to seed the device at boot time, which is what I am interested in. > and (2) what is the difficulty of an > attacker being able to figure out the internal state of the PRNG > generator such that they can predict the output -- something which you > mentioned in a recent reply. ... and something that I pointed out that with the current defaults is close enough to impossible not to be a threat model we need to spend much time on. > We also have the issue that we are the only system in which /dev/random > does not block if the PRNG has consumed all the seeded entropy: I'm not sure that "the PRNG has consumed all the seeded entropy" is a statement that can apply to our Yarrow implementation, but once again that's a whole different discussion than what we're dealing with regarding the rc.d bits. >>> * Doaument the natural limitations of the harvesting subsystem due to >>> it having finite resources (space & time). >> >> It has yet to be proven that we're dropping entropy at all. > > We are dropping input. Well I was assuming that the input has at least some entropic value, but you are right, "input" is the more correct term here. > Whether that input contains any entropy is a > different issue. That said, _I_have_seen_the_dumps_of_the_internal_buffers_ > from Arthur's experiments. It happens -- easily. I'll leave it up to > him if he wants to rerun the experiments and post the results. I have always said that I'm willing to listen to actual evidence that there is a problem, and make changes accordingly. I already responded to Arthur about his statements in this regard today. If it's true that we're dropping input there are any number of changes that could be made to fix that problem. > Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW > <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does > happen just from reading the code. Please explain from either > (1) a code reading, or (2) your own instrumented kernel that dropping > of input to /dev/random does not occur. Once again, you're the one asserting that there is a problem with a system that has worked well for 12 years, so the burden of proof is on you. That said, I'm interested in Arthur's evidence. >> The use of dd to feed the entropy in with 2k chunks is specifically to >> address this issue. > > Maybe I'm missing something... The code in 'initrandom' is > "| dd of=/dev/random bs=8k". Where are you getting 2k chunks from that? You're right, I didn't have a chance to look over the code when I wrote that response, and was going by my (obviously faulty) memory on that trivial point. My understanding is that Arthur's tests were with the current defaults. It would be interesting to see what happens if we reduce that to 4k (to match the input buffer size), or perhaps even lower. >>> * Apply Bruce Schneier's advice WRT not reusing seed material to >>> the 'better_than_nothing' seed material and only use it on first >>> post-installation boot. >> >> This is also entirely the wrong approach. We should choose commands that >> have the highest degree of entropy possible between reboots, AND use the >> /entropy file. > > Why do you want to continue to use guessable input? We have been over this, and I'm tired of repeating myself. > I guess I don't > care that much if we write in into /dev/random as long as it is after > we've written ${entropy_file}. But I don't see much of the point. I'm also tired of repeating why writing out a new /entropy file at boot time makes the system weaker, not stronger. > I'm really done arguing this with you. I've argued my point with > literature, code, and measurements. Until you do the same I don't think > you have anything new to add and I've addressed everything from your > input I intend to. Fair enough, I'm happy to leave the decision with core@. I at least agree with you that nothing new has been said for a while now. :) Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 07:16:47 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id A8745106566C; Tue, 11 Sep 2012 07:16:47 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id C8D9B1579CC; Tue, 11 Sep 2012 07:14:21 +0000 (UTC) Message-ID: <504EE4CD.80804@FreeBSD.org> Date: Tue, 11 Sep 2012 00:14:21 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120907 Thunderbird/15.0 MIME-Version: 1.0 To: obrien@freebsd.org References: <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <864nn5tyev.fsf@ds4.des.no> <504E4EAA.4060808@FreeBSD.org> <20120911071045.GC72584@dragon.NUXI.org> In-Reply-To: <20120911071045.GC72584@dragon.NUXI.org> X-Enigmail-Version: 1.4.4 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 07:16:47 -0000 On 09/11/2012 00:10, David O'Brien wrote: > On Mon, Sep 10, 2012 at 01:33:46PM -0700, Doug Barton wrote: >> Remember, the assertion that David and Arthur are making is that >> re-using the files in /var/db/entropy is harmful. > > It is not just David and Arthur, it is also the designer of the PRNG we > use. And once again, you're misapplying what you're reading by failing to take into account the differences between a theoretically perfect system, and one that may reboot before all the files have been replaced over time. > It is also other cryptographic-minded folks such as I found in a > few threads of Cryptography-Digest. I can't deal with "appeal to authority" without being able to at least read the relevant material. Do you have URLs for this? -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 07:31:19 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6D858106566C; Tue, 11 Sep 2012 07:31:19 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 25D028FC08; Tue, 11 Sep 2012 07:31:19 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 6DF026463; Tue, 11 Sep 2012 09:31:18 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 331CF8AEC; Tue, 11 Sep 2012 09:31:18 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: obrien@freebsd.org References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> <20120911054608.GA72584@dragon.NUXI.org> Date: Tue, 11 Sep 2012 09:31:18 +0200 In-Reply-To: <20120911054608.GA72584@dragon.NUXI.org> (David O'Brien's message of "Mon, 10 Sep 2012 22:46:09 -0700") Message-ID: <864nn58189.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 07:31:19 -0000 David O'Brien writes: > Dag-Erling Sm=C3=B8rgrav writes: > > -u is overridden by -o and therefore pointless. > Please verify this claim (or have I misunderstood you?): Hmm, I assumed it did, but didn't check. Sorry. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 07:43:36 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id B883F106566B; Tue, 11 Sep 2012 07:43:36 +0000 (UTC) Date: Tue, 11 Sep 2012 00:43:35 -0700 From: David O'Brien To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= Message-ID: <20120911074335.GD78292@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> <20120911054608.GA72584@dragon.NUXI.org> <864nn58189.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <864nn58189.fsf@ds4.des.no> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 07:43:36 -0000 On Tue, Sep 11, 2012 at 09:31:18AM +0200, Dag-Erling Smrgrav wrote: > David O'Brien writes: > > Dag-Erling Smørgrav writes: > > > -u is overridden by -o and therefore pointless. > > Please verify this claim (or have I misunderstood you?): > > Hmm, I assumed it did, but didn't check. Sorry. No problem. Based on your responce I re-read the man page and felt you were correct until I tested it. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 08:23:10 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id B78EC106566C; Tue, 11 Sep 2012 08:23:10 +0000 (UTC) Date: Tue, 11 Sep 2012 01:23:09 -0700 From: David O'Brien To: Doug Barton Message-ID: <20120911082309.GD72584@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504EE446.6060500@FreeBSD.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 08:23:10 -0000 > On 09/10/2012 23:46, David O'Brien wrote: > > In what way did I suggest we don't need to seed the PRNG? > > I simply removed an outdated and incorrect statement. > > Yes, the comment as it stood was out of date. I'm not sure that removing > it (rather than rephrasing it) was the right call. Doug you're a FreeBSD committer, you know how to use an editor and 'svn diff'. Where is your patch suggesting a rephrase? > > In fact writing into /dev/random CANNOT "seeded" yarrow. All /dev/random > > input is untrusted and is assumed to have _0_ entropy: > > > > void > > random_yarrow_write(void *buf, int count) > > { > > ... > > random_harvest_internal(get_cyclecount(), (char *)buf + i, > > chunk, 0, 0, RANDOM_WRITE); > > You're taking that out of context. The 0 there is just an estimate, but > it's added to the tailq anyway. Yes the input written to /dev/random is put into the generator (provided you have the seed buffer space). The "0, 0" is the 'bits' and 'frac' argument to random_harvest_internal(), which become 'event->bits' and 'event->frac'. Follow the code from there and point out how I am wrong. What overrides the estimate then? This is discussed in the yarrow paper. Have you read it yet? > > So we have two issues -- (1) is how yarrow is operating per the design > > with its checks on "seeded", > > I am specifically avoiding that issue as it is out of scope for the > rc.d-related discussion. There is room for a larger discussion on > whether or not we should make .seeded dynamic again. > > But regardless of that decision, it's unquestionable that we need to > seed the device at boot time, which is what I am interested in. Unquestionable in what regard? Unquestionable in that we must do so to get any useful output of /dev/random. Unquestionable in that FreeBSD will not boot? As I mentioned, I tested that. The system booted up fine with no delays, etc... Scary. > ... and something that I pointed out that with the current defaults is > close enough to impossible not to be a threat model we need to spend > much time on. Oh? You've done sufficient research? You've gathered 100,000 keys from random FreeBSD machines from across the Internet? I am aware of research that has. I'm not saying FreeBSD was a red hearing as Debian was; but you seem to be quickly dismissing something you seem to have spent little time investigating or thinking about. > > Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW > > <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does > > happen just from reading the code. Please explain from either > > (1) a code reading, or (2) your own instrumented kernel that dropping > > of input to /dev/random does not occur. > > Once again, you're the one asserting that there is a problem with a > system that has worked well for 12 years, so the burden of proof is on > you. That said, I'm interested in Arthur's evidence. Are you not a sufficient C programmer that you couldn't hack this up yourself with the amount of time you've spent arguing it? Create a couple MB buffer and copy the internal RANDOM_WRITE seed buffers to it when they are processed in random_kthread() or some other suitable routine. You'll have a running stream of several /dev/random writes. Look at the output and match it to what was written into /dev/random. This is not rocket science. > >> The use of dd to feed the entropy in with 2k chunks is specifically to > >> address this issue. > > > > Maybe I'm missing something... The code in 'initrandom' is > > "| dd of=/dev/random bs=8k". Where are you getting 2k chunks from that? > > You're right, I didn't have a chance to look over the code when I wrote > that response, and was going by my (obviously faulty) memory on that > trivial point. This seems to be one of your problems -- you don't seem to be reading any code or papers before replying. > My understanding is that Arthur's tests were with the > current defaults. It would be interesting to see what happens if we > reduce that to 4k (to match the input buffer size), What do you think is the size of ${entropy_file}? > or perhaps even lower. Just how much do you expect the write(2) to be slowed down by breaking up the 4k write into 2 or 3 chunks? -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 08:25:36 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 3D2611065676; Tue, 11 Sep 2012 08:25:36 +0000 (UTC) Date: Tue, 11 Sep 2012 01:25:35 -0700 From: David O'Brien To: freebsd-rc@freebsd.org Message-ID: <20120911082535.GA79191@dragon.NUXI.org> References: <20120827204635.GA55142@dragon.NUXI.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120827204635.GA55142@dragon.NUXI.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: FILESYSTEMS wierdness X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 08:25:36 -0000 On Mon, Aug 27, 2012 at 01:46:35PM -0700, David O'Brien (@FreeBSD) wrote: > Index: ldconfig > =================================================================== > --- ldconfig (revision 239751) > +++ ldconfig (working copy) > @@ -4,7 +4,7 @@ > # > > # PROVIDE: ldconfig > -# REQUIRE: mountcritremote cleanvar > +# REQUIRE: mountcritremote FILESYSTEMS ... Doug asked that I post my "before and after" rcorder output of this diff to the list: --- /tmp/before 2012-09-10 21:55:41.000000000 -0700 +++ /tmp/after 2012-09-10 21:55:45.000000000 -0700 @@ -15,12 +15,12 @@ mdconfig hostid_save mountcritlocal zfs +var +cleanvar FILESYSTEMS kldxref kld addswap -var -cleanvar random postrandom adjkerntz From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 09:38:16 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 94996106564A; Tue, 11 Sep 2012 09:38:16 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 08D2214E5D7; Tue, 11 Sep 2012 09:38:16 +0000 (UTC) Message-ID: <504F0687.7020309@FreeBSD.org> Date: Tue, 11 Sep 2012 02:38:15 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: obrien@freebsd.org References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> In-Reply-To: <20120911082309.GD72584@dragon.NUXI.org> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, RW , Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 09:38:16 -0000 On 09/11/2012 01:23 AM, David O'Brien wrote: >> On 09/10/2012 23:46, David O'Brien wrote: >>> In what way did I suggest we don't need to seed the PRNG? >>> I simply removed an outdated and incorrect statement. >> >> Yes, the comment as it stood was out of date. I'm not sure that removing >> it (rather than rephrasing it) was the right call. > > Doug you're a FreeBSD committer, you know how to use an editor and > 'svn diff'. Where is your patch suggesting a rephrase? David, being rude isn't really helping at this point. If I wasn't spending all of my FreeBSD time responding to the same stuff from you and Arthur over and over again, I'd have more time to produce the patches I've already suggested. As it is, you'll just have to wait. Meanwhile, I've asked you to hold off on committing more changes (twice now publicly, once in private), so please do that. >>> In fact writing into /dev/random CANNOT "seeded" yarrow. All /dev/random >>> input is untrusted and is assumed to have _0_ entropy: >>> >>> void >>> random_yarrow_write(void *buf, int count) >>> { >>> ... >>> random_harvest_internal(get_cyclecount(), (char *)buf + i, >>> chunk, 0, 0, RANDOM_WRITE); >> >> You're taking that out of context. The 0 there is just an estimate, but >> it's added to the tailq anyway. > > Yes the input written to /dev/random is put into the generator > (provided you have the seed buffer space). > > The "0, 0" is the 'bits' and 'frac' argument to > random_harvest_internal(), which become 'event->bits' and 'event->frac'. > Follow the code from there and point out how I am wrong. > > What overrides the estimate then? Better question, what is the estimate actually used for? > This is discussed in the yarrow paper. > Have you read it yet? Yes, when I implemented the rc.d stuff in the first place, and again recently. >>> So we have two issues -- (1) is how yarrow is operating per the design >>> with its checks on "seeded", >> >> I am specifically avoiding that issue as it is out of scope for the >> rc.d-related discussion. There is room for a larger discussion on >> whether or not we should make .seeded dynamic again. >> >> But regardless of that decision, it's unquestionable that we need to >> seed the device at boot time, which is what I am interested in. > > Unquestionable in what regard? Unquestionable in that we must do so to > get any useful output of /dev/random. Yes, as I have said repeatedly. > Unquestionable in that FreeBSD will not boot? As I mentioned, I tested > that. The system booted up fine with no delays, etc... Scary. Again, the issue of whether .seeded should be made dynamic again is out of scope for this conversation. >> ... and something that I pointed out that with the current defaults is >> close enough to impossible not to be a threat model we need to spend >> much time on. > > Oh? You've done sufficient research? You've gathered 100,000 keys from > random FreeBSD machines from across the Internet? I am aware of research > that has. references? > I'm not saying FreeBSD was a red hearing as Debian was; but > you seem to be quickly dismissing something you seem to have spent little > time investigating or thinking about. Again, being rude isn't helpful. I've actually spent a lot of time thinking about these issues, both at the time I wrote the code, and recently. >>> Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW >>> <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does >>> happen just from reading the code. Please explain from either >>> (1) a code reading, or (2) your own instrumented kernel that dropping >>> of input to /dev/random does not occur. >> >> Once again, you're the one asserting that there is a problem with a >> system that has worked well for 12 years, so the burden of proof is on >> you. That said, I'm interested in Arthur's evidence. > > Are you not a sufficient C programmer that you couldn't hack this up > yourself with the amount of time you've spent arguing it? Seriously. Stop being such an ass. I've said lots of times now that my FreeBSD time is limited, and THE BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're right, the truth will benefit all of us. >>>> The use of dd to feed the entropy in with 2k chunks is specifically to >>>> address this issue. >>> >>> Maybe I'm missing something... The code in 'initrandom' is >>> "| dd of=/dev/random bs=8k". Where are you getting 2k chunks from that? >> >> You're right, I didn't have a chance to look over the code when I wrote >> that response, and was going by my (obviously faulty) memory on that >> trivial point. > > This seems to be one of your problems -- you don't seem to be reading any > code or papers before replying. Again, rudeness for no good reason. I've spent more time than I should have had to on this already, including reading and re-reading the material that you've provided. >> My understanding is that Arthur's tests were with the >> current defaults. It would be interesting to see what happens if we >> reduce that to 4k (to match the input buffer size), > > What do you think is the size of ${entropy_file}? There are more things being pumped into the device with dd than just that 1 file. And users can change the size of the file in /var/db/entropy from the defaults as well. >> or perhaps even lower. > > Just how much do you expect the write(2) to be slowed down by breaking up > the 4k write into 2 or 3 chunks? I don't know, that's why we test things. But as I said, that's just one of many possible changes we could make to address the concern about dropping input. I can't speak intelligently about what other changes would be useful until I've seen the data that shows what we're dropping now. Doug From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 11:28:53 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A3B1106564A; Tue, 11 Sep 2012 11:28:53 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id B6A858FC14; Tue, 11 Sep 2012 11:28:52 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id DD9FD64E8; Tue, 11 Sep 2012 13:28:51 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 89CA78B17; Tue, 11 Sep 2012 13:28:51 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Doug Barton References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> Date: Tue, 11 Sep 2012 13:28:51 +0200 In-Reply-To: <504EDC67.9070700@FreeBSD.org> (Doug Barton's message of "Mon, 10 Sep 2012 23:38:31 -0700") Message-ID: <86sjao7q8c.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 11:28:53 -0000 Doug Barton writes: > 1. Pseudo-randomize the order in which we utilize the files in > /var/db/entropy There's no need for randomization if we make sure that *all* the data written to /dev/random is used, rather than just the first 4096 bytes; or that we reduce the amount of data to 4096 bytes before we write it so none of it is discarded. My gut feeling is that compression is better than hashing for that purpose, but at this point I'd be more comfortable if someone with an academic background in either cryptography or statistics (cperciva@?) weighed in. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 11:56:06 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4D2C1065672 for ; Tue, 11 Sep 2012 11:56:06 +0000 (UTC) (envelope-from ache@vniz.net) Received: from vniz.net (vniz.net [194.87.13.69]) by mx1.freebsd.org (Postfix) with ESMTP id 197A38FC0C for ; Tue, 11 Sep 2012 11:56:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by vniz.net (8.14.5/8.14.5) with ESMTP id q8BBtvfZ006130; Tue, 11 Sep 2012 15:55:58 +0400 (MSK) (envelope-from ache@vniz.net) Received: (from ache@localhost) by localhost (8.14.5/8.14.5/Submit) id q8BBtv1D006128; Tue, 11 Sep 2012 15:55:57 +0400 (MSK) (envelope-from ache) Date: Tue, 11 Sep 2012 15:55:56 +0400 From: Andrey Chernov To: Doug Barton Message-ID: <20120911115556.GA6045@vniz.net> Mail-Followup-To: Andrey Chernov , Doug Barton , Arthur Mesh , freebsd-rc@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, RW , Dag-Erling Sm?rgrav , Xin Li References: <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <86pq5tu1zr.fsf@ds4.des.no> <504E3DAB.3090000@FreeBSD.org> <86fw6pu0l0.fsf@ds4.des.no> <504E4765.1020909@FreeBSD.org> <20120910203210.GB90314@x96.org> <504E503C.7020903@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504E503C.7020903@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , freebsd-rc@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, RW , Dag-Erling Sm?rgrav , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 11:56:06 -0000 On Mon, Sep 10, 2012 at 01:40:28PM -0700, Doug Barton wrote: > > 2) reusing entropy seeds is a bad thing - for this I don't have > > empirical proof. But I have Bruce Schneier's word. > > And as I have stated repeatedly, you and David are misapplying what > you're reading. Just my 2c. In case we talking about boot process, this is not reusing of entropy seed (i.e. using the same one second time), but saving-restoring its state instead. Remember - the machine is not active after the very last saving (I assume we can safely ignore panic cases due to their exceptional nature). -- http://ache.vniz.net/ From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 14:21:17 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 12FEA106564A; Tue, 11 Sep 2012 14:21:17 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214]) by mx1.freebsd.org (Postfix) with ESMTP id 67EDC8FC12; Tue, 11 Sep 2012 14:21:03 +0000 (UTC) Received: from damnhippie.dyndns.org (daffy.symmetricom.us [206.168.13.218]) by duck.symmetricom.us (8.14.5/8.14.5) with ESMTP id q8BEL2Bw003831; Tue, 11 Sep 2012 08:21:02 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id q8BEKuRk049454; Tue, 11 Sep 2012 08:20:56 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) From: Ian Lepore To: obrien@FreeBSD.ORG In-Reply-To: <20120911054608.GA72584@dragon.NUXI.org> References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> <20120911054608.GA72584@dragon.NUXI.org> Content-Type: text/plain; charset="us-ascii" Date: Tue, 11 Sep 2012 08:20:56 -0600 Message-ID: <1347373256.1137.52.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@FreeBSD.ORG, Xin Li , freebsd-security@FreeBSD.ORG, RW , Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= , Peter Jeremy Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 14:21:17 -0000 On Mon, 2012-09-10 at 22:46 -0700, David O'Brien wrote: > > > -r just changes the sort order, which is probably pointless. > > I'm not wedded to "-r", but since you're proposing this to not use "-r", > which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and > looking at the output, please show a diff of two boots with "-r" and > without "-r" so can see what the change really is. > I observed that the order of displayed processes could differ from one reboot to the next, even on an embedded system where little else differed. It seemed to me that a difference in order, while small, might be significant. -- Ian From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 15:06:53 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 2C6751065674; Tue, 11 Sep 2012 15:06:53 +0000 (UTC) Date: Tue, 11 Sep 2012 08:06:52 -0700 From: David O'Brien To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= Message-ID: <20120911150652.GA83749@dragon.NUXI.org> References: <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86sjao7q8c.fsf@ds4.des.no> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 15:06:53 -0000 On Tue, Sep 11, 2012 at 01:28:51PM +0200, Dag-Erling Smrgrav wrote: > My gut feeling is that compression is better > than hashing for that purpose, An related interesting thing -- in http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf '5. Randomness Polling Results', Peter Gutmann states The field of data compression provides us with a number of analysis tools which can be used to provide reasonable estimates of the change in entropy from one pool to another. The tools we apply to this task are an LZ77 dictionary compressor (which looks for portions of the current data which match previously-seen data) and a powerful statistical compressor (which estimates the probability of occurrence of a symbol based on previously-seen symbols).[23] [23] "Practical Dictionary/Arithmetic Data Compression Synthesis", Peter Gutmann, MSc thesis, University of Auckland, 1992. The paper goes into more depth and background on using compression as a means to estimate entropy. One of the Gray Beards at work was familiar with using LZ77 for this purpose. It has fallen out of favor, but he still felt it was useful for the type of discussion we're having. I don't have a pure LZ77 compressor, but if we take InfoZip's modified-LZ77 deflation algorithm as suitable: # zip -v -Z deflate /tmp/e.zip /entropy adding: entropy (in=4096) (out=4096) (stored 0%) total bytes=4096, compressed=4096 -> 0% savings # zip -v -Z deflate /tmp/e.zip /var/db/entropy/saved-entropy* adding: var/db/entropy/saved-entropy.1 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.2 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.3 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.4 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.5 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.6 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.7 (in=2048) (out=2048) (stored 0%) adding: var/db/entropy/saved-entropy.8 (in=2048) (out=2048) (stored 0%) total bytes=16384, compressed=16384 -> 0% savings # zip -v -Z deflate /tmp/e.zip out-sysctl-a adding: out-sysctl-a (in=98772) (out=21703) (deflated 78%) total bytes=98772, compressed=21703 -> 78% savings # zip -v -Z deflate /tmp/e.zip out-dmesg adding: out-dmesg (in=8727) (out=3394) (deflated 61%) total bytes=107499, compressed=25097 -> 77% savings # zip -v -Z deflate /tmp/e.zip out-kenv adding: out-kenv (in=2011) (out=751) (deflated 63%) total bytes=109510, compressed=25848 -> 76% savings # zip -v -Z deflate /tmp/e.zip out-df-ib adding: out-df-ib (in=234) (out=151) (deflated 35%) total bytes=234, compressed=151 -> 35% savings # zip -v -Z deflate /tmp/e.zip out-ps-fauxrH-o adding: out-ps-fauxrH-o (in=1608) (out=464) (deflated 71%) total bytes=1608, compressed=464 -> 71% savings # zip -v -Z deflate /tmp/e.zip `sysctl -n kern.bootfile` adding: boot/kernel/kernel (in=19021393) (out=8238497) (deflated 57%) total bytes=19021393, compressed=8238497 -> 57% savings # zip -v -Z deflate /tmp/e.zip /bin/ls adding: bin/ls (in=97188) (out=37651) (deflated 61%) total bytes=97188, compressed=37651 -> 61% savings > but at this point I'd be more comfortable > if someone with an academic background in either cryptography or > statistics (cperciva@?) weighed in. This stuff can be tricky. I'd also love to know cperciva thoughts. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 19:53:09 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 869DA1065670; Tue, 11 Sep 2012 19:53:09 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 8D7338FC1B; Tue, 11 Sep 2012 19:53:08 +0000 (UTC) Received: by eaak11 with SMTP id k11so499914eaa.13 for ; Tue, 11 Sep 2012 12:53:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=oMOi0bJHHbMR02KiiCSgv28zNuNhrw0B1tz//kSMU10=; b=VeEX8R8ZN/0632acwGNsXJt5O1F7PFMUZH33s7CcEhtdkkvQWcWmO6gO1IGGssFFxT XxkGIOwmioFUcQDSeM1LYKIuPq5Qhko1MOUAuuKVCGErIHPK5tAT6EPMY/N1izH0USMD G/zgIL6WFbE0hU2hvWuB/ArA3swvCfWYHZdCm/1VSQw0gKdJ4C0n0dUpz3O4cQl5RIzQ +LaJhXOgy8Jk+GtswIhAON0YuOtsirWsyzlh0z53/Fu+ovUHLMCY6toO047sOSKNaa/D xGTtbiULgYRynxn4gcicH46cwqayr7GOkyMRvZeBgb8J5+QVh8oWKLzB8+y98vImimi1 1jsw== Received: by 10.14.224.73 with SMTP id w49mr27609120eep.37.1347393187579; Tue, 11 Sep 2012 12:53:07 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id y1sm49944636eel.0.2012.09.11.12.53.04 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 12:53:05 -0700 (PDT) Date: Tue, 11 Sep 2012 20:53:02 +0100 From: RW To: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= Message-ID: <20120911205302.27484fd6@gumby.homeunix.com> In-Reply-To: <86sjao7q8c.fsf@ds4.des.no> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 19:53:09 -0000 On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm=F8rgrav wrote: > Doug Barton writes: > > 1. Pseudo-randomize the order in which we utilize the files in > > /var/db/entropy >=20 > There's no need for randomization if we make sure that *all* the data > written to /dev/random is used, rather than just the first 4096 bytes; > or that we reduce the amount of data to 4096 bytes before we write it > so none of it is discarded. My gut feeling is that compression is > better than hashing for that purpose, It's analogous to a passphrase, have you ever heard of a passphrase being compressed rather than hashed?=20 The only good reason for compression is if compression+hashing is faster than hashing, and that sounds unlikely. You all seem to be making very heavy weather of this - all that's needed is to pass the low-grade stuff through a hash of your choice and then follow that with the entropy file to fill-up the remaining 4k. From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 20:02:56 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4102A1065677; Tue, 11 Sep 2012 20:02:56 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 2270D8FC12; Tue, 11 Sep 2012 20:02:55 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 41FB11E8B4; Tue, 11 Sep 2012 13:02:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347393769; bh=j59t9XraMFMPYHYj932KZGpZxFw8kYhEjQrC99lA1Nk=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=ybEq3L8vnoWRrMBYi0wr/cTL3WcVviadvPnWZcnn8KqRtXwBXHuxEDlgX1zwYjSys djkeqCa7GNyujiIKKeQUKyYVm1+n6YjWGmUMSFhGMMSnaU1DLK/jcsYVT0Wk/IORrw 2lMLU7erj1bYqGbu1PI8MxooHGz70JGNyMzVZMMI= Message-ID: <504F98E4.5090706@delphij.net> Date: Tue, 11 Sep 2012 13:02:44 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: Doug Barton References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> In-Reply-To: <504ECCD9.8010705@FreeBSD.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.ORG, d@delphij.net Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 20:02:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/10/12 22:32, Doug Barton wrote: > On 09/07/2012 13:18, Xin Li wrote: >> Hi, > >> Here is a patch that adds a new option, -R, to service(8), that >> restarts all "local" services. Useful for after portmaster -a. > > Since no one else has spoken up, I will. I dislike this idea > rather strongly, and would not like to see it go in. It's > incredibly rare that restarting all local services would be the > right course of It's not rare after a port upgrade, and this makes it possible to stop and start services in the right order. > action. I don't see any need to special case local services in > this manner, and would never recommend that anyone use this > option. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT5jkAAoJEG80Jeu8UPuznOsIAIFLCxbwnUd9HVtWuNUsCYCB Ihv1UpidjpyMBAqo0Dz/5bUmkOgjMWlvaUC9IEZwrpAfQArtA1f4buuH4+9ZRBr7 Gw+hq+zjftrObpuwse7p60XAmo2faJ+CbPdJyMHZ6ev8Y3pfgsgm7QFYEE+fVNE2 ScczLn+tNBwo8NhQit6ursnPEP32wiTYwzn70vpVjmqe86KgmoUUy8jQ3uiRdVCC zsh/C+jBjdUnxKlOX0cEKp8dxRmoAsYsjDeHItfWwBsnd+ow4s76AoPQBw8yrvI/ DycZo5jTn7/WnqMIn+eFp6tJ53Qs21V/VXTULXyBa2h7+FjW2S1dyHalicm11c8= =bPOf -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 20:09:27 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 104F11065672; Tue, 11 Sep 2012 20:09:27 +0000 (UTC) Date: Tue, 11 Sep 2012 13:09:26 -0700 From: David O'Brien To: RW Message-ID: <20120911200925.GA88456@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20120911205302.27484fd6@gumby.homeunix.com> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Dag-Erling =?unknown-8bit?Q?Sm=F8rgrav?