codeblog

April 21, 2005

officially an RSS junkie

Filed under: Blogging — kees @ 6:23 am

Well, I think I’m officially an RSS junkie. I had ignored RSS for so long, I nearly forgot about it, but when I was shown planet.openclipart.org, I was reminded how powerful RSS is. Figured it was once again time to look around for an aggregator I could use. (Although I still think polling is a bad design for event management.)

Most of the reason I had ignored RSS was because every aggregator I had tried was buggy or had a frustrating interface. I guess enough time has passed, and when I tried straw a few days ago, it worked perfectly well. So, I started collecting all the RSS feeds from all the websites I’d been collecting on my firefox tab bar. It was getting pretty big, and I hated having to reload every tab each morning.

I realize I’m way late to the party on this, but I still think it’s great fun. I even hunted down a little RSS writer for my Photo Blog and got it built in so I could aggregate it too. :) (And it’s really cool to add Creative Commons tags to each and every thing in the RSS feed.)

Comments Off

April 19, 2005

they be spinnin’

Filed under: Health — kees @ 8:52 pm

In an effort to use my addictive personality against my lazy personality, I’ve started watching half an episode of Buffy The Vampire Slayer every morning while riding my bike on a stationary trainer. I can’t thank Doug Mandell enough for letting me borrow his trainer while I was trying to figure out if this scheme would actually work for me.

Comments Off

April 16, 2005

referer headers

Filed under: Multimedia,Security — kees @ 2:33 pm

I’m surprised that anyone still uses referer headers as a “security” measure. I’ve come across this several times recently. I’ll select a URL out of firefox, and paste it onto a curl -O command line, only to end up with a 0-sized file. And usually if I just add -e [site URL] to the command line, poof there’s my file. Most recently, I found this when trying to download the freely available Nine Inch Nails samples.

Seriously, what’s the point of doing this test? I don’t understand at all. If you want people to download a file in their web browser, do you think they can’t figure this out?

Comments (1)

March 31, 2005

fortune cookie goodness

Filed under: Security — kees @ 9:46 pm

Today, my fortune read:

There is no security on this earth;
there is only opportunity.

Comments Off

March 30, 2005

tivo dump

Filed under: Multimedia — kees @ 7:16 am

Well, it doesn’t actually make a lot of sense to figure out the encryption used by the TiVoToGo DLL, since TiVo could at any moment change it, the TiVo box’s routines, etc, and force all of us to upgrade. This ends up turning into an arms race, like iTMS. So, a better approach is to just use the DLL itself. Wine and Mplayer both have perfectly well written DLL loaders. All that has to be done is write a DirectShow Pull Pin implementation, following all the public published specs.

Comments Off

February 25, 2005

.tivo file format

Filed under: Multimedia,Reverse Engineering — kees @ 1:35 am

After I found some details on the .tivo file format, and cooked up some code to produce the same output. So far, there isn’t a lot of detail. It’s mostly just strange stuff. mpegcat finds the MPEG2 stream right where it should be, but supposedly the non-I-frames appear to be encoded.

All the files I’ve downloaded from my TiVo have the same “fingerprint” listed in the XML header, and a different “salt”. The interface for downloading recordings is very simple. Connect to https://[tivo IP]/ and it’ll prompt you for your username and password, which is “tivo” and your “Media Access Key”. After that, you’re all set; browse away. Download speed is rather slow: 500kB/s. Better than 2400 baud. :)

Comments (1)

February 16, 2005

Hitchhiker’s Guide to Reverse Engineering

Filed under: Networking,Reverse Engineering — kees @ 7:53 pm

Well, I got annoyed that I couldn’t watch the SWF-based HitchHiker’s trailer on the Amazon.com main page. swf_play failed miserably. Most of the crap Apple pulls for their movie trailer stream-hiding is simple enough to work around. Generally I just keep downloading the MOVs, running strings on them until I find the actual MOV with the movie trailer in it, but Amazon’s wasn’t so easy. I found the base URL to the video easily enough in the XML parameters file. The hard part was figuring out what the hell “rtmp” is. mplayer didn’t recognize it, and after a quick nmap of the media server, I just got more confused. nmap listed a port 1935 called “rmtp”. Digging around a little it became very obvious that nmap’s services entry was just a typo. So I sent in a quick patch, and Fyodor accepted it within minutes. Pretty cool.

