vatine: books-related stuff (books)
[personal profile] vatine
Reread.

I haven't read this one as many times as maybe I should. There's some stylistic weirdness (it's written in second-person, which is to some extent, "gaming", although perhaps more the text adventures of days gone by than modern 1st/3rd megapolygon wossnames), which lingers in my memory as an initial hurdle. It's quite OK once you're reading, though. At least I find it so.

First in a series of two (so far) Scottish near-future police procedurals.

All in all, not a bad read. I should see if I have the second one in electronic or paper form.

The importer has (mostly) caught up!

Apr. 19th, 2017 11:02 pm
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise posting in [site community profile] dw_maintenance
Our content importer has mostly caught up with its backlog; almost everything that's still listed as being "in the queue" are jobs that were tried, failed once or more with a temporary failure, and are waiting to try again. (The importer tries a few times, at successively longer intervals, when it gets a failure it thinks might be temporary/might correct itself later on.) This means that new imports scheduled now should complete in hours (or even minutes), not the "several days" it's been taking.

If you tried to schedule a second import while the first one was still running, at any time in the past 10 days or so, you may have confused the poor thing. If you think your import should be finished by now and it isn't, and you're seeing "Aborted" on the Importer Status part of the Importer page, feel free to open a support request in the Importer category and we'll look into it for you. (It may take a little bit before you get a response; those of us who have the access to look into importer problems have been really busy for the past two weeks or so, and I at least need a few days to catch my breath a bit before diving back into the fray! But we'll do what we can.)

I hope all y'all are continuing to settle in well to your new home!
vatine: books-related stuff (books)
[personal profile] vatine
Reread.

Don't know if I've reread this before, so this may genuinely be the second read.

It's, let's say, a "late-Heinlein pastiche", including, but not limited to, oversexed fembots with nipples that go spung (for plot-relevant reasons, no less).

We're in a post-humanity solar system, filled with a variety of robots, who are now all that's left of the heritage of Earth (having a completely crashed biosystem on the main planet, no human seen for at least one, maybe multiple, centuries, that sort of "left of").

When the novel start, we find our main viewpoint character Freya on one of the balconies of an upper-Venus-atmosphere flyer thing, contemplating the wisdom of letting gravity take over, since after all what meaning is there for a sexbot when she was manufactured after the last human was already gone?

Turns out, yes, there's a good many reasons to not let gravity take over.

Is it readable? Yes, on the balance. But probably not without knowing some of the specifics on which it riffs, which may or may not be what you want to internalise, but if you already had, there's worse.

It does set the scene for Neptune's Brood though, so might be worth reading just for taht (not sure it's 100% necessary, though).
vatine: books-related stuff (books)
[personal profile] vatine
Reread.

Been a while since I read this. It's rather godo reading, but one thing leaves me puzzled, what do tibias have to do with arms? Anyway, Irene is a Librarian (yep, taht capital letter is definitely required), working for The Library (again, required), a library existing between the worlds, where time does not really pass, in some sense.

She has been given what sounds like a simple mission, go to a specified alternate and recover a book. No more, no less. Shouldn't be a problem, no?

All in all, excellent reading.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise posting in [site community profile] dw_news
Hello, Dreamwidth! Goodness, this past week has been unexpectedly exciting, hasn't it? A warm Dreamwidth welcome to everyone who's just joining us: we're glad you're here, and we hope you're liking the new digs.

Before we get into all the things I have to cover, though: Given the reasons most people are citing for not wanting to agree to LiveJournal's new ToS, I'd like to take a moment and ask: if you're able to (and only if you're able!), please consider donating to the Russian LGBT Network/Российская ЛГБТ-сеть. They not only do excellent work across the Russian Federation, but are currently mobilizing to help evacuate LGBT people in Chechnya who are in danger of detention or death. (EDIT: If you're outside Russia, you can donate through All Out; the Russian LGBT Network website won't accept donations from outside Russia.)

To our friends in Russia who are LGBT and those who are against the mistreatment of anyone because of their sexual orientation: We stand with you. Please stay safe above all else, but if it would be safe for you to post that link, the LGBT Network is asking that as many people as possible publicly share the information that the LGBT Network is ready to help. (They also ask that you do not contact people in Chechnya directly to let them know, as there are reports the authorities are searching people's phones and computers for evidence of sexual orientation.)

The rest of this post is primarily to give y'all new folks a brief orientation (or as brief as I am ever capable of; no one has ever called me concise) to help you settle in, although I hope at least some of it will be useful (or at least interesting!) to those of you who have been with us for a while. Come with me as we discuss Dreamwidth's history, a bit of what (we think) makes us special, the answers to a few common questions about how we roll, and a few useful tips that may help you with the transition.