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 20:09:27 -0000 On Tue, Sep 11, 2012 at 08:53:02PM +0100, RW wrote: > On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Smrgrav wrote: > > so none of it is discarded. My gut feeling is that compression is > > better than hashing for that purpose, > > It's analogous to a passphrase, have you ever heard of a > passphrase being compressed rather than hashed? > > The only good reason for compression is if compression+hashing is > faster than hashing, and that sounds unlikely. Good to see someone have thoughts on this. I've only seen it stated that entropy passes thru mostly "untouched" thru a cryptographic hash in the literature. I haven't seen anything mentioned about entropy thru a compression algorithm other than as an estimation of entropy. > You all seem to be making very heavy weather of this - all that's needed > is to pass the low-grade stuff through a hash of your choice and then > follow that with the entropy file to fill-up the remaining 4k. Or fill-up the 4k buffers with high-quality entropy, and add in the low-grade stuff if there is room. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 20:54:44 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 039A11065673; Tue, 11 Sep 2012 20:54:44 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id CF4828FC12; Tue, 11 Sep 2012 20:54:43 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 9370A1EB53; Tue, 11 Sep 2012 13:54:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347396883; bh=1bOH4H1z2WMQGgYIDom71WTIaZqFtiiNwGGqnW2RVfo=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=C6eOMHFIv6acxVtXC2SIZeB+vrE6xXsJi7J/XUl1SD7qEPAZc4Jrz55YFdMIBrWlT +h2vNjXS1h0W+yGp9Bw7ryr/OBQH+uequRR88q1HpzBrgVNUXDN40ZOSvzrkh0v72Y QNQvx78ntr2qSJCE4jQouO2WozQi0cc5+LhAq/gg= Message-ID: <504FA511.8050904@delphij.net> Date: Tue, 11 Sep 2012 13:54:41 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: RW References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> In-Reply-To: <20120911205302.27484fd6@gumby.homeunix.com> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 20:54:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 12:53, RW wrote: > On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Smrgrav wrote: > >> Doug Barton writes: >>> 1. Pseudo-randomize the order in which we utilize the files in >>> /var/db/entropy >> >> There's no need for randomization if we make sure that *all* the >> data written to /dev/random is used, rather than just the first >> 4096 bytes; or that we reduce the amount of data to 4096 bytes >> before we write it so none of it is discarded. My gut feeling is >> that compression is better than hashing for that purpose, > > It's analogous to a passphrase, have you ever heard of a passphrase > being compressed rather than hashed? Passphrase hashing is a completely different topic, as what we wanted is a one-way function that can not be easily reversed, even when part of the passphrase is known. > The only good reason for compression is if compression+hashing is > faster than hashing, and that sounds unlikely. My reasoning was that a (loseless) compression will not lose entropy, thus increasing per-byte entropy because the output length is smaller. Hashing can be considered as a special, lossy compression that is not useful here: Let's say we feed the RNG with 4096 bytes (or 32768 bits) of entropy, what we wanted is that we have as many as possible states for the RNG. For fully random input, we have 2^32768 possible states, however, if that's English, we get roughly 5 bits per character, and therefore about 2^20480 possible states, that's 2^12288 times less states. We can fix this by doing a compression over longer input and use 4096 bytes from that, because compression will give you more entropy per byte. Typically gzip can give more than 7.7 bits worth of entropy per byte. If hash is used, we need to be careful for inputs. Let's say we would be using 64 bytes of characters to feed SHA512, we will get roughly 2^320 possible outputs and not 2^512, even when the output is 512 bits. It's not clear to me whether we really need to have 32768 bits worth of entropy at all, or if 20480 bits would be "good enough" but the fact of feeding less bytes to the device makes me a little bit concerned. but not very much. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT6URAAoJEG80Jeu8UPuz9NYH/1CXgLe2US0mdqsHJtuk/UZK W2MVIbISX3074mvYWmMpnyl6E7u6rfXt+Fq2qsORKEQEhER+ltbgG0uT9pbquQaf f8slM5ffnQFXvhMLmRmI6yiPKh7e9K2c05afo83VTKoN3N4OcNLupogleCEPy+Hy cSw2gHRrlP3gSDCeXDkO2+rmprZ2rjY+Gs6nMDLewrw5/pr0iUgXWHaHJA3j5DV2 pjPQ3CFPcesPYiKaJ8NfheSwTlzBbgzWhC77FGXcKB95cx+iVxUFtghjxgYowh2w /LhnCOilWcd/Ie559zfAtgGzbtolDEBghykQvt6bT+PvK2di+hBF9CoqoooN9VM= =yYq0 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:01:31 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CC0F1065670; Tue, 11 Sep 2012 21:01:31 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214]) by mx1.freebsd.org (Postfix) with ESMTP id 2942D8FC1B; Tue, 11 Sep 2012 21:01:29 +0000 (UTC) Received: from damnhippie.dyndns.org (daffy.symmetricom.us [206.168.13.218]) by duck.symmetricom.us (8.14.5/8.14.5) with ESMTP id q8BL1Rn7009456; Tue, 11 Sep 2012 15:01:28 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id q8BL1PWm049896; Tue, 11 Sep 2012 15:01:25 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) From: Ian Lepore To: obrien@FreeBSD.ORG In-Reply-To: <20120911200925.GA88456@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> Content-Type: text/plain; charset="us-ascii" Date: Tue, 11 Sep 2012 15:01:25 -0600 Message-ID: <1347397285.1110.15.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Barton , freebsd-rc@FreeBSD.ORG, RW , Doug, Dag-Erling Sm?rgrav Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:01:31 -0000 On Tue, 2012-09-11 at 13:09 -0700, David O'Brien wrote: > > Good to see someone have thoughts on this. > I've only seen it stated that entropy passes thru mostly "untouched" > thru > a cryptographic hash in the literature. I haven't seen anything > mentioned > about entropy thru a compression algorithm other than as an estimation > of entropy. I would expect that a lossless compression scheme by definition could not destroy entropy, it could only change the way it's encoded. Whether the same might be true of a hash is an interesting question, since it discards information rather than just changing the way it's encoded. -- Ian From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:04:45 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 44F96106566B; Tue, 11 Sep 2012 21:04:45 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 1E8D68FC08; Tue, 11 Sep 2012 21:04:44 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id B42BE1EBB7; Tue, 11 Sep 2012 14:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347397484; bh=mhO0dFjCC9N6eJ4ohzIUyXX0OCPschn1TilV0NQd2MQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=LcAzO0+mGmqNrUuQ1Hl0eJKFnUUPgdXfqQXnCF6yW87fdyVRCO37NXlgG43fV8kqA ljIXwb+R2VQOzFDC8Ee2QibnIcASeZWNrI4KqMVRd9/OJNz3h0OZccmmRCUVdK4eB/ oDrNEbvcmtAlqCiHVlRx7wDthBoEuPju6V8sQcrw= Message-ID: <504FA76A.5000209@delphij.net> Date: Tue, 11 Sep 2012 14:04:42 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> In-Reply-To: <20120911200925.GA88456@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?bGluZyDvv70=?= , =?UTF-8?B?RGFnLUVy?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:04:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 13:09, David O'Brien wrote: > On Tue, Sep 11, 2012 at 08:53:02PM +0100, RW wrote: >> On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm�rgrav wrote: >>> so none of it is discarded. My gut feeling is that compression >>> is better than hashing for that purpose, >> >> It's analogous to a passphrase, have you ever heard of a >> passphrase being compressed rather than hashed? >> >> The only good reason for compression is if compression+hashing >> is faster than hashing, and that sounds unlikely. > > Good to see someone have thoughts on this. I've only seen it stated > that entropy passes thru mostly "untouched" thru a cryptographic > hash in the literature. I haven't seen anything mentioned about > entropy thru a compression algorithm other than as an estimation of > entropy. I believe the cryptographic hash used here is to utilize the "Avalanche Effect" so that one bit worth of change would result in a big difference in the final output. Note that, just by hashing does not increase the possible states of the RNG, though, let's say if we have only 256 possible inputs, we get only 256 possible output series regardless how many bits are there in the hash output (assuming the output is wider than 8 bits). So if I was to implement the low grade part I'd remove the variable names from the sysctl output at minimum. This gives more entropy regardless if we use compression or not. >> You all seem to be making very heavy weather of this - all that's >> needed is to pass the low-grade stuff through a hash of your >> choice and then follow that with the entropy file to fill-up the >> remaining 4k. > > Or fill-up the 4k buffers with high-quality entropy, and add in > the low-grade stuff if there is room. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT6dqAAoJEG80Jeu8UPuzIcEIALzoFeMyq1A7YcISA5n7sfuh OgEsx3x0CoDDbFbzpQXwxQb7bnMOZL19Ee2gCAJYtaatOVpwiIlpb223Wsh2vSYj xBgUmZtZQUf8jNtsoC/ywUKzxfsmdHMqrMEW6e5QMioC416ry2mOSzSYQ3NNzegy dgclFcFPaw9WJW3e4+6gi83HLBBH0wn6xOdlIA6VyUXANxG4QT7CiRMJR0anx9RA Ij6PRL4c2HMrlgChv2fwSUpsxKvm0IU4WPQBGVqzMJtjkrxjd76HVLnSKIIOPKzK ZUxFich/xZaMqYAb+JL+mJ8zu9uB51eLqs+2qUzFx722FT3XyBTUq3jI3MSMlRo= =4r/6 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:13:41 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: by hub.freebsd.org (Postfix, from userid 664) id 00F031065670; Tue, 11 Sep 2012 21:13:40 +0000 (UTC) Date: Tue, 11 Sep 2012 14:13:39 -0700 From: David O'Brien To: Ian Lepore Message-ID: <20120911211339.GA89188@dragon.NUXI.org> References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <1347397285.1110.15.camel@revolution.hippie.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1347397285.1110.15.camel@revolution.hippie.lan> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Dag-Erling Sm?rgrav , RW , Doug Barton , freebsd-rc@FreeBSD.ORG Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:13:41 -0000 On Tue, Sep 11, 2012 at 03:01:25PM -0600, Ian Lepore wrote: > On Tue, 2012-09-11 at 13:09 -0700, David O'Brien wrote: > > Good to see someone have thoughts on this. I've only seen it stated > > that entropy passes thru mostly "untouched" thru a cryptographic hash > > in the literature. ... > Whether the same might be true of a hash is an interesting question, > since it discards information rather than just changing the way it's > encoded. Ian, This is a key point of Yarrow's design. See http://www.schneier.com/paper-yarrow.ps.gz in 5 'The Generic Yarrow Design an Yarrow-160' The reason is if you take an 'm' bit random value and apply a hash function that produces 'm' bits of output, the result has less than 'm' bits of entropy due to the collisions that occur. This is a very minor effect, and overall results in the loss of at most a few bits of entropy. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:17:32 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 9DB2B1065672; Tue, 11 Sep 2012 21:17:31 +0000 (UTC) Date: Tue, 11 Sep 2012 14:17:30 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120911211730.GB89188@dragon.NUXI.org> References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FA76A.5000209@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?B?77+9?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:17:32 -0000 On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote: > So if I was to implement the low grade part I'd remove the variable > names from the sysctl output at minimum. I've removed the MIB names in my latest diff (based on input from this thread): + ( dmesg; kenv; df -ib; \ + ps -fauxrH -o majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \ + sysctl -n kern.cp_times kern.geom kern.lastpid kern.timecounter \ + kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ + date ) \ + | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null I don't believe I've sent out an updated diff yet. The above is updated from what sent in Message-ID: <20120910135218.GA68128@dragon.NUXI.org>. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:22:18 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABCCA106564A; Tue, 11 Sep 2012 21:22:18 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 844B68FC20; Tue, 11 Sep 2012 21:22:18 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id AA1231ED46; Tue, 11 Sep 2012 14:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347398538; bh=TWg7QrqoilUJ0/O/PZYUEwjTKD1pID38p3xVLuty4fs=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=4TPub4E9Iss/N2lCEdTLHsj3KI4qKAsbH3RFsnqQ+zj3jXduV8Rq16ZjSM1M2zkvl TK/Z2YLDtA/jaq/1E/JsgmiVp9hmxD8cIssone8EBDT+ASr2HwOGdy+1j95f94XOkG MyR+VgEQ4CJ8CMiv/M3ZFpN7J3Nr2xbxStd9Q0Pk= Message-ID: <504FAB87.3020701@delphij.net> Date: Tue, 11 Sep 2012 14:22:15 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> In-Reply-To: <20120911211730.GB89188@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?RGFnLUVybGluZyDvv70=?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:22:18 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 14:17, David O'Brien wrote: > On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote: >> So if I was to implement the low grade part I'd remove the >> variable names from the sysctl output at minimum. > > > I've removed the MIB names in my latest diff (based on input from > this thread): > > + ( dmesg; kenv; df -ib; \ + ps -fauxrH -o > majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \ + sysctl -n > kern.cp_times kern.geom kern.lastpid kern.timecounter \ + > kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ + date ) \ + > | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null Hmm, but this sha256 run will turn the output to 65 bytes (hex representation of 256 bits of hash output, 64 bytes, and one \n), so, only 256 bits of random data, is that intentional? > I don't believe I've sent out an updated diff yet. The above is > updated from what sent in Message-ID: > <20120910135218.GA68128@dragon.NUXI.org>. > Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT6uHAAoJEG80Jeu8UPuzoSAH/ROw9YCNLAFz49CUK3Gw1B9A vohMcD2oGB+wHm37a4UBtCpKPvstp6K5rvPNun95gCxSDK7geofmSD9OPk9w++U0 /40LJfo+ACdfK8T6rI1ENp6vRwP9k9cMc4690WQCvmWnu05aNqes6SFLzB+FXQ8c pkFdZPZ7lusmx9Wub30wJiPHkfQukvO3mWJ6HnHmhl4O1f4vK1jrj4yZQLu4bO+r xoAAwRzRR1q50BaL0v/9eLdZmQH8eVAUwqzHaGQbpbIkdg8uUuPWA925JRC5skCl X5p0E+h/RTGIyzYsbBYSUu1DJmohcTxcWAGpeuBcV5+B1W7H8hIVvEwdumhYSSM= =NOew -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:27:35 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7BACF1065670; Tue, 11 Sep 2012 21:27:35 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 95FB08FC15; Tue, 11 Sep 2012 21:27:34 +0000 (UTC) Received: by eaak11 with SMTP id k11so538706eaa.13 for ; Tue, 11 Sep 2012 14:27:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=KWwqnoeed/3f4M/d5Hs6An/uJw67fZeKrNGEOtGR5T8=; b=udIlk+rURWv4uIj57Zhyro3JZD9hkBldpzGFkdKjMCPCjPK7HP3irrS97gH7eb8/SI VdxBPevpUuT3TPGyJTatSpg1+f35mKua8Ily27jz5ShauZ0HVBTSF86czOQsudGx3Qt2 25E3wK7LFXKX1bUYed7Wtsr1DqoUawaOERy7uAFERfhBvuzeb6n20QyhjJ96ulcMIV3f NXRjPevWH+bZ1K7/hWoKeX409deFslWjVdJE/2Mx1J5dzKyIvNpJACXYrb8lmBUj3Bvw pIVY2OyORkgQjF6S0NIvEgJkocRAKfb6O3jUkd9RBb2z/qfPnb0j95hgDMwjVbtwH6xa YCHg== Received: by 10.14.203.69 with SMTP id e45mr27814779eeo.23.1347398853515; Tue, 11 Sep 2012 14:27:33 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id e7sm50543804eep.2.2012.09.11.14.27.31 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 14:27:32 -0700 (PDT) Date: Tue, 11 Sep 2012 22:27:30 +0100 From: RW To: d@delphij.net Message-ID: <20120911222730.7f92325e@gumby.homeunix.com> In-Reply-To: <504FA511.8050904@delphij.net> References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <504FA511.8050904@delphij.net> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= , delphij@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:27:35 -0000 On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > On 09/11/12 12:53, RW wrote: > > On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Sm=F8rgrav wrote: > >=20 > >> Doug Barton writes: > >>> 1. Pseudo-randomize the order in which we utilize the files in=20 > >>> /var/db/entropy > >>=20 > >> There's no need for randomization if we make sure that *all* the > >> data written to /dev/random is used, rather than just the first > >> 4096 bytes; or that we reduce the amount of data to 4096 bytes > >> before we write it so none of it is discarded. My gut feeling is > >> that compression is better than hashing for that purpose, > >=20 > > It's analogous to a passphrase, have you ever heard of a passphrase > > being compressed rather than hashed? >=20 > Passphrase hashing is a completely different topic, as what we wanted > is a one-way function that can not be easily reversed, even when part > of the passphrase is known. I was refering to the conversion of a passphrase to key material=20 From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:34:52 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9F7B106564A; Tue, 11 Sep 2012 21:34:52 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id A079B8FC0A; Tue, 11 Sep 2012 21:34:52 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id B3BA51EE13; Tue, 11 Sep 2012 14:34:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347399292; bh=c0ysX5Sp0CepfJMCHucqPkaos6012Jl4zQvODtMCUAs=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=Mdj7wo+dYWXrqTpe1UFe4KeEcFBOiWv9kEptpIYqGaWlQRMq+EFSrtQaaqbGEkB1M CU6pir+2LQy2sDE4ISVa/5MbLOIzEYZQQIiGM36vrSREWNaL7M3AHWtqnMh7TUBdR8 GC0c6sIelnV3Ws4pfmmf7D3zWQmbOmQLUMzpq3Fw= Message-ID: <504FAE7A.6070907@delphij.net> Date: Tue, 11 Sep 2012 14:34:50 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: RW References: <50450F2A.10708@FreeBSD.org> <20120903203505.GN1464@x96.org> <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <504FA511.8050904@delphij.net> <20120911222730.7f92325e@gumby.homeunix.com> In-Reply-To: <20120911222730.7f92325e@gumby.homeunix.com> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:34:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 14:27, RW wrote: > On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> On 09/11/12 12:53, RW wrote: >>> On Tue, 11 Sep 2012 13:28:51 +0200 Dag-Erling Smrgrav wrote: >>> >>>> Doug Barton writes: >>>>> 1. Pseudo-randomize the order in which we utilize the files >>>>> in /var/db/entropy >>>> >>>> There's no need for randomization if we make sure that *all* >>>> the data written to /dev/random is used, rather than just the >>>> first 4096 bytes; or that we reduce the amount of data to >>>> 4096 bytes before we write it so none of it is discarded. My >>>> gut feeling is that compression is better than hashing for >>>> that purpose, >>> >>> It's analogous to a passphrase, have you ever heard of a >>> passphrase being compressed rather than hashed? >> >> Passphrase hashing is a completely different topic, as what we >> wanted is a one-way function that can not be easily reversed, >> even when part of the passphrase is known. > > I was refering to the conversion of a passphrase to key material Did you mean the process like, deriving a master AES-128 key from an arbitrary passphrase? Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT656AAoJEG80Jeu8UPuz88kH/2dOUicwPw2yQBF5lFzljkS4 wiQbDaDKdvSFgCyPF3RJB8y91WRiDRLjuhMl84zflyVlXKUnZrf8yD649h8I/jCO 7FcZTorgSdN6BA/6lpEg6bQxhMlROInVcOIiN5uSy2FUcme34qvQXkv8P+toKXZi vsTahuvHtZdL9rYw44vZcpCyNiPx6NiBAOwPMPHmQHRuxbMlEjKwHz2rJQmnkml+ iXo7UFuF43X5Sw0HWFQzJepwNhUaD1IEWMSg8GIoO3euv2kYtn7CSHd76W39tiCk qaOBOtX0MN8JNlm/ph8bXaCA8iez63mTwj3ALRE/JkaHa0AF2U9RVJIV1Y8mR/E= =FVY0 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:45:44 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2689106564A; Tue, 11 Sep 2012 21:45:44 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id BB09F8FC16; Tue, 11 Sep 2012 21:45:44 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 5BE7B1EE93; Tue, 11 Sep 2012 14:45:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347399944; bh=5QLVii0HgWL+1P3t4rKcTsrFnJdKl/5P9D9ThzCBK0c=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=zzeuhqx3R96odI1Q7z4PH7d4cOc/KaOQ2e8xziCbzQPHk0R9NFUzFhEnItVVUaWoX 0CRwSN/s7cnFft3RUQQcTK4T20Fp24v5DI/qyKeUZm2I6AS8+KD+DuluJnnZZNA1ff 0KNelakshHcKs+2x5B0f+NPgCr/RbWDBpLWGgF+0= Message-ID: <504FB108.1030302@delphij.net> Date: Tue, 11 Sep 2012 14:45:44 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: d@delphij.net References: <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> In-Reply-To: <504FAB87.3020701@delphij.net> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?RGFnLUVybGluZyDvv70=?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:45:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 By the way what I meant would be something like: Instead of: | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null Do: | gzip | dd ibs=1 iseek=16 obs=8k count=8k of=/dev/random 2>/dev/null Note that the first few bytes are deterministic (header, etc) so I choose to skip first 16 bytes. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT7EHAAoJEG80Jeu8UPuzwVAH/iJ0EqAJhunpAJSn3P+X3fM5 wOphiC/eQ6A8sJjoUkL3CfB3DlAWJGFThTe/N8u1rp/gHnbrRMGTcs4g6WzYeD5K atsGpPzM3h0b5PrrMJ3tY9u9KBlRztehayUjfQZKrPOwmJe2DxzZATaa+A617PGz 88g7+40HcWgUhYqv0TlgiNjxlMKUNxZfDZExYzg2NnYDCSnRLGrN//xlrS3cO2Im HlB2gXeVFBfF/fwDxEAsOSw5yCOSQIyrqUX8o3Cdlqm5MHj1eU/NLsjqVoJ2y/v4 5CtLErrKKmVjow4ycEWdtkhIPaE9Fj1InwhfWBGOYKThwDnCGaG/Apz1zYQ0SIA= =GIbg -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 21:52:15 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 6D7301065670; Tue, 11 Sep 2012 21:52:15 +0000 (UTC) Date: Tue, 11 Sep 2012 14:52:12 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120911215212.GA89515@dragon.NUXI.org> References: <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FAB87.3020701@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?B?77+9?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 21:52:15 -0000 On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote: > On 09/11/12 14:17, David O'Brien wrote: > > On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote: > >> So if I was to implement the low grade part I'd remove the > >> variable names from the sysctl output at minimum. > > > > I've removed the MIB names in my latest diff (based on input from > > this thread): > > > > + ( dmesg; kenv; df -ib; \ + ps -fauxrH -o > > majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \ + sysctl -n > > kern.cp_times kern.geom kern.lastpid kern.timecounter \ + > > kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ + date ) \ + > > | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null > > Hmm, but this sha256 run will turn the output to 65 bytes (hex > representation of 256 bits of hash output, 64 bytes, and one \n), so, > only 256 bits of random data, is that intentional? At this point, yes. If we find better ways of condensing the output of the better_than_nothing() commands, we should do that instead. Even with the command list above, its way more than 4k of output. I got about 45k on my test machine. You suggested gzip, but I just don't know enough about compression algorithms as they apply in this area to know if we should use gzip instead or not. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 22:37:10 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1228106566B; Tue, 11 Sep 2012 22:37:10 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id A9BD38FC0C; Tue, 11 Sep 2012 22:37:10 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id DE0921E07F; Tue, 11 Sep 2012 15:37:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347403030; bh=efJ+H8/s1g7R5nSyxSF/bLxDuuphzxsvl4YaFeCaRJQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=ycaFfQMH133NT5dRjYuV+8jDmzUWmvx1Jl68goMbAiMlrPFNn+nfRrXJDRtMGyPg6 zvYt4NLz+qXD4lrtn+r17JfHhTlUsLUxHaX6Y1vPsAzuzxKJhVdfiuzYaskp81o+Cc p9ooBfLyyinuFJV7lEehz3f6ZndAwA3VTbz+81jk= Message-ID: <504FBD15.8040907@delphij.net> Date: Tue, 11 Sep 2012 15:37:09 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <20120906224703.GD89120@x96.org> <50493480.8060307@FreeBSD.org> <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> In-Reply-To: <20120911215212.GA89515@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?RGFnLUVybGluZyDvv70=?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 22:37:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 14:52, David O'Brien wrote: > On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote: >> On 09/11/12 14:17, David O'Brien wrote: >>> On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote: >>>> So if I was to implement the low grade part I'd remove the >>>> variable names from the sysctl output at minimum. >>> >>> I've removed the MIB names in my latest diff (based on input >>> from this thread): >>> >>> + ( dmesg; kenv; df -ib; \ + ps -fauxrH -o >>> majflt,minflt,nivcsw,nvcsw,nwchan,re,sl,time; \ + sysctl >>> -n kern.cp_times kern.geom kern.lastpid kern.timecounter \ + >>> kern.tty_nout kern.tty_nin vm vfs debug dev.cpu; \ + date ) >>> \ + | /sbin/sha256 -q | dd of=/dev/random bs=8k 2>/dev/null >> >> Hmm, but this sha256 run will turn the output to 65 bytes (hex >> representation of 256 bits of hash output, 64 bytes, and one \n), >> so, only 256 bits of random data, is that intentional? > > At this point, yes. If we find better ways of condensing the > output of the better_than_nothing() commands, we should do that > instead. Even with the command list above, its way more than 4k of > output. I got about 45k on my test machine. > > You suggested gzip, but I just don't know enough about compression > algorithms as they apply in this area to know if we should use > gzip instead or not. I don't think I know enough here, unfortunately... Using gzip is better than not using it though, since 4k worth of compressed data is better than 4k worth of plain text because of higher entropy destiny (note that the FreeBSD gzip uses 64K of input/output buffer for compression by the way so maybe only the first 64K is meaningful if we take only 4k of output). Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT70VAAoJEG80Jeu8UPuzlggH/1jVZzbY1mwo6RcizlepFKct fb3LaZ8w47fRExFtbmTQSIPty6vJ6wt9M8gPgh8Sn2RwemLzPXFnX3lqbfbDqsWM f0+ox/YeRwbTmUqVBVlWZSNHOXVOTmv0HyFha0U/xuUiJxvEprIeArvG1cTq7TIC I7h0wZZ1DQg7XWVPL6FKL9K0UwvHJAKALol/NdCCCjyi3KIctEK6O0WmFIVvLe3A WL5gFY49w6QqV0+vstZio5OlYK7b6s58iNM+VEJNszECI3S2OH6IGNOeIFCgwid2 VbYK5P46EYXWDT/x3bbD3KqtphS4EtzLjVsRLEK/1fFEk6Emm5Eai/WC04IHoWw= =7rXE -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 22:49:08 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02836106564A; Tue, 11 Sep 2012 22:49:08 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id AFCBF8FC16; Tue, 11 Sep 2012 22:49:07 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so1583160pbb.13 for ; Tue, 11 Sep 2012 15:49:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=GwSOhj5pwn6zfn3C/BUsoR3CNBN3xgXrw7zHomTQXdU=; b=KIHHLm4/J0RZzDRlczctpVoVvZuX7yiMrYvhyVeMT7rlNvoZtAGG27uAgY12yuaOJ/ Q9C5cqogycWcfT5S1osunk3PPHRoPkEn/BBD1spKQgsdZgn26BgYOSPFBcHYXpOe/vjF eoCZDAeKC6rAmjvCDkH8Onkq3ulaj7OAHRoDMQB+GFX064+SfudqNetGXMYcJurob8sB 53RudFUScLp/EB3SnDyeJ5/VVbHHPawb8IW6ieVpLGFH89OJo6nLQPv6a3S/rFHtqwDc HBsbDmojQBnL4G7Jok+tOruf65mx/Fr5bhxDzRxHRNNxuzd0sFiZpR/oNVD0PjEyRS2X UNYg== Received: by 10.68.236.67 with SMTP id us3mr13219775pbc.80.1347403741382; Tue, 11 Sep 2012 15:49:01 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id oc2sm10433724pbb.69.2012.09.11.15.48.58 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 15:48:59 -0700 (PDT) Date: Tue, 11 Sep 2012 15:48:55 -0700 From: Arthur Mesh To: d@delphij.net Message-ID: <20120911224855.GE14077@x96.org> References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FBD15.8040907@delphij.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 22:49:08 -0000 On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: > Using gzip is better than not using it though, since 4k worth of > compressed data is better than 4k worth of plain text because of > higher entropy destiny (note that the FreeBSD gzip uses 64K of > input/output buffer for compression by the way so maybe only the first > 64K is meaningful if we take only 4k of output). Since there is 1:1 correspondence between compressed and uncompressed data, entropy should be the same in both. I am not sure it's better to use compression than not -- you do end up seeding fewer bytes to yarrow, but you spend more CPU cycles compressing it... From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:01:19 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 20E08106566B; Tue, 11 Sep 2012 23:01:19 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id EDBA28FC08; Tue, 11 Sep 2012 23:01:18 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 5E48D1E127; Tue, 11 Sep 2012 16:01:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347404478; bh=EHfBL39JkbGdRPWINbuX1xpfNBO+MGgoBt+KbVi06NQ=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=37P7b4iE8opeZbjFV+QqIRo0eYdIN2BB8G3UbP3q806U7vF3h/rgVERrJn3BBBC/E ScZRwZArs+hBidS4x8DlsbqMPKuFIqwyl4lxS7cqN96e+qgt/2o/YDKE+09mpcRb9N A2Q+qq6zhs3UW+dylPZYmzns2WSKWst0uUrpRQvE= Message-ID: <504FC2BD.6070402@delphij.net> Date: Tue, 11 Sep 2012 16:01:17 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: Arthur Mesh References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> In-Reply-To: <20120911224855.GE14077@x96.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:01:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 15:48, Arthur Mesh wrote: > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: >> Using gzip is better than not using it though, since 4k worth of >> compressed data is better than 4k worth of plain text because of >> higher entropy destiny (note that the FreeBSD gzip uses 64K of >> input/output buffer for compression by the way so maybe only the >> first 64K is meaningful if we take only 4k of output). > > Since there is 1:1 correspondence between compressed and > uncompressed data, entropy should be the same in both. I am not > sure it's better to use compression than not -- you do end up > seeding fewer bytes to yarrow, but you spend more CPU cycles > compressing it... Well, 1:1 correspondence is when we fed full text to /dev/random, which we don't, right? Only the first 4K gets consumed. So: Situation 1: we have 45K of plain text, and only first 4k is fed to /dev/random at about 5 bits of entropy per byte; Situation 2: we have 45K of plain text, compress to e.g. 25K and only first 4k is fed to /dev/random at more than 7.6 bits of entropy per byte; Therefore I think Situation 2 is better than situation 1. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT8K9AAoJEG80Jeu8UPuzdpAH/0yoP6LUeBTufuRG21olIWf0 Z8fAaJHPOplhNsiD8SCvZn2nep/FvUH4MARqVWeZ0GqcM9Yqz669WMEyDohWvufo TxjSDw+CmAZie+7IpBsyWmOWzqiaOG4RhCRed4KlKnJYWaBfxUDIQMOhpNANKVJY kL1TwI5dhz8twCMQiGLq/y975Sn7MegdoNTTCjLWBDJN9bCrH/8PnqJoXtd4KClP Jzu+ywbM1CwF+TV+g1QnfhFqZp8Gke0CSpZTNko0Vsk9XGJvHe0XmVxvlg7YYwJm zoXixJSbpdQsBuwUkzsrYK0nDIRLEbEIdh20Vi5aW1a9MBNsVSP/3lguuyz0Ntc= =o47Q -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:01:22 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id CF5FE1065674; Tue, 11 Sep 2012 23:01:22 +0000 (UTC) Date: Tue, 11 Sep 2012 16:01:21 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120911230121.GA90289@dragon.NUXI.org> References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FBD15.8040907@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?B?77+9?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:01:22 -0000 On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: > On 09/11/12 14:52, David O'Brien wrote: > > On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote: > > > Hmm, but this sha256 run will turn the output to 65 bytes (hex > > > representation of 256 bits of hash output, 64 bytes, and one \n), > > > so, only 256 bits of random data, is that intentional? ... > > You suggested gzip, but I just don't know enough about compression > > algorithms as they apply in this area to know if we should use > > gzip instead or not. > > I don't think I know enough here, unfortunately... Since I cannot justify using gzip, I'm keeping the sha256 in my patch. I am not opposed to someone else changing that to gzip. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:04:08 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CC0B5106566B; Tue, 11 Sep 2012 23:04:08 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 847538FC0A; Tue, 11 Sep 2012 23:04:08 +0000 (UTC) Received: by dadr6 with SMTP id r6so666994dad.13 for ; Tue, 11 Sep 2012 16:04:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Aw8y+H5dewdt6fvkiaLlzduTBJdEyPThW5NMaA563ik=; b=Rr7qA9+YIsweY+79qt1hfEp3ixP6Kjoi+6me4Q0h3LJW37E92/WvdxmI9ixRK+BlUx nB6GfTKDdt+WVBxfwttJK3GZugI35WZ3dL2FvFM4oP31empNwHfwZh7kqBqSJLDl4kba MSIYMnU3eNXqBUZ2+61MlZrY2SP4nL0VOqyG5YxOLASSMniz371snFbZO7c9Hjkbjgcg lx+XphAllXgOQWVZNvocDpMUZwa4WuUFePoOAbHkBs+JwODPYT8eXXqjPcPjmcE/8sx/ /WnuFZyW9acaQh6H7mI5fX2NsKzR8LPsQKulwha8hHgj1dXPKtEkUEerqGxuEtyyE555 Jmgg== Received: by 10.68.226.167 with SMTP id rt7mr13254796pbc.146.1347404642044; Tue, 11 Sep 2012 16:04:02 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id vd4sm10459751pbc.41.2012.09.11.16.03.58 (version=SSLv3 cipher=OTHER); Tue, 11 Sep 2012 16:04:00 -0700 (PDT) Date: Tue, 11 Sep 2012 16:03:56 -0700 From: Arthur Mesh To: d@delphij.net Message-ID: <20120911230356.GF14077@x96.