Anyway, on to the protocol dissection. I set up tcpdump to record everything sent to fcs.amazon.speedera.net, and took a look at it in Ethereal. Seeing that it was mostly binary, I looked around for something that would dump the data portion of a packet stream, but ended up empty handed. I’ve repeatedly wanted this, so I finally broke down and read up on coding with libpcap. It’s easy enough to use, but I floundered with the packet headers for a while. Eventually I managed to find the data portion of the packets, and was able to dump the client stream and the server stream separately. I wish there was a button on Ethereal’s “Follow TCP Stream” window that would just let me save the data. My tool doesn’t at all track sequence numbers or retransmissions, etc, so I worry that in some situations I won’t get a “true” stream dump. I suspect Ethereal handles that correctly, but I couldn’t tell you for sure.

After looking at this protocol dump, it seems like it ends up turning into some kind of SOAP-like communication, with function call literals like getStreamLength, createStream, play, and closeStream. There’s even a _result variable mentioned. The Flash coding docs I’ve found that talk about stream display don’t seem to mention this stuff at all, but maybe I didn’t dig far enough.

Since RTMP appears to be capable of streams, etc, I think the next step is to figure out how it reacts to things like “Pause” and “Stop” during playback. Clearly there is a stream-identification system in the headers, and there must be stream length indicators. I’m so annoyed that there is absolutely no discussion of RTMP anyway. I should go look at the swf_play source before I go much further.

Comments (7)

February 9, 2005

Inkscape released

Filed under: Inkscape — kees @ 1:01 pm

Ah, it’s so satisfying to get a release out the door. Inkscape version 0.41 has finally been released. This time around, I was made a “Freeze Warden”, which means I have some input in the release process. (Are all the critical bugs fixed? Are the translations updated? Are the builds correct?)

Another task I kind of gave myself was packaging the Win32 binaries. That’s pretty cool, and I’m quite impressed with the NSIS package that does the bundling. I didn’t write the bundling scripts Inkscape uses, but I got to play with the NSIS compiler itself. It’s very slick, and I recommend it for anyone doing Windows installs. (And I should note that hundreds of other software packages are already using NSIS.)

One thing that Bryce Harrington has helped keep in my head during the Inkscape hard freeze was that any given release isn’t supposed to be Bug Free(tm). It’s just supposed to be a release. This is very hard for me to keep in my head, so hearing a few times during Freeze is a good thing. Bugs in the release that we know about are just “Known Problems”. They’re in the tracker, and we’ll get to them some day, but not today. It greatly relaxes me to think about it that way. The pressure to produce is relaxed, letting me actually enjoy the release process instead of worrying needlessly about all the people that will hate us because it crashes when they click like this.

Comments Off

January 28, 2005

learning autoconf

Filed under: General — kees @ 7:09 pm

I think I’ll never actually learn all the various functions in autoconf. It feels like this endless road that I can’t see the end of. Any time I do something new in autoconf, I have to go re-read some part of the autoconf manual, and try things a few times before I get the desired result. Today, for example, I got Inkscape to identify which version of libgc is on the system.

Comments Off

January 18, 2005

It just Works

Filed under: Inkscape — kees @ 8:03 am

There is nothing quite as satisfying as refactoring a whole mess of code, fixing up the syntax errors and warnings, running the code, and having it Just Work. (In fact, it’s even better if there aren’t any syntax errors to fix.)

This is probably Why I code. I get such satisfaction out of having code do its little dance for me. It’s like training a dog, only I don’t need treats. Why it’s satisfying, I’m still not clear on, but it just is.

Comments Off

January 13, 2005

Command Line Scraps

Filed under: Security — kees @ 6:21 pm

Usually when I have to temporarily hold onto something in my cut buffer, I might paste it into an open xterm. I don’t have any fancy cut buffer management tools running (though I probably should). So it’s always amusing to Alt-Tab through my windows after a busy day and find little snippets of conversations, phone numbers, and today when I sat down to my computer at home after work, I find, pasted into my xterm from the evening earlier’s experimentation: 'OR''='

I had a brief flash of what it might be like to be a drunken blackhat. Waking up in the morning, navigating through a sea of beer bottles, settling down at your computer, only to find it strewn with previously calculated buffer overflow offsets, SQL injection attempts, and cracked WEP keys. “Oh man, what a night! What did I get myself into?”

