altamira16: Tall ship at dusk (Default)
[personal profile] altamira16
This was a book recommended by someone on Twitter. It is the 2014 Winner of the Philip K Dick Award for distinguished science fiction. I really enjoyed it because I like science fiction dystopia and empowered female protagonists.

In this book, there is a nurse in the hospital maternity ward in San Francisco taking care of women and babies when some unknown disease hits. Women in late pregnancy catch a fever, their babies die, and then they die. Other people in the household become infected and also die, but no one dies like the women. Eventually, the nurse catches the disease too. She wakes up in her house to a man trying to rape her. Once she escapes from the man who has broken into her house, she runs into a gay man who introduces her to the post-apocalyptic world where most people have died, and the survivors are mostly men. He does not want to stick with her because women are dangerous. They lead to fighting among men who try to take them as slaves. The unnamed midwife scavenges for the biggest pile of birth control she can find and a chest binder and disguises herself as a man as she wanders the US to see if there are any people left.

There were only two little parts that bothered me. I think someone called a motorcycle that was not a Harley a rice-rocket, and I think this is what Californians call Asian motorcycles. I wish they wouldn't. Then at the end, one character talks about someone being lynched. After reading about the violence involved in real lynchings, it was surprising to see someone discuss lynching in such a superficial way. When that character turned out to be black, it seemed like "here is the token black character discussing lynching."
beable: (16 - The Tower - destruction and renewal)
[personal profile] beable
Mal: Ship like this will be with you ’til the day you die.
Zoe: That’s ’cause it’s a death trap.


My car, in the words of the mechanic, is no longer considered roadworthy. It has thousands of dollars with of mechanical issues wrong with it, and the body is sufficiently corroded that it can no longer be loaded onto a hoist, and the bumpers are partially attached to the car by happy thoughts.

I've now signed up for Vrtucar, and will have the summer to decide if that is suitable for me or if I need to go car shopping and start budgeting for car payments again.

I had designs on turning my car into an art project when it was near the end of it's lifespan - something akin to the Electric Mayhem paint job from the original Muppet Movie:



Given both the costs involved in painting the car, and the fact that I really ought not to be driving it around much, it doesn't seem practical. Though the prospect of trying to fund it on Kickstarter is entertaining:
main goal: cover the costs of the paint and related costs
stretch goal #1: cover the required mechanical repairs so that my car is suffuciently safe to drive to actually pass inspection!
stretch goal #2: cover the required repairs to the body so that this art car can decorate society for years to come!

Penguicon in a little over a week

Apr. 20th, 2017 09:13 am
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I'm one of the Guests of Honor at Penguicon, April 28-30 in Southfield, Michigan. Penguicon is a combination of an open source conference and a science fiction convention. Here's my schedule including some more funny bits and some more thinky bits. It'd be lovely to see some Dreamwidth acquaintances there!
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
My longtime friend Zack Weinberg ([personal profile] zwol) needs help in his research to measure Internet censorship. He's a grad student at Carnegie Mellon University, an sf fan, and a longtime open source software hacker.

The short version is: go to https://research.owlfolio.org/active-geo/ and hit the Start button on the map.

More details:

Zack's doing experiments in "active geolocation", which is when you try to figure out where a computer physically is by measuring how long it takes a packet of information to go round-trip between one computer and other computers in known locations. This has been studied carefully within Europe and the continental USA, but much less so elsewhere.

More specifically, Zack is trying to develop a technique for verifying that VPN exits are in the country that their operator claims they are. His larger research focuses on measuring Internet censorship, for which he needs network vantage points in precisely the countries where it's hardest to get reliable server hosting. He could go with the commercial virtual private network (or VPN) providers who say "sure, I have a host in Malaysia/Ukraine/Iran/etc. you can choose to use," but how can Zack know that they're telling the truth? Commercial VPN operators may prefer to locate their hosts in countries where it's easier to do business, and only label them as being in harder-to-access countries.