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FC2BD.6070402@delphij.net> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:04:08 -0000 On Tue, Sep 11, 2012 at 04:01:17PM -0700, Xin Li wrote: > Well, 1:1 correspondence is when we fed full text to /dev/random, > which we don't, right? Only the first 4K gets consumed. So: That's right. > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > first 4k is fed to /dev/random at more than 7.6 bits of entropy per byte; Best situation would be if yarrow properly consumed all the data _and_ we fed less data with higher entropy in it ;-) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:09:41 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 2685F106566C; Tue, 11 Sep 2012 23:09:41 +0000 (UTC) Date: Tue, 11 Sep 2012 16:09:40 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120911230940.GA90404@dragon.NUXI.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FC2BD.6070402@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:09:41 -0000 On Tue, Sep 11, 2012 at 04:01:17PM -0700, Xin Li wrote: > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > first 4k is fed to /dev/random at more than 7.6 bits of entropy per byte; Where do these bits of entropy per byte values come from? Their rather high. FYI, the Yarrow design limits the seed entropy density to a 0.5 multiplier. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:20:53 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 39C0C106564A for ; Tue, 11 Sep 2012 23:20:53 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from rush.bluerosetech.com (rush.bluerosetech.com [199.48.134.58]) by mx1.freebsd.org (Postfix) with ESMTP id 153EE8FC0A for ; Tue, 11 Sep 2012 23:20:53 +0000 (UTC) Received: from vivi.cat.pdx.edu (vivi.cat.pdx.edu [IPv6:2610:10:20:214::6]) by rush.bluerosetech.com (Postfix) with ESMTPSA id 50D3C1141D; Tue, 11 Sep 2012 16:20:44 -0700 (PDT) Received: from [127.0.0.1] (c-76-27-220-79.hsd1.wa.comcast.net [76.27.220.79]) by vivi.cat.pdx.edu (Postfix) with ESMTPSA id C874224CDF; Tue, 11 Sep 2012 16:20:42 -0700 (PDT) Message-ID: <504FC74D.8000100@bluerosetech.com> Date: Tue, 11 Sep 2012 16:20:45 -0700 From: Darren Pilgrim User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.6esrpre) Gecko/20120713 Thunderbird/10.0.6 MIME-Version: 1.0 To: Jaap Akkerhuis References: <504CA201.3090607@gmail.com> <201209101210.q8ACAGug010448@bela.nlnetlabs.nl> <504DDC9F.6010802@gmail.com> <201209111444.q8BEiBsj065335@bela.nlnetlabs.nl> In-Reply-To: <201209111444.q8BEiBsj065335@bela.nlnetlabs.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-rc@freebsd.org Subject: dns/nsd RC script patch X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:20:53 -0000 Jaap Akkerhuis asked that I post here for discussion of a patch I emailed to him for the NSD port. The patch is question may be found here: http://shibboleet.com/files_nsd.in.patch.txt The patch adds the ability to run multiple NSD instances using an eval hack I originally saw in the isc-dhcpd RC script. Changes: - Introduce a new RC variable, ${name}_conf, which defaults to the current, built-in value (%%PREFIX%%/etc/nsd/nsd.conf) for the base case; - Add extra RC commands for the notify, patch, rebuild and update nsdc commands. The "added complexity" is two parts: 1. Add logic to get the basename used to invoke the script and rename nsd_enable and nsd_conf to match. 2. Make the RC script the single point of control for NSD instances. Add the rest of the nsdc commands to the RC script's extra_commands. Remembering which config file is which instance might be bothersome, so instead of doing: nsdc -c /usr/local/etc/nsdfoo.conf rebuild You can now just do: /usr/local/etc/rc.d/nsdfoo rebuild Adding an instance named "nsdfoo": 1. Create the NSD config (default is /usr/local/etc/nsd/nsdfoo.conf). It will need a separate pidfile, database, difffile and xfrdfile. You should also have separate zonesdir locations, but they can be shared in some cases. 2. Add 'nsdfoo_enable="YES"' to /etc/rc.conf. 3. cd /usr/local/etc/rc.d && ln -s nsd nsdfoo 4. /usr/local/etc/rc.d/nsdfoo start If you don't want to keep all your instance configs in the same directory (or just not follow the default naming), then replace step 2 with: 2. Add 'nsdfoo_conf="/path/to/conf"' and 'nsdfoo_enable="YES"' to /etc/rc.conf. From owner-freebsd-rc@FreeBSD.ORG Tue Sep 11 23:22:25 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2EEE1065670; Tue, 11 Sep 2012 23:22:25 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id BC4848FC12; Tue, 11 Sep 2012 23:22:25 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id DFC081E1F4; Tue, 11 Sep 2012 16:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347405745; bh=Gj3bwWccKz+SwUawpkGDKKgyxIn9R0IexRqZBT4zhAY=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=49R9B9xDqQKwI1ptUZwkUwPRKHaNhYNtTqwfN3sKXKICIsAiMk37qT5qbKgjmyd/g vX8b3PP0RGF8i4t3dJltpXgj9EYqYOz+/ZT/K+lHQ/N03xdwQbAicoKvKBe5E8gtFt kjJT1+joI9SBlHGwjnVql2fBjQLGHiMla729YS0A= Message-ID: <504FC7B0.2060706@delphij.net> Date: Tue, 11 Sep 2012 16:22:24 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> In-Reply-To: <20120911230121.GA90289@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?RGFnLUVybGluZyDvv70=?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 23:22:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 16:01, David O'Brien wrote: > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: >> On 09/11/12 14:52, David O'Brien wrote: >>> On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote: >>>> Hmm, but this sha256 run will turn the output to 65 bytes >>>> (hex representation of 256 bits of hash output, 64 bytes, and >>>> one \n), so, only 256 bits of random data, is that >>>> intentional? > ... >>> You suggested gzip, but I just don't know enough about >>> compression algorithms as they apply in this area to know if we >>> should use gzip instead or not. >> >> I don't think I know enough here, unfortunately... > > Since I cannot justify using gzip, I'm keeping the sha256 in my > patch. I am not opposed to someone else changing that to gzip. Please consider using sha512... I'm not quite convinced that this works by the way -- is 65 bytes enough to "kickstart" /dev/random? Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT8ewAAoJEG80Jeu8UPuzBSUIAK1nOAAkEcU+FcnGiCtebxqz ja4UbAGlr2rVItnEIqKG/juVMqb1ziIMGpn2M87C34Z7Go/VVcbfqVc1Gvr+PZgg U5Gm+O02Xy+mUJUBiYOrOWR2giIn32InCMMAdpDIL1N0q1YS/LXOtJPuvI70mb1T SZ9KReDJUIhmRVxuhbiRlFgw/zFSatnDArcCCxLx99JK9BvYj85Q/0OdOIQhaZmu IM1fLtI2HffIRpiJ+oIFuJMudEbZYJU6JX2/LWo3Ns3XTqCNSvhk5TmIyvAhKIVK CFLQOgrfHig3e1ir7TNGc/XmWrPUog1lKtAW3icWgnN39zkpIU16VOq2tq3CrCw= =loAC -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 00:07:39 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id BB9F31065674; Wed, 12 Sep 2012 00:07:39 +0000 (UTC) Date: Tue, 11 Sep 2012 17:07:38 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120912000738.GA90897@dragon.NUXI.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FC7B0.2060706@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?B?77+9?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 00:07:39 -0000 On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: > Please consider using sha512... What is the performance (boot time) impact on low-end MIPS and ARM systems? I'm all for sha512, but don't want to be shot with a machine gun (vs. simple pistol). -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 00:09:14 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 6B8B11065674; Wed, 12 Sep 2012 00:09:14 +0000 (UTC) Date: Tue, 11 Sep 2012 17:09:13 -0700 From: David O'Brien To: d@delphij.net Message-ID: <20120912000913.GA90944@dragon.NUXI.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <504FC7B0.2060706@delphij.net> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling =?unknown-8bit?B?77+9?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 00:09:14 -0000 On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: > I'm not quite convinced that this works by the way -- is 65 bytes > enough to "kickstart" /dev/random? What way our yarrow works today, we start up assuming we're seeding. And writes to /dev/random do not count toward our entropy estimation. So its hard to answer what is sufficient to "kick start /dev/random". -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 00:47:00 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C1922106564A; Wed, 12 Sep 2012 00:47:00 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 9B16F8FC0A; Wed, 12 Sep 2012 00:47:00 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 4E68E1E395; Tue, 11 Sep 2012 17:47:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347410820; bh=CaDsdajA+cby+AUMx8O36wJKaCglp+zPddJqWQXNPOE=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=bDaTnglZM5+AegzZqRH5SQ2VpjibrO/9rkSNBHVB7PKClrw7Ul1ftX2O4S2z9Y97G Za+sE+U4pERELlIc22IKf28jnF460nHy1E/ve+S4qq9a59PfZosYQyzXCOyPEDB0XS WmQEo0ziCfsWhkdQzvBCn+5cD2r2+op7mi3+Av5s= Message-ID: <504FDB83.6090701@delphij.net> Date: Tue, 11 Sep 2012 17:46:59 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: obrien@freebsd.org References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> <20120912000738.GA90897@dragon.NUXI.org> In-Reply-To: <20120912000738.GA90897@dragon.NUXI.org> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , =?UTF-8?B?RGFnLUVybGluZyDvv70=?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 00:47:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/11/12 17:07, David O'Brien wrote: > On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: >> Please consider using sha512... > > What is the performance (boot time) impact on low-end MIPS and ARM > systems? > > I'm all for sha512, but don't want to be shot with a machine gun > (vs. simple pistol). I think we will have to run it on real hardware to find out... SHA512 is faster on 64-bit systems though. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQT9uDAAoJEG80Jeu8UPuzwwoIAIAzPWHkUcDydno3ecmltDUa Ta5POY2RwU/SHC8j4vOsZbcUgxoZoq8c168Wc/VdcpYPSK7q+y+6YY0my7UqbOCT n6taOGLvZEHYDSCv/eSrByzNW22Huo1kcxBcl9YdfPr24xOU9jI81JXtEjiGrX5A Kvc8kG965OH7T5zISAEKKUTVvowql5OvywoLrvRgr5Fmv2+o4XmkDkSAcZknBzaC dDluzj7D9gPUd6DKZanJu8vpuz8L+IEMkOWLsmv+Be3CTP+eYeY+lIokXCZMYCRv BjYxZ+1bhNKkruu+VYyCFtOY2ZqGBYKLlHCoKa8K/rg3ON2HhVqXnbsPHRWEEoE= =YQY1 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 01:27:34 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FAF11065672 for ; Wed, 12 Sep 2012 01:27:34 +0000 (UTC) (envelope-from emu@emu.so) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 8CBE38FC0A for ; Wed, 12 Sep 2012 01:27:33 +0000 (UTC) Received: by wibhi8 with SMTP id hi8so3494699wib.13 for ; Tue, 11 Sep 2012 18:27:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=+nQIAP6WMYMkoWtOCGTIdOIT14vdX3E0bsBoP/tzZtQ=; b=NblDOb1hlUWU7Dq/Zen0T2npKphZjjkzrN7sDaN0RZXtPnhAkCDpUnnPQ5hvvN7tgV pCRg5vOxlie9Sbk9zrapE9VMXmBVQlbdf4oVVA2sn658HQ2ZDvvqhILF5fOAprT0Eaew sYY9P36+vA88GRFFg4jGBT9It0fA/VBdkQyPwGTu/7HGz2YqUocwx69EjeGgpQLiDFYd SCAXF2DVj2PW/IO8u5OPafRXuc11C0b7Jorsc8Ze/2pvWQoluOT8W/XhELVvXkhOpAsz 2CmtbQqoB5wsdHvnTIi/jM68Xk1n/GrbKLzhe4uzqFFEWJ1aeVh7AmtPZpT3v3xesUM5 r9kg== MIME-Version: 1.0 Received: by 10.180.109.129 with SMTP id hs1mr28963879wib.0.1347413247071; Tue, 11 Sep 2012 18:27:27 -0700 (PDT) Received: by 10.227.147.82 with HTTP; Tue, 11 Sep 2012 18:27:26 -0700 (PDT) X-Originating-IP: [98.231.163.44] In-Reply-To: <20120911230356.GF14077@x96.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> <20120911230356.GF14077@x96.org> Date: Tue, 11 Sep 2012 21:27:26 -0400 Message-ID: From: Samuel Ports To: Arthur Mesh X-Gm-Message-State: ALoCoQksfpraaniUpJZGr8Rz7+6MZczA+R5DKxWegn3NtJuB7oQzs+Tr3YwfRnqPJc81B10AcIHF Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 01:27:34 -0000 63 deleted messages and counting On Tue, Sep 11, 2012 at 7:03 PM, Arthur Mesh wrote: > On Tue, Sep 11, 2012 at 04:01:17PM -0700, Xin Li wrote: > > Well, 1:1 correspondence is when we fed full text to /dev/random, > > which we don't, right? Only the first 4K gets consumed. So: > > That's right. > > > Situation 1: we have 45K of plain text, and only first 4k is fed to > > /dev/random at about 5 bits of entropy per byte; > > > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > > first 4k is fed to /dev/random at more than 7.6 bits of entropy per byte; > > Best situation would be if yarrow properly consumed all the data > _and_ we fed less data with higher entropy in it ;-) > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 01:45:12 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BF44106564A; Wed, 12 Sep 2012 01:45:12 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from onyx.glenbarber.us (onyx.glenbarber.us [IPv6:2607:fc50:1000:c200::face]) by mx1.freebsd.org (Postfix) with ESMTP id 28C7F8FC0A; Wed, 12 Sep 2012 01:45:12 +0000 (UTC) Received: from glenbarber.us (unknown [IPv6:2001:470:8:1205:2:2:0:100]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: gjb) by onyx.glenbarber.us (Postfix) with ESMTPSA id CDCA723F6D9; Tue, 11 Sep 2012 21:45:10 -0400 (EDT) Date: Tue, 11 Sep 2012 21:45:07 -0400 From: Glen Barber To: Samuel Ports Message-ID: <20120912014507.GB1406@glenbarber.us> References: <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> <20120911230356.GF14077@x96.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org, freebsd-rc@freebsd.org Subject: Can't make everyone happy.... [Re: svn commit: r239569 - head/etc/rc.d] X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 01:45:12 -0000 --3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 11, 2012 at 09:27:26PM -0400, Samuel Ports wrote: > 63 deleted messages and counting >=20 Comments like this in this thread, and accusation of FreeBSD developers operating "behind closed doors" on other lists. It would be amusing, if it weren't so sad... Glen --3uo+9/B/ebqu+fSQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJQT+kjAAoJEFJPDDeguUajsVgH/1x/tRxTpVVi448C6CyJrYpw NN77TzJ4Xr181zVQy7HBE5KUEf8VJEpZkL8MVs7kXZvno2pFhASLSbyBgOF1stIF 1gUMZC5keJ0/+84VVQNqWF+TjiCXoGxCZz4VQhGJ5dkq1vxnNNZmTRKuwtOXXC0k IjYeroQ7SAMLsmi4s7QEJZ7JZixgW8drvIWVavbj00BkpugJKDHyuQfECQEhc0ug pZNTL+Y1057b8Oo8H4UAGLKncbFsU8WEIz062D5BwKdlRXMj129LhVEyCfJ2rXas 7V7DxiWw0y0VL+jYnC055R6cqf/qODsxQgCZfu1kKnEiD0mqJhg+WAr+nC1Z1m0= =sZkA -----END PGP SIGNATURE----- --3uo+9/B/ebqu+fSQ-- From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 07:53:40 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 8DD57106566B; Wed, 12 Sep 2012 07:53:40 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id E4EE914DA33; Wed, 12 Sep 2012 07:53:39 +0000 (UTC) Message-ID: <50503F83.2010308@FreeBSD.org> Date: Tue, 11 Sep 2012 21:53:39 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: d@delphij.net References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> <504F98E4.5090706@delphij.net> In-Reply-To: <504F98E4.5090706@delphij.net> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: crees@FreeBSD.org, freebsd-rc@FreeBSD.ORG, Xin Li Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 07:53:40 -0000 On 09/11/2012 10:02 AM, Xin Li wrote: > On 09/10/12 22:32, Doug Barton wrote: >> On 09/07/2012 13:18, Xin Li wrote: >>> Hi, > >>> Here is a patch that adds a new option, -R, to service(8), that >>> restarts all "local" services. Useful for after portmaster -a. > >> Since no one else has spoken up, I will. I dislike this idea >> rather strongly, and would not like to see it go in. It's >> incredibly rare that restarting all local services would be the >> right course of > > It's not rare after a port upgrade, and this makes it possible to stop > and start services in the right order. So what you and Chris are asserting is that it's frequently necessary to stop and restart ALL of your ports related services, AND that they have to be done in the right order? The latter is very rare (most ports services tend to be independent of each other). And in all my time administering FreeBSD systems, I have never thought to myself, "Boy, I need an easy way to restart all my local services." Can y'all give an actual example of when this might be necessary? Doug From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 07:55:36 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 512491065670; Wed, 12 Sep 2012 07:55:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 04D0D14DED1; Wed, 12 Sep 2012 07:55:34 +0000 (UTC) Message-ID: <50503FF6.4050605@FreeBSD.org> Date: Tue, 11 Sep 2012 21:55:34 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: Ian Lepore References: <50451D6E.30401@FreeBSD.org> <20120903214638.GO1464@x96.org> <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <867gs2hqtt.fsf@ds4.des.no> <20120911054608.GA72584@dragon.NUXI.org> <1347373256.1137.52.camel@revolution.hippie.lan> In-Reply-To: <1347373256.1137.52.camel@revolution.hippie.lan> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@FreeBSD.ORG, Peter Jeremy , obrien@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, RW , =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 07:55:36 -0000 On 09/11/2012 04:20 AM, Ian Lepore wrote: > On Mon, 2012-09-10 at 22:46 -0700, David O'Brien wrote: >> >>> -r just changes the sort order, which is probably pointless. >> >> I'm not wedded to "-r", but since you're proposing this to not use "-r", >> which Ian Lepore suggested after instrumenting /etc/rc.d/initrandom and >> looking at the output, please show a diff of two boots with "-r" and >> without "-r" so can see what the change really is. >> > > I observed that the order of displayed processes could differ from one > reboot to the next, even on an embedded system where little else > differed. It seemed to me that a difference in order, while small, > might be significant. Yes, even small changes that early in the process help with the replay scenario, even if they don't feed a large amount of unique entropy into the device. Doug From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 08:05:32 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 86218106564A; Wed, 12 Sep 2012 08:05:32 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 13A4314DD87; Wed, 12 Sep 2012 08:05:30 +0000 (UTC) Message-ID: <5050424A.8080902@FreeBSD.org> Date: Tue, 11 Sep 2012 22:05:30 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: Arthur Mesh References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> In-Reply-To: <20120911224855.GE14077@x96.org> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 08:05:32 -0000 On 09/11/2012 12:48 PM, Arthur Mesh wrote: > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: >> Using gzip is better than not using it though, since 4k worth of >> compressed data is better than 4k worth of plain text because of >> higher entropy destiny (note that the FreeBSD gzip uses 64K of >> input/output buffer for compression by the way so maybe only the first >> 64K is meaningful if we take only 4k of output). > > Since there is 1:1 correspondence between compressed and uncompressed > data, entropy should be the same in both. I am not sure it's better to > use compression than not -- you do end up seeding fewer bytes to yarrow, > but you spend more CPU cycles compressing it... Arthur is right here on both counts. We considered both compression and hashing 12 years ago and rejected them for these reasons. Arthur is also correct that fixing the process of feeding the entropy into the device (on either the input end, the receiving end, or both) is the right answer. David is also right about at least one thing, please actually read the Yarrow paper before making suggestions. We're wasting a lot of time with things that are irrelevant at best. Doug From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 08:11:42 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF9E7106566B; Wed, 12 Sep 2012 08:11:41 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id CC2AA8FC14; Wed, 12 Sep 2012 08:11:41 +0000 (UTC) Received: from Xins-MacBook-Pro.local (c-67-188-85-47.hsd1.ca.comcast.net [67.188.85.47]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 7EE561E0BF; Wed, 12 Sep 2012 01:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1347437501; bh=4OGs3sXjD/Cfm/GOgPedZg/vRS5N/cfBIj2BJ/GLWd0=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=BQs4YNtbB3rV2zvZ6cjXeBH9/3SHaGR0vichn8jSvYP2GRdengBD3GTjSZ2SCJeQD svmzeWtshroLK5H8cCiTZQBrD35gv8joy/K8u7gPzkEMBQYCnD6A9igeyErR5tZAmO fK5SzU6cHfO1r148L7bq6hlJdsYXor4o/gqZP00o= Message-ID: <505043BB.1040709@delphij.net> Date: Wed, 12 Sep 2012 01:11:39 -0700 From: Xin Li Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: Doug Barton References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> <504F98E4.5090706@delphij.net> <50503F83.2010308@FreeBSD.org> In-Reply-To: <50503F83.2010308@FreeBSD.org> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: crees@FreeBSD.org, freebsd-rc@FreeBSD.ORG, d@delphij.net Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 08:11:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 9/12/12 12:53 AM, Doug Barton wrote: > On 09/11/2012 10:02 AM, Xin Li wrote: >> On 09/10/12 22:32, Doug Barton wrote: >>> On 09/07/2012 13:18, Xin Li wrote: >>>> Hi, >> >>>> Here is a patch that adds a new option, -R, to service(8), >>>> that restarts all "local" services. Useful for after >>>> portmaster -a. >> >>> Since no one else has spoken up, I will. I dislike this idea >>> rather strongly, and would not like to see it go in. It's >>> incredibly rare that restarting all local services would be >>> the right course of >> >> It's not rare after a port upgrade, and this makes it possible to >> stop and start services in the right order. > > So what you and Chris are asserting is that it's frequently > necessary to stop and restart ALL of your ports related services, > AND that they have to be done in the right order? The latter is > very rare (most ports Really? > services tend to be independent of each other). And in all my time > administering FreeBSD systems, I have never thought to myself, > "Boy, I need an easy way to restart all my local services." > > Can y'all give an actual example of when this might be necessary? Run OpenLDAP as backend, with dovecot as IMAP store, postfix as MTA, clamav and amavisd-new, mailman for mailing list, a postfix policy daemon that stores certain persistent data in MySQL. Now, OpenLDAP, clamav and MySQL updates. No, not every application handles restarts gracefully, they need to be restarted. Cheers, -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iQEcBAEBCAAGBQJQUEO7AAoJEG80Jeu8UPuz/iQIAJ8TgOFqGuJfP8pu6oy5jrNU ykq255a/IyUtLKAxyleF/sd1Dfx8IObMdo2v6T2sN4dU9MFIB+wsYVyUS57+mWkI F0AlKK+bGguf9lWXsWNUUC2BJi8CIwAhxLCxbtF90/eezjLHHYl8u+hGvLKVJ9rG kjn7sf5fGFSj14Nsf7OBvYBs/Kv746lXESNN3WfDmlUwrJ7poN83txiWZ+0gqodr +AY1vFNeaL4FmP8YvNq+oDGZV0/9ce0fuauKj8gAA8XfhlBednDm07H9l/66saI5 g2SMAeYkRUGenVVQo6+f9TdjTdaP+oSgBBCw5HdkFlw3GSrRLXwc9uObDyJ2HSo= =90A9 -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 08:24:47 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.ORG Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id C5E75106564A; Wed, 12 Sep 2012 08:24:47 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id B754C14F667; Wed, 12 Sep 2012 08:24:46 +0000 (UTC) Message-ID: <505046CE.7010000@FreeBSD.org> Date: Tue, 11 Sep 2012 22:24:46 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: d@delphij.net References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> <504F98E4.5090706@delphij.net> <50503F83.2010308@FreeBSD.org> <505043BB.1040709@delphij.net> In-Reply-To: <505043BB.1040709@delphij.net> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: crees@FreeBSD.org, freebsd-rc@FreeBSD.ORG, Xin Li Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 08:24:47 -0000 Ok, whatever. No objections from me. From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 09:26:20 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 08904106564A; Wed, 12 Sep 2012 09:26:20 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id B626D8FC08; Wed, 12 Sep 2012 09:26:19 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 77308688B; Wed, 12 Sep 2012 11:26:18 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 4794E8C1F; Wed, 12 Sep 2012 11:26:18 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: d@delphij.net References: <20120911061530.GA77399@dragon.NUXI.org> <504EDC67.9070700@FreeBSD.org> <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> Date: Wed, 12 Sep 2012 11:26:17 +0200 In-Reply-To: <504FC2BD.6070402@delphij.net> (Xin Li's message of "Tue, 11 Sep 2012 16:01:17 -0700") Message-ID: <86sjansibq.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 09:26:20 -0000 Xin Li writes: > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; > > Situation 2: we have 45K of plain text, compress to e.g. 25K and only > first 4k is fed to /dev/random at more than 7.6 bits of entropy per byte; > > Therefore I think Situation 2 is better than situation 1. Yes, that was why I suggested using compression. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 09:45:55 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA09D106566C; Wed, 12 Sep 2012 09:45:54 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id B39EA8FC1B; Wed, 12 Sep 2012 09:45:53 +0000 (UTC) Received: by eeke52 with SMTP id e52so1179205eek.13 for ; Wed, 12 Sep 2012 02:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=ZynwWp875FjQIPiynQJkc3VysFHgqt3E0gyNeGg3Ogg=; b=VkcCoZrc2gpjVp93wiCUcteXLs3G3hna1rf7CbPYLqxkKUAEYJNSzImJprbVKgRc1g pFJb6nQD/Z+ih40iDyJ/hQdq7jlJbNUDojc0ngcTySSAwtrhAD65BcvAAsbupalqv+BA et4jDaPAE/XpCL4xHItIotxon70MFqbO30NZgijPPsMjpdy6Sqx7XokvkIGNSBVjmTWV qXTQfFtI+ap/LaDKav5YwISm0SbsYDSpDZDfdxw8hhSK91UGFocluHDKfQ6M3M9cv9y7 RoZBQuI7XQ0EMrIFdAO9zUSWOsj5KaLeozSHdjVQAXErhoYTBa+pRCnV518OkptQOzCS lsDQ== Received: by 10.14.218.134 with SMTP id k6mr30042619eep.14.1347443150701; Wed, 12 Sep 2012 02:45:50 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id a7sm54572393eep.14.2012.09.12.02.45.48 (version=SSLv3 cipher=OTHER); Wed, 12 Sep 2012 02:45:49 -0700 (PDT) Date: Wed, 12 Sep 2012 10:45:47 +0100 From: RW To: obrien@freebsd.org Message-ID: <20120912104547.1d0061c1@gumby.homeunix.com> In-Reply-To: <20120911082309.GD72584@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, Xin Li , freebsd-security@freebsd.org, Mark Murray Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 09:45:55 -0000 On Tue, 11 Sep 2012 01:23:09 -0700 David O'Brien wrote: > > On 09/10/2012 23:46, David O'Brien wrote: > > > In what way did I suggest we don't need to seed the PRNG? > > > I simply removed an outdated and incorrect statement. > > > > Yes, the comment as it stood was out of date. I'm not sure that > > removing it (rather than rephrasing it) was the right call. > > Doug you're a FreeBSD committer, you know how to use an editor and > 'svn diff'. Where is your patch suggesting a rephrase? > > > > > In fact writing into /dev/random CANNOT "seeded" yarrow. > > > All /dev/random input is untrusted and is assumed to have _0_ > > > entropy: > > > > > > void > > > random_yarrow_write(void *buf, int count) > > > { > > > ... > > > random_harvest_internal(get_cyclecount(), (char *)buf + i, > > > chunk, 0, 0, RANDOM_WRITE); > > > > You're taking that out of context. The 0 there is just an estimate, > > but it's added to the tailq anyway. > > Yes the input written to /dev/random is put into the generator > (provided you have the seed buffer space). > > The "0, 0" is the 'bits' and 'frac' argument to > random_harvest_internal(), which become 'event->bits' and > 'event->frac'. Follow the code from there and point out how I am > wrong. > It doesn't make any difference. When root close the device a forced slow reseed is done (after the yarrow thread completes feeding the data into yarrow). Since this is unconditional and clears the entropy accounting, the entropy estimate is irrelevant to rc.d/, which runs as root. The entropy estimated at zero bits is so that an *unpriveleged* user can't feed in his own input, corrupt the entropy estimation and perform a state-extension attack. On Tue, 11 Sep 2012 00:12:06 -0700 Doug Barton wrote: > I'm also tired of repeating why writing out a new /entropy file at > boot time makes the system weaker, not stronger. That's not really true. The entropy file contains up to 256 bits of entropy, if yarrow is correctly seeded with that then that entropy will be in the 256-bit key which will produce a new file that also contains that entropy. From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 14:43:55 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF423106564A; Wed, 12 Sep 2012 14:43:55 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214]) by mx1.freebsd.org (Postfix) with ESMTP id C9B1B8FC17; Wed, 12 Sep 2012 14:43:54 +0000 (UTC) Received: from damnhippie.dyndns.org (daffy.symmetricom.us [206.168.13.218]) by duck.symmetricom.us (8.14.5/8.14.5) with ESMTP id q8CEhl3E024837; Wed, 12 Sep 2012 08:43:47 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id q8CEhgQA050837; Wed, 12 Sep 2012 08:43:42 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) From: Ian Lepore To: obrien@freebsd.org In-Reply-To: <20120912000738.GA90897@dragon.NUXI.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> <20120912000738.GA90897@dragon.NUXI.org> Content-Type: text/plain; charset="us-ascii" Date: Wed, 12 Sep 2012 08:43:42 -0600 Message-ID: <1347461022.1110.29.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, RW , Dag-Erling =?UTF-8?Q?=EF=BF=BD?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 14:43:55 -0000 On Tue, 2012-09-11 at 17:07 -0700, David O'Brien wrote: > On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: > > Please consider using sha512... > > What is the performance (boot time) impact on low-end MIPS and ARM > systems? > > I'm all for sha512, but don't want to be shot with a machine gun (vs. > simple pistol). > For the embedded systems I take care of, the performance problem on low-end systems is likely to be solved by ignoring all of this angels dancing on a pin stuff and supplying an alternate kickstart mechanism appropriate to the way the system is used (which almost surely won't be in any national security datacenter). I can assure you that neither shaXXX nor gzip nor anything else that eats that many cycles will be involved. :) I just hope one of things coming out of all this is a reasonable mechanism for supplying alternate kickstart data. -- Ian From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 16:14:07 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83D69106564A for ; Wed, 12 Sep 2012 16:14:07 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E0F6A8FC14 for ; Wed, 12 Sep 2012 16:14:06 +0000 (UTC) Received: by obbun3 with SMTP id un3so3645624obb.13 for ; Wed, 12 Sep 2012 09:14:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=w+2K0tBmEK+bkNh4Xd54bPrtCQkqvugMM5zQzGrpuKQ=; b=CRiqm+2imoizr4XkRaa16Hq7dPFxl7YYf09LAich1cbJ9mgh8RQW4GeTnmRmJ6wB2T wX9x5IqKmhE09JAWwjDXclInhH3lXQX6uAWqEdxaf0MSGsLMyscfpWVLAD5ZDDa3qyjl h4hfTmPuEO5N+02gs+xD/L6VSoDp6d01whySDvG21jiY4i2gLu1GYfk8T+iRw18oORDH 7M/SxGmQ3DQlvrLXS2WO2Y2ud2PJ/BMcg9WsXM5uHtI0BUil8XRt19Z1wWxq+0svVrmE fK3S9F821GsHmAg8Oy7yDr5bB7+YWjxwfHXmXy8fB37QMGF5xg+awojgY9W3+1NUFnjc eiiA== Received: by 10.60.24.7 with SMTP id q7mr23009002oef.54.1347466445966; Wed, 12 Sep 2012 09:14:05 -0700 (PDT) Received: from [192.168.1.105] (ppp-70-252-140-146.dsl.ksc2mo.swbell.net. [70.252.140.146]) by mx.google.com with ESMTPS id 5sm15205548oeq.4.2012.09.12.09.13.50 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 12 Sep 2012 09:14:03 -0700 (PDT) Sender: Warner Losh Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Warner Losh In-Reply-To: <1347461022.1110.29.camel@revolution.hippie.lan> Date: Wed, 12 Sep 2012 11:13:49 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <317B4762-3530-49E5-B861-67773819FC5E@bsdimp.com> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> <20120912000738.GA90897@dragon.NUXI.org> <1347461022.1110.29.camel@revolution.hippie.lan> To: Ian Lepore X-Mailer: Apple Mail (2.1084) X-Gm-Message-State: ALoCoQm8lPDpJ6WbxgqsEm07dT7Ku181FiWiJ7A5xR43twT5qQSlhJHOBhXeZHEY//5PAR/mCYYr Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, RW , d@delphij.net, =?utf-8?Q?Dag-Erling_=EF=BF=BD?= Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 16:14:07 -0000 On Sep 12, 2012, at 9:43 AM, Ian Lepore wrote: > On Tue, 2012-09-11 at 17:07 -0700, David O'Brien wrote: >> On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: >>> Please consider using sha512... >>=20 >> What is the performance (boot time) impact on low-end MIPS and ARM >> systems? >>=20 >> I'm all for sha512, but don't want to be shot with a machine gun (vs. >> simple pistol). >>=20 >=20 > For the embedded systems I take care of, the performance problem on > low-end systems is likely to be solved by ignoring all of this angels > dancing on a pin stuff and supplying an alternate kickstart mechanism > appropriate to the way the system is used (which almost surely won't = be > in any national security datacenter). >=20 > I can assure you that neither shaXXX nor gzip nor anything else that > eats that many cycles will be involved. :) >=20 > I just hope one of things coming out of all this is a reasonable > mechanism for supplying alternate kickstart data. Yea, it doesn't have to be completely unique per boot, it just needs to = be something not the same and not too predictable for yarrow to work = well. Another part of the entropy will be the timings of all the = interrupts and what not after things are seeded, and that is very hard = to control... Just having it as a decent function that can easily be overridden in = /etc/rc.conf or some other well-known mechanism would easily solve this = problem for special needs folks without placing an undue burden on them = or on the main system. Warner= From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 20:33:33 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA1C9106566B; Wed, 12 Sep 2012 20:33:33 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 8D41B8FC0A; Wed, 12 Sep 2012 20:33:33 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 04B89B93B; Wed, 12 Sep 2012 16:33:33 -0400 (EDT) From: John Baldwin To: freebsd-security@freebsd.org Date: Wed, 12 Sep 2012 16:28:17 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p17; KDE/4.5.5; amd64; ; ) References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> In-Reply-To: <504F0687.7020309@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201209121628.18088.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Wed, 12 Sep 2012 16:33:33 -0400 (EDT) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:33:33 -0000 On Tuesday, September 11, 2012 5:38:15 am Doug Barton wrote: > >>> Also, both jbh <201209050944.38042.jhb@freebsd.org> and RW > >>> <20120905021248.5a17ace9@gumby.homeunix.com> feel this likely does > >>> happen just from reading the code. Please explain from either > >>> (1) a code reading, or (2) your own instrumented kernel that dropping > >>> of input to /dev/random does not occur. > >> > >> Once again, you're the one asserting that there is a problem with a > >> system that has worked well for 12 years, so the burden of proof is on > >> you. That said, I'm interested in Arthur's evidence. > > > > Are you not a sufficient C programmer that you couldn't hack this up > > yourself with the amount of time you've spent arguing it? > > Seriously. Stop being such an ass. > > I've said lots of times now that my FreeBSD time is limited, and THE > BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're > right, the truth will benefit all of us. Having watched this thread mostly from the outside, I have to say this much: this is a really rediculous argument that works both ways. Just because we don't have a documented vulnerability doesn't mean it doesn't exist either. Also, you are clearly wrong about /dev/random dropping input and refuse to admit that. To me that taints all your other claims and really weakens your arguments. -- John Baldwin From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 20:45:46 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 3E9AC106564A; Wed, 12 Sep 2012 20:45:46 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 6DA3714D9E9; Wed, 12 Sep 2012 20:45:44 +0000 (UTC) Message-ID: <5050F477.8060409@FreeBSD.org> Date: Wed, 12 Sep 2012 10:45:43 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: John Baldwin References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> In-Reply-To: <201209121628.18088.jhb@freebsd.org> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:45:46 -0000 On 9/12/2012 10:28 AM, John Baldwin wrote: > On Tuesday, September 11, 2012 5:38:15 am Doug Barton wrote: >> I've said lots of times now that my FreeBSD time is limited, and THE >> BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're >> right, the truth will benefit all of us. > > Having watched this thread mostly from the outside, I have to say this much: > this is a really rediculous argument that works both ways. Just because we > don't have a documented vulnerability doesn't mean it doesn't exist either. So it's Ok to make serious changes to a system that has worked well for 12 years with no actual proof that there is a problem? If I had gone in and changed a bunch of kernel structures because I was convinced that we could do things better, wouldn't there be a chorus of people screaming at me to provide proof of my claims? > Also, you are clearly wrong about /dev/random dropping input and refuse to > admit that. I have never said, "We are not dropping input." I have asked that the claimed problem(s) be demonstrated so that we can apply the right solution(s). Apparently Arthur has done this work, but has chosen to only share it privately with secteam@. I await the results with baited breath. :) What I HAVE done is offer solutions that both address Arthur and David's concerns about replay attacks without gutting the existing system. What Arthur and David have done is repeat their position ad infinitum in spite of my having pointed out equally often that they have misapplied what they have read. > To me that taints all your other claims and really weakens your > arguments. Well lately everything I say is de facto wrong, so I'm not surprised that you feel this way. :) Doug From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 20:48:55 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id AC8341065674; Wed, 12 Sep 2012 20:48:55 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id B3A8F161A55; Wed, 12 Sep 2012 20:48:18 +0000 (UTC) Message-ID: <5050F511.6050305@FreeBSD.org> Date: Wed, 12 Sep 2012 10:48:17 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: Ian Lepore References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> <20120912000738.GA90897@dragon.NUXI.org> <1347461022.1110.29.camel@revolution.hippie.lan> In-Reply-To: <1347461022.1110.29.camel@revolution.hippie.lan> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, =?UTF-8?B?RGFnLQ==?=, obrien@freebsd.org, RW , =?UTF-8?B?RXJsaW5nIO+/vQ==?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:48:55 -0000 On 9/12/2012 4:43 AM, Ian Lepore wrote: > On Tue, 2012-09-11 at 17:07 -0700, David O'Brien wrote: >> On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote: >>> Please consider using sha512... >> >> What is the performance (boot time) impact on low-end MIPS and ARM >> systems? >> >> I'm all for sha512, but don't want to be shot with a machine gun (vs. >> simple pistol). >> > > For the embedded systems I take care of, the performance problem on > low-end systems is likely to be solved by ignoring all of this angels > dancing on a pin stuff and supplying an alternate kickstart mechanism > appropriate to the way the system is used (which almost surely won't be > in any national security datacenter). > > I can assure you that neither shaXXX nor gzip nor anything else that > eats that many cycles will be involved. :) > > I just hope one of things coming out of all this is a reasonable > mechanism for supplying alternate kickstart data. I haven't yet heard any feedback on my suggestion to have one set of default "safe" commands that are low-impact enough for embedded systems, and another set to be added by default to more standard systems. Do you think that this would address your concerns Ian? Doug From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 21:03:34 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF1911065673; Wed, 12 Sep 2012 21:03:34 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from duck.symmetricom.us (duck.symmetricom.us [206.168.13.214]) by mx1.freebsd.org (Postfix) with ESMTP id 3C3968FC1D; Wed, 12 Sep 2012 21:03:28 +0000 (UTC) Received: from damnhippie.dyndns.org (daffy.symmetricom.us [206.168.13.218]) by duck.symmetricom.us (8.14.5/8.14.5) with ESMTP id q8CL3Q7v030230; Wed, 12 Sep 2012 15:03:27 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id q8CL3MLw051093; Wed, 12 Sep 2012 15:03:22 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) From: Ian Lepore To: Doug Barton In-Reply-To: <5050F511.6050305@FreeBSD.org> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911230121.GA90289@dragon.NUXI.org> <504FC7B0.2060706@delphij.net> <20120912000738.GA90897@dragon.NUXI.org> <1347461022.1110.29.camel@revolution.hippie.lan> <5050F511.6050305@FreeBSD.org> Content-Type: text/plain; charset="us-ascii" Date: Wed, 12 Sep 2012 15:03:21 -0600 Message-ID: <1347483801.1110.78.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Dag-Erling, freebsd-rc@FreeBSD.org, obrien@FreeBSD.org, RW , =?UTF-8?Q?=EF=BF=BD?= , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 21:03:35 -0000 On Wed, 2012-09-12 at 10:48 -1000, Doug Barton wrote: > > I haven't yet heard any feedback on my suggestion to have one set of > default "safe" commands that are low-impact enough for embedded > systems, > and another set to be added by default to more standard systems. > > Do you think that this would address your concerns Ian? > > Doug I think I missed that suggestion (there came a point where I stopped paying much attention to this thread except to provide what little info I garnered with those experiments last year). So you mean something like entries in defaults/rc.conf, a default one for most systems, and one that has a set of commands good for a limited-power system, so that someone could easily choose it in their rc.conf with a line such as initrandom_kickstart_cmd=initrandom_slowcpu_kickstart_cmd That seems like a pretty good idea to me. Provide both a "full control to the admin" knob and a serving suggestion. -- Ian From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 21:31:51 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F14C1065670; Wed, 12 Sep 2012 21:31:51 +0000 (UTC) (envelope-from arthurmesh@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 162B58FC0A; Wed, 12 Sep 2012 21:31:50 +0000 (UTC) Received: by pbbrp2 with SMTP id rp2so3210985pbb.13 for ; Wed, 12 Sep 2012 14:31:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=HjMeUYWP08YvwUQvvP5NnP5QAggk1gHd2Ay8xrNp4y0=; b=sB8Tx8ryThHszYHLfuLeXTATHwdZjIo1axz1shorOUpoAyaU02cLlYS/gJk6Lh1UsO 8Xcctw7knyo/bQjSt7eHTYF04xthbxlzIcuspvV6PiuHIpUJ5tM2M9IJUnMjcGwwppqr d0l0UuFuS1zG0ppJFSbGzw+Bk0rwscp8GybMRrx0v3vFNhyl5Bi6jxlPp2iiJY1Vk08H g8EdEQ/jDoElfHSrKwJ+bOeohyNnGpUhiyB4VRh55mRAlH1wkyHMDCXAkKQmClKEfqc6 iiWbDwyk1nRU6lNy7W+AkCCsvkWZ3p/GPSY9fTEKYHFw1o3RjE4MQ6ypNJtnOehXoAlf DR9g== Received: by 10.66.85.166 with SMTP id i6mr2546938paz.45.1347485510238; Wed, 12 Sep 2012 14:31:50 -0700 (PDT) Received: from x96.org (x96.org. [64.85.165.177]) by mx.google.com with ESMTPS id qb6sm12005385pbb.18.2012.09.12.14.31.43 (version=SSLv3 cipher=OTHER); Wed, 12 Sep 2012 14:31:47 -0700 (PDT) Date: Wed, 12 Sep 2012 14:31:41 -0700 From: Arthur Mesh To: Doug Barton Message-ID: <20120912213141.GI14077@x96.org> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5050F477.8060409@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , freebsd-rc@freebsd.org, John Baldwin , obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 21:31:51 -0000 On Wed, Sep 12, 2012 at 10:45:43AM -1000, Doug Barton wrote: > solution(s). Apparently Arthur has done this work, but has chosen to > only share it privately with secteam@. I await the results with baited > breath. :) Here is a hexdump of data that yarrow consumes from initrandom in 9-STABLE (w/o CPU counters): I did modify initrandom to insert some markers: --- /usr/src/etc/rc.d/initrandom 2011-08-12 16:00:48.000000000 -0700 +++ /etc/rc.d/initrandom 2012-09-07 20:47:09.000000000 -0700 @@ -52,6 +52,9 @@ fi fi + # 1st marker + echo "XXXX" > /dev/random + # XXX temporary until we can improve the entropy # harvesting rate. # Entropy below is not great, but better than nothing. @@ -60,6 +63,9 @@ | dd of=/dev/random bs=8k 2>/dev/null cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null + # 2nd marker + echo "YYYY" > /dev/random + # First pass at reseeding /dev/random. # case ${entropy_file} in @@ -72,6 +78,9 @@ ;; esac + # 3rd marker + echo "ZZZZ" > /dev/random + echo -n ' kickstart' fi As you can see, only first ps, and part of sysctl is consumed. Rest of the pipe is dropped. Contents of ls(1) follow and then parts of entropy files. 00000000 58 58 58 58 0a 55 53 45 52 20 50 49 44 20 25 43 |XXXX.USER PID %C| 00000010 50 55 20 25 4d 45 4d 20 20 20 56 53 5a 20 20 52 |PU %MEM VSZ R| 00000020 53 53 20 54 54 20 20 53 54 41 54 20 53 54 41 52 |SS TT STAT STAR| 00000030 54 45 44 20 20 20 20 54 49 4d 45 20 43 4f 4d 4d |TED TIME COMM| 00000040 41 4e 44 0a 72 6f 6f 74 20 20 31 31 20 37 30 2e |AND.root 11 70.| 00000050 38 20 20 30 2e 30 20 20 20 20 20 30 20 20 20 33 |8 0.0 0 3| 00000060 32 20 3f 3f 20 20 52 4c 20 20 20 20 31 3a 34 37 |2 ?? RL 1:47| 00000070 50 4d 20 30 3a 30 32 2e 31 31 20 5b 69 64 6c 65 |PM 0:02.11 [idle| 00000080 5d 0a 72 6f 6f 74 20 20 20 33 20 32 34 2e 37 20 |].root 3 24.7 | 00000090 20 30 2e 30 20 20 20 20 20 30 20 20 20 31 36 20 | 0.0 0 16 | 000000a0 3f 3f 20 20 44 4c 20 20 20 20 31 3a 34 37 50 4d |?? DL 1:47PM| 000000b0 20 30 3a 30 30 2e 30 30 20 5b 66 64 63 30 5d 0a | 0:00.00 [fdc0].| 000000c0 72 6f 6f 74 20 20 20 35 20 32 34 2e 33 20 20 30 |root 5 24.3 0| 000000d0 2e 30 20 20 20 20 20 30 20 20 20 31 36 20 3f 3f |.0 0 16 ??| 000000e0 20 20 44 4c 20 20 20 20 31 3a 34 37 50 4d 20 30 | DL 1:47PM 0| 000000f0 3a 30 30 2e 30 30 20 5b 78 70 74 5f 74 68 72 64 |:00.00 [xpt_thrd| 00000100 5d 0a 72 6f 6f 74 20 20 20 30 20 20 30 2e 33 20 |].root 0 0.3 | 00000110 20 30 2e 30 20 20 20 20 20 30 20 20 31 37 36 20 | 0.0 0 176 | 00000120 3f 3f 20 20 44 4c 73 20 20 20 31 3a 34 37 50 4d |?? DLs 1:47PM| 00000130 20 30 3a 30 30 2e 30 30 20 5b 6b 65 72 6e 65 6c | 0:00.00 [kernel| 00000140 5d 0a 72 6f 6f 74 20 20 20 36 20 20 30 2e 33 20 |].root 6 0.3 | 00000150 20 30 2e 30 20 20 20 20 20 30 20 20 20 31 36 20 | 0.0 0 16 | 00000160 3f 3f 20 20 44 4c 20 20 20 20 31 3a 34 37 50 4d |?? DL 1:47PM| 00000170 20 30 3a 30 30 2e 30 30 20 5b 70 61 67 65 64 61 | 0:00.00 [pageda| 00000180 65 6d 6f 6e 5d 0a 72 6f 6f 74 20 20 20 37 20 20 |emon].root 7 | 00000190 30 2e 33 20 20 30 2e 30 20 20 20 20 20 30 20 20 |0.3 0.0 0 | 000001a0 20 31 36 20 3f 3f 20 20 44 4c 20 20 20 20 31 3a | 16 ?? DL 1:| 000001b0 34 37 50 4d 20 30 3a 30 30 2e 30 30 20 5b 76 6d |47PM 0:00.00 [vm| 000001c0 64 61 65 6d 6f 6e 5d 0a 72 6f 6f 74 20 20 20 38 |daemon].root 8| 000001d0 20 20 30 2e 33 20 20 30 2e 30 20 20 20 20 20 30 | 0.3 0.0 0| 000001e0 20 20 20 31 36 20 3f 3f 20 20 44 4c 20 20 20 20 | 16 ?? DL | 000001f0 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 30 20 5b |1:47PM 0:00.00 [| 00000200 70 61 67 65 7a 65 72 6f 5d 0a 72 6f 6f 74 20 20 |pagezero].root | 00000210 20 39 20 20 30 2e 33 20 20 30 2e 30 20 20 20 20 | 9 0.3 0.0 | 00000220 20 30 20 20 20 31 36 20 3f 3f 20 20 44 4c 20 20 | 0 16 ?? DL | 00000230 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 30 | 1:47PM 0:00.00| 00000240 20 5b 62 75 66 64 61 65 6d 6f 6e 5d 0a 72 6f 6f | [bufdaemon].roo| 00000250 74 20 20 31 36 20 20 30 2e 33 20 20 30 2e 30 20 |t 16 0.3 0.0 | 00000260 20 20 20 20 30 20 20 20 31 36 20 3f 3f 20 20 44 | 0 16 ?? D| 00000270 4c 20 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 |L 1:47PM 0:00| 00000280 2e 30 30 20 5b 76 6e 6c 72 75 5d 0a 72 6f 6f 74 |.00 [vnlru].root| 00000290 20 20 31 37 20 20 30 2e 33 20 20 30 2e 30 20 20 | 17 0.3 0.0 | 000002a0 20 20 20 30 20 20 20 31 36 20 3f 3f 20 20 44 4c | 0 16 ?? DL| 000002b0 20 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e | 1:47PM 0:00.| 000002c0 30 30 20 5b 73 79 6e 63 65 72 5d 0a 72 6f 6f 74 |00 [syncer].root| 000002d0 20 20 31 38 20 20 30 2e 33 20 20 30 2e 30 20 20 | 18 0.3 0.0 | 000002e0 20 20 20 30 20 20 20 31 36 20 3f 3f 20 20 44 4c | 0 16 ?? DL| 000002f0 20 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e | 1:47PM 0:00.| 00000300 30 30 20 5b 73 6f 66 74 64 65 70 66 6c 75 73 68 |00 [softdepflush| 00000310 5d 0a 72 6f 6f 74 20 20 20 31 20 20 30 2e 30 20 |].root 1 0.0 | 00000320 20 30 2e 30 20 20 36 32 37 36 20 20 34 36 38 20 | 0.0 6276 468 | 00000330 3f 3f 20 20 53 4c 73 20 20 20 31 3a 34 37 50 4d |?? SLs 1:47PM| 00000340 20 30 3a 30 30 2e 30 30 20 2f 73 62 69 6e 2f 69 | 0:00.00 /sbin/i| 00000350 6e 69 74 20 2d 2d 0a 72 6f 6f 74 20 20 20 32 20 |nit --.root 2 | 00000360 20 30 2e 30 20 20 30 2e 30 20 20 20 20 20 30 20 | 0.0 0.0 0 | 00000370 20 20 31 36 20 3f 3f 20 20 44 4c 20 20 20 20 31 | 16 ?? DL 1| 00000380 3a 34 37 50 4d 20 30 3a 30 30 2e 30 30 20 5b 63 |:47PM 0:00.00 [c| 00000390 74 6c 5f 74 68 72 64 5d 0a 72 6f 6f 74 20 20 20 |tl_thrd].root | 000003a0 34 20 20 30 2e 30 20 20 30 2e 30 20 20 20 20 20 |4 0.0 0.0 | 000003b0 30 20 20 20 31 36 20 3f 3f 20 20 44 4c 20 20 20 |0 16 ?? DL | 000003c0 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 30 20 | 1:47PM 0:00.00 | 000003d0 5b 73 63 74 70 5f 69 74 65 72 61 74 6f 72 5d 0a |[sctp_iterator].| 000003e0 72 6f 6f 74 20 20 31 30 20 20 30 2e 30 20 20 30 |root 10 0.0 0| 000003f0 2e 30 20 20 20 20 20 30 20 20 20 31 36 20 3f 3f |.0 0 16 ??| 00000400 20 20 44 4c 20 20 20 20 31 3a 34 37 50 4d 20 30 | DL 1:47PM 0| 00000410 3a 30 30 2e 30 30 20 5b 61 75 64 69 74 5d 0a 72 |:00.00 [audit].r| 00000420 6f 6f 74 20 20 31 32 20 20 30 2e 30 20 20 30 2e |oot 12 0.0 0.| 00000430 30 20 20 20 20 20 30 20 20 32 34 30 20 3f 3f 20 |0 0 240 ?? | 00000440 20 57 4c 20 20 20 20 31 3a 34 37 50 4d 20 30 3a | WL 1:47PM 0:| 00000450 30 30 2e 30 31 20 5b 69 6e 74 72 5d 0a 72 6f 6f |00.01 [intr].roo| 00000460 74 20 20 31 33 20 20 30 2e 30 20 20 30 2e 30 20 |t 13 0.0 0.0 | 00000470 20 20 20 20 30 20 20 20 34 38 20 3f 3f 20 20 44 | 0 48 ?? D| 00000480 4c 20 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 |L 1:47PM 0:00| 00000490 2e 30 31 20 5b 67 65 6f 6d 5d 0a 72 6f 6f 74 20 |.01 [geom].root | 000004a0 20 31 34 20 20 30 2e 30 20 20 30 2e 30 20 20 20 | 14 0.0 0.0 | 000004b0 20 20 30 20 20 20 31 36 20 3f 3f 20 20 44 4c 20 | 0 16 ?? DL | 000004c0 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 | 1:47PM 0:00.0| 000004d0 30 20 5b 79 61 72 72 6f 77 5d 0a 72 6f 6f 74 20 |0 [yarrow].root | 000004e0 20 31 35 20 20 30 2e 30 20 20 30 2e 30 20 20 20 | 15 0.0 0.0 | 000004f0 20 20 30 20 20 35 31 32 20 3f 3f 20 20 44 4c 20 | 0 512 ?? DL | 00000500 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 | 1:47PM 0:00.0| 00000510 30 20 5b 75 73 62 5d 0a 72 6f 6f 74 20 20 31 39 |0 [usb].root 19| 00000520 20 20 30 2e 30 20 20 30 2e 31 20 31 34 35 30 34 | 0.0 0.1 14504| 00000530 20 31 39 30 30 20 76 30 20 20 53 73 2b 20 20 20 | 1900 v0 Ss+ | 00000540 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 31 20 73 |1:47PM 0:00.01 s| 00000550 68 20 2f 65 74 63 2f 72 63 20 61 75 74 6f 62 6f |h /etc/rc autobo| 00000560 6f 74 0a 72 6f 6f 74 20 20 33 36 20 20 30 2e 30 |ot.root 36 0.0| 00000570 20 20 30 2e 31 20 31 34 35 30 34 20 31 39 35 36 | 0.1 14504 1956| 00000580 20 76 30 20 20 53 2b 20 20 20 20 31 3a 34 37 50 | v0 S+ 1:47P| 00000590 4d 20 30 3a 30 30 2e 30 30 20 73 68 20 2f 65 74 |M 0:00.00 sh /et| 000005a0 63 2f 72 63 20 61 75 74 6f 62 6f 6f 74 0a 72 6f |c/rc autoboot.ro| 000005b0 6f 74 20 20 34 31 20 20 30 2e 30 20 20 30 2e 31 |ot 41 0.0 0.1| 000005c0 20 31 34 35 30 34 20 31 39 35 36 20 76 30 20 20 | 14504 1956 v0 | 000005d0 53 2b 20 20 20 20 31 3a 34 37 50 4d 20 30 3a 30 |S+ 1:47PM 0:0| 000005e0 30 2e 30 30 20 73 68 20 2f 65 74 63 2f 72 63 20 |0.00 sh /etc/rc | 000005f0 61 75 74 6f 62 6f 6f 74 0a 72 6f 6f 74 20 20 34 |autoboot.root 4| 00000600 32 20 20 30 2e 30 20 20 30 2e 31 20 31 34 35 30 |2 0.0 0.1 1450| 00000610 34 20 31 39 35 36 20 76 30 20 20 44 2b 20 20 20 |4 1956 v0 D+ | 00000620 20 31 3a 34 37 50 4d 20 30 3a 30 30 2e 30 30 20 | 1:47PM 0:00.00 | 00000630 73 68 20 2f 65 74 63 2f 72 63 20 61 75 74 6f 62 |sh /etc/rc autob| 00000640 6f 6f 74 0a 72 6f 6f 74 20 20 34 33 20 20 30 2e |oot.root 43 0.| 00000650 30 20 20 30 2e 30 20 31 34 31 38 38 20 31 36 35 |0 0.0 14188 165| 00000660 36 20 76 30 20 20 52 2b 20 20 20 20 31 3a 34 37 |6 v0 R+ 1:47| 00000670 50 4d 20 30 3a 30 30 2e 30 30 20 70 73 20 2d 66 |PM 0:00.00 ps -f| 00000680 61 75 78 77 77 0a 6b 65 72 6e 2e 6f 73 74 79 70 |auxww.kern.ostyp| 00000690 65 3a 20 46 72 65 65 42 53 44 0a 6b 65 72 6e 2e |e: FreeBSD.kern.| 000006a0 6f 73 72 65 6c 65 61 73 65 3a 20 39 2e 30 2d 53 |osrelease: 9.0-S| 000006b0 54 41 42 4c 45 0a 6b 65 72 6e 2e 6f 73 72 65 76 |TABLE.kern.osrev| 000006c0 69 73 69 6f 6e 3a 20 31 39 39 35 30 36 0a 6b 65 |ision: 199506.ke| 000006d0 72 6e 2e 76 65 72 73 69 6f 6e 3a 20 46 72 65 65 |rn.version: Free| 000006e0 42 53 44 20 39 2e 30 2d 53 54 41 42 4c 45 20 23 |BSD 9.0-STABLE #| 000006f0 37 20 72 32 33 38 31 34 34 4d 3a 20 46 72 69 20 |7 r238144M: Fri | 00000700 4a 75 6c 20 20 36 20 32 31 3a 33 31 3a 31 38 20 |Jul 6 21:31:18 | 00000710 50 44 54 20 32 30 31 32 0a 20 20 20 20 72 6f 6f |PDT 2012. roo| 00000720 74 40 69 6f 74 61 2e 6a 6e 70 72 2e 6e 65 74 3a |t@iota.jnpr.net:| 00000730 2f 75 73 72 2f 6f 62 6a 2f 75 73 72 2f 73 72 63 |/usr/obj/usr/src| 00000740 2f 73 79 73 2f 47 45 4e 45 52 49 43 0a 0a 6b 65 |/sys/GENERIC..ke| 00000750 72 6e 2e 6d 61 78 76 6e 6f 64 65 73 3a 20 31 33 |rn.maxvnodes: 13| 00000760 34 39 36 35 0a 6b 65 72 6e 2e 6d 61 78 70 72 6f |4965.kern.maxpro| 00000770 63 3a 20 36 31 36 34 0a 6b 65 72 6e 2e 6d 61 78 |c: 6164.kern.max| 00000780 66 69 6c 65 73 3a 20 31 32 33 32 38 0a 6b 65 72 |files: 12328.ker| 00000790 6e 2e 61 72 67 6d 61 78 3a 20 32 36 32 31 34 34 |n.argmax: 262144| 000007a0 0a 6b 65 72 6e 2e 73 65 63 75 72 65 6c 65 76 65 |.kern.secureleve| 000007b0 6c 3a 20 2d 31 0a 6b 65 72 6e 2e 68 6f 73 74 6e |l: -1.kern.hostn| 000007c0 61 6d 65 3a 20 0a 6b 65 72 6e 2e 68 6f 73 74 69 |ame: .kern.hosti| 000007d0 64 3a 20 36 34 30 31 34 31 31 37 32 0a 6b 65 72 |d: 640141172.ker| 000007e0 6e 2e 63 6c 6f 63 6b 72 61 74 65 3a 20 7b 20 68 |n.clockrate: { h| 000007f0 7a 20 3d 20 31 30 30 30 2c 20 74 69 63 6b 20 3d |z = 1000, tick =| 00000800 20 31 30 30 30 2c 20 70 72 6f 66 68 7a 20 3d 20 | 1000, profhz = | 00000810 38 31 32 36 2c 20 73 74 61 74 68 7a 20 3d 20 31 |8126, stathz = 1| 00000820 32 37 20 7d 0a 6b 65 72 6e 2e 70 6f 73 69 78 31 |27 }.kern.posix1| 00000830 76 65 72 73 69 6f 6e 3a 20 32 30 30 31 31 32 0a |version: 200112.| 00000840 6b 65 72 6e 2e 6e 67 72 6f 75 70 73 3a 20 31 30 |kern.ngroups: 10| 00000850 32 33 0a 6b 65 72 6e 2e 6a 6f 62 5f 63 6f 6e 74 |23.kern.job_cont| 00000860 72 6f 6c 3a 20 31 0a 6b 65 72 6e 2e 73 61 76 65 |rol: 1.kern.save| 00000870 64 5f 69 64 73 3a 20 30 0a 6b 65 72 6e 2e 62 6f |d_ids: 0.kern.bo| 00000880 6f 74 74 69 6d 65 3a 20 7b 20 73 65 63 20 3d 20 |ottime: { sec = | 00000890 31 33 34 37 30 35 30 38 33 35 2c 20 75 73 65 63 |1347050835, usec| 000008a0 20 3d 20 31 37 39 33 33 32 20 7d 20 46 72 69 20 | = 179332 } Fri | 000008b0 53 65 70 20 20 37 20 31 33 3a 34 37 3a 31 35 20 |Sep 7 13:47:15 | 000008c0 32 30 31 32 0a 6b 65 72 6e 2e 64 6f 6d 61 69 6e |2012.kern.domain| 000008d0 6e 61 6d 65 3a 20 0a 6b 65 72 6e 2e 6f 73 72 65 |name: .kern.osre| 000008e0 6c 64 61 74 65 3a 20 39 30 30 35 30 36 0a 6b 65 |ldate: 900506.ke| 000008f0 72 6e 2e 62 6f 6f 74 66 69 6c 65 3a 20 2f 62 6f |rn.bootfile: /bo| 00000900 6f 74 2f 6b 65 72 6e 65 6c 2f 6b 65 72 6e 65 6c |ot/kernel/kernel| 00000910 0a 6b 65 72 6e 2e 6d 61 78 66 69 6c 65 73 70 65 |.kern.maxfilespe| 00000920 72 70 72 6f 63 3a 20 31 31 30 39 35 0a 6b 65 72 |rproc: 11095.ker| 00000930 6e 2e 6d 61 78 70 72 6f 63 70 65 72 75 69 64 3a |n.maxprocperuid:| 00000940 20 35 35 34 37 0a 6b 65 72 6e 2e 69 70 63 2e 6d | 5547.kern.ipc.m| 00000950 61 78 73 6f 63 6b 62 75 66 3a 20 32 30 39 37 31 |axsockbuf: 20971| 00000960 35 32 0a 6b 65 72 6e 2e 69 70 63 2e 73 6f 63 6b |52.kern.ipc.sock| 00000970 62 75 66 5f 77 61 73 74 65 5f 66 61 63 74 6f 72 |buf_waste_factor| 00000980 3a 20 38 0a 6b 65 72 6e 2e 69 70 63 2e 73 6f 6d |: 8.kern.ipc.som| 00000990 61 78 63 6f 6e 6e 3a 20 31 32 38 0a 6b 65 72 6e |axconn: 128.kern| 000009a0 2e 69 70 63 2e 6d 61 78 5f 6c 69 6e 6b 68 64 72 |.ipc.max_linkhdr| 000009b0 3a 20 31 36 0a 6b 65 72 6e 2e 69 70 63 2e 6d 61 |: 16.kern.ipc.ma| 000009c0 78 5f 70 72 6f 74 6f 68 64 72 3a 20 36 30 0a 6b |x_protohdr: 60.k| 000009d0 65 72 6e 2e 69 70 63 2e 6d 61 78 5f 68 64 72 3a |ern.ipc.max_hdr:| 000009e0 20 37 36 0a 6b 65 72 6e 2e 69 70 63 2e 6d 61 78 | 76.kern.ipc.max| 000009f0 5f 64 61 74 61 6c 65 6e 3a 20 39 32 0a 6b 65 72 |_datalen: 92.ker| 00000a00 6e 2e 69 70 63 2e 6e 6d 62 6a 75 6d 62 6f 31 36 |n.ipc.nmbjumbo16| 00000a10 3a 20 33 32 30 30 0a 6b 65 72 6e 2e 69 70 63 2e |: 3200.kern.ipc.| 00000a20 6e 6d 62 6a 75 6d 62 6f 39 3a 20 36 34 30 30 0a |nmbjumbo9: 6400.| 00000a30 6b 65 72 6e 2e 69 70 63 2e 6e 6d 62 6a 75 6d 62 |kern.ipc.nmbjumb| 00000a40 6f 70 3a 20 31 32 38 30 30 0a 6b 65 72 6e 2e 69 |op: 12800.kern.i| 00000a50 70 63 2e 6e 6d 62 63 6c 75 73 74 65 72 73 3a 20 |pc.nmbclusters: | 00000a60 32 35 36 30 30 0a 6b 65 72 6e 2e 69 70 63 2e 70 |25600.kern.ipc.p| 00000a70 69 70 65 72 65 73 69 7a 65 61 6c 6c 6f 77 65 64 |iperesizeallowed| 00000a80 3a 20 31 0a 6b 65 72 6e 2e 69 70 63 2e 70 69 70 |: 1.kern.ipc.pip| 00000a90 65 72 65 73 69 7a 65 66 61 69 6c 3a 20 30 0a 6b |eresizefail: 0.k| 00000aa0 65 72 6e 2e 69 70 63 2e 70 69 70 65 61 6c 6c 6f |ern.ipc.pipeallo| 00000ab0 63 66 61 69 6c 3a 20 30 0a 6b 65 72 6e 2e 69 70 |cfail: 0.kern.ip| 00000ac0 63 2e 70 69 70 65 66 72 61 67 72 65 74 72 79 3a |c.pipefragretry:| 00000ad0 20 30 0a 6b 65 72 6e 2e 69 70 63 2e 70 69 70 65 | 0.kern.ipc.pipe| 00000ae0 6b 76 61 3a 20 31 36 33 38 34 0a 6b 65 72 6e 2e |kva: 16384.kern.| 00000af0 69 70 63 2e 6d 61 78 70 69 70 65 7f 45 4c 46 02 |ipc.maxpipe.ELF.| 00000b00 01 01 09 00 00 00 00 00 00 00 00 02 00 3e 00 01 |.............>..| 00000b10 00 00 00 50 1d 40 00 00 00 00 00 40 00 00 00 00 |...P.@.....@....| 00000b20 00 00 00 f0 76 00 00 00 00 00 00 00 00 00 00 40 |...Пv..........@| 00000b30 00 38 00 08 00 40 00 1b 00 1a 00 06 00 00 00 05 |.8...@..........| 00000b40 00 00 00 40 00 00 00 00 00 00 00 40 00 40 00 00 |...@.......@.@..| 00000b50 00 00 00 40 00 40 00 00 00 00 00 c0 01 00 00 00 |...@.@.....ю....| 00000b60 00 00 00 c0 01 00 00 00 00 00 00 08 00 00 00 00 |...ю............| 00000b70 00 00 00 03 00 00 00 04 00 00 00 00 02 00 00 00 |................| 00000b80 00 00 00 00 02 40 00 00 00 00 00 00 02 40 00 00 |.....@.......@..| 00000b90 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 00 |................| 00000ba0 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 05 |................| 00000bb0 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 |.............@..| 00000bc0 00 00 00 00 00 40 00 00 00 00 00 bc 69 00 00 00 |.....@.....╪i...| 00000bd0 00 00 00 bc 69 00 00 00 00 00 00 00 00 20 00 00 |...╪i........ ..| 00000be0 00 00 00 01 00 00 00 06 00 00 00 00 70 00 00 00 |............p...| 00000bf0 00 00 00 00 70 60 00 00 00 00 00 00 70 60 00 00 |....p`......p`..| 00000c00 00 00 00 88 04 00 00 00 00 00 00 60 17 00 00 00 |...┬.......`....| 00000c10 00 00 00 00 00 20 00 00 00 00 00 02 00 00 00 06 |..... ..........| 00000c20 00 00 00 28 70 00 00 00 00 00 00 28 70 60 00 00 |...(p......(p`..| 00000c30 00 00 00 28 70 60 00 00 00 00 00 b0 01 00 00 00 |...(p`.....╟....| 00000c40 00 00 00 b0 01 00 00 00 00 00 00 08 00 00 00 00 |...╟............| 00000c50 00 00 00 04 00 00 00 04 00 00 00 18 02 00 00 00 |................| 00000c60 00 00 00 18 02 40 00 00 00 00 00 18 02 40 00 00 |.....@.......@..| 00000c70 00 00 00 18 00 00 00 00 00 00 00 18 00 00 00 00 |................| 00000c80 00 00 00 04 00 00 00 00 00 00 00 50 e5 74 64 04 |...........PЕtd.| 00000c90 00 00 00 84 63 00 00 00 00 00 00 84 63 40 00 00 |...└c......└c@..| 00000ca0 00 00 00 84 63 40 00 00 00 00 00 34 01 00 00 00 |...└c@.....4....| 00000cb0 00 00 00 34 01 00 00 00 00 00 00 04 00 00 00 00 |...4............| 00000cc0 00 00 00 51 e5 74 64 06 00 00 00 00 00 00 00 00 |...QЕtd.........| 00000cd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000cf0 00 00 00 08 00 00 00 00 00 00 00 2f 6c 69 62 65 |.........../libe| 00000d00 78 65 63 2f 6c 64 2d 65 6c 66 2e 73 6f 2e 31 00 |xec/ld-elf.so.1.| 00000d10 00 00 00 08 00 00 00 04 00 00 00 01 00 00 00 46 |...............F| 00000d20 72 65 65 42 53 44 00 9a bd 0d 00 43 00 00 00 59 |reeBSD. ╫..C...Y| 00000d30 00 00 00 41 00 00 00 0c 00 00 00 2e 00 00 00 00 |...A............| 00000d40 00 00 00 55 00 00 00 47 00 00 00 00 00 00 00 2c |...U...G.......,| 00000d50 00 00 00 16 00 00 00 45 00 00 00 50 00 00 00 34 |.......E...P...4| 00000d60 00 00 00 00 00 00 00 58 00 00 00 24 00 00 00 48 |.......X...$...H| 00000d70 00 00 00 54 00 00 00 00 00 00 00 46 00 00 00 43 |...T.......F...C| 00000d80 00 00 00 39 00 00 00 31 00 00 00 05 00 00 00 0a |...9...1........| 00000d90 00 00 00 06 00 00 00 00 00 00 00 56 00 00 00 3c |...........V...<| 00000da0 00 00 00 0f 00 00 00 44 00 00 00 00 00 00 00 00 |.......D........| 00000db0 00 00 00 4d 00 00 00 35 00 00 00 57 00 00 00 3b |...M...5...W...;| 00000dc0 00 00 00 00 00 00 00 00 00 00 00 4e 00 00 00 00 |...........N....| 00000dd0 00 00 00 23 00 00 00 00 00 00 00 40 00 00 00 49 |...#.......@...I| 00000de0 00 00 00 20 00 00 00 21 00 00 00 33 00 00 00 3a |... ...!...3...:| 00000df0 00 00 00 38 00 00 00 42 00 00 00 53 00 00 00 3e |...8...B...S...>| 00000e00 00 00 00 00 00 00 00 22 00 00 00 0e 00 00 00 3d |.......".......=| 00000e10 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 52 |...2...........R| 00000e20 00 00 00 00 00 00 00 51 00 00 00 01 00 00 00 00 |.......Q........| 00000e30 00 00 00 36 00 00 00 4c 00 00 00 00 00 00 00 00 |...6...L........| 00000e40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000e50 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000e60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000e80 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000e90 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 |................| 00000ea0 00 00 00 00 00 00 00 00 00 00 00 15 00 00 00 07 |................| 00000eb0 00 00 00 17 00 00 00 09 00 00 00 1b 00 00 00 04 |................| 00000ec0 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000ed0 00 00 00 00 00 00 00 00 00 00 00 1d 00 00 00 00 |................| 00000ee0 00 00 00 26 00 00 00 1f 00 00 00 00 00 00 00 11 |...&............| 00000ef0 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000f00 00 00 00 00 00 00 00 27 00 00 00 00 00 00 00 00 |.......'........| 00000f10 00 00 00 0d 00 00 00 1c 00 00 00 00 00 00 00 00 |................| 00000f20 00 00 00 0b 00 00 00 00 00 00 00 30 00 00 00 00 |...........0....| 00000f30 00 00 00 2b 00 00 00 1a 00 00 00 1e 00 00 00 00 |...+............| 00000f40 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00 2d |.......7.......-| 00000f50 00 00 00 08 00 00 00 29 00 00 00 00 00 00 00 3f |.......).......?| 00000f60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a |...............*| 00000f70 00 00 00 19 00 00 00 4a 00 00 00 28 00 00 00 00 |.......J...(....| 00000f80 00 00 00 10 00 00 00 4b 00 00 00 00 00 00 00 25 |.......K.......%| 00000f90 00 00 00 13 00 00 00 00 00 00 00 4f 00 00 00 2f |...........O.../| 00000fa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000fb0 00 00 00 00 00 00 00 00 00 00 00 3a 01 00 00 12 |...........:....| 00000fc0 00 00 00 00 00 00 00 00 00 00 00 21 01 00 00 00 |...........!....| 00000fd0 00 00 00 cf 02 00 00 12 00 00 00 00 00 00 00 00 |...о............| 00000fe0 00 00 00 15 00 00 00 00 00 00 00 7f 02 00 00 11 |................| 00000ff0 00 18 00 a0 74 60 00 00 00 00 00 08 00 00 00 00 |...═t`..........| 00001000 00 00 00 09 01 00 00 12 00 00 00 00 00 00 00 00 |................| 00001010 00 00 00 1b 00 00 00 00 00 00 00 45 02 00 00 11 |...........E....| 00001020 00 18 00 a8 74 60 00 00 00 00 00 04 00 00 00 00 |...╗t`..........| 00001030 00 00 00 08 02 00 00 12 00 00 00 00 00 00 00 00 |................| 00001040 00 00 00 18 01 00 00 00 00 00 00 ae 00 00 00 12 |...........╝....| 00001050 00 00 00 00 00 00 00 00 00 00 00 0f 01 00 00 00 |................| 00001060 00 00 00 74 01 00 00 12 00 00 00 00 00 00 00 00 |...t............| 00001070 00 00 00 8f 02 00 00 00 00 00 00 5a 02 00 00 12 |...▐.......Z....| 00001080 00 00 00 00 00 00 00 00 00 00 00 45 00 00 00 00 |...........E....| 00001090 00 00 00 20 01 00 00 12 00 00 00 00 00 00 00 00 |... ............| 000010a0 00 00 00 00 00 00 00 00 00 00 00 85 00 00 00 12 |...........┘....| 000010b0 00 00 00 00 00 00 00 00 00 00 00 89 00 00 00 00 |...........┴....| 000010c0 00 00 00 0e 00 00 00 20 00 00 00 00 00 00 00 00 |....... ........| 000010d0 00 00 00 00 00 00 00 00 00 00 00 12 02 00 00 12 |................| 000010e0 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 |...........·....| 000010f0 00 00 00 a0 02 00 00 12 00 00 00 00 00 00 00 00 |...═............| 00001100 00 00 00 2b 01 00 00 00 00 00 00 15 01 00 00 11 |...+............| 00001110 00 17 00 30 74 60 00 00 00 00 00 08 00 00 00 00 |...0t`..........| 00001120 00 00 00 22 00 00 00 12 00 0d 00 24 5e 40 00 00 |...".......$^@..| 00001130 00 00 00 00 00 00 00 00 00 00 00 91 02 00 00 12 |...........▒....| 00001140 00 00 00 00 00 00 00 00 00 00 00 a2 00 00 00 00 |...........╒....| 00001150 00 00 00 01 02 00 00 12 00 00 00 00 00 00 00 00 |................| 00001160 00 00 00 3c 00 00 00 00 00 00 00 c3 00 00 00 12 |...<.......ц....| 00001170 00 00 00 00 00 00 00 00 00 00 00 2d 01 00 00 00 |...........-....| 00001180 00 00 00 8d 01 00 00 12 00 00 00 00 00 00 00 00 |...█............| 00001190 00 00 00 2f 00 00 00 00 00 00 00 8e 00 00 00 11 |.../.......▌....| 000011a0 00 18 00 ac 74 60 00 00 00 00 00 04 00 00 00 00 |...╛t`..........| 000011b0 00 00 00 01 03 00 00 12 00 00 00 00 00 00 00 00 |................