Monthly Archives: April 2011

I’ve made dumb mistakes that I caught immediately after posting several times recently, such as writing demagogue instead of ideologue in a rant – a mistake that REALLY pisses me off when I see it made elsewhere, and not closing … Continue reading

Posted on 2011-04-26 by pappp | Leave a comment

PSN Outage Reading

Posted on 2011-04-26 by pappp

I don’t have any stake in the PSN outage issue, not owning any Sony products more complicated than headphones (The last console I bought was an original Xbox- used- to ‘chip and run XBMC on), but it has made interesting reading on the interwebs. There are the official releases, which until today were basically “The system is down.” There is also all kinds of amusing speculation, because when you take video games away from geeks, they suddenly have all kinds of time for that sort of thing. A fairly credible and highly publicized bit of speculation comes from this thread at reddit, where someone from PSX-Scene places the root of the problem on custom firmware that allowed consoles onto the developer network, which subsequently allowed users to purchase paid content with bogus credit card information. The specific details aren’t that interesting to me – the interesting thing is that almost all the speculation has something in common: that Sony was, at least in part, relying on a client-side security model*. If true, this is seriously fucking stupid, even by Sony standards. Ignoring security concerns, when writing software there is a standard adage “Never trust the user.” Usually, the user can’t be trusted because the user is a fucking idiot. Occasionally, the user can’t be trusted because the user is malicious (where, in this case, “malicious” is defined as “Wants to run their own code on hardware they own”).

Back in December there was the excellent Fail0verflow talk at 27C3 where they eviscerated the security model on the PS3, and pretty much demonstrated that Sony screwed the pooch on that front (watch the talk if you haven’t; it is by far the best security presentation I’ve ever seen). Even before this, the PS3 was fairly deeply compromised by a variety of other techniques, and the PSP has been compromised (and re-compromised) almost since it shipped, so they didn’t just have a reasonable assumption that clients couldn’t be trusted, they knew it for certain.

There was also the rootkit scandal with the copy protection on some Sony BMG audio CDs. All together, this sets up precedent for an almost unlimited degree of poor design in Sony security systems.

Now, Sony is saying that a huge quantity of personal information on every user may have been compromised, and there are a spate of complaints about bogus charges on cards used with PSN services floating about on the ‘net (complaints of unknown correlation and reliability). This leads to the really interesting questions: Was all this information stored in plaintext? – it sure sounds like it was if it was extracted on such a scale. If both the Sony release and the speculation about access being gained through compromised consoles is true, why was this information accessible from clients? And finally, how did a system with all the above properties come to be designed? I’m seriously hoping this gets analyzed in public, because it will make an amazing instructional case study, and something of worth might as well be salvaged from this clusterfuck.

* There are a couple non client-side attack theories too. The boring “Organized criminals did it” option, and the theory that Anonymous (big A) is doing their gleeful mayhem thing, like they threatened. These aren’t any more or less credible, they just aren’t as interesting.

Posted in Computers, DIY, Entertainment, General | Tagged , , | Leave a comment

Wikileaks in action

Posted on 2011-04-25 by pappp

Wikileaks: Still confirming bad things every reasonable person suspected anyway.

(While the old adage about arguing politics on the internet being akin to running in the Special Olympics is generally true, sometimes it is fun. Proceed with whargarbl.)
Continue reading

Posted in General | Tagged , , | Leave a comment

Virtualbox

Posted on 2011-04-23 by pappp

I’ve liked fiddling with OSes for as long as I can remember, and have been through a couple VM solutions to ease the overhead of that habit. Until recently, I had been settled on qemu with the kqemu module for acceleration for some time, and thought it was pretty good. Then, one of the group mates got me to give VirtualBox, which was too much of a hassle last time I looked at options, another try. The result:
Virtualbox on Arch, running HaikuA1 and a Snow Leopard installer
That is my ArchLinux-running T510 hosting Virtualbox VMs with a Haiku R1 instance and a Snow Leopard installer (with a bootdisc for CPU recognition issues, apparently once updated it will boot straight from VirtualBox’s EFI). The partially-visible terminal with htop in the bottom left shows that it isn’t even eating my machine to do that.
Basically, it’s faster, it’s lighter on host resources, it’s more compatible, and NATed networking for the guests just works. Also, there is no hassle because the Arch package maintainers wrote some excellent support scripts. Converting my images and moving over. Do like.

Posted in Computers, DIY, General | 1 Comment

Otomata

Posted on 2011-04-21 by pappp

Cellular automation-based generative synthesizer in flash. Very cool. Incredibly easy to make pleasing patterns. Would love a scaled up version.

