Computers

XML is the bomb!


There are several lessons to be learned from the Samsung Blu-ray player fiasco, in which pretty much their entire product line turned into a useless pile of e-waste.

  1. You don’t know what your Internet-connected appliances are doing, and the manufacturer won’t tell you. Customer service probably doesn’t even know about most of it.

  2. The people designing your appliances often don’t think about or thoroughly test boot or update processes.

  3. Always mount a scratch monkey.

  4. XML makes a terrible config-file format. Ditto YAML and Apple’s Plist format (both of which are just as complex and unforgiving as XML).

When I was at WebTV, every client release meeting included someone who had precise statistics on how many devices were bricked by each previous release, how much it cost to replace them, and the effect on customer churn. This neatly negated the efforts by development and marketing to take shortcuts with QA.

On the service side, we were usually able to just roll back to a previous code or content release within a few minutes of detecting a problem, but there were occasional out-of-band updates, as well as external dependencies. One that bypassed QA one night was an update to the XML config file that controlled ad rotation on the home page. As each ad server retrieved the new file and parsed it, they locked up. When I traced the appropriate process, I saw it spinning in a tight loop trying to parse a comment; someone had manually removed one ad from the rotation. At least, that’s what they thought they’d done, with their limited understanding of XML syntax.

In our case, the code checked for errors, but never got there because it was stuck in an infinite loop; the Samsung startup code simply didn’t check for errors. If the file was syntactically valid, of course it must be semantically valid.

Thunderclaptrap


The latest “branded” vulnerability that’s getting hysterical coverage is “Thunderspy”, in which all your data are belong to us if your computer has a Thunderbolt port. In less than five minutes. With only $400 in off-the-shelf hardware.

Except the details of the story contradict that. First is the assumption that your powered-down computer is available to the attacker for long enough that they can crack the case and reflash the Thunderbolt port’s firmware; five minutes on a desktop, maybe, but most laptops? A quick look at the sites that crack them open and test for repairability suggests that it’s not going to be as easy as the claimed “unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate”.

Second is the assumption that the attacker will be able to return when your computer is sleeping and exfiltrate your data through the compromised port. Admittedly, Thunderbolt is fast at data transfer, but how many trips do you have to make before you find it in the right state?

The mitigation strategy is simply “power down or hibernate”. Even after compromising your ports, physical access to a powered-up or sleeping computer is required to access your encrypted data. (if your data wasn’t encrypted, they didn’t need a hardware hack to steal it in the first place)

The researcher branding agent does offer a second scenario that’s at least plausible: find a not-currently-plugged-in Thunderbolt peripheral (monitor, etc) that has previously been connected to your computer, steal the 64-bit ID code that was used to establish a trust arrangement, flash that to a naughty data-exfiltration device, and then plug it into your awake-or-sleeping computer.

Mitigation strategy? “power down or hibernate”.

Or use a Mac, which apparently is only vulnerable if it’s been rebooted into Windows with Boot Camp and then put to sleep.

So, if you care enough about security to fully encrypt your laptop, but care so little about security that you casually leave it running unattended or just put it to sleep for convenience, and you don’t notice when it was power-cycled while you were out of the room, then this can be used to steal all your data.

That pretty much restricts the vulnerable population to senior executives at tech companies. The rest of us are safe.

(and, yes, state actors can easily accomplish this, but we already knew that they were compromising unattended phones and laptops to spy on foreign executives and politicians, especially in Corona-chan’s motherland)

Wanted: USB-C dock that doesn't suck


I have ethernet drops in every room of my house. I have a Samsung T5 USB SSD. I have a 12-inch MacBook, which has only a single USB-C port for charging and expansion.

This means I have to use some sort of dock to connect ethernet, external drives, and power. Every portable dock I’ve tried at home or at work can do two of the three reliably, but will spontaneously reset the USB hub component if I try to use all three at once (like, say, backing up the SSD contents over ethernet to my Synology NAS).

Doesn’t matter what brand; even reputable ones like Anker do this. Doesn’t matter what power supply; Apple 30-watt, Apple 87-watt, Anker 60-watt, etc. Doesn’t even matter if I deliberately throttle the rsync copy; it lasts longer at very restricted bandwidths, but still eventually resets.

Plug the SSD directly into my 2012 Mac Mini, and I can copy its data to the NAS at full speed, every time. Plug it into a Thunderbolt port on the 15-inch MacBook Pro I had to give back when I was laid off, ditto; it works great.

Right now, the only way I can successfully use both network and USB SSD at the same time on the MacBook is to run on battery and copy data wirelessly.