| 000011c0 00 00 00 45 00 00 00 00 00 00 00 18 02 00 00 12 |...E............| 000011d0 00 00 00 00 00 00 00 00 00 00 00 aa 00 00 00 00 |...........╙....| 000011e0 00 00 00 db 02 00 00 12 00 00 00 00 00 00 00 00 |...ш............| 000011f0 00 00 00 30 00 00 00 00 00 00 00 f5 02 00 00 12 |...0.......У....| 00001200 00 00 00 00 00 00 00 00 00 00 00 a8 00 00 00 00 |...........╗....| 00001210 00 00 00 df 00 00 00 11 00 18 00 c0 74 60 00 00 |...ъ.......юt`..| 00001220 00 00 00 80 10 00 00 00 00 00 00 6d 02 00 00 12 |...─.......m....| 00001230 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 |................| 00001240 00 00 00 e4 02 00 00 12 00 00 00 00 00 00 00 00 |...Д............| 00001250 00 00 00 55 00 00 00 00 00 00 00 90 02 00 00 12 |...U.......░....| 00001260 00 00 00 00 00 00 00 00 00 00 00 d9 00 00 00 00 |...........ы....| 00001270 00 00 00 ad 02 00 00 12 00 00 00 00 00 00 00 00 |...╜............| 00001280 00 00 00 ad 02 00 00 00 00 00 00 9c 01 00 00 12 |...╜.......°....| 00001290 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 00 |...........(....| 000012a0 00 00 00 4e 00 00 00 12 00 00 00 00 00 00 00 00 |...N............| 000012b0 00 00 00 3e 06 00 00 00 00 00 00 7d 01 00 00 12 |...>.......}....| 000012c0 00 00 00 00 00 00 00 00 00 00 00 f4 00 00 00 00 |...........Т....| 000012d0 00 00 00 c6 02 00 00 12 00 00 00 00 00 00 00 00 |...ф............| 000012e0 00 00 00 15 00 00 00 00 00 00 00 1c 02 00 00 16 |................| 000012f0 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 |................| 00001300 00 00 00 fa 02 00 00 12 00 00 00 00 00 00 00 00 |...З............| 00001310 00 00 00 5f 00 00 00 00 00 00 00 89 02 00 00 12 |..._.......┴....| 00001320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00001330 00 00 00 ea 01 00 00 12 00 00 00 00 00 00 00 00 |...Й............| 00001340 00 00 00 0c 00 00 00 00 00 00 00 84 01 00 00 12 |...........└....| 00001350 00 00 00 00 00 00 00 00 00 00 00 b8 01 00 00 00 |...........╦....| 00001360 00 00 00 2e 02 00 00 12 00 00 00 00 00 00 00 00 |................| 00001370 00 00 00 90 00 00 00 00 00 00 00 13 02 00 00 12 |...░............| 00001380 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 |...........·....| 00001390 00 00 00 41 01 00 00 12 00 00 00 00 00 00 00 00 |...A............| 000013a0 00 00 00 00 00 00 00 00 00 00 00 56 00 00 00 12 |...........V....| 000013b0 00 00 00 00 00 00 00 00 00 00 00 d6 03 00 00 00 |...........ж....| 000013c0 00 00 00 dd 01 00 00 11 00 18 00 40 85 60 00 00 |...щ.......@┘`..| 000013d0 00 00 00 04 00 00 00 00 00 00 00 be 01 00 00 12 |...........╬....| 000013e0 00 00 00 00 00 00 00 00 00 00 00 95 00 00 00 00 |...........∙....| 000013f0 00 00 00 fa 00 00 00 12 00 00 00 00 00 00 00 00 |...З............| 00001400 00 00 00 0f 01 00 00 00 00 00 00 7d 00 00 00 12 |...........}....| 00001410 00 00 00 00 00 00 00 00 00 00 00 61 00 00 00 00 |...........a....| 00001420 00 00 00 94 01 00 00 12 00 00 00 00 00 00 00 00 |...■............| 00001430 00 00 00 f8 02 00 00 00 00 00 00 89 00 00 00 12 |...Ь.......┴....| 00001440 00 00 00 00 00 00 00 00 00 00 00 35 00 00 00 00 |...........5....| 00001450 00 00 00 61 01 00 00 12 00 00 00 00 00 00 00 00 |...a............| 00001460 00 00 00 05 00 00 00 00 00 00 00 28 00 00 00 12 |...........(....| 00001470 00 00 00 00 00 00 00 00 00 00 00 01 04 00 00 00 |................| 00001480 00 00 00 6e 01 00 00 12 00 00 00 00 00 00 00 00 |...n............| 00001490 00 00 00 00 00 00 00 00 00 00 00 35 02 00 00 12 |...........5....| 000014a0 00 00 00 00 00 00 00 00 00 00 00 76 00 00 00 00 |...........v....| 000014b0 00 00 00 c4 01 00 00 12 00 00 00 00 00 00 00 00 |...д............| 000014c0 00 00 00 0c 00 00 00 00 00 00 00 27 03 00 00 10 |...........'....| 000014d0 00 f1 ff 88 74 60 00 00 00 00 00 00 00 00 00 00 |.ЯЪ┬t`..........| 000014e0 00 00 00 b4 02 00 00 12 00 00 00 00 00 00 00 00 |...╢............| 000014f0 00 00 00 ea 00 00 00 00 00 00 00 d5 01 00 00 12 |...Й.......у....| 00001500 00 00 00 00 00 00 00 00 00 00 00 89 00 00 00 00 |...........┴....| 00001510 00 00 00 77 02 00 00 11 00 18 00 c8 86 60 00 00 |...w.......х├`..| 00001520 00 00 00 08 00 00 00 00 00 00 00 f2 00 00 00 12 |...........Р....| 00001530 00 00 00 00 00 00 00 00 00 00 00 8f 10 00 00 00 |...........▐....| 00001540 00 00 00 4c 02 00 00 12 00 00 00 00 00 00 00 00 |...L............| 00001550 00 00 00 08 00 00 00 00 00 00 00 eb 02 00 00 12 |...........К....| 00001560 00 00 00 00 00 00 00 00 00 00 00 88 03 00 00 00 |...........┬....| 00001570 00 00 00 0d 03 00 00 11 00 18 00 48 85 60 00 00 |...........H┘`..| 00001580 00 00 00 08 00 00 00 00 00 00 00 54 01 00 00 12 |...........T....| 00001590 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 |................| 000015a0 00 00 00 5c 00 00 00 12 00 00 00 00 00 00 00 00 |...\............| 000015b0 00 00 00 e1 03 00 00 00 00 00 00 74 00 00 00 12 |...А.......t....| 000015c0 00 00 00 00 00 00 00 00 00 00 00 21 02 00 00 00 |...........!....| 000015d0 00 00 00 54 02 00 00 12 00 00 00 00 00 00 00 00 |...T............| 000015e0 00 00 00 9a 00 00 00 00 00 00 00 9c 00 00 00 11 |... .......°....| 000015f0 00 18 00 60 85 60 00 00 00 00 00 40 00 00 00 00 |...`┘`.....@....| 00001600 00 00 00 33 03 00 00 10 00 f1 ff 60 87 60 00 00 |...3.....ЯЪ`┤`..| 00001610 00 00 00 00 00 00 00 00 00 00 00 a4 01 00 00 12 |...........╓....| 00001620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00001630 00 00 00 66 02 00 00 12 00 00 00 00 00 00 00 00 |...f............| 00001640 00 00 00 54 00 00 00 00 00 00 00 14 03 00 00 12 |...T............| 00001650 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 |................| 00001660 00 00 00 33 01 00 00 12 00 00 00 00 00 00 00 00 |...3............| 00001670 00 00 00 93 00 00 00 00 00 00 00 ab 01 00 00 11 |...⌠.......╚....| 00001680 00 18 00 a0 85 60 00 00 00 00 00 08 00 00 00 00 |...═┘`..........| 00001690 00 00 00 bc 00 00 00 12 00 00 00 00 00 00 00 00 |...╪............| 000016a0 00 00 00 85 01 00 00 00 00 00 00 8f 01 00 00 12 |...┘.......▐....| 000016b0 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 00 |.........../....| 000016c0 00 00 00 1b 03 00 00 12 00 00 00 00 00 00 00 00 |................| 000016d0 00 00 00 00 00 00 00 00 00 00 00 c4 00 00 00 12 |...........д....| 000016e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000016f0 00 00 00 d3 00 00 00 12 00 00 00 00 00 00 00 00 |...с............| 00001700 00 00 00 8a 00 00 00 00 00 00 00 62 00 00 00 12 |...┼.......b....| 00001710 00 00 00 00 00 00 00 00 00 00 00 63 01 00 00 00 |...........c....| 00001720 00 00 00 20 03 00 00 10 00 f1 ff 88 74 60 00 00 |... .....ЯЪ┬t`..| 00001730 00 00 00 00 00 00 00 00 00 00 00 4f 01 00 00 12 |...........O....| 00001740 00 00 00 00 00 00 00 00 00 00 00 0d 07 00 00 00 |................| 00001750 00 00 00 ca 00 00 00 12 00 00 00 00 00 00 00 00 |...й............| 00001760 00 00 00 d8 04 00 00 00 00 00 00 4b 01 00 00 12 |...ь.......K....| 00001770 00 00 00 00 00 00 00 00 00 00 00 1e 00 00 00 00 |................| 00001780 00 00 00 29 01 00 00 11 00 18 00 c0 85 60 00 00 |...).......ю┘`..| 00001790 00 00 00 08 00 00 00 00 00 00 00 d4 02 00 00 12 |...........т....| 000017a0 00 00 00 00 00 00 00 00 00 00 00 29 00 00 00 00 |...........)....| 000017b0 00 00 00 38 00 00 00 12 00 0a 00 c8 18 40 00 00 |...8.......х.@..| 000017c0 00 00 00 00 00 00 00 00 00 00 00 55 02 00 00 12 |...........U....| 000017d0 00 00 00 00 00 00 00 00 00 00 00 d2 00 00 00 00 |...........р....| 000017e0 00 00 00 98 02 00 00 12 00 00 00 00 00 00 00 00 |...≤............| 000017f0 00 00 00 e6 00 00 00 00 00 00 00 00 6c 69 62 75 |...Ф........libu| 00001800 74 69 6c 2e 73 6f 2e 39 00 5f 4a 76 5f 52 65 67 |til.so.9._Jv_Reg| 00001810 69 73 74 65 72 43 6c 61 73 73 65 73 00 5f 66 69 |isterClasses._fi| 00001820 6e 69 00 68 75 6d 61 6e 69 7a 65 5f 6e 75 6d 62 |ni.humanize_numb| 00001830 65 72 00 5f 69 6e 69 74 00 6c 69 62 6e 63 75 72 |er._init.libncur| 00001840 73 65 73 2e 73 6f 2e 38 00 74 67 65 74 65 6e 74 |ses.so.8.tgetent| 00001850 00 74 70 75 74 73 00 74 67 6f 74 6f 00 74 67 65 |.tputs.tgoto.tge| 00001860 74 73 74 72 00 6c 69 62 63 2e 73 6f 2e 37 00 67 |tstr.libc.so.7.g| 00001870 65 74 62 73 69 7a 65 00 73 74 72 63 6f 6c 6c 00 |etbsize.strcoll.| 00001880 73 74 72 66 74 69 6d 65 00 5f 5f 6d 62 5f 73 62 |strftime.__mb_sb| 00001890 5f 6c 69 6d 69 74 00 5f 5f 73 74 61 63 6b 5f 63 |_limit.__stack_c| 000018a0 68 6b 5f 67 75 61 72 64 00 75 73 65 72 5f 66 72 |hk_guard.user_fr| 000018b0 6f 6d 5f 75 69 64 00 67 65 74 65 6e 76 00 66 77 |om_uid.getenv.fw| 000018c0 72 69 74 65 00 66 74 73 5f 72 65 61 64 00 66 66 |rite.fts_read.ff| 000018d0 6c 61 67 73 74 6f 73 74 72 00 5f 44 65 66 61 75 |lagstostr._Defau| 000018e0 6c 74 52 75 6e 65 4c 6f 63 61 6c 65 00 72 65 61 |ltRuneLocale.rea| 000018f0 6c 6c 6f 63 00 67 72 6f 75 70 5f 66 72 6f 6d 5f |lloc.group_from_| 00001900 67 69 64 00 6d 61 63 5f 74 6f 5f 74 65 78 74 00 |gid.mac_to_text.| 00001910 5f 5f 70 72 6f 67 6e 61 6d 65 00 72 65 61 64 6c |__progname.readl| 00001920 69 6e 6b 00 5f 5f 73 74 64 65 72 72 70 00 73 65 |ink.__stderrp.se| 00001930 74 65 6e 76 00 6d 61 6c 6c 6f 63 00 6c 70 61 74 |tenv.malloc.lpat| 00001940 68 63 6f 6e 66 00 6d 61 63 5f 66 72 65 65 00 6d |hconf.mac_free.m| 00001950 61 63 5f 67 65 74 5f 66 69 6c 65 00 6d 61 63 5f |ac_get_file.mac_| 00001960 67 65 74 5f 6c 69 6e 6b 00 69 6f 63 74 6c 00 66 |get_link.ioctl.f| 00001970 74 73 5f 6f 70 65 6e 00 73 74 72 6c 65 6e 00 73 |ts_open.strlen.s| 00001980 6e 70 72 69 6e 74 66 00 61 74 65 78 69 74 00 73 |nprintf.atexit.s| 00001990 74 72 6d 6f 64 65 00 66 74 73 5f 73 65 74 00 67 |trmode.fts_set.g| 000019a0 65 74 70 69 64 00 5f 43 75 72 72 65 6e 74 52 75 |etpid._CurrentRu| 000019b0 6e 65 4c 6f 63 61 6c 65 00 77 61 72 6e 78 00 5f |neLocale.warnx._| 000019c0 5f 73 74 61 63 6b 5f 63 68 6b 5f 66 61 69 6c 00 |_stack_chk_fail.| 000019d0 6d 62 72 74 6f 77 63 00 5f 5f 69 73 74 68 72 65 |mbrtowc.__isthre| 000019e0 61 64 65 64 00 6d 61 63 5f 70 72 65 70 61 72 65 |aded.mac_prepare| 000019f0 5f 66 69 6c 65 5f 6c 61 62 65 6c 00 69 73 61 74 |_file_label.isat| 00001a00 74 79 00 6c 6f 63 61 6c 74 69 6d 65 00 66 70 75 |ty.localtime.fpu| 00001a10 74 63 00 65 72 72 00 5f 54 68 72 65 61 64 52 75 |tc.err._ThreadRu| 00001a20 6e 65 4c 6f 63 61 6c 65 00 73 73 63 61 6e 66 00 |neLocale.sscanf.| 00001a30 61 63 6c 5f 67 65 74 5f 6c 69 6e 6b 5f 6e 70 00 |acl_get_link_np.| 00001a40 6f 70 74 69 6e 64 00 5f 5f 65 72 72 6f 72 00 66 |optind.__error.f| 00001a50 70 75 74 73 00 5f 5f 5f 72 75 6e 65 74 79 70 65 |puts.___runetype| 00001a60 00 6d 65 6d 73 65 74 00 5f 69 6e 69 74 5f 74 6c |.memset._init_tl| 00001a70 73 00 65 6e 76 69 72 6f 6e 00 5f 5f 73 74 64 6f |s.environ.__stdo| 00001a80 75 74 70 00 67 65 74 75 69 64 00 66 70 72 69 6e |utp.getuid.fprin| 00001a90 74 66 00 5f 5f 73 77 62 75 66 00 66 74 73 5f 63 |tf.__swbuf.fts_c| 00001aa0 68 69 6c 64 72 65 6e 00 67 65 74 6f 70 74 00 61 |hildren.getopt.a| 00001ab0 63 6c 5f 69 73 5f 74 72 69 76 69 61 6c 5f 6e 70 |cl_is_trivial_np| 00001ac0 00 61 63 6c 5f 66 72 65 65 00 61 74 6f 69 00 73 |.acl_free.atoi.s| 00001ad0 74 72 63 68 72 00 73 74 72 65 72 72 6f 72 00 73 |trchr.strerror.s| 00001ae0 74 72 64 75 70 00 73 65 74 6c 6f 63 61 6c 65 00 |trdup.setlocale.| 00001af0 77 61 72 6e 00 73 69 67 6e 61 6c 59 59 59 59 0a |warn.signalYYYY.| 00001b00 67 ad de 45 66 58 32 37 76 4d 99 62 59 11 6e 2b |g╜чEfX27vM≥bY.n+| 00001b10 50 82 2c cb 10 84 23 b6 da 34 3a e3 d3 be 86 60 |P┌,к.└#╤з4:Цс╬├`| 00001b20 1e 66 be db 61 9e 71 b9 52 86 e8 0a 71 00 1c 7a |.f╬шa·q╧R├Х.q..z| 00001b30 3d a0 ff 5d 50 da 6f a9 38 92 84 7f 21 72 20 32 |=═Ъ]Pзo╘8▓└.!r 2| 00001b40 74 9a b4 7e 76 58 8d 3a ac b4 b3 4c 3a c4 d9 d4 |t ╢~vX█:╛╢ЁL:дыт| 00001b50 04 92 8b 98 6e a9 37 bb e0 e4 26 54 8d 4f b6 d7 |.▓▀≤n╘7╩ЮД&T█O╤в| 00001b60 ca 8f 84 12 a2 23 99 01 5d ae 75 66 b4 6f 01 d1 |й▐└.╒#≥.]╝uf╢o.я| 00001b70 98 c9 5a c9 43 59 da 72 41 62 78 96 5d 7a 8c e8 |≤иZиCYзrAbx√]z▄Х| 00001b80 94 69 d2 21 bd 3c 9f 68 d4 ad 32 d7 f6 3d e0 38 |■iр!╫<÷hт╜2вЖ=Ю8| 00001b90 9d 7b 6e df 16 33 08 a8 bb 44 32 3f 96 ec 91 57 |²{nъ.3.╗╩D2?√Л▒W| 00001ba0 9a 8a ea e6 12 dc 2b 50 c3 9f f1 85 79 cc dd b7 | ┼ЙФ.э+Pц÷Я┘yлщ╥| 00001bb0 60 57 d8 3b 84 c2 81 f0 f2 5a 1f 67 8e 8b ab 9f |`Wь;└б│ПРZ.g▌▀╚÷| 00001bc0 ec f3 51 38 16 b1 d4 96 88 a5 0b f5 26 46 08 20 |ЛСQ8.╠т√┬╔.У&F. | 00001bd0 a8 ce 4c b7 96 14 18 d2 49 53 a3 83 71 1d 49 72 |╗нL╥√..рISё┐q.Ir| 00001be0 e2 e6 49 4c b6 43 c5 44 d4 66 b4 c4 40 57 3e 3f |БФIL╤CеDтf╢д@W>?| 00001bf0 b7 60 d2 8d 3c fb fb 03 d8 b5 ac 11 11 f1 2f c2 |╥`р█<ШШ.ь╣╛..Я/б| 00001c00 65 44 6e 60 cb ce d5 4e 22 1c bd 9e 1b cf 5f 44 |eDn`кнуN".╫·.о_D| 00001c10 95 2d 05 6d 7c 03 2b 52 1c 26 7f c7 d6 ee 2c 64 |∙-.m|.+R.&.гжН,d| 00001c20 17 ba 8b 21 56 4a b0 d8 07 49 20 76 5d 36 3a f0 |.╨▀!VJ╟ь.I v]6:П| 00001c30 db 7d 59 8e b0 2c a2 e4 16 36 c4 4b 13 ef df 08 |ш}Y▌╟,╒Д.6дK.Оъ.| 00001c40 10 4d bb 54 d3 36 36 db ab b3 a4 15 2d 40 19 b2 |.M╩Tс66ш╚Ё╓.-@.╡| 00001c50 56 cb ae fd 9c aa bb a9 30 88 2f f1 6f aa 0e b1 |Vк╝Щ°╙╩╘0┬/Яo╙.╠| 00001c60 30 b7 77 6d 02 f3 b2 9e 25 b7 18 6b f5 68 24 ac |0╥wm.С╡·%╥.kУh$╛| 00001c70 90 5e 33 fb 2c 30 0e 3f 42 c7 a3 0b bb 02 b6 eb |░^3Ш,0.?Bгё.╩.╤К| 00001c80 a1 d5 e7 c3 33 0f 40 86 c0 46 c3 f0 0d 03 ec 19 |║уГц3.@├юFцП..Л.| 00001c90 47 07 3a ef e7 02 94 88 d3 a7 e8 6c 25 43 8a 47 |G.:ОГ.■┬с╖Хl%C┼G| 00001ca0 a4 3a 54 79 25 d8 1f 0a 3d 5e c6 cf 19 0f 18 39 |╓:Ty%ь..=^фо...9| 00001cb0 4e de d9 c7 de 2b f8 76 55 2b 90 56 7c 53 d2 02 |Nчыгч+ЬvU+░V|Sр.| 00001cc0 9c 37 39 fe d8 23 da c9 2e c1 53 ba 76 36 8a 75 |°79Чь#зи.аS╨v6┼u| 00001cd0 04 06 a0 6f 92 54 51 ce f6 51 83 6b 9c 29 6e 62 |..═o▓TQнЖQ┐k°)nb| 00001ce0 18 f6 ae 6d 78 fd 5b cb 35 40 b2 32 26 85 62 b3 |.Ж╝mxЩ[к5@╡2&┘bЁ| 00001cf0 f9 b0 f6 92 4a 6c fe 88 3c 28 2c 76 db 17 03 6e |Ы╟Ж▓JlЧ┬<(,vш..n| 00001d00 2f f6 25 3d b3 48 0c 90 54 bc f6 0a e6 00 6f 7a |/Ж%=ЁH.░T╪Ж.Ф.oz| 00001d10 87 67 21 2c 82 70 f5 98 dd ee 01 6b 3e 5e d8 bb |┤g!,┌pУ≤щН.k>^ь╩| 00001d20 74 65 39 32 f7 37 46 0a 54 eb 04 ea c7 83 65 a4 |te92В7F.TК.Йг┐e╓| 00001d30 c6 e4 70 2b cb d6 0f 67 58 71 43 39 c2 f3 da 48 |фДp+кж.gXqC9бСзH| 00001d40 35 55 4d 4e b9 97 25 0e ee 7e 2a a5 ea 69 d1 66 |5UMN╧≈%.Н~*╔Йiяf| 00001d50 2d ff 1c 6a df d1 76 d0 ae e0 10 8f 6c 9b 81 39 |-Ъ.jъяvп╝Ю.▐l⌡│9| 00001d60 dc 52 ab c8 43 c3 55 26 f8 1b ec af 3f 1b 03 f1 |эR╚хCцU&Ь.Л╞?..Я| 00001d70 a4 c8 c3 f4 48 2e ed 86 15 43 36 70 cd 43 db 1b |╓хцТH.М├.C6pмCш.| 00001d80 0f 8d f3 67 7c 0e 70 83 56 dc a7 56 76 06 15 39 |.█Сg|.p┐Vэ╖Vv..9| 00001d90 f7 39 5b 10 22 11 db 17 30 5c 80 88 27 fc ee d9 |В9[.".ш.0\─┬'ЭНы| 00001da0 35 21 d2 b8 07 a0 5a cf 8b 18 f7 31 b2 c0 07 8a |5!р╦.═Zо▀.В1╡ю.┼| 00001db0 09 8e de 04 5e 1b 64 b6 50 a4 37 95 17 f5 ed c6 |.▌ч.^.d╤P╓7∙.УМф| 00001dc0 e7 3b 75 e6 b3 a5 1e 5e ec c6 0a 8e ab e6 2a 0e |Г;uФЁ╔.^Лф.▌╚Ф*.| 00001dd0 a5 ec 2e c6 6c f3 46 95 f9 2a 6c 59 e5 80 cd 8b |╔Л.фlСF∙Ы*lYЕ─м▀| 00001de0 b1 1c 51 4a 5b 60 89 57 fc cd f6 bf f1 cb cb 80 |╠.QJ[`┴WЭмЖ©Якк─| 00001df0 a7 45 50 f8 f8 df 4e 31 5c f6 c3 52 68 17 17 d4 |╖EPЬЬъN1\ЖцRh..т| 00001e00 d3 60 10 17 69 93 53 e5 42 62 71 dc 7d 87 99 fd |с`..i⌠SЕBbqэ}┤≥Щ| 00001e10 45 ea 6a bf 4f eb 50 f8 34 f5 8e a3 3b e2 cb 81 |EЙj©OКPЬ4У▌ё;Бк│| 00001e20 3b 0c 31 03 1a 67 ed a5 7b d4 98 15 33 c0 7f 72 |;.1..gМ╔{т≤.3ю.r| 00001e30 bd c5 d5 12 d9 55 fc 47 77 82 ce a4 fc c9 49 5b |╫еу.ыUЭGw┌н╓ЭиI[| 00001e40 b0 ae 81 dd 25 a2 8c 38 66 fa 03 b2 5d 91 9e c1 |╟╝│щ%╒▄8fЗ.╡]▒·а| 00001e50 bf f2 6e b8 db d0 fe 71 32 83 aa 9d 85 02 ab 9e |©Рn╦шпЧq2┐╙²┘.╚·| 00001e60 bf 63 0b c8 e7 2b 31 ba 83 aa de ad e0 f5 d3 88 |©c.хГ+1╨┐╙ч╜ЮУс┬| 00001e70 fc 33 5e 51 7f 32 4c be c3 a5 87 55 ea 21 56 2d |Э3^Q.2L╬ц╔┤UЙ!V-| 00001e80 26 37 58 3f 13 18 4c eb e8 0e e0 18 74 e3 dc 53 |&7X?..LКХ.Ю.tЦэS| 00001e90 8a 27 8c 41 24 df c5 61 ea c7 c3 25 3d 43 dc 70 |┼'▄A$ъеaЙгц%=Cэp| 00001ea0 e3 e0 56 22 f2 6a b8 da 3a de 7d a2 2d d9 b5 e9 |ЦЮV"Рj╦з:ч}╒-ы╣И| 00001eb0 1b 95 c9 83 9b 6d ab ad 65 bd dd b3 75 03 d7 3b |.∙и┐⌡m╚╜e╫щЁu.в;| 00001ec0 3b 1e f5 0b 47 47 06 7e ed a0 39 88 f1 78 29 48 |;.У.GG.~М═9┬Яx)H| 00001ed0 0f 4b e8 85 0c d0 e9 36 98 fe f6 e2 0d 06 1d 4b |.KХ┘.пИ6≤ЧЖБ...K| 00001ee0 cb 7c c5 b6 64 44 32 bd a3 a8 8d 66 ab 0c b4 4d |к|е╤dD2╫ё╗█f╚.╢M| 00001ef0 31 03 30 f1 d7 3d 94 c9 f1 ac 46 0e 84 37 d2 48 |1.0Яв=■иЯ╛F.└7рH| 00001f00 0a 4c 07 fe e9 53 64 e9 17 8d 03 73 3d 69 61 6b |.L.ЧИSdИ.█.s=iak| 00001f10 11 06 40 5f e3 a7 c3 10 55 c1 76 fa 03 49 b6 cf |..@_Ц╖ц.UаvЗ.I╤о| 00001f20 74 99 71 d8 18 0a ec f8 31 58 8a f5 e8 31 ae 3a |t≥qь..ЛЬ1X┼УХ1╝:| 00001f30 31 ec 7e 7b af 39 08 8e cc 8b d3 03 b3 72 9c 5d |1Л~{╞9.▌л▀с.Ёr°]| 00001f40 77 a5 db f0 d5 df 9a 7a b7 ce b4 9e e6 7e 5a 03 |w╔шПуъ z╥н╢·Ф~Z.| 00001f50 89 66 ec dd af 65 a1 e4 6f 37 59 86 80 11 b9 84 |┴fЛщ╞e║Дo7Y├─.╧└| 00001f60 c8 ef 5e 36 8e 75 ce 67 8c d6 6b 6a c1 ac c0 9f |хО^6▌uнg▄жkjа╛ю÷| 00001f70 d5 ef 93 90 00 4a 56 86 eb 84 c8 cc 24 a5 24 c1 |уО⌠░.JV├К└хл$╔$а| 00001f80 e6 34 bf d2 80 07 ca 61 ee e6 fb 9e 54 42 17 cc |Ф4©р─.йaНФШ·TB.л| 00001f90 6d 4a 4f c5 8e ed a5 dc 9b a8 fc 2a 7b 0a c5 ec |mJOе▌М╔э⌡╗Э*{.еЛ| 00001fa0 7a 76 68 79 4c 50 62 9e 54 50 ec 3f 7f b1 00 c7 |zvhyLPb·TPЛ?.╠.г| 00001fb0 ac 97 c6 96 f4 91 3b 45 0c 84 b9 7c 50 0d 52 65 |╛≈ф√Т▒;E.└╧|P.Re| 00001fc0 12 2d c7 99 3a 5d 29 bb 10 fa 21 21 1e 60 0b 3e |.-г≥:])╩.З!!.`.>| 00001fd0 6b d0 3e 9f eb 27 33 f4 6f 0c d6 00 15 77 8c bf |kп>÷К'3Тo.ж..w▄©| 00001fe0 b6 26 61 3f b3 0e 2f 56 86 44 df fc 5a 6f 0b 9d |╤&a?Ё./V├DъЭZo.²| 00001ff0 51 65 7a a5 e0 2a cf 06 a9 2d 71 9d 34 d7 fa bf |Qez╔Ю*о.╘-q²4вЗ©| 00002000 fe e4 64 79 5a a1 e3 87 04 42 be 64 8e 18 98 b7 |ЧДdyZ║Ц┤.B╬d▌.≤╥| 00002010 39 83 c0 8e be d4 81 e0 08 d8 3f 1a b0 d5 92 0c |9┐ю▌╬т│Ю.ь?.╟у▓.| 00002020 c9 13 6c bf f0 bb a1 d6 1c 29 25 94 31 35 dc 6f |и.l©П╩║ж.)%■15эo| 00002030 04 bf 84 b6 67 67 51 42 7b 08 a9 6d 87 ca 5a a7 |.©└╤ggQB{.╘m┤йZ╖| 00002040 a9 da 69 04 61 8f 15 e8 81 93 13 eb 61 71 41 a3 |╘зi.a▐.Х│⌠.КaqAё| 00002050 f9 21 b2 ee 66 26 82 ea 98 29 15 17 a4 3f 7b 74 |Ы!╡Нf&┌Й≤)..╓?{t| 00002060 0c 6f 2d ab ba 83 dc 14 7f 9c d4 e2 cf dd 3f 2f |.o-╚╨┐э..°тБощ?/| 00002070 a1 e3 44 cf 05 0c b6 da 3c 3e 0a ff 54 a1 8a 8f |║ЦDо..╤з<>.ЪT║┼▐| 00002080 de b9 74 93 83 ac 08 38 5e c4 95 23 77 99 c7 97 |ч╧t⌠┐╛.8^д∙#w≥г≈| 00002090 01 a0 d5 6f a9 11 d4 82 09 e1 07 ee 01 72 ba 07 |.═уo╘.т┌.А.Н.r╨.| 000020a0 99 47 50 0d 82 05 5d 38 66 6f ec e6 21 55 67 a8 |≥GP.┌.]8foЛФ!Ug╗| 000020b0 fb c8 39 9e 7e 3f cd ee 80 3e e8 f0 61 e7 6d ac |Шх9·~?мН─>ХПaГm╛| 000020c0 f7 87 96 a4 80 76 9e d5 05 1e 92 41 37 6e b0 c8 |В┤√╓─v·у..▓A7n╟х| 000020d0 ca 6b 9b 36 17 a4 8a 6b f0 30 55 b2 21 ad f3 7b |йk⌡6.╓┼kП0U╡!╜С{| 000020e0 80 0e a3 53 88 e4 ca b2 84 48 33 73 a4 5b 14 6c |─.ёS┬Дй╡└H3s╓[.l| 000020f0 9b 17 43 87 1f 79 77 a3 37 47 da d3 0e 62 f9 81 |⌡.C┤.ywё7Gзс.bЫ│| 00002100 39 d5 7b e0 95 a6 79 b8 7d e6 09 d0 d7 6f 62 28 |9у{Ю∙╕y╦}Ф.пвob(| 00002110 61 78 36 3d e5 be 5d 2e cd 29 8f 38 a9 c0 07 4f |ax6=Е╬].м)▐8╘ю.O| 00002120 dd fa 58 4d 0d 45 68 0f c0 eb c2 bb 26 11 4b e9 |щЗXM.Eh.юКб╩&.KИ| 00002130 89 01 25 c0 33 ef 3d 2a 07 e6 8f 20 1e e4 50 59 |┴.%ю3О=*.Ф▐ .ДPY| 00002140 ca 9e 02 b7 d6 b2 f0 e0 21 16 fc 8d 3b 37 01 eb |й·.╥ж╡ПЮ!.Э█;7.К| 00002150 12 7a 70 f2 ea 6f bb 2e e9 68 ac fd 7d 37 17 58 |.zpРЙo╩.Иh╛Щ}7.X| 00002160 db fd 1a 61 81 2c 42 df 85 f2 50 7c 42 8f 03 fd |шЩ.a│,Bъ┘РP|B▐.Щ| 00002170 40 40 49 89 ac fa ee 59 40 31 5d aa 87 59 46 dc |@@I┴╛ЗНY@1]╙┤YFэ| 00002180 78 49 4a d4 93 24 b1 49 d2 df 5d 02 64 c4 b9 31 |xIJт⌠$╠Iръ].dд╧1| 00002190 18 90 cf d7 5a 3f c3 64 88 59 90 f1 84 7a cc f9 |.░овZ?цd┬Y░Я└zлЫ| 000021a0 11 01 88 f8 fa 24 53 fd 81 a7 62 eb be 84 4f c1 |..┬ЬЗ$SЩ│╖bК╬└Oа| 000021b0 09 62 65 2c 5d 93 42 b0 ef 11 cd 05 a0 48 2e e8 |.be,]⌠B╟О.м.═H.Х| 000021c0 89 f5 3d 2c 21 57 ad 78 3f a7 67 26 66 3a f2 20 |┴У=,!W╜x?╖g&f:Р | 000021d0 1d a3 8e fd 2d 0d 56 91 02 14 7e a0 3d 9e 11 66 |.ё▌Щ-.V▒..~═=·.f| 000021e0 1c da e9 90 fb e5 ca 90 c4 87 aa 91 e0 f9 29 f9 |.зИ░ШЕй░д┤╙▒ЮЫ)Ы| 000021f0 bc 66 15 ea e6 08 eb 79 e4 08 a0 49 55 b2 c7 87 |╪f.ЙФ.КyД.═IU╡г┤| 00002200 79 63 02 4e 3e 78 dd b2 5e 77 af ef ce d5 49 3c |yc.N>xщ╡^w╞ОнуI<| 00002210 84 0c 71 b4 d0 3b 94 6f c7 1e e6 73 17 58 b0 48 |└.q╢п;■oг.Фs.X╟H| 00002220 6d e9 3e 56 90 ae f1 ac 0f b6 80 7d 41 b3 a1 27 |mИ>V░╝Я╛.╤─}AЁ║'| 00002230 94 12 27 25 6f 11 f0 5e 72 13 8c b8 46 79 e1 43 |■.'%o.П^r.▄╦FyАC| 00002240 b5 02 05 94 ee 11 c5 a9 a1 7b 4f 22 ce ec 11 70 |╣..■Н.е╘║{O"нЛ.p| 00002250 0e 50 88 01 2d 60 9f 79 92 16 e3 f3 a4 ff e1 62 |.P┬.-`÷y▓.ЦС╓ЪАb| 00002260 ad be df c8 f7 f1 6b 88 ec f6 3a 7a e1 ed fb 23 |╜╬ъхВЯk┬ЛЖ:zАМШ#| 00002270 d3 05 1b 53 2b de d3 0e 72 12 54 82 6e 8f a2 d1 |с..S+чс.r.T┌n▐╒я| 00002280 2e 51 48 db e3 d7 df e7 b7 e4 11 81 42 64 b3 6d |.QHшЦвъГ╥Д.│BdЁm| 00002290 b1 1e 67 a5 cd 33 f7 fd 92 bc 45 08 4e 54 57 ac |╠.g╔м3ВЩ▓╪E.NTW╛| 000022a0 d6 86 36 c9 c1 e4 98 9c 38 6c 21 92 1d 10 f9 71 |ж├6иаД≤°8l!▓..Ыq| 000022b0 89 75 0d 7f 62 b0 64 53 0c ab 33 52 8f 2e 32 1a |┴u..b╟dS.╚3R▐.2.| 000022c0 73 3c 78 c1 4e f6 3d c9 01 f6 8d da 23 29 42 c2 |sAсы╧wu╙vё▒∙E| 00002310 a2 f4 22 a8 1b ad 59 d4 72 14 ab f8 d4 6a 97 43 |╒Т"╗.╜Yтr.╚Ьтj≈C| 00002320 37 63 70 58 e6 8c 93 d8 e3 08 0a d3 ad 8f 47 16 |7cpXФ▄⌠ьЦ..с╜▐G.| 00002330 9a c1 a8 d7 ae 20 75 6b bf ed af 90 75 ae 23 7f | а╗в╝ uk©М╞░u╝#.| 00002340 b6 65 ab 9b d2 17 9e d2 c8 0f 8e be 60 1e 8d 2e |╤e╚⌡р.·рх.▌╬`.█.| 00002350 5a 92 c2 1c eb 40 ed 53 2e 02 21 1d a6 0c 3c a7 |Z▓б.К@МS..!.╕.<╖| 00002360 78 03 0a 97 38 88 17 59 50 8a dc 0e 42 9b 80 53 |x..≈8┬.YP┼э.B⌡─S| 00002370 2d 62 b4 c5 64 42 9f 11 8e 47 5f 71 68 ab f5 07 |-b╢еdB÷.▌G_qh╚У.| 00002380 0a af 4d 2f 2e 3d 57 b7 77 1a 1e d6 54 3d 42 f3 |.╞M/.=W╥w..жT=BС| 00002390 2b da a1 fd 4e f1 3a 40 40 fd ae d7 a1 06 07 f9 |+з║ЩNЯ:@@Щ╝в║..Ы| 000023a0 41 fe d6 69 73 65 aa bd bb 04 03 1a 5f b7 5b 6b |AЧжise╙╫╩..._╥[k| 000023b0 5c 26 17 c3 9f 7b 38 84 22 4d 28 10 be db 47 bf |\&.ц÷{8└"M(.╬шG©| 000023c0 b4 13 53 00 b7 04 a7 0c 60 9c ec 0e d3 b3 f2 7b |╢.S.╥.╖.`°Л.сЁР{| 000023d0 6f 19 95 ca f4 56 a4 d9 7e 2e d7 a4 91 ae ed 6f |o.∙йТV╓ы~.в╓▒╝Мo| 000023e0 7a 35 f1 44 fa 48 c9 c0 03 ef 12 55 97 ea 7a eb |z5ЯDЗHию.О.U≈ЙzК| 000023f0 af 80 50 ed c1 3a fa ee 1a 91 ad 3c f7 57 df db |╞─PМа:ЗН.▒╜<ВWъш| 00002400 e4 61 73 af b3 ce d1 0c ac 39 5f a8 6c 39 4d 97 |Дas╞Ёня.╛9_╗l9M≈| 00002410 b7 a9 01 ca ce b1 f5 b1 9e af da e1 84 ca 18 ac |╥╘.йн╠У╠·╞зА└й.╛| 00002420 69 8d bd fe d7 a7 ac 0b ea a2 3d b3 44 7b 7a 49 |i█╫Чв╖╛.Й╒=ЁD{zI| 00002430 e1 57 2d 63 4a f1 13 cf 41 eb 03 0b 7b c2 df 04 |АW-cJЯ.оAК..{бъ.| 00002440 60 b8 0c ed 8e 3b 66 9e 7b e2 ad d6 59 d0 71 f1 |`╦.М▌;f·{Б╜жYпqЯ| 00002450 d1 23 ea 86 6e ef 0f 81 9c b7 a1 3a 24 f8 fa c5 |я#Й├nО.│°╥║:$ЬЗе| 00002460 c1 b6 23 4c b2 4e 2d 1d ff 7f 85 96 73 6f 3f 0e |а╤#L╡N-.Ъ.┘√so?.| 00002470 59 fe 1e 22 f4 13 04 ec 63 c3 69 26 0c e0 8c bc |YЧ."Т..Лcцi&.Ю▄╪| 00002480 14 90 51 c4 32 f8 84 b1 d6 d4 08 78 bc 29 62 74 |.░Qд2Ь└╠жт.x╪)bt| 00002490 0c 72 6b fe 5d 09 55 8c 88 05 8f 8f ec c6 63 c7 |.rkЧ].U▄┬.▐▐Лфcг| 000024a0 a0 2b d3 21 07 4e 98 15 da cb a1 94 86 c7 d7 17 |═+с!.N≤.зк║■├гв.| 000024b0 1b ef 21 5b 64 cb 6b 73 62 c8 f1 fe f7 94 6a b1 |.О![dкksbхЯЧВ■j╠| 000024c0 ab 2c 18 66 0e 33 f3 37 72 bb 56 4c 44 d6 e5 30 |╚,.f.3С7r╩VLDжЕ0| 000024d0 17 bb bf ec 0b c8 c4 e0 c7 2d 75 69 94 2d 4f 0d |.╩©Л.хдЮг-ui■-O.| 000024e0 67 eb a9 fa 67 93 19 ee ea e1 5f 0f d6 bb d3 69 |gК╘Зg⌠.НЙА_.ж╩сi| 000024f0 ec c9 b4 f0 92 d5 38 d9 f7 b7 ec 6c 71 0e 65 09 |Ли╢П▓у8ыВ╥Лlq.e.| 00002500 a1 17 a3 b4 77 4e ff b7 a1 3b e7 6a 42 f6 00 cb |║.ё╢wNЪ╥║;ГjBЖ.к| 00002510 f7 5d 06 87 6a 15 e0 68 c7 82 08 f0 9c 54 68 e7 |В].┤j.Юhг┌.П°ThГ| 00002520 ce 4c 69 47 cb e6 00 63 26 a6 7c 56 ec ae 28 60 |нLiGкФ.c&╕|VЛ╝(`| 00002530 59 07 bf 74 44 c6 a7 c3 67 72 31 c8 e3 6b e1 42 |Y.©tDф╖цgr1хЦkАB| 00002540 83 18 95 96 f4 5d d1 36 2f 83 78 b4 32 ba 5a c2 |┐.∙√Т]я6/┐x╢2╨Zб| 00002550 62 2e bd e4 b7 32 e9 15 cb 01 c6 50 46 0a 31 07 |b.╫Д╥2И.к.фPF.1.| 00002560 96 2b c4 ba c8 88 22 0e 74 ff 39 9c 7d ad 20 10 |√+д╨х┬".tЪ9°}╜ .| 00002570 cb db a2 4e a7 bb 4f 2d c0 06 0b d9 92 19 aa 8f |кш╒N╖╩O-ю..ы▓.╙▐| 00002580 0c 51 99 2b 73 d5 56 e5 0b 5b b6 d5 7f 4d 11 a0 |.Q≥+sуVЕ.[╤у.M.═| 00002590 a3 f3 88 8c 5b 29 ae 2e f0 b3 e2 26 f9 0a 61 7b |ёС┬▄[)╝.ПЁБ&Ы.a{| 000025a0 9e 82 da 14 ea f1 fa 43 36 63 89 c0 15 b9 14 8a |·┌з.ЙЯЗC6c┴ю.╧.┼| 000025b0 bd b2 0a 75 8b af ec b9 3c d1 16 fd 98 fc 3f 2c |╫╡.u▀╞Л╧<я.Щ≤Э?,| 000025c0 47 54 29 0f ce ca ea 62 14 ea 9d d8 0b d3 0b 95 |GT).нйЙb.Й²ь.с.∙| 000025d0 c8 83 d2 91 5f b0 7d 49 0d 5b 67 c1 4c 64 76 87 |х┐р▒_╟}I.[gаLdv┤| 000025e0 11 f7 89 ab 02 4c f4 34 62 e6 48 c8 7e 3a dc 9c |.В┴╚.LТ4bФHх~:э°| 000025f0 72 18 9a 49 71 c9 77 50 ba 07 71 f7 84 63 3a b5 |r. IqиwP╨.qВ└c:╣| 00002600 9c 3f 69 cd a5 36 ff a9 1d 2a 46 07 22 e0 75 88 |°?iм╔6Ъ╘.*F."Юu┬| 00002610 32 2b 47 ae 45 77 2d 45 2d ea ea ad 75 29 3e 9e |2+G╝Ew-E-ЙЙ╜u)>·| 00002620 99 9f a3 ff ae 39 09 27 db f4 dd 93 b9 6a 41 4c |≥÷ёЪ╝9.'шТщ⌠╧jAL| 00002630 99 a3 58 fc 21 34 a8 70 8b 7b 62 3a 7a a7 fa 94 |≥ёXЭ!4╗p▀{b:z╖З■| 00002640 7e 85 57 a1 2e 4d c2 52 be 19 a7 64 5a 73 5e d1 |~┘W║.MбR╬.╖dZs^я| 00002650 c8 df b1 f3 c0 b6 66 a4 59 1f e9 c3 c6 a8 4b 8e |хъ╠Сю╤f╓Y.Ицф╗K▌| 00002660 50 2d 02 80 8b e7 56 90 0f 2e c2 f0 06 9f 5a be |P-.─▀ГV░..бП.÷Z╬| 00002670 58 8e d4 3c 89 a0 6e 1c 3b 3b 9d 7c 74 ea 60 58 |X▌т<┴═n.;;²|tЙ`X| 00002680 3f 4f 7d 77 5e f0 5b c4 cc 08 23 4f 31 33 23 ee |?O}w^П[дл.#O13#Н| 00002690 f6 8d a7 de 14 c8 9f 5a c5 40 3d 05 68 be e4 7d |Ж█╖ч.х÷Zе@=.h╬Д}| 000026a0 0e fb 0f 5b 97 13 f2 90 ab 30 cd 94 71 f0 c2 29 |.Ш.[≈.Р░╚0м■qПб)| 000026b0 49 43 0b 18 e2 c8 32 11 14 bd 85 3e 43 ad c6 0c |IC..Бх2..╫┘>C╜ф.| 000026c0 de d1 10 d1 bf 37 f8 51 c6 34 97 7e e7 43 ed 7e |чя.я©7ЬQф4≈~ГCМ~| 000026d0 b2 03 a8 dc 37 14 71 2a ec b9 2e c1 d0 42 73 7b |╡.╗э7.q*Л╧.апBs{| 000026e0 ab 9e 74 95 bf ba df 37 86 69 d6 1b e5 b7 0c c6 |╚·t∙©╨ъ7├iж.Е╥.ф| 000026f0 b0 3f 20 85 75 69 5d 96 d6 9e 9b 80 04 cc af a0 |╟? ┘ui]√ж·⌡─.л╞═| 00002700 b5 0a 24 8c fd 71 ae 6a 4b a2 4c c6 28 f6 04 1a |╣.$▄Щq╝jK╒Lф(Ж..| 00002710 9e bf cb 71 89 fc 00 96 11 b1 3c 69 83 39 42 d7 |·©кq┴Э.√.╠зot| 000028f0 93 44 02 2d 41 b7 84 7f bc 03 c6 9c cf db 21 e7 |⌠D.-A╥└.╪.ф°ош!Г| 00002900 09 c2 ee 84 1c 27 b4 08 f5 09 cd 56 8e 14 6b b9 |.бН└.'╢.У.мV▌.k╧| 00002910 0c a2 58 50 28 9d 2a dc ca e7 0c 39 01 eb f7 35 |.╒XP(²*эйГ.9.КВ5| 00002920 c5 c8 e9 8a f3 63 fd d3 6c 91 5d 25 5f fc 54 0d |ехИ┼СcЩсl▒]%_ЭT.| 00002930 ca b6 09 7a 3d 62 52 20 a8 4d a6 95 c4 45 be 7a |й╤.z=bR ╗M╕∙дE╬z| 00002940 ca 00 ad aa 22 99 35 a5 21 a3 48 1e e7 d9 a5 f9 |й.╜╙"≥5╔!ёH.Гы╔Ы| 00002950 8a bc 3b 1d 90 59 cb 61 07 53 3f 8e a2 a9 49 9e |┼╪;.░Yкa.S?▌╒╘I·| 00002960 5a 2a b8 fc a0 f9 23 65 d8 33 1f 5e fe a5 a2 70 |Z*╦Э═Ы#eь3.^Ч╔╒p| 00002970 26 ef 92 f4 8c 9f 5e 85 6d 45 45 45 6c 84 9f 8f |&О▓Т▄÷^┘mEEEl└÷▐| 00002980 b6 72 25 05 7a b4 5d 98 a8 49 0a ea c0 a1 50 69 |╤r%.z╢]≤╗I.Йю║Pi| 00002990 e7 6f 59 9d 8a 71 c6 5b 14 4f 96 04 66 0d 66 a4 |ГoY²┼qф[.O√.f.f╓| 000029a0 ab 39 c6 cc 28 3f 42 53 f7 5d 8f 02 df df a6 cd |╚9фл(?BSВ]▐.ъъ╕м| 000029b0 9e 8d 76 bc 83 93 60 7f 58 e6 3d 65 de 46 60 ac |·█v╪┐⌠`.XФ=eчF`╛| 000029c0 40 ce 61 4d d6 8f ba 3d 3e 70 fc a0 9c 4c 64 64 |@нaMж▐╨=>pЭ═°Ldd| 000029d0 cc 13 d8 d2 e6 6e 6d 0d 97 14 02 58 e8 17 39 0e |л.ьрФnm.≈..XХ.9.| 000029e0 66 d3 68 88 8d 77 0d f7 42 6d 70 36 5c 14 07 ee |fсh┬█w.ВBmp6\..Н| 000029f0 28 03 47 8d 81 34 0f 68 fd b9 da 7d c7 be c6 ff |(.G█│4.hЩ╧з}г╬фЪ| 00002a00 91 aa 62 6f bf 7e 7d c2 9d 1a 20 5f a4 25 e9 dc |▒╙bo©~}б². _╓%Иэ| 00002a10 1f 63 1c d1 84 2b 37 e2 bf 8d 95 a5 61 e5 bd 57 |.c.я└+7Б©█∙╔aЕ╫W| 00002a20 59 26 32 54 04 12 7e 46 d5 e1 0c 1a 0b 7c 5a 34 |Y&2T..~FуА...|Z4| 00002a30 d9 35 9a 18 26 96 9a 5c 96 08 a1 66 c8 13 92 5c |ы5 .&√ \√.║fх.▓\| 00002a40 fe 2e a6 ee a3 fa a8 e3 98 db 7e af 5c d1 98 4d |Ч.╕НёЗ╗Ц≤ш~╞\я≤M| 00002a50 2e 31 76 3e 3f 39 c8 6e 21 6b 80 f4 df b3 2a 40 |.1v>?9хn!k─ТъЁ*@| 00002a60 39 af fb ff 51 11 d2 59 90 c8 60 10 bd b6 e2 d0 |9╞ШЪQ.рY░х`.╫╤Бп| 00002a70 4c 36 7b e7 ce 5a 43 93 d6 dc c7 f3 39 72 e1 27 |L6{ГнZC⌠жэгС9rА'| 00002a80 87 88 fd b0 62 31 08 b1 b1 31 78 b0 b4 75 bb a6 |┤┬Щ╟b1.╠╠1x╟╢u╩╕| 00002a90 ef 8f 4e 34 37 a6 08 c0 a7 28 e6 40 18 34 f1 f9 |О▐N47╕.ю╖(Ф@.4ЯЫ| 00002aa0 1d 9c 0f 08 12 61 78 42 0d fe 9a 04 a3 04 58 6a |.°...axB.Ч .ё.Xj| 00002ab0 e2 5a e9 a6 b5 96 25 b8 42 28 c3 b7 fb 42 40 6c |БZИ╕╣√%╦B(ц╥ШB@l| 00002ac0 bb eb 1a a4 10 29 3e c9 df 9c c8 0b 5c 25 67 cf |╩К.╓.)>иъ°х.\%gо| 00002ad0 45 72 b3 94 d4 af fc de d3 7c 28 67 f9 e1 40 4d |ErЁ■т╞Эчс|(gЫА@M| 00002ae0 cf a2 1c a5 0a e3 13 0e a9 d1 8b 07 73 c3 69 d9 |о╒.╔.Ц..╘я▀.sцiы| 00002af0 a6 09 34 1b f9 96 be 3e 98 2a 3b 3e db 6c 72 cd |╕.4.Ы√╬>≤*;>шlrм| 00002b00 5a 5a 5a 5a 0a 3f 22 05 11 cd 83 76 76 65 c8 40 |ZZZZ.?"..м┐vveх@| 00002b10 ce 64 7b c5 b2 b5 ef 1c 92 f7 9a 91 1b 1f e3 90 |нd{е╡╣О.▓В ▒..Ц░| 00002b20 61 ce 42 38 87 39 c4 42 29 5a 57 24 56 c5 7b c8 |aнB8┤9дB)ZW$Vе{х| 00002b30 fe e2 4b 8a d7 67 e0 0b 24 94 cf fb da cd 7d 5f |ЧБK┼вgЮ.$■оШзм}_| 00002b40 cb 32 cb 6f a3 44 f2 1a cb 2e 4d 9e 61 8f 69 46 |к2кoёDР.к.M·a▐iF| 00002b50 b6 66 14 e8 93 dc b4 22 30 a1 13 a9 c2 14 ad c7 |╤f.Х⌠э╢"0║.╘б.╜г| 00002b60 8b 72 25 53 30 53 f5 53 31 c5 7f 0a 26 3e 9d 9b |▀r%S0SУS1е..&>²⌡| 00002b70 69 75 97 20 40 62 5e f0 00 47 47 d4 cc 78 3d bd |iu≈ @b^П.GGтлx=╫| 00002b80 79 63 94 c9 be 11 3c e7 f7 a7 26 c0 70 fa c5 a4 |yc■и╬.<ГВ╖&юpЗе╓| 00002b90 a1 df ab 60 48 ba 88 42 3c f7 e6 d8 bb 3f 41 d9 |║ъ╚`H╨┬B<ВФь╩?Aы| 00002ba0 72 39 02 fe 55 19 59 c6 4a 5a 9a 44 13 e3 ac ed |r9.ЧU.YфJZ D.Ц╛М| 00002bb0 21 f7 35 c3 7a d6 2e 54 ba e0 63 e7 bd 18 68 3e |!В5цzж.T╨ЮcГ╫.h>| 00002bc0 f6 18 40 7f 45 db f2 d0 bc 1e 64 4c ab 07 cc 00 |Ж.@.EшРп╪.dL╚.л.| 00002bd0 c3 24 a2 1b 65 c1 b6 60 de 6d ac 5c 20 d4 c7 e3 |ц$╒.eа╤`чm╛\ тгЦ| 00002be0 48 ba e5 12 a4 84 aa 46 fd 42 40 45 8e a4 39 b7 |H╨Е.╓└╙FЩB@E▌╓9╥| 00002bf0 94 4a 98 67 47 da c6 7a 02 15 ee b6 93 bf 1a 51 |■J≤gGзфz..Н╤⌠©.Q| 00002c00 f6 e7 b3 86 78 3e 15 d4 06 d2 05 8d 84 a2 c3 64 |ЖГЁ├x>.т.р.█└╒цd| 00002c10 1d 23 c6 62 2d 51 f6 1a 85 3b f5 f2 54 78 5c c0 |.#фb-QЖ.┘;УРTx\ю| 00002c20 f4 a9 66 3b a9 ed 9e e2 54 16 c0 8e 1a 47 19 ff |Т╘f;╘М·БT.ю▌.G.Ъ| 00002c30 89 5f 67 6e 7d 29 aa 47 18 dd d1 d6 f4 88 de 3b |┴_gn})╙G.щяжТ┬ч;| 00002c40 07 20 ab 5d a5 29 e6 60 a3 2b 54 63 01 ba f1 a0 |. ╚]╔)Ф`ё+Tc.╨Я═| 00002c50 11 1e d6 d2 71 92 27 8d c3 68 f3 7c ef a6 11 68 |..жрq▓'█цhС|О╕.h| 00002c60 49 3f 7c a0 7d ba 5a 5f a5 36 b6 64 e8 9b d2 f5 |I?|═}╨Z_╔6╤dХ⌡рУ| 00002c70 48 fb 76 82 8b 41 7d a9 f8 03 a6 83 22 7f 1f 93 |HШv┌▀A}╘Ь.╕┐"..⌠| 00002c80 b0 39 db 64 36 54 b0 3f ab 3b 35 36 80 24 34 ee |╟9шd6T╟?╚;56─$4Н| 00002c90 61 5c de f6 da 5d 5f b4 bf 88 74 46 59 3c 87 f0 |a\чЖз]_╢©┬tFY<┤П| 00002ca0 44 91 0c ac d2 f1 2e 9d b0 27 a8 ab 79 09 0b c5 |D▒.╛рЯ.²╟'╗╚y..е| 00002cb0 6a 18 be aa f5 de 59 ff 3a d2 b7 f2 9b d9 81 48 |j.╬╙УчYЪ:р╥Р⌡ы│H| 00002cc0 5f da 9d bf ac c5 f4 1d 63 0c c8 29 c9 ab 51 d7 |_з²©╛еТ.c.х)и╚Qв| 00002cd0 9b e1 53 79 6a bb c4 f1 25 49 e3 52 c5 83 d1 73 |⌡АSyj╩дЯ%IЦRе┐яs| 00002ce0 7a 58 a5 d2 46 c3 e8 13 df 1b b9 ba 9a a7 20 00 |zX╔рFцХ.ъ.╧╨ ╖ .| 00002cf0 1e 92 83 34 53 53 2c 54 de 69 ff 21 61 43 eb 39 |.▓┐4SS,TчiЪ!aCК9| 00002d00 51 b3 5b 08 6c 04 69 f7 63 5f fd d5 f3 79 0f 2d |QЁ[.l.iВc_ЩуСy.-| 00002d10 8d 03 02 84 47 00 b4 18 49 c1 50 70 a0 c8 14 22 |█..└G.╢.IаPp═х."| 00002d20 e7 28 45 12 4a 7c b2 d9 76 b1 a1 0c 0d 33 de 2f |Г(E.J|╡ыv╠║..3ч/| 00002d30 48 b6 96 b6 b0 43 12 3b cf cf 98 cd 9c 2f 9e 9c |H╤√╤╟C.;оо≤м°/·°| 00002d40 fa dd 2f 6d 09 51 bb 95 d0 8f 35 07 08 05 6f de |Зщ/m.Q╩∙п▐5...oч| 00002d50 0b f7 d0 0a 01 52 1f 92 f9 2c af 96 e7 9b e0 70 |.Вп..R.▓Ы,╞√Г⌡Юp| 00002d60 7f eb 14 be 9a 3b 46 a8 bd 7f a4 61 ed 69 24 5a |.К.╬ ;F╗╫.╓aМi$Z| 00002d70 ec ab 02 b5 24 b4 43 b8 d0 7a 76 4a 81 b7 15 3d |Л╚.╣$╢C╦пzvJ│╥.=| 00002d80 66 89 0f 26 3f 12 5e 8c 87 0d 07 aa c8 a7 a5 d6 |f┴.&?.^▄┤..╙х╖╔ж| 00002d90 ba ff 8d 33 cb 28 c6 65 38 e2 90 e0 c9 ee 25 20 |╨Ъ█3к(фe8Б░ЮиН% | 00002da0 6d 5f db 0a 6e 77 73 e8 45 ee a8 8f 05 8b 66 42 |m_ш.nwsХEН╗▐.▀fB| 00002db0 74 15 e2 9c ff f5 41 bb e6 0f 50 ab 23 ef 00 8f |t.Б°ЪУA╩Ф.P╚#О.▐| 00002dc0 35 07 aa e3 44 40 b9 97 6c 73 0c 3f 73 74 63 e4 |5.╙ЦD@╧≈ls.?stcД| 00002dd0 75 aa 53 42 54 5b 18 a7 4b 89 93 1f e2 04 94 09 |u╙SBT[.╖K┴⌠.Б.■.| 00002de0 5e 6a ee 14 f3 70 52 d0 5f 6a 79 98 4d db 56 c9 |^jН.СpRп_jy≤MшVи| 00002df0 f0 79 73 74 6f 61 a2 14 83 8a 98 05 28 86 d6 5c |Пystoa╒.┐┼≤.(├ж\| 00002e00 a8 93 cc cf dc 8b 57 be 5a 9a 10 ea 8b 18 00 b3 |╗⌠лоэ▀W╬Z .Й▀..Ё| 00002e10 84 f3 38 85 09 f4 bb 44 80 1b 5e 4b 6b 8c c5 96 |└С8┘.Т╩D─.^Kk▄е√| 00002e20 eb 19 82 93 08 f9 9b c5 be 7e 23 de 5d ff b7 4e |К.┌⌠.Ы⌡е╬~#ч]Ъ╥N| 00002e30 c4 f8 8c 38 00 1a d3 db 4c 19 dd 3d 47 0c 29 25 |дЬ▄8..сшL.щ=G.)%| 00002e40 b6 9b b5 5d f5 30 b6 cd 64 9f 73 ab d2 3b 21 aa |╤⌡╣]У0╤мd÷s╚р;!╙| 00002e50 4d f7 86 22 ee 02 d3 a6 44 f8 be 6c 70 b4 ff d4 |MВ├"Н.с╕DЬ╬lp╢Ът| 00002e60 f8 a8 3d 38 f0 27 3f 45 40 05 d8 87 81 c7 df d9 |Ь╗=8П'?E@.ь┤│гъы| 00002e70 21 4c fd 1b 33 17 1e 70 d7 fe c2 9a 83 52 2f 74 |!LЩ.3..pвЧб ┐R/t| 00002e80 3b a1 b7 c4 1a 94 82 5b a1 8b 1e 94 04 11 4e a3 |;║╥д.■┌[║▀.■..Nё| 00002e90 4a 8f ce b2 2a 3b b1 55 d6 a4 5c 3c e5 87 69 0c |J▐н╡*;╠Uж╓\<Е┤i.| 00002ea0 f5 5f dc d2 ef 28 0a 66 8f 0c 73 3b 5b bd 87 c7 |У_эрО(.f▐.s;[╫┤г| 00002eb0 67 99 04 f3 e5 4f 58 36 b9 a5 0f bd 11 21 af d2 |g≥.СЕOX6╧╔.╫.!╞р| 00002ec0 a6 c6 74 e8 c0 27 70 76 9b d8 29 cb 13 25 7b d5 |╕фtХю'pv⌡ь)к.%{у| 00002ed0 34 ad 3d 06 29 49 62 bb 6f b0 a9 2a 0d 14 31 e2 |4╜=.)Ib╩o╟╘*..1Б| 00002ee0 a5 a3 6a 23 81 3b b0 39 6c ae e2 92 c6 9e 17 5e |╔ёj#│;╟9l╝Б▓ф·.^| 00002ef0 bd 67 2f 4b ac 63 70 a6 b1 1c b0 5b 80 80 07 db |╫g/K╛cp╕╠.╟[──.ш| 00002f00 aa 8b 7e 03 ac 65 a5 85 d3 21 56 54 56 10 f5 6b |╙▀~.╛e╔┘с!VTV.Уk| 00002f10 05 ff 73 40 c6 2b ff f7 63 63 3c 8a a5 3f 11 07 |.Ъs@ф+ЪВcc<┼╔?..| 00002f20 ad 6d 94 5e 81 21 df 7d 46 1a 0e a9 0d 43 dd 6a |╜m■^│!ъ}F..╘.Cщj| 00002f30 e8 bf 74 e8 14 87 89 35 96 9e 00 df d1 ba f9 bd |Х©tХ.┤┴5√·.ъя╨Ы╫| 00002f40 70 61 f5 51 cd 66 65 ee ae cb ca bc bf 55 d5 ac |paУQмfeН╝кй╪©Uу╛| 00002f50 59 12 2f 90 93 56 c7 e8 72 eb fb 3b bc 89 85 02 |Y./░⌠VгХrКШ;╪┴┘.