From Newsgroup: comp.lang.c

Hello!

Is reallocarray() planned to be standardized? Looking
at the man page on Fedora 44, it says this function
has been in glibc since version 2.26, OpenBSD libc
since release 5.6m and FreeBSD libc release 11.0.

So is this function becoming part of ISO C? Or SUS?

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Is reallocarray() planned to be standardized? Looking
at the man page on Fedora 44, it says this function
has been in glibc since version 2.26, OpenBSD libc
since release 5.6m and FreeBSD libc release 11.0.

So is this function becoming part of ISO C? Or SUS?

Testing my luck with chatGPT again, it claims:

------------------------------------------------------------
reallocarray() is a textbook example:
* originated in OpenBSD
* spread to other BSDs
* adopted by glibc 2.26
* later standardized by POSIX.1-2024

So if the page still says rCLnonstandard,rCY that note is stale
and should be corrected. ------------------------------------------------------------

According to this page:

https://sortix.org/blog/posix-2024/

reallocarray() is indeed a newly added function. So this
time chatGPT got it right. I guess I have to submit a bug
report to the Linux man pages maintainers.

Aaargh... I should have checked out FreeBSD before even
asking! Their man page correctly mentions:

reallocarray() conforms to IEEE Std 1003.1-2024 (rCLPOSIX.1rCY).

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u5dnd$p119$1@dont-email.me>,
Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Is reallocarray() planned to be standardized? Looking
at the man page on Fedora 44, it says this function
has been in glibc since version 2.26, OpenBSD libc
since release 5.6m and FreeBSD libc release 11.0.

So is this function becoming part of ISO C? Or SUS?

Testing my luck with chatGPT again, it claims:
[snip]

According to this page:
[snip]

reallocarray() is indeed a newly added function. So this
time chatGPT got it right. I guess I have to submit a bug
report to the Linux man pages maintainers.

Aaargh... I should have checked out FreeBSD before even
asking! Their man page correctly mentions:

reallocarray() conforms to IEEE Std 1003.1-2024 (rCLPOSIX.1rCY).

It's better to just link directly to POSIX:

https://pubs.opengroup.org/onlinepubs/9799919799/functions/realloc.html

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

kalevi@kolttonen.fi (Kalevi Kolttonen) writes:

Is reallocarray() planned to be standardized? Looking
at the man page on Fedora 44, it says this function
has been in glibc since version 2.26, OpenBSD libc
since release 5.6m and FreeBSD libc release 11.0.

So is this function becoming part of ISO C? Or SUS?

reallocarray() does not appear in the latest ISO C2y draft.

It does appear in POSIX. It's in The Open Group Base Specifications
Issue 8, but not in Issue 7.

(I'm not convinced it's all that useful.)
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

cross@spitfire.i.gajendra.net (Dan Cross) writes:
[...]

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

I don't think that's what you meant to say.

I'm unaware of any proposal to add reallocarray to ISO C.
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u5qch$uo0d$8@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote: >cross@spitfire.i.gajendra.net (Dan Cross) writes:

[...]

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

I don't think that's what you meant to say.

I mean that `reallocarray` is in POSIX-2024, but not in ISO C.

There is a related function, `recallocarray`, that is not in
POSIX.

I'm unaware of any proposal to add reallocarray to ISO C.

I'm mildly surprised it hasn't been proposed.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u5p86$uo0d$7@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

kalevi@kolttonen.fi (Kalevi Kolttonen) writes:

Is reallocarray() planned to be standardized? Looking
at the man page on Fedora 44, it says this function
has been in glibc since version 2.26, OpenBSD libc
since release 5.6m and FreeBSD libc release 11.0.

So is this function becoming part of ISO C? Or SUS?

reallocarray() does not appear in the latest ISO C2y draft.

It does appear in POSIX. It's in The Open Group Base Specifications
Issue 8, but not in Issue 7.

(I'm not convinced it's all that useful.)

The main benefit is that it checks for overflow when multiplying
the element size by the length, and returns NULL in that case.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

cross@spitfire.i.gajendra.net (Dan Cross) writes:

In article <10u5qch$uo0d$8@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

cross@spitfire.i.gajendra.net (Dan Cross) writes:
[...]

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

I don't think that's what you meant to say.

I mean that `reallocarray` is in POSIX-2024, but not in ISO C.

There is a related function, `recallocarray`, that is not in
POSIX.

Ah, I completely missed that "reallocarray" and "recallocarray"
("re" vs. "rec") are distinct.

"recallocarray" is apparently BSD-specific, and is not implemented
in glibc. "recallocarray" differs from "reallocarray" in that
freed memory is cleared with explicit_bzero().

I'm unaware of any proposal to add reallocarray to ISO C.

I'm mildly surprised it hasn't been proposed.

As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On Thu, 14 May 2026 21:10:05 -0000 (UTC), Kalevi Kolttonen wrote:

Aaargh... I should have checked out FreeBSD before even asking!
Their man page correctly mentions:

reallocarray() conforms to IEEE Std 1003.1-2024 (rCLPOSIX.1rCY).

If yourCOre on a Linux systemrCa, its man pages should be among the first things you check.

<https://manpages.debian.org/reallocarray(3)> looks out of date:
my machine says rCLreallocarray() ... POSIX.1-2024rCY.

rCaOr have one handy. On a geek-oriented group like this, why wouldnrCOt
you have one handy?
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote: >cross@spitfire.i.gajendra.net (Dan Cross) writes:

In article <10u5qch$uo0d$8@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote: >>>cross@spitfire.i.gajendra.net (Dan Cross) writes:

[...]

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

I don't think that's what you meant to say.

I mean that `reallocarray` is in POSIX-2024, but not in ISO C.

There is a related function, `recallocarray`, that is not in
POSIX.

Ah, I completely missed that "reallocarray" and "recallocarray"
("re" vs. "rec") are distinct.

"recallocarray" is apparently BSD-specific, and is not implemented
in glibc. "recallocarray" differs from "reallocarray" in that
freed memory is cleared with explicit_bzero().

And newly allocated memory is cleared, a la `calloc`.

I'm unaware of any proposal to add reallocarray to ISO C.

I'm mildly surprised it hasn't been proposed.

As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`. I believe that when it was introduced into
OpenBSD, it actually found a number of overflow bugs; whether
those were exploitable or not, I don't know. The OpenBSD people
are known to be zealous when it comes to security.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Lawrence DrCOOliveiro <ldo@nz.invalid> wrote:

On Thu, 14 May 2026 21:10:05 -0000 (UTC), Kalevi Kolttonen wrote:

Aaargh... I should have checked out FreeBSD before even asking!
Their man page correctly mentions:

reallocarray() conforms to IEEE Std 1003.1-2024 (rCLPOSIX.1rCY).

If yourCOre on a Linux systemrCa, its man pages should be among the first things you check.

<https://manpages.debian.org/reallocarray(3)> looks out of date:
my machine says rCLreallocarray() ... POSIX.1-2024rCY.

rCaOr have one handy. On a geek-oriented group like this, why wouldnrCOt
you have one handy?

I did check Fedora 44 man pages and found out later that
they are outdated version 6.13-3. The latest is 6.15 series.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

"recallocarray" is apparently BSD-specific, and is not implemented
in glibc

I do not see this function on:

root@fbsd15:~ # freebsd-version -ku
15.0-RELEASE-p8
15.0-RELEASE-p8

But I once tried "make world" or something like that
to stress test my used laptop. The remains of the build are
still left and they reveal this:

root@fbsd15:~ # nm /usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7
/usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7: no symbols root@fbsd15:~ # strings /usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7|grep recall
recallocarray

So some versions of FreeBSD libc have recallocarray(),
but the latest official RELEASE does not.


By the way, is reallocarray() or recallocarray()
available on the latest MacOS? ChatGPT gave only a
vague response concerning this, implying "maybe or
maybe not".

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

So some versions of FreeBSD libc have recallocarray(),
but the latest official RELEASE does not.

Out of curiosity, I checked out FreeBSD's git main branch. It says: -------------------------------------------------------------------------- commit 42664610795bc0a728851ba6223fcf9b93801167
Author: Robert Clausecker <fuz@FreeBSD.org>
Date: Thu Oct 2 16:33:55 2025 +0200

lib/libc: add recallocarray()

This function from OpenBSD is a hybrid of reallocarray() and calloc().
It reallocates an array, clearing any newly allocated items.
reallocarray() ultimately originates from OpenBSD.

The source is taken from lib/libopenbsd, which now no longer has the
function unless when bootstrapping (needed for mandoc).

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52863 --------------------------------------------------------------------------

Like the commit message indicates, the source is taken verbatim from
OpenBSD, and it looks clean and easy to understand. I guess this function
will be included in FreeBSD 16 when it comes out.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u7dpn$ac8a$1@dont-email.me>,
Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

"recallocarray" is apparently BSD-specific, and is not implemented
in glibc

I do not see this function on:

root@fbsd15:~ # freebsd-version -ku
15.0-RELEASE-p8
15.0-RELEASE-p8

But I once tried "make world" or something like that
to stress test my used laptop. The remains of the build are
still left and they reveal this:

root@fbsd15:~ # nm /usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7
/usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7: no symbols >root@fbsd15:~ # strings /usr/obj/home/kalevi/src/freebsd-src/amd64.amd64/tmp/lib/libc.so.7|grep recall
recallocarray

So some versions of FreeBSD libc have recallocarray(),
but the latest official RELEASE does not.