Dreamwidth 101! )

Whew! That was a lot to throw at y'all at once, I know. (Yes, I always am this longwinded. And I always use this many parentheses.) Everybody who's been here for a while: thank you for your patience as I got our new arrivals up to speed! We'll be back in a few weeks with a code push and a bunch of new features and fixes, so the next news post should be more broadly applicable.

In the meantime, let's have a welcome party in the comments:

* If you're looking for new people to subscribe to you, leave a comment with some basic info about your journal and what you tend to write about! Then everybody can browse around and meet each other. (There's also [community profile] 2017revival and [community profile] addme, both of which are unofficial but bustling lately; holler if you know of any more.)

* If you've been here for a while and have a favorite community that's active, drop a link and a brief description!

* If you're new or you've been here for a while, and you're looking for an active community on a particular topic, leave a comment with what you're looking for and people can recommend you some options. (We've done this a few times before, as "the great community rec-o-matic", and it's never a bad time for another round.)

* If you know of any scripts, resources, extensions, tools, or toys that will help someone make the move, get settled in, or customize their DW experience once they're here, drop a link and a description in the comments. (We can't be responsible for unofficial tools, scripts, extensions, etc, so use at your own risk, but I know there are a bunch of them floating around!)

Finally, a quick note on the importer queue: it's still going, I swear. The jobs finishing now are the ones that were scheduled around 48 hours ago, though, so we really appreciate how patient y'all are being!

As always, if you're having problems with Dreamwidth, Support can help you; for notices of site problems and downtime, check [site community profile] dw_maintenance and the Twitter status account. (We can't do support through Twitter, though! Open a support request instead. Me trying to fit into 140 characters is not a pretty sight.)

Comment notifications may be delayed for an hour or two, due to the high volume of notifications generated after an update is posted to [site community profile] dw_news. This was posted at 5:30AM EDT (see in your time zone). Please don't worry about delayed notifications until at least two hours after that.

2017 - #38, "Lock In", John Scalzi

Apr. 14th, 2017 09:10 am
vatine: books-related stuff (books)
[personal profile] vatine
Reread.

This is an interesting book in many ways, discussing a whole slew of important themes. It also has one of the most deliciously hidden twists (well, it's not really a twist, it's well-known what it is, and all that), but it's one of those things that are better to know after you've read it for the first time.

That aside, we're basically along for a ride with newly-minted FBI Agent Chris Shane, during the very first week on the job. It is hopefully not a week that is a sign of times to come, but as these things are, nobody really knows.

All in all, a pretty good read. I think I appreciated the book more the second time, which is perhaps not always the case with re-reads.

So long and farewell

Apr. 13th, 2017 06:09 pm
snippy: Lego me holding book (Default)
[personal profile] snippy
The end of an era has come, and I grieve a bit for what Livejournal was.

It was what many of us did when Usenet ended, but before Facebook took over social media. It was many people's first fandom platform, and most important connection to others. But it's over now.

Starting at the first of the year I took the trouble to delete every individual entry, and also took the time to review much of my writing over my LJ years. It was sometimes sad to see comments and discussions with friends who are now gone (may their memories be a blessing); it was also joyful to read of good times past. After deleting all the entries I deleted my account (and thereby every comment I'd made on other journals).

I'm glad we have Dreamwidth.
vatine: books-related stuff (books)
[personal profile] vatine
Previously unread.

Latest novel out of the Scalzi compound As far as I can tell, it's not connected to anything else that Scalzi has written before (apart from sharing an author, publisher and language, that is). Is it good? Yes, I would say that it is. I wanted to continue reading and I was wanting to know what happens next. There were some characters I sympathised with, and some I quite disliked, although I think that was intentional.

It is the best Scalzi book I've read? No, it isn't. It's also not the worst. I suspect it's "above median", but I have not taken the time to sit down and do the sums and comparisons.
[personal profile] mjg59
Reverse engineering protocols is a great deal easier when they're not encrypted. Thankfully most apps I've dealt with have been doing something convenient like using AES with a key embedded in the app, but others use remote protocols over HTTPS and that makes things much less straightforward. MITMProxy will solve this, as long as you're able to get the app to trust its certificate, but if there's a built-in pinned certificate that's going to be a pain. So, given an app written in C running on an embedded device, and without an easy way to inject new certificates into that device, what do you do?

