codeblog code is freedom — patching my itch

5/16/2005

writing for OSCon

Filed under: General — kees @ 6:56 pm

Aaaagh. I’ve got 30 days to write two full presentations for OSCon! AAaaaaa!

In other news, I got a few crash bug patches accepted into Wine. That was cool.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/12/2005

hey, it’s thursday

Filed under: General — kees @ 4:29 pm

On my way to work
Today the odometer in my car rolled across 223344. That was pretty cool.

RSS for kernel.org
I was bothered that I couldn’t add the kernel.org list of latest Linux kernel versions to my RSS aggregator, so I modified the detection scripts to spit out an RSS feed. Whee!

Bug fixes
I got a small patch against mp3cd yesterday. So I took the moment to release a “stable” version, since I’ve been using the “devel” branch for about 6 months now. That sounds pretty stable to me. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/6/2005

O’Reilly OSCon ’05

Filed under: Blogging — kees @ 7:32 am

I am so excited! I’m going to be a speaker at OSCon this year. I’ve never been a speaker anywhere! I’m gonna be so nervous it’s insane. I really hope it all goes well, but I still think it’s intimidating to be surrounded by so many experts in so many fields. I know I have a lot of email/spam/filtering experience (and a little Python), but there are plenty of other people who have more. I just happen to be talking about it. I hope they don’t beat me up during my talks. :) If I teach one thing to one person, I’ll see it as a success. I’d suspect I’m going to learn a lot too. “Why didn’t you do it this way?” “Uh, because I didn’t think of it! Thanks!”

Oh, so nervous. Yeow.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/3/2005

nice kernel.org write-up

Filed under: kernel.org — kees @ 2:50 pm

As if a blog itself wasn’t enough shameless self-promotion, I’ve just gotta share more! There’s a nice write up at Kernel Trap on how the kernel.org servers work. I’m mentioned in there since I’m one of the guys that helps keep the machine running. Mostly I manage the mirror server validations. I’m the guy that bugs the other mirror admins about falling behind, etc. The real work is done by HPA and Nathan. They’ve got some great gear in place now. I can’t wait until the next Fedora Core release; it really drives the machines hard. I think it’s great to log into a fairly responsive machine, and see a load average over 200. And then realize that that’s normal. I love it!

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/2/2005

I feel dirty

Filed under: Multimedia — kees @ 11:13 pm

I’ve just published srcfilter. It runs under Wine, which is the only reason I kept working on it. Coding in the Windows style has this sickening allure, like an overly sweet smell. I know I don’t want it, but it seems so tasty. (Oh, DWORD, how I hate thee. All your instance names start with “dw”.)

Anyway, srcfilter uses the DirectShow API to initialize a SourceFilter from a DLL you supply. It then pulls a specified source file through the DLL, writing the output to a file. Similiar things can be done with the GraphEdit tool that comes with the DirectX SDK. If you wanted to set up a Graph that uses a SourceFilter to read a file and a Dump sink to write output, you can use srcfilter to do the same thing. And you wouldn’t need Windows to do it.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/28/2005

video editing with gopchop

Filed under: Multimedia — kees @ 10:16 am

Well, in the last few weeks, after finally getting MPEG2-PS streams out of my series 2 TiVo, I’ve been actively using gopchop again. It had stagnated, but it seems that people with hardware MPEG2 encoders continue to use it. I should have realized sooner that they are gopchop’s audience. It’s traditionally been a rather fragile bit of code for software-generated MPEG2-PS streams, but pretty stable for the more regular hardware-encoder streams. Between my recent increase in its use, and two large patch bundles I was sent, I’m trying to pick up development again.

One thing that has been particularly frustrating when dealing with MPEG2 video has been dealing with the rendering of the pictures. MPEG2 stores its pictures “out of order”. And by “order” I mean display order. They’re in order for decoding, but not for display. libmpeg2 handles all this for me, except for the part where I need to stop on a specific picture. For an accurate GOP splitting UI, I need to display the last picture of a GOP. Depending on the stream, libmpeg2 may not have rendered the last picture, since it’s waiting for more B or P frames before it knows the decoding is done. (For example, B frames depend on frames in the future, so you can’t render them until you see further down the stream, etc.)

