codeblog code is freedom — patching my itch

October 23, 2005

mythtv original air date visibility

Filed under: Multimedia — kees @ 3:12 pm

I have been really unhappy with MythTV’s visibility of program “Original Air Date” information, which as far as I could tell is only visible through the Program Finder. I wanted to be able to see original air date while I browsed my recordings. Digging through the MythTV code has proven very difficult. The documentation has been minimal, and I haven’t found any tutorials on theme creation, which seems to be where all the visible components of the mythfrontend get their details from.

While looking for the bleeding-edge code, I did find which is actually a Subversion repository, bug tracker, and wiki. There a nice start to information there, including doxygen output. Also, the #mythtv-users channel on freenode has a nice MythTV FAQ.

The bulk of the display stuff I was looking from takes place in programs/mythfrontend/playbackbox.cpp (thank Bryce). The “cursorDown” function led me through to the “update*” functions, and eventually ToMap/SetText calls, which load program information into a hash, and then pass that hash to the theme engine.

libs/libmythtv/programinfo.cpp has ToMap defined, and all the various hash keys are visible, including the original air date variable I was looking for:

progMap[“title”] = title;
progMap[“subtitle”] = subtitle;
progMap[“description”] = description;

progMap[“originalairdate”]= originalAirDate.toString(dateFormat);

SetText is in libs/libmyth/uitypes.cpp. Hash items are uppercased to match %-enclosed words from the themes. The first “|” seen is to identify “what appears in front”, and the second is “what’s after”.

I modified the ui.xml from my theme (G.A.N.T. currently) from:




So now, when I scroll down to Smallville, I see in the description box:

“Aqua” (2005-10-20)
During a beach party Lois hits her head when she jumps into the lake, and …

Ta-da! Original Air Date in parens. Now, being able to see the year is important, so I had to change my date format to one that included the year, but it’s ugly. To fix this, I need to actually change code. In “MythDateFormat” from programs/mythfrontend/globalsettings.cpp, I added:

gc->addSelection(sampdate.toString(“ddd MMM d, yyyy”), “ddd MMM d, yyyy”);

Now I just have to get it compiled. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

October 19, 2005

color printer tracking

Filed under: Reverse Engineering,Security — kees @ 3:28 pm

I’m a little behind in my Slashdot reading, so apologies to those that saw this earlier.

The EFF cracked the nearly invisible finger-printing code produced by color printers. This system is used by most (if not all) major color printer manufacturers to report the serial number of the printer used and the date a page was printed. This system has been in place for at least 10 years. I’m horrified at this kind of privacy invasion. To quote the EFF:

“Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said EFF Senior Staff Attorney Lee Tien. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?”

EFF press release:
Washington Post coverage:

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

October 16, 2005

mythtv button sounds

Filed under: Multimedia — kees @ 11:51 am

Well, I’ve discovered that my “slow to respond” UI was entirely due to the lirc “repeat” settings. I’ve eliminated (“repeat=0”) the repeat settings for the Esc, Up, Down, Left, Right, Space, and Return buttons. I discovered this only after seeing that ircat was just as slow to respond. I’ve hacked together a “make noise” script (named “irnoise”) that runs along with mythfrontend:

export SOUNDS=~mythtv/sounds

ircat mythtv | while read NAME; do
  case “$NAME” in
  #echo “$NAME: $SOUND”
  aplay -q “$SOUNDS”/”$SOUND”

This gives me my “boop” and “click” noises for all remote buttons. Yay! Since I couldn’t find the official TiVo noises, and I don’t feel like taking my TiVo apart right now, I just grabbed some noises I found online. From the “”, I used “THUD.WAV” and “BTN_DWN.WAV”:

sox src/THUD.WAV -t wav -c 1 -s -w -r 48000 default.wav resample
sox src/BTN_DWN.WAV -t wav -c 1 -s -w -r 48000 -v 2 select.wav resample
normalize-audio -m default.wav select.wav

Not a lot of complaints left with my MythTV installation. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

mythtv dpi

Filed under: Multimedia — kees @ 9:43 am

I accidentally fixed my “fonts are too small” problem. While reading the MythTV development notes, there was mention of everything being designed for a 100dpi screen resolution. As it turns out, my Xorg config was defaulting to 75dpi, so I forced it with the DisplaySize option. Since my video card uses 640×480 for it’s NTSC output, I had to modify the recommended settings to use:

DisplaySize 162 121 # 100 DPI @ 640×480

I was surprised to discover that this solved my font size issues. I had so totally given up on the font size problem I didn’t even list it was a problem in the prior MythTV blog entry. :) I was actually expecting fonts to get even smaller, but I guess this changes how font selection is done, and as a result, everything appears sane now. Neato!

