[personal profile] mjg59
I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable start.

Panasonic provide a nice download site for firmware updates, so I grabbed the most recent and set to work. Binwalk found a squashfs filesystem, which was a good sign. Less good was the block at the end of the firmware with "RSA" written around it in large letters. The simple approach of hacking the firmware, building a new image and flashing it to the device didn't appear likely to work.

Which left dealing with the installed software. The BDT-230 is based on a Mediatek chipset, and like most (all?) Mediatek systems runs a large binary called "bdpprog" that spawns about eleventy billion threads and does pretty much everything. Runnings strings over that showed, well, rather a lot, but most promisingly included a reference to "/mnt/sda1/vudu/vudu.sh". Other references to /mnt/sda1 made it pretty clear that it was the mount point for USB mass storage. There were a couple of other constraints that had to be satisfied, but soon attempting to run Vudu was actually setting a blank root password and launching telnetd.

/acfg/config_file_global.txt was the next stop. This is a set of tokens and values with useful looking names like "IDX_GB_PTT_COUNTRYCODE". I tried changing the values, but unfortunately made a poor guess - on next reboot, the player had reset itself to DVD region 5, Blu Ray region C and was talking to me in Russian. More inconveniently, the Vudu icon had vanished and I couldn't launch a shell any more.

But where there's one obvious mechanism for running arbitrary code, there's probably another. /usr/local/bin/browser.sh contained the wonderful line:
export LD_PRELOAD=/mnt/sda1/bbb/libSegFault.so
, so then it was just a matter of building a library that hooked open() and launched inetd and dropping that into the right place, and then opening the browser.

This time I set the country code correctly, rebooted and now I can actually watch Monkey Dust again. Hurrah! But, at the same time, concerning. This software has been written without any concern for security, and it listens on the network by default. If it took me this little time to find two entirely independent ways to run arbitrary code on the device, it doesn't seem like a stretch to believe that there are probably other vulnerabilities that can be exploited with less need for physical access.

The depressing part of this is that there's no reason to believe that Panasonic are especially bad here - especially since a large number of vendors are shipping much the same Mediatek code, and so probably have similar (if not identical) issues. The future is made up of network-connected appliances that are using your electricity to mine somebody else's Dogecoin. Our nightmarish dystopia may be stranger than expected.

Geeks & exclusion as default

Apr. 18th, 2014 08:57 pm
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Foz Meadows wrote an interesting piece on female geeks and being excluded by default. Which brought to mind a game a friend of mine got last month called "Geek Battle." It's more or less Trivial Pursuit, except that your categories are things like comics, video games, science, and "geek life." (I can't remember what geek life is supposed to look like, although I think one of the questions in this category was about the color of caffeine?)

This is a really fun game to play, actually, if you play it with people who you're on a similar footing with -- my roleplaying group was pretty well-matched although some of us could remember the early days of arcade games better than others. But if you play it for long enough, it's very apparent that it's reifying a canon of "geek" that's centered on a geek culture that has been really exclusionary.

It asks you to name Arnold Schwarzenegger movies and Monty Python movies and Douglas Adams novels and Kurt Vonnegut novels; heck, I don't remember one question about manga or anime, and that's certainly as "mainstream geek" as old arcade games. Someone whose experience of being a geek came from reading Ursula LeGuin and Octavia Butler and watching wuxia movies would have been shut out.

If you look at the dust-up over whether you can be a "real fan" without reading or appreciating Heinlein, I think ... a lot of people are really invested in a definition of "geek," or "fan," that means we all have the same common reference points. And those common reference points are really important to people, or at least, that's the only plausible explanation for people who insist on quoting and requoting Monty Python long after it's stopped being funny. (They're important to me, too, or I wouldn't have gone to see Thor 2, which I thought was a pretty bad movie but showed up just enough on Tumblr that I felt I was missing out by not seeing it.) But it's not an accident that those common reference points usually end up being things that are made by white guys, you know? And then people end up recycling a canon of "mainstream geek culture" with lots of the diversity filed off.