Correct. It is in FreeBSD-current (and maybe -stable; I didn't
check), but not yet in a release version.

By the way, is reallocarray() or recallocarray()
available on the latest MacOS? ChatGPT gave only a
vague response concerning this, implying "maybe or
maybe not".

It seems that neither are in macOS.

FreeBSD was covered. Both originated in OpenBSD and are there.
Both are in Dragonfly. `reallocarray` is in NetBSD, and
`recallocarray` is kind of there (it's not in libc, though is in
a few other libraries). Both are in illumos. `reallocarray` is
in both glibc and musl, but neither have `recallocarray`.
Neither is in macOS. Neither is in either plan9 or 9front.
`reallocarray` is in the (now defunct) Harvey fork of Plan 9,
but `recallocarray` is not.

No idea about Solaris, AIX, Windows, or proprietary and embedded
systems beyond that.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Dan Cross <cross@spitfire.i.gajendra.net> wrote:

No idea about Solaris, AIX [...]

Thanks for the detailed information.

Solaris and AIX, the last two big surviving commercial
UNIX systems? I suppose both are still supported but
the userbase must be rapidly diminishing and their
end is near.

I wonder just how long can those two last against the
ever mounting pressure from Linux? It was a pleasure
using Solaris long time ago, a very stable and
forward-looking OS with many innovations it was.

I have never used AIX.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u7mdg$dt3m$1@dont-email.me>,
Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Dan Cross <cross@spitfire.i.gajendra.net> wrote:

No idea about Solaris, AIX [...]

Thanks for the detailed information.

Solaris and AIX, the last two big surviving commercial
UNIX systems? I suppose both are still supported but
the userbase must be rapidly diminishing and their
end is near.

I wonder just how long can those two last against the
ever mounting pressure from Linux? It was a pleasure
using Solaris long time ago, a very stable and
forward-looking OS with many innovations it was.

Neither is going to see increasing market share. They're mostly
being kept alive by maintenance for a small number of very large
customers with long-term support contracts.

I have never used AIX.

Ya' ain't missing much. It was odd.

Not particularly relevant to C though, I'm afraid.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Dan Cross <cross@spitfire.i.gajendra.net> wrote:

Ya' ain't missing much. [AIX] was odd.

Not particularly relevant to C though, I'm afraid.

I started a new thread on comp.unix.misc. I am
quite curious whether someone there still runs
Solaris or AIX in 2026. That newsgroup seems quite
dead, though.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 2026-05-15 19:50, Kalevi Kolttonen wrote:

I have never used AIX.

It had been a progress back then, especially e.g. if compared to
SunOS 4.x; it supported SysV and BSD IPC, and you didn't need to
recompile the kernel if you just wanted to add (or configure) a
kernel module.

We used it in huge (really *huge*) telecommunication projects as
the standard OS (later extended our platforms by HP-UX).

Re Dan's comment; from a user/programmer perspective I didn't see
or noticed any noteworthy oddity.

Janis

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/15/2026 4:02 AM, Dan Cross wrote:

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

cross@spitfire.i.gajendra.net (Dan Cross) writes:

In article <10u5qch$uo0d$8@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

cross@spitfire.i.gajendra.net (Dan Cross) writes:
[...]

`reallocarray` is, indeed, in POSIX-2024, but has yet to make it
into C. `recallocarray` is not yet in POSIX, however.

I don't think that's what you meant to say.

I mean that `reallocarray` is in POSIX-2024, but not in ISO C.

There is a related function, `recallocarray`, that is not in
POSIX.

Ah, I completely missed that "reallocarray" and "recallocarray"
("re" vs. "rec") are distinct.

"recallocarray" is apparently BSD-specific, and is not implemented
in glibc. "recallocarray" differs from "reallocarray" in that
freed memory is cleared with explicit_bzero().

And newly allocated memory is cleared, a la `calloc`.

I'm unaware of any proposal to add reallocarray to ISO C.

I'm mildly surprised it hasn't been proposed.

As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`.

Fwiw, iirc wrt security. Instead of filling it with 0's, you fill it
with data from a TRNG. An attacker can look for parts that are zeros.

I believe that when it was introduced into
OpenBSD, it actually found a number of overflow bugs; whether
those were exploitable or not, I don't know. The OpenBSD people
are known to be zealous when it comes to security.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Janis Papanagnou <janis_papanagnou+ng@hotmail.com> wrote:

On 2026-05-15 19:50, Kalevi Kolttonen wrote:

I have never used AIX.

It had been a progress back then, especially e.g. if compared to
SunOS 4.x; it supported SysV and BSD IPC, and you didn't need to
recompile the kernel if you just wanted to add (or configure) a
kernel module.

We used it in huge (really *huge*) telecommunication projects as
the standard OS (later extended our platforms by HP-UX).

Re Dan's comment; from a user/programmer perspective I didn't see
or noticed any noteworthy oddity.

Okay, thanks for information. I supposed it had to be quite good
since it is still alive, even if barely.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u844d$i6t3$1@dont-email.me>,
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

On 5/15/2026 4:02 AM, Dan Cross wrote:

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

[snip]
As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`.

Fwiw, iirc wrt security. Instead of filling it with 0's, you fill it
with data from a TRNG. An attacker can look for parts that are zeros.

No.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/15/2026 2:50 PM, Dan Cross wrote:

In article <10u844d$i6t3$1@dont-email.me>,
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

On 5/15/2026 4:02 AM, Dan Cross wrote:

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

[snip]
As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`.

Fwiw, iirc wrt security. Instead of filling it with 0's, you fill it
with data from a TRNG. An attacker can look for parts that are zeros.

No.

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/15/2026 2:55 PM, Chris M. Thomasson wrote:

On 5/15/2026 2:50 PM, Dan Cross wrote:

In article <10u844d$i6t3$1@dont-email.me>,
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

On 5/15/2026 4:02 AM, Dan Cross wrote:

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson-a <Keith.S.Thompson+u@gmail.com> wrote:

[snip]
As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`.

Fwiw, iirc wrt security. Instead of filling it with 0's, you fill it
with data from a TRNG. An attacker can look for parts that are zeros.

No.

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Well, an all-zero pattern is predictable. If an attacker has partial side-channel info, a known pattern, or is looking for "suspicious clean
areas" in RAM, random data can add a bit of noise. Some secure coding guidelines or older papers suggest it for paranoia. In practice, the difference is small compared to just ensuring the overwrite actually
occurs and stays in place...
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/15/2026 2:35 PM, Kalevi Kolttonen wrote:

Dan Cross <cross@spitfire.i.gajendra.net> wrote:

Ya' ain't missing much. [AIX] was odd.

Not particularly relevant to C though, I'm afraid.

I started a new thread on comp.unix.misc. I am
quite curious whether someone there still runs
Solaris or AIX in 2026. That newsgroup seems quite
dead, though.

Funny. I still have Solaris installed on an old hard drive. Last time I
had to use it was over 20 years ago when I was working with the SPARC.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Janis Papanagnou <janis_papanagnou+ng@hotmail.com> writes:

On 2026-05-15 19:50, Kalevi Kolttonen wrote:

I have never used AIX.

It had been a progress back then, especially e.g. if compared to
SunOS 4.x; it supported SysV and BSD IPC, and you didn't need to
recompile the kernel if you just wanted to add (or configure) a
kernel module.

We used it in huge (really *huge*) telecommunication projects as
the standard OS (later extended our platforms by HP-UX).

Re Dan's comment; from a user/programmer perspective I didn't see
or noticed any noteworthy oddity.

There was the somewhat unusual memory overcommit issues in AIX,
if I recall correctly, that would cause SIGSEGV's randomly
when available RAM + backing space was exhausted.

It was a long time ago now, and I may not be remembering it
correctly.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

It's not a problem that DRAM has.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

[Followup-To: comp.unix.misc]

In article <10u8438$10so$2@dont-email.me>,
Janis Papanagnou <janis_papanagnou+ng@hotmail.com> wrote:

On 2026-05-15 19:50, Kalevi Kolttonen wrote:

I have never used AIX.

It had been a progress back then, especially e.g. if compared to
SunOS 4.x; it supported SysV and BSD IPC, and you didn't need to
recompile the kernel if you just wanted to add (or configure) a
kernel module.

SunOS 4.x had loadable kernel modules, too.

We used it in huge (really *huge*) telecommunication projects as
the standard OS (later extended our platforms by HP-UX).

Re Dan's comment; from a user/programmer perspective I didn't see
or noticed any noteworthy oddity.

There were several variants:

The first versions were AIX v1 and AIX v2 and ran on the IBM
"RT" workstation, a very slow, early RISC machine that wasn't
terribly popular. IBM was delayed by several years bringing it
to market for for some reason I no longer recall, and by the
time they were available, they weren't cost/performance
competitive. IBM did a port of 4.3BSD-Tahoe with NFS to the RT
and called it, "AOS": The Academic Operating System. That had
some modest success in educational markets. I'm told these
version sof AIX also ran on PS/2 machines, but I never used that
version. I did use it on the RT; it was weird, though it didn't
feel gratuitously different from most System V variants of that
era, I guess. Most people I knew ran AOS on it if they could
get it.