Also yesterday, in the hopes of reducing the effects of the “crappy audio” problem, and allowing multiple programs to have the soundcard open, I figured out how to get ALSA working natively within MythTV. In the MythTV configurations, the sound device should be “ALSA:default” instead of “/dev/dsp”, and the mixer should be “default” instead of “/dev/mixer”. The start of this was gleaned from the link I mentioned earlier. Mixer settings were found through trial and error. Strangely, MythMusic had a separate playback configuration, so I had to change that to “ALSA:default” as well.

Now that ALSA is being used, the audio choppiness has not returned. I can still get desync’d A/V, but I think that’s entirely due to disk latency issues, or something like that. Usually when it happens, if I pause or restart playback, it goes away. Also, since multiple programs can open the ALSA device and play sounds at the same time (thank you ALSA dmix), I can start looking at how to add a tool to play “button press notification” sounds. I’ll initial probably use something like “ircat” piped to a reader just to get a proof-of-concept. Then I’ll find some hooks in mythfrontend to attach it to instead. Eventually, I was a themeable visual notification. I should probably join the dev list to make sure other folks aren’t already working on this.

I’ve also found mention of “show type priority bumping”, where “New Episode” can trigger a bump in the priority of a recording. This may be a good step towards recording new Stargates at high priority, but reruns at very low priority. In the priority adjusting tool, I can see the third row for this kind of priority bump, but I can’t find the UI elements to adjust it.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

October 15, 2005

mythtv OMG

Filed under: Multimedia — kees @ 9:25 am

I was preparing myself to deal with the “pain” of moving to a multimedia system that didn’t have all the feature tweaks I need. MythTV has surprised me in that after only a week, and I’ve solved almost all my issues through just finding the right configuration options.

As of about Tuesday (2 days after the initial “commitment”), I was ready to call it “better than my existing system”. It had a few glitches that bugged me, but overall, it had many many more features than I was expecting. After watching Smallville Thursday night, I’m a total freak for MythTV. Smallville was basically the first “Production” show MythTV recorded for me. I had recorded “Medium” earlier in the week, and that served as a good way to feel out the interface. Smallville is the real test because it’s at position 1 in my TiVo (and MythTV) recording priorities. I had no irritations while watching it. Nicely done, MythTV.

Rewind to Saturday. Bryce and I spent about 12 hours straight digging through KnoppMyth both on his new system and my machine that I brought over to his place. By the end of it, I had entirely reinstalled my system with Debian Sid, and installed the most current ivtv drivers, with the apt-able myth binaries. We had figured out how to get KnoppMyth running with the newer tuner chip, but Bryce’s HD audio card wasn’t supported in that version of the kernel. Let me just say, everyone should just start with the latest ivtv driver. It detected everything correctly right off the bat. On Sunday, Bryce installed Gentoo, and got the latest ivtv, etc, everything was happy.

Early this week I toyed with the remote control settings, and discovered a whole mess of MPlayer commands I didn’t know about that let you control playback speed (including fast audio!), OSD text (so I can have a visible indication that I’m paused), etc. After restoring my other MPlayer defaults (16M cache, readable font, etc), MPlayer stuff was in great shape again, including DVD playback. I also programmed my spare TiVo remote to control my stereo power and volume. I’m down to 1 remote finally! (I was surprised that the TiVo remote programming codes aren’t online anywhere. The only guide seems to be in the TiVo itself.)

Yesterday I discovered MythWeb. I must have been blind to miss it before. That’ll teach me not to read the entire EFF MythTV guide first. Full scheduling, guide data, recorded show lists, and most importantly, the ability to adjust the keybindings for the various MythTV modules. In the MythMusic module, I was infuriated that “PgDn” would skip to the next song, instead of (wait for it) paging down in the list of songs. I just can’t understand why such a massively counter-intuitive setting is the default.

The commercial detection system is greate so far. It’s already painful for me to go back to using my TiVo where I have to press the “skip 30 seconds” button ten times to get past all the commercials.

Current issues:

  • Interface is slow. Everything (especially the video browser) is slow to respond. I miss not having an audible notification that a remote button was received, but there should at least be SOME kind of visible change if a button is pressed.
  • Intermitant crappy audio playback. Something goofy happens on playback sometimes where the audio is just totally trashed. I just have to quit the playback and try again. I wonder if switching everything to using ALSA would make things better.
  • No way to record the same show with two priorities. I want to have “New Episodes Only” for “Stargate: SG-1” at a high priority, but “Any time, any channel” for it at a very low priority. I haven’t figured out how to do this yet. I think I will have to write special recording rules for it in SQL somewhere secret.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

October 6, 2005

freaky screen locking

Filed under: General — kees @ 8:54 pm

This afternoon, for no reason at all, I was annoyed that my music didn’t pause when I locked my screen. So I fixed that. Tonight, I checked my RSS feeds and discovered that Corey did exactly the same thing today.