So Zack is looking for volunteers who can visit that page, which will run measurement scripts, on computers physically located all over the world. South America, sub-Saharan Africa, South and Southeast Asia, and Oceania locations are especially helpful, but he can use data from anywhere.

Once you click "Start" on the map at https://research.owlfolio.org/active-geo/, the page will run a test/demo to see whether you could help. If you can, then you'll see the consent form below to ask for more information about your location and you'll see the CMU’s Office of Research Integrity and Compliance notice.

Here's more about the research questions he is investigating, here's how to help using a command-line tool in case you'd like to give him data from a computer that you only have remote shell access to, and

In case you want to spread the word about this request, here's a public tweet you can retweet:

I'm looking for volunteers to help with a research project: https://research.owlfolio.org/active-geo/ Especially want people outside Europe and North America.


And you can ask [personal profile] zwol for more info if you have any questions.

Thanks!

Alternate Questions

Apr. 17th, 2017 09:16 am
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
Is it still in vogue for US tech companies to ask quantitative estimation/implausible-problem questions like "how many phone booths/piano tuners are there in Manhattan?" in hiring interviews, particularly for programming-related jobs? Fog Creek asked me one of those in 2005. There was even a book, How Would You Move Mount Fuji?: Microsoft's Cult of the Puzzle -- How the World's Smartest Companies Select the Most Creative Thinkers.* How many companies are still into that?**

I ask because I came up with a couple you could use, maybe for a digital humanities kind of position:

  1. How many people, throughout history, have actually been named "Flee-From-Sin"? I feel like you see this as a jokey Puritan first name in books like Good Omens or the Baroque Cycle, but was it a name that some non-negligible number of people actually had?
  2. Out of all the people currently within New York City limits, have more of them written a sonnet or a dating profile? What's the ratio?



* That's right, two subtitles. That's how you know you're getting a lot for your $16.00 MSRP.

** It's hard to tell these things sometimes even if you listen to lots of people discuss hiring and recruiting. "Five Worlds" and its decade-later ramifications apply to work culture, not just software development methodology. Stripe's engineering interview aims to "simulate the engineering work you'd do day-to-day" (link via Julia Evans) so I think you can expect your interviewer won't show up wearing a question-mark costume and screeching, "Riddle me this, Batman!" This software engineer, who's just been through scads of hiring interviews, doesn't mention puzzle questions. This level of detail ain't exactly on the "How to Become a Computer Programmer" page in the Occupational Outlook Handbook from the US Department of Labor -- but then again we already knew that the assessment vacuum in software engineering skills is a huge problem.

[Cross-posted to Cogito, Ergo Sumana. I'm doing this just now for new Dreamwidth followers, but usually I don't cross-post from there to here; check out [syndicated profile] sumana_feed if you want to follow that blog.]

altamira16: Tall ship at dusk (Default)
[personal profile] altamira16
This book is a study of North Korean propaganda done mostly from information found in South Korea because westerners can't just walk into the Pyongyang and ask to see all the propaganda. Myers said that no one really took the study of the propaganda seriously because it is too political for the cultural journals and too cultural for the political journals.

Myers's thesis is that there is really nothing there when it comes to Juche Thought. It just does not make any sense. Kim Il-Sung was not that educated. Juche Thought was an erudite philosophy created by some people who were not really interested in creating a coherent philosophy. They needed some educated sounding nonsense to serve as philosophy. Myers proposed that the North Korean government operates under Confucian paternalism.

In early propaganda, Korea was visualized as a younger sibling to Japan. That vision of Koreans as children has made them view themselves as innocents who are under attack from outsiders. As history moved on, any assistance from outsiders was erased from North Korea's official history, and the Kims were treated as parental figures (the state is both a mother and a father but mostly a mother) that North Koreans needed. Spontaneity is seen as a positive quality in children. I found that odd in a land where people don't really have the freedom to move about.

