This post (and, for the day, banner) is my humble addition to the many, many sites blacked out or bannered today. I’m sure anyone who has found their way here is well aware that the copyright industry is trying to buy some laws (SOPA, H.R.3261 and PIPA, S.968) that will allow them censor the Internet, destroy website’s ability to host user-submitted content, break electronic security and verification systems, and generally harm both free speech and the technology sector. Under these laws, companies could compel search engines to remove search results, payment processors to block payments, and DNS providers to delist URLs without legal process or oversight, simply because they deem some piece of content objectionable.
The stated goal of these is to curtail copyright infringement – an objective for which these measures will be completely ineffective, as they are all trivially defeated by an even modestly determined or technically competent user. This means so the sole effect would be damage to free speech and technological progress.
This is unacceptable.
I have very little faith in the effectiveness of “Contact your Congresscritter” campaigns, but if you have not done so, please Contact your Congresscritters, and make sure the people around you understand that this is about keeping frightened content industries from attempting to destroy the Internet.
EDIT: Edited to add a link to Reddit’s breakdown of the relevant bills. It is remarkably compact and even handed, particularly considering this is Reddit we are talking about.
Another quick Linux aside/breadcrumb, I had some hand-written Udev rules start causing errors on my Arch boxes a while back, and just got around to fixing them. The basic problem is that the Udev rule syntax has changed, and statements … Continue reading →
The previous post ended with “I have no idea why the nodes won’t boot.” Now we know. The problem is that, in terms of the mkchroot-rh script that Warewulf3 comes with, Fedora 16 is not a Redhat derivative. This makes … Continue reading →
Earlier, while trying to instrument a failing boot from some peculiar nodes we were trying to provision, I came across the following gem in the Linux kernel documentation, from Documentation/filesystems/ramfs-rootfs-initramfs.txt:
Note: The cpio man page contains some bad advice that will break your initramfs archive if you follow it. It says “A typical way to generate the list of filenames is with the find command; you should give find the -depth option to minimize problems with permissions on directories that are unwritable or not searchable.” Don’t do this when creating initramfs.cpio.gz images, it won’t work. The Linux kernel cpio extractor won’t create files in a directory that doesn’t exist, so the directory entries must go before the files that go in those directories. The above script gets them in the right order.
Yup. If you follow the documentation for the tool, it renders your system unbootable. The linked documentation is actually pretty cool – it explains the rationale for the current state of the boot process, including that charming behavior, and links to the original discussions. But the particular behavior is still kind of psychotic.
Upside: After today’s digging I know all kinds of neat things about the current Linux boot process, which I hadn’t relearned after it changed at the the 2.4/2.6 transition. Similarly, the last couple times we had problems with Warewulf 3 (or, actually, Redhat-isims interfering with Warewulf) brought me back up to speed on interpreting raw packet logs from Wireshark, so this has all been thoroughly educational. Downside: I have even less idea why the nodes won’t finish booting – the check I was adding was to test our theory that they were running out of memory, and they don’t seem to be.
I already posted deeper thoughts about some particular talks, but I’ve been watching talks from 28C3 all week, and now that the high-quality permlink videos are up, I want to share some of my favoites. If you would like several hours of background video that will make you a smarter, and possibly better, person, these are excellent.
Roger Dingledine, Jacob Applebaum – How governments have tried to block Tor (Video)
This is the real hacking to change the world for the better situation. These are the hackers who are protecting the people who will get chopped up and mailed to their families for what they say. They deserve all the respect and support in the world. I’m not intellectually equipped to help with Tor, but it is always good to keep humanitarian aspects of engineering in mind – both what you can do to help, and when you may, even inadvertanly, do harm.
Bunnie Huang – Implementation of MITM Attack on HDCP-Secured Links (Video)
I hadn’t really considered the collection of non-infringing desirable things that HDCP ruins (Ever wonderd why Picture-in-Picture stopped being so common? Blame the copyright industry and HDCP.) Bunnie thought about it, and made a consumer-grade product that fixes it. The FPGA crypto+signal work is badass, the hardware platform is awesome, and seeing how it went together as a consumer product is inspiring.