| 00002f60 a1 56 53 f6 d3 cb 86 ff 67 f6 df 49 b7 ad 93 9c |║VSЖск├ЪgЖъI╥╜⌠°| 00002f70 35 17 5b 5b 69 80 e5 92 db c5 45 a1 1b ed ca f2 |5.[[i─Е▓шеE║.МйР| 00002f80 5a ce d7 f3 53 73 00 20 43 c5 a1 67 97 85 6e 22 |ZнвСSs. Cе║g≈┘n"| 00002f90 a7 2d be 07 a7 50 22 53 02 cd 89 b7 00 b0 59 52 |╖-╬.╖P"S.м┴╥.╟YR| 00002fa0 6f 3f 3b 65 92 c3 9a d7 1c c6 8a 4d 64 5c fa 92 |o?;e▓ц в.ф┼Md\З▓| 00002fb0 89 70 0f ed 97 a9 76 9a 2b 9b 10 2e 72 00 e3 62 |┴p.М≈╘v +⌡..r.Цb| 00002fc0 ec e7 79 32 8e fa 7c 7a b5 da 1d 98 65 73 31 92 |ЛГy2▌З|z╣з.≤es1▓| 00002fd0 01 18 51 25 cd 30 f9 e8 1f 24 5d 82 b1 e3 e5 8a |..Q%м0ЫХ.$]┌╠ЦЕ┼| 00002fe0 19 f4 4e fd 2f 73 ed a4 43 c1 77 3f 5d 8b dc f5 |.ТNЩ/sМ╓Cаw?]▀эУ| 00002ff0 a0 68 32 e5 f9 20 2e 4f d4 b1 5c 4a cc 91 51 37 |═h2ЕЫ .Oт╠\Jл▒Q7| 00003000 09 79 4c cf 4c 35 e3 d7 b0 fa 0e 46 be 27 7e 8f |.yLоL5Цв╟З.F╬'~▐| 00003010 f2 55 77 98 1a 17 98 c4 3b 87 82 e0 62 ad 5b e1 |РUw≤..≤д;┤┌Юb╜[А| 00003020 32 9b 43 2d 9f 5f 2d 5f fc 9c cd 55 99 1a f2 6c |2⌡C-÷_-_Э°мU≥.Рl| 00003030 29 90 d3 f3 8f ad 85 46 c5 0a b7 a9 56 d4 20 d7 |)░сС▐╜┘Fе.╥╘Vт в| 00003040 52 9f b0 a5 9a a6 9c 1e b8 8b 48 73 29 2d dc 4f |R÷╟╔ ╕°.╦▀Hs)-эO| 00003050 c3 fa 0b ce 8b 5c c9 95 29 7a 61 02 c4 05 a0 9c |цЗ.н▀\и∙)za.д.═°| 00003060 47 42 05 75 dc e8 a8 44 66 67 73 7b d5 2e c7 c5 |GB.uэХ╗Dfgs{у.ге| 00003070 f1 0a a7 51 25 9a 2d b8 38 e6 7c 44 33 e2 dd 89 |Я.╖Q% -╦8Ф|D3Бщ┴| 00003080 0c 7b d3 ee 2b cf 6d c0 8b 8c 23 6d 92 7e bc 9e |.{сН+оmю▀▄#m▓~╪·| 00003090 81 d3 00 33 ea 4c 9e 6f 3d 2c 1c 2e 8d 7f 0f 58 |│с.3ЙL·o=,..█..X| 000030a0 09 a0 9c 04 48 28 40 28 1e fb a3 08 5e cd b5 e1 |.═°.H(@(.Шё.^м╣А| 000030b0 a8 da a5 6a 3f 7e fd d9 7b 9b c7 c7 db 68 79 9c |╗з╔j?~Щы{⌡ггшhy°| 000030c0 17 f3 29 80 4b 2f e6 42 55 11 83 90 2e d8 d4 1d |.С)─K/ФBU.┐░.ьт.| 000030d0 37 1f bf 8b 29 ee 71 b6 06 41 d8 a0 51 7e 35 02 |7.©▀)Нq╤.Aь═Q~5.| 000030e0 37 dd d4 06 b2 ab fa ea 48 88 ee 23 a8 cf db db |7щт.╡╚ЗЙH┬Н#╗ошш| 000030f0 df c6 dc 0d b2 17 a7 2a a5 f2 ec a4 ba ab a9 88 |ъфэ.╡.╖*╔РЛ╓╨╚╘┬| 00003100 71 16 e2 d3 78 ee a7 26 df fb a3 f0 3d 8a 8b 45 |q.БсxН╖&ъШёП=┼▀E| 00003110 66 14 d4 76 ad 96 67 48 f7 4d 4c 9f 9f f6 55 7d |f.тv╜√gHВML÷÷ЖU}| 00003120 4a 4b a8 a6 9b 88 3a f9 25 f9 a4 da a8 dc 27 f7 |JK╗╕⌡┬:Ы%Ы╓з╗э'В| 00003130 ad b8 62 e7 94 91 65 ac fd 72 5b 0d ca db 5c 14 |╜╦bГ■▒e╛Щr[.йш\.| 00003140 61 46 83 c4 4b 35 f7 91 ca aa 10 bb 0c e9 93 b1 |aF┐дK5В▒й╙.╩.И⌠╠| 00003150 78 1a 61 d5 4c a8 f1 90 50 2b 56 a1 8a b8 70 e9 |x.aуL╗Я░P+V║┼╦pИ| 00003160 1a 9c a9 08 81 3c 92 a7 a4 db 32 85 7a c4 a3 9a |.°╘.│<▓╖╓ш2┘zдё | 00003170 ce bf 4b 65 76 8e ce 78 e4 8e d3 ea 78 63 89 d6 |н©Kev▌нxД▌сЙxc┴ж| 00003180 52 f3 a5 4b 23 56 3c 17 ab 25 b9 c8 41 d4 a2 34 |RС╔K#V<.╚%╧хAт╒4| 00003190 0e fe dd 45 9c df a0 81 b2 94 aa 90 b2 72 6f e5 |.ЧщE°ъ═│╡■╙░╡roЕ| 000031a0 8b c3 8d 4c 3f e8 65 ae 8d 93 01 b2 de b8 e7 bb |▀ц█L?Хe╝█⌠.╡ч╦Г╩| 000031b0 51 54 6c 21 34 50 92 09 6c a5 80 41 ff 0f 8c 54 |QTl!4P▓.l╔─AЪ.▄T| 000031c0 50 7e 86 5b a1 27 36 21 e6 88 8f be 91 38 00 02 |P~├[║'6!Ф┬▐╬▒8..| 000031d0 4e 48 6a df b2 df 93 9f 77 75 93 d8 28 94 0f 11 |NHjъ╡ъ⌠÷wu⌠ь(■..| 000031e0 3d de e2 d2 b9 85 62 be 68 09 86 39 f6 69 7d 50 |=чБр╧┘b╬h.├9Жi}P| 000031f0 34 7b 31 f2 d4 24 65 e6 a7 01 a2 4f ff 90 1f 3f |4{1Рт$eФ╖.╒OЪ░.?| 00003200 dc a8 87 cb f4 9b c2 0d 8a 79 a8 b1 a8 c0 3e a7 |э╗┤кТ⌡б.┼y╗╠╗ю>╖| 00003210 10 bf 8d b4 72 bd 46 47 3e 92 93 2c 88 ad da 5a |.©█╢r╫FG>▓⌠,┬╜зZ| 00003220 ab e6 6b e4 b0 15 03 21 01 6b b3 86 18 f4 a9 35 |╚ФkД╟..!.kЁ├.Т╘5| 00003230 60 94 fd 3f 51 e1 1d 10 2b 44 60 82 7f 40 96 a7 |`■Щ?QА..+D`┌.@√╖| 00003240 52 32 27 97 e0 b3 97 87 70 b7 0f 7e 66 84 f2 e4 |R2'≈ЮЁ≈┤p╥.~f└РД| 00003250 23 ed 30 a6 1f a0 ff fd b8 f2 25 1a 29 54 86 c4 |#М0╕.═ЪЩ╦Р%.)T├д| 00003260 f2 f5 53 2d fd 9e da d1 6f 19 84 26 44 cd 84 81 |РУS-Щ·зяo.└&Dм└│| 00003270 f0 30 f8 e9 62 fe 3c b0 0f bb 97 0e 95 38 32 25 |П0ЬИbЧ<╟.╩≈.∙82%| 00003280 33 d2 b9 1a 6a b9 7e 71 ce 0a ac 62 24 6b e6 9f |3р╧.j╧~qн.╛b$kФ÷| 00003290 a4 1b cf 5a a0 16 bd 76 8c 3b 81 c8 f6 93 78 1f |╓.оZ═.╫v▄;│хЖ⌠x.| 000032a0 f9 80 77 a7 7b 7d 1a 71 c6 c1 3a b0 0f 7e 75 8d |Ы─w╖{}.qфа:╟.~u█| 000032b0 6f e9 38 fe da 2a 58 a5 32 e0 ae f4 68 5b 5a 93 |oИ8Чз*X╔2Ю╝Тh[Z⌠| 000032c0 54 46 ff 76 96 ee b3 fc 40 1a 37 0c 62 ca 8d 53 |TFЪv√НЁЭ@.7.bй█S| 000032d0 dc 4a 56 1f 21 f4 27 fe 7e 09 02 26 48 9f 79 67 |эJV.!Т'Ч~..&H÷yg| 000032e0 dc 7f eb 11 68 ac af d3 42 d3 2b 50 1d 7a 38 3d |э.К.h╛╞сBс+P.z8=| 000032f0 de cd ef 4c 18 ba 90 75 d8 ea 22 f3 3d 2f 63 1d |чмОL.╨░uьЙ"С=/c.| 00003300 49 97 74 aa df 39 75 59 56 2a d0 1b 0f a3 08 5c |I≈t╙ъ9uYV*п..ё.\| 00003310 a9 0e 88 3e ad 14 f8 0f 57 77 70 27 a0 17 9c 34 |╘.┬>╜.Ь.Wwp'═.°4| 00003320 77 cd 03 b6 8b 24 b2 c1 bc 43 56 7a 0a b0 cb 6f |wм.╤▀$╡а╪CVz.╟кo| 00003330 4a c6 9c c6 65 38 16 fd e1 16 36 f9 45 cb 0d 4d |Jф°фe8.ЩА.6ЫEк.M| 00003340 f4 ef c5 eb 06 7d 23 a7 a5 0d ae d8 3f 6b bd f9 |ТОеК.}#╖╔.╝ь?k╫Ы| 00003350 26 24 85 be 3d f5 72 2a f3 c3 c5 2c 9d cf 4d 0c |&$┘╬=Уr*Сце,²оM.| 00003360 b1 27 1d 56 fe 37 7a d3 c2 d1 af 14 bd cc 1e 03 |╠'.VЧ7zсбя╞.╫л..| 00003370 b1 a7 f6 5b 40 c4 b1 76 ce 6b 29 7f e2 ca 02 6f |╠╖Ж[@д╠vнk).Бй.o| 00003380 b9 2e 87 b2 5e 42 74 4d 5c d6 84 15 d3 22 1e 3c |╧.┤╡^BtM\ж└.с".<| 00003390 c0 0f f8 89 b8 1f 74 a4 7b 13 47 23 fd e9 ca ad |ю.Ь┴╦.t╓{.G#ЩИй╜| 000033a0 92 6d 67 ac b7 d1 c9 a1 3d 2f 2f 03 41 f6 31 63 |▓mg╛╥яи║=//.AЖ1c| 000033b0 ac 71 ed 94 9b 16 f5 36 64 f3 22 01 cf 57 c8 3a |╛qМ■⌡.У6dС".оWх:| 000033c0 ba af 58 af 7d 4a 7d a5 6e dd bd 36 75 2c e9 0e |╨╞X╞}J}╔nщ╫6u,И.| 000033d0 3b 37 95 ef ec ed 34 2a 4e 00 fd ea cb 10 de a7 |;7∙ОЛМ4*N.ЩЙк.ч╖| 000033e0 5c 85 e6 11 fb 8c bb 0e dd ce 3d f6 1e 03 10 55 |\┘Ф.Ш▄╩.щн=Ж...U| 000033f0 f8 7f 65 08 86 f0 41 54 09 b4 f2 6f a6 bd 09 aa |Ь.e.├ПAT.╢Рo╕╫.╙| 00003400 79 01 8d 27 d4 2c 6b 4d 25 d8 70 79 db 91 97 fd |y.█'т,kM%ьpyш▒≈Щ| 00003410 70 99 80 db 01 61 f2 8d 93 06 2f 9b e1 f9 08 ce |p≥─ш.aР█⌠./⌡АЫ.н| 00003420 c9 b6 27 4c a6 39 a7 2c d6 f6 03 05 0d 7c b4 9b |и╤'L╕9╖,жЖ...|╢⌡| 00003430 fc 11 5a 02 3b 56 84 34 77 00 f3 9f cf 31 76 29 |Э.Z.;V└4w.С÷о1v)| 00003440 f1 7a 2b b1 46 17 25 11 55 5e 6e 3d f2 6e cf 56 |Яz+╠F.%.U^n=РnоV| 00003450 c4 1b b3 23 eb 61 cd 37 93 2e 71 48 41 41 21 d3 |д.Ё#Кaм7⌠.qHAA!с| 00003460 7e 42 ca 93 08 ed d6 0c 48 24 3d fd dd f9 51 5b |~Bй⌠.Мж.H$=ЩщЫQ[| 00003470 66 76 cc 0f d4 21 6e 77 41 2e 95 16 fe 82 72 ff |fvл.т!nwA.∙.Ч┌rЪ| 00003480 d6 62 80 b3 c7 bf 1f 10 63 ac 47 4f 95 76 d7 c1 |жb─Ёг©..c╛GO∙vва| 00003490 0c 11 d7 bd 95 57 1f 48 55 cf c3 33 1f e8 af a5 |..в╫∙W.HUоц3.Х╞╔| 000034a0 64 77 75 df 07 99 60 bd 5a e5 3b 86 e3 35 a5 81 |dwuъ.≥`╫ZЕ;├Ц5╔│| 000034b0 16 d9 28 9d 9a e7 59 f3 dd e8 0b 5b fd f3 67 89 |.ы(² ГYСщХ.[ЩСg┴| 000034c0 da 12 91 12 28 5e 97 42 5a 64 b8 78 c6 4e 9d 96 |з.▒.(^≈BZd╦xфN²√| 000034d0 1d eb 7c ee 92 14 ae 80 4b 69 1a 9a cb 68 9f 0d |.К|Н▓.╝─Ki. кh÷.| 000034e0 1b 70 1a 7a 11 af 1f 85 e6 74 8b ed eb 81 16 e2 |.p.z.╞.┘Фt▀МК│.Б| 000034f0 b2 88 93 59 8e 67 a2 cb cd b2 b2 ec 11 b5 74 fd |╡┬⌠Y▌g╒км╡╡Л.╣tЩ| 00003500 68 99 c1 f9 29 05 d7 86 87 a4 92 25 89 b7 e7 b3 |h≥аЫ).в├┤╓▓%┴╥ГЁ| 00003510 bc 79 db fb 40 f5 90 69 8e 52 74 3d c1 03 8b 03 |╪yшШ@У░i▌Rt=а.▀.| 00003520 1c c6 9e 0b 17 d5 17 7c 15 60 62 f1 c9 06 c1 0c |.ф·..у.|.`bЯи.а.| 00003530 2b 69 3a cf 59 60 2f 61 e7 3c 2e 3d 27 b5 20 22 |+i:оY`/aГ<.='╣ "| 00003540 ec 3d b0 3a 01 11 9d 7d e3 23 c4 53 3a ee f3 7f |Л=╟:..²}Ц#дS:НС.| 00003550 18 70 bf 7d c0 d7 c8 c9 e9 ab 37 e3 6b f3 15 5c |.p©}ювхиИ╚7ЦkС.\| 00003560 bb 3c ea fe 58 86 3a 97 86 b4 a7 10 34 02 35 94 |╩<ЙЧX├:≈├╢╖.4.5■| 00003570 ba 65 fa 27 39 1c 3a 81 20 3c 9f 28 48 5c 4c 0c |╨eЗ'9.:│ <÷(H\L.| 00003580 91 3a 4f 5b c6 f2 02 f7 a6 05 da 94 6b 69 e4 ec |▒:O[фР.В╕.з■kiДЛ| 00003590 7a 01 06 45 93 bd ba e8 7e 6d 7a 64 d4 45 35 b7 |z..E⌠╫╨Х~mzdтE5╥| 000035a0 86 2b 85 15 29 3f 1b bf 1d f4 5b 16 26 dd a2 d0 |├+┘.)?.©.Т[.&щ╒п| 000035b0 2f 07 2c fc 58 43 ce 69 98 4f 46 22 c7 4f 8f 04 |/.,ЭXCнi≤OF"гO▐.| 000035c0 b7 98 ce b8 11 4b 4a 3d 1f c8 b3 25 7c fc f1 7b |╥≤н╦.KJ=.хЁ%|ЭЯ{| 000035d0 66 63 d1 98 b0 a2 05 d1 6c a0 bf 40 a9 3b 27 f7 |fcя≤╟╒.яl═©@╘;'В| 000035e0 4b bd 2f b0 d8 f4 98 18 79 e2 b2 4d b2 6c 79 0f |K╫/╟ьТ≤.yБ╡M╡ly.| 000035f0 11 d4 2e 43 ed 10 52 7f a2 72 ac 3f f0 b5 5c 2e |.т.CМ.R.╒r╛?П╣\.| 00003600 5a 03 9b 48 86 e6 7d 84 8d 70 84 e4 37 b3 ab e7 |Z.⌡H├Ф}└█p└Д7Ё╚Г| 00003610 35 4d c0 81 e7 ee b5 a5 4d fa d4 cf d5 c6 64 22 |5Mю│ГН╣╔MЗтоуфd"| 00003620 05 cd cd e4 7d 5b cd 96 bc 1d 72 a5 ac 8e e4 69 |.ммД}[м√╪.r╔╛▌Дi| 00003630 24 d3 56 b5 c9 aa b9 3e c3 4c 31 a5 1b f2 58 56 |$сV╣и╙╧>цL1╔.РXV| 00003640 6c fa b5 70 04 a3 53 8f 2a ba 0a 09 ea 25 fa 9d |lЗ╣p.ёS▐*╨..Й%З²| 00003650 af f1 16 b2 6c c5 76 41 82 bf 69 9c b2 d9 f0 26 |╞Я.╡lеvA┌©i°╡ыП&| 00003660 12 01 cd 29 a3 56 71 76 53 78 9a 9a 7a 01 d7 a6 |..м)ёVqvSx  z.в╕| 00003670 0b 9e 5d 38 a7 68 25 a9 3b 43 75 8b 0b 44 31 8f |.·]8╖h%╘;Cu▀.D1▐| 00003680 f1 96 6b ef 6f aa f7 d1 96 7f 9c f5 0f 9e d1 f3 |Я√kОo╙Вя√.°У.·яС| 00003690 d4 eb b5 44 8e c8 5d 5c bd 01 0f 2a 06 43 b8 5f |тК╣D▌х]\╫..*.C╦_| 000036a0 e0 dd 21 56 16 33 9f 8d 11 85 ed c4 75 05 45 66 |Ющ!V.3÷█.┘Мдu.Ef| 000036b0 0c 50 7b 8a 92 29 c8 fe 25 00 c4 0e 20 3a 07 80 |.P{┼▓)хЧ%.д. :.─| 000036c0 ae 44 5c 7b dc 0e d9 27 d6 3b b3 cf 2e fd 69 69 |╝D\{э.ы'ж;Ёо.Щii| 000036d0 63 45 29 1b b1 3e 30 b6 0d 13 96 be 8c 02 95 e8 |cE).╠>0╤..√╬▄.∙Х| 000036e0 cd eb 68 2e bb 8c a8 29 c3 a8 c6 c2 e7 6b 89 10 |мКh.╩▄╗)ц╗фбГk┴.| 000036f0 be 91 25 29 cf 83 c9 6b de df 4d 25 c6 bd 44 e4 |╬▒%)о┐иkчъM%ф╫DД| 00003700 68 e5 6f db 55 38 70 be b2 2b b2 e7 a2 cd 82 e8 |hЕoшU8p╬╡+╡Г╒м┌Х| 00003710 d9 19 f4 ab 80 be a8 4a 1c 71 de 35 54 f6 6a 88 |ы.Т╚─╬╗J.qч5TЖj┬| 00003720 c6 dc 40 a2 31 03 ef 2e 6b 0e c2 ff b7 7a db cd |фэ@╒1.О.k.бЪ╥zшм| 00003730 cc da 78 c6 40 a2 35 9c 50 78 7e b6 93 22 5a 56 |лзxф@╒5°Px~╤⌠"ZV| 00003740 51 65 f6 e1 37 22 78 62 f8 94 0c 56 93 90 64 cf |QeЖА7"xbЬ■.V⌠░dо| 00003750 6d 51 8c 8d f7 8c 60 4c 2a 04 41 cc 99 05 8c e8 |mQ▄█В▄`L*.Aл≥.▄Х| 00003760 42 5c 42 56 3b bf fc 87 13 f1 f6 73 9e 9f 9a ce |B\BV;©Э┤.ЯЖs·÷ н| 00003770 4f 17 d1 f7 22 fd 14 86 a8 0d 4f 89 4a f5 55 9b |O.яВ"Щ.├╗.O┴JУU⌡| 00003780 e7 d7 ea d2 8e bb 80 b6 6e f3 29 41 eb bc 11 15 |ГвЙр▌╩─╤nС)AК╪..| 00003790 4c 26 9a 50 f1 63 94 4c 68 3c 16 95 b0 a0 2d 5c |L& PЯc■Lh<.∙╟═-\| 000037a0 9d 22 64 d4 43 26 6a 86 e1 c0 97 78 2c 66 a9 0f |²"dтC&j├Аю≈x,f╘.| 000037b0 ac 9a 84 de 7b 59 b8 83 62 05 45 6a 2a 17 f2 ee |╛ └ч{Y╦┐b.Ej*.РН| 000037c0 18 ef 90 12 22 15 d0 20 2b 87 49 5a f7 b2 3a 62 |.О░.".п +┤IZВ╡:b| 000037d0 be 79 c5 02 0f 79 03 d5 3c 08 80 ba 5b 82 85 e9 |╬yе..y.у<.─╨[┌┘И| 000037e0 46 16 c4 08 5d 6d 79 a7 a6 38 e9 8a 33 2e 56 56 |F.д.]my╖╕8И┼3.VV| 000037f0 13 4e 35 be d2 89 57 2a 77 a5 f8 88 c1 d2 eb bd |.N5╬р┴W*w╔Ь┬арК╫| 00003800 25 f3 01 0b 5b 14 dd 9d 42 12 87 01 2f b8 7f 3f |%С..[.щ²B.┤./╦.?| 00003810 95 93 dd a3 68 1e d5 f4 77 7f e8 07 a8 f4 1b 4e |∙⌠щёh.уТw.Х.╗Т.N| 00003820 0c 0f 48 6f 01 5d c5 d6 44 79 bc 4b de d2 2c c7 |..Ho.]ежDy╪Kчр,г| 00003830 40 60 a0 8c 5d e0 57 01 58 3d 98 ba ab e7 83 c0 |@`═▄]ЮW.X=≤╨╚Г┐ю| 00003840 47 c4 3f 52 8a 7c 6b bf e5 c7 01 a4 1e 60 54 1c |Gд?R┼|k©Ег.╓.`T.| 00003850 e2 02 c6 dc 8d 79 61 f6 d0 1a cf c6 48 bb 2b ad |Б.фэ█yaЖп.офH╩+╜| 00003860 2f 0d f0 f7 7e 8c fa a5 ad 67 e3 08 3b 28 bc 91 |/.ПВ~▄З╔╜gЦ.;(╪▒| 00003870 f2 c9 b8 0c f4 5f 21 f9 27 b8 2c ce 3d 73 04 90 |Ри╦.Т_!Ы'╦,н=s.░| 00003880 19 eb 79 92 a0 38 6e 1d f8 d4 cd fb 2a 5e 35 26 |.Кy▓═8n.ЬтмШ*^5&| 00003890 d6 3a 22 57 bb bf 4d 19 08 63 b6 d8 0d f8 1c 24 |ж:"W╩©M..c╤ь.Ь.$| 000038a0 b8 98 d5 44 36 fc 7e 89 be 79 64 14 73 0f 88 79 |╦≤уD6Э~┴╬yd.s.┬y| 000038b0 0c 2e dd d1 96 77 70 28 60 50 ec f2 e3 89 b2 91 |..щя√wp(`PЛРЦ┴╡▒| 000038c0 e4 94 b5 74 24 30 03 3b 9d 4c c4 38 be ea ef 7d |Д■╣t$0.;²Lд8╬ЙО}| 000038d0 60 84 77 cb 2d a8 d7 91 74 51 7e 3c 19 1f 0e 3f |`└wк-╗в▒tQ~<...?| 000038e0 4d 65 de a6 d7 96 1f 73 81 4f 96 32 fb f4 2b 69 |Meч╕в√.s│O√2ШТ+i| 000038f0 f5 65 d0 44 a6 6f ac 1a ab a8 41 5b 1b 66 90 81 |УeпD╕o╛.╚╗A[.f░│| 00003900 7c fd 81 74 9d ce a4 98 69 85 9f 08 37 ad 73 07 ||Щ│t²н╓≤i┘÷.7╜s.| 00003910 30 10 86 ef c8 be 92 ac 9e 3b 79 cd 4e 3a 5f 5e |0.├Ох╬▓╛·;yмN:_^| 00003920 e4 0c eb 5a 54 be 79 35 e9 02 f8 75 72 7f d6 96 |Д.КZT╬y5И.Ьur.ж√| 00003930 00 07 e0 da db a1 91 1c 98 f2 d1 a6 5c 4d 87 75 |..Юзш║▒.≤Ря╕\M┤u| 00003940 83 6a 65 67 4d 24 c7 51 64 32 e8 b1 52 94 cb be |┐jegM$гQd2Х╠R■к╬| 00003950 1a 35 a3 d1 1b 09 b7 47 a3 d2 0c 50 68 f8 56 dd |.5ёя..╥Gёр.PhЬVщ| 00003960 b8 21 69 0d 83 f4 3f b6 c4 bb c0 0c 97 ff 00 ab |╦!i.┐Т?╤д╩ю.≈Ъ.╚| 00003970 b8 8c 87 09 2d 0b 2d be e2 b0 85 c1 c1 8e 22 0e |╦▄┤.-.-╬Б╟┘аа▌".| 00003980 6f 88 e6 d6 01 94 91 f7 e6 95 12 c9 32 82 32 da |o┬Фж.■▒ВФ∙.и2┌2з| 00003990 7e 72 f4 0c 31 95 55 ec 82 cc 7e eb 1b be 87 2d |~rТ.1∙UЛ┌л~К.╬┤-| 000039a0 df 2d c8 f9 38 60 39 71 17 8c e4 7d 71 27 2a d3 |ъ-хЫ8`9q.▄Д}q'*с| 000039b0 ab 2f 9b 81 1b 2b 52 55 0d 50 08 09 b4 6a 3a 06 |╚/⌡│.+RU.P..╢j:.| 000039c0 0d 6a 85 dd bf e8 f9 e2 31 a7 1b 25 a1 5c 80 96 |.j┘щ©ХЫБ1╖.%║\─√| 000039d0 09 8a 0a 3c 19 50 c3 de b4 a8 a4 ea 45 b0 c7 11 |.┼.<.Pцч╢╗╓ЙE╟г.| 000039e0 f9 f8 0f 90 73 f3 f0 82 76 ad c8 d5 07 cb 99 a0 |ЫЬ.░sСП┌v╜ху.к≥═| 000039f0 da 49 29 57 67 e5 72 59 0d cd 96 84 b7 94 95 74 |зI)WgЕrY.м√└╥■∙t| 00003a00 aa 73 06 64 4d 74 83 67 c5 30 f0 4f c0 cb 16 3c |╙s.dMt┐gе0ПOюк.<| 00003a10 38 a6 b6 e8 47 61 8d 11 a6 13 f6 bd 6f a9 08 67 |8╕╤ХGa█.╕.Ж╫o╘.g| 00003a20 51 b7 4e a0 70 24 32 2d a8 6b 2a a6 19 92 77 20 |Q╥N═p$2-╗k*╕.▓w | 00003a30 2d e5 70 76 ff f3 aa e9 81 be 66 e6 0e 92 8f 1c |-ЕpvЪС╙И│╬fФ.▓▐.| 00003a40 55 1f 55 97 52 eb 17 b1 1f 7e 44 6d 53 f3 80 e8 |U.U≈RК.╠.~DmSС─Х| 00003a50 6d 45 42 6e 3d 97 a3 28 5d e5 ba 3e 5a 1f 23 1a |mEBn=≈ё(]Е╨>Z.#.| 00003a60 64 7f 79 e5 52 0b 57 ec 70 b0 03 d9 b0 23 f4 16 |d.yЕR.WЛp╟.ы╟#Т.| 00003a70 e0 72 44 a6 82 87 78 9f dc 08 4f c2 04 44 04 06 |ЮrD╕┌┤x÷э.Oб.D..| 00003a80 54 06 99 f0 66 25 b9 5c 4a b9 84 4b a5 2b ee 97 |T.≥Пf%╧\J╧└K╔+Н≈| 00003a90 a4 5c 74 ad ee 92 34 49 fb c2 ef 21 40 55 ff fc |╓\t╜Н▓4IШбО!@UЪЭ| 00003aa0 45 ec a0 f1 84 3f 49 e5 6f 87 ef 28 89 20 10 98 |EЛ═Я└?IЕo┤О(┴ .≤| 00003ab0 e0 0e 6e 71 ea 29 30 67 e7 4c 36 66 f2 5b 6b be |Ю.nqЙ)0gГL6fР[k╬| 00003ac0 0a 65 d9 20 1b 6b 7e 49 b7 c9 25 c2 15 91 bc 06 |.eы .k~I╥и%б.▒╪.| 00003ad0 e5 2a ce c5 fd 0c 34 03 7a df 61 e1 39 50 1e c2 |Е*неЩ.4.zъaА9P.б| 00003ae0 8f b1 a6 ae d7 4d 0b bc a4 99 bc e6 df f9 0a 2b |▐╠╕╝вM.╪╓≥╪ФъЫ.+| 00003af0 ee c9 03 9b a3 e6 18 80 b6 0f be 80 27 c9 ff 30 |Ни.⌡ёФ.─╤.╬─'иЪ0| 00003b00 62 51 2f 72 0f ee 5e ec ad 1e ef 1d 91 2a 4e 12 |bQ/r.Н^Л╜.О.▒*N.| 00003b10 82 ce e8 38 40 f2 e6 41 bc 99 62 83 8d 9f 37 7b |┌нХ8@РФA╪≥b┐█÷7{| 00003b20 de 12 06 f8 36 63 9d 97 5d c7 d4 15 5c 35 08 a0 |ч..Ь6c²≈]гт.\5.═| 00003b30 62 58 07 16 17 60 d6 fb 9a ff a3 41 6c ac 81 04 |bX...`жШ ЪёAl╛│.| 00003b40 31 2e 94 32 4b 44 3c 8e ef ad 96 63 52 dc 18 d4 |1.■2KD<▌О╜√cRэ.т| 00003b50 78 4f 89 72 b7 45 06 81 06 08 c0 0b 20 f6 02 71 |xO┴r╥E.│..ю. Ж.q| 00003b60 61 23 b5 4b 3d 4d b3 ff ab 5c 78 22 38 ef 25 21 |a#╣K=MЁЪ╚\x"8О%!| 00003b70 2c a5 a1 06 8e ff 13 c5 88 62 32 ae ca a5 bd 40 |,╔║.▌Ъ.е┬b2╝й╔╫@| 00003b80 bb c4 a3 1f 8e 7a 48 90 2d 20 b0 07 81 f0 1b 40 |╩дё.▌zH░- ╟.│П.@| 00003b90 57 77 52 56 ef e2 1a 76 8c f2 cf 6e c3 b6 ee 37 |WwRVОБ.v▄Роnц╤Н7| 00003ba0 af ae af ab e0 58 4e 66 8d 2b 05 b7 ff a4 e8 ef |╞╝╞╚ЮXNf█+.╥Ъ╓ХО| 00003bb0 a8 a5 b0 b2 d7 82 f5 df a6 e9 1a f3 42 68 a5 f3 |╗╔╟╡в┌Уъ╕И.СBh╔С| 00003bc0 b1 4f fc 3a 1a f0 42 c8 a4 8f cc 79 80 3a 90 58 |╠OЭ:.ПBх╓▐лy─:░X| 00003bd0 33 86 47 ed 30 f9 55 2f ba 1a 48 28 fa 1f cc e4 |3├GМ0ЫU/╨.H(З.лД| 00003be0 0e 65 0f 32 20 9f e5 a5 7d fa 07 35 99 eb 26 b0 |.e.2 ÷Е╔}З.5≥К&╟| 00003bf0 9b 0b aa dc 0a 13 45 d9 62 85 34 7c d2 8c c9 bc |⌡.╙э..Eыb┘4|р▄и╪| 00003c00 e9 09 26 7c c7 6c 04 d7 7b 0c 9a 5f 18 fd a1 db |И.&|гl.в{. _.Щ║ш| 00003c10 8d 93 5c 0c ce 8c 9a 13 b4 1f 52 51 ca 19 6e e7 |█⌠\.н▄ .╢.RQй.nГ| 00003c20 0c 5d 29 20 f0 61 e5 24 43 89 50 dc fb 0f 84 ad |.]) ПaЕ$C┴PэШ.└╜| 00003c30 1d d2 f7 4d 7c e5 5e 26 73 cb 55 65 fe fa 92 48 |.рВM|Е^&sкUeЧЗ▓H| 00003c40 7b a1 f7 e2 9c 3f 5e 25 d9 e1 e1 20 f9 f3 ec 04 |{║ВБ°?^%ыАА ЫСЛ.| 00003c50 5a 81 46 db 1d 30 09 5f e5 53 ed c4 9a cb 7a 15 |Z│Fш.0._ЕSМд кz.| 00003c60 4c 3c 4b cc 6f db b6 84 73 10 b1 d8 09 ca 92 35 |L╛f⌡.╙■в?ag | 00003dc0 db 58 a2 e8 d9 5d 00 5c 9b 82 78 27 17 b4 da 7d |шX╒Хы].\⌡┌x'.╢з}| 00003dd0 10 77 e7 aa 08 e4 ca ac 76 aa b8 98 ca 23 19 d2 |.wГ╙.Дй╛v╙╦≤й#.р| 00003de0 2e 7b 18 ea 5f dc 3e f5 a4 93 2e 70 dd cd 46 f6 |.{.Й_э>У╓⌠.pщмFЖ| 00003df0 35 81 c3 50 e3 69 68 c9 b4 4a fe 8e 02 64 2d 7c |5│цPЦihи╢JЧ▌.d-|| 00003e00 25 43 c3 5e a1 ff f3 a1 87 1f 73 6a cb 7e c2 35 |%Cц^║ЪС║┤.sjк~б5| 00003e10 d8 69 20 d6 70 1a bb 86 59 82 c7 98 47 cc ee c8 |ьi жp.╩├Y┌г≤GлНх| 00003e20 c8 1c c4 f3 94 39 91 0c f9 d7 4e bd 47 67 4b d0 |х.дС■9▒.ЫвN╫GgKп| 00003e30 2e 11 2c 0d 9f b7 0b a9 89 56 da c1 36 ad 44 2f |..,.÷╥.╘┴Vза6╜D/| 00003e40 b2 71 c2 36 3d 15 83 63 e2 87 9d 2c 5b a6 0a 15 |╡qб6=.┐cБ┤²,[╕..| 00003e50 8b eb 7e 23 39 b0 3e ef f9 85 fe 4c 3c ab ec 91 |▀К~#9╟>ОЫ┘ЧL<╚Л▒| 00003e60 c0 63 22 94 3b ed bb a5 cb f4 eb a5 8c 56 e3 d8 |юc"■;М╩╔кТК╔▄VЦь| 00003e70 ff 5d ac 60 ec 97 a3 30 5c 56 d0 a1 b5 e3 15 d8 |Ъ]╛`Л≈ё0\Vп║╣Ц.ь| 00003e80 3d 96 ce 57 01 26 9c bf 24 db ab 8a c6 b6 66 1f |=√нW.&°©$ш╚┼ф╤f.| 00003e90 98 d9 e4 21 4c 24 7c c2 cb c2 ea 26 e2 c2 ce f9 |≤ыД!L$|бкбЙ&БбнЫ| 00003ea0 6a c7 e3 48 a4 7c 03 07 c6 6d 1f 6d 24 a5 70 83 |jгЦH╓|..фm.m$╔p┐| 00003eb0 0f ae e5 5d fb c5 c4 84 86 7e c0 5b 3b 78 01 69 |.╝Е]Шед└├~ю[;x.i| 00003ec0 d3 38 35 66 8c 62 fb 96 da 35 a3 72 e8 4e 0f 05 |с85f▄bШ√з5ёrХN..| 00003ed0 1d 78 0e e3 e2 ca 59 91 92 43 57 21 78 1d 9b 96 |.x.ЦБйY▒▓CW!x.⌡√| 00003ee0 42 44 6c 07 fe 93 91 1f 30 d8 f8 24 cf 95 f4 c0 |BDl.Ч⌠▒.0ьЬ$о∙Тю| 00003ef0 f3 32 be 9b 84 5d 63 c2 b4 1d 28 f0 f8 2c 2a 4a |С2╬⌡└]cб╢.(ПЬ,*J| 00003f00 03 55 af 7f 67 ef a7 d2 f2 2b 35 90 cf 9d 28 6a |.U╞.gО╖рР+5░о²(j| 00003f10 11 30 22 90 9d e5 df 25 26 a9 9f 27 ef 54 8b e0 |.0"░²Еъ%&╘÷'ОT▀Ю| 00003f20 f4 e2 2d d9 4a e6 04 f7 65 e5 db d8 4b 37 13 25 |ТБ-ыJФ.ВeЕшьK7.%| 00003f30 49 02 95 0a 4a 2a b2 f5 21 69 9a 81 f3 fa 7e 8d |I.∙.J*╡У!i │СЗ~█| 00003f40 fa 4e 5e 34 68 ed 86 a2 0e b4 15 98 1f d7 13 e2 |ЗN^4hМ├╒.╢.≤.в.Б| 00003f50 21 32 74 4f 73 55 d5 06 a3 9e 92 93 42 cf 05 e3 |!2tOsUу.ё·▓⌠Bо.Ц| 00003f60 db 2e cb 8a 9f 27 4d 31 de 87 6f ea 76 03 50 7b |ш.к┼÷'M1ч┤oЙv.P{| 00003f70 f0 07 df cb c7 4f 5f 67 d0 1a 87 0a df 91 a5 c4 |П.ъкгO_gп.┤.ъ▒╔д| 00003f80 63 fc 63 c8 17 d6 a2 e1 63 b9 8f 70 2f b3 a5 1f |cЭcх.ж╒Аc╧▐p/Ё╔.| 00003f90 a9 42 e4 e0 f4 3d 4d eb b9 91 f0 c8 ea 0f 69 4a |╘BДЮТ=MК╧▒ПхЙ.iJ| 00003fa0 6a 81 f3 dd 78 1d 3d 4b f0 d1 7e 63 53 be 92 df |j│Сщx.=KПя~cS╬▓ъ| 00003fb0 8b 8d 50 41 f6 06 fb aa 7d 19 2c 3a 42 ee c7 1f |▀█PAЖ.Ш╙}.,:BНг.| 00003fc0 fb 7d b3 68 fa e7 8d bc 6f 0f 87 80 df e4 89 6c |Ш}ЁhЗГ█╪o.┤─ъД┴l| 00003fd0 ce f5 28 ee c2 90 23 6c 37 df 9b ec 73 d6 9f 68 |нУ(Нб░#l7ъ⌡Лsж÷h| 00003fe0 0c 18 34 63 4e a6 f8 b2 e6 8c d7 5a 57 ad 45 77 |..4cN╕Ь╡Ф▄вZW╜Ew| 00003ff0 0f 3d 00 35 0a 2d d9 62 5f 88 3d d5 18 74 7b a8 |.=.5.-ыb_┬=у.t{╗| 00004000 3b 18 c1 3f 9a b5 c8 d9 50 a8 54 d1 6b 0e a7 98 |;.а? ╣хыP╗Tяk.╖≤| 00004010 3a 2c f3 d9 0c 04 bf 28 94 d2 5b 7e 30 7f c3 20 |:,Сы..©(■р[~0.ц | 00004020 c5 08 73 fc 1b 85 78 af 60 0b 14 87 b0 a5 1e c3 |е.sЭ.┘x╞`..┤╟╔.ц| 00004030 35 88 4b 4a d4 9f 03 2c 44 ce d6 88 4b ec 01 6e |5┬KJт÷.,Dнж┬KЛ.n| 00004040 e2 3d 3b 02 f1 bb 18 dc 10 4f ca 46 58 42 e8 f9 |Б=;.Я╩.э.OйFXBХЫ| 00004050 c6 19 9e 5c 31 cd 21 94 d6 b3 8e 8a f5 c4 97 88 |ф.·\1м!■жЁ▌┼Уд≈┬| 00004060 79 56 07 c9 02 3a 6a 1e 4f 87 3c 9e 2b b8 e8 07 |yV.и.:j.O┤<·+╦Х.| 00004070 63 ce 51 99 80 e6 33 41 8b fe b9 80 66 b2 c7 94 |cнQ≥─Ф3A▀Ч╧─f╡г■| 00004080 af 2a 0e 69 a6 8e 4a 28 46 36 99 d7 f2 91 bd f9 |╞*.i╕▌J(F6≥вР▒╫Ы| 00004090 2a f2 5a 20 ee 4f af 73 0d f3 a4 da 71 73 49 74 |*РZ НO╞s.С╓зqsIt| 000040a0 97 ee a3 a6 26 58 36 02 c7 3f c8 15 5a c3 9e c5 |≈Нё╕&X6.г?х.Zц·е| 000040b0 f9 53 e7 c7 5f 0d d1 2a 3b ac eb f9 8b 57 ca 16 |ЫSГг_.я*;╛КЫ▀Wй.| 000040c0 6e e9 1b bb cd 9b a2 99 d8 d0 1b 60 b4 d5 b6 3b |nИ.╩м⌡╒≥ьп.`╢у╤;| 000040d0 e7 37 ad e9 4c 91 cc 04 c2 ff df 1f fb 2d a5 33 |Г7╜ИL▒л.бЪъ.Ш-╔3| 000040e0 d7 62 45 63 d2 d8 c2 9f 16 7b d8 ae 71 49 ee 15 |вbEcрьб÷.{ь╝qIН.| 000040f0 22 91 53 96 0d ab 0c 64 16 e0 77 b1 f9 99 01 c0 |"▒S√.╚.d.Юw╠Ы≥.ю| 00004100 d8 68 21 18 aa 45 5b 1c 73 f3 58 4e f9 2e 14 12 |ьh!.╙E[.sСXNЫ...| 00004110 e8 37 66 02 3e 7c 86 42 55 4b 7b 52 e1 2d ed 52 |Х7f.>|├BUK{RА-МR| 00004120 de 8b 55 1b 75 8c 5d 69 0d 25 9f a0 b1 79 41 8e |ч▀U.u▄]i.%÷═╠yA▌| 00004130 48 5d 27 15 99 9c a9 b7 7f bd 63 06 0a f1 4c 6b |H]'.≥°╘╥.╫c..ЯLk| 00004140 92 2d ba 53 d7 c3 be ff da d0 3d c1 49 3c fe c2 |▓-╨Sвц╬Ъзп=аI<Чб| 00004150 d4 2d 5b 82 3d 5a 0c 63 9e 59 81 05 36 76 56 2d |т-[┌=Z.c·Y│.6vV-| 00004160 d0 9a 8e 55 60 dd 69 4a 04 33 00 f7 ba 19 de b8 |п ▌U`щiJ.3.В╨.ч╦| 00004170 42 da 13 5b a9 53 5c cc 6e 39 9b af 23 eb f5 d3 |Bз.[╘S\лn9⌡╞#КУс| 00004180 ee 86 71 69 4e 8f 07 14 c0 ce 59 64 00 84 78 50 |Н├qiN▐..юнYd.└xP| 00004190 40 1b 6b 7e 31 b3 d1 b1 cd 70 68 39 2f 2a 85 4e |@.k~1Ёя╠мph9/*┘N| 000041a0 2a e4 f7 ee 0d 64 79 13 c2 44 e4 1f 04 41 d9 b0 |*ДВН.dy.бDД..Aы╟| 000041b0 af b7 ca 90 11 26 48 6d 89 58 70 c6 e8 e8 2a 32 |╞╥й░.&Hm┴XpфХХ*2| 000041c0 b0 3f c8 60 ef ff cb 58 98 b7 ab 9f ab 9e e2 67 |╟?х`ОЪкX≤╥╚÷╚·Бg| 000041d0 25 52 c0 49 f5 2a b3 ef 9e 89 5b 35 1f 48 3c 66 |%RюIУ*ЁО·┴[5.H╦.┌а│| 00004410 a7 50 68 e8 ca 0e 1f cb f8 83 5c 63 17 54 9a 1d |╖PhХй..кЬ┐\c.T .| 00004420 f7 ed 2b 40 09 a4 70 fa d0 b5 20 09 12 0a 83 8a |ВМ+@.╓pЗп╣ ...┐┼| 00004430 38 ba a3 20 65 76 56 ab 84 c9 28 ea e7 2f 7e df |8╨ё evV╚└и(ЙГ/~ъ| 00004440 6f 31 d3 a9 71 43 7a 7e e2 51 35 9e ef 40 19 2b |o1с╘qCz~БQ5·О@.+| 00004450 02 10 29 9f ab 34 ab 74 a0 28 12 fc 78 3a a5 d9 |..)÷╚4╚t═(.Эx:╔ы| 00004460 67 eb db c3 3f db 29 08 03 07 b9 10 c1 74 29 84 |gКшц?ш)...╧.аt)└| 00004470 10 4d a7 70 51 a1 ba d8 ea 02 0c af 34 64 0a 36 |.M╖pQ║╨ьЙ..╞4d.6| 00004480 f4 03 f1 3e 21 08 4c df 06 15 43 06 f4 1a 6a 1d |Т.Я>!.Lъ..C.Т.j.| 00004490 f5 70 b8 ac 78 80 17 d1 c9 6c e3 60 06 75 28 c8 |Уp╦╛x─.яиlЦ`.u(х| 000044a0 a7 6a 06 fb 33 f4 9f ed 5a 22 4d 93 21 94 1d a2 |╖j.Ш3Т÷МZ"M⌠!■.╒| 000044b0 d5 c3 9f 70 cd ef d3 f0 8a 09 16 93 91 1d f0 b0 |уц÷pмОсП┼..⌠▒.П╟| 000044c0 44 19 86 f0 fd e3 8e d6 30 bf 77 be f4 6b 9b 3e |D.├ПЩЦ▌ж0©w╬Тk⌡>| 000044d0 44 73 6d 8d a3 8a 20 2e 0f 5c 87 94 80 8c 96 5b |Dsm█ё┼ ..\┤■─▄√[| 000044e0 41 5b 88 17 33 e5 fa dd 6e 67 19 ce 24 86 9a ac |A[┬.3ЕЗщng.н$├ ╛| 000044f0 d6 e0 7d 40 65 f3 d0 83 1f a9 d2 f9 94 c1 f8 4f |жЮ}@eСп┐.╘рЫ■аЬO| 00004500 95 87 64 37 81 a0 4e 94 93 9b 51 00 ac 56 65 c3 |∙┤d7│═N■⌠⌡Q.╛Veц| 00004510 7a c7 28 31 62 40 3c b7 fd ae 71 1f c1 23 87 3d |zг(1b@<╥Щ╝q.а#┤=| 00004520 31 e2 05 18 f8 6c 8c ac 02 4a f7 f0 b7 5f c3 b6 |1Б..Ьl▄╛.JВП╥_ц╤| 00004530 96 8b 22 22 f5 95 a6 40 45 d3 b0 39 af cd ed de |√▀""У∙╕@Eс╟9╞мМч| 00004540 2b e6 c3 31 94 30 35 ca 9b 01 cf 29 e9 3c 1f 71 |+Фц1■05й⌡.о)И<.q| 00004550 f5 0d 15 63 6b 84 ea ae 41 c2 78 44 9e 5c ee 31 |У..ck└Й╝AбxD·\Н1| 00004560 7e 5e d2 df 30 af 32 11 13 d9 5c bf c8 f1 3d 05 |~^ръ0╞2..ы\©хЯ=.| 00004570 07 42 5d 7c 90 b6 d5 e9 9f cb 1d 98 e3 d3 6f 11 |.B]|░╤уИ÷к.≤Цсo.| 00004580 07 06 0e 43 29 63 49 c7 ef 78 af 92 ba bb 0e 39 |...C)cIгОx╞▓╨╩.9| 00004590 8e f3 3a 73 c0 53 14 02 a3 41 7e 3c 31 d6 cd 5b |▌С:sюS..ёA~<1жм[| 000045a0 9f dd 46 b6 7e 48 c1 ec bf 8f 92 2c d6 97 d3 e1 |÷щF╤~HаЛ©▐▓,ж≈сА| 000045b0 18 a6 51 a3 3d cd 08 62 b9 78 9f b3 d1 9c 27 c7 |.╕Qё=м.b╧x÷Ёя°'г| 000045c0 5d 3f 46 db 2e 08 a2 bc 55 80 3f da ad d4 47 8d |]?Fш..╒╪U─?з╜тG█| 000045d0 06 fa 44 52 95 39 c7 2b f4 47 49 ff 43 a2 78 88 |.ЗDR∙9г+ТGIЪC╒x┬| 000045e0 d2 ac f9 46 0c 73 76 10 41 d1 88 af d6 95 6a 8a |р╛ЫF.sv.Aя┬╞ж∙j┼| 000045f0 71 ac 37 60 19 ae 17 bc a2 1c 2f 92 20 07 78 31 |q╛7`.╝.╪╒./▓ .x1| 00004600 64 63 d5 dd 1f 77 8a dc ae 65 73 dd e8 1a 40 67 |dcущ.w┼э╝esщХ.@g| 00004610 87 92 43 66 fc f5 77 6a 35 71 70 45 d9 a1 e7 11 |┤▓CfЭУwj5qpEы║Г.| 00004620 80 d1 e4 67 ea f7 6a 78 c0 00 f0 da 77 73 71 5b |─яДgЙВjxю.Пзwsq[| 00004630 0e 3e e5 db 40 fb c4 0b 0e 2e 74 17 bc 18 ba 7d |.>Еш@Шд...t.╪.╨}| 00004640 de 50 b1 b9 ed 51 3a 5e b6 54 13 23 b8 7e 33 26 |чP╠╧МQ:^╤T.#╦~3&| 00004650 b9 b8 68 0b c1 2a ba 30 fb 87 1d f3 23 e2 9f 3d |╧╦h.а*╨0Ш┤.С#Б÷=| 00004660 75 9e 4a 91 67 3c 86 f7 96 6c d1 19 07 e5 c6 25 |u·J▒g<├В√lя..Еф%| 00004670 4a 88 0a 40 c5 2e a2 5e 8f 35 3d 13 a6 e4 fc 6f |J┬.@е.╒^▐5=.╕ДЭo| 00004680 8f f8 77 f7 89 87 41 4b 4d 59 22 e9 0b 96 30 3a |▐ЬwВ┴┤AKMY"И.√0:| 00004690 d3 47 77 8d dc 56 35 21 e0 ae 0c 7a 3c 65 6c ad |сGw█эV5!Ю╝.z╘ .ЧхC╫.| 00004820 96 60 0e 11 d1 26 b5 1f 84 1c 01 86 d7 58 1e b0 |√`..я&╣.└..├вX.╟| 00004830 a0 43 73 3c 6b b0 d5 ea 7c ac b5 cf 30 c2 a4 af |═CsСЦF| 000049a0 3d 84 45 c7 86 26 e7 61 ad 80 aa 2c 41 c5 46 75 |=└Eг├&Гa╜─╙,AеFu| 000049b0 a3 8f de 61 52 cd 9e 6b 9e 76 de 46 fe cc 6e f7 |ё▐чaRм·k·vчFЧлnВ| 000049c0 c1 c4 5f 0b 8f 92 c9 0e bd 7f bc 73 e2 d5 8f 36 |ад_.▐▓и.╫.╪sБу▐6| 000049d0 c7 a4 0a fd 38 eb eb ce 0b bd 36 f7 7d c0 fc 02 |г╓.Щ8ККн.╫6В}юЭ.| 000049e0 57 38 70 30 58 c0 80 28 ea 37 09 c9 28 e4 a6 21 |W8p0Xю─(Й7.и(Д╕!| 000049f0 86 39 80 24 fe 5d 2d 27 81 29 28 3a 6d b0 9e ac |├9─$Ч]-'│)(:m╟·╛| 00004a00 31 a3 cf f0 23 ab d6 d5 ce d5 73 99 cb 81 41 3d |1ёоП#╚жунуs≥к│A=| 00004a10 d1 3d ff 46 66 18 e6 b8 4e 48 89 cb b5 e5 1f c5 |я=ЪFf.Ф╦NH┴к╣Е.е| 00004a20 f4 94 86 01 fc ae 1b 7c 24 d6 56 18 99 ba a8 66 |Т■├.Э╝.|$жV.≥╨╗f| 00004a30 5a b3 67 df ea df bd 9b 11 59 63 93 09 69 83 fd |ZЁgъЙъ╫⌡.Yc⌠.i┐Щ| 00004a40 30 b7 96 f3 4c c5 52 72 61 43 5a 82 91 48 10 b9 |0╥√СLеRraCZ┌▒H.╧| 00004a50 7e a7 62 96 81 05 d2 da 2b ab 98 3e 38 94 0f 97 |~╖b√│.рз+╚≤>8■.≈| 00004a60 86 74 83 3b 6c e8 b9 de 5c 64 0a ab 41 3b fa 36 |├t┐;lХ╧ч\d.╚A;З6| 00004a70 26 a0 08 dc 4a 0b 1d 6e 05 79 1a d1 90 2b 4e c2 |&═.эJ..n.y.я░+Nб| 00004a80 ca 64 bd fc 6c f5 f4 92 f3 f0 dd d7 6f 3b 42 00 |йd╫ЭlУТ▓СПщвo;B.| 00004a90 bc cc 00 37 e8 5b 09 dc 1d b9 30 d6 05 d3 92 7b |╪л.7Х[.э.╧0ж.с▓{| 00004aa0 08 ad ee c5 e5 be 80 5c e9 b6 88 e6 8f fd e6 1f |.╜НеЕ╬─\И╤┬Ф▐ЩФ.| 00004ab0 30 9c 92 61 77 f0 6a fc 42 54 6f cf 64 46 ef 19 |0°▓awПjЭBToоdFО.| 00004ac0 35 8b 3f ee 3a 21 3a 46 44 37 fb 68 f8 78 46 ba |5▀?Н:!:FD7ШhЬxF╨| 00004ad0 0f 90 c9 1d ef c6 80 e0 be 31 1b 30 c0 82 85 33 |.░и.Оф─Ю╬1.0ю┌┘3| 00004ae0 b1 c3 f8 5f 22 a7 a9 18 9b 33 aa e9 d1 17 87 2c |╠цЬ_"╖╘.⌡3╙Ия.┤,| 00004af0 05 38 b1 b8 35 16 fc f3 16 d7 48 ec 21 6c 15 b1 |.8╠╦5.ЭС.вHЛ!l.╠| 00004b00 0a f7 6d c3 87 8b 8b c8 a0 d7 20 d2 1b f3 ca ea |.Вmц┤▀▀х═в р.СйЙ| 00004b10 ce 13 81 57 25 69 9d 72 56 64 58 0e 90 80 ad 02 |н.│W%i²rVdX.░─╜.| 00004b20 12 43 ec 0f 5d 7b 66 64 a4 5c e6 b2 78 a4 9d 07 |.CЛ.]{fd╓\Ф╡x╓².| 00004b30 0c e1 1d ab 22 77 49 73 af 2c d1 a5 9c 4e 6c 8c |.А.╚"wIs╞,я╔°Nl▄| 00004b40 9a 06 3b e6 e9 ae 50 7b 40 ee 14 84 a4 be 3d 23 | .;ФИ╝P{@Н.└╓╬=#| 00004b50 62 13 e1 9c 45 6e 06 4c 9f 81 62 e4 ba 6b 27 4c |b.А°En.L÷│bД╨k'L| 00004b60 32 ff b8 74 65 24 1d 1e 58 04 9e 42 62 6e 4e 02 |2Ъ╦te$..X.·BbnN.| 00004b70 c7 29 ce 16 51 9e df 42 71 5f 1d 8a b4 27 94 02 |г)н.Q·ъBq_.┼╢'■.| 00004b80 84 43 31 f6 87 42 19 2e de 84 c1 69 a6 db f7 98 |└C1Ж┤B..ч└аi╕шВ≤| 00004b90 b2 8a 12 4a 77 db ce 3a 4d 3c 64 eb f0 ef 40 b6 |╡┼.Jwшн:Mw⌡чщ3;A| 00004d70 ac 4a 39 df 80 22 7e e0 b7 f2 e6 03 ad af 10 98 |╛J9ъ─"~Ю╥РФ.╜╞.≤| 00004d80 12 f5 61 e4 99 63 29 f8 9b b4 91 c8 7b 93 fb 3e |.УaД≥c)Ь⌡╢▒х{⌠Ш>| 00004d90 26 55 10 3e c5 10 4d 13 44 26 e9 e2 0e 17 ba bc |&U.>е.M.D&ИБ..╨╪| 00004da0 7b 33 91 47 16 23 a6 14 6e 8e de 27 2b 18 46 3b |{3▒G.#╕.n▌ч'+.F;| 00004db0 a8 54 df fa 37 c4 8d 90 4e 19 b6 2a 5a 46 61 6f |╗TъЗ7д█░N.╤*ZFao| 00004dc0 47 8d 9c 31 5a 78 a7 a9 16 59 1f ae 37 11 d0 4d |G█°1Zx╖╘.Y.╝7.пM| 00004dd0 b7 38 47 03 45 1a fe 10 b4 f4 4b 3b c0 35 cb aa |╥8G.E.Ч.╢ТK;ю5к╙| 00004de0 dc 9b 9d c7 f6 7a cd 58 d1 9d b6 18 95 92 3e 3a |э⌡²гЖzмXя²╤.∙▓>:| 00004df0 84 c9 51 77 47 8c ef ff ea f8 da a7 4e aa cd 8f |└иQwG▄ОЪЙЬз╖N╙м▐| 00004e00 ef 88 32 3d 18 07 d1 db 8c eb 52 50 5c 6a dc 35 |О┬2=..яш▄КRP\jэ5| 00004e10 ec ef 25 6c 78 ed 0e 28 cb 72 33 66 ee 23 e0 b3 |ЛО%lxМ.(кr3fН#ЮЁ| 00004e20 be 9e 18 b5 31 8a bf bc ce e4 0d 03 b6 61 01 fa |╬·.╣1┼©╪нД..╤a.З| 00004e30 12 4c 1b 1b 9d 1c a1 78 fb 50 4b 61 53 87 15 35 |.L..².║xШPKaS┤.5| 00004e40 eb d7 2c ca e0 90 8b a5 8d be a6 39 d9 de a6 e7 |Кв,йЮ░▀╔█╬╕9ыч╕Г| 00004e50 6b 31 0e 3e 73 6e 81 ad e3 9c ce 38 87 de f4 65 |k1.>sn│╜Ц°н8┤чТe| 00004e60 60 b0 80 aa bb 92 aa 65 d5 91 34 ae 13 54 9e 3b |`╟─╙╩▓╙eу▒4╝.T·;| 00004e70 55 e2 6c b8 84 cc 9a 5a 0e 85 33 57 d3 70 f3 44 |UБl╦└л Z.┘3WсpСD| 00004e80 5a e7 cb 0e 54 d4 da 91 01 ae e4 fa 81 e3 cf c2 |ZГк.Tтз▒.╝ДЗ│Цоб| 00004e90 c9 6a 8d aa f9 b4 fb 26 fe 97 da 86 57 7d d1 04 |иj█╙Ы╢Ш&Ч≈з├W}я.| 00004ea0 df 18 3c 45 f7 20 86 76 8c 4c d2 ac 7e 92 15 da |ъ.J7█| 00005120 fd c9 3d 13 c9 49 bc d3 2b 72 8c 22 9e ab ac 15 |Щи=.иI╪с+r▄"·╚╛.| 00005130 3a 15 d5 f6 ab f4 95 f7 63 07 c8 e9 bb 44 f4 b3 |:.уЖ╚Т∙Вc.хИ╩DТЁ| 00005140 00 79 43 66 16 48 66 1f 30 66 e9 e6 01 a2 fd 49 |.yCf.Hf.0fИФ.╒ЩI| 00005150 69 ef 8f 31 61 67 c7 2f 87 64 6d 1f e5 dc 31 2c |iО▐1agг/┤dm.Еэ1,| 00005160 ca 7c 43 e9 95 df 56 6f f7 5d 86 b2 1f 19 a1 e7 |й|CИ∙ъVoВ]├╡..║Г| 00005170 9b b2 05 e8 62 d9 3f d8 38 27 31 e9 60 b5 c6 d5 |⌡╡.Хbы?ь8'1И`╣фу| 00005180 60 61 cb 61 b4 8e b5 d0 67 69 4c 64 2f 02 9a e6 |`aкa╢▌╣пgiLd/. Ф| 00005190 3d 35 15 3d d3 1b 57 7a 88 14 a0 2f a5 9a 59 29 |=5.=с.Wz┬.═/╔ Y)| 000051a0 0d 06 9f ee fd 77 3c d8 4e aa 20 c1 07 e0 2b 47 |..÷НЩw<ьN╙ а.Ю+G| 000051b0 26 9b 8f de d6 bb c3 14 13 a1 75 11 52 6e 21 9e |&⌡▐чж╩ц..║u.Rn!·| 000051c0 45 c8 1a bf 98 af 86 bc ce b3 1b 13 45 f0 42 63 |Eх.©≤╞├╪нЁ..EПBc| 000051d0 3d 3d 93 4e 7c 55 1e 07 8a 14 e3 9d 68 39 8d b8 |==⌠N|U..┼.Ц²h9█╦| 000051e0 33 79 c3 61 e2 fb 5e ff b9 c7 bd b8 1b c8 41 db |3yцaБШ^Ъ╧г╫╦.хAш| 000051f0 28 16 5a 13 51 d3 cd e6 00 84 3b f8 98 1d 25 4c |(.Z.QсмФ.└;Ь≤.%L| 00005200 8b 92 1b 76 04 f1 9a 70 7d 38 aa fa 0a 40 85 9d |▀▓.v.Я p}8╙З.@┘²| 00005210 2e 40 1e eb a9 2a d1 d2 da ae c6 20 04 5e 97 9f |.@.К╘*ярз╝ф .^≈÷| 00005220 4c 76 06 f0 b3 93 b7 b8 9d 57 c3 60 26 48 3b 1d |Lv.ПЁ⌠╥╦²Wц`&H;.| 00005230 6d b2 1e 6b 85 ed 34 13 aa eb 4e 61 02 fc a3 1b |m╡.k┘М4.╙КNa.Эё.| 00005240 69 9f 45 8d 59 db 29 e0 a0 b5 7d 42 40 13 fb 5d |i÷E█Yш)Ю═╣}B@.Ш]| 00005250 f2 34 17 4e 8b 2e 70 c3 a9 35 dd cd a1 89 2a 19 |Р4.N▀.pц╘5щм║┴*.| 00005260 80 4c 5c b4 91 3e a7 cf d1 90 61 48 8e b4 7f 93 |─L\╢▒>╖оя░aH▌╢.⌠| 00005270 81 34 0e b0 f2 e0 9c a0 a1 e3 94 8a 3f fa c3 ed |│4.╟РЮ°═║Ц■┼?ЗцМ| 00005280 f8 4c f5 2b eb 2b d1 8c e7 77 b9 b9 e4 c4 d2 84 |ЬLУ+К+я▄Гw╧╧Ддр└| 00005290 96 81 9a 8a 4e 11 58 58 b3 1a e6 7e 1a 9a 1b 7d |√│ ┼N.XXЁ.Ф~. .}| 000052a0 d6 98 a5 3f b9 5f 66 69 49 67 55 7f bb 5a 19 f1 |ж≤╔?╧_fiIgU.╩Z.Я| 000052b0 1a 8b 8d bf 1b d5 5a aa 5d 95 d5 fc db 38 d1 4a |.▀█©.уZ╙]∙уЭш8яJ| 000052c0 5c 97 5b 3f 71 2c e9 ac db bb 35 bb 9e 1e 68 df |\≈[?q,И╛ш╩5╩·.hъ| 000052d0 07 cb 6d 94 a9 ec 12 e7 8e 21 11 14 b7 b0 6e 75 |.кm■╘Л.Г▌!..╥╟nu| 000052e0 cb db f1 71 ba 0a dc 3f 4e 35 e1 6a 55 83 ad 29 |кшЯq╨.э?N5АjU┐╜)| 000052f0 c7 26 43 92 5e ec 35 cc 27 8c 95 f6 ac c9 10 b1 |г&C▓^Л5л'▄∙Ж╛и.╠| 00005300 9d 19 82 89 eb aa 93 70 f6 81 01 b1 34 d7 c6 72 |².┌┴К╙⌠pЖ│.╠4вфr| 00005310 1e ad dc ce 48 e0 0c e8 db 2d 48 98 9d 9f e9 6b |.╜энHЮ.Хш-H≤²÷Иk| 00005320 48 45 ab b2 1f ce 40 39 fa bd 1a ea 70 5c de 7d |HE╚╡.н@9З╫.Йp\ч}| 00005330 05 bb 4f 14 74 b4 71 a8 12 f1 f8 59 d5 c1 da 35 |.╩O.t╢q╗.ЯЬYуаз5| 00005340 97 e2 af 10 24 21 41 1e 31 fd eb f8 bb ca d1 ca |≈Б╞.$!A.1ЩКЬ╩йяй| 00005350 04 52 51 a5 b9 0e 7e 13 d5 38 64 c2 a8 f5 ac 11 |.RQ╔╧.~.у8dб╗У╛.| 00005360 7d 94 20 cc df a9 98 34 95 f3 30 5b f4 2a 5d 9a |}■ лъ╘≤4∙С0[Т*] | 00005370 86 e0 ea 8e 92 5b 1f 1c 7c 6b 63 72 6e b4 46 e5 |├ЮЙ▌▓[..|kcrn╢FЕ| 00005380 4f fc 95 37 c3 e8 82 d7 eb 3f 3b 91 41 94 63 c5 |OЭ∙7цХ┌вК?;▒A■cе| 00005390 9b 3d e7 95 db dd 1c f9 40 e3 5c 27 f0 9b d9 d5 |⌡=Г∙шщ.Ы@Ц\'П⌡ыу| 000053a0 20 8e 5a 8c d5 8e 68 ff 83 f8 dd ea 37 e2 96 00 | ▌Z▄у▌hЪ┐ЬщЙ7Б√.| 000053b0 13 94 0b 6a b5 bc 39 a1 53 1b 90 f1 49 3f 16 45 |.■.j╣╪9║S.░ЯI?.E| 000053c0 bc 8d 11 be 97 39 72 a4 4c 70 b9 f7 c7 6a 70 7a |╪█.╬≈9r╓Lp╧Вгjpz| 000053d0 ef a4 f5 66 0b 02 4b c8 4a 14 17 1d 4f 97 aa 05 |О╓Уf..KхJ...O≈╙.| 000053e0 e0 6c 02 53 e2 39 e5 1f 62 9c f7 84 10 71 21 b8 |Юl.SБ9Е.b°В└.q!╦| 000053f0 d8 7b 8d 6a 8b 39 59 53 98 76 61 82 88 55 d6 f6 |ь{█j▀9YS≤va┌┬UжЖ| 00005400 45 bf 7e 24 b2 22 cf 52 09 9c 1c 05 87 46 70 75 |E©~$╡"оR.°..┤Fpu| 00005410 0e ef ac 04 5f 95 43 54 97 09 7c 8f 41 31 16 72 |.О╛._∙CT≈.|▐A1.r| 00005420 34 b4 3c 38 57 e4 59 64 37 a4 40 85 cc d4 93 5a |4╢<8WДYd7╓@┘лт⌠Z| 00005430 5a 52 49 c1 37 7a ce b8 81 32 f0 6f 78 05 1d c3 |ZRIа7zн╦│2Пox..ц| 00005440 9e 80 f9 b8 c9 56 95 aa 08 b1 3c d8 2d 4b f0 10 |·─Ы╦иV∙╙.╠<ь-KП.| 00005450 35 06 d3 64 93 8c c2 09 1c 32 93 d0 40 04 5f c8 |5.сd⌠▄б..2⌠п@._х| 00005460 0a 33 5e f9 6e 5a 94 46 53 59 77 11 de fa 6a 50 |.3^ЫnZ■FSYw.чЗjP| 00005470 3e 24 7e c5 94 e8 f8 13 8e 8e b8 db 55 6c a0 38 |>$~е■ХЬ.▌▌╦шUl═8| 00005480 47 2b e2 8a c3 45 30 98 d8 02 69 b2 fd 8b f1 2a |G+Б┼цE0≤ь.i╡Щ▀Я*| 00005490 e0 4b 40 86 4e 7a 36 9f 73 47 bc 61 13 46 33 f3 |ЮK@├Nz6÷sG╪a.F3С| 000054a0 10 a0 b3 a3 3f 36 62 59 06 eb 52 86 47 79 04 f5 |.═Ёё?6bY.КR├Gy.У| 000054b0 b4 2b 90 5e 96 18 b6 81 a8 42 46 df 0d 15 ca 23 |╢+░^√.╤│╗BFъ..й#| 000054c0 78 b3 1c 01 32 08 bc fb 5e 01 c4 6e 5c 94 04 90 |xЁ..2.╪Ш^.дn\■.░| 000054d0 da 54 ff 3f 5d 0e 17 11 84 dd 39 d9 34 3c 4f 6d |зTЪ?]...└щ9ы4ё╠E.┼┬╘| 00005830 85 94 b0 fb 1c ad f1 d0 6e b3 46 7f cf 9b b6 28 |┘■╟Ш.╜ЯпnЁF.о⌡╤(| 00005840 4a 21 3f 1a f8 44 d7 ba c7 14 51 72 05 78 f3 78 |J!?.ЬDв╨г.Qr.xСx| 00005850 02 a8 5d 1e cf 11 95 53 02 f2 b6 ed 31 40 b5 7d |.╗].о.∙S.Р╤М1@╣}| 00005860 ba 79 86 4a 86 5c ad 43 39 e0 4d 58 36 27 14 f4 |╨y├J├\╜C9ЮMX6'.Т| 00005870 6c 9a c1 de 83 5a e9 ec 59 04 9a bb 3e ef 88 9b |l ач┐ZИЛY. ╩>О┬⌡| 00005880 c4 a1 d3 2c f7 71 6e f8 b7 fe c0 5f dc 88 bd bd |д║с,ВqnЬ╥Чю_э┬╫╫| 00005890 dd fb 18 5b a1 5b a3 20 7c b2 be 96 e6 97 52 39 |щШ.[║[ё |╡╬√Ф≈R9| 000058a0 fe 47 21 8a 3e 28 69 ec c1 4d 88 dc 88 19 85 8f |ЧG!┼>(iЛаM┬э┬.┘▐| 000058b0 c4 68 4e dc 76 15 16 70 fb 5d d2 86 aa 2f 9c 21 |дhNэv..pШ]р├╙/°!| 000058c0 6b f9 42 b2 2d af 3a 94 c6 28 e0 75 6e 4b 4d 21 |kЫB╡-╞:■ф(ЮunKM!| 000058d0 c2 b7 c6 72 f4 5c 16 4f cb 8d 19 8e 6e df 7c 34 |б╥фrТ\.Oк█.