It was also ported to mainframes; first AIX/370, which was close
to AIXv2, I suppose, and and then AIX/ESA. The latter was based
on OSF/1 and not directly descended from AIX/370 (I'm sure it
incorporated _some_ code from it, though). I used that under VM
once or twice. It was fine, I was accessing it from a 3270,
which felt weird.

AIX v3 and later ran on RS/6000 and following workstations. I
think it was also ported to PCs, and at one point IBM had it
booting on an Itanium machine.

I guess from a user perspective, it was a pretty normalish Unix.
But the storage subsystem, printing, filesystem, the way it did
authentication and handled users, and even the way it booted,
were all very different from other Unixes.

The boot thing is illustrative. Most Unix systems of the day
assumed they were booting on a workstation or a timesharing
system; in either case, it was assumed you had a console of some
kind, either a graphical thing or a serial terminal. As the
kernel came up, it would print out short messages about devices
found during auto configuration, and so on.

AIX made no such assumption. First, IBM didn't call it "boot"
or "booting"; instead, they called it "IPL" (Initial Program
Load[ing]). And instead of a console and, you know, text, a
three character seven-segment display on the machine's front
panel, flashed numbers indicating what it was doing; the OS
came with a rather lengthy volume listing the numbers and what
they meant. For example, "517" meant, "Mounting client remote
filesystem during network IPL."

The storage system was pretty cool, but very unfamiliar; it was
kinda mainframe-y. They had "volume groups" that could have
multiple physical disks as members; the filesystem (JFS) was
built on a volume group so could thus span across multiple
disks. Mounting a filesystem thus involved making sure the
hosting volume group was online, and then mounting it. To bring
a VG online you would, "vary-on" the volume group (I believe the
command was called, `varyonvg` or something to that effect).
The nomenclature was, well, unique.

User accounts didn't just use the normal Unix /etc/passwd file;
there was also `/etc/security/passwd`, which contained extended
attributes and had its own format, and of course its own libc
routines to read, parse, lookup, and so on.

The printing stuff was kind of weird, but also kind of cool;
like most systems of the day, they had a line printer subsystem
inherited from an earlier age. But instead of being a
descendent of the Berkeley `lpd` system, or System V `lp`, it
was its own IBM properietary thing. You could communicate with
it using the BSD `lpr` protocol, but it let you do more mainframe-y/big-minicomputer things like have a single queue
that dispatched to multiple printers round-robin, would direct
jobs from specific users to specific printers; that kind of
thing. I eventually ripped it out and replaced it with a port
of the BSD printer daemon.

Anyway. It wasn't _bad_ really, just ... different.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u84o1$idnu$1@dont-email.me>,
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

On 5/15/2026 2:50 PM, Dan Cross wrote:

In article <10u844d$i6t3$1@dont-email.me>,
Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

On 5/15/2026 4:02 AM, Dan Cross wrote:

In article <10u601c$uo0d$12@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

[snip]
As far as I can tell, reallocarray() differs from realloc() only
in that it takes two arguments to specify the size, and fails
if the multiplication would overflow (um, I mean wrap around).
realloc(p, n*size) does the same thing in the absence of overflow.
Obviously somebody thought it was worthwhile.

It's a security thing, similar to `explicit_bzero` or
`memset_explicit`.

Fwiw, iirc wrt security. Instead of filling it with 0's, you fill it
with data from a TRNG. An attacker can look for parts that are zeros.

No.

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Maybe on disks or SSDs or something. Not in DRAM.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

Funny. I still have Solaris installed on an old hard drive. Last time I
had to use it was over 20 years ago when I was working with the SPARC.

We used to run Solaris on UltraSPARC servers to host email services
like Sendmail and Cyrus IMAPD. They were good machines for the time
when amd64 had not yet been invented. They were eventually replaced
by amd64 hardware and Red Hat Enterprise Linux.

I guess SPARC CPUs are going to die with Solaris.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 2026-05-16 00:10, Scott Lurndal wrote:

Janis Papanagnou <janis_papanagnou+ng@hotmail.com> writes:

On 2026-05-15 19:50, Kalevi Kolttonen wrote:

I have never used AIX.

It had been a progress back then, especially e.g. if compared to
SunOS 4.x; it supported SysV and BSD IPC, and you didn't need to
recompile the kernel if you just wanted to add (or configure) a
kernel module.

We used it in huge (really *huge*) telecommunication projects as
the standard OS (later extended our platforms by HP-UX).

Re Dan's comment; from a user/programmer perspective I didn't see
or noticed any noteworthy oddity.

There was the somewhat unusual memory overcommit issues in AIX,
if I recall correctly, that would cause SIGSEGV's randomly
when available RAM + backing space was exhausted.

It was a long time ago now, and I may not be remembering it
correctly.

And I certainly don't know every quirk AIX may have had.

All I can say was that it had been a solid operating system.
Actually our AIX servers, as opposed to other systems we used,
had uptimes measured in years!

Janis

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/15/2026 3:35 PM, Kalevi Kolttonen wrote:

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

Funny. I still have Solaris installed on an old hard drive. Last time I
had to use it was over 20 years ago when I was working with the SPARC.

We used to run Solaris on UltraSPARC servers to host email services
like Sendmail and Cyrus IMAPD. They were good machines for the time
when amd64 had not yet been invented. They were eventually replaced
by amd64 hardware and Red Hat Enterprise Linux.

I guess SPARC CPUs are going to die with Solaris.

Fwiw, Sun gave me a T2000 SunFire for their coolthreads contest.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On Fri, 15 May 2026 13:58:48 -0000 (UTC), Kalevi Kolttonen wrote:

I did check Fedora 44 man pages and found out later that they are
outdated version 6.13-3. The latest is 6.15 series.

My Debian Unstable system has version 6.17-4.

Nyah-nyah etc.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On Fri, 15 May 2026 17:50:40 -0000 (UTC), Kalevi Kolttonen wrote:

I have never used AIX.

YourCOre not missing anything. ;)
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On Fri, 15 May 2026 22:35:46 -0000 (UTC), Kalevi Kolttonen wrote:

I guess SPARC CPUs are going to die with Solaris.

Still supported by Linux <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch>.

Oracle itself no longer has an actively-developed OS for its own
hardware, but Linux does.

Note also how Alpha hardware is long dead -- died years before
Itanium. Yet support for it still persists in current kernels, while
Itanium is gone.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Use std::vector<T>, then you have more flexible relocations with
moving or copying.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of
random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work
with a lab full of top-class equipment. The risk of someone reading
data on a disk that was overwritten with zeros is non-existent - but
that hasn't stopped people making money from selling multi-pass software
to the paranoid.

(Of course there are many other ways bits of data can be recovered from
media - it's been a very long time since there was a clear one-to-one
mapping between logical blocks that can be written and overwritten, and
the physical storage blocks.)

It's not a problem that DRAM has.

Indeed.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 2026-05-16 11:38, David Brown wrote:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >>> random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

During the early 1990's, working in a systems security department, we
purged the HDDs by triple-pass overwrite (I think zeroes, random, and
patterns, or so). It was mandated back then. There were also national
standards requiring that. (But the formal details evade my memories.)

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work
with a lab full of top-class equipment.-a The risk of someone reading
data on a disk that was overwritten with zeros is non-existent

"a handful of bits" might already compromise security to an unacceptable degree. Also, it's not about whether it needs weeks or minutes. The cost
of the damage of a leak (or successful attack) is important. There's
sorts of data that are supposed to not be disclosed (even only partly or
only fragmentary) even after decades.

- but
that hasn't stopped people making money from selling multi-pass software
to the paranoid.

Spreading FUD is easy. But paying the damages because of sloppiness or
assuming false safety may be serious! Also if you delegate financial responsibility to insurances, these companies have their requirements
that you have to follow and means to establish to minimize risks. All
based on scientific knowledge and practical evidence.

Janis

[...]

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 16/05/2026 13:00, Janis Papanagnou wrote:

On 2026-05-16 11:38, David Brown wrote:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a
pass of
random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

During the early 1990's, working in a systems security department, we
purged the HDDs by triple-pass overwrite (I think zeroes, random, and patterns, or so). It was mandated back then. There were also national standards requiring that. (But the formal details evade my memories.)

Yes, there have been all sorts of standards by all sorts of groups about
what needed to be done to "securely" erase disks. Some of these were completely pointless, like re-writing more than once - anything that
wasn't wiped the first time, such as redundant sectors or sectors marked "bad", would not be affected by additional writes. Some procedures were
not particularly good - a lot of magnet-based wipes were not very
effective, and there are companies that specialise in reading data from physically damaged disks.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of
work with a lab full of top-class equipment.-a The risk of someone
reading data on a disk that was overwritten with zeros is non-existent

"a handful of bits" might already compromise security to an unacceptable degree.

No. A very large handful of very specifically chosen bits might reveal
a tiny bit of the "we attack at dawn" secret. A dozen bits scattered at random across a 4 KB sector (I don't remember the size of their sample) reveals nothing.