I'll keep playing Geek Battle. I have fun when I play it. But it sucks that it plays into the idea that some people are better than others at being geeks, and it sucks that it puts a veneer of objectivity onto a really subjective, and biased, vision of what a "real geek" should know.

A few iOS freebies

Apr. 17th, 2014 02:12 pm
[personal profile] yendi
1. Hearthstone! Hearthstone! Yay! I'm amazed at how well this plays on the iPad, frankly. If you're already a player, even if you prefer your PC, you should play one match on the iPad to win a free pack of cards. If you haven't played HS at all, it's about as close to perfect as an FTP game can get, a great, fun collectible trading card game.

2. Horn. A hack-and-slash in the Infinity Blade style that's gotten some solid reviews.

3. Knights of Pen and Paper. A witty self-referential game that doesn't fall too far down its own rabbit hole, and is also fun so far.

4. Help Me Fly. A fun line-drawing puzzle game. I've had this one for a while, and it's pretty tough under the goofy-looking theme.

5. Warhammer Quest. Yes, there's a ton of IAP expansions, but at least you get the base game here for free. And that's got plenty to play.

6. Ascension. I'm assuming this one's staying free, now, but definitely worth grabbing. And add me in Gamecenter if you do! I'm always up for more games of this. It's probably my single favorite iOS app.

7. Hunter Island. The closest thing I've seen to a truly successful Pokemon game on the iOS, and well worth it for Pokemon or JRPG people.
[personal profile] yendi
I had my first jury duty experience in MA, after having been called twice in GA. Those first two experiences ended without my being impaneled at all (one, in fact, ended with a bomb threat). But yesterday's was a bit more interesting.

Things I learned from the video they showed us:

1. Massachusetts pioneered the one day/one juror system (instead of the ludicrous thirty-day system).

2. MA was one of the first to allow black people to sit on juries.

3. And one of the last to allow women.

That sounds educational, but seeing as it was a twenty-minute video, I'm not sure there was a lot of real meat there.

Other things I learned:

5. I could have gotten switched to a courthouse that was closer than the one in Lowell, had I known.

6. Being impaneled is interesting, and not quite like it usually is on TV. At least in this case (a civic one), the only people who were around when I was being questioned were the judge and the attorneys; the case participants, other jurors, etc, were too far away to hear anything.

7. Now that I've served (even being dismissed is considered serving; showing up the key thing here), I've got a three-year respite from being called again.


Apr. 16th, 2014 05:33 pm
badgerbag: (Default)
[personal profile] badgerbag
Did ok on my trip, but just ok. I also got through work today. And I wrote a blog post because it seemed like it had to be done. But now I'm totally done touching a keyboard. Exhausted, in pain, a bit fevery feeling all over. I have not managed to unpack yet. Moomin helped me put away clean laundry. Zond7 ordered us groceries and cleaned up and we have a helpful house cleaner coming tomorrow. I need serious rest.

Read The Goblin Emperor, which I highly recommend! OMG... more like this!

Also, Pen Pal by Francesca Forrest.

Both excellent!!!

(no subject)

Apr. 16th, 2014 10:48 am
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
The point I'm at with my Chinese learning is a tough part -- if I want to read things, the volume of unknown vocabulary isn't overwhelming; but reading things is ridiculously, painfully slow. It's a problem of integrating and making automatic the knowledge I already have, more than a problem of learning new things.

I know how I got through this when I was learning Japanese. It was by reading tons of manga, and tons of Fujimi Orchestra novels.

But the kind of things that I want to read in Chinese -- manga, and cheesy romance novels, and fantasy novels -- are mostly in traditional characters, which are even more painfully slow for me to read than simplified characters. (And I suspect there are some mainland vs. Taiwan dialect differences that are causing me problems too.) And the materials aimed at Chinese learners are mostly too easy for me by this point.

I suspect this will probably work out for me similarly to how it worked out in Japanese, where I buy a lot of books I don't end up reading in the quest for something both interesting enough and easy enough, and eventually things get easier, bit by bit.