I think that’s really freaky. Inter-city Open Source Mind-Meld. Only I did mine with xscreensaver and xmms:

xmms –pause
xscreensaver-command lock

What I want now is a way to get xmms to unpause after I unlock my screen. :) I thought of a horrible hack for xscreensaver to do this, but I’m hoping there’s some other way.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 30, 2005

80mph blogging: 41.75095N 89.85223W

Filed under: Blogging,Networking — kees @ 11:39 am

Technology is a beautiful thing. Right now, I’m on the passenger side of a vechile purchased in Pennsylvania, over EBay. The new owner is driving. This post is being made via a transparent proxy (via iptables) to Squid running locally on my laptop. Squid then forwards the proxy on to the SSH tunnel I’ve got up, which lands on a server in Texas, where another Squid is waiting for it, and handles the request. The SSH tunnel is set up over a PPP connection on top of Bluetooth to the driver’s cell phone, which is sending traffic via GPRS to his provider. I can hardly believe it works, but it’s actually rather quick.

Additionally, I’ve got my wireless card scanning for networks in kismet, with a USB-to-serial converter plugged into my GPS, with gpsd running, and gpsdrive telling us where we are. (And, of course, we’re downloading maps for gpsdrive via the previously mentioned abomination of a network connection.)

We just finished searching for hotels on the western edge of Nebraska that have free wireless Internet access.

Kick ass. I am such a geek.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 27, 2005

review of Serenity

Filed under: Blogging — kees @ 10:40 pm

I should admit first that I’m biased. I loved Firefly, but having seen the movie twice now, I think I can attempt to talk about the movie from the perspective of someone who doesn’t know the whole back-drop of the Firefly universe.

The number of characters seems like it would be overwhelming, but I think their unique aspects quickly become clear. Simon’s transition from escape artist to ship’s doctor seems a little jarring, but I think it’s easily overlooked. The interactions between the rest of the characters are quickly developed with strong dialog. I’ve seen other reviews that say the characters are “too thin”, but I’d argue that they’re much better than that because they follow classic stereotypes without common interactions. For example, the First In Command is married to The Pilot, The Captain can barely control his crew, The Doctor and The Mechanic are endlessly avoiding their shared sexual tension, etc. The relationships may be stereotyped, but the matching of relationship to the specific character type, I think, is novel.

The story is quick, and develops in easy-to-understand steps, picking up a smooth speed right through the end of the movie. It was kind of like falling, with a “wheee” turning into “whoaaa” turning into “oooh shiiiit”. But at the same time, all the tension was always marked with humor to bring you back and make you enjoy the characters. After the first intense confrontation and edge-of-your-seat high-speed escape from certain death, the crew is trying to catch their breath and someone says, “Is everyone okay?” River responds, “I swallowed a bug.”

I will see this movie over and over. I love it, the score made me nearly cry, and I got shivers at least 4 separate times. If I reviewed a lot of movies, I would rate things in “shivers” not “stars”. A scene so good that it gives me the creeps, or fills me with awe. That’s why I go see movies, and Serenity gave me plenty of good shivers.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 23, 2005

a week of serenity

Filed under: Blogging — kees @ 11:23 pm

Looks like I’ve been given a chance to screen the final cut of Serenity on Monday! In exchange, I’m posting the synopsis they’re using:

Joss Whedon, the OscarĀ® – and Emmy – nominated writer/director
responsible for the worldwide television phenomena of BUFFY THE VAMPIRE,
ANGEL and FIREFLY, now applies his trademark compassion and wit to a
small band of galactic outcasts 500 years in the future in his feature
film directorial debut, Serenity. The film centers around Captain
Malcolm Reynolds, a hardened veteran (on the losing side) of a galactic
civil war, who now ekes out a living pulling off small crimes and
transport-for-hire aboard his ship, Serenity. He leads a small, eclectic
crew who are the closest thing he has left to family — squabbling,
insubordinate and undyingly loyal.

I think a much better synopsis would simply be:

Oh my god! Go see this movie! Don’t walk, run!

To help blogviewers write up stuff on Serenity, we’ve been given access to a TON of images too. There’s some great stuff in here. Half of it is in .sit files, the other half in giant .psd files. Here’s some cool snaps of Summer I’d never seen before, and an early logo design. Nothing beats my backgrounds [1920×1200, 1600×1200], though.

early logo

I’m going to have to dig through all this stuff. There are movie posters for bus shelters, LCD panel screens, Dark Horse comics logos, all kinds of stuff. Even mechanical drawings, I think. Too bad there aren’t any native .sit expanders for Linux that handle the modern .sit formats. I’d love to see what’s in the mechanicals directory.

On Saturday, I’m headed to the PDX Browncoat’s Firefly Episodes Benefit. Monday is the Serenity screening, and then Friday the full release! Yay! :)

© 2005 – 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 22, 2005

decompiling myself

Filed under: Health,Reverse Engineering — kees @ 9:01 pm

Figured I should try to decompile myself. The first step would be get a full dump of my DNA base pairs as letters. Looks like that’s not going to be easy though. Even a DNA stain takes a lot of steps (and I’ll probably never be allowed to do the radioactive steps myself). The real goal here is that with current US law, I should copyright myself (I’m the first performance of the specific base pair “idea”) and possibly patent myself (my methods are a unique variation of other methods).