Also, it's not about whether it needs weeks or minutes. The cost
of the damage of a leak (or successful attack) is important. There's
sorts of data that are supposed to not be disclosed (even only partly or
only fragmentary) even after decades.

Sure.

But reading data from a hard disk block that has been re-written is not
a source of leaked information.

- but that hasn't stopped people making money from selling multi-pass
software to the paranoid.

Spreading FUD is easy. But paying the damages because of sloppiness or assuming false safety may be serious! Also if you delegate financial responsibility to insurances, these companies have their requirements
that you have to follow and means to establish to minimize risks. All
based on scientific knowledge and practical evidence.

The point is it was not in any way based on scientific knowledge or
practical evidence. All scientific knowledge and practical evidence
available made it clear that reading an erased bit on a hard disk was
purely hypothetical, and totally implausible in practice.

When someone higher up the food chain - insurance companies, men in
black, etc., - makes rules, then you have to follow them. That does not
mean the rules are at all realistic.

There are all sorts of ways that some amount of data can be recovered
from storage media that people throw away. Using high-tech systems to
read bits that have been written over, is not one of them.




--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u9m51$u6ms$1@dont-email.me>,
David Brown <david.brown@hesbynett.no> wrote:

On 16/05/2026 13:00, Janis Papanagnou wrote:

On 2026-05-16 11:38, David Brown wrote:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a
pass of
random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

(Just to be clear, I did not write the above text; earlier edits
kinda sorta could be read as if I did, but I've tried to clarify
attribution.)

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

During the early 1990's, working in a systems security department, we
purged the HDDs by triple-pass overwrite (I think zeroes, random, and
patterns, or so). It was mandated back then. There were also national
standards requiring that. (But the formal details evade my memories.)

Yes, there have been all sorts of standards by all sorts of groups about >what needed to be done to "securely" erase disks. Some of these were >completely pointless, like re-writing more than once - anything that
wasn't wiped the first time, such as redundant sectors or sectors marked >"bad", would not be affected by additional writes. Some procedures were
not particularly good - a lot of magnet-based wipes were not very
effective, and there are companies that specialise in reading data from >physically damaged disks.

I can't help but feel like this discussion has been overcome by
events in the storage landscape. Spinning rust is pretty old
technology, and storage media have changed. With flash storage,
software at the host-level writing a bunch of bits to the device
may not "overwrite" much of anything: writes from the OS are
most often directed through a translation layer using bits on
device, to spread "wear" across available flash areas. To
effectively "wipe" the device, you really need to get the FTL
involved, which means effectively asking the device's firmware
to do it for you.

If you really want to destroy the data, probably the best thing
to do is incinerate it and reduce it to ash, but that's got its
own problems. Maybe that's appropriate for devices holding
state-level secrets, it's overkill from hiding your diary from
your kid sister.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of
work with a lab full of top-class equipment.-a The risk of someone
reading data on a disk that was overwritten with zeros is non-existent

"a handful of bits" might already compromise security to an unacceptable
degree.

No. A very large handful of very specifically chosen bits might reveal
a tiny bit of the "we attack at dawn" secret. A dozen bits scattered at >random across a 4 KB sector (I don't remember the size of their sample) >reveals nothing.

You have provided more context than explains your conclusion,
and I more or less agree. But Janus's statement was not wrong
when written. "A handful of bits" _could_ mean, "a fragment of
ASCII text" but if it's really truly just a few random bits
scattered at random, and not making up a larger quantity, then
yeah, that's pretty useless.

Here's a vignette about how small amounts of information _can_
be used to inadvertantly spill "secrets", however. Maybe 20-ish
years ago, when I was working at Google, someone wrote a paper
about storage and presented it at a conference. If I recall
correctly, it was something about how they replaced failed disks
in batches. Anyway, at the time, Google was pretty tight-lipped
about the size of its fleet (much more is known about it now),
and the paper was carefully sanitized to remove exact quantities
of parts, and so forth. But there was a graph that showed some
metric of interest; perhaps failures over time or something like
that. Anyway, after the paper was published, someone outside of
google looked at the graph and said, "well, given the device
manufacturer's predicted MTBF and this graph, we can extrapolate
that they've got on the order of X hard disks...but that's a
huge number that is obviously wrong." Ho ho; they were correct,
to within a factor of two, just two too small. :-)

Also, it's not about whether it needs weeks or minutes. The cost
of the damage of a leak (or successful attack) is important. There's
sorts of data that are supposed to not be disclosed (even only partly or
only fragmentary) even after decades.

Sure.

But reading data from a hard disk block that has been re-written is not
a source of leaked information.

- but that hasn't stopped people making money from selling multi-pass
software to the paranoid.

Spreading FUD is easy. But paying the damages because of sloppiness or
assuming false safety may be serious! Also if you delegate financial
responsibility to insurances, these companies have their requirements
that you have to follow and means to establish to minimize risks. All
based on scientific knowledge and practical evidence.

The point is it was not in any way based on scientific knowledge or >practical evidence. All scientific knowledge and practical evidence >available made it clear that reading an erased bit on a hard disk was
purely hypothetical, and totally implausible in practice.

When someone higher up the food chain - insurance companies, men in
black, etc., - makes rules, then you have to follow them. That does not >mean the rules are at all realistic.

There are all sorts of ways that some amount of data can be recovered
from storage media that people throw away. Using high-tech systems to
read bits that have been written over, is not one of them.

The rules don't always make sense, and are often dated.

I am reminded of the time when the US DoD banned the use of USB
flash drives, due to concerns about supply chain attacks through
auto-loaded Windows drivers. I was in Afghanistan at the time,
and this came up in a Battalion staff meeting; we used computers
for all sorts of stuff, but the government supplied machines
were not great, and there weren't enough of them to go around:
the upshot was that _most_ people resorted to storing data on
USB flash keys out of necessity. This ban obviously caused some
consternation, with some senior leaders in the Bn saying, "ok,
but what do we do instead?" The answer was that USB _flash_
drives were banned, but USB _hard disks_ were OK, so use those
(you could buy them on the little PX on our FOB). Listening to
the Battalion XO (a Marine Major) try to explain this was
painful. I, one of the only people with industry experience
(having been called up from the reserves to deploy) just shook
my head.

- Dan C.

(PS: any dumb rule in the military is the result of someone
doing the dumb thing. "Ok Marines, do not tie the corners of
a PONCHO to your arms and legs and try to turn youself into a
HUMAN KITE during the coming Typhoon....Your three buddies
holding the rope tied around your waist will NOT precvent you
from SLAMMING into the deck" [Yes, that happened. No, not me.])
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10u8742$j0nj$1@dont-email.me>,
Kalevi Kolttonen <kalevi@kolttonen.fi> wrote:

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:

Funny. I still have Solaris installed on an old hard drive. Last time I
had to use it was over 20 years ago when I was working with the SPARC.

We used to run Solaris on UltraSPARC servers to host email services
like Sendmail and Cyrus IMAPD. They were good machines for the time
when amd64 had not yet been invented. They were eventually replaced
by amd64 hardware and Red Hat Enterprise Linux.

I guess SPARC CPUs are going to die with Solaris.

Ironically, SPARC was basically dead before Solaris. Folks in
the Solaris kernel team argued strongly for Sun pivoting to
focus on x86; they saw the writing on the wall. But Sun
leadership saw lots of margin dollars in SPARC on the high-end
and wasn't interested.

I remember vividly in 1996 or so talking to a sysadmin I knew.
They'd just gotten some nice-for-the-time IBM-branded Pentium
machines and he'd put Linux on them. I said they were nice, but
not as nice as an UltraSPARC. He replied, "true, an Ultra is
about twice as fast, but this is one quarter the cost."

It hit me in that moment that the proprietary RISC Unix
workstation market was doomed; PCs were getting better faster
than those machines were, and those companies all relied on high
margins to make a profit (read: their equipment was expensive).

Also, it was clear that Linux had a huge amount of momentum
behind it; Solaris _had_, arguably, been the most important
commercial Unix to that point, and it was still technically
superior, but Linux was catching up. Quickly. Being so closely
tied to a proprietary hardware platform wasn't great.

Eventually, Sun retreated from the workstation market (that had
made it successful) and pivoted to servers; the kiss of death
for a workstation company.

As for Solaris, by the time they convinced people to do
OpenSolaris, it was too little, too late: Linux was clearly on
the rise, people were investing in it, and there was little
advantage to shifting to a technology that was still mostly
owned by Sun.

Perhaps if Larry McVoy's "SourceWare" proposal in 1993 had
actually been implemented, the world would be a very different
place, but it wasn't.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 16/05/2026 14:34, Dan Cross wrote:

In article <10u9m51$u6ms$1@dont-email.me>,
David Brown <david.brown@hesbynett.no> wrote:

On 16/05/2026 13:00, Janis Papanagnou wrote:

On 2026-05-16 11:38, David Brown wrote:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a
pass of
random data followed by a pass of fixed characters, or using a fast >>>>>> CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they >>>>>> don't deplete the physical TRNG.

(Just to be clear, I did not write the above text; earlier edits
kinda sorta could be read as if I did, but I've tried to clarify attribution.)