My plan to deal with this is to force-feed libmpeg2 with End-Of-Stream packets, and not render stuff until I’m on the picture I want. For example, to display the initial B or P frames from a GOP, I may need to process the entire prior GOP first. For some types of streams, this may end up being very CPU expensive, since they may have hundreds of pictures in each GOP. But, this is why MPEG2 editing is hard. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/21/2005

officially an RSS junkie

Filed under: Blogging — kees @ 6:23 am

Well, I think I’m officially an RSS junkie. I had ignored RSS for so long, I nearly forgot about it, but when I was shown planet.openclipart.org, I was reminded how powerful RSS is. Figured it was once again time to look around for an aggregator I could use. (Although I still think polling is a bad design for event management.)

Most of the reason I had ignored RSS was because every aggregator I had tried was buggy or had a frustrating interface. I guess enough time has passed, and when I tried straw a few days ago, it worked perfectly well. So, I started collecting all the RSS feeds from all the websites I’d been collecting on my firefox tab bar. It was getting pretty big, and I hated having to reload every tab each morning.

I realize I’m way late to the party on this, but I still think it’s great fun. I even hunted down a little RSS writer for my Photo Blog and got it built in so I could aggregate it too. :) (And it’s really cool to add Creative Commons tags to each and every thing in the RSS feed.)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/19/2005

they be spinnin’

Filed under: Health — kees @ 8:52 pm

In an effort to use my addictive personality against my lazy personality, I’ve started watching half an episode of Buffy The Vampire Slayer every morning while riding my bike on a stationary trainer. I can’t thank Doug Mandell enough for letting me borrow his trainer while I was trying to figure out if this scheme would actually work for me.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/16/2005

referer headers

Filed under: Multimedia,Security — kees @ 2:33 pm

I’m surprised that anyone still uses referer headers as a “security” measure. I’ve come across this several times recently. I’ll select a URL out of firefox, and paste it onto a curl -O command line, only to end up with a 0-sized file. And usually if I just add -e [site URL] to the command line, poof there’s my file. Most recently, I found this when trying to download the freely available Nine Inch Nails samples.

Seriously, what’s the point of doing this test? I don’t understand at all. If you want people to download a file in their web browser, do you think they can’t figure this out?

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

3/31/2005

fortune cookie goodness

Filed under: Security — kees @ 9:46 pm

Today, my fortune read:

There is no security on this earth;
there is only opportunity.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

3/30/2005

tivo dump

Filed under: Multimedia — kees @ 7:16 am

Well, it doesn’t actually make a lot of sense to figure out the encryption used by the TiVoToGo DLL, since TiVo could at any moment change it, the TiVo box’s routines, etc, and force all of us to upgrade. This ends up turning into an arms race, like iTMS. So, a better approach is to just use the DLL itself. Wine and Mplayer both have perfectly well written DLL loaders. All that has to be done is write a DirectShow Pull Pin implementation, following all the public published specs.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

2/25/2005

.tivo file format

Filed under: Multimedia,Reverse Engineering — kees @ 1:35 am

After I found some details on the .tivo file format, and cooked up some code to produce the same output. So far, there isn’t a lot of detail. It’s mostly just strange stuff. mpegcat finds the MPEG2 stream right where it should be, but supposedly the non-I-frames appear to be encoded.

All the files I’ve downloaded from my TiVo have the same “fingerprint” listed in the XML header, and a different “salt”. The interface for downloading recordings is very simple. Connect to https://[tivo IP]/ and it’ll prompt you for your username and password, which is “tivo” and your “Media Access Key”. After that, you’re all set; browse away. Download speed is rather slow: 500kB/s. Better than 2400 baud. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

2/16/2005

Hitchhiker’s Guide to Reverse Engineering

Filed under: Networking,Reverse Engineering — kees @ 7:53 pm

Well, I got annoyed that I couldn’t watch the SWF-based HitchHiker’s trailer on the Amazon.com main page. swf_play failed miserably. Most of the crap Apple pulls for their movie trailer stream-hiding is simple enough to work around. Generally I just keep downloading the MOVs, running strings on them until I find the actual MOV with the movie trailer in it, but Amazon’s wasn’t so easy. I found the base URL to the video easily enough in the XML parameters file. The hard part was figuring out what the hell “rtmp” is. mplayer didn’t recognize it, and after a quick nmap of the media server, I just got more confused. nmap listed a port 1935 called “rmtp”. Digging around a little it became very obvious that nmap’s services entry was just a typo. So I sent in a quick patch, and Fyodor accepted it within minutes. Pretty cool.