Obviously this doesn’t take into account my immune system or my memories, but I figure it’s a good start. At like just under 10 billion base pairs, that’s a 10GB program. I think Inkscape is only 45M or so, and that’s not even counting shared libraries.

Since I don’t really want to share my DNA with a company (I’ve got to be the first to copyright it), I wanted to find out what it would take to sequence at home. Since a sequencer is in the $100k price range, that’s not really going to happen. Talking to my NIH-employed friend techne23, she suggested a possible “cheap” way to do it would be in pieces, doing PCRs on specific SNPs, and send those out for sequencing to get back base pair letters. For example, on a gene, the red ones here are considered “interesting”. The PCR machines can be had for cheap, too.

So, in summary:

  • need all the standard lab stuff (centifuge, gloves, tips, pipets, tubes, autoclave, glassware, etc)
  • need chemicals to isolate my DNA
  • need a little space in my freezer to store my DNA
  • need to buy PCR reagents, about $100 for 50-100 reactions
  • need two base pair-specific primers at $40 total for up to 500 base pairs per PCR
  • need thermal cycler to do the PCR in
  • need electrophoresis equipment to see if the PCR worked (maybe reuse my UV EPROM wiper?)
  • need toxic (careful!) reagents for the electrophoresis
  • need a sequencing company that is willing to work with a non-University
  • need FedEx account to ship PCR to sequencers :)

Or I can spend crazy money doing thousands of SNPs at once in microarrays. (Or wait until they’re in every doctor’s office.)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 17, 2005 at OSUOSL

Filed under: — kees @ 6:54 pm

I joined the OSUOSL guys to meet as it was flown in from California this morning. The master server’s new home is just above a stack of Mozilla servers at the OSL’s facilities. Great place. Nice people (some with blogs). Lots of bandwidth. :)

Afterwards, I got invited to OSU’s annual “Geeks and Steaks” picnic. That was great, and I got to meet all sorts of other folks that work in the IT groups at OSU and stand around watching them light the BBQ. No liquid oxygen, but, then, they all wanted to keep their arm hair, I guess.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 16, 2005

song tagging

Filed under: Multimedia — kees @ 6:03 pm

Jimmac you are my hero! I was just complaining about needing to tag a lot of my early music rips so they would be sensible in MythTV (and on my iPod), and poof, there’s the answer in my RSS feed reader. tagtool is exactly what I was looking for. It’s going to take me about 10 minutes to tag a little over 5000 mp3s. And for 9 minutes and 30 seconds of that, I’m going to be looking up publication years, which is the only thing not in the pathname that’s going to get sucked into the ID3 tag. Great, great tool!

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 14, 2005

tivo meets mythtv

Filed under: Multimedia — kees @ 11:50 am

As Bryce has already detailed, a few of us have started examining MythTV. While TiVo has served me pretty well, it sounds like now that the recording restriction flag has been tested it won’t be too long now before the content providers start actually using it. Supposedly the latest alarm is unfounded, in that it was a mistake. Whether it was a test, a mistake, it does show that my TiVo is now prepared to cripple itself.

MythTV has come a long way now. It seems that it’s a viable alternative for a DVR. Within our MythTV Club, we’re each going to have different problems. Doug will be fighting DVD playback via his PVR-350, Bryce will be playing with double recording sources, and I will be fighting with the video library playback capabilities. The EFF has a great write-up on installing MythTV for broadcast HDTV support. I think HD broadcast recording is going to come pretty late in our designs.

My existing video navigator (not the TiVo) is a very simple filesystem browser that just launches “mplayer” or “xmms” on the files it finds. (Holy crap, I set that up in 2002?!) MythTV’s “mythvideo” plugin is a much smarter browser for both video and audio, but its interface is wildly different from my current system. Especially for audio, which is very ID3-tag heavy. Very few of my early CD rips have any ID3 tags at all. The built-in MythTV player is also very very broken for seeking, and for unusual formats. I have a lot of movie trailers in Quicktime that MythTV refuses to play. I suspect that the video library issues will be the easiest to solve, though, since I can select a different viewer, etc. All that I have set up already on my existing navigator.

The nice thing about MythTV’s video/audio browser, though, is all the metadata support. I can pull down DVD and CD covers, etc. It’s way prettier than my existing system too. My goal is to get MythTV set up on my existing TV computer this week. Once it has replaced the filesystem browser, I’ll have the same functionality as the old system, and gain the ability to move on to real DVR activity in the future. I want to match my TiVo’s recording schedule, and then probably run in parallel until TiVo really gets DRM going.