Meredith Patterson – The Science of Insecurity (Video)
Thoughts in a previous post here.
Cory Doctorow – The Coming War on General Compution (Video)
This is why you invite SciFi authors to technical conferences. It lacks the technical depth of most of the other talks I bumped, but it’s insightful and far looking and right.
Evgeny Morozov – Marriage from Hell (video)
This was the keynote, and, unlike most keynotes, really did set the tone for much the conference. The basis of the talk was discussing the issues of large scale surveillance technology, and the role of western companies and governments in creating and perpetuating the industry. A big part of the message is that the technology being paid for for monitoring employees in commercial settings and “lawful intercept” is being sold to authoritarian governments for whom such technologies would otherwise be out of reach, to hunt their citizens.
I thought the Tor talk above actually made a more forceful argument, but this is a better starting point. The hackers have been harping about this for far longer than the rest of the world: these are the people who have been handling the forbidden knowledge computing opens up, and they saw the disaster coming. The freakout isn’t about what large scale surveillance is going to do to hackers – we have the tools to protect ourselves – it’s what it will do to everyone else.
Ang Cui, Jonathan Voris – Print Me If You Dare (Video)
There was some stupid news responses to this (of the “OMG T3H H4XORS WILL BLOW UP YOUR PRINTER” variety) when it was first disclosed, but the hack itself is terribly clever. The reverse engineering foo is tight, the hole they exploit is a classic “I would have done that but … facepalm” kind of hole, and the attacks it enables are a massive evolution of a known mechanism.
Geeks and depression panel(video)
The geek community tends to have depression issues – this isn’t news. The hacker community is an amazing, close, supportive community – this won’t surprise many geeks, but it might surprise others. They talk about this reality. The session is, by the way, really hard to watch. I’m not ashamed to say it made me tear up.
I haven’t seen every session, or even every English session, so I’m no doubt missing some good stuff. There were definitely some other awesome talks; the GSM and USB Reverse Engineering ones were awesome but don’t have quite the same “YOU MUST WATCH THIS” pull to them. I welcome suggestions for other amazing things I may have missed.
I dual booted my Touchpad with CyanogenMod last week, and it has made me notice a lot of things about the Touchpad, WebOS, and Android that I hadn’t fully appreciated before. I wish I had thought to post these as snippets instead of a wall of text, but I foolishly gathered them up and am posting as a set.
Details about putting CM7 on the Toucpad are here in this RootzWiki forum thread. Yes, their page and documentation are a forum thread with 100+ pages of screeching morons obscuring the content – that’s how the Android community tends to be.
The whole CM7 install process is pretty graceful – I had a minor hiccup in that it claimed the gapps would be installed on the first ACME run if I put them in the cyanogeninstall directory, but I had to go in with ClockWork and flash them later – then it hung on the setup autorun on the next boot. Fine after that. During the initial install, I found myself using the phrase “Oh jeez, there is some Linux shit going on” — it looks like the ACMEInstaller is just a fancy initrd image with some utilities and scripts baked in that does some FS manipulation and archive decompression. I appreciate it when Linux is Linux.
Onward to notes: Continue reading →
I’m not sure why there has been a spate of technews artcles about the Canon Cat recently, but it’s really refreshing to see. I assume it started because someone spotted this nice document dump, and the tech news world is an echo chamber.
Many of the articles note that the manuals and such come with (mostly) complete circuit designs, but they miss the other interesting bit of technical openness – Cats were running a totally introspective user accessible software stack written in a dialect of Forth. In addition to having a UI that is still a popular example for application specific computing devices, it was also user programmable/modifiable almost down to the hardware. I’m not a fan of Forth, but it demonstrates that 1. It is possible to make an embedded computer programmable without interfering with its UI model, and 2. It is possible to design introspective systems which are usable, which are right in line with what I want to be doing with myself next, and totally out of line with current trends in computing. It brings to mind Alan Kay‘s work, or a more reasonable LISP machine.
