sanguinity: woodcut by M.C. Escher, "Snakes" (Default)
[personal profile] sanguinity
[vid] Something Good (Will Come From That)
100 years of moving pictures about Holmes and Watson

Download, streaming, and sources at DW/LJ and AO3.
Rebloggable version at tumblr.


For the past year I've been watching a LOT of Holmes and Watson while trying not to say too much about any of it in public. (I was allegedly ‘preserving my anonymity,’ hah! I needn’t have bothered; the [livejournal.com profile] holmestice comm seems to have known more-or-less instantly who made that vid.)

So here, have a bunch of random, pent-up commentary, with numerous digressions and side-notes. :-)

A Year Spent Watching Holmes and Watson )

'All the Holmeses' and 'All the Watsons' )

100 Years of Moving Pictures )

100 Years of Cinematography )

Cinematography and Shippiness )

Gender and Race, oh my! )

'Always' 1895 )

Would You Like to Take a Walk? )
sanguinity: woodcut by M.C. Escher, "Snakes" (Default)
[personal profile] sanguinity
As I said earlier, we've just finished a round of Holmestice. I made a vid for [livejournal.com profile] gardnerhill.

Streaming and download here and mirrored at AO3.
Rebloggable version at tumblr.
Commentary in a post to follow.

Title: Something Good (Will Come From That)
Characters/Pairings: Holmes & Watson; Holmes/Watson
Rating: General
Summary: One hundred years of moving pictures about Holmes and Watson.

My deepest thanks to my collaborator and source-monkey, [livejournal.com profile] k_e_p/[personal profile] language_escapes, without whom this would have required twice the work and been half as good. Major thanks also to [personal profile] grrlpup, who watched many hours of source and many drafts of the vid, and to [personal profile] ghost_lingering, who provided excellent beta and technical advice.

If you spot an error in the source list, please say so. I am uncertain that I have credited the correct actors for Jighangsha (1951). If there’s anyone out there who can double-check against the in-film credits (which are in Bengali script), that would be a great boon, thank you.




Something Good (Will Come From That) from Sanguinity on Vimeo.

Download (.mp4, 65MB)



Sources )

Lyrics )
 

Friday Five

Jun. 24th, 2016 11:12 am
grrlpup: (rose)
[personal profile] grrlpup

1. When we moved into our house 20 years ago, sanguinity and I ripped up the incredibly gross carpet in one room, and with friends’ help we resanded the softwood floor underneath. It was pretty worn, but we got one more sanding out of it. Sang convinced me to finish with old-school shellac, and it worked out fine. (No wet shoes or muddy pets allowed in that room.)

We mostly cleared the room last month to make space for workers restoring the window, so it seemed like a good opportunity for another couple of coats. The hardware store employees were incredulous that shellac could be a floor covering, and I had to be adamant to get them to order me a quart of it. (It was weird, they’re not usually like that.) Sang wielded the brush and had to go lie down and giggle afterwards because of the alcohol fumes. But look, pretty!

shellacked softwood floor

2. After Vass mentioned a game called Alphabear, I put it on my phone and tried it out. I may get hooked enough to have to delete it soon, although so far it’s strenuous enough that my brain’s tired of it after a round or two. It’s just as well I left my phone at home today.

3. This art car has been for sale down by the Reed campus for a couple of weeks.

art-car wagon in the sun

Thing is, the front panel spells out in beads that it’s dedicated to the memory of someone. It would be a considerable and maybe odd responsibility to take over an art car memorial for someone you didn’t know.

We had an art car plan, never executed, for my old Camry– the paint on the hood was worn and scratched, and Sang suggsted we could paint on a knitting-stitch pattern, with cables or whatever, and then maybe put a big ball of yarn and needles on the roof. But in reality, I’m so averse to attracting attention that even a bumper sticker is pushing it. Also the reason I’ll probably never have a recumbent bike, unless someday they’re no longer conversation magnets.