But I sure wish that the nearest really good Chinese bookstore wasn't all the way in Flushing. (The ones in Chinatown keep closing!)
erika: Text with picture of Neil Patrick Harris: When I get sad, I stop being sad and be awesome instead.  True story. (words: start being awesome)
[personal profile] erika
Scenes over the last few weeks:

Thank god for spring.

Content warning: not giving a fuck about suicidality. )

A few days ago:
My head hurts. It's the steady ache of my days, separating dream from reality. Lucid dreaming's a snap when you have chronic pain; if I'm in reality, then I'm in pain. The ache in my head is unrelenting, though modest, a steady drumming thrum of plucked strings and high wires.

My heart hurts: it aches so deeply that I experience "heartbreak" as so much more than a word. Maybe it's impossible to convey, that searing agony that forces me to my knees and desperate tears to my face, denial already on my lips, like a punch from a cannon into my sternum. But—but—it passes. It dwells within me and then escapes, only to come back at the oddest times to remind me of the pain, to make me think "Oh god, I will die. I'm dying right now."

You say hername went with you on that hike, and I wonder what else you're keeping from me. I remember how you said, "I think it's for the best." I don't know what's for the best anymore.

The last section speaks to the fact that while under unimaginable emotional stress, Josh broke up with me for a few days.

I told him, fine, move out, but I'm keeping the lease. I rallied my support system, and played "So What" by P!nk a lot, but I was okay, fundamentally. That surprised me more than anything else. Afterwards, he said he was proud of me for telling him to get out and asserting myself like that.

"What would it look like if it weren't that", my social worker asks me.

She nearly interrupted me when I started talking, a pre-emptive apology for phrasing it badly—that's how I know she was either embarrassed or I make fun of people too much for weird phrasing, but I interrupted her right back and said "No, no, it stuck in my head."

I'd been rambling about how I worry, like usual, that i'm not helping anyone at work and that i'm a major burden, but she had said that and it felt ... like a splinter, like the tip of an iceberg that would drench me in cold water once I'd worked it out.

So I thought about it, pondered in my mind what that meant to me, her words, because I can never resist a challenge.

What would the opposite of your fear look like, perhaps. And I had this feeling, concurrent with a stumbling inability to put emotions to words that I've recently discovered as a barrier to discussing the most important parts of me—a decent yellow flag if you think of it that way—
I felt like "the opposite of my fear is what's in reality."

As in, if I fear that I'm a burden at work, the opposite of that would be a valued contributor who pays attention to the moment and plans for the future, is rooted in reality.

In reality.

Yes, I am a valued contributor at work, says the evidence. But I'm not looking for the shadow of the mountain of evidence, I'm not listening to the appreciative thanks that land in my ears, I'm not running my fingers over the embroidered deeds and words and support I've given happily at work, so I don't know it.

I fear that Josh is tired of me and sickened by me, and the opposite of that is that he loves me and wants to be around me more often than he wants to be around anyone else. Again, I think that has evidence for it.

But how can I know what being a valued contributor would look like, or being really appreciated as a partner, because I've never had those experiences before or if I did, they came along too fleetingly for me to understand them, underscored by the long uncomfortable punctuations of being hurt instead of heard?

(Hurt instead of heard: a small flippancy to the dreadful experiences that I hope you'll forgive me.)

This has the flavor of the uncomfortable perspective shift that always accompanies epiphanies for the first few days.

If I don't know what it is, if I haven't defined it for myself, then I won't ever know it even if I do encounter it.

If I don't know what it is, I wouldn't recognize it were it right in front of me. Yet being with Josh, and working this last month, I've had the very strong feeling that these experiences are distinctly different from others.

However, when it was only with Josh, and me not seeing this effect in other areas of my life, perforce unique, entirely, to recognize that he values me. Adding to that when I got this job and they value me too, it wasn't as shocking and it also meant——hey, this isn't just a fluke.

Somehow I find this revelation comforting, even affirming. It says to me "yes, Virginia, there is hope. These things do exist, and may even be in your life right now, but you haven't learned to recognize them. Now I know I haven't learned to recognize them.