I’m curious to see what the Netflix/TiVo joint venture is going to look like. I suspect the recent DRM testing is for the Netflix offering. If that’s true, I’ll wait until I see it, and then cancel my service. I’d really like to support TiVo, but not if they’re trying to cripple my time-shifting/long-term storage capabilities. I wonder how long it’ll take me to kernel-monte the TiVo into a MythTV frontend. All I really need is a cross-compiler. Sure would be nice to reuse my TiVo as a MythTV frontend if it comes to that.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

September 8, 2005

greasemonkey and fantasy football

Filed under: Web — kees @ 2:01 pm

Fantasy Football isn’t something I have any idea how to play, but I thought I’d join a few friends in their league, since they seemed to have so much fun with it. It’s through Yahoo, and is pretty nifty. I’m slowly learning how to play, but I doubt I’ll ever be any good considering how much I don’t watch football. In the Yahoo interface, however, to evaluate a player’s depth (first string, second string, etc.) I have to click on the player, then the team, then the “Depth chart” link. This was annoying, so it was a perfect opportunity to learn some more javascript, xpath, and DOM manipulation. As a result, I wrote a greasemonkey script to add team links where ever a team abbreviation is seen.

© 2005 – 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 29, 2005

open source disassemblers

Filed under: Reverse Engineering — kees @ 7:57 pm

Not a lot of OSS folks seem to be interested in reverse engineering, so as a result, there isn’t anything like IDA-Pro for the OSS reverse engineer. There is a very excellent disassembling library, but it has no user interface (yet). It used to have Bastard attached, but that’s pretty out of date now. There is also Lida, but it doesn’t even compile. It was based on Bastard, but I can’t get it to work. It seems to be missing some specific version of the opcode map from Bastard.

Bastard and Lida are both static analysis tools, though. What I really want is a dynamic analyzer. I want to be able to trace the call paths during Porrasturvat’s execution, so I can more easily figure out which function is called when I click “Dismount”. That’ll help me find the Force constant. I’m worried I’m going to have to hack together some unholy Perl script to run “stepi” over and over, waiting for each “call” to take place. That. Would. Be. Very. Slow.

Anyway, I was really impressed with libdisasm, so I built an automake/autoconf setup for it. Even if they don’t want it, I like being able to do a “make install” and having the library end up in the right place. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 28, 2005

porrasturvat hacking

Filed under: Reverse Engineering — kees @ 2:14 pm

Three years ago, when I first saw tAAt’s Porrasturvat, I couldn’t stop playing it all day. It’s a really simple game: see how much “damage” you can score to a stick figure that you push down the stairs. It’s basically a physics simulation that tracks force and impact of a body falling down a flight of stairs. So much fun. I hope they make it skinnable. :)

At the time (2002-11-12) I had asked for source code in the hopes of helping to port it to Linux. I got an email yesterday in reply to my request. This sets the record for the longest reply-time on a email, ever. :) Jetro was letting me know it was available for Linux now, so I immediately downloaded it and started playing again. This version is much more stable and lacks any scoring glitches (that I’ve been able to find), so it’s a real challenge to get a high score.

Even in the original game, I had wanted to push the figure backwards off the stairs to see what kind of damage would be done just from having him fall straight down. This time, I’m determined to practice some binary analysis skills and locate the place in memory where the “Force” value is kept so I can tweak it. So far so good, I’ve been able to locate the damage accumulators for the various body parts. Now it’s a matter of just tracing the changes back through the execution paths. Here’s my million-point game:

damage mod

© 2005 – 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

cvs camcorder

Filed under: Multimedia,Reverse Engineering — kees @ 12:43 am

I was able to get my hands on a CVS camcorder this past week. The unit is very cool. It doesn’t have any features of a “real” video camera, but I view it like a super-version of my Digital camera which can take 15 seconds worth of video at a time. This one is only limited by available storage (about 20 minutes). The resolution can be turned up to 640×480, too.

Initially I couldn’t get a cable built for it. I had a spare USB cable and a spare Palm Pilot cable to merge, but after soldering it all together, the device wouldn’t take an address (but my laptop noticed it was getting plugged in). After a hint from Linus (“plug-ins are detected via power-draw, everything else is over the data lines”), I realized that perhaps the USB data wires were reversed (the cable has got to flip them on at least one end of the cable… I just got unlucky).

The software for downloading the videos had been ported to Linux, and I worked on some more code to have a one-shot ability to download all the videos from the camera. Now I’ve got autoconf/automake working for it, and have gotten myself added to the Saturn Tools project where we can all work on the code through SourceForge’s CVS. Much easier than endlessly trading patches. :)

So far, I’ve managed to wreck the splash-screen image during camera bootup. Something is busted with the usb_bulk_write calls, and the device stops taking writes after 4k worth of data. Hopefully I can get that repaired so I can be greeted by the Laughing Man. I’ve also got a JPG all ready to replace the logo screen, “powered by pure digital technology”, with my oh-so-clever “powered by pwnd digital technology”.