The other reason I’m fascinated by the Cat is that it manages to make a completely modeless text editing system, and its development spawned several papers (in the linked documents) on the topic. I despise implicit modality in user interfaces (this is why, despite having all kinds of wonderful features, the traditional progammer’s editors just end up making me furious), and good through theoretical and case studies supporting that stance are a beautiful thing.
That dump is slightly different collection of Canon Cat materials that I put together when I was curious after reading The Humane Interface a couple years back. I’m still integrating the collections, but there seems to be some different stuff in each – piles of arbitrary format documents are hard to diff, especially when there is no name correspondence and some are binary formats. I think there may be enough material in the various available sources that, given access to an operable CAT and a reasonable digital lab, it would only be a large 10s/small 100s of man hours of work to emulate or even hardware simulate one.
I’ve never (actually, I think I ran into one as a kid but did’t know what it was at the time) had a chance to play with a real Canon Cat, and owning one would be a mixture of all the standard problems in owning vintage computing stuff – they’re expensive and collectible, and like most computers of the era, bulky and fragile, and they require problematic media… but I would still probably get one if I had the chance for a reasonable price, because they did so many interesting things right. More and more I think CS/EE programs should include (probably just as an elective) proper History of Computing courses – if my intended life pattern continues, I may even get to teach one for a while. I think it would be a blast for all involved.
This may be the best talk out of 28C3 this year. I was actually more pumped about Cory Doctrow’s “The Coming War on General Computation” 28C3 talk from the previous day, which I shared enthusiastically on G+, but there is more to talk about in this one. It is mostly coached as language/computational theory, but the thesis is that one shouldn’t design protocols in which one is able to construct a message that causes the recipient to perform arbitrary computation in the process decoding of the message. Which is awesome, and their argument for it is convincing. Furthermore, things with the message “Everyone needs to start thinking like language geeks and compiler writers” are bound to appeal to me. That said, I have a couple problems with the talk.
The first problem is purely aesthetic, and mostly unimportant. In terms of presentation, it wasn’t that great a talk. The slides were bland and repetitive, and the speaker kept using problematic mannerisms. The sewearing and such are right in place, but the coughed interjections and such were not good, and the flavoring particles were excessive. I’ve been guilty of most of the above, most of the times I’ve given talks, but the more I teach and speak, the more I become sensitized to presentation, and the internet has made me spoiled on talk quality, with things like fail0verflow’s Console Hacking 2010 at 27C3 last year, or any talk Lawrence Lessig has ever given. On a better note, the Occupy + rage comics visual conceit used throughout is pretty fun.
With that out of the way, on to the techically interesting stuff:
I think they introduce some fundamental problems in demanding context-insensitive protocols. I’m likely misunderstanding, but from working with simple serial protocols, I’m wary of anything that smells like control characters. Two conceptual problems: indefinite message length, and unwanted control characters. Both arise from the same discussion of automata their thesis is rooted in. The first problem is simple to explain: it is easy to have unbounded input – a message with no stop character will eventually break shit. In practical implementations, message lengths would necessarily be bounded, and part of the problem would go away, but it would still be extremely vulnerable to flooding. They used S-expressions as an example of a reasonable solution – which makes me think “while true; do echo ‘(‘; done”, now you’re DOSed. This could probably be worked around, but it harms the elegance.
As for the second, I don’t see a similar way out. They correctly note that escaping is not a solution, and refer to the delightful field of SQL injection as proof by example. Then they neglect to suggest a different solution, because as far as I am aware, there isn’t one. Given arbitrary data to be transfered, there ARE no delimiters which cannot appear in the data. It’s one of those time-honored intractable problems in CS. The question asked late in the video about badly formed CSV files was poking at the same idea, and they did a great job explaining why field lengths are unsafe, but I’m still unconvinced that there isn’t a fundamental flaw in in-band start/stop characters that is similarly bad. This will require further reading.