As Archimedes said, give me a lever and a place to stand.

The opposite of my fear is what's in reality also has another meaning to me. I think sometimes I... react to my fears like they are reality. Even often, I do that, perhaps. Certainly more than I want to.

The epiphany of these last few paragraphs serves to move my world view a few degrees, and here I am, rotated into seeing my life differently with that arc of space.

Many times I fear things that may not or probably won't happen and act as though they must BECOME reality at some point. For whatever reason: a fertile imagination, past bad experiences, playing too many video games——that last was a joke.

I don't want to waste my energy like that anymore. I have better things to do.
[personal profile] yendi
There's a twitter account that will RT you if you mention "masturbating" in a tweet.

Real-world Secure Boot attacks

Apr. 13th, 2014 09:43 pm
[personal profile] mjg59
MITRE gave a presentation on UEFI Secure Boot at SyScan earlier this month. You should read the the presentation and paper, because it's really very good.

It describes a couple of attacks. The first is that some platforms store their Secure Boot policy in a run time UEFI variable. UEFI variables are split into two broad categories - boot time and run time. Boot time variables can only be accessed while in boot services - the moment the bootloader or kernel calls ExitBootServices(), they're inaccessible. Some vendors chose to leave the variable containing firmware settings available during run time, presumably because it makes it easier to implement tools for modifying firmware settings at the OS level. Unfortunately, some vendors left bits of Secure Boot policy in this space. The naive approach would be to simply disable Secure Boot entirely, but that means that the OS would be able to detect that the system wasn't in a secure state[1]. A more subtle approach is to modify the policy, such that the firmware chooses not to verify the signatures on files stored on fixed media. Drop in a new bootloader and victory is ensured.

But that's not a beautiful approach. It depends on the firmware vendor having made that mistake. What if you could just rewrite arbitrary variables, even if they're only supposed to be accessible in boot services? Variables are all stored in flash, connected to the chipset's SPI controller. Allowing arbitrary access to that from the OS would make it straightforward to modify the variables, even if they're boot time-only. So, thankfully, the SPI controller has some control mechanisms. The first is that any attempt to enable the write-access bit will cause a System Management Interrupt, at which point the CPU should trap into System Management Mode and (if the write attempt isn't authorised) flip it back. The second is to disable access from the OS entirely - all writes have to take place in System Management Mode.

The MITRE results show that around 0.03% of modern machines enable the second option. That's unfortunate, but the first option should still be sufficient[2]. Except the first option requires on the SMI actually firing. And, conveniently, Intel's chipsets have a bit that allows you to disable all SMI sources[3], and then have another bit to disable further writes to the first bit. Except 40% of the machines MITRE tested didn't bother setting that lock bit. So you can just disable SMI generation, remove the write-protect bit on the SPI controller and then write to arbitrary variables, including the SecureBoot enable one.

This is, uh, obviously a problem. The good news is that this has been communicated to firmware and system vendors and it should be fixed in the future. The bad news is that a significant proportion of existing systems can probably have their Secure Boot implementation circumvented. This is pretty unsurprisingly - I suggested that the first few generations would be broken back in 2012. Security tends to be an iterative process, and changing a branch of the industry that's historically not had to care into one that forms the root of platform trust is a difficult process. As the MITRE paper says, UEFI Secure Boot will be a genuine improvement in security. It's just going to take us a little while to get to the point where the more obvious flaws have been worked out.

[1] Unless the malware was intelligent enough to hook GetVariable, detect a request for SecureBoot and then give a fake answer, but who would do that?
[2] Impressively, basically everyone enables that.
[3] Great for dealing with bugs caused by YOUR ENTIRE COMPUTER BEING INTERRUPTED BY ARBITRARY VENDOR CODE, except unfortunately it also probably disables chunks of thermal management and stops various other things from working as well.

And then you're someone you are not

Apr. 12th, 2014 10:34 am
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Last night went to see Hedwig and the Angry Inch, the first time I've been to a Broadway show in... well, a couple years at least. Saw the movie many years ago; saw a stage production in Raleigh a few years ago that was very good but definitely low-budget.