Comments Off

January 9, 2005

Fragile Code

Filed under: Embedded — kees @ 7:27 pm

I define fragile code as code that isn’t easily changed without introducing bugs. I think the biggest cause of fragile code is cut/paste algorithms. This is especially true for data access and processing routines.

The idea behind Object Oriented programming is that you end up creating accessor functions for all your data. It’s simple to change your data formats without breaking the program as a whole. When you don’t have an OO language, you create all kinds of methods to do your repeated work.

This is critically important for stable, readable, sane code. Functions should do something small, and do it very well. Then you can call a whole series of strong little functions, rather than cutting and pasting the same code over and over, only to wreck your day much later on.

Comments Off

January 8, 2005

madwifi

Filed under: Networking — kees @ 9:59 pm

Woohoo! I found Macrus Crafter’s blog (and webpage) describing how he got a decent wireless miniPCI card (Proxim ORiNOCO 802.11a/b/g) working in his Dell 8500, and I figured it was worth a shot. It worked great in my Dell 8600! One kernel compile later, and the madwifi drivers are in great shape. I just have to test WEP and monitor mode. What a relief after the disappointment of the broadcom chipset. I won’t be buying from them ever.

The soldering was very straight forward. There were 3 solder points on the back holding the EM shield in place over the miniPCI card. Once the solder was wicked off there, I used an exacto blade to lift the tabs up, and continued to wick solder until the cover popped off. Then I wicked solder off either side of the miniPCI card where the card holder fingers had snapped into place. All in all, it took about 15 minutes, and most of that was fighting with the solder on the EM shield tabs.

On the PCI card, the antenna was plugged into the right-most antenna plug. (If looking at the PCI card with the slot down and antenna wire leaving the card to the left.) On the Dell miniPCI card, the plugs are labelled “MAIN” and “AUX”. Since I figured the current plug on the Proxim must be the “MAIN”, I plugged the white cable from the Dell (the one NOT marked “AUX”) into the right-most, and the black cable (marked “AUX”) into the left-most. This was rather awkward, since that required the cables to cross over eachother. So far, so good. I figure it just plain wouldn’t work if I screwed that up. Since I’m currently posting this from my laptop over wireless, I think I got it right. :)

Comments (1)

January 5, 2005

SuSE Firewall

Filed under: Networking,Security — kees @ 5:08 pm

Started looking at the SuSE firewall scripts today. They’re quite nice, actually. So far, they look like they’ll support everything I want to do without any trouble. What’s really nice about it is the resulting script is much more readable than a string of iptables commands (where I’d have to specify the ACCEPT, NAT, and FORWARD for inbound services generally in different places).

What I’d really like to see would be an m4-based version of the script. It’s good enough for sendmail and autoconf, why not iptables? :) That would totally rock, because then I’d be able to see the resulting list of iptables commands. I bet there’s a place somewhere to see them now; but I just haven’t looked.

I’m hoping that this firewall configuration will play nice with heartbeat, which I’ll be using to do some high-availability work on the firewall pair. I’ve had to fight a little with SuSE over the interface names (I want to name the network interfaces after their function, not their boot order). udev has been quite friendly, but SuSE seems to have special meanings for various separator characters. I wanted to have “eth-internal”, etc, but it seems to strip “eth-“. And “eth_internal” turns into “eth/internal”. So, I’m just using “etinternal” instead. :P

Comments Off

January 4, 2005

Fun with LCDs

Filed under: Embedded — kees @ 11:09 am

Worked for a little while last night trying to figure out how to rotate the image on an LCD screen. Turns out the controller actually has a built in rotation ability. All the examples in the docs show a portrait LCD display being rotated to a landscape LCD display. I needed to the do the opposite. Anyway, 1 typo and several LCD controller registers later, I had convinced it to work, but with a nasty flicker. I dug around a little more and finally found where I could define “line widths” for the display memory (as in, each line of physical memory is 256 bytes, but it’s only going to display 240 of those bytes). Thank goodness the display library had already been set up to deal with virtual spans. Anyway, with that in place, it came up perfectly. Yay! It’s going to wreak havoc on the the testing routines: let’s just say the screen CRCs aren’t going to be the same. In fact, the screen CRCs might be just flat wrong; I’m not sure what portions of video memory it scans.