4. Tomorrow evening I’m volunteering at the Portland World Naked Bike Ride. They’re taking off from the park nearest my house, and it seemed a shame not to go see such an iconic event, but I didn’t want to un-cobweb my bike or be a creepy rubbernecker. So I’ll help with the first pass of cleanup after the ride leaves. (Another crew comes through at 8 a.m. to get whatever we miss in the dark.)

5. 1970s rereading jag, including most of the Al books by Constance C. Greene. Books set in apartment buildings were strange and fascinating to me as a kid– friends living down the hall, taking the laundry to the basement, and people called “supers” who also lived in the basement? The Al books are such a comedy act in their dialogue and timing and repetition that I’m a little surprised that they felt like real novels to me then. I didn’t even notice for years that we never learn the narrator’s name. Now I’m on to Beat the Turtle Drum and it’s very weird to hear echoes of that same voice in Kate and Joss, but slower and more serious.

This post also appears at read write run repeat. Comments read and welcomed in either place!

Holmestice recs!

Jun. 24th, 2016 08:58 am
sanguinity: woodcut by M.C. Escher, "Snakes" (Default)
[personal profile] sanguinity
[livejournal.com profile] holmestice just completed another round!

My lovely gift was a Watson and Holmes story about Violetta Smith and Irene Adlero, their music, their careers, and their relationship:
A Time to Remember by [archiveofourown.org profile] venusinthenight
Violetta Smith & Irene Adlero
G, No Archive Warnings Apply
Music; Female Friendship; Canon Character of Color; Black Character(s); Life-Changing Moments; Female-Centric; Volume 2 Spoilers; Community: holmestice
1779 words

The Adventuress was a pivotal album for Violetta, but meeting the woman who made it would become life-changing.

Lots of people aren’t familiar with the Watson and Holmes comic, so have some panels introducing Violetta and Irene:
Violetta’s and Irene’s introductions )

I turned that page at the end of Solitary Cyclist, discovered that Irene and Violetta knew each other, and fireworks went off in my brain. I immediately made a note to request them for the next round of Holmestice, and look what happened! I got a thing! :-)

I also had the pleasure of getting to beta ALL THREE My Dearly Beloved Detective stories. (Three! Three! We got three MDBD stories!) My Dearly Beloved Detective is a Russian farce with a pathos-filled underbelly, in which Doyle’s Holmes and Watson are fictional characters, but so many people kept applying to 221B Baker Street for aid, that a pair of detectives were hired to fill the need: Shirley Holmes and Jane Watson. Scotland Yard is not so thrilled to be bested by a pair of women, and decided to take them down. The film is available on YouTube with fan-produced English subtitles: My Dearly Beloved Detective.

The three stories very nearly have a consistent throughline between them — pre-canon, mid-canon, and post-canon — all centering on the stresses between Shirley and Jane concerning Jane’s desire to get married.

The Hue and Cry by [archiveofourown.org profile] garonne for [livejournal.com profile] k_e_p
An evening at home with a stack of newspapers.

my tired soul on fire by [archiveofourown.org profile] PhoenixFalls for [personal profile] garonne
I ached for everything we had been to each other, everything we could have been together. For every case we would not get to solve together; for all the useful skills I would not get to teach her; for every quiet evening in we would no longer spend chatting over our books or our mending.

so that you will hear me by [livejournal.com profile] k_e_p for [livejournal.com profile] venusinthenight
She needs Jane to know.


A stand-out this round was the Murder by Decree story, Art in the Blood, by [archiveofourown.org profile] rachelindeed. (Author’s summary: After the events of Murder by Decree, Mycroft Holmes leaves the British government and tries to decide what to do with the rest of his life.) Dear reader, I laughed and I cried.

I also particularly enjoyed:
  • [archiveofourown.org profile] gardnerhill’s Bee Yourself (Elementary, Joan-centric, “Things get Kafkaesque around the brownstone.”)
  • [archiveofourown.org profile] rabidsamfan’s Loose End (Game of Shadows, Moran vs. Watson, “The hunter becomes the hunted.”)
  • [archiveofourown.org profile] scfrankles’s Dust and Ashes (ACD, humor, “Holmes and Watson investigate three cases which appear to have some similarities. Could there be something bigger going on in the background?”)
  • [archiveofourown.org profile] gray_cardinal’s Broken Silence (ACD, post-Reichenbach, ‘I shook my head slightly, levered myself to my feet – and, for the first and only time since the founding of the Diogenes, broke the club’s most cardinal rule. “Come,” I said to Dr. Watson, “and we shall discuss the matter.”’)