The roundness of the Kims is seen as the childlike quality of all Koreans. But at the same time, the leaders are seen as parents giving hugs to children and protecting their people in a lot of the propaganda. Here is Kim Il-Sung hugging a little girl.

As the hardships of the 1980s and 1990s approached, there was a lot of imagery involving involving storms and waves. The storms and waves represented the outside world, and the leaders had to stand up to defend North Korea against them. Here is a picture of former President Clinton and Kim Jong-Il sitting in front of a picture of waves. Attacks from the outside world seem to strangely make the leader of the country more powerful because it gives the parent-leader purpose and support.

The penultimate sentence of this book summarizes it nicely.

"In any case, the prevalence of motherly authority figures, the glorification of 'pure' racial instincts, the denigration of reason and restraint-- all these things encourage rashness among the DPRK's decision makers just as they encourage spontaneous violence among average North Koreans."

In a lot of the propaganda, Americans look a little bit like Ebeneezer Scrooge or offensive caricatures that you might see of Jewish people. They are men with hollow eyes and large hooked noses. In the linked example, there are some hollow-eyed American soldiers torturing a Korean woman by pulling out her teeth with pliers. The woman is a wearing white which is symbolic of purity and innocence.

I found it odd that Americans looked like Jewish caricatures because North Koreans are not necessarily as critical of Jewish people as they are of American and Japanese people.

(no subject)

Apr. 15th, 2017 11:50 am
beable: (the doubtful guest)
[personal profile] beable
All my comments are belong to us!

an unexpected adventure

Apr. 15th, 2017 12:04 am
zorkian: Icon full of binary ones and zeros in no pattern. (Default)
[personal profile] zorkian

Oliver was on spring break this week so he had no school, so his mom dropped him off Thursday night and I took a day of PTO today for some Father & Son time. We planned breakfast (pancakes, of course -- at Peter's Cafe down in Millbrae). [personal profile] afuna joined us for that then she hopped on the BART and headed off to work while the kid and I went south to San Carlos Airport.

We had a mission -- my airplane, N171MA, needed a bulb replaced. I also wanted to do some administrivia that I'd not done when we got back from our trip to Baltimore. The aviation data (charts, obstacles, and navigation data) needed updating and I wanted to pull down the latest flight and engine data logs to do some analysis. Also, I wanted to wash the plane and make it nice and shiny!

We took care of a few of the things and then we hopped aboard and started up. I requested permission from Ground Control to taxi across the runway to the wash rack on the other side and we got stuck about 10 minutes waiting for a clear time to cross. (They can't have airplanes crossing active runways and the weather was beautiful: there were a lot of airplanes coming and going.)

Eventually we made it across the runway and I vaguely knew where we were going but had never actually been to the wash rack before. I ended up going down the wrong aisle into a dead end. One of the things about airplanes is that virtually none of them can go backwards. They only go forwards. If you end up going down an aisle that doesn't have an exit like I did today, you have to shut everything down and disembark, fetch the hand tug, and then reorient the bird yourself. It's slightly annoying, particularly when you get turned around (unf! heavy!) and then have to ask Ground Control for permission to taxi because you "missed". Whoops.

We finally got around to the wash rack which was more complicated than I expected and I ended up parking in front of what I thought was the rightmost of two washing spots. I realized halfway through that you were intended to park in the middle of the two hose reels -- the one on the left was attached to a 55 gallon drum of soap and the one on the right was for rinsing. I didn't feel like repositioning by hand for a second time in one day so I just used the plain water and did the best we could.

When we were done Oliver asked if we were going to take off now. I had not planned on flying anywhere and was only there to do incidentals related to aircraft maintenance, but it wasn't like I had better plans... I asked him if he wanted lunch and if he wanted to fly somewhere to get lunch and he seemed keen on the idea. It's important to note that this would be his third flight ever and his previous two were short flights and we didn't go anywhere really -- plus [personal profile] afuna was on those flights to help if anything went south. This would be a real flight: ~30 minutes to Petaluma, lunch, ~30 minutes home -- and no backup.