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

During the early 1990's, working in a systems security department, we
purged the HDDs by triple-pass overwrite (I think zeroes, random, and
patterns, or so). It was mandated back then. There were also national
standards requiring that. (But the formal details evade my memories.)

Yes, there have been all sorts of standards by all sorts of groups about
what needed to be done to "securely" erase disks. Some of these were
completely pointless, like re-writing more than once - anything that
wasn't wiped the first time, such as redundant sectors or sectors marked
"bad", would not be affected by additional writes. Some procedures were
not particularly good - a lot of magnet-based wipes were not very
effective, and there are companies that specialise in reading data from
physically damaged disks.

I can't help but feel like this discussion has been overcome by
events in the storage landscape. Spinning rust is pretty old
technology, and storage media have changed. With flash storage,
software at the host-level writing a bunch of bits to the device
may not "overwrite" much of anything: writes from the OS are
most often directed through a translation layer using bits on
device, to spread "wear" across available flash areas. To
effectively "wipe" the device, you really need to get the FTL
involved, which means effectively asking the device's firmware
to do it for you.

Absolutely - this kind of overwriting to destroy data is long past its
date. Even with hard disks, you don't have the kind of one-to-one
logical to physical mapping that means you can rely on it.

If you really want to destroy the data, probably the best thing
to do is incinerate it and reduce it to ash, but that's got its
own problems. Maybe that's appropriate for devices holding
state-level secrets, it's overkill from hiding your diary from
your kid sister.

Yes.

These days, you handle data destruction with encryption. You can either
trust the disks own encryption, or use something like luks. Lose the
keys, and the data is wiped.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of
work with a lab full of top-class equipment.-a The risk of someone
reading data on a disk that was overwritten with zeros is non-existent

"a handful of bits" might already compromise security to an unacceptable >>> degree.

No. A very large handful of very specifically chosen bits might reveal
a tiny bit of the "we attack at dawn" secret. A dozen bits scattered at
random across a 4 KB sector (I don't remember the size of their sample)
reveals nothing.

You have provided more context than explains your conclusion,
and I more or less agree. But Janus's statement was not wrong
when written. "A handful of bits" _could_ mean, "a fragment of
ASCII text" but if it's really truly just a few random bits
scattered at random, and not making up a larger quantity, then
yeah, that's pretty useless.

That's right.

Here's a vignette about how small amounts of information _can_
be used to inadvertantly spill "secrets", however. Maybe 20-ish
years ago, when I was working at Google, someone wrote a paper
about storage and presented it at a conference. If I recall
correctly, it was something about how they replaced failed disks
in batches. Anyway, at the time, Google was pretty tight-lipped
about the size of its fleet (much more is known about it now),
and the paper was carefully sanitized to remove exact quantities
of parts, and so forth. But there was a graph that showed some
metric of interest; perhaps failures over time or something like
that. Anyway, after the paper was published, someone outside of
google looked at the graph and said, "well, given the device
manufacturer's predicted MTBF and this graph, we can extrapolate
that they've got on the order of X hard disks...but that's a
huge number that is obviously wrong." Ho ho; they were correct,
to within a factor of two, just two too small. :-)

I think a jigsaw puzzle is a good model. You can usually see the
picture well enough even with a fair number of pieces missing, scattered around the puzzle. If someone has deliberately removed a section, you
are going to lose important details even if the number of pieces removed
is not high. A few random "recovered" pieces inside that redacted
section might be enough give you important information - but that is
because you know the rest of the picture, and you know something about
the gap (you know at least that it is important secret information that
has been redacted).

Recovering data from an overwritten hard disk is like having two or
three pieces of a 1500 piece jigsaw puzzle with no other clues about the picture. Or really, it's more like a crumb from a few pieces - the
recovery is a few /bits/, not even a few /bytes/.

Also, it's not about whether it needs weeks or minutes. The cost
of the damage of a leak (or successful attack) is important. There's
sorts of data that are supposed to not be disclosed (even only partly or >>> only fragmentary) even after decades.

Sure.

But reading data from a hard disk block that has been re-written is not
a source of leaked information.

- but that hasn't stopped people making money from selling multi-pass
software to the paranoid.

Spreading FUD is easy. But paying the damages because of sloppiness or
assuming false safety may be serious! Also if you delegate financial
responsibility to insurances, these companies have their requirements
that you have to follow and means to establish to minimize risks. All
based on scientific knowledge and practical evidence.

The point is it was not in any way based on scientific knowledge or
practical evidence. All scientific knowledge and practical evidence
available made it clear that reading an erased bit on a hard disk was
purely hypothetical, and totally implausible in practice.

When someone higher up the food chain - insurance companies, men in
black, etc., - makes rules, then you have to follow them. That does not
mean the rules are at all realistic.

There are all sorts of ways that some amount of data can be recovered
from storage media that people throw away. Using high-tech systems to
read bits that have been written over, is not one of them.

The rules don't always make sense, and are often dated.

:.)

I am reminded of the time when the US DoD banned the use of USB
flash drives, due to concerns about supply chain attacks through
auto-loaded Windows drivers. I was in Afghanistan at the time,
and this came up in a Battalion staff meeting; we used computers
for all sorts of stuff, but the government supplied machines
were not great, and there weren't enough of them to go around:
the upshot was that _most_ people resorted to storing data on
USB flash keys out of necessity. This ban obviously caused some consternation, with some senior leaders in the Bn saying, "ok,
but what do we do instead?" The answer was that USB _flash_
drives were banned, but USB _hard disks_ were OK, so use those
(you could buy them on the little PX on our FOB). Listening to
the Battalion XO (a Marine Major) try to explain this was
painful. I, one of the only people with industry experience
(having been called up from the reserves to deploy) just shook
my head.

- Dan C.

(PS: any dumb rule in the military is the result of someone
doing the dumb thing. "Ok Marines, do not tie the corners of
a PONCHO to your arms and legs and try to turn youself into a
HUMAN KITE during the coming Typhoon....Your three buddies
holding the rope tied around your waist will NOT precvent you
from SLAMMING into the deck" [Yes, that happened. No, not me.])

There are many rules that started off making sense at one time, then the context was long lost or the rule generalised beyond any reasonable level.




--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/16/2026 4:58 AM, David Brown wrote:

On 16/05/2026 13:00, Janis Papanagnou wrote:

On 2026-05-16 11:38, David Brown wrote:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a
pass of
random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

During the early 1990's, working in a systems security department, we
purged the HDDs by triple-pass overwrite (I think zeroes, random, and
patterns, or so). It was mandated back then. There were also national
standards requiring that. (But the formal details evade my memories.)

Yes, there have been all sorts of standards by all sorts of groups about what needed to be done to "securely" erase disks.-a Some of these were completely pointless, like re-writing more than once - anything that
wasn't wiped the first time, such as redundant sectors or sectors marked "bad", would not be affected by additional writes.-a Some procedures were not particularly good - a lot of magnet-based wipes were not very
effective, and there are companies that specialise in reading data from physically damaged disks.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of
work with a lab full of top-class equipment.-a The risk of someone
reading data on a disk that was overwritten with zeros is non-existent

"a handful of bits" might already compromise security to an
unacceptable degree.

No.-a A very large handful of very specifically chosen bits might reveal
a tiny bit of the "we attack at dawn" secret.-a A dozen bits scattered at random across a 4 KB sector (I don't remember the size of their sample) reveals nothing.

Also, it's not about whether it needs weeks or minutes. The cost
of the damage of a leak (or successful attack) is important. There's
sorts of data that are supposed to not be disclosed (even only partly or
only fragmentary) even after decades.

Sure.

But reading data from a hard disk block that has been re-written is not
a source of leaked information.

- but that hasn't stopped people making money from selling multi-pass
software to the paranoid.

Spreading FUD is easy. But paying the damages because of sloppiness or
assuming false safety may be serious! Also if you delegate financial
responsibility to insurances, these companies have their requirements
that you have to follow and means to establish to minimize risks. All
based on scientific knowledge and practical evidence.

The point is it was not in any way based on scientific knowledge or practical evidence.-a All scientific knowledge and practical evidence available made it clear that reading an erased bit on a hard disk was
purely hypothetical, and totally implausible in practice.

When someone higher up the food chain - insurance companies, men in
black, etc., - makes rules, then you have to follow them.-a That does not mean the rules are at all realistic.

There are all sorts of ways that some amount of data can be recovered
from storage media that people throw away.-a Using high-tech systems to
read bits that have been written over, is not one of them.

Have you ever used a program called SpinRite?

https://www.grc.com/sr/spinrite.htm
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 5/16/2026 7:25 AM, David Brown wrote:

[...]

You don't want any bit/byte leak for say an encryption process wrt the password. If a side channel attacker can gain any of it, its bad. For instance, here is a crude C99 version of my experimental encryption:

**********************************************

Well, I made some alterations to my old C version of my HMAC cipher. It
uses some non-portable API's in order to try to get a TRNG. It prints
out its usage, just run the program with no arguments, look in ct_help.

Well, can anybody else get it to compile _and_ run on their end? Thanks everybody!