Whether you like it or not... )
karenhealey: Rainbow Dash overcome with excitement (My Little Pony) (Default)
[personal profile] karenhealey

Okay, Internets, brace yourself, because this post has been brewing for a while.

In the last three months, When We Wake has been honored with a number of special things. My science fiction Sleeping Beauty story is:

This means that When We Wake has been honored in New Zealand, Australia, and the United States - all the territories where it has been published.

It's hard to tell you how I feel about that. It's gratifying to be recognised. And I am stupendously relieved that after five years and (as of this week) four books published, I can still write what someone wants to read.

Writing is hard work for me right now, in my first year of full-time teaching. Writing requires time I don't have to spare, and a focus I lack by the end of the day, and an emotional fortitude I'm drawing on to support my work in the classroom instead. It's discouraging when I hit the end of another weekend without writing a word of fiction, or think that I really must update my website, or remember that if I don't get started on my Cranky Ladies story now, like, right now, I'll have to do it right in the middle of report writing.

Occasionally - not anywhere close to regularly, but occasionally - I wonder if I might not be better just to give up on even trying to write this year. Give myself a break, say no, save my brain. Honestly, perhaps I should.

Today my Year Nine class and I went to the school library for our fortnightly visit, where they renew, return and exchange books for our compulsory reading sessions at the start of every English period. I took attendance and then told the girls that I was nominated for the NZ Post award. They applauded, I thanked them, and then we settled into our routine.

Just before we left, I thought about what, actually, we did in this light-filled room with the carefully labelled shelves.

I'm sure every student could give you a different explanation of what she was doing there. What I can tell you is that I saw girls curling on chairs with books, girls perched on desks exploring Project Gutenberg, girls asking each other what they should read next, girls talking to me about what they had read. I saw 25 girls, 25 interconnected universes of experience and interest and ability, all doing the important work of making meaning from words. All reaching through open doors.

It might be better for me to give up writing this year.

But I'm going to write anyway.

My birthday wish

Apr. 7th, 2014 09:21 am
[personal profile] yendi
So it's my birthday tomorrow. I turn 42 tomorrow, which means a great opportunity for jokes about a number that Douglas Adams totally pulled out of his ass because the whole point of his writing is that he didn't believe in a higher power, but some geeks seem to think we should treat the number with reverence that he himself thought was silly.

Not that I'm above the occasional reference myself, but as ages go, it's just a number ensconced between two primes.

I've been offline because work and life and stuff, and haven't done a greed list for a couple of reasons. One's that my needs tend to no longer be in the sort of low-mid level that make for good gifts. Yeah, I've got an Amazon Wish List, but at this stage, I use it as much as a "stuff to maybe buy next time I have credit" thing as anything else. Other than the Diablo 3 expansion (which I'm likely to grab for myself this weekend), I'm generally fine on stuff. We've got a zillion books and movies at home, and while I'd certainly like more, I don't need more, and stuff gets overwhelming. Between streaming video options and the library, few of them are things we need to own anymore. And while we have big financial needs, they're the sort of things that get solved by lucky lottery tickets or unexpected inheritances, not gifts. That's not to say don't get me something if you don't want to, because I will genuinely be grateful, both for the thought and the gift itself, but I'm about thirty years too old to judge the quality birthdays by the gifts received.

But if you're the kind of person who does want to get me something, here's a great option: Support me in the BARCC Walk for Change this Sunday. Yes, I've technically met my goal, but that doesn't mean that BARCC doesn't still need help. For those unaware, BARCC is the Boston Area Rape Crisis Center, and it's a great organization that does a ton of good in the community. And yes, even small donations are a huge help. They do everything from counseling to crisis hotlines to medical advocacy, and much as I wish otherwise, there's a constant need for their work.

Bonus feature: Donations to BARCC are indeed tax-deductible.
Page generated Apr. 21st, 2014 04:52 am
Powered by Dreamwidth Studios