…and I have to go take the car to have the brakes looked at. I’ll talk about my own contribution to the round when I get back. :-)

I've bought some more awful IoT stuff

Jun. 21st, 2016 03:13 pm
[personal profile] mjg59
I bought some awful WiFi lightbulbs a few months ago. The short version: they introduced terrible vulnerabilities on your network, they violated the GPL and they were also just bad at being lightbulbs. Since then I've bought some other Internet of Things devices, and since people seem to have a bizarre level of fascination with figuring out just what kind of fractal of poor design choices these things frequently embody, I thought I'd oblige.

Today we're going to be talking about the KanKun SP3, a plug that's been around for a while. The idea here is pretty simple - there's lots of devices that you'd like to be able to turn on and off in a programmatic way, and rather than rewiring them the simplest thing to do is just to insert a control device in between the wall and the device andn ow you can turn your foot bath on and off from your phone. Most vendors go further and also allow you to program timers and even provide some sort of remote tunneling protocol so you can turn off your lights from the comfort of somebody else's home.

The KanKun has all of these features and a bunch more, although when I say "features" I kind of mean the opposite. I plugged mine in and followed the install instructions. As is pretty typical, this took the form of the plug bringing up its own Wifi access point, the app on the phone connecting to it and sending configuration data, and the plug then using that data to join your network. Except it didn't work. I connected to the plug's network, gave it my SSID and password and waited. Nothing happened. No useful diagnostic data. Eventually I plugged my phone into my laptop and ran adb logcat, and the Android debug logs told me that the app was trying to modify a network that it hadn't created. Apparently this isn't permitted as of Android 6, but the app was handling this denial by just trying again. I deleted the network from the system settings, restarted the app, and this time the app created the network record and could modify it. It still didn't work, but that's because it let me give it a 5GHz network and it only has a 2.4GHz radio, so one reset later and I finally had it online.

The first thing I normally do to one of these things is run nmap with the -O argument, which gives you an indication of what OS it's running. I didn't really need to in this case, because if I just telnetted to port 22 I got a dropbear ssh banner. Googling turned up the root password ("p9z34c") and I was logged into a lightly hacked (and fairly obsolete) OpenWRT environment.

It turns out that here's a whole community of people playing with these plugs, and it's common for people to install CGI scripts on them so they can turn them on and off via an API. At first this sounds somewhat confusing, because if the phone app can control the plug then there clearly is some kind of API, right? Well ha yeah ok that's a great question and oh good lord do things start getting bad quickly at this point.

I'd grabbed the apk for the app and a copy of jadx, an incredibly useful piece of code that's surprisingly good at turning compiled Android apps into something resembling Java source. I dug through that for a while before figuring out that before packets were being sent, they were being handed off to some sort of encryption code. I couldn't find that in the app, but there was a native ARM library shipped with it. Running strings on that showed functions with names matching the calls in the Java code, so that made sense. There were also references to AES, which explained why when I ran tcpdump I only saw bizarre garbage packets.

But what was surprising was that most of these packets were substantially similar. There were a load that were identical other than a 16-byte chunk in the middle. That plus the fact that every payload length was a multiple of 16 bytes strongly indicated that AES was being used in ECB mode. In ECB mode each plaintext is split up into 16-byte chunks and encrypted with the same key. The same plaintext will always result in the same encrypted output. This implied that the packets were substantially similar and that the encryption key was static.