The secret key is hardcoded to Password and SHA2-512:

____________________________________
/*
Chris M. Thomasson 6/4/2018
Experimental HMAC Cipher
C version with hardcoded secret key

FIXED VERSION: Now uses proper TRNG (/dev/urandom on Unix,
CryptGenRandom on Windows)

Using the following HMAC lib:
https://github.com/ogay/hmac

Here is some info on my cipher:
http://funwithfractals.atspace.cc/ct_cipher ________________________________________________________*/


#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>

#ifdef _WIN32
#include <windows.h>
#include <wincrypt.h>
#else
#include <fcntl.h>
#include <unistd.h>
#endif

#include "hmac_sha2.h"


#define CT_HMAC_SZ 64

// Uncomment PYTHON_TEST_VECTOR to sync with the Python 3 test vector
// Python code: https://pastebin.com/raw/NAnsBJAZ
// plaintext 9 bytes at: "Plaintext"
// ciphertext bytes:
// 9a419a03ac79bfa74edbbdda778316f6840b1aac07910de758e03e35a0d8ff1d407d
// 757ed6b734de9f9ed339bedf73786c5130d2f1891813c179ca20b82e81375e7a64e2
// dddead403b8284b9b76d1e83eddb


//#define PYTHON_TEST_VECTOR


struct ct_secret_key
{
unsigned char* hmac_key;
size_t hmac_key_sz;
char* hmac_algo;
size_t rand_n;
};

struct ct_buf
{
unsigned char* p;
size_t sz;
};


/*
CRITICAL: Cryptographically Secure Random Number Generation

This function uses:
- /dev/urandom on Unix/Linux/macOS (non-blocking, cryptographically secure)
- CryptGenRandom on Windows (CSPRNG)

NEVER use rand() for cryptographic purposes!
*/
int ct_get_random_bytes(
unsigned char* buf,
size_t buf_sz
) {
if (!buf || buf_sz == 0) {
fprintf(stderr, "ERROR: Invalid buffer for random bytes\n");
return 0;
}

#ifdef _WIN32
// Windows: Use CryptGenRandom
HCRYPTPROV hCryptProv;

if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
fprintf(stderr, "ERROR: CryptAcquireContext failed\n");
return 0;
}

if (!CryptGenRandom(hCryptProv, (DWORD)buf_sz, buf)) {
fprintf(stderr, "ERROR: CryptGenRandom failed\n");
CryptReleaseContext(hCryptProv, 0);
return 0;
}

CryptReleaseContext(hCryptProv, 0);
return 1;

#else
// Unix/Linux/macOS: Use /dev/urandom
int fd = open("/dev/urandom", O_RDONLY);

if (fd < 0) {
fprintf(stderr, "ERROR: Cannot open /dev/urandom\n");
perror("open");
return 0;
}

size_t bytes_read = 0;
while (bytes_read < buf_sz) {
ssize_t result = read(fd, buf + bytes_read, buf_sz - bytes_read);

if (result < 0) {
fprintf(stderr, "ERROR: Failed to read from /dev/urandom\n");
perror("read");
close(fd);
return 0;
}

bytes_read += result;
}

close(fd);
return 1;
#endif
}


void ct_hex_printf(
FILE* fout,
unsigned char* buf,
size_t buf_sz
) {
for (size_t i = 0; i < buf_sz; i++)
{
fprintf(fout, "%02x", buf[i]);
}
}


unsigned char*
ct_reverse(
unsigned char* P,
size_t P_sz
) {
for (size_t i = 0; i < P_sz / 2; ++i)
{
size_t r = P_sz - i - 1;
unsigned char t = P[i];
P[i] = P[r];
P[r] = t;
}

return P;
}


size_t
ct_file_get_size(
FILE* file
) {
size_t file_sz = 0;
for (file_sz = 0; fgetc(file) != EOF; ++file_sz);
rewind(file);
return file_sz;
}



// return value ct_buf.p needs to be freed!
struct ct_buf
ct_file_copy(
FILE* file
) {
size_t file_sz = ct_file_get_size(file);
struct ct_buf buf = { calloc(1, file_sz), file_sz };
assert(buf.p);

if (buf.p)
{
for (size_t i = 0; i < file_sz; ++i)
{
int byte = fgetc(file);
assert(byte != EOF);
buf.p[i] = byte;
}
}

return buf;
}



// return value ct_buf.p needs to be freed!
struct ct_buf
ct_prepend_from_file(
struct ct_secret_key const* const SK,
const char* fname
) {
FILE* file = fopen(fname, "rb");
assert(file);

size_t file_sz = ct_file_get_size(file) + SK->rand_n;

struct ct_buf buf = { calloc(1, file_sz), file_sz };

if (buf.p)
{
// Prepend the random bytes.
// CRITICAL: These are drawn from a TRNG (cryptographically secure)

#if defined (PYTHON_TEST_VECTOR)
// Test vector mode: deterministic for testing only
printf("WARNING: Using test vector mode - NOT SECURE!\n");
for (size_t i = 0; i < SK->rand_n; ++i)
{
buf.p[i] = (unsigned char)i;
}
#else
// Production mode: Use proper TRNG
printf("Generating %zu bytes of cryptographically secure random data...\n", SK->rand_n);

if (!ct_get_random_bytes(buf.p, SK->rand_n)) {
fprintf(stderr, "FATAL: Failed to generate secure random bytes!\n");
free(buf.p);
fclose(file);
exit(EXIT_FAILURE);
}

printf("Random prefix generated successfully\n");
#endif

// Append the original plaintext
for (size_t i = SK->rand_n; i < file_sz; ++i)
{
int byte = fgetc(file);
assert(byte != EOF);
buf.p[i] = byte;
}
}

fclose(file);

return buf;
}


struct ct_buf
ct_load_from_file(
const char* fname
) {
FILE* file = fopen(fname, "rb");
assert(file);

size_t file_sz = ct_file_get_size(file);

struct ct_buf buf = { calloc(1, file_sz), file_sz };

if (buf.p)
{
// Append the original plaintext
for (size_t i = 0; i < file_sz; ++i)
{
int byte = fgetc(file);
assert(byte != EOF);
buf.p[i] = byte;
}
}

fclose(file);

return buf;
}


void ct_hmac_sha512_digest(
hmac_sha512_ctx* ctx,
unsigned char* digest
) {
hmac_sha512_ctx ctx_copy = *ctx;
hmac_sha512_final(&ctx_copy, digest, CT_HMAC_SZ);
}


unsigned char*
ct_crypt_round(
struct ct_secret_key* SK,
unsigned char* P,
size_t P_sz,
int M
) {
hmac_sha512_ctx H;
hmac_sha512_init(&H, SK->hmac_key, SK->hmac_key_sz);
ct_reverse(SK->hmac_key, SK->hmac_key_sz);
hmac_sha512_update(&H, SK->hmac_key, SK->hmac_key_sz);
ct_reverse(SK->hmac_key, SK->hmac_key_sz);

unsigned char D[256] = { 0 };
size_t P_I = 0;
unsigned long di = 0;

while (P_I < P_sz)
{
ct_hmac_sha512_digest(&H, D);

// Progress indicator
if (!(di % 128))
{
printf("P_I = %zu of %zu\r", P_I, P_sz);
}

size_t D_I = 0;
++di;

unsigned char update[CT_HMAC_SZ * 2];
size_t bytes_written = 0;

while (P_I < P_sz && D_I < CT_HMAC_SZ)
{
unsigned char P_byte = P[P_I];
unsigned char C_byte = P_byte ^ D[D_I];
P[P_I] = C_byte;

if (M == 0)
{
update[D_I * 2] = P_byte;
update[D_I * 2 + 1] = C_byte;
}
else
{
update[D_I * 2] = C_byte;
update[D_I * 2 + 1] = P_byte;
}

++P_I;
++D_I;
bytes_written += 2;
}

// Update with ACTUAL bytes, not full buffer!
hmac_sha512_update(&H, update, bytes_written);
}

printf("P_I = %zu of %zu\n", P_I, P_sz);

return P;
}


unsigned char*
ct_crypt(
struct ct_secret_key* SK,
unsigned char* P,
size_t P_sz,
int M
) {
printf("Crypt Round 0:\n________________________\n");
unsigned char* C = ct_crypt_round(SK, P, P_sz, M);
unsigned char* C_1 = ct_reverse(C, P_sz);
printf("\n\nCrypt Round 1:\n________________________\n");
C = ct_crypt_round(SK, C_1, P_sz, M);
return C;
}



int
ct_ciphertext_to_file(
FILE* fout,
struct ct_buf const* buf
) {
for (size_t i = 0; i < buf->sz; ++i)
{
int status = fputc((int)buf->p[i], fout);

if (status == EOF)
{
assert(status != EOF);
return 0;
}
}

return 1;
}


int
ct_plaintext_to_file(
FILE* fout,
struct ct_secret_key* SK,
struct ct_buf const* buf
) {
assert(SK->rand_n <= buf->sz);

for (size_t i = SK->rand_n; i < buf->sz; ++i)
{
int status = fputc((int)buf->p[i], fout);

if (status == EOF)
{
assert(status != EOF);
return 0;
}
}

return 1;
}


int
ct_encrypt(
struct ct_secret_key* SK,
char const* fname_in,
char const* fname_out
) {
int status = 0;