So, is there a good USB-C dock with ethernet and at least three USB3 ports that works with a 12-inch MacBook? I don’t even care if it’s portable at this point, and I don’t care if it has HDMI or a memory-card reader. Portable would be nice, for travel, but honestly, at the rate things are going, I won’t be traveling until at least November. And I have my fingers crossed that there isn’t another outbreak of virulent stupidity in the fall.

Random Apple WTF

A few years back, Apple made the -i option (display inode data) to df the default, “to conform to Version 3 of the Single UNIX Specification”. Trouble is, Apple’s new file system doesn’t really have inodes, so the number of “free inodes” is 2^63 minus the number of files and directories, which makes the output basically unreadable.

The manpage recommends using the -P option to disable this, which I long ago embedded in a shell alias so it’s always on. Except I haven’t made that change in the dotfiles on my Mini, so when I went to copy the SSD, I ran into the default behavior, and tried manually adding -P to the command, like so: df -h -P /Volumes/Marippe.

This reported disk usage in 512-byte blocks instead of the human-readable format I requested with -h. Why? Because that’s the official behavior of -P, and the fact that it suppresses inode output is apparently just a documented side effect. Which means that the output of df -h -P is not the same as df -P -h.

This feels like a metaphor for Apple’s current UI design principles.

Dear Amazon,


Conceptually, it hurts my brain to see PC cases listed as external components.

Then again, at least it’s not the ongoing dumpster fire that is “religion & spirituality”…

Meanwhile, since Amazon can’t manage to get a two-day delivery to me in a week, I’ll be spending the day working with the product that did arrive. It took a year and a half to get here, but unlike Amazon, they made it themselves.

Homebrew FU


To augment the relatively small amount of Open Source software included with MacOS (soon to be even smaller), I used to use Fink. Then I used to use DarwinPorts (now MacPorts). And just now, I started wondering if it’s time to give up on Homebrew.

Why? Because the maintainers very very quietly decided to gut the functionality of the tools by removing all of the compile-time options for every package, restricting them to a single flavor. The dozens of bugs filed since then just get closed with rude noises, and maybe a handful of the requests for lost functionality get added back as part of the one-and-only build flavor (but only if they’re submitted in precisely the correct format and don’t conflict with other undocumented policies). The best part is that if you had installed something with options selected, it silently broke the next time it was updated.

Their recommended solution: “create your own tap”, which is like telling someone who came in for an oil change to build their own fucking garage if they don’t want 5W30.

Graphics card bleg


What’s the best-bang-for-the-buck gaming graphics card that I can put into this?

Current specs:

  • Intel Core i7-6700, 3.4 GHz
  • NVIDIA GeForce GTX 980, 4 GB RAM
  • 32 GB RAM
  • 256 GB SATA SSD
  • 1 TB SATA SSD
  • 500 Watt power supply

I’m tempted to replace the original small SSD with an NVME PCI Express card and one of the many ridiculously-affordable M.2 NVME SSDs. (never mind, the free slot is only PCI Express x1)

How Open Source 'Works'...


Seems there’s a trivial denial of service attack against GPG via the keyservers, and the fix is… well, there really isn’t one:

“​…the SKS software was written in an obscure language by a PhD student for his thesis. And because of that, according to Hansen, ‘there is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase.’”

Bootstrapping...


# tdnf install perl
# cpan App::cpanminus
# tdnf install man-db man-pages gawk tar diffutils
# tdnf install make gcc binutils glibc-devel linux-api-headers ncurses-devel
# su - build
% curl http://ftp.gnu.org/gnu/emacs/emacs-26.2.tar.gz | tar xzf -
% cd emacs-26.2
% ./configure --without-all --without-x
% make
# cd ~build/emacs-26.2
# make install
# cat <<EOF > /root/.emacs
(setq-default initial-major-mode 'fundamental-mode)
(defun set-auto-mode (&optional foo) (interactive "p") (fundamental-mode))
(when (fboundp 'electric-indent-mode) (electric-indent-mode -1))
(global-set-key (kbd "TAB") 'self-insert-command)
(setq-default tab-width 4)
(setq-default enable-local-variables nil)
(setq-default inhibit-eol-conversion t)
(setq inhibit-startup-screen t)
(setq inhibit-splash-screen t)
(setq line-move-visual nil)
(setq transient-mark-mode nil)
(setq sentence-end-double-space nil)
(setq isearch-lax-whitespace nil)
(setq search-whitespace-regexp nil)
(put 'narrow-to-region 'disabled nil)
EOF

Okay, now I can start exploring Photon.

File under baffling the fact that there’s no Emacs RPM at all. Admittedly, even my “minimal” build adds 200MB to /usr/local/, but:

“When you don’t have enough space for Emacs, you don’t have enough space.”
     — Sandy Wambold

“Need a clue, take a clue,
 got a clue, leave a clue”