Anyway, on to the protocol dissection. I set up tcpdump to record everything sent to fcs.amazon.speedera.net, and took a look at it in Ethereal. Seeing that it was mostly binary, I looked around for something that would dump the data portion of a packet stream, but ended up empty handed. I’ve repeatedly wanted this, so I finally broke down and read up on coding with libpcap. It’s easy enough to use, but I floundered with the packet headers for a while. Eventually I managed to find the data portion of the packets, and was able to dump the client stream and the server stream separately. I wish there was a button on Ethereal’s “Follow TCP Stream” window that would just let me save the data. My tool doesn’t at all track sequence numbers or retransmissions, etc, so I worry that in some situations I won’t get a “true” stream dump. I suspect Ethereal handles that correctly, but I couldn’t tell you for sure.

After looking at this protocol dump, it seems like it ends up turning into some kind of SOAP-like communication, with function call literals like getStreamLength, createStream, play, and closeStream. There’s even a _result variable mentioned. The Flash coding docs I’ve found that talk about stream display don’t seem to mention this stuff at all, but maybe I didn’t dig far enough.

Since RTMP appears to be capable of streams, etc, I think the next step is to figure out how it reacts to things like “Pause” and “Stop” during playback. Clearly there is a stream-identification system in the headers, and there must be stream length indicators. I’m so annoyed that there is absolutely no discussion of RTMP anyway. I should go look at the swf_play source before I go much further.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

2/9/2005

Inkscape released

Filed under: Inkscape — kees @ 1:01 pm

Ah, it’s so satisfying to get a release out the door. Inkscape version 0.41 has finally been released. This time around, I was made a “Freeze Warden”, which means I have some input in the release process. (Are all the critical bugs fixed? Are the translations updated? Are the builds correct?)

Another task I kind of gave myself was packaging the Win32 binaries. That’s pretty cool, and I’m quite impressed with the NSIS package that does the bundling. I didn’t write the bundling scripts Inkscape uses, but I got to play with the NSIS compiler itself. It’s very slick, and I recommend it for anyone doing Windows installs. (And I should note that hundreds of other software packages are already using NSIS.)

One thing that Bryce Harrington has helped keep in my head during the Inkscape hard freeze was that any given release isn’t supposed to be Bug Free(tm). It’s just supposed to be a release. This is very hard for me to keep in my head, so hearing a few times during Freeze is a good thing. Bugs in the release that we know about are just “Known Problems”. They’re in the tracker, and we’ll get to them some day, but not today. It greatly relaxes me to think about it that way. The pressure to produce is relaxed, letting me actually enjoy the release process instead of worrying needlessly about all the people that will hate us because it crashes when they click like this.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/28/2005

learning autoconf

Filed under: General — kees @ 7:09 pm

I think I’ll never actually learn all the various functions in autoconf. It feels like this endless road that I can’t see the end of. Any time I do something new in autoconf, I have to go re-read some part of the autoconf manual, and try things a few times before I get the desired result. Today, for example, I got Inkscape to identify which version of libgc is on the system.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/18/2005

It just Works

Filed under: Inkscape — kees @ 8:03 am

There is nothing quite as satisfying as refactoring a whole mess of code, fixing up the syntax errors and warnings, running the code, and having it Just Work. (In fact, it’s even better if there aren’t any syntax errors to fix.)