Posted in Computers, DIY, Entertainment, General, Music | Leave a comment

WordPress Header Glitch

Posted on 2011-04-19 by pappp

For some reason, the 3.1 to 3.1.1 WordPress update (or something coincident with it) removed the rel=me link back to my Google profile from my headers. Those links are important – they’re how this page is integrated into my online identity via XFN (The “Xhtml Friends Network”), one of the open standards which will obsolete proprietary social networks like the normal standards-driven internet obsoleted AOL, Compuserve, and the other early walled-garden services (oh please oh please oh please oh….). More immediately, they are what lets google know it should pull blog posts into my Buzz feed and such. Fixed now.

Posted in Computers, DIY, Meta | Tagged , , | Leave a comment

Superauto Espresso

Posted on 2011-04-19 by pappp

There is a new superauto espresso machine (specifically, a VKI Eccellenza Express) on the second floor of the Marksbury building. Life is suddenly excellent, although my continued health may be in danger.
My only compliant from my first use is that the macchiato button appears to make a latte macchiato (and a starbucks-like sweetened monstrosity of one at that), rather than a real macchiato. The manual doesn’t appear to be online (yet?), but I expect the next several weeks will be punctuated with attempts to coax something resembling a brauner out of it.

Posted in FoodBlogging, General, Objects | Leave a comment

I ran into a description of harmonic drives earlier. I hadn’t seen anything quite like them before, and they are just so cool – flexible driven gear for high torque, high fraction engagement, and inherently loaded for zero-backlash. Even though … Continue reading

Posted on 2011-04-17 by pappp | Leave a comment

Window Manager Musings

Posted on 2011-04-17 by pappp

A while ago I installed KDE 4.6 on one of my machines, just to see what the bulky extreme of desktops looked like these days. Mostly, it was obscenely bulky (KDE alone is, seriously, larger than the sum of the software I have on my workstation on campus) and cluttered (what is the deal with that fucking cashew). However, there are a lot of improvements over the last time I fiddled with KDE, and a few features I really, really like.

Some of the little nice things: The control panels are all integrated and aware of each other. The GUI wrappers around randr are genuinely nice (display attachment behavior as good as Windows 7’s – which is frankly the best I’ve ever seen), and the fact that it customizes nicely to CDE-style right-click-the-desktop menus (sans this bug when I first tried) is promising.

The most important (The nomenclature alone for this behavior is nonstandard) is “Desktop Gluing” – Permanently fixing particular windows (or applications, or whatever) to particular virtual desktops. In KDE, a huge array of window behaviors can be set from “Advanced Window Settings” or “Advanced Application Settings” panels obtained by right-clicking the title bar of a window. It’s a good design – unobtrusive until you go looking for it, and obvious once you do. I always keep my “Communication and Identity” stuff (Email, Chat clients, a browser with whatever social things I feel like tending to, etc.) on my second workspace, and this makes it much easier to respond to message alerts without pulling those windows to other workspaces.
Any EWMH compliant environment SHOULD be able to do this, (and apparently E17 has behavior similar to KDE, but E17 has improved from “Broken” to “Useless” over the last few times I’ve played with it, so that isn’t terribly helpful). I can’t find a way to replicate this behavior with XFCE. The native settings don’t have anything, and Devil’s Pie and wmctrl can both cause windows to OPEN on a specified desktop, but they are both extra, somewhat fussy, programs that need to run in the background, and neither can force a window to STAY on a particular desktop.

When looking into the feature, I did make the excellent discovery that XFCE has had a setting for the last several releases that takes care of one of the problems window gluing solves. Based on this Bug Report, one can switch the obnoxious “Pull window to active workspace when activated” behavior to either move focus to the workspace the window is on (My desired behavior), or just alert in the task bar.

Always nice to find little ways to improve the workflow, and see what the other desktop environments are doing, especially with so much of the UI “Innovation” of late being disappointing (see iOS, and Unity).

Posted in Computers, General | Tagged , , | Leave a comment

Humble Indie Bundle #3

Posted on 2011-04-12 by pappp

There is another Humble Indie Bundle name-your-own price/donate to charity sale going on. Like last time, the average Linux user is paying about twice what the average Mac user does, which is in turn about 1.5x what the average Windows user offers. Who says we’re cheap?
I put $15 into the last one, and even though I didn’t end up liking half the games in the set, it was totally a good deal. Did it again this time even though I won’t have time to play them in the near future.

Posted in Computers, Entertainment, General, Objects | Tagged | Leave a comment