// Prepend the random bytes to the file...
struct ct_buf buf = ct_prepend_from_file(SK, fname_in);

if (buf.p)
{
unsigned char* C = ct_crypt(SK, buf.p, buf.sz, 0);

//printf("\n\n\nCiphertext:");
//ct_hex_printf(stdout, C, buf.sz);
//printf("\n\n\n");

// Write encrypted buffer to out file
{
FILE* fout = fopen(fname_out, "wb");
assert(fout);

status = ct_ciphertext_to_file(fout, &buf);

fclose(fout);
}

free(buf.p);
}

return status;
}


int
ct_decrypt(
struct ct_secret_key* SK,
char const* fname_in,
char const* fname_out
) {
int status = 0;

// Load the file...
struct ct_buf buf = ct_load_from_file(fname_in);

if (buf.p)
{
unsigned char* C = ct_crypt(SK, buf.p, buf.sz, 1);

//printf("\n\n\nPlaintext:");
//ct_hex_printf(stdout, C, buf.sz);
//printf("\n\n\n");

// Write decrypted buffer to out file
{
FILE* fout = fopen(fname_out, "wb");
assert(fout);

status = ct_plaintext_to_file(fout, SK, &buf);

fclose(fout);
}

free(buf.p);
}

return status;
}


void ct_help(void)
{
printf(
"\n\n\n"
"DrMoron Cipher - HMAC-based Stream Cipher\n"
"==========================================\n\n"
"Usage: program in_file out_file mode_flag\n\n"
"mode_flag -e is encrypt where the in_file gets encrypted as out_file\n\n"
"mode_flag -d is decrypt where the in_file gets decrypted as out_file\n\n"
"Example:\n\n"
"program plaintext.txt ciphertext.bin -e\n"
"program ciphertext.bin plaintext_decrypt.txt -d\n\n"
"SECURITY NOTES:\n"
"- Uses cryptographically secure RNG (/dev/urandom on Unix, CryptGenRandom on Windows)\n"
"- Hardcoded key in this version - REPLACE with proper key
management for real use!\n"
"- This is an EXPERIMENTAL cipher - not recommended for
production use\n\n"
);
}


int main(int argc, char* argv[])
{
printf("\n=== DrMoron Cipher (Fixed TRNG Version) ===\n\n");

if (argc != 4)
{
printf("ERROR: Incorrect argument count!\n");
ct_help();
return EXIT_FAILURE;
}

{
int mode = 0;

if (strcmp(argv[3], "-e") == 0)
{
mode = 0;
printf("Mode: ENCRYPT\n");
}

else if (strcmp(argv[3], "-d") == 0)
{
mode = 1;
printf("Mode: DECRYPT\n");
}

else
{
printf("ERROR: Invalid encrypt/decrypt flag!\n");
ct_help();
return EXIT_FAILURE;
}

// WARNING: This is a hardcoded key for demonstration only!
// In real use, generate a proper 64-byte key from a TRNG
unsigned char hmac_key[] = "Password";

printf("WARNING: Using hardcoded demo key - NOT SECURE for production!\n");
printf("Input file: %s\n", argv[1]);
printf("Output file: %s\n\n", argv[2]);

struct ct_secret_key SK = {
hmac_key,
sizeof(hmac_key) - 1,
"sha512",
73 // >64 bytes for SHA-512 digest size requirement
};

if (mode == 0)
{
ct_encrypt(&SK, argv[1], argv[2]);
printf("\n\nEncryption complete!\n");
}

else
{
ct_decrypt(&SK, argv[1], argv[2]);
printf("\n\nDecryption complete!\n");
}
}

return EXIT_SUCCESS;
}
____________________________________



--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 2026-05-16 14:34, Dan Cross wrote:

[...]

If you really want to destroy the data, probably the best thing
to do is incinerate it and reduce it to ash, but that's got its
own problems.

Yes. And also by physically shredding the metal. Yes; these things
have been (and, I strongly assume, probably still are) done.

Maybe that's appropriate for devices holding
state-level secrets, it's overkill from hiding your diary from
your kid sister.

Of course not for "diaries"-like cases with unimportant information.
Though it seems some posters seem to have just toy cases like that
in mind. - The areas I was engaged in, for the measures I thought
we've been talking about here, financial and governmental, were of
a very different quality!

[...]

"a handful of bits" might already compromise security to an unacceptable >>> degree.

To clarify; it was not about getting a whole picture from few bits;
that unfitting puzzle metaphor! It's about getting sufficiently
large amounts of *relevant* _pieces_ of compromising information.

And as a perspective for the falsely presumed attack type; with
context data and associative methods you can also recover larger
pieces of data that had been erased only partly. (This is what you
can do with contemporary AI. Actually that was basically possible
already in the 1980's/1990's (when neural-network based "AI" was
my hobby). But processing speed was lower back then and dedicated
hardware rare; large scale data analysis with instant feedback not
commonly possible.)

Janis

[...]

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 16/05/2026 21:32, Chris M. Thomasson wrote:

On 5/16/2026 7:25 AM, David Brown wrote:

[...]

You don't want any bit/byte leak for say an encryption process wrt the password. If a side channel attacker can gain any of it, its bad.

We know. But given a hard disk, what percentage of the bits on that
disk are part of an encryption key? Say an attacker gets an enemy's
hard disk that has been wiped by just overwriting once with zeros, and
spends months and megadollars to have reasonable confidence in the
original values of 100 bits from around the disk. Are these going to be
part of an encryption key? Do they /know/ they are from a key, and what
kind of key, and which bit of the key they have? Of course not. There
are all sorts of imaginative and unexpected tricks that can be used in cryptoanalysis - this is not one of them.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Have you ever used a program called SpinRite?

Yes. But even for this off-topic branch, that is getting /way/ off-topic.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
[76 lines deleted]

Have you ever used a program called SpinRite?

https://www.grc.com/sr/spinrite.htm

Chris, *please* resist the temptation to post every thought and
URL that springs to your mind. If a link is relevant, at least say
something about it. If it isn't (remember, this is comp.lang.c),
then just don't post it. And trim irrelevant context when you post
a followup.
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10uc1l1$1igf9$1@kst.eternal-september.org>,
Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
[76 lines deleted]

Have you ever used a program called SpinRite?

https://www.grc.com/sr/spinrite.htm

Chris, *please* resist the temptation to post every thought and
URL that springs to your mind. If a link is relevant, at least say
something about it. If it isn't (remember, this is comp.lang.c),
then just don't post it. And trim irrelevant context when you post
a followup.

The Lord and Master has spoken.

All must obey.

(And note that the really significant thing is that Leader Keith probably doesn't think there is anything odd or satirical about my posting this.)
--
Shikata ga nai...
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

David Brown <david.brown@hesbynett.no> writes:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >>> random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work
with a lab full of top-class equipment. The risk of someone reading
data on a disk that was overwritten with zeros is non-existent - but
that hasn't stopped people making money from selling multi-pass software
to the paranoid.

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

https://www.youtube.com/watch?v=-xlq_MPWNKk

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 17/05/2026 21:19, Scott Lurndal wrote:

David Brown <david.brown@hesbynett.no> writes:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >>>> random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work
with a lab full of top-class equipment. The risk of someone reading
data on a disk that was overwritten with zeros is non-existent - but
that hasn't stopped people making money from selling multi-pass software
to the paranoid.

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

https://www.youtube.com/watch?v=-xlq_MPWNKk

Recovering from damaged tape or disk is a different matter than
recovering data that has been erased or overwritten with zeros. I've
read of some very impressive recovery of data from hard disks that have
been in fires or otherwise physically damaged.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

Scott Lurndal <scott@slp53.sl.home> wrote:

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

It was a great effort to recover the data. I actually tried V4
on simh for a brief while just to experience an early UNIX.

Speaking of tapes, it is quite surprising how old 8-bit games
still load from 40-year-old c-cassettes.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

In article <10ud6b2$1tjoi$1@dont-email.me>,
David Brown <david.brown@hesbynett.no> wrote:

On 17/05/2026 21:19, Scott Lurndal wrote:

David Brown <david.brown@hesbynett.no> writes:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >>>>> random data followed by a pass of fixed characters, or using a fast
CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they
don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work
with a lab full of top-class equipment. The risk of someone reading
data on a disk that was overwritten with zeros is non-existent - but
that hasn't stopped people making money from selling multi-pass software >>> to the paranoid.

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

https://www.youtube.com/watch?v=-xlq_MPWNKk

Recovering from damaged tape or disk is a different matter than
recovering data that has been erased or overwritten with zeros. I've
read of some very impressive recovery of data from hard disks that have
been in fires or otherwise physically damaged.

I think one has to make a set of reasonable assumptions about
a particular scenario to actually have a useful discussion.

Let's propose the following scenario: a company's proprietary
payroll information is on a device that is overwritten by a
computer writing zeros to that device. How much should one
worry about a well-equipped actor recovering data from that
device?

Is it a disk? Yeah, I'm not gonna lose much sleep over that.

An SSD? Large chunks of that data is still on the device; I'd
worry.

A tape? I think somewhere in the middle; probably closer to the
disk, but I'd be worried about echos in between bits and weird
stuff like that.