First: The app is probably using libcurl, because it's free, works and is under a license that allows you to link it into proprietary apps. This is also bad news, because libcurl defaults to having sensible security settings. In the worst case we've got a statically linked binary with all the symbols stripped out, so we're left with the problem of (a) finding the relevant code and (b) replacing it with modified code. Fortuntely, this is much less difficult than you might imagine.

First, let's find where curl sets up its defaults. Curl_init_userdefined() in curl/lib/url.c has the following code:
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
set->ssl.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
set->general_ssl.sessionid = TRUE; /* session ID caching enabled by
default */
set->proxy_ssl = set->ssl;

set->new_file_perms = 0644; /* Default permissions */
set->new_directory_perms = 0755; /* Default permissions */

TRUE is defined as 1, so we want to change the code that currently sets verifypeer and verifyhost to 1 to instead set them to 0. How to find it? Look further down - new_file_perms is set to 0644 and new_directory_perms is set to 0755. The leading 0 indicates octal, so these correspond to decimal 420 and 493. Passing the file to objdump -d (assuming a build of objdump that supports this architecture) will give us a disassembled version of the code, so time to fix our problems with grep:
objdump -d target | grep --after=20 ,420 | grep ,493

This gives us the disassembly of target, searches for any occurrence of ",420" (indicating that 420 is being used as an argument in an instruction), prints the following 20 lines and then searches for a reference to 493. It spits out a single hit:
43e864: 240301ed li v1,493
Which is promising. Looking at the surrounding code gives:
43e820: 24030001 li v1,1
43e824: a0430138 sb v1,312(v0)
43e828: 8fc20018 lw v0,24(s8)
43e82c: 24030001 li v1,1
43e830: a0430139 sb v1,313(v0)
43e834: 8fc20018 lw v0,24(s8)
43e838: ac400170 sw zero,368(v0)
43e83c: 8fc20018 lw v0,24(s8)
43e840: 2403ffff li v1,-1
43e844: ac4301dc sw v1,476(v0)
43e848: 8fc20018 lw v0,24(s8)
43e84c: 24030001 li v1,1
43e850: a0430164 sb v1,356(v0)
43e854: 8fc20018 lw v0,24(s8)
43e858: 240301a4 li v1,420
43e85c: ac4301e4 sw v1,484(v0)
43e860: 8fc20018 lw v0,24(s8)
43e864: 240301ed li v1,493
43e868: ac4301e8 sw v1,488(v0)

Towards the end we can see 493 being loaded into v1, and v1 then being copied into an offset from v0. This looks like a structure member being set to 493, which is what we expected. Above that we see the same thing being done to 420. Further up we have some more stuff being set, including a -1 - that corresponds to CURLSSH_AUTH_DEFAULT, so we seem to be in the right place. There's a zero above that, which corresponds to CURL_TLSAUTH_NONE. That means that the two 1 operations above the -1 are the code we want, and simply changing 43e820 and 43e82c to 24030000 instead of 24030001 means that our targets will be set to 0 (ie, FALSE) rather than 1 (ie, TRUE). Copy the modified binary back to the device, run it and now it happily talks to MITMProxy. Huge success.

(If the app calls Curl_setopt() to reconfigure the state of these values, you'll need to stub those out as well - thankfully, recent versions of curl include a convenient string "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!" in this function, so if the code in question is using semi-recent curl it's easy to find. Then it's just a matter of looking for the constants that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set to, following the jumps and hacking the code to always set them to 0 regardless of the argument)

2017 - #36, "Cold Days", Jim Butcher

Apr. 11th, 2017 08:04 am
vatine: books-related stuff (books)
[personal profile] vatine
Reread.

Two books after the previous one I finished. Chickens come home and roost. We learn many new things, Harry gets a new job, Molly and Karrin have new friends. Some serious shit happens, echoes of which reverberate throughout Dresdenverse.

All in all, eminently readable.

Wildlife

Apr. 10th, 2017 08:40 pm
snippy: Lego me holding book (Default)
[personal profile] snippy
I saw a pair of crows this weekend, harvesting twigs from the tree off my balcony. I say harvesting because they were quite intentionally peeling twigs from the branches and flying off with them, then coming back for more.

We have some pre-popped popcorn in the house and I scattered a few kernels on the balcony railing (the top rail is a 2x4 board wide enough to serve as a bird/squirrel feeder) and the crows were very happy. I've put a few out each morning and watched them collect the feed.

The hummingbirds are still actively defending the feeder. I haven't seen the Steller's jays in a while, though.

Profile

fallenpegasus: (Default)
Mark Atwood

April 2017

S M T W T F S
      1
2345678
910 1112131415
16 171819202122
23242526272829
30      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 24th, 2017 07:09 pm
Powered by Dreamwidth Studios