Some more digging showed that someone had figured out the encryption key last year, and that someone else had written some tools to control the plug without needing to modify it. The protocol is basically ascii and consists mostly of the MAC address of the target device, a password and a command. This is then encrypted and sent to the device's IP address. The device then sends a challenge packet containing a random number. The app has to decrypt this, obtain the random number, create a response, encrypt that and send it before the command takes effect. This avoids the most obvious weakness around using ECB - since the same plaintext always encrypts to the same ciphertext, you could just watch encrypted packets go past and replay them to get the same effect, even if you didn't have the encryption key. Using a random number in a challenge forces you to prove that you actually have the key.

At least, it would do if the numbers were actually random. It turns out that the plug is just calling rand(). Further, it turns out that it never calls srand(). This means that the plug will always generate the same sequence of challenges after a reboot, which means you can still carry out replay attacks if you can reboot the plug. Strong work.

But there was still the question of how the remote control works, since the code on github only worked locally. tcpdumping the traffic from the server and trying to decrypt it in the same way as local packets worked fine, and showed that the only difference was that the packet started "wan" rather than "lan". The server decrypts the packet, looks at the MAC address, re-encrypts it and sends it over the tunnel to the plug that registered with that address.

That's not really a great deal of authentication. The protocol permits a password, but the app doesn't insist on it - some quick playing suggests that about 90% of these devices still use the default password. And the devices are all based on the same wifi module, so the MAC addresses are all in the same range. The process of sending status check packets to the server with every MAC address wouldn't take that long and would tell you how many of these devices are out there. If they're using the default password, that's enough to have full control over them.

There's some other failings. The github repo mentioned earlier includes a script that allows arbitrary command execution - the wifi configuration information is passed to the system() command, so leaving a semicolon in the middle of it will result in your own commands being executed. Thankfully this doesn't seem to be true of the daemon that's listening for the remote control packets, which seems to restrict its use of system() to data entirely under its control. But even if you change the default root password, anyone on your local network can get root on the plug. So that's a thing. It also downloads firmware updates over http and doesn't appear to check signatures on them, so there's the potential for MITM attacks on the plug itself. The remote control server is on AWS unless your timezone is GMT+8, in which case it's in China. Sorry, Western Australia.

It's running Linux and includes Busybox and dnsmasq, so plenty of GPLed code. I emailed the manufacturer asking for a copy and got told that they wouldn't give it to me, which is unsurprising but still disappointing.

The use of AES is still somewhat confusing, given the relatively small amount of security it provides. One thing I've wondered is whether it's not actually intended to provide security at all. The remote servers need to accept connections from anywhere and funnel decent amounts of traffic around from phones to switches. If that weren't restricted in any way, competitors would be able to use existing servers rather than setting up their own. Using AES at least provides a minor obstacle that might encourage them to set up their own server.

Overall: the hardware seems fine, the software is shoddy and the security is terrible. If you have one of these, set a strong password. There's no rate-limiting on the server, so a weak password will be broken pretty quickly. It's also infringing my copyright, so I'd recommend against it on that point alone.

[Linkspam] Monday, June 20

Jun. 20th, 2016 07:41 pm
tim: A bright orange fish. (fish)
[personal profile] tim
I'm going to try doing a weekly linkspam post, because why not? Maybe it'll motivate me to get through my Pinboard backlog.

  • "Parents, right? Psh, who needs em!", by Talia Jane (2016-06-20). A hot personal take on the silencing of people who were parented incompetently. "Why would you care about the rocky nature of my personal life? Well, why do you think I’d care about how healthy your personal life is? Why would you think I’d enjoy seeing happy photos of you with your parents, outside of the fact that I might be happy you’re not curled up in a ball crying for six hours?"
  • Unsuck It: A bullshit-business-jargon-to-English translator (occasional ableism but on the whole pretty on-the-mark). "wellness: A notional substitute for a decent health insurance plan. Frequently includes chipper admonishments to do obvious things, such as get off your ass and walk or eat more vegetables."
  • "creativity and responsibility", by [personal profile] graydon2 (2016-06-17). On "creativity" as applied to software development: "I think 'creative' also serves as a rhetorical dodge about expectations, or perhaps more bluntly: responsibilities." Tangentially, this post reminds me of a quote from Samuel Delany that I love:
    The sad truth is, there’s very little that’s creative in creativity. The vast majority is submission – submission to the laws of grammar, to the possibilities of rhetoric, to the grammar of narrative, to narrative’s various and possible restructurings. In a society that privileges individuality, self-reliance, and mastery, submission is a frightening thing.