This is probably Why I code. I get such satisfaction out of having code do its little dance for me. It’s like training a dog, only I don’t need treats. Why it’s satisfying, I’m still not clear on, but it just is.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/13/2005

Command Line Scraps

Filed under: Security — kees @ 6:21 pm

Usually when I have to temporarily hold onto something in my cut buffer, I might paste it into an open xterm. I don’t have any fancy cut buffer management tools running (though I probably should). So it’s always amusing to Alt-Tab through my windows after a busy day and find little snippets of conversations, phone numbers, and today when I sat down to my computer at home after work, I find, pasted into my xterm from the evening earlier’s experimentation: 'OR''='

I had a brief flash of what it might be like to be a drunken blackhat. Waking up in the morning, navigating through a sea of beer bottles, settling down at your computer, only to find it strewn with previously calculated buffer overflow offsets, SQL injection attempts, and cracked WEP keys. “Oh man, what a night! What did I get myself into?”

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/9/2005

Fragile Code

Filed under: Embedded — kees @ 7:27 pm

I define fragile code as code that isn’t easily changed without introducing bugs. I think the biggest cause of fragile code is cut/paste algorithms. This is especially true for data access and processing routines.

The idea behind Object Oriented programming is that you end up creating accessor functions for all your data. It’s simple to change your data formats without breaking the program as a whole. When you don’t have an OO language, you create all kinds of methods to do your repeated work.

This is critically important for stable, readable, sane code. Functions should do something small, and do it very well. Then you can call a whole series of strong little functions, rather than cutting and pasting the same code over and over, only to wreck your day much later on.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/8/2005

madwifi

Filed under: Networking — kees @ 9:59 pm

Woohoo! I found Macrus Crafter’s blog (and webpage) describing how he got a decent wireless miniPCI card (Proxim ORiNOCO 802.11a/b/g) working in his Dell 8500, and I figured it was worth a shot. It worked great in my Dell 8600! One kernel compile later, and the madwifi drivers are in great shape. I just have to test WEP and monitor mode. What a relief after the disappointment of the broadcom chipset. I won’t be buying from them ever.

The soldering was very straight forward. There were 3 solder points on the back holding the EM shield in place over the miniPCI card. Once the solder was wicked off there, I used an exacto blade to lift the tabs up, and continued to wick solder until the cover popped off. Then I wicked solder off either side of the miniPCI card where the card holder fingers had snapped into place. All in all, it took about 15 minutes, and most of that was fighting with the solder on the EM shield tabs.

On the PCI card, the antenna was plugged into the right-most antenna plug. (If looking at the PCI card with the slot down and antenna wire leaving the card to the left.) On the Dell miniPCI card, the plugs are labelled “MAIN” and “AUX”. Since I figured the current plug on the Proxim must be the “MAIN”, I plugged the white cable from the Dell (the one NOT marked “AUX”) into the right-most, and the black cable (marked “AUX”) into the left-most. This was rather awkward, since that required the cables to cross over eachother. So far, so good. I figure it just plain wouldn’t work if I screwed that up. Since I’m currently posting this from my laptop over wireless, I think I got it right. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/5/2005

SuSE Firewall

Filed under: Networking,Security — kees @ 5:08 pm

Started looking at the SuSE firewall scripts today. They’re quite nice, actually. So far, they look like they’ll support everything I want to do without any trouble. What’s really nice about it is the resulting script is much more readable than a string of iptables commands (where I’d have to specify the ACCEPT, NAT, and FORWARD for inbound services generally in different places).

What I’d really like to see would be an m4-based version of the script. It’s good enough for sendmail and autoconf, why not iptables? :) That would totally rock, because then I’d be able to see the resulting list of iptables commands. I bet there’s a place somewhere to see them now; but I just haven’t looked.

I’m hoping that this firewall configuration will play nice with heartbeat, which I’ll be using to do some high-availability work on the firewall pair. I’ve had to fight a little with SuSE over the interface names (I want to name the network interfaces after their function, not their boot order). udev has been quite friendly, but SuSE seems to have special meanings for various separator characters. I wanted to have “eth-internal”, etc, but it seems to strip “eth-“. And “eth_internal” turns into “eth/internal”. So, I’m just using “etinternal” instead. :P