Comments Off

January 3, 2005

Blog Switchero

Filed under: Blogging — kees @ 11:02 pm

Well, the rewrite rules for drupal started pissing me off, so I’ve switched again! This time, I’m back to WordPress. I must have been crazy when I first looked at it. The SSL trouble I was having was my own fault (which, I’m sure is true of Drupal’s rewrite rules too). The reason I’m really switching, though, is that WordPress, I think, has a much cleaner interface to the editing and template editing. I need to find a better skin for it, but for now, the default will do just nicely.

Comments Off

TiVo Home Media

Filed under: Multimedia — kees @ 12:35 pm

Last week a friend of mine told me about the Java HMO (Home Media Option) server. I had no idea it existed and immediately got it set up. This provides your TiVo with a place to get MP3s, streaming audio, and images over your local network through whatever other computer you have around to do the work for it. The regular Windows TiVo HM “Desktop” software isn’t nearly as cool. With the Java HMO, you can get movie listings, web cams, etc. It’s terrific.

Anyway, this was supposed to be about code, but it’s more about a growing itch to patch. It seems that the “Internet Images” module is either very fragile and/or doesn’t like having spaces (or maybe commas?) in the image titles (which it uses for caching in /tmp/javaHMO.cache/)

The overall system is a great design, and I’m currently enjoying watching some great webcams in places that are in daylight while I’m in the dark:

Antarctic Gentoo Penguins
Hanmer Springs, New Zealand
Tembe Elephant Watering Hole, South Africa

I can see elephant butts! :)

TiVo published their networking specs, but only included the broadcast and “desktop” specs. I think it would be cool to have the TiVo share movies with my computer too. Would be great for movie trailers and DVDs. My DVD player is in the other room, so I can’t watch movies in the TiVo room (at least until NetFlix and TiVo get their movie-delivery system finished). It still might be tricky to resample the DVD on the fly. TiVo normally records stuff at half-resolution, so dealing with a full DVD MPEG2 stream would be exciting to say the least. I’ll just have to see what’s on the wire between two TiVos configured to record shows from eachother.

(Edit: Holy crap! My wish is granted in the TiVo->PC direction, at least!)

Comments Off

January 2, 2005

Inkscape icons

Filed under: Inkscape — kees @ 11:35 am

Today, I ended up tracking down all the unused XPM files in Inkscape. Kind cool to get everything down to just SVG files. I don’t think we’ll be able to ditch the XPMs for the mouse cursor replacements, though. Oh well.

Oops, I found another bug related to the svg: prefix addition. Just proves my metadata code is fragile. I hardened it a little more, so that should fix it for a while. :)

Comments Off

January 1, 2005

Blogtastic

Filed under: Blogging,Security — kees @ 11:56 pm

Well, after messing around with WordPress for a little while, I switched to Drupal. WordPress is pretty cool, and all I really wanted was a nice Blog system. Drupal is a bit of overkill for that, but it seems more mature. WordPress really didn’t like being put onto an HTTPS server, so that made it a pretty poor choice for me.

Before getting a huge list of Blogs from the folks on the inkscape channel (thanks guys!) I had briefly tried Simple Blog System, and ran screaming from it. There were at least 3 types of security holes in it. I only noticed because I saw one within the first 10 lines of index.php. I’m not sure how far I trust Drupal, but at least it correctly deals with PHP magicquotes.

Check out Open Source CMS for a list of all the various CMS software out there. Kinda handy if you have an entire day to blow looking through all the stuff.

Comments Off

« Newer Posts

codeblog code is freedom — patching my itch

April 21, 2005

April 19, 2005

April 16, 2005

March 31, 2005

March 30, 2005

February 25, 2005

February 16, 2005

February 9, 2005

January 28, 2005

January 18, 2005

January 13, 2005

January 9, 2005

January 8, 2005

January 5, 2005

January 4, 2005

January 3, 2005

January 2, 2005

January 1, 2005