    (I think the software industry could do with a bit more submission to models, and there's probably something to be teased out here about why some people are so resistant to type systems and other forms of static verification.)
  • "To Keep The Blood Supply Safe, Screening Blood Is More Important Than Banning Donors", by Maggie Koerth-Baker for FiveThirtyEight (2016-06-18). We've all known for a long time that the ban on MSM donating blood is based in homophobia and not science, but it's always nice to see more evidence of that.
  • "The Myth of the Violent, Self-Hating Gay Homophobe", by Cari Romm for New York magazine (2016-06-16). No, homophobes aren't all (or even mostly) closeted self-hating queers. Hetero people really do hate us that much.
  • Interview With a Woman Who Recently Had an Abortion at 32 Weeks, by Jia Tolentino for Jezebel (2016-06-15). Long, harrowing interview with a woman who had a very late-term abortion. Makes me feel glad that there are still a few doctors courageous enough to provide this care, and sad that so many have been terrorized out of doing it.
  • "How Bernie Sanders Exposed the Democrats’ Racial Rift", by Issac J. Bailey for Politico (2016-06-08). "To minority voters, Trump’s candidacy feels like an existential threat. It’s one thing for Republicans to either ignore or embrace his racism; the party already seems unwilling or incapable of making the kinds of adjustments it must to attract more non-white voters. It’s quite another for white Democrats to not appreciate how liberal minorities feel about the possibility of a Trump presidency and what that would say about the state of racial progress in America. It would be a slap in the face, the latest sign that a kind of white privilege—throwing a temper tantrum because they don’t get their way despite how much it hurts people of color—is deeply rooted within liberal, Democratic ranks as well."
  • "The Ethics of Mob Justice", by Sady Doyle for In These Times (2013-11-08). Unfortunately, relevant again. "So we’re left with upholding structural principles, and this brings me to the Internet’s other poisoned gift to social justice: Even as it enhances our ability to censure those who violate the social contract, it makes the individual members of that society more visible, warts and all. Where the radicals of previous generations could spout high-minded rhetoric about the Common Man, Womankind or the Human Spirit while interacting mainly with the limited circle of people they found tolerable, we contemporary activists have to uphold our principles while dealing with the fact that actual common men, women and human spirits are continually being presented to us in harshly lit, unflattering close-up..." (I don't read this article as being opposed to public shaming, and I'm certainly not. Just as taking a skeptical eye to the targeting of women for having unacceptable feelings in public.)

Unchanged?

Jun. 19th, 2016 08:35 pm
[personal profile] jazzyjj
Guess the mobile site remains unchanged?

(no subject)

Jun. 19th, 2016 10:44 am
[personal profile] jazzyjj
Happy Dad's Day to all of the wonderful dads out there, including mine. New beta page working well with Chromevox too.

(no subject)

Jun. 19th, 2016 09:40 am
[personal profile] jazzyjj
This is just a test of the new beta Create Entries page on the mighty Dreamwidth. Looks good so far, doesn't it? Comments will be turned off for this entry, I think.
alixtii: Summer pulling off the strap to her dress, in a very glitzy and model-y image. (makes me go guh)
[personal profile] alixtii
I was cleaning my room and I came across a couple of "lost" pages from To Live in Hearts the fic in my Watcher!verse which really shifts the universe in several major ways (including the death of Buffy, the beginning of Faith/Kennedy, and the first steps towards Dawn/Giles). I wanted to type them up and decided to post them here, since it seems unlikely (but not impossible!) that the entire fic will ever be written.

excerpt(s) )

Security Through Obscurity

Jun. 17th, 2016 05:33 pm
brainwane: The last page of the zine (zine)
[personal profile] brainwane
I was at a conference, talking with some men, on our way to an informal group dinner. We started talking about what we were reading. One of them (white, US American) and I started talking about comics; we both like comics. I said something enthusiastic about Saga.