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/4/2005

Fun with LCDs

Filed under: Embedded — kees @ 11:09 am

Worked for a little while last night trying to figure out how to rotate the image on an LCD screen. Turns out the controller actually has a built in rotation ability. All the examples in the docs show a portrait LCD display being rotated to a landscape LCD display. I needed to the do the opposite. Anyway, 1 typo and several LCD controller registers later, I had convinced it to work, but with a nasty flicker. I dug around a little more and finally found where I could define “line widths” for the display memory (as in, each line of physical memory is 256 bytes, but it’s only going to display 240 of those bytes). Thank goodness the display library had already been set up to deal with virtual spans. Anyway, with that in place, it came up perfectly. Yay! It’s going to wreak havoc on the the testing routines: let’s just say the screen CRCs aren’t going to be the same. In fact, the screen CRCs might be just flat wrong; I’m not sure what portions of video memory it scans.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/3/2005

Blog Switchero

Filed under: Blogging — kees @ 11:02 pm

Well, the rewrite rules for drupal started pissing me off, so I’ve switched again! This time, I’m back to WordPress. I must have been crazy when I first looked at it. The SSL trouble I was having was my own fault (which, I’m sure is true of Drupal’s rewrite rules too). The reason I’m really switching, though, is that WordPress, I think, has a much cleaner interface to the editing and template editing. I need to find a better skin for it, but for now, the default will do just nicely.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

TiVo Home Media

Filed under: Multimedia — kees @ 12:35 pm

Last week a friend of mine told me about the Java HMO (Home Media Option) server. I had no idea it existed and immediately got it set up. This provides your TiVo with a place to get MP3s, streaming audio, and images over your local network through whatever other computer you have around to do the work for it. The regular Windows TiVo HM “Desktop” software isn’t nearly as cool. With the Java HMO, you can get movie listings, web cams, etc. It’s terrific.

Anyway, this was supposed to be about code, but it’s more about a growing itch to patch. It seems that the “Internet Images” module is either very fragile and/or doesn’t like having spaces (or maybe commas?) in the image titles (which it uses for caching in /tmp/javaHMO.cache/)

The overall system is a great design, and I’m currently enjoying watching some great webcams in places that are in daylight while I’m in the dark:

Antarctic Gentoo Penguins
Hanmer Springs, New Zealand
Tembe Elephant Watering Hole, South Africa

I can see elephant butts! :)

TiVo published their networking specs, but only included the broadcast and “desktop” specs. I think it would be cool to have the TiVo share movies with my computer too. Would be great for movie trailers and DVDs. My DVD player is in the other room, so I can’t watch movies in the TiVo room (at least until NetFlix and TiVo get their movie-delivery system finished). It still might be tricky to resample the DVD on the fly. TiVo normally records stuff at half-resolution, so dealing with a full DVD MPEG2 stream would be exciting to say the least. I’ll just have to see what’s on the wire between two TiVos configured to record shows from eachother.

(Edit: Holy crap! My wish is granted in the TiVo->PC direction, at least!)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/2/2005

Inkscape icons

Filed under: Inkscape — kees @ 11:35 am

Today, I ended up tracking down all the unused XPM files in Inkscape. Kind cool to get everything down to just SVG files. I don’t think we’ll be able to ditch the XPMs for the mouse cursor replacements, though. Oh well.

Oops, I found another bug related to the svg: prefix addition. Just proves my metadata code is fragile. I hardened it a little more, so that should fix it for a while. :)

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/1/2005

Blogtastic

Filed under: Blogging,Security — kees @ 11:56 pm

Well, after messing around with WordPress for a little while, I switched to Drupal. WordPress is pretty cool, and all I really wanted was a nice Blog system. Drupal is a bit of overkill for that, but it seems more mature. WordPress really didn’t like being put onto an HTTPS server, so that made it a pretty poor choice for me.

Before getting a huge list of Blogs from the folks on the inkscape channel (thanks guys!) I had briefly tried Simple Blog System, and ran screaming from it. There were at least 3 types of security holes in it. I only noticed because I saw one within the first 10 lines of index.php. I’m not sure how far I trust Drupal, but at least it correctly deals with PHP magicquotes.

Check out Open Source CMS for a list of all the various CMS software out there. Kinda handy if you have an entire day to blow looking through all the stuff.

© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

« Newer Posts

Powered by WordPress