My other technical problem: The speakers kept using YACC/BISON as examples of good programming tools in a talk mostly about problems with “leaky” specifications and implementations of things which are fundimentally recognizers. YACC and its ilk are among the worst offenders in this regard. The biggest problem with YACC and imitators is that they require a separate lexer specification, and all kinds of bad things happen when the specifications inevitably don’t quite match. Also, the generated LALR parser breaks when you embed actions, so all your new safety from generating a monolithic parser from a proper language specification goes away. There are better recognizer tools, in terms of ease (and precision) of specification and quality of the generated parser. Personally, I drank the ANTLR cool-aid for that – single specification for the recognizer, no problem with embedding actions (LL(*) instead of LALR), AND spits out parsers in far more languages than any YACC or Bison version I’ve seen.
As an aside, I had independently found and read through the speaker’s old livejournal/blog and some of their research work, without assembling that they were the same interesting person (last paragraph) until now. I also hadn’t associated the identity with her late husband, who was also an interesting person. The computing community is small and close, and it is equal parts amazing and discomfiting.
Now it’s almost 6:30AM localtime, and I haven’t slept because I got interested in something in the middle of the night. What is wrong with me?
EDIT: I noticed that I originally titled this “28C3 Keynote.” It wasn’t. It was the middle of the night. Fixed now.
I picked up one of the $150 refurbished 32GB Touchpads in the last firesale on Sunday. It seems like HP has done their very best to get as many Touchpads into the hands of hackers as possible, so whether or not it is well supported by HP, the community will do something fun with it. Besides, a $150 ARM developement platform that will boot Android, various Linux chroots, AND let me play with WebOS was too appealing to pass up. Continue reading →
I played with the Windows 8 Developer Preview in VirtualBox for a while this evening. Those who spend time around computers will recall that every other Microsoft OS is a loser. The betas for XP and 7 were clear upgrades when they started circulating. They were fast and stable and added desirable features. Me and Vista hit the market like an animal carcass and stunk up the place for a while. They were slow, and fragile, and changed things for the worse. Windows 8 goes beyond that. This shit is the next Microsoft Bob.
The quirks and performance instability can be excused as a developer preview running in a virtual machine. The fact that every UI change from 7 is for the worse cannot.
The big feature is the Metro interface. Metro is trying to graft a mediocre appliance UI (I thought “Cell Phone” a lab mate compared it to their DVD player) on to the desktop, in place of a sane launcher or window manager. The login screen is a “Swipe up to unlock” affair, with no indication that that’s how it works. Finding programs is like sorting through a desk full of business cards. The task model is more akin to Android, where programs suspend to quietly consume resources in the background until swapped out instead of quitting cleanly. All metro apps run fullscreen, one instance per application, and none of the reference apps have any mechanism for tabs or fields. Task switching is performed by hovering near the left edge of the screen and clicking to cycle through active programs (Alt+Tab switches through all active Metro apps, all Desktop apps, and the desktop itself). There is no indication of what is running, so “active” is more than a little unclear. I still haven’t found a mechanism to shut down without first logging out.
You can partially drop to a conventional desktop mode, which is much like Windows 7, but a little bit worse in every way. The start menu is GONE – clicking where it used to be just drops you back to the Metro mess. Task management is confusing because some programs are programs, and some programs are entities in Metro. The “hover near the left edge of the screen” switching behavior persists on the desktop. Menus have been replaced by ribbons – which are, I shit you not, 115px high in the file manager. To put that another way, 209px of the default file manager’s 597px height are taken up by static decorations – I’m reminded of those pictures of browsers where the user never turned down a toolbar, but it’s the default style.
Looking for new UI metaphors is commendable, and it’s especially nice to see something other than the “Hide ALL the UI elements!” hyper-minimalism (see the new Google bar) that is the current trend being tried, but this may actually be worse. Users deserve better than the fleet of terrible regressive change-for-change’s sake UIs that have been foisted on the personal electronics world of late.
At least we’ll be making mean jokes about this one for years to come.