He then stated a disclaimer: that he knew he was a bit of a snob, and that if someone asked him if he knew about/read something fairly popular, fairly mainstream, he sort of internally sighed a bit; he preferred pretty offbeat stuff. It seemed like he wanted to prevent bad feelings down the line by forestalling me from asking "have you read [superhero thing]" or "have you read [current critics' darling]" and triggering impatience. I asked if I'd just done that thing, by mentioning Saga, and he said, no, it was fine.

I asked: "So, what's your favorite Amar Chitra Katha?"

There were at least a few seconds of silence, solid eye contact and silence, before he said that he did not know what that was.

So I, pleasantly, told him about the comics I'd read in childhood, made by Indians for many decades, featuring Indian fables, mythology, history, and legends. We then talked about, for instance, Greek and Norse mythology in Marvel/DC mainstream comics, and so on. He mentioned that it did seem like new Indian comics lines were starting up. He did not ask how or where to get ACK comics, or how to spell Amar Chitra Katha so he could learn more.

He didn't say anything explicitly acknowledging my indier-than-thou move (and I didn't either). I wonder whether he noticed it. I will usually prefer enthusiasm over status play, but I do have a few dominance displays in my toolbox and on occasion I will use them.

(no subject)

Jun. 17th, 2016 09:21 am
[personal profile] jazzyjj
I'm all alone for the next couple of days 'cause my neighbor friend across the way is on a mini-vacation. I have no more friends, lol! Whoa is me!
tim: Solid black square (black)
[personal profile] tim
CW: violence, homophobia, victim-blaming

Read more... )


"I am so tired of waiting.
Aren’t you,
for the world to become good
and beautiful and kind?
Let us take a knife
and cut the world in two —
and see what worms are eating
at the rind."
-- Langston Hughes

The Taco Cleanse

Jun. 13th, 2016 10:30 pm
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
"ALERT: Are you getting enough of the color blue in your diet? Colors are so important to the way our bodies function, and since the ocean is blue, it's especially critical that our bodies get enough blue in. The thing is, it can be tough to get blue food into your everyday diet without making conscious choices to choose blue! We developed this recipe to help."

The recipe?

Blue corn chip-crusted tofu.

The Taco Cleanse is both a cookbook for vegan tacos and a gentle send-up of health-and-nutrition-related pseudoscience, woo, and the very concept of cleanses. (Laura Beck of Vegansaurus writes in the foreword: "Cleanses are the fucking worst. They're socially acceptable starvation disguised as health, and that is the fucking worst.") In a nod to Cafe Gratitude, the book contains recipes like "Affirmation Cumin-Onion Rice," "Energizing Dutch Waffle Tacos," and "Euphoric Avocado Wedges.

I will confess that my first thoughts when I heard about this book were, in order, "LOL," and "Oh actually I could definitely use some recipes for veg*n tacos." Not all of the humor bits work -- the section on "Taco Mudras" is uncomfortably ambiguous between making fun of white hippie appropriation of eastern spirituality, and just making fun of eastern spirituality. But mostly it manages to thread a weird, thin line -- silly yet practical, deadpan and serious in its total conviction about the healing power of eating more tacos.

I will have to report back once I find out whether the recipes are any good or not. (Not Dutch Waffle Tacos. No. Well, I mean, if I had a waffle iron...)

Recent cooking

Jun. 13th, 2016 07:57 am
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Charred eggplant and walnut pesto pasta salad - I dislike eggplant unless it's cooked just right, but this was quite delicious and not as bad as I expected with the prep time -- though it was challenging to handle the pasta, the pesto, and the eggplant all at once.

For my Tony viewing snack I made a fruit compote with strawberries, cherries, ginger, and a little lime juice. Served it over ice cream. Actually I didn't let it cool down enough before I ate, so I served it over melted ice cream, but it was still delicious.

We're almost at that time of year when I want to eat nothing but avocado on toast. Luckily I do have some avocados. I'm looking forward to having central air...
Page generated Jun. 26th, 2016 10:06 am
Powered by Dreamwidth Studios