▌nъ|4| 000058e0 db bf 01 f6 80 ab 4c b7 87 44 33 a3 0c 30 7c d8 |ш©.Ж─╚L╥┤D3ё.0|ь| 000058f0 74 88 99 42 27 7e c6 7c 29 0e 8c 93 a4 1f ad f3 |t┬≥B'~ф|).▄⌠╓.╜С| 00005900 79 5f bf 65 5e 74 06 c3 28 2e 03 5a 26 37 7b 6c |y_©e^t.ц(..Z&7{l| 00005910 65 d9 f0 8b 2e 94 87 a9 e2 3a 46 e4 32 71 cc 61 |eыП▀.■┤╘Б:FД2qлa| 00005920 f9 e0 25 64 67 51 c2 88 7b b9 45 d2 d4 30 e4 b7 |ЫЮ%dgQб┬{╧Eрт0Д╥| 00005930 12 b7 4d 4f 02 5e 1d ab 58 5f 8e 91 2e c6 8d 9c |.╥MO.^.╚X_▌▒.ф█°| 00005940 c8 98 b8 da c3 cd a9 f2 32 1e d5 51 d4 91 6e ac |х≤╦зцм╘Р2.уQт▒n╛| 00005950 0a 4b 6d 48 00 c0 34 a4 1f fa f0 a0 93 40 06 cd |.KmH.ю4╓.ЗП═⌠@.м| 00005960 6d e4 61 81 9c 6a 9f 89 7d 5b cc 70 c4 32 7c d3 |mДa│°j÷┴}[лpд2|с| 00005970 51 a2 f0 1c e9 14 8d 52 4c 39 84 67 e2 42 36 fb |Q╒П.И.█RL9└gБB6Ш| 00005980 c5 1c e0 df fd 71 29 b8 1d 76 41 94 35 d5 de 0b |е.ЮъЩq)╦.vA■5уч.| 00005990 ec 97 cb 46 69 31 f7 e7 aa d4 a6 79 72 37 11 2f |Л≈кFi1ВГ╙т╕yr7./| 000059a0 9a 42 d9 e4 25 fd 79 9b b7 53 ce 0c 6e 16 e2 b4 | BыД%Щy⌡╥Sн.n.Б╢| 000059b0 39 b5 2d 1c 8e 3d f8 4c 6b ae 56 a5 74 b1 6f 37 |9╣-.▌=ЬLk╝V╔t╠o7| 000059c0 b9 5c cd 74 92 e5 be 7a b3 cd 8a 1c 03 06 37 ce |╧\мt▓Е╬zЁм┼...7н| 000059d0 9a 2c ea f9 28 14 04 c3 a0 ac aa d9 19 9a b8 1a | ,ЙЫ(..ц═╛╙ы. ╦.| 000059e0 62 96 64 3f 3c 6b aa ab 16 50 d3 2d 7f 03 92 72 |b√d?4".| 00005b10 45 da 67 a0 8f 47 7a bc be e9 86 58 c0 f9 fe 4a |Eзg═▐Gz╪╬И├XюЫЧJ| 00005b20 67 e6 bd b2 a5 4e c1 c4 01 f9 c1 fe 62 90 d4 02 |gФ╫╡╔Nад.ЫаЧb░т.| 00005b30 f4 7c 0a f7 0c e2 80 e2 5b 32 fe 3c d1 44 57 3a |Т|.В.Б─Б[2Ч<яDW:| 00005b40 2e 31 1f e7 75 b2 ec 3b 55 a0 6b 22 18 2a 72 c7 |.1.Гu╡Л;U═k".*rг| 00005b50 44 01 7e 12 2e 42 14 0f 96 1e bd 71 9a 45 05 43 |D.~..B..√.╫q E.C| 00005b60 6f 9f 56 ed ed 56 bc e0 68 ba 3a 52 7d e1 fd 75 |o÷VММV╪Юh╨:R}АЩu| 00005b70 1b 62 7e 33 e6 00 13 d5 82 9f 1d 49 cd 44 b9 3e |.b~3Ф..у┌÷.IмD╧>| 00005b80 20 05 44 43 2e bc e3 3e 9d 09 0a b8 9d 9c 3d b5 | .DC.╪Ц>²..╦²°=╣| 00005b90 7c 64 46 1e 5d 63 66 8a c3 53 8d 86 34 49 e2 9e ||dF.]cf┼цS█├4IБ·| 00005ba0 d4 2a 38 95 b8 8a 21 52 08 50 92 fa 89 85 16 3f |т*8∙╦┼!R.P▓З┴┘.?| 00005bb0 bc 74 34 e6 e6 e0 77 80 21 ed f6 94 fa b0 af 45 |╪t4ФФЮw─!МЖ■З╟╞E| 00005bc0 b2 6b 53 68 2a 9e 7c 91 c9 39 76 1b 76 40 42 7a |╡kSh*·|▒и9v.v@Bz| 00005bd0 fb 45 23 06 c9 83 2b 43 aa 8f c0 af c7 31 a6 90 |ШE#.и┐+C╙▐ю╞г1╕░| 00005be0 83 ed c5 d4 5b 43 3b db 7d 41 ca 21 ea 7a 97 76 |┐Мет[C;ш}Aй!Йz≈v| 00005bf0 8a 65 74 de a6 c8 2e f3 c3 c0 94 d1 0c 15 ae 39 |┼etч╕х.Сцю■я..╝9| 00005c00 bb 27 09 68 79 e4 ad 03 c9 ba 53 62 82 8b ea 9e |╩'.hyД╜.и╨Sb┌▀Й·| 00005c10 ef c5 a9 42 a3 a0 38 db c5 b8 9e 80 05 58 2b 0d |Ое╘Bё═8ше╦·─.X+.| 00005c20 ed f6 fa 19 be c7 45 5f f2 c9 f2 64 78 4e 01 3c |МЖЗ.╬гE_РиРdxN.<| 00005c30 a9 90 ca cc e6 47 c5 aa cd 04 ed 50 fa 70 d0 76 |╘░йлФGе╙м.МPЗpпv| 00005c40 d7 2f a9 48 ac 73 60 3e 50 21 42 1c c3 07 bf a7 |в/╘H╛s`>P!B.ц.©╖| 00005c50 e8 ce db 85 22 83 1d 6f 6d 8d 33 f3 a9 df 8a 39 |Хнш┘"┐.om█3С╘ъ┼9| 00005c60 d6 88 a6 99 68 7b 29 33 08 42 62 83 7b 94 5e 81 |ж┬╕≥h{)3.Bb┐{■^│| 00005c70 53 32 50 3b 19 f2 f3 ad 08 b2 b2 87 8e b6 7e d1 |S2P;.РС╜.╡╡┤▌╤~я| 00005c80 f9 30 0c 10 9a 00 96 41 b1 40 10 9a 33 6f 68 56 |Ы0.. .√A╠@. 3ohV| 00005c90 27 32 1c c6 eb a4 d7 1d 7b a3 87 e6 8e de 62 14 |'2.фК╓в.{ё┤Ф▌чb.| 00005ca0 f3 e5 ad ed 0e ad c6 95 dc e1 c6 7c d9 88 69 c5 |СЕ╜М.╜ф∙эАф|ы┬iе| 00005cb0 c7 68 eb 94 c4 43 3c fd 55 96 fb f5 27 db bb 3a |гhК■дC<ЩU√ШУ'ш╩:| 00005cc0 9c 56 09 55 7b 31 87 34 79 aa 93 9b d2 bc d6 2f |°V.U{1┤4y╙⌠⌡р╪ж/| 00005cd0 d4 7f 64 ff 53 fe fb 8a 69 69 7c 44 6c aa b4 d9 |т.dЪSЧШ┼ii|Dl╙╢ы| 00005ce0 80 ba d1 2c 85 2c 84 69 32 54 ab 26 06 1a 0f 41 |─╨я,┘,└i2T╚&...A| 00005cf0 e0 a7 6b d0 bd ff 27 ce 7a 89 02 d1 31 03 a5 8a |Ю╖kп╫Ъ'нz┴.я1.╔┼| 00005d00 7f 75 8d bf 31 ff 79 c5 11 69 15 33 0c aa 73 c2 |.u█©1Ъyе.i.3.╙sб| 00005d10 3d 34 f5 b1 b5 36 e7 77 25 ca 32 9c 15 b6 9e 79 |=4У╠╣6Гw%й2°.╤·y| 00005d20 99 0d f8 d9 fd c3 e7 ce 13 a7 d4 66 77 b8 7e 25 |≥.ЬыЩцГн.╖тfw╦~%| 00005d30 e1 e4 0c f8 ec ad 63 b4 9a b7 7d eb 15 41 21 4b |АД.ЬЛ╜c╢ ╥}К.A!K| 00005d40 23 b0 c5 c3 f6 23 36 4d 2c 76 4d 50 90 11 44 8e |#╟ецЖ#6M,vMP░.D▌| 00005d50 66 a7 69 66 5b a7 0b c3 e6 a7 17 13 a6 c1 27 00 |f╖if[╖.цФ╖..╕а'.| 00005d60 14 c3 d2 09 97 19 50 39 7f 8c 6d 2a f7 b8 1b 52 |.цр.≈.P9.▄m*В╦.R| 00005d70 7f 54 cb 8d d5 f3 5a 25 d6 a5 f8 01 c8 cd 02 86 |.Tк█уСZ%ж╔Ь.хм.├| 00005d80 37 5f 30 0d 9b c4 06 dd cd 04 75 79 39 96 2f ff |7_0.⌡д.щм.uy9√/Ъ| 00005d90 f1 7c 81 00 00 e9 37 cd e5 ba 1b d4 b8 70 67 af |Я|│..И7мЕ╨.т╦pg╞| 00005da0 4f d3 44 71 e1 04 82 66 97 38 d6 2b ed 00 24 6a |OсDqА.┌f≈8ж+М.$j| 00005db0 a0 ed b3 42 75 9a ad fa f7 e8 ea 4b a3 53 5e 6b |═МЁBu ╜ЗВХЙKёS^k| 00005dc0 29 09 cc e7 33 f6 2b dd cb d0 6c be bf fa ac 9e |).лГ3Ж+щкпl╬©З╛·| 00005dd0 c5 ec 65 08 af 5f 05 78 13 99 8c 6f e9 0f 44 03 |еЛe.╞_.x.≥▄oИ.D.| 00005de0 21 7b 2c 22 7d bc a9 1c 1c 81 60 2a 06 ff 2b b2 |!{,"}╪╘..│`*.Ъ+╡| 00005df0 35 34 29 6c ba 40 60 4f 68 e0 9b 4d bf c6 bd 11 |54)l╨@`OhЮ⌡M©ф╫.| 00005e00 35 0c f3 c9 d0 47 1f 27 55 ee 72 3f 0c 13 d9 5f |5.СипG.'UНr?..ы_| 00005e10 dc 09 aa cc 14 52 17 cb 15 1d d6 35 62 ad df 28 |э.╙л.R.к..ж5b╜ъ(| 00005e20 5c 63 e0 37 f2 3d 68 66 fe 5f d9 d2 69 7e 8e 23 |\cЮ7Р=hfЧ_ырi~▌#| 00005e30 15 6d 7d c0 ae 4e bd 3b 6e 68 d1 68 44 80 81 ec |.m}ю╝N╫;nhяhD─│Л| 00005e40 15 4d c8 d2 16 4a f2 e0 06 44 9c 5c 9a 77 be dc |.Mхр.JРЮ.D°\ w╬э| 00005e50 1e 56 b0 7d 4b ef ec 0f f6 dd 64 43 9e c3 1f 4f |.V╟}KОЛ.ЖщdC·ц.O| 00005e60 cd 6c c7 80 8e e9 b6 4b 33 c7 86 49 e6 02 23 4c |мlг─▌И╤K3г├IФ.#L| 00005e70 a0 6d f6 81 fa dd 87 f4 19 ab f5 d0 6c 56 6a 37 |═mЖ│Зщ┤Т.╚УпlVj7| 00005e80 6e ad f8 a0 89 4c c6 4f b2 7e 0d 81 5b c7 29 fe |n╜Ь═┴LфO╡~.│[г)Ч| 00005e90 46 ad 28 04 00 d8 86 62 4e 33 5d 93 41 e5 e7 5b |F╜(..ь├bN3]⌠AЕГ[| 00005ea0 1c b7 54 38 44 12 33 64 51 53 2f d0 fe 49 57 a3 |.╥T8D.3dQS/пЧIWё| 00005eb0 b2 cb f9 9f 16 bf 55 f0 c3 8c ac 16 49 8c 77 8f |╡кЫ÷.©UПц▄╛.I▄w▐| 00005ec0 78 27 0e 59 12 06 4c 6d de 97 f8 36 72 a4 1b fa |x'.Y..Lmч≈Ь6r╓.З| 00005ed0 51 36 10 0e dd 7e 84 6e 33 f8 71 50 07 53 c5 a6 |Q6..щ~└n3ЬqP.Sе╕| 00005ee0 ab f4 44 0d 19 82 ce 0f 0e 22 4e 72 57 33 b4 2f |╚ТD..┌н.."NrW3╢/| 00005ef0 b6 8a ee 9e 1a b9 d6 dd cc 1a 4b a4 6d d6 ac 53 |╤┼Н·.╧жщл.K╓mж╛S| 00005f00 f0 dd bf 06 0e 05 d4 89 ec 4d 23 9d 22 e1 48 93 |Пщ©...т┴ЛM#²"АH⌠| 00005f10 e3 3e a5 7f 0a 46 ca c0 ec ba db 0f 13 23 5b 3e |Ц>╔..FйюЛ╨ш..#[>| 00005f20 71 e8 91 ff fb 70 81 81 c5 e6 a8 36 81 0e 29 38 |qХ▒ЪШp││еФ╗6│.)8| 00005f30 ab 3c 3c 4e 20 8b 73 fd 6d e4 ed f5 0b 67 ca d0 |╚<┬.ч| 00005f80 1d 91 7e 0d 1f bd 76 6b db 32 ad ca cc 7a 24 78 |.▒~..╫vkш2╜йлz$x| 00005f90 f4 76 e4 66 39 cb 52 5d 16 27 00 b1 0a 76 80 65 |ТvДf9кR].'.╠.v─e| 00005fa0 15 55 ff 7a d2 ef 4e f5 e6 38 e9 eb 5c 54 2a 11 |.UЪzрОNУФ8ИК\T*.| 00005fb0 0f 99 78 7f c8 b8 98 41 99 0b 3e c6 51 d7 53 0e |.≥x.х╦≤A≥.>фQвS.| 00005fc0 ae de cd 96 fc bf 80 f4 59 7a 27 f6 35 c4 e8 e5 |╝чм√Э©─ТYz'Ж5дХЕ| 00005fd0 61 b4 66 fa 9a 9d e6 f1 cf 68 d7 14 91 65 7b d7 |a╢fЗ ²ФЯоhв.▒e{в| 00005fe0 0d 07 52 2e 9d cf e5 83 ce a3 76 16 7d 14 0e a6 |..R.²оЕ┐нёv.}..╕| 00005ff0 44 21 95 d1 ef 27 c1 e1 7d a0 d9 ca be 78 a5 ce |D!∙яО'аА}═ый╬x╔н| 00006000 07 ad f5 22 1a 6a b1 f5 d2 4c 67 96 ea 1d da f2 |.╜У".j╠УрLg√Й.зР| 00006010 f7 95 b4 f4 6c 26 ab 07 3f ba df bf be fc ff 60 |В∙╢Тl&╚.?╨ъ©╬ЭЪ`| 00006020 93 15 be 77 ef 43 cb 49 36 9c d5 0c ab be 4a bb |⌠.╬wОCкI6°у.╚╬J╩| 00006030 de 54 7c 42 b5 ab aa d0 78 9a c6 41 bb a7 f6 c3 |чT|B╣╚╙пx фA╩╖Жц| 00006040 a4 f6 64 02 40 bb 9d 59 44 4e 2d ea 3f 54 d7 83 |╓Жd.@╩²YDN-Й?Tв┐| 00006050 7a 17 a1 65 6d 80 78 92 f1 00 9e e9 19 3c 75 54 |z.║em─x▓Я.·И.╬╡| 00006120 ad e1 bd 4b 09 4c 24 08 3e 7b f7 66 13 41 63 df |╜А╫K.L$.>{Вf.Acъ| 00006130 51 7a 5a 79 fd d3 91 4f 9c 47 6b 50 d8 21 0b 29 |QzZyЩс▒O°GkPь!.)| 00006140 f6 51 c3 c2 f4 16 31 18 62 1f 12 49 50 f3 d1 8e |ЖQцбТ.1.b..IPСя▌| 00006150 48 34 0e df ac 32 ad 3d f4 6a f0 a2 0c 84 d0 1e |H4.ъ╛2╜=ТjП╒.└п.| 00006160 74 99 da c4 c4 9a bb 53 b4 9f 92 07 99 2b ed 9a |t≥здд ╩S╢÷▓.≥+М | 00006170 74 c1 37 1b 0d 57 f0 93 af df 24 d3 e1 5b 1f 77 |tа7..WП⌠╞ъ$сА[.w| 00006180 bc 52 65 88 c1 bb 76 49 7a 33 5b 64 28 d2 57 75 |╪Re┬а╩vIz3[d(рWu| 00006190 7a b2 83 91 f8 86 cb f5 20 bc e2 53 8d c1 3b b3 |z╡┐▒Ь├кУ ╪БS█а;Ё| 000061a0 02 ed a6 1b 25 55 83 8f 2c 42 ab aa d7 f1 f3 7c |.М╕.%U┐▐,B╚╙вЯС|| 000061b0 62 4e 3c f9 de f7 01 02 8a 9d a5 ab 4d f3 cc d8 |bN<ЫчВ..┼²╔╚MСль| 000061c0 70 c8 a9 27 66 20 08 b4 07 8e 4d de 0c 32 6a dc |pх╘'f .╢.▌Mч.2jэ| 000061d0 cb 6c 58 3d 8c ee 9a 87 9e aa b8 a6 23 82 e5 c9 |кlX=▄Н ┤·╙╦╕#┌Еи| 000061e0 07 12 a0 06 c0 48 ae 9c be e6 88 4a d4 d5 ca b8 |..═.юH╝°╬Ф┬Jтуй╦| 000061f0 9b 9f 88 bf 89 e4 69 00 64 22 ab c9 17 29 d4 66 |⌡÷┬©┴Дi.d"╚и.)тf| 00006200 96 46 30 fb b5 1a ee d1 49 8f d6 3b 4c 09 19 24 |√F0Ш╣.НяI▐ж;L..$| 00006210 ff 15 d4 b9 4b ec f7 7e 5c 8c ec 6b ed c5 8e d0 |Ъ.т╧KЛВ~\▄ЛkМе▌п| 00006220 4c 9f 06 8f 71 be 49 ca e7 a7 bb ac d7 89 87 cd |L÷.▐q╬IйГ╖╩╛в┴┤м| 00006230 79 e8 53 43 51 79 47 a3 27 40 82 73 83 26 f1 4e |yХSCQyGё'@┌s┐&ЯN| 00006240 40 6f 11 78 74 69 ad d0 fb 58 71 5a 02 da fc be |@o.xti╜пШXqZ.зЭ╬| 00006250 63 6c a1 e9 2e 8e 49 c0 11 7d 8f 9b 2c b7 59 85 |cl║И.▌Iю.}▐⌡,╥Y┘| 00006260 a8 f0 21 c7 78 15 88 6b b5 25 ce fb 50 93 fd 35 |╗П!гx.┬k╣%нШP⌠Щ5| 00006270 98 be 99 6f fe 7a 54 05 86 80 87 14 c1 ce b4 25 |≤╬≥oЧzT.├─┤.ан╢%| 00006280 07 15 e0 dd b4 69 15 e2 ca 5c 97 66 54 68 92 7e |..Ющ╢i.Бй\≈fTh▓~| 00006290 06 65 6d 6b c4 44 bd f3 7c db 91 21 32 1e a1 5c |.emkдD╫С|ш▒!2.║\| 000062a0 13 56 61 8d 24 f7 41 b3 a1 9f 41 50 3a 3c a4 c9 |.Va█$ВAЁ║÷AP:<╓и| 000062b0 46 e2 c8 0b 83 fb 14 63 45 d8 de 33 05 9e ac 5d |FБх.┐Ш.cEьч3.·╛]| 000062c0 48 4b c6 d4 e2 6f dd 3a 4d 3d 68 4d a4 b8 84 5f |HKфтБoщ:M=hM╓╦└_| 000062d0 af 2e e2 60 a7 c6 d9 b2 6a fa ee 08 c6 9a 8c b4 |╞.Б`╖фы╡jЗН.ф ▄╢| 000062e0 39 0d 8b 3a b1 44 aa f6 65 10 9a 96 dc 3b e4 7f |9.▀:╠D╙Жe. √э;Д.| 000062f0 87 64 d4 8d ae 88 9c 7f 59 23 83 a5 64 88 85 4b |┤dт█╝┬°.Y#┐╔d┬┘K| 00006300 58 da a6 58 ac ba b3 43 c0 1c 67 8c 3f af 84 79 |Xз╕X╛╨ЁCю.g▄?╞└y| 00006310 6f 50 5c 58 1e b5 48 80 17 38 d8 15 0e c4 37 fc |oP\X.╣H─.8ь..д7Э| 00006320 8d b5 59 ff 83 27 66 c5 c3 e5 0c 13 3a b8 57 13 |█╣YЪ┐'fецЕ..:╦W.| 00006330 a6 ee b5 a3 88 cd 99 b0 98 e6 15 09 73 17 68 cd |╕Н╣ё┬м≥╟≤Ф..s.hм| 00006340 ce 24 4b 8e e4 19 a8 76 70 ad 58 6c 92 1e f3 eb |н$K▌Д.╗vp╜Xl▓.СК| 00006350 ee 2e 2b af aa a5 cf 1e b5 30 4d c6 7e 93 44 53 |Н.+╞╙╔о.╣0Mф~⌠DS| 00006360 35 94 a5 d3 64 cb 8e 25 3d 06 a3 da a7 ff c3 71 |5■╔сdк▌%=.ёз╖Ъцq| 00006370 72 a1 45 17 7c 5e 9b 65 97 08 45 27 77 ee a6 ff |r║E.|^⌡e≈.E'wН╕Ъ| 00006380 21 89 35 e6 59 0e 9b 81 f5 86 e7 5f 7c 14 5d ea |!┴5ФY.⌡│У├Г_|.]Й| 00006390 62 a6 ba 87 eb a3 96 f8 c6 f5 7b bb 1c ad 7e 7b |b╕╨┤Кё√ЬфУ{╩.╜~{| 000063a0 b7 bd cf 7f 30 33 01 cf 77 40 fb 45 95 ab 76 92 |╥╫о.03.оw@ШE∙╚v▓| 000063b0 1a e0 13 c9 6b 24 ba a9 7c 53 57 b5 2d df 8a f2 |.Ю.иk$╨╘|SW╣-ъ┼Р| 000063c0 53 f0 46 0f f5 34 29 10 49 55 c7 3b 88 60 33 b0 |SПF.У4).IUг;┬`3╟| 000063d0 10 65 6b 4d d3 98 ef fa b1 0b 1a 28 c3 42 b9 d5 |.ekMс≤ОЗ╠..(цB╧у| 000063e0 88 94 d0 92 a7 cb a1 3e 14 22 81 23 f1 3b 68 19 |┬■п▓╖к║>."│#Я;h.| 000063f0 66 59 64 e6 7e 3a 21 22 fa cf 70 7c 6b 4c 74 30 |fYdФ~:!"Зоp|kLt0| 00006400 25 98 5c 86 35 ae 85 ab 19 56 e4 55 6f c3 f5 b3 |%≤\├5╝┘╚.VДUoцУЁ| 00006410 0e f5 70 36 43 f5 53 d1 e5 ad 3a 81 d0 d5 6f 9d |.Уp6CУSяЕ╜:│пуo²| 00006420 13 20 37 50 61 4c 74 a2 ac 49 3f b1 7b 6b 39 e5 |. 7PaLt╒╛I?╠{k9Е| 00006430 f5 af be e2 c4 dd 76 a3 04 21 f6 7e 6e f7 fb 0e |У╞╬Бдщvё.!Ж~nВШ.| 00006440 16 a2 f3 58 c1 17 98 97 26 7a 6e 05 73 e8 2c d8 |.╒СXа.≤≈&zn.sХ,ь| 00006450 80 84 d1 5a 02 2d 68 79 3f 68 0d 4c 28 69 b4 62 |─└яZ.-hy?h.L(i╢b| 00006460 aa 39 d2 54 73 28 34 dc 2b 15 06 00 b5 b1 07 e3 |╙9рTs(4э+...╣╠.Ц| 00006470 6b b1 d6 b7 2b 3e 9b 87 6b 1d d4 30 9d 56 86 1f |k╠ж╥+>⌡┤k.т0²V├.| 00006480 25 87 2b 35 47 3c b7 66 99 3f 4c c3 9c bb 55 52 |%┤+5G<╥f≥?Lц°╩UR| 00006490 fa 52 af c2 5c ae 7b b1 78 ec 53 52 2c 5d 5d a6 |ЗR╞б\╝{╠xЛSR,]]╕| 000064a0 32 f8 1d 44 0a fb 7c 8d db e8 4c 63 a6 32 74 d3 |2Ь.D.Ш|█шХLc╕2tс| 000064b0 d1 61 76 09 97 5b e7 0a 6e 19 fe 1f e6 ec 7b 54 |яav.≈[Г.n.Ч.ФЛ{T| 000064c0 56 4e f3 f1 59 5b 35 83 b7 24 2e 35 91 c4 bc b8 |VNСЯY[5┐╥$.5▒д╪╦| 000064d0 5f 39 2f 03 81 cc aa 3e 38 c6 0f 0e a1 22 32 aa |_9/.│л╙>8ф..║"2╙| 000064e0 56 f1 16 d4 e4 26 87 a0 04 28 4a 81 fd ae 11 4e |VЯ.тД&┤═.(J│Щ╝.N| 000064f0 44 7d 8b c7 f9 59 b1 b4 51 b9 f7 bd 2b 13 2f 60 |D}▀гЫY╠╢Q╧В╫+./`| 00006500 f5 78 04 0f 93 b5 8b 01 f0 2f be 6c bf fe 50 88 |Уx..⌠╣▀.П/╬l©ЧP┬| 00006510 b8 98 e1 db cb d6 ab 95 98 03 85 e7 b1 dd 12 b5 |╦≤Ашкж╚∙≤.┘Г╠щ.╣| 00006520 cd b6 3e 44 b4 3d a0 5d 43 e4 52 95 97 b9 8e f4 |м╤>D╢=═]CДR∙≈╧▌Т| 00006530 3d 12 a3 75 3c f4 ea 53 3e a6 d0 d3 ca 8c db 4a |=.ёu<ТЙS>╕псй▄шJ| 00006540 34 9e 04 29 ad bc 23 09 7f c0 86 48 d0 7e c6 b0 |4·.)╜╪#..ю├Hп~ф╟| 00006550 66 4c ad 11 35 3f f6 e8 f7 62 08 87 aa c7 4e 49 |fL╜.5?ЖХВb.┤╙гNI| 00006560 a2 9a 31 c8 52 fb f2 be da 36 18 5b 45 88 dd cd |╒ 1хRШР╬з6.[E┬щм| 00006570 73 55 2f 51 08 61 a9 da 5b 00 67 66 18 a5 cb 39 |sU/Q.a╘з[.gf.╔к9| 00006580 28 50 dd 24 3e 45 9b 96 84 49 e6 93 c5 7b 67 a6 |(Pщ$>E⌡√└IФ⌠е{g╕| 00006590 7b 8f 3c e6 4e a3 eb 7a 90 04 fc 2b 25 53 88 a9 |{▐<ФNёКz░.Э+%S┬╘| 000065a0 6a ba f1 b4 be 5c e4 c0 58 bf 03 92 8a f8 62 dc |j╨Я╢╬\ДюX©.▓┼Ьbэ| 000065b0 cc e9 16 43 7e 7e c0 07 99 91 7a cc 37 ae 06 7f |лИ.C~~ю.≥▒zл7╝..| 000065c0 eb c5 33 3c d4 0f 92 69 e2 49 20 4b a2 22 e1 82 |Ке3<т.▓iБI K╒"А┌| 000065d0 c5 5f 0e 2e fe d3 29 26 f5 8a e1 56 c5 33 bb dc |е_..Чс)&У┼АVе3╩э| 000065e0 c9 ae 0e 77 45 36 e1 2f d3 52 bf 4b 9f 5a dc 10 |и╝.wE6А/сR©K÷Zэ.| 000065f0 ba 32 95 af 21 4a 2d 9f ec 20 2b b2 11 d6 ba 0f |╨2∙╞!J-÷Л +╡.ж╨.| 00006600 07 b7 77 9e b4 28 73 a5 42 07 a5 2d 2d 66 63 f8 |.╥w·╢(s╔B.╔--fcЬ| 00006610 c4 3c c6 91 86 28 64 8b 0b c2 f3 79 e6 4e 4a 86 |д<ф▒├(d▀.бСyФNJ├| 00006620 e5 d1 3a d9 d5 84 42 69 bf 99 85 36 76 b2 ac bf |Ея:ыу└Bi©≥┘6v╡╛©| 00006630 ce 99 cd 16 57 8d be 7f a4 03 a3 5f f7 96 1e f5 |н≥м.W█╬.╓.ё_В√.У| 00006640 29 96 85 c0 9c 0b 8e a5 be c9 c5 44 00 81 59 9a |)√┘ю°.▌╔╬иеD.│Y | 00006650 99 ab 11 48 58 f7 4a e3 ed 8b c6 1a 37 d1 34 fb |≥╚.HXВJЦМ▀ф.7я4Ш| 00006660 99 8f 27 ad b3 81 dd e0 f3 f9 50 82 86 78 fa e9 |≥▐'╜Ё│щЮСЫP┌├xЗИ| 00006670 0a 95 c9 e0 4d 45 45 b9 2f e4 ce 94 96 1b af 42 |.∙иЮMEE╧/Дн■√.╞B| 00006680 90 77 36 98 59 71 a4 81 02 6e c3 99 4d b9 78 e9 |░w6≤Yq╓│.nц≥M╧xИ| 00006690 04 b0 74 85 6d 73 44 cb 2e f8 d4 21 fd 1a c4 21 |.╟t┘msDк.Ьт!Щ.д!| 000066a0 4d f5 09 18 71 19 7f 64 ec 15 84 74 e8 7d 6f f1 |MУ..q..dЛ.└tХ}oЯ| 000066b0 cf 01 15 12 86 96 0d 5a 5f d0 9f 32 31 1a d9 02 |о...├√.Z_п÷21.ы.| 000066c0 bc d9 32 41 1d 53 f5 2d 1b 91 4f 3c 43 8c 9b 14 |╪ы2A.SУ-.▒O| 00006780 51 bd 5c cc 06 7b 4e 48 0e 09 66 2e c1 4f 31 4d |Q╫\л.{NH..f.аO1M| 00006790 09 24 6c 30 13 4d 54 ea ae e8 94 0e 27 49 73 a3 |.$l0.MTЙ╝Х■.'Isё| 000067a0 88 5c 09 7e d8 02 c7 6a 90 5c 0e 57 bd b9 5e 66 |┬\.~ь.гj░\.W╫╧^f| 000067b0 c6 93 35 42 5b 1a ac 0f 18 f0 46 d2 32 ec 0d be |ф⌠5B[.╛..ПFр2Л.╬| 000067c0 a9 19 36 08 b9 63 6b 17 f4 33 c4 f5 ba 62 7b 3b |╘.6.╧ck.Т3дУ╨b{;| 000067d0 f3 c6 92 0d 4a ca 4b 48 f8 61 19 1e a3 51 ce c9 |Сф▓.JйKHЬa..ёQни| 000067e0 88 8b 8c ee 7e 6a b2 14 0c fe 9f 02 e2 8c b0 80 |┬▀▄Н~j╡..Ч÷.Б▄╟─| 000067f0 7d 03 25 8d fc c4 21 66 9d f9 c6 d9 a6 3f a1 32 |}.%█Эд!f²Ыфы╕?║2| 00006800 d3 ae 7f 16 58 8f 52 7f 04 e2 b8 f9 00 30 28 36 |с╝..X▐R..Б╦Ы.0(6| 00006810 59 a6 92 ee 45 5e 52 db 7a 09 9b 76 2c 63 c2 4c |Y╕▓НE^Rшz.⌡v,cбL| 00006820 4d b1 3b 28 61 a0 49 22 fc 5a 39 a7 e3 6c e4 a3 |M╠;(a═I"ЭZ9╖ЦlДё| 00006830 5b 1e 88 4e 1a be 76 c4 12 23 60 93 85 ff 4e 5e |[.┬N.╬vд.#`⌠┘ЪN^| 00006840 39 a1 1d 63 99 b9 8e 5f e5 4b ab 8d bc 1f 33 8c |9║.c≥╧▌_ЕK╚█╪.3▄| 00006850 a8 7e c9 34 36 cf f8 f0 45 c2 50 32 cc 3f 55 2f |╗~и46оЬПEбP2л?U/| 00006860 b7 48 ff 91 4a e2 d2 f5 9a 59 d7 78 9e 66 d4 1f |╥HЪ▒JБрУ Yвx·fт.| 00006870 f3 87 a6 dd dc ff f8 5c ad d8 94 90 5a 5c 2c e6 |С┤╕щэЪЬ\╜ь■░Z\,Ф| 00006880 e2 df e7 dc 30 26 64 08 1e 90 30 f8 5d 43 6a 79 |БъГэ0&d..░0Ь]Cjy| 00006890 18 52 9f 99 5d 04 be 0d c7 3f 5e 44 23 ee d8 e0 |.R÷≥].╬.г?^D#НьЮ| 000068a0 d6 ce 79 52 f6 e5 b5 cb b8 5f e1 c1 eb 33 e8 ed |жнyRЖЕ╣к╦_АаК3ХМ| 000068b0 99 66 ac 02 6e aa 74 06 2c a4 d0 c7 f3 46 43 d6 |≥f╛.n╙t.,╓пгСFCж| 000068c0 6f 34 03 62 a4 9c 9e b7 39 c1 9a 61 bd 55 b0 e4 |o4.b╓°·╥9а a╫U╟Д| 000068d0 b6 8a 6f cb 61 d4 8a d9 99 66 a2 cb 79 a8 ab e5 |╤┼oкaт┼ы≥f╒кy╗╚Е| 000068e0 20 61 92 39 56 54 17 7c ef e3 40 c7 44 88 32 9f | a▓9VT.|ОЦ@гD┬2÷| 000068f0 19 07 6e b6 ba c4 9c 67 8a b7 a9 91 b4 77 92 87 |..n╤╨д°g┼╥╘▒╢w▓┤| 00006900 c0 72 72 c3 22 39 30 de 9d 38 70 a1 5f d0 0b 8d |юrrц"90ч²8p║_п.█| 00006910 ab 34 3b b4 c6 a4 e4 a6 10 fd b1 ff 97 ae a7 48 |╚4;╢ф╓Д╕.Щ╠Ъ≈╝╖H| 00006920 c8 e6 a5 57 c7 b3 43 8f f4 61 ad 0c a2 e6 23 38 |хФ╔WгЁC▐Тa╜.╒Ф#8| 00006930 66 ff ad 6e 62 e5 10 e2 43 87 b1 c3 54 8e 12 3e |fЪ╜nbЕ.БC┤╠цT▌.>| 00006940 35 2c 78 fb 25 aa b0 48 c2 6c b1 93 f1 2d e0 87 |5,xШ%╙╟Hбl╠⌠Я-Ю┤| 00006950 01 80 74 9b 9d e1 cb df a0 72 f8 17 c6 ae a4 96 |.─t⌡²Акъ═rЬ.ф╝╓√| 00006960 1c 7b b0 87 77 e5 1d f2 9c 2d 72 da 71 c9 38 e2 |.{╟┤wЕ.Р°-rзqи8Б| 00006970 a3 69 b4 eb 28 9f 31 74 7f f6 9a 48 d7 b3 b8 5e |ёi╢К(÷1t.Ж HвЁ╦^| 00006980 ad ef 3b 41 ab b1 46 c3 be a9 4c 61 5d a6 bc 4b |╜О;A╚╠Fц╬╘La]╕╪K| 00006990 46 30 1b 67 c6 11 3a 68 30 bd 9c c8 9c 00 ae df |F0.gф.:h0╫°х°.╝ъ| 000069a0 a1 5f 4a f7 49 29 80 02 18 0d 34 45 bf 3b 31 e0 |║_JВI)─...4E©;1Ю| 000069b0 71 b5 77 9d cf 56 79 41 be 53 c3 1a 3f 24 ad ff |q╣w²оVyA╬Sц.?$╜Ъ| 000069c0 aa 39 e8 fa e7 e3 74 f8 ef 6c 9a 77 7f 77 92 4e |╙9ХЗГЦtЬОl w.w▓N| 000069d0 56 8f d9 88 eb 7c c3 32 f5 f9 63 9b e0 06 b0 95 |V▐ы┬К|ц2УЫc⌡Ю.╟∙| 000069e0 e4 c0 96 55 98 fe 17 f7 ff 2a f7 b3 03 7f e9 2b |Дю√U≤Ч.ВЪ*ВЁ..И+| 000069f0 04 e9 b3 a3 62 05 98 98 1e 2f 61 48 70 d6 04 fb |.ИЁёb.≤≤./aHpж.Ш| 00006a00 d2 bc 12 e2 a6 20 be 90 68 17 d2 75 ba 16 64 4d |р╪.Б╕ ╬░h.рu╨.dM| 00006a10 47 65 f7 4f df c2 e1 9e e0 12 eb f5 44 4d 64 bf |GeВOъбА·Ю.КУDMd©| 00006a20 ca 00 62 4e c7 c2 ba 1d 3c 2a d5 51 43 63 91 15 |й.bNгб╨.<*уQCc▒.| 00006a30 c9 d8 6e 30 03 c3 83 a0 72 2e c2 99 0d e0 73 bb |иьn0.ц┐═r.б≥.Юs╩| 00006a40 8b 5e dc 3c 62 72 56 9e 2c 5b 4c 9d 1e de 17 65 |▀^э?╥`р█<ШШ.ь╣╛| 00006c00 11 11 f1 2f c2 65 44 6e 60 cb ce d5 4e 22 1c bd |..Я/бeDn`кнуN".╫| 00006c10 9e 1b cf 5f 44 95 2d 05 6d 7c 03 2b 52 1c 26 7f |·.о_D∙-.m|.+R.&.| 00006c20 c7 d6 ee 2c 64 17 ba 8b 21 56 4a b0 d8 07 49 20 |гжН,d.╨▀!VJ╟ь.I | 00006c30 76 5d 36 3a f0 db 7d 59 8e b0 2c a2 e4 16 36 c4 |v]6:Пш}Y▌╟,╒Д.6д| 00006c40 4b 13 ef df 08 10 4d bb 54 d3 36 36 db ab b3 a4 |K.Оъ..M╩Tс66ш╚Ё╓| 00006c50 15 2d 40 19 b2 56 cb ae fd 9c aa bb a9 30 88 2f |.-@.╡Vк╝Щ°╙╩╘0┬/| 00006c60 f1 6f aa 0e b1 30 b7 77 6d 02 f3 b2 9e 25 b7 18 |Яo╙.╠0╥wm.С╡·%╥.| 00006c70 6b f5 68 24 ac 90 5e 33 fb 2c 30 0e 3f 42 c7 a3 |kУh$╛░^3Ш,0.?Bгё| 00006c80 0b bb 02 b6 eb a1 d5 e7 c3 33 0f 40 86 c0 46 c3 |.╩.╤К║уГц3.@├юFц| 00006c90 f0 0d 03 ec 19 47 07 3a ef e7 02 94 88 d3 a7 e8 |П..Л.G.:ОГ.■┬с╖Х| 00006ca0 6c 25 43 8a 47 a4 3a 54 79 25 d8 1f 0a 3d 5e c6 |l%C┼G╓:Ty%ь..=^ф| 00006cb0 cf 19 0f 18 39 4e de d9 c7 de 2b f8 76 55 2b 90 |о...9Nчыгч+ЬvU+░| 00006cc0 56 7c 53 d2 02 9c 37 39 fe d8 23 da c9 2e c1 53 |V|Sр.°79Чь#зи.аS| 00006cd0 ba 76 36 8a 75 04 06 a0 6f 92 54 51 ce f6 51 83 |╨v6┼u..═o▓TQнЖQ┐| 00006ce0 6b 9c 29 6e 62 18 f6 ae 6d 78 fd 5b cb 35 40 b2 |k°)nb.Ж╝mxЩ[к5@╡| 00006cf0 32 26 85 62 b3 f9 b0 f6 92 4a 6c fe 88 3c 28 2c |2&┘bЁЫ╟Ж▓JlЧ┬<(,| 00006d00 76 db 17 03 6e 2f f6 25 3d b3 48 0c 90 54 bc f6 |vш..n/Ж%=ЁH.░T╪Ж| 00006d10 0a e6 00 6f 7a 87 67 21 2c 82 70 f5 98 dd ee 01 |.Ф.oz┤g!,┌pУ≤щН.| 00006d20 6b 3e 5e d8 bb 74 65 39 32 f7 37 46 0a 54 eb 04 |k>^ь╩te92В7F.TК.| 00006d30 ea c7 83 65 a4 c6 e4 70 2b cb d6 0f 67 58 71 43 |Йг┐e╓фДp+кж.gXqC| 00006d40 39 c2 f3 da 48 35 55 4d 4e b9 97 25 0e ee 7e 2a |9бСзH5UMN╧≈%.Н~*| 00006d50 a5 ea 69 d1 66 2d ff 1c 6a df d1 76 d0 ae e0 10 |╔Йiяf-Ъ.jъяvп╝Ю.| 00006d60 8f 6c 9b 81 39 dc 52 ab c8 43 c3 55 26 f8 1b ec |▐l⌡│9эR╚хCцU&Ь.Л| 00006d70 af 3f 1b 03 f1 a4 c8 c3 f4 48 2e ed 86 15 43 36 |╞?..Я╓хцТH.М├.C6| 00006d80 70 cd 43 db 1b 0f 8d f3 67 7c 0e 70 83 56 dc a7 |pмCш..█Сg|.p┐Vэ╖| 00006d90 56 76 06 15 39 f7 39 5b 10 22 11 db 17 30 5c 80 |Vv..9В9[.".ш.0\─| 00006da0 88 27 fc ee d9 35 21 d2 b8 07 a0 5a cf 8b 18 f7 |┬'ЭНы5!р╦.═Zо▀.В| 00006db0 31 b2 c0 07 8a 09 8e de 04 5e 1b 64 b6 50 a4 37 |1╡ю.┼.▌ч.^.d╤P╓7| 00006dc0 95 17 f5 ed c6 e7 3b 75 e6 b3 a5 1e 5e ec c6 0a |∙.УМфГ;uФЁ╔.^Лф.| 00006dd0 8e ab e6 2a 0e a5 ec 2e c6 6c f3 46 95 f9 2a 6c |▌╚Ф*.╔Л.фlСF∙Ы*l| 00006de0 59 e5 80 cd 8b b1 1c 51 4a 5b 60 89 57 fc cd f6 |YЕ─м▀╠.QJ[`┴WЭмЖ| 00006df0 bf f1 cb cb 80 a7 45 50 f8 f8 df 4e 31 5c f6 c3 |©Якк─╖EPЬЬъN1\Жц| 00006e00 52 68 17 17 d4 d3 60 10 17 69 93 53 e5 42 62 71 |Rh..тс`..i⌠SЕBbq| 00006e10 dc 7d 87 99 fd 45 ea 6a bf 4f eb 50 f8 34 f5 8e |э}┤≥ЩEЙj©OКPЬ4У▌| 00006e20 a3 3b e2 cb 81 3b 0c 31 03 1a 67 ed a5 7b d4 98 |ё;Бк│;.1..gМ╔{т≤| 00006e30 15 33 c0 7f 72 bd c5 d5 12 d9 55 fc 47 77 82 ce |.3ю.r╫еу.ыUЭGw┌н| 00006e40 a4 fc c9 49 5b b0 ae 81 dd 25 a2 8c 38 66 fa 03 |╓ЭиI[╟╝│щ%╒▄8fЗ.| 00006e50 b2 5d 91 9e c1 bf f2 6e b8 db d0 fe 71 32 83 aa |╡]▒·а©Рn╦шпЧq2┐╙| 00006e60 9d 85 02 ab 9e bf 63 0b c8 e7 2b 31 ba 83 aa de |²┘.╚·©c.хГ+1╨┐╙ч| 00006e70 ad e0 f5 d3 88 fc 33 5e 51 7f 32 4c be c3 a5 87 |╜ЮУс┬Э3^Q.2L╬ц╔┤| 00006e80 55 ea 21 56 2d 26 37 58 3f 13 18 4c eb e8 0e e0 |UЙ!V-&7X?..LКХ.Ю| 00006e90 18 74 e3 dc 53 8a 27 8c 41 24 df c5 61 ea c7 c3 |.tЦэS┼'▄A$ъеaЙгц| 00006ea0 25 3d 43 dc 70 e3 e0 56 22 f2 6a b8 da 3a de 7d |%=CэpЦЮV"Рj╦з:ч}| 00006eb0 a2 2d d9 b5 e9 1b 95 c9 83 9b 6d ab ad 65 bd dd |╒-ы╣И.∙и┐⌡m╚╜e╫щ| 00006ec0 b3 75 03 d7 3b 3b 1e f5 0b 47 47 06 7e ed a0 39 |Ёu.в;;.У.GG.~М═9| 00006ed0 88 f1 78 29 48 0f 4b e8 85 0c d0 e9 36 98 fe f6 |┬Яx)H.KХ┘.пИ6≤ЧЖ| 00006ee0 e2 0d 06 1d 4b cb 7c c5 b6 64 44 32 bd a3 a8 8d |Б...Kк|е╤dD2╫ё╗█| 00006ef0 66 ab 0c b4 4d 31 03 30 f1 d7 3d 94 c9 f1 ac 46 |f╚.╢M1.0Яв=■иЯ╛F| 00006f00 0e 84 37 d2 48 0a 4c 07 fe e9 53 64 e9 17 8d 03 |.└7рH.L.ЧИSdИ.█.| 00006f10 73 3d 69 61 6b 11 06 40 5f e3 a7 c3 10 55 c1 76 |s=iak..@_Ц╖ц.Uаv| 00006f20 fa 03 49 b6 cf 74 99 71 d8 18 0a ec f8 31 58 8a |З.I╤оt≥qь..ЛЬ1X┼| 00006f30 f5 e8 31 ae 3a 31 ec 7e 7b af 39 08 8e cc 8b d3 |УХ1╝:1Л~{╞9.▌л▀с| 00006f40 03 b3 72 9c 5d 77 a5 db f0 d5 df 9a 7a b7 ce b4 |.Ёr°]w╔шПуъ z╥н╢| 00006f50 9e e6 7e 5a 03 89 66 ec dd af 65 a1 e4 6f 37 59 |·Ф~Z.┴fЛщ╞e║Дo7Y| 00006f60 86 80 11 b9 84 c8 ef 5e 36 8e 75 ce 67 8c d6 6b |├─.╧└хО^6▌uнg▄жk| 00006f70 6a c1 ac c0 9f d5 ef 93 90 00 4a 56 86 eb 84 c8 |jа╛ю÷уО⌠░.JV├К└х| 00006f80 cc 24 a5 24 c1 e6 34 bf d2 80 07 ca 61 ee e6 fb |л$╔$аФ4©р─.йaНФШ| 00006f90 9e 54 42 17 cc 6d 4a 4f c5 8e ed a5 dc 9b a8 fc |·TB.лmJOе▌М╔э⌡╗Э| 00006fa0 2a 7b 0a c5 ec 7a 76 68 79 4c 50 62 9e 54 50 ec |*{.еЛzvhyLPb·TPЛ| 00006fb0 3f 7f b1 00 c7 ac 97 c6 96 f4 91 3b 45 0c 84 b9 |?.╠.г╛≈ф√Т▒;E.└╧| 00006fc0 7c 50 0d 52 65 12 2d c7 99 3a 5d 29 bb 10 fa 21 ||P.Re.-г≥:])╩.З!| 00006fd0 21 1e 60 0b 3e 6b d0 3e 9f eb 27 33 f4 6f 0c d6 |!.`.>kп>÷К'3Тo.ж| 00006fe0 00 15 77 8c bf b6 26 61 3f b3 0e 2f 56 86 44 df |..w▄©╤&a?Ё./V├Dъ| 00006ff0 fc 5a 6f 0b 9d 51 65 7a a5 e0 2a cf 06 a9 2d 71 |ЭZo.²Qez╔Ю*о.╘-q| 00007000 9d 34 d7 fa bf fe e4 64 79 5a a1 e3 87 04 42 be |²4вЗ©ЧДdyZ║Ц┤.B╬| 00007010 64 8e 18 98 b7 39 83 c0 8e be d4 81 e0 08 d8 3f |d▌.≤╥9┐ю▌╬т│Ю.ь?| 00007020 1a b0 d5 92 0c c9 13 6c bf f0 bb a1 d6 1c 29 25 |.╟у▓.и.l©П╩║ж.)%| 00007030 94 31 35 dc 6f 04 bf 84 b6 67 67 51 42 7b 08 a9 |■15эo.©└╤ggQB{.╘| 00007040 6d 87 ca 5a a7 a9 da 69 04 61 8f 15 e8 81 93 13 |m┤йZ╖╘зi.a▐.Х│⌠.| 00007050 eb 61 71 41 a3 f9 21 b2 ee 66 26 82 ea 98 29 15 |КaqAёЫ!╡Нf&┌Й≤).| 00007060 17 a4 3f 7b 74 0c 6f 2d ab ba 83 dc 14 7f 9c d4 |.╓?{t.o-╚╨┐э..°т| 00007070 e2 cf dd 3f 2f a1 e3 44 cf 05 0c b6 da 3c 3e 0a |Бощ?/║ЦDо..╤з<>.| 00007080 ff 54 a1 8a 8f de b9 74 93 83 ac 08 38 5e c4 95 |ЪT║┼▐ч╧t⌠┐╛.8^д∙| 00007090 23 77 99 c7 97 01 a0 d5 6f a9 11 d4 82 09 e1 07 |#w≥г≈.═уo╘.т┌.А.| 000070a0 ee 01 72 ba 07 99 47 50 0d 82 05 5d 38 66 6f ec |Н.r╨.≥GP.┌.]8foЛ| 000070b0 e6 21 55 67 a8 fb c8 39 9e 7e 3f cd ee 80 3e e8 |Ф!Ug╗Шх9·~?мН─>Х| 000070c0 f0 61 e7 6d ac f7 87 96 a4 80 76 9e d5 05 1e 92 |ПaГm╛В┤√╓─v·у..▓| 000070d0 41 37 6e b0 c8 ca 6b 9b 36 17 a4 8a 6b f0 30 55 |A7n╟хйk⌡6.╓┼kП0U| 000070e0 b2 21 ad f3 7b 80 0e a3 53 88 e4 ca b2 84 48 33 |╡!╜С{─.ёS┬Дй╡└H3| 000070f0 73 a4 5b 14 6c 9b 17 43 87 1f 79 77 a3 37 47 da |s╓[.l⌡.C┤.ywё7Gз| 00007100 d3 0e 62 f9 81 39 d5 7b e0 95 a6 79 b8 7d e6 09 |с.bЫ│9у{Ю∙╕y╦}Ф.| 00007110 d0 d7 6f 62 28 61 78 36 3d e5 be 5d 2e cd 29 8f |пвob(ax6=Е╬].м)▐| 00007120 38 a9 c0 07 4f dd fa 58 4d 0d 45 68 0f c0 eb c2 |8╘ю.OщЗXM.Eh.юКб| 00007130 bb 26 11 4b e9 89 01 25 c0 33 ef 3d 2a 07 e6 8f |╩&.KИ┴.%ю3О=*.Ф▐| 00007140 20 1e e4 50 59 ca 9e 02 b7 d6 b2 f0 e0 21 16 fc | .ДPYй·.╥ж╡ПЮ!.Э| 00007150 8d 3b 37 01 eb 12 7a 70 f2 ea 6f bb 2e e9 68 ac |█;7.К.zpРЙo╩.Иh╛| 00007160 fd 7d 37 17 58 db fd 1a 61 81 2c 42 df 85 f2 50 |Щ}7.XшЩ.a│,Bъ┘РP| 00007170 7c 42 8f 03 fd 40 40 49 89 ac fa ee 59 40 31 5d ||B▐.Щ@@I┴╛ЗНY@1]| 00007180 aa 87 59 46 dc 78 49 4a d4 93 24 b1 49 d2 df 5d |╙┤YFэxIJт⌠$╠Iръ]| 00007190 02 64 c4 b9 31 18 90 cf d7 5a 3f c3 64 88 59 90 |.dд╧1.░овZ?цd┬Y░| 000071a0 f1 84 7a cc f9 11 01 88 f8 fa 24 53 fd 81 a7 62 |Я└zлЫ..┬ЬЗ$SЩ│╖b| 000071b0 eb be 84 4f c1 09 62 65 2c 5d 93 42 b0 ef 11 cd |К╬└Oа.be,]⌠B╟О.м| 000071c0 05 a0 48 2e e8 89 f5 3d 2c 21 57 ad 78 3f a7 67 |.═H.Х┴У=,!W╜x?╖g| 000071d0 26 66 3a f2 20 1d a3 8e fd 2d 0d 56 91 02 14 7e |&f:Р .ё▌Щ-.V▒..~| 000071e0 a0 3d 9e 11 66 1c da e9 90 fb e5 ca 90 c4 87 aa |═=·.f.зИ░ШЕй░д┤╙| 000071f0 91 e0 f9 29 f9 bc 66 15 ea e6 08 eb 79 e4 08 a0 |▒ЮЫ)Ы╪f.ЙФ.КyД.═| 00007200 49 55 b2 c7 87 79 63 02 4e 3e 78 dd b2 5e 77 af |IU╡г┤yc.N>xщ╡^w╞| 00007210 ef ce d5 49 3c 84 0c 71 b4 d0 3b 94 6f c7 1e e6 |ОнуI<└.q╢п;■oг.Ф| 00007220 73 17 58 b0 48 6d e9 3e 56 90 ae f1 ac 0f b6 80 |s.X╟HmИ>V░╝Я╛.╤─| 00007230 7d 41 b3 a1 27 94 12 27 25 6f 11 f0 5e 72 13 8c |}AЁ║'■.'%o.П^r.▄| 00007240 b8 46 79 e1 43 b5 02 05 94 ee 11 c5 a9 a1 7b 4f |╦FyАC╣..■Н.е╘║{O| 00007250 22 ce ec 11 70 0e 50 88 01 2d 60 9f 79 92 16 e3 |"нЛ.p.P┬.-`÷y▓.Ц| 00007260 f3 a4 ff e1 62 ad be df c8 f7 f1 6b 88 ec f6 3a |С╓ЪАb╜╬ъхВЯk┬ЛЖ:| 00007270 7a e1 ed fb 23 d3 05 1b 53 2b de d3 0e 72 12 54 |zАМШ#с..S+чс.r.T| 00007280 82 6e 8f a2 d1 2e 51 48 db e3 d7 df e7 b7 e4 11 |┌n▐╒я.QHшЦвъГ╥Д.| 00007290 81 42 64 b3 6d b1 1e 67 a5 cd 33 f7 fd 92 bc 45 |│BdЁm╠.g╔м3ВЩ▓╪E| 000072a0 08 4e 54 57 ac d6 86 36 c9 c1 e4 98 9c 38 6c 21 |.NTW╛ж├6иаД≤°8l!| 000072b0 92 1d 10 f9 71 89 75 0d 7f 62 b0 64 53 0c ab 33 |▓..Ыq┴u..b╟dS.╚3| 000072c0 52 8f 2e 32 1a 73 3c 78 c1 4e f6 3d c9 01 f6 8d |R▐.2.sAсы╧wu╙| 00007310 76 a3 91 95 45 a2 f4 22 a8 1b ad 59 d4 72 14 ab |vё▒∙E╒Т"╗.╜Yтr.╚| 00007320 f8 d4 6a 97 43 37 63 70 58 e6 8c 93 d8 e3 08 0a |Ьтj≈C7cpXФ▄⌠ьЦ..| 00007330 d3 ad 8f 47 16 9a c1 a8 d7 ae 20 75 6b bf ed af |с╜▐G. а╗в╝ uk©М╞| 00007340 90 75 ae 23 7f b6 65 ab 9b d2 17 9e d2 c8 0f 8e |░u╝#.╤e╚⌡р.·рх.▌| 00007350 be 60 1e 8d 2e 5a 92 c2 1c eb 40 ed 53 2e 02 21 |╬`.█.Z▓б.К@МS..!| 00007360 1d a6 0c 3c a7 78 03 0a 97 38 88 17 59 50 8a dc |.╕.<╖x..≈8┬.YP┼э| 00007370 0e 42 9b 80 53 2d 62 b4 c5 64 42 9f 11 8e 47 5f |.B⌡─S-b╢еdB÷.▌G_| 00007380 71 68 ab f5 07 0a af 4d 2f 2e 3d 57 b7 77 1a 1e |qh╚У..╞M/.=W╥w..| 00007390 d6 54 3d 42 f3 2b da a1 fd 4e f1 3a 40 40 fd ae |жT=BС+з║ЩNЯ:@@Щ╝| 000073a0 d7 a1 06 07 f9 41 fe d6 69 73 65 aa bd bb 04 03 |в║..ЫAЧжise╙╫╩..| 000073b0 1a 5f b7 5b 6b 5c 26 17 c3 9f 7b 38 84 22 4d 28 |._╥[k\&.ц÷{8└"M(| 000073c0 10 be db 47 bf b4 13 53 00 b7 04 a7 0c 60 9c ec |.╬шG©╢.S.╥.╖.`°Л| 000073d0 0e d3 b3 f2 7b 6f 19 95 ca f4 56 a4 d9 7e 2e d7 |.сЁР{o.∙йТV╓ы~.в| 000073e0 a4 91 ae ed 6f 7a 35 f1 44 fa 48 c9 c0 03 ef 12 |╓▒╝Мoz5ЯDЗHию.О.| 000073f0 55 97 ea 7a eb af 80 50 ed c1 3a fa ee 1a 91 ad |U≈ЙzК╞─PМа:ЗН.▒╜| 00007400 3c f7 57 df db e4 61 73 af b3 ce d1 0c ac 39 5f |<ВWъшДas╞Ёня.╛9_| 00007410 a8 6c 39 4d 97 b7 a9 01 ca ce b1 f5 b1 9e af da |╗l9M≈╥╘.йн╠У╠·╞з| 00007420 e1 84 ca 18 ac 69 8d bd fe d7 a7 ac 0b ea a2 3d |А└й.╛i█╫Чв╖╛.Й╒=| 00007430 b3 44 7b 7a 49 e1 57 2d 63 4a f1 13 cf 41 eb 03 |ЁD{zIАW-cJЯ.оAК.| 00007440 0b 7b c2 df 04 60 b8 0c ed 8e 3b 66 9e 7b e2 ad |.{бъ.`╦.М▌;f·{Б╜| 00007450 d6 59 d0 71 f1 d1 23 ea 86 6e ef 0f 81 9c b7 a1 |жYпqЯя#Й├nО.│°╥║| 00007460 3a 24 f8 fa c5 c1 b6 23 4c b2 4e 2d 1d ff 7f 85 |:$ЬЗеа╤#L╡N-.Ъ.┘| 00007470 96 73 6f 3f 0e 59 fe 1e 22 f4 13 04 ec 63 c3 69 |√so?.YЧ."Т..Лcцi| 00007480 26 0c e0 8c bc 14 90 51 c4 32 f8 84 b1 d6 d4 08 |&.Ю▄╪.░Qд2Ь└╠жт.| 00007490 78 bc 29 62 74 0c 72 6b fe 5d 09 55 8c 88 05 8f |x╪)bt.rkЧ].U▄┬.▐| 000074a0 8f ec c6 63 c7 a0 2b d3 21 07 4e 98 15 da cb a1 |▐Лфcг═+с!.N≤.зк║| 000074b0 94 86 c7 d7 17 1b ef 21 5b 64 cb 6b 73 62 c8 f1 |■├гв..О![dкksbхЯ| 000074c0 fe f7 94 6a b1 ab 2c 18 66 0e 33 f3 37 72 bb 56 |ЧВ■j╠╚,.f.3С7r╩V| 000074d0 4c 44 d6 e5 30 17 bb bf ec 0b c8 c4 e0 c7 2d 75 |LDжЕ0.╩©Л.хдЮг-u| 000074e0 69 94 2d 4f 0d 67 eb a9 fa 67 93 19 ee ea e1 5f |i■-O.gК╘Зg⌠.НЙА_| 000074f0 0f d6 bb d3 69 ec c9 b4 f0 92 d5 38 d9 f7 b7 ec |.ж╩сiЛи╢П▓у8ыВ╥Л| 00007500 6c 71 0e 65 09 a1 17 a3 b4 77 4e ff b7 a1 3b e7 |lq.e.║.ё╢wNЪ╥║;Г| 00007510 6a 42 f6 00 cb f7 5d 06 87 6a 15 e0 68 c7 82 08 |jBЖ.кВ].┤j.Юhг┌.| 00007520 f0 9c 54 68 e7 ce 4c 69 47 cb e6 00 63 26 a6 7c |П°ThГнLiGкФ.c&╕|| 00007530 56 ec ae 28 60 59 07 bf 74 44 c6 a7 c3 67 72 31 |VЛ╝(`Y.©tDф╖цgr1| 00007540 c8 e3 6b e1 42 83 18 95 96 f4 5d d1 36 2f 83 78 |хЦkАB┐.∙√Т]я6/┐x| 00007550 b4 32 ba 5a c2 62 2e bd e4 b7 32 e9 15 cb 01 c6 |╢2╨Zбb.╫Д╥2И.к.ф| 00007560 50 46 0a 31 07 96 2b c4 ba c8 88 22 0e 74 ff 39 |PF.1.√+д╨х┬".tЪ9| 00007570 9c 7d ad 20 10 cb db a2 4e a7 bb 4f 2d c0 06 0b |°}╜ .кш╒N╖╩O-ю..| 00007580 d9 92 19 aa 8f 0c 51 99 2b 73 d5 56 e5 0b 5b b6 |ы▓.╙▐.Q≥+sуVЕ.[╤| 00007590 d5 7f 4d 11 a0 a3 f3 88 8c 5b 29 ae 2e f0 b3 e2 |у.M.═ёС┬▄[)╝.ПЁБ| 000075a0 26 f9 0a 61 7b 9e 82 da 14 ea f1 fa 43 36 63 89 |&Ы.a{·┌з.ЙЯЗC6c┴| 000075b0 c0 15 b9 14 8a bd b2 0a 75 8b af ec b9 3c d1 16 |ю.╧.┼╫╡.u▀╞Л╧<я.| 000075c0 fd 98 fc 3f 2c 47 54 29 0f ce ca ea 62 14 ea 9d |Щ≤Э?,GT).нйЙb.Й²| 000075d0 d8 0b d3 0b 95 c8 83 d2 91 5f b0 7d 49 0d 5b 67 |ь.с.∙х┐р▒_╟}I.[g| 000075e0 c1 4c 64 76 87 11 f7 89 ab 02 4c f4 34 62 e6 48 |аLdv┤.В┴╚.LТ4bФH| 000075f0 c8 7e 3a dc 9c 72 18 9a 49 71 c9 77 50 ba 07 71 |х~:э°r. IqиwP╨.q| 00007600 f7 84 63 3a b5 9c 3f 69 cd a5 36 ff a9 1d 2a 46 |В└c:╣°?iм╔6Ъ╘.*F| 00007610 07 22 e0 75 88 32 2b 47 ae 45 77 2d 45 2d ea ea |."Юu┬2+G╝Ew-E-ЙЙ| 00007620 ad 75 29 3e 9e 99 9f a3 ff ae 39 09 27 db f4 dd |╜u)>·≥÷ёЪ╝9.'шТщ| 00007630 93 b9 6a 41 4c 99 a3 58 fc 21 34 a8 70 8b 7b 62 |⌠╧jAL≥ёXЭ!4╗p▀{b| 00007640 3a 7a a7 fa 94 7e 85 57 a1 2e 4d c2 52 be 19 a7 |:z╖З■~┘W║.MбR╬.╖| 00007650 64 5a 73 5e d1 c8 df b1 f3 c0 b6 66 a4 59 1f e9 |dZs^яхъ╠Сю╤f╓Y.И| 00007660 c3 c6 a8 4b 8e 50 2d 02 80 8b e7 56 90 0f 2e c2 |цф╗K▌P-.─▀ГV░..б| 00007670 f0 06 9f 5a be 58 8e d4 3c 89 a0 6e 1c 3b 3b 9d |П.÷Z╬X▌т<┴═n.;;²| 00007680 7c 74 ea 60 58 3f 4f 7d 77 5e f0 5b c4 cc 08 23 ||tЙ`X?O}w^П[дл.#| 00007690 4f 31 33 23 ee f6 8d a7 de 14 c8 9f 5a c5 40 3d |O13#НЖ█╖ч.х÷Zе@=| 000076a0 05 68 be e4 7d 0e fb 0f 5b 97 13 f2 90 ab 30 cd |.h╬Д}.Ш.[≈.Р░╚0м| 000076b0 94 71 f0 c2 29 49 43 0b 18 e2 c8 32 11 14 bd 85 |■qПб)IC..Бх2..╫┘| 000076c0 3e 43 ad c6 0c de d1 10 d1 bf 37 f8 51 c6 34 97 |>C╜ф.чя.я©7ЬQф4≈| 000076d0 7e e7 43 ed 7e b2 03 a8 dc 37 14 71 2a ec b9 2e |~ГCМ~╡.╗э7.q*Л╧.| 000076e0 c1 d0 42 73 7b ab 9e 74 95 bf ba df 37 86 69 d6 |апBs{╚·t∙©╨ъ7├iж| 000076f0 1b e5 b7 0c c6 b0 3f 20 85 75 69 5d 96 d6 9e 9b |.Е╥.ф╟? ┘ui]√ж·⌡| 00007700 80 04 cc af a0 b5 0a 24 8c fd 71 ae 6a 4b a2 4c |─.л╞═╣.$▄Щq╝jK╒L| 00007710 c6 28 f6 04 1a 9e bf cb 71 89 fc 00 96 11 b1 3c |ф(Ж..·©кq┴Э.√.╠<| 00007720 69 83 39 42 d7 c4 e3 28 81 ba 17 b5 71 fa 5a 41 |i┐9BвдЦ(│╨.╣qЗZA| 00007730 2b f1 d9 7a d7 fc 0a cf f1 61 c7 97 33 3b 4d 84 |+ЯыzвЭ.оЯaг≈3;M└| 00007740 88 f7 83 f6 e0 e7 ca 66 49 2e 49 5c bb 52 b2 ae |┬В┐ЖЮГйfI.I\╩R╡╝| 00007750 16 4b 96 3c c8 3b e1 5b e8 6c 45 79 18 43 0c 78 |.K√<х;А[ХlEy.C.x| 00007760 89 40 2e 5a 64 f2 9e 65 0f 45 7f f0 78 b1 a7 c0 |┴@.ZdР·e.E.Пx╠╖ю| 00007770 52 9b 86 be c6 8f 9c bb 74 61 c1 80 4a a3 36 07 |R⌡├╬ф▐°╩taа─Jё6.| 00007780 77 ef 19 04 d2 0f 46 f9 38 22 65 08 4b e3 b6 85 |wО..р.FЫ8"e.KЦ╤┘| 00007790 87 4f f6 10 0d 61 88 4e 5c fb e3 b6 1d 44 a6 c1 |┤OЖ..a┬N\ШЦ╤.D╕а| 000077a0 94 c2 fa 44 16 54 57 85 8d ec f5 51 fc f3 ae 74 |■бЗD.TW┘█ЛУQЭС╝t| 000077b0 da 16 c5 0c 04 d0 6d bb 2d 33 b2 ea 6a af c0 c5 |з.е..пm╩-3╡Йj╞юе| 000077c0 60 98 ee 59 06 b0 cc b2 8b 02 2c 71 f1 ef 40 49 |`≤НY.╟л╡▀.,qЯО@I| 000077d0 54 1b f4 29 6f 83 5a 8b 3f be 7c ed 5f 25 b8 7d |T.Т)o┐Z▀?╬|М_%╦}| 000077e0 65 0f df e0 18 34 c6 17 4b 3b 8b c4 0f 66 54 79 |e.ъЮ.4ф.K;▀д.fTy| 000077f0 29 b5 2c 97 56 cd 83 35 19 36 c6 2a ff f2 bc cf |)╣,≈Vм┐5.6ф*ЪР╪о| 00007800 3f c5 67 30 b8 96 8f 84 3d ba 02 a8 89 63 2d 61 |?еg0╦√▐└=╨.╗┴c-a| 00007810 63 15 9c cf 99 e5 d8 aa 1e c5 3f 70 5d 74 96 16 |c.°о≥Еь╙.е?p]t√.| 00007820 e8 0e ab 99 59 df 32 dd bf c3 6e f4 0b a1 19 97 |Х.╚≥Yъ2щ©цnТ.║.≈| 00007830 94 6b b2 bf f1 bb 64 5d 27 a9 f2 bc 66 ec d1 b5 |■k╡©Я╩d]'╘Р╪fЛя╣| 00007840 45 44 3f 55 d1 a1 d9 28 59 33 ce 29 54 ed d5 9a |ED?Uя║ы(Y3н)TМу | 00007850 1f 20 af 9b 7c a5 46 95 aa 29 1a 9a 87 2c a0 ae |. ╞⌡|╔F∙╙). ┤,═╝| 00007860 12 28 2f b7 1c 63 47 05 5a ce 82 f2 b2 71 28 66 |.(/╥.cG.Zн┌Р╡q(f| 00007870 f7 be c0 7b 51 ff d5 fb 13 9d ee c4 0b de 4d a1 |В╬ю{QЪуШ.²Нд.чM║| 00007880 9b ba 1e d7 ad 46 4f f0 f3 42 27 be 87 c4 7e 0b |⌡╨.в╜FOПСB'╬┤д~.| 00007890 5e 96 af e3 f2 99 db 6b c4 6d d0 33 4c 31 37 95 |^√╞ЦР≥шkдmп3L17∙| 000078a0 55 cd 8c c3 93 fc ee 20 57 9a 9f cc 4f 04 15 bb |Uм▄ц⌠ЭН W ÷лO..╩| 000078b0 47 65 f3 21 b3 68 3c 44 02 42 c8 ad 87 f4 34 86 |GeС!Ёhзot⌠D.-A╥└.╪.ф| 00007900 9c cf db 21 e7 09 c2 ee 84 1c 27 b4 08 f5 09 cd |°ош!Г.бН└.'╢.У.м| 00007910 56 8e 14 6b b9 0c a2 58 50 28 9d 2a dc ca e7 0c |V▌.k╧.╒XP(²*эйГ.| 00007920 39 01 eb f7 35 c5 c8 e9 8a f3 63 fd d3 6c 91 5d |9.КВ5ехИ┼СcЩсl▒]| 00007930 25 5f fc 54 0d ca b6 09 7a 3d 62 52 20 a8 4d a6 |%_ЭT.й╤.z=bR ╗M╕| 00007940 95 c4 45 be 7a ca 00 ad aa 22 99 35 a5 21 a3 48 |∙дE╬zй.╜╙"≥5╔!ёH| 00007950 1e e7 d9 a5 f9 8a bc 3b 1d 90 59 cb 61 07 53 3f |.Гы╔Ы┼╪;.░Yкa.S?| 00007960 8e a2 a9 49 9e 5a 2a b8 fc a0 f9 23 65 d8 33 1f |▌╒╘I·Z*╦Э═Ы#eь3.