© 2005 – 2016, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 25, 2005

playing with cars

Filed under: Vehicles — kees @ 5:54 pm

I ordered a vehicle-bus-to-serial converter last year, but never got around to playing with it. This lets me examine all the sensors on my vehicle’s sensor bus. Stuff like RPM, speed, engine load, etc. It also works as a code-scanner if something bad happens. One harmless example is if the gas cap isn’t tightened all the way, it’ll set a code, and my “check engine” light will come on. With this, I can clear the code, tighten the gas cap, and get on with my life. :)

I was really excited to see that the ScanTool folks released their software under the GPL. Someone else had already gotten it compiled under Linux, but his website is down right now. So, impatient person that I am, I went ahead and installed Allegro and DZComm. DZComm needed a little work to be happy with my USB-to-serial converter, but once that was done, I got to drive around with Bryce reading me my engine load off the laptop. Fun!

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 16, 2005

art thoughts on aug 16, 2005

Filed under: General — kees @ 7:11 pm

I saw a mention of the Portland Time-Based Art festival. Looks to be a pretty wild mix of all kinds of performance art. I’ve got to check it out, but it looks a bit pricey (minimum: $125).

Portland’s 94.7FM “alternative” radio station is great. (They even have live streaming.) I’ve been especially impressed with the 6PM “Cocktail Mix” by Gustav. His personal collection of electronica is very nice. I’ve never heard Messiah played anywhere other than my stereo or very rarely at clubs. A few weeks ago, he played it. So cool. They’re also running a NIN remix contest I’m pondering entering. I’m not really sure what sort of open software I should use to cook it, though.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 15, 2005

1 second film

Filed under: General — kees @ 3:18 pm

I found the 1 Second Film project today while trying to remember the name of the movie I saw this weekend. All I could remember was the dude was from Hackers. His name turns out to be Jesse Bradford. (The movie was Happy Endings, which I thought was pretty fun.) I was surprised to see Jesse Bradford listed as a Producer on another film, so I followed the link only to discover that everyone is a producer for the 1 Second Film.

Anyone can become a Producer (and get listed on IMDB) by sending them money. The film itself is going to be 1 second of 12 doubled frames of animation (which will be auctioned off after the movie opens). The credits will then roll for 60 minutes, playing next to a “The Making Of” movie. The profits are going to charity, and celebrities seem to have started a bidding war. Their credit-purchasing page is linked to PayPal, so it looks super-easy to support them. Crazy.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 7, 2005

quick guide to encryption

Filed under: Networking,Security — kees @ 11:02 pm

I should qualify my comments from my prior blog entry and say that I’m appalled at Service Providers (not users) that continue to offer insecure services to their clients. Users, however, should be asking their Providers for secure services. Most don’t know to ask this, and that’s why I think the responsibility falls on the Provider.

Here’s my crash-course in simple anti-sniffing techniques.

  • Evaluate your network: if you’re on open Wireless, any one interested can see all communications to/from your computer. Be paranoid. If you’re on a wired network, your communications can still be seen, but it tends to be much less likely.
  • Evaluate your services: do you care about your various services? Do you have a different password for each service? Details below…

Evaluating your services requires creating a short list of all the things you send over the network from your computer. For basic anti-sniffing, there are two types of “encryption” available for most services:

  • Authentication: logging into anything. Checking email, logging into IM, logging into websites, etc. Some services offer “encrypted” authentication. Modern AIM clients, “APOP” POP clients, etc. If your authentication is encrypted people can’t just sniff your account/password off the wire.
  • Communication: all the traffic to any site/service. All services have a fully encrypted counterpart. Almost everything uses SSL for encryption, and appends an “S” to the protocol name. HTTP has HTTPS, POP has POPS, IMAP has IMAPS, SMTP has a TLS mode, Jabber has an SSL mode, good IRC networks have an SSL mode, etc. These SSL-protected services encrypt ALL of your communciation, including the username/password authentication.

It’s best to have fully encrypted communications, but if you can’t, just getting some kind of obfuscated authentication mechanism is better than nothing. Just ask yourself any time you type in a username/password, “How is this being sent to the remote server?”

So, here are some specifics to various common services:

  • Receiving email: POP and IMAP have SSL modes that run on different ports. See if your email Provider offers these services and switch your client to using those instead. If that’s not available, see if POP or IMAP support other authentication modes besides the clear-text “Plain” and “Password”. For example CRAM-MD5, Challenge/Response.
  • Sending email: SMTP has an SSL mode too. This is either called “STARTTLS” or “SSL”. A good Provider will offer SMTP on port 587 with STARTTLS. Hopefully your Provider requires you to authenticate before sending email. Instead of SSL, like POP/IMAP above, they may offer CRAM-MD5, etc.
  • Web sites: only use “https://” for logging into websites. If there isn’t a little lock in the corner of your browser, don’t log in. The browser folks have done a lot to help folks with this part. Ecommerce has caused a huge push to avoid in-the-clear authentication on websites. Unfortunately, some sites will still let you log in without SSL. (Like flickr, it seems.)
  • IM: I’m not sure about ICQ, MSN, etc, but Jabber offers a full SSL mode. The “old” style runs on a separate port (5223). The “new” style gets “turned on” during the initial jabber session setup. This would give you fully encrypted communications. I know AIM has both a Challenge/Response and MD5 mechanism for logging in, so at the very least, use those.