- Dan C.

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 17/05/2026 22:30, Dan Cross wrote:

In article <10ud6b2$1tjoi$1@dont-email.me>,
David Brown <david.brown@hesbynett.no> wrote:

On 17/05/2026 21:19, Scott Lurndal wrote:

David Brown <david.brown@hesbynett.no> writes:

On 16/05/2026 00:12, Scott Lurndal wrote:

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:

On 5/15/2026 2:50 PM, Dan Cross wrote:

Iirc, a long time ago I kind of remember reading something about
overwrite sensitive data multiple times (e.g., the DoD 5220.22-M
standard for storage, though adapted for RAM), sometimes using a pass of >>>>>> random data followed by a pass of fixed characters, or using a fast >>>>>> CSPRNG (like ChaCha20) to generate fast pseudo-random bytes so they >>>>>> don't deplete the physical TRNG.

Yes, that was normal when sanitizing disk platters, to ensure
no residual analog signal existed on the magnetic media that
could be teased out with a sillyscope or other analyzers.

The only lab test of recovering zero overwritten data on a hard disk
managed to recover a small handful of bits, after several weeks of work >>>> with a lab full of top-class equipment. The risk of someone reading
data on a disk that was overwritten with zeros is non-existent - but
that hasn't stopped people making money from selling multi-pass software >>>> to the paranoid.

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

https://www.youtube.com/watch?v=-xlq_MPWNKk

Recovering from damaged tape or disk is a different matter than
recovering data that has been erased or overwritten with zeros. I've
read of some very impressive recovery of data from hard disks that have
been in fires or otherwise physically damaged.

I think one has to make a set of reasonable assumptions about
a particular scenario to actually have a useful discussion.

Let's propose the following scenario: a company's proprietary
payroll information is on a device that is overwritten by a
computer writing zeros to that device. How much should one
worry about a well-equipped actor recovering data from that
device?

Is it a disk? Yeah, I'm not gonna lose much sleep over that.

An SSD? Large chunks of that data is still on the device; I'd
worry.

Some SSD's will compress the zero logical writes to almost nothing in
physical writes, leaving the original data completely untouched. Even
without that, there's all the extra copies and blocks that have been
marked for garbage collection but not erased. It's likely that the
flash translation layer data is going to be jumbled, making it hard to
figure out what readable data goes where - but a lot will still be there
for those willing to spend time putting it together.

A tape? I think somewhere in the middle; probably closer to the
disk, but I'd be worried about echos in between bits and weird
stuff like that.

I'd agree on that assessment.

For tapes, things like head and tape alignment could mean that the data
was written in one stripe, then the erasing was done on a parallel track
that was very slightly off. Then it is plausible to worry about recoverability. I think this is more realistic with older and simpler
systems - for modern tapes the alignment is going to be a lot more
accurate and the margins far smaller. (The old cassettes from home
computers mentioned by Kalevi are similar - writing used a wider stripe, reading is from a bit thinner stripe in the middle.)

On the BBC micro, in my teens, single-density 5-+" disks had 40 tracks
per side. Data was written in a thick stripe down the middle of each
track, like -XXX- with gaps between each track. Double-density drives
worked with the same 40 physical tracks, but had two stripes of data in
each, like -Y-Z- . And if you used a double-density drive to write a single-density disk, you then got -X---- on the disk. Thus if you first
wrote a single-density disk with a single-density drive, getting -XXX- ,
and then erased it using a double-density drive, you got -0XX- on the
disk. Reading it on a single-density drive, or using special software
and a double-density drive, the original data would be easily read.


--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 17/05/2026 22:01, Kalevi Kolttonen wrote:

Scott Lurndal <scott@slp53.sl.home> wrote:

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

It was a great effort to recover the data. I actually tried V4
on simh for a brief while just to experience an early UNIX.

Speaking of tapes, it is quite surprising how old 8-bit games
still load from 40-year-old c-cassettes.

The biggest risk, IME, is that old tapes are somewhat brittle and break
when playing them back.

Commercially produced games tapes were written with very high recording
levels (if that's the correct term) - the distinction between a 0 and a
1 was about as large as the magnetic domains on the tape could handle,
and spread across as wide a stripe as possible. So they can be readable
even after a fair bit of signal degradation.

It's much more of a gamble when you are trying to read copies of copies
of copies made via a chain of friends and questionable quality audio
cassette equipment. (Though I'm sure lab equipment could read them fine.)

(Not that /I/ ever made unlicensed copies of commercial games as a kid -
it's just something I heard other people did :-) )

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 2026-05-18 09:13, David Brown wrote:

The biggest risk, IME, is that old tapes are somewhat brittle and break
when playing them back.

Commercially produced games tapes were written with very high recording levels (if that's the correct term) - the distinction between a 0 and a
1 was about as large as the magnetic domains on the tape could handle,
and spread across as wide a stripe as possible.-a So they can be readable even after a fair bit of signal degradation.

I was not astonished to see that contemporary types of mass media
for mid-to-long-term storage uses channel-encoding means, adding
redundancy and even error correcting code to store the data. I've
not found hints on such measures in documents of legacy systems.

It's much more of a gamble when you are trying to read copies of copies
of copies made via a chain of friends and questionable quality audio cassette equipment.-a (Though I'm sure lab equipment could read them fine.)

(Not that /I/ ever made unlicensed copies of commercial games as a kid - it's just something I heard other people did :-) )

As professionals know, you want your copies decentralized stored;
in case of fires, earthquakes, flood, or nuclear meltdown. - So I
wouldn't be surprised if one friend maintains the backups for the
other. ;-)

Janis

--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

David Brown <david.brown@hesbynett.no> wrote:

On 17/05/2026 22:01, Kalevi Kolttonen wrote:

Scott Lurndal <scott@slp53.sl.home> wrote:

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

It was a great effort to recover the data. I actually tried V4
on simh for a brief while just to experience an early UNIX.

Speaking of tapes, it is quite surprising how old 8-bit games
still load from 40-year-old c-cassettes.

The biggest risk, IME, is that old tapes are somewhat brittle and break
when playing them back.

You are probably right. I have had that problem with a few audio
c-cassettes. I bought Santana Welcome c-cassette that was released
in 1973 and the tape broke during the first play.

Commercially produced games tapes were written with very high recording levels (if that's the correct term) - the distinction between a 0 and a
1 was about as large as the magnetic domains on the tape could handle,
and spread across as wide a stripe as possible. So they can be readable even after a fair bit of signal degradation.

I did not know that.

It's much more of a gamble when you are trying to read copies of copies
of copies made via a chain of friends and questionable quality audio cassette equipment. (Though I'm sure lab equipment could read them fine.)

(Not that /I/ ever made unlicensed copies of commercial games as a kid - it's just something I heard other people did :-) )

Are you kidding or being honest here? I had a C64 and all my friends
who had it too, had lots of pirate turbo tapes. I had them too, but
also about 10 original tapes. The original games were quite expensive
and the floppy versions even more so.

br,
KK
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.lang.c

On 18/05/2026 16:34, Kalevi Kolttonen wrote:

David Brown <david.brown@hesbynett.no> wrote:

On 17/05/2026 22:01, Kalevi Kolttonen wrote:

Scott Lurndal <scott@slp53.sl.home> wrote:

Al Kossow posted a link to a video describing recovery of the Unix v4
data from 9-track that's quite interesting; while the tape hadn't
been overwritten, it had degraded to the point where it wasn't
readable by a 9-track drive, so they used signal processing on the
analog data from each track to recover the data.

It was a great effort to recover the data. I actually tried V4
on simh for a brief while just to experience an early UNIX.

Speaking of tapes, it is quite surprising how old 8-bit games
still load from 40-year-old c-cassettes.

The biggest risk, IME, is that old tapes are somewhat brittle and break
when playing them back.

You are probably right. I have had that problem with a few audio
c-cassettes. I bought Santana Welcome c-cassette that was released
in 1973 and the tape broke during the first play.

Commercially produced games tapes were written with very high recording
levels (if that's the correct term) - the distinction between a 0 and a
1 was about as large as the magnetic domains on the tape could handle,
and spread across as wide a stripe as possible. So they can be readable
even after a fair bit of signal degradation.

I did not know that.

Maybe it does not apply to all commercial games tape publishers - and I
have no more knowledge than an article I read decades ago in some
computer magazine.

It's much more of a gamble when you are trying to read copies of copies
of copies made via a chain of friends and questionable quality audio
cassette equipment. (Though I'm sure lab equipment could read them fine.) >>
(Not that /I/ ever made unlicensed copies of commercial games as a kid -
it's just something I heard other people did :-) )

Are you kidding or being honest here?

I thought the smiley made it obvious! I did have a fair collection of originals, along with some of the weird stuff that none of my friends
were interested in (like a C compiler for the ZX Spectrum), so copying
them was not an option.

I had a C64 and all my friends
who had it too, had lots of pirate turbo tapes. I had them too, but
also about 10 original tapes. The original games were quite expensive
and the floppy versions even more so.

Certainly they were expensive when my income at the time was a Saturday
job at a local bookshop.

--- Synchronet 3.22a-Linux NewsLink 1.2