| 00007970 5e fe a5 a2 70 26 ef 92 f4 8c 9f 5e 85 6d 45 45 |^Ч╔╒p&О▓Т▄÷^┘mEE| 00007980 45 6c 84 9f 8f b6 72 25 05 7a b4 5d 98 a8 49 0a |El└÷▐╤r%.z╢]≤╗I.| 00007990 ea c0 a1 50 69 e7 6f 59 9d 8a 71 c6 5b 14 4f 96 |Йю║PiГoY²┼qф[.O√| 000079a0 04 66 0d 66 a4 ab 39 c6 cc 28 3f 42 53 f7 5d 8f |.f.f╓╚9фл(?BSВ]▐| 000079b0 02 df df a6 cd 9e 8d 76 bc 83 93 60 7f 58 e6 3d |.ъъ╕м·█v╪┐⌠`.XФ=| 000079c0 65 de 46 60 ac 40 ce 61 4d d6 8f ba 3d 3e 70 fc |eчF`╛@нaMж▐╨=>pЭ| 000079d0 a0 9c 4c 64 64 cc 13 d8 d2 e6 6e 6d 0d 97 14 02 |═°Lddл.ьрФnm.≈..| 000079e0 58 e8 17 39 0e 66 d3 68 88 8d 77 0d f7 42 6d 70 |XХ.9.fсh┬█w.ВBmp| 000079f0 36 5c 14 07 ee 28 03 47 8d 81 34 0f 68 fd b9 da |6\..Н(.G█│4.hЩ╧з| 00007a00 7d c7 be c6 ff 91 aa 62 6f bf 7e 7d c2 9d 1a 20 |}г╬фЪ▒╙bo©~}б². | 00007a10 5f a4 25 e9 dc 1f 63 1c d1 84 2b 37 e2 bf 8d 95 |_╓%Иэ.c.я└+7Б©█∙| 00007a20 a5 61 e5 bd 57 59 26 32 54 04 12 7e 46 d5 e1 0c |╔aЕ╫WY&2T..~FуА.| 00007a30 1a 0b 7c 5a 34 d9 35 9a 18 26 96 9a 5c 96 08 a1 |..|Z4ы5 .&√ \√.║| 00007a40 66 c8 13 92 5c fe 2e a6 ee a3 fa a8 e3 98 db 7e |fх.▓\Ч.╕НёЗ╗Ц≤ш~| 00007a50 af 5c d1 98 4d 2e 31 76 3e 3f 39 c8 6e 21 6b 80 |╞\я≤M.1v>?9хn!k─| 00007a60 f4 df b3 2a 40 39 af fb ff 51 11 d2 59 90 c8 60 |ТъЁ*@9╞ШЪQ.рY░х`| 00007a70 10 bd b6 e2 d0 4c 36 7b e7 ce 5a 43 93 d6 dc c7 |.╫╤БпL6{ГнZC⌠жэг| 00007a80 f3 39 72 e1 27 87 88 fd b0 62 31 08 b1 b1 31 78 |С9rА'┤┬Щ╟b1.╠╠1x| 00007a90 b0 b4 75 bb a6 ef 8f 4e 34 37 a6 08 c0 a7 28 e6 |╟╢u╩╕О▐N47╕.ю╖(Ф| 00007aa0 40 18 34 f1 f9 1d 9c 0f 08 12 61 78 42 0d fe 9a |@.4ЯЫ.°...axB.Ч | 00007ab0 04 a3 04 58 6a e2 5a e9 a6 b5 96 25 b8 42 28 c3 |.ё.XjБZИ╕╣√%╦B(ц| 00007ac0 b7 fb 42 40 6c bb eb 1a a4 10 29 3e c9 df 9c c8 |╥ШB@l╩К.╓.)>иъ°х| 00007ad0 0b 5c 25 67 cf 45 72 b3 94 d4 af fc de d3 7c 28 |.\%gоErЁ■т╞Эчс|(| 00007ae0 67 f9 e1 40 4d cf a2 1c a5 0a e3 13 0e a9 d1 8b |gЫА@Mо╒.╔.Ц..╘я▀| 00007af0 07 73 c3 69 d9 a6 09 34 1b f9 96 be 3e 98 2a 3b |.sцiы╕.4.Ы√╬>≤*;| 00007b00 3e db 6c 72 cd 00 00 00 00 00 00 00 00 00 00 00 |>шlrм...........| 00007b10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00100000 0a |.| 00100001 From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 23:24:30 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1CCC7106564A for ; Wed, 12 Sep 2012 23:24:30 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id C640E8FC08 for ; Wed, 12 Sep 2012 23:24:29 +0000 (UTC) Received: by vcbfw7 with SMTP id fw7so3596364vcb.13 for ; Wed, 12 Sep 2012 16:24:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=ZItWbGmVzlLMRpbyXG7vvsv9kbFWkPH+gTeaJE4Z+8c=; b=CDYIA04F4nGkGSPy6DkLTY/mYG8GodqEqdnLZ1PZzFOE+wQ9axSJbV0JGXzzdwgWpP 6qrjQR4qfWIpNUi6dNYoVUsDr7YVN+0maW7TJlmlKkwSC7Y5ZP+Oz2am2cWT7xMpkc0z uIHp3Z5cIYz0wRINcGD+fMd9llzvcfsrlMmxwT4nFbQF+iWJ3j2tglq5oNZNQ0KGbepy iZuUbe/NL5+9epNWKtGPZ4G4OZLNJdi5D5j+fJgamai0qAvvwjnZmL70iPZc+grbLzxX xe8qlvtHSVCIX9Ldc0jpBD0qXlMUOy2Mny+E/oHyrf8nBVlcydExKfiL9ER08IuIP2X9 acmg== Received: by 10.52.21.179 with SMTP id w19mr60950vde.58.1347492268261; Wed, 12 Sep 2012 16:24:28 -0700 (PDT) MIME-Version: 1.0 Sender: ivoras@gmail.com Received: by 10.59.0.37 with HTTP; Wed, 12 Sep 2012 16:23:47 -0700 (PDT) In-Reply-To: References: From: Ivan Voras Date: Thu, 13 Sep 2012 01:23:47 +0200 X-Google-Sender-Auth: 5bFI1uBreTTbsWojr25a5MKPFUQ Message-ID: To: freebsd-rc@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Document the *_nice and other rc.conf variables? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 23:24:30 -0000 Hello, I'd like to commit this simple addition to the rc.conf man page, and I'm wondering if these simple descriptions are ok, or is there something else which needs to be said about the knobs? Index: rc.conf.5 =================================================================== --- rc.conf.5 (revision 240388) +++ rc.conf.5 (working copy) @@ -168,6 +168,20 @@ .Dq Li NO , no swapfile is installed, otherwise the value is used as the full pathname to a file to use for additional swap space. +.It Va Ns Ao Ar name Ac Ns Va _chroot +.Pq Vt str +The chroot directory to run the service in. +.It Va Ns Ao Ar name Ac Ns Va _user +.Pq Vt str +The user to run the chrooted service as. +.It Va Ns Ao Ar name Ac Ns Va _group +.Pq Vt str +The group to run the chrooted service as. +.It Ns Ao Ar name Ac Ns Va _nice +.Pq Vt int +The +.Xr nice 1 +value to run the service under. .It Va apm_enable .Pq Vt bool If set to From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 05:24:33 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 07501106566C; Thu, 13 Sep 2012 05:24:33 +0000 (UTC) Date: Wed, 12 Sep 2012 22:24:32 -0700 From: David O'Brien To: Doug Barton , John Baldwin , freebsd-security@freebsd.org, Ian Lepore , freebsd-rc@freebsd.org, Xin Li , RW Message-ID: <20120913052431.GA15052@dragon.NUXI.org> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120912213141.GI14077@x96.org> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 05:24:33 -0000 On Wed, Sep 12, 2012 at 02:31:41PM -0700, Arthur Mesh wrote: > As you can see, only first ps, and part of sysctl is consumed. Rest of > the pipe is dropped. Contents of ls(1) follow and then parts of entropy > files. Note this result is just for this run of the test. Arthur showed me varience between tests -- where sometimes little to no part of ${entropy_file} was processed. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 06:58:01 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DA247106564A; Thu, 13 Sep 2012 06:58:01 +0000 (UTC) (envelope-from mike.telahun@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 152858FC08; Thu, 13 Sep 2012 06:58:00 +0000 (UTC) Received: by eeke52 with SMTP id e52so1848145eek.13 for ; Wed, 12 Sep 2012 23:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=HporXqHq8RI1i0Ak5A5AHpmjHU4mcSF+Jjio5eJe758=; b=BRoD58XRnpqyKrefE150sE8eJGBfL6oSJJqVSc5rvhA4S44OkzsTmdm67X1fN1jfmK +rBFWf0WtUj2Z5rlVqWrUCzouqI40suSJ7OsxsWsWARCje8EUio7kaCtONcoQkUoyN+a AsFYCW2SCpkRUejcgrPXN/5+eqczEj/3ZdLT97NthOMzYXLPOUHt9LGZJKpHjJnMkqBn lf7N4yMt8BCd3lEANg7CWUBOQYpLSPs8/L03ARYF8fBdkoacSTn8u/mvjwSrusMknlJm E+cFwb8pdMcxosSJU0QZ4tnCrZEKlqz1QLr21EYeEu2ZvoLzEM+5bMbhqK9Fr6qAJLY3 zqlw== Received: by 10.14.172.193 with SMTP id t41mr1211305eel.25.1347519480024; Wed, 12 Sep 2012 23:58:00 -0700 (PDT) Received: from [192.168.8.158] ([213.55.110.215]) by mx.google.com with ESMTPS id e42sm60380706eem.8.2012.09.12.23.57.57 (version=SSLv3 cipher=OTHER); Wed, 12 Sep 2012 23:57:59 -0700 (PDT) Message-ID: <505183F3.7080604@gmail.com> Date: Thu, 13 Sep 2012 09:57:55 +0300 From: Mike Telahun User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: d@delphij.net References: <504A5688.3090905@delphij.net> <504ECCD9.8010705@FreeBSD.org> <504F98E4.5090706@delphij.net> <50503F83.2010308@FreeBSD.org> <505043BB.1040709@delphij.net> In-Reply-To: <505043BB.1040709@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: crees@FreeBSD.org, freebsd-rc@FreeBSD.ORG, Doug Barton , Xin Li Subject: Re: [PATCH] Add -R (restart all local services) to service(8) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 06:58:02 -0000 On 09/12/2012 11:11 AM, Xin Li wrote: > > Run OpenLDAP as backend, with dovecot as IMAP store, postfix as MTA, > clamav and amavisd-new, mailman for mailing list, a postfix policy > daemon that stores certain persistent data in MySQL. > > Now, OpenLDAP, clamav and MySQL updates. No, not every application > handles restarts gracefully, they need to be restarted. While this is certainly an expedient solution. A more elegant solution might be to teach service(8) to restart a service *and* all the other services that depend on it. However, since I haven't looked at this stuff in a long time I'm not sure how much work this would entail. Cheers, Mike. From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 13:03:50 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 90477106564A; Thu, 13 Sep 2012 13:03:50 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 164638FC0C; Thu, 13 Sep 2012 13:03:50 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6408B25D37C3; Thu, 13 Sep 2012 13:03:47 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 06676BE858C; Thu, 13 Sep 2012 13:03:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id C_yIl_05LabS; Thu, 13 Sep 2012 13:03:45 +0000 (UTC) Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 781C6BE858B; Thu, 13 Sep 2012 13:03:44 +0000 (UTC) Date: Thu, 13 Sep 2012 13:03:43 +0000 (UTC) From: "Bjoern A. Zeeb" To: David O'Brien In-Reply-To: <20120913052431.GA15052@dragon.NUXI.org> Message-ID: References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> <5050F477.8060409@FreeBSD.org> <20120912213141.GI14077@x96.org> <20120913052431.GA15052@dragon.NUXI.org> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 13:03:50 -0000 secteam is currently digesting more of this thread and are going through things. Could you please slow down; we'll try to summarize the current status and we shall see. We do have a real life as well and other issues to deal with so please don't expect a 1 hour round trip time. Might also give you guys a chance to take a deep breath:) Thanks /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 19:05:09 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CB551065670 for ; Thu, 13 Sep 2012 19:05:09 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) by mx1.freebsd.org (Postfix) with ESMTP id 0DA358FC1C for ; Thu, 13 Sep 2012 19:05:09 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCEip-0002Ss-OF for freebsd-rc@freebsd.org; Thu, 13 Sep 2012 20:05:07 +0100 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCEeB-000InE-N6; Thu, 13 Sep 2012 20:00:19 +0100 To: RW , obrien@freebsd.org, freebsd-security@freebsd.org, Doug Barton , freebsd-rc@freebsd.org, Arthur Mesh , Xin Li , Ian Lepore In-reply-to: <20120912104547.1d0061c1@gumby.homeunix.com> References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> From: Mark Murray Date: Thu, 13 Sep 2012 20:00:19 +0100 Message-Id: Cc: Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 19:05:09 -0000 I've been watching this thread, but not responding due to a need to not contribute to controversy and to be able to provide a measured response when I had the resources. I'm responding to this mail out of the thread not for any particular reason. > David O'Brien wrote: > > > > On 09/10/2012 23:46, David O'Brien wrote: > > > > > > > In what way did I suggest we don't need to seed the PRNG? I > > > > simply removed an outdated and incorrect statement. > > > > > > Yes, the comment as it stood was out of date. I'm not sure that > > > removing it (rather than rephrasing it) was the right call. > > > > Doug you're a FreeBSD committer, you know how to use an editor and > > 'svn diff'. Where is your patch suggesting a rephrase? David, please back down; I see more heat than light from you. > It doesn't make any difference. > > When root close the device a forced slow reseed is done (after the > yarrow thread completes feeding the data into yarrow). Since this is > unconditional and clears the entropy accounting, the entropy estimate > is irrelevant to rc.d/, which runs as root. Correct. The original intent, disabled during the whole Matt Dillon bust-up was to start the random device _blocked_. The unblocking mechanism was/is a write to /dev/random, the intent being start-up randomness cached from the previous shutdown, or manufactured by (eg) getting the pound the keyboard and/or wiggle the mouse. This would involve a possible "soft" hang at boot time while the device was unlocked, but was intended to allow the first ssh keys and friends to be securely created. There is a whole minefield of startup scenarios there, and satisfying everybody was a pretty thankless task. > The entropy estimated at zero bits is so that an *unpriveleged* user > can't feed in his own input, corrupt the entropy estimation and > perform a state-extension attack. Yarrow is pretty resistant to this. "cat /dev/zero > /dev/random" won't "dilute" the gathered entropy, but will swamp the harvest queue. > On Tue, 11 Sep 2012 00:12:06 -0700 Doug Barton wrote: > > > I'm also tired of repeating why writing out a new /entropy file at > > boot time makes the system weaker, not stronger. > > That's not really true. The entropy file contains up to 256 bits of > entropy, if yarrow is correctly seeded with that then that entropy > will be in the 256-bit key which will produce a new file that also > contains that entropy. Too many /entropy.* files would be overkill, but done properly, won't hurt. The harvest queue (as pointed out) is limited, and its possible to overwhelm it with excessive input. I'm in favour of doing something to "dribble" the startup suff in, while limiting its length to (say) 1-2 K. Compressing the gathered stuff is a good idea, and inserting that *first* with a delay following would be ideal; 1 second would be sufficient, 2 safer if the machine very busy. After that "chunking" the cached stuff and easing it in slowly would be a Good Thing(tm). Making the harvest queue block (and therefore take everything given to it) is possible, but the locking inside the kernel is not a nice thing to do, and something like "cat /dev/zero > /dev/random" would be a pretty good spanner-in-the-works without some extra cleverness (off the top of my head, /dev/random's harvester could limit its reads to (say) 2K before kicking off the writer with some soft error (EFBIG or EAGAIN?); this way multiple short writes would all work /in toto/). I also like the idea of XORing in excess data rather than dropping it. This could be messy, though. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 19:19:38 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 43E45106566C; Thu, 13 Sep 2012 19:19:38 +0000 (UTC) Date: Thu, 13 Sep 2012 12:19:37 -0700 From: David O'Brien To: Mark Murray Message-ID: <20120913191936.GA36319@dragon.NUXI.org> References: <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 19:19:38 -0000 On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote: > I'm in favour of doing something > to "dribble" the startup suff in, while limiting its length to (say) > 1-2 K. Compressing the gathered stuff is a good idea, and inserting > that *first* with a delay following would be ideal; 1 second would be > sufficient, 2 safer if the machine very busy. After that "chunking" the > cached stuff and easing it in slowly would be a Good Thing(tm). Mark, Can you add more about your reasoning why the low-grade entropy should be input before the high-quality cached entropy? thanks, -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 19:55:08 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B6DCC10657C7 for ; Thu, 13 Sep 2012 19:55:08 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) by mx1.freebsd.org (Postfix) with ESMTP id 4E4A18FC1B for ; Thu, 13 Sep 2012 19:55:08 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCFVD-0002XT-8s for freebsd-rc@freebsd.org; Thu, 13 Sep 2012 20:55:07 +0100 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1TCFRT-000Ise-E8; Thu, 13 Sep 2012 20:51:15 +0100 To: obrien@freebsd.org In-reply-to: <20120913191936.GA36319@dragon.NUXI.org> References: <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> <20120913191936.GA36319@dragon.NUXI.org> From: Mark Murray Date: Thu, 13 Sep 2012 20:51:15 +0100 Message-Id: Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 19:55:08 -0000 David O'Brien writes: > On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote: > > I'm in favour of doing something > > to "dribble" the startup suff in, while limiting its length to (say) > > 1-2 K. Compressing the gathered stuff is a good idea, and inserting > > that *first* with a delay following would be ideal; 1 second would be > > sufficient, 2 safer if the machine very busy. After that "chunking" the > > cached stuff and easing it in slowly would be a Good Thing(tm). > > Mark, > Can you add more about your reasoning why the low-grade entropy should be > input before the high-quality cached entropy? Sure! I'm presuming that there is sufficient delay after the initial low-grade stuff (compressed, so dense) for it _all_ to be used. This means that at least the first bits of whatever follows also gets used properly. The low-grade stuff is the "best bet" for creating some form of difference between 2 otherwise identical machines, albeit small. This shortish delay also gives the TSC register a bit more time to provide further uncertainty for the later entropy reinsertion/harvesting. The high-grade then does the heavy-lifing, presuming that it exists, which after a dodgy start-up/restart, may not be the case. However, even a small piece of /dev/zero will give SOME entropy due to TSC uncertainty here, so further gathering has a better head start. (There is further help for the super-paranoid; resetting the "seeded" bit (sysctl) will cause /dev/random reads to block until the next reseed. This may be (ab)used to really keep the device safe by repeated clearing followed by writes of cached entropy.) M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 From owner-freebsd-rc@FreeBSD.ORG Thu Sep 13 22:06:01 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD9F5106564A; Thu, 13 Sep 2012 22:06:01 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id BFC748FC08; Thu, 13 Sep 2012 22:06:00 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so2627850wgb.31 for ; Thu, 13 Sep 2012 15:05:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=31KZdxiuB5tT10a1Xst67UBXvqBbqeG7Q8M6W6uSQLg=; b=sxrESyh5pYWl3tCBCvxN8OGIvB7gwU6zOV2cpxjwJoW+246FqV5lxAAgfGpz7lnV5b UPSYRvQ1Nt+tnIUU3udwuc+wWvra9E9Qlz2CqnysIuAoVI8ZD9Z5qxwWYKVbFCs9aSFk 9NjCeveCWSPZvRR6tPGG2it3ph9zi3mTbTKzaZU1QWrsnUh9DhJ1EYPVjZNn1UE78c2g We0bWPBfhSPkP2Afgc+LJvFF6/8CTo5n8zeFzOVZPMuw7tKmwvcrpIuGtLtoF86n8U75 b4KXLOcF1+G8UfrFjW8U/W27BbzUNXdQG7UFxn8iTKU9OVIPXikUJylYF428AACvbGIa hk3g== Received: by 10.180.81.99 with SMTP id z3mr591027wix.0.1347573954221; Thu, 13 Sep 2012 15:05:54 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id fb20sm23478266wid.1.2012.09.13.15.05.52 (version=SSLv3 cipher=OTHER); Thu, 13 Sep 2012 15:05:53 -0700 (PDT) Date: Thu, 13 Sep 2012 23:05:51 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120913230551.7f299ffc@gumby.homeunix.com> In-Reply-To: References: <50453686.9090100@FreeBSD.org> <20120904220754.GA3643@server.rulingia.com> <20120906174247.GB13179@dragon.NUXI.org> <20120906230157.5307a21f@gumby.homeunix.com> <20120906224703.GD89120@x96.org> <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2012 22:06:02 -0000 On Thu, 13 Sep 2012 20:00:19 +0100 Mark Murray wrote: > > The entropy estimated at zero bits is so that an *unpriveleged* user > > can't feed in his own input, corrupt the entropy estimation and > > perform a state-extension attack. > > Yarrow is pretty resistant to this. "cat /dev/zero > /dev/random" > won't "dilute" the gathered entropy,... FWIW the theory is that if an attacker can insert known data that has a non-zero entropy estimation then they might repeatedly bring forward reseeds resulting in the entropy from other sources being dribbled into the generator in insecure amounts. > > On Tue, 11 Sep 2012 00:12:06 -0700 Doug Barton wrote: > > > > > I'm also tired of repeating why writing out a new /entropy file at > > > boot time makes the system weaker, not stronger. > > > > That's not really true. The entropy file contains up to 256 bits of > > entropy, if yarrow is correctly seeded with that then that entropy > > will be in the 256-bit key which will produce a new file that also > > contains that entropy. > > Too many /entropy.* files would be overkill, but done properly, won't > hurt. The discussion was about replacing the single /entropy file, not having many files. > The harvest queue (as pointed out) is limited, and its possible to > overwhelm it with excessive input. I'm in favour of doing something > to "dribble" the startup suff in, while limiting its length to (say) > 1-2 K. There are two possibilities here depending on whether you close the device between dribbles or keep it open. In the former case you're repeatedly forcing reseeds and clearing the entropy counters - dribbling entropy into the generator is precisely what Yarrow was designed to avoid. In the latter case you either have to block the boot, which will be unpopular, or dribble in the background in which case it may be too late. For example geli keys for encrypted swap are generated almost immediately after initrandom. Ideally everything should go in in a single write, as early as possible, and Yarrow should be left to work the way it was designed to work. > Compressing the gathered stuff is a good idea, Compression is a very bad idea, it uses more CPU cycle as sha256 without guaranteeing an output that fits comfortably into 4kB. From owner-freebsd-rc@FreeBSD.ORG Fri Sep 14 01:41:10 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8E66106564A; Fri, 14 Sep 2012 01:41:10 +0000 (UTC) (envelope-from kevlo@FreeBSD.org) Received: from ns.kevlo.org (kevlo.org [220.128.136.52]) by mx1.freebsd.org (Postfix) with ESMTP id 62ADE8FC16; Fri, 14 Sep 2012 01:41:09 +0000 (UTC) Received: from srg.kevlo.org (git.kevlo.org [220.128.136.52]) by ns.kevlo.org (8.14.5/8.14.5) with ESMTP id q8E1f7su003576; Fri, 14 Sep 2012 09:41:07 +0800 (CST) (envelope-from kevlo@FreeBSD.org) Message-ID: <50528B34.7070502@FreeBSD.org> Date: Fri, 14 Sep 2012 09:41:08 +0800 From: Kevin Lo User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120829 Thunderbird/14.0 MIME-Version: 1.0 To: Ivan Voras References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.org Subject: Re: Document the *_nice and other rc.conf variables? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 01:41:10 -0000 On 2012/09/13 07:23, Ivan Voras wrote: > Hello, > > I'd like to commit this simple addition to the rc.conf man page, and > I'm wondering if these simple descriptions are ok, or is there > something else which needs to be said about the knobs? Patch looks good to me. > > > Index: rc.conf.5 > =================================================================== > --- rc.conf.5 (revision 240388) > +++ rc.conf.5 (working copy) > @@ -168,6 +168,20 @@ > .Dq Li NO , > no swapfile is installed, otherwise the value is used as the full > pathname to a file to use for additional swap space. > +.It Va Ns Ao Ar name Ac Ns Va _chroot > +.Pq Vt str > +The chroot directory to run the service in. > +.It Va Ns Ao Ar name Ac Ns Va _user > +.Pq Vt str > +The user to run the chrooted service as. > +.It Va Ns Ao Ar name Ac Ns Va _group > +.Pq Vt str > +The group to run the chrooted service as. > +.It Ns Ao Ar name Ac Ns Va _nice > +.Pq Vt int > +The > +.Xr nice 1 > +value to run the service under. > .It Va apm_enable > .Pq Vt bool > If set to > _______________________________________________ > freebsd-rc@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-rc > To unsubscribe, send any mail to "freebsd-rc-unsubscribe@freebsd.org" > From owner-freebsd-rc@FreeBSD.ORG Fri Sep 14 14:39:02 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 664) id 23B5E106566C; Fri, 14 Sep 2012 14:39:02 +0000 (UTC) Date: Fri, 14 Sep 2012 07:39:01 -0700 From: David O'Brien To: Mark Murray Message-ID: <20120914143901.GA47331@dragon.NUXI.org> References: <20120907015157.GA29497@server.rulingia.com> <20120910135218.GA68128@dragon.NUXI.org> <504E343A.4020802@FreeBSD.org> <20120911064636.GB72584@dragon.NUXI.org> <504EE446.6060500@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <20120912104547.1d0061c1@gumby.homeunix.com> <20120913191936.GA36319@dragon.NUXI.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 14:39:02 -0000 On Thu, Sep 13, 2012 at 08:51:15PM +0100, Mark Murray wrote: > David O'Brien writes: On Thu, Sep 13, 2012 at 08:00:19PM +0100, Mark Murray wrote: > > Mark, > > Can you add more about your reasoning why the low-grade entropy should be > > input before the high-quality cached entropy? > > Sure! > I'm presuming that there is sufficient delay after the initial low-grade ... Mark, Thank you for your thoughts. I'll digest it. -- -- David (obrien@FreeBSD.org) From owner-freebsd-rc@FreeBSD.ORG Fri Sep 14 15:38:10 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 045431065672; Fri, 14 Sep 2012 15:38:10 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 8E2EF8FC17; Fri, 14 Sep 2012 15:38:09 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id DB9F5496; Fri, 14 Sep 2012 17:29:24 +0200 (CEST) Date: Fri, 14 Sep 2012 17:30:30 +0200 From: Pawel Jakub Dawidek To: d@delphij.net Message-ID: <20120914153030.GA2146@garage.freebsd.pl> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: <504FC2BD.6070402@delphij.net> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 15:38:10 -0000 --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 11, 2012 at 04:01:17PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > On 09/11/12 15:48, Arthur Mesh wrote: > > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: > >> Using gzip is better than not using it though, since 4k worth of=20 > >> compressed data is better than 4k worth of plain text because of=20 > >> higher entropy destiny (note that the FreeBSD gzip uses 64K of=20 > >> input/output buffer for compression by the way so maybe only the > >> first 64K is meaningful if we take only 4k of output). > >=20 > > Since there is 1:1 correspondence between compressed and > > uncompressed data, entropy should be the same in both. I am not > > sure it's better to use compression than not -- you do end up > > seeding fewer bytes to yarrow, but you spend more CPU cycles > > compressing it... >=20 > Well, 1:1 correspondence is when we fed full text to /dev/random, > which we don't, right? Only the first 4K gets consumed. So: >=20 > Situation 1: we have 45K of plain text, and only first 4k is fed to > /dev/random at about 5 bits of entropy per byte; 5 bits of entropy per byte from 'sysctl -a' output??? Xin, you are way, way too optimistic. This is plain text, so one bit is mostly unused, so we have 7 usable bits. Out of those 7 bits you claim that 5 on averge is unpredictable? In other words do you think 5/7 (~71%) of this output is unpredictable? It would be great if 1% would be unpredictable, but I highly doubt it. But this is not the point, the point is to colect at least 128 bits in total from those 45kB, so ~0.28% of unpredictable output would be enough if we can of course feed everything into yarrow. Also, compression can definiately increase entropy per byte, but IMHO it can also lose some entropy overall. With lossless compression you don't lose data, but I don't believe you can say that you don't lose entropy. I don't recall who said this (Arthur?), but I fully agree that we should fix yarrow, /dev/random or whatever is dropping the input after 4kB. If we can't do that, then we should hash it with sha512 this way the entropy will be reduced to 512 bits (if there is more entropy in the input) which should be enough for yarrow to be happy. Also note that gzip is currently in /usr/bin/ and /usr/ might not be yet mounted when we do that. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBTTZUACgkQForvXbEpPzThjgCgwIGsrhYP93yOt97kqPpQdRab nNYAoJPYvArhjZXZbGH/57tdU9R/fOe0 =VDbY -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- From owner-freebsd-rc@FreeBSD.ORG Fri Sep 14 16:31:55 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2364D1065673; Fri, 14 Sep 2012 16:31:55 +0000 (UTC) (envelope-from benlaurie@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 77C938FC29; Fri, 14 Sep 2012 16:31:54 +0000 (UTC) Received: by vcbfw7 with SMTP id fw7so6577441vcb.13 for ; Fri, 14 Sep 2012 09:31:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=nsdmVTZ2M8q73Cc7r3XAL3TDd2zq5p2prOk947i9T48=; b=HCPiDv05VY8hdQu0P9qVw8Wy4rXZjQWSkVmKj+N1RQV5AgE8fRS73ETekT/9WA0I5B HMBblbGro77k3cqly96jrdIE2CK/ETzF+urGYi7gWDR+vccKMXco0HKc1LBdLa4ErEH7 xcbS1ijA/cMwcUGA3V6GRr/vZpIWUoztkADzXqeY9yO+UlxLfx7Wxh3dNrOlBEVeQQhp 51qpXE2GA5d+CUEgBrJwgA9vBBDiejZCuBFvRWfVocTZWbD2ZE3aLflKJxEZJwZegHX1 RsaxkGidyzlOwaIy7ACZdqxnUuyRbkS1WG1Uwg/kT49WU8+Rs/STcCnJcTpKbNzEDJWK uHPQ== MIME-Version: 1.0 Received: by 10.58.116.175 with SMTP id jx15mr2900787veb.6.1347640313680; Fri, 14 Sep 2012 09:31:53 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.58.79.243 with HTTP; Fri, 14 Sep 2012 09:31:53 -0700 (PDT) In-Reply-To: <20120914153030.GA2146@garage.freebsd.pl> References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> <20120914153030.GA2146@garage.freebsd.pl> Date: Fri, 14 Sep 2012 17:31:53 +0100 X-Google-Sender-Auth: RtOjy3nvqOyjxbpgboVWnSuBmyA Message-ID: From: Ben Laurie To: Pawel Jakub Dawidek Content-Type: text/plain; charset=ISO-8859-1 Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW , Dag-Erling ??? , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 16:31:55 -0000 On Fri, Sep 14, 2012 at 4:30 PM, Pawel Jakub Dawidek wrote: > On Tue, Sep 11, 2012 at 04:01:17PM -0700, Xin Li wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 09/11/12 15:48, Arthur Mesh wrote: >> > On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote: >> >> Using gzip is better than not using it though, since 4k worth of >> >> compressed data is better than 4k worth of plain text because of >> >> higher entropy destiny (note that the FreeBSD gzip uses 64K of >> >> input/output buffer for compression by the way so maybe only the >> >> first 64K is meaningful if we take only 4k of output). >> > >> > Since there is 1:1 correspondence between compressed and >> > uncompressed data, entropy should be the same in both. I am not >> > sure it's better to use compression than not -- you do end up >> > seeding fewer bytes to yarrow, but you spend more CPU cycles >> > compressing it... >> >> Well, 1:1 correspondence is when we fed full text to /dev/random, >> which we don't, right? Only the first 4K gets consumed. So: >> >> Situation 1: we have 45K of plain text, and only first 4k is fed to >> /dev/random at about 5 bits of entropy per byte; > > 5 bits of entropy per byte from 'sysctl -a' output??? Xin, you are way, > way too optimistic. This is plain text, so one bit is mostly unused, so > we have 7 usable bits. Out of those 7 bits you claim that 5 on averge is > unpredictable? In other words do you think 5/7 (~71%) of this output is > unpredictable? It would be great if 1% would be unpredictable, but I > highly doubt it. But this is not the point, the point is to colect at > least 128 bits in total from those 45kB, so ~0.28% of unpredictable > output would be enough if we can of course feed everything into yarrow. > > Also, compression can definiately increase entropy per byte, but IMHO it > can also lose some entropy overall. With lossless compression you don't > lose data, but I don't believe you can say that you don't lose entropy. Entropy is something with multiple definitions, but for our purposes it really means "how big is the universe of possible states we just chose from?". More or less. Compression does not change this. > I don't recall who said this (Arthur?), but I fully agree that we should > fix yarrow, /dev/random or whatever is dropping the input after 4kB. Many people have said it :-) I completely agree! > If we can't do that, then we should hash it with sha512 this way the > entropy will be reduced to 512 bits (if there is more entropy in the > input) which should be enough for yarrow to be happy. > > Also note that gzip is currently in /usr/bin/ and /usr/ might not be yet > mounted when we do that. > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://tupytaj.pl From owner-freebsd-rc@FreeBSD.ORG Fri Sep 14 19:37:33 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AE9E8106566B; Fri, 14 Sep 2012 19:37:33 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 662EE8FC08; Fri, 14 Sep 2012 19:37:33 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 6D2B3619D; Fri, 14 Sep 2012 21:37:32 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 3B4718EC9; Fri, 14 Sep 2012 21:37:32 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Pawel Jakub Dawidek References: <86sjao7q8c.fsf@ds4.des.no> <20120911205302.27484fd6@gumby.homeunix.com> <20120911200925.GA88456@dragon.NUXI.org> <504FA76A.5000209@delphij.net> <20120911211730.GB89188@dragon.NUXI.org> <504FAB87.3020701@delphij.net> <20120911215212.GA89515@dragon.NUXI.org> <504FBD15.8040907@delphij.net> <20120911224855.GE14077@x96.org> <504FC2BD.6070402@delphij.net> <20120914153030.GA2146@garage.freebsd.pl> Date: Fri, 14 Sep 2012 21:37:31 +0200 In-Reply-To: <20120914153030.GA2146@garage.freebsd.pl> (Pawel Jakub Dawidek's message of "Fri, 14 Sep 2012 17:30:30 +0200") Message-ID: <86vcfge6pw.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Arthur Mesh , Doug Barton , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , d@delphij.net Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2012 19:37:33 -0000 Pawel Jakub Dawidek writes: > Also, compression can definiately increase entropy per byte, but IMHO it > can also lose some entropy overall. With lossless compression you don't > lose data, but I don't believe you can say that you don't lose entropy. By definition (both the definition of entropy in this context and the definition of lossless data compression), the amount of entropy in the output is exactly the same as in the input. If the output is actually smaller than the input (which is not necessarily the case, but is safe to assume when the input is ascii text), then clearly the amount of entropy per byte has increased. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no