If you’re not sure if your communication is being encrypted or not, it’s very easy to install a network sniffer. Ethereal is available for almost every platform around, via the libpcap libraries. Just start it capturing before you use a service, use the service, and then go find the traffic in the capture log. Ethereal will identify almost all services by name (“HTTP”, “POP”, “IRC”, “AIM”, etc.) To see the traffic, click on the “Analyze > Follow TCP Stream”. This will show you all the communication for a given connection. (Click on “Clear” in the Filter bar to see all your traffic again.)

If you want to browse the traffic more easily, you can type in other filter terms. For example, to make sure your POP password isn’t being sent in the clear, enter “pop.request” in the Filter, and click “Apply”. Pick a packet, and select the “Request” section in the Packet Tree. If you see:

Request: USER omfg

Request: PASS intheclear

Then your “omfg” account is showing it’s password to the rest of the network. :)

Another alternative to all this pain is to have a VPN connection to some other network that you trust. This is the easiest to configure on the client side. If that’s not available, you can also tunnel all your traffic through an SSH connection. This is easiest to configure on the server side (no config). Here is an example of tunneling your POP service through SSH:

ssh -L

That’ll set up a local port 2110 that gets forwarded to “” port 110 (POP) after logging you in to some SSH account. This means you have to configure your POP client to use “localhost” port 2110 instead of “” on the regular POP port. And then you can only POP when your SSH connection is up.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

oscon 2005 wireless sniffing

Filed under: Networking,Security — kees @ 9:03 pm

OSCON’s wireless network was okay. It didn’t seem to handle the load very well, but generally you could pick out an Access Point that was still responding to DHCP, and it would work well enough.

I feel like I’m beating a dead horse, but I’m appalled at how many people continue to not use encryption. I spent some time yesterday going through my 4.1G of packet capture logs. Generally, I scanned POP, SMTP, IRC, and HTTP traffic. I should probably find better tools than just ethereal, but after finding 45 different POP accounts that were authenticating in the clear, I stopped counting. That put me half way through Thursday, so that’s only a day and a half of OSCON wireless traffic. No one seems to protect their nick on FreeNode, so at least no one’s nick password was sent in the clear. One person logged into Flickr in the clear. One of the accounts was for the speaker I was listening to at one point. I recognized the POP account because it was up on his slides.

What’s really interesting is the number of people that didn’t authenticate in the clear but ran the rest of their traffic in the clear. For example, many people used various challenge/response systems to authenticate to POP, IMAP, SMTP, and AIM, but then all the traffic continued to stay in the clear. All their email and AIM buddy information was out on the wire.

I know there was at least one other person doing network sniffing, since I saw him running EtherPEG (which makes a live collage of all the incoming HTTP images on the wire). I started up a heavy download of images just for him, but I think he had bored himself with enless slashdot and oreilly GIFs and never looked back to see the fun I had sent over the air for him. :)

(If you don’t have a Mac and you want EtherPEG functionality, there is also DriftNet.)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 5, 2005

defcon 13 patch round-up

Filed under: Networking — kees @ 7:38 pm

In (useless) preparation for DefCon 13’s CTF this year, I hacked at ettercap and Snort. Since the TTL filtering trick was out of the bag, I figured I’d implement the other idea I had. Since the score bot generally is a short-lived connection to a service in CTF, it would be great if Snort-inline rules could be written to detect how long a conenction had been around for. Initially I hacked at ettercap, but that was mostly so I could build a quick-and-dirty TTL statistics gatherer. In ettercap, I had to add session time tracking, but in Snort, it was actually already there. There just wasn’t anything that could be matched against in the rules section. I lifted the TTL matcher from Snort and just used the existing connection timers to do the work and created the “age” rule. Works like a charm. I hope they take my patches.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 4, 2005

oscon 2005 doppelganger

Filed under: General — kees @ 10:52 am

Wednesday I met my doppelganger. I had people walking up to me all day saying, “Hi Zak!” and I’d look at them and explain that I was someone else less famous, named Kees. Normally I think I’m just being paranoid thinking people are looking at me all the time. However, today, it seemed to be true. People would kind of slowly orbit me, trying to get a look at my face and my name badge. Eventually I started telling people “Hi! I’m not Zak.” By the end of the day, I had finally met him, and we had a good laugh. There is also Dan at the LTC that shares similar features, and all three of us had our picture taken together. (I hope they read this blog and send me photos!)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 3, 2005

oscon 2005 mid week report

Filed under: General — kees @ 9:33 pm

Day 1 of OSCON was spent recovering from DefCon. I didn’t go to either of my scheduled tutorials. I really wish I could have gotten to see Conway present his Presentation Aikido, since the notes for it are terrific. I also really wish I could have spent some more time with Snort, especially given all the attention I gave to Snort Inline over the last few weeks.

Day 2 of OSCON was spent in the RT and Aterisk tutorials. The RT one was very interesting, but more geared towards people wanting to do something MORE than ticket tracking. I was glad to see that 3+ has a much better commandline query tool. That’ll speed up autokees’s “-rt” responses. (“autokees” is my IRC bot that reports OSDL’s open — and closed — RT tickets for the Core Services group.) The Asterisk presentation was fantastic.

Capouch really knows his stuff, and his Asterisk demo was very impressive. For the last part of his demo his showed off his home X10 turning on a light in his living room that triggered a motion detector running against his webcam, watching his prized Robert Crumb original, which dropped an Asterisk call file into the server and called him. Time between “X10 on” and his phone ringing: 2 seconds, if that. That tutorial was well organized, and detailed. I think I could probably set up an Asterisk server right now if I didn’t need to go to bed so badly.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

August 1, 2005

Plan B sucked!

Filed under: General — kees @ 5:16 pm

Well, our team of 3 didn’t do so well at CTF this year (4th in teams). But, I guess, holding our own against teams with 20+ people on them is kind of good. The game’s network was organized very differently from years past, and we had no way for inline Snort to work. They held the machines locally (in a FreeBSD jail), and we just got a network drop so we could share the network with our server. That was pretty disappointing, but I think it made the game much more pure. This year’s focus was on code auditing and binary analysis.

Both of my basic goals were achieved though:

  • Not come in last
  • Modify the token scoring tool to play victory WAVs any time we scored a point. That worked very well and was a great motivator.

I guess I’m going to have to really get cracking with some gdb programming work. Jesse’s auto-stack-overflow-detector rocks, and I think that can be seriously expanded, if not hooked up to Metasploit directly.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

July 25, 2005

world series of hacking

Filed under: Security — kees @ 9:46 pm

Friday approaches! DefCon is this weekend. I can’t wait. To think I’m going to be hacking so hard this weekend, I won’t see Battlestar Galactica until Monday. *shiver*

So far, I’ve got patches against ettercap, snort, and gdb. This year, I hope to actually do a full write-up of the Capture the Flag game, since no one else ever seems to do it. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

July 22, 2005

open clip art is everywhere

Filed under: Inkscape — kees @ 8:36 am

Although I’m only a user of the Open Clip Art Library, I’m close to the people involved in it since many of them are also involved in Inkscape. As a result, I’m always on the look-out for new places where OCAL is mentioned or OCAL art is used. Today while innocently reading Groklaw‘s response to Dvorak’s misunderstanding of the Creative Commons licenses, I saw OCAL mentioned as the first in a list of examples of useful CC-tagged sites. Very cool. :)

(This post, I think, has my highest ratio of links to words yet.)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

July 13, 2005

pattern visualization

Filed under: Reverse Engineering — kees @ 7:59 pm

Damn. I just thought up another piece of software (that I’m capable of writing) that I can’t find. This is bad; it means it’s going to haunt me until I code it.

So, frequently, I’m faced with streams of bytes of unknown origin/purpose. (For example, the .TiVo file format, RTMP streams, and most recently, Outlook “NK2” address autocompletion cache files.) I’ve had experience finding patterns, but it’s always so time-consuming. Usually I’m compiling some little C program over and over, slowly tweaking some guessed-at structure. This is basically the advice I got from Andrew Tridgell when I asked how he went about reverse engineering protocols. His methods deal more with sending/receiving, so it’s much more interactive. Most of what I’ve mucked with are just unknown file formats.

What I want is a nice GUI tool that will let me specify a language to describe a data file’s contents. I can see lots of meta-specifications like “repeat this structure until EOF”, and “if byte 5 is 1, read X bytes, otherwise, read X+50 bytes”, etc. Most data formats have pretty simple layouts after you figure them out. As you create the structure for the data to fit into, you can see the data from your example file displayed live. This way you can quickly tweak lengths, offsets, encoding types, endianness, etc, without needing to totally recompile your test harness.

Hell, it could even spit out the C code to process it, too. :)

I’m thinking about using Gtk and Python. We’ll see how rapid that path is for developing a nice GUI. I’ve heard good things. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

June 29, 2005

google maps

Filed under: General — kees @ 9:37 am

Literally an hour after I finished figuring out how to build a Google Maps site (and having Ken help me with CSS hell), Google goes and changes the API and releases documentation. Aagh.

Google retains the right to put advertising on the map in the future.

Like, as a second overlay? Because I can’t see how this would work in the main overlay, considering users can define their own “info” contents for their XSLT. In-map advertising seems like a silly idea. Since everything is currently rendered in the browser, Google is going to have a hard time controlling what people display. I was hoping they’d go the route of making money off this by making people’s sites really really awsome, and then those people would buy advertising from Google directly due to their huge volume of traffic. I guess we’ll see…

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

« Newer PostsOlder Posts »

Powered by WordPress