He was keen on the idea and I got excited so we got ready to go and then departed. Blasting off into the brilliant blue sky -- I love my airplane. It's an amazing machine and flying is the most wonderful feeling and there I was, my son next to me with his red headset on. I had the stupidest grin on my face. As soon as we launched, Oliver piped up on the intercom: "Dad. Don't turn us upside down." I assured him I would definitely not turn us upside down.

We were cleared through the SFO Bravo airspace and it got a little bumpy. Unfortunately because of the large amount of air traffic in the area (particularly going north from San Carlos!), I was pretty constrained in where I could fly and I couldn't really alleviate the turbulence but it turned out that he didn't seem to mind -- it was a little bumpy but at least once he said it was fun. (I had quietly grabbed the sick sack and prepared it just in case...)

At some point near SFO we were cruising along and out of nowhere Oliver said, "Dad, I'll help!" and leaned forward, grabbed the control stick, and pulled back. This immediately caused the airplane to pitch up and startled the poor kid. I basically always fly with my hand on the stick so I gently brought us back to level but I think he cured himself of wanting to grab the stick!

We made it up to Petaluma and landed without incident and took a selfie. He wanted to hop up on the wing, so that's why he's standing up here:

We went to the Two Niner Diner (a lovely place!) and he wanted grilled cheese, french fries, ketchup, and a strawberry milkshake. They make 'em right, too: brought him the shake and a tin with some extra. His little mind exploded "I get two milkshakes?!?!" and he was in nirvana. The staff was super taken by him and by the end of the meal he gave the proprietor a sudden hug and she got a little startled and said "That made my day -- you have no idea, you really made my day."

The flight home was pretty uneventful. Oliver fell asleep halfway back and I debated flying circles just to make the moment last longer but ended up just heading back and landing. I made what is probably my smoothest, shortest landing yet in the plane and managed to taxi off at the Foxtrot exit from 30. (I know that won't mean much to anybody but it feels good.)

When we got home later, Oliver gave me a hug and said, "I love you Dad. This is the best day ever."

I'll be over here in a puddle of warm fuzzy feelings and goo.

Dreamwidth communities

Apr. 14th, 2017 02:47 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I've been doing my own little bit to share lore and links in the comments of the latest Dreamwidth news post, and to welcome people coming to Dreamwidth in the wake of the latest LiveJournal change.

I've put a new book review, of Colson Whitehead's The Underground Railroad, in [community profile] 50books_poc, I've recommended several RSS feeds in [site community profile] dw_feed_promo, and I've suggested a couple of face-to-face New York City meetups in [site community profile] dw_meetups and [community profile] nyc. I've subscribed to [site community profile] dw_community_promo but haven't posted anything there yet; perhaps next week!
[personal profile] mjg59
Reverse engineering protocols is a great deal easier when they're not encrypted. Thankfully most apps I've dealt with have been doing something convenient like using AES with a key embedded in the app, but others use remote protocols over HTTPS and that makes things much less straightforward. MITMProxy will solve this, as long as you're able to get the app to trust its certificate, but if there's a built-in pinned certificate that's going to be a pain. So, given an app written in C running on an embedded device, and without an easy way to inject new certificates into that device, what do you do?

First: The app is probably using libcurl, because it's free, works and is under a license that allows you to link it into proprietary apps. This is also bad news, because libcurl defaults to having sensible security settings. In the worst case we've got a statically linked binary with all the symbols stripped out, so we're left with the problem of (a) finding the relevant code and (b) replacing it with modified code. Fortuntely, this is much less difficult than you might imagine.

First, let's find where curl sets up its defaults. Curl_init_userdefined() in curl/lib/url.c has the following code:
set->ssl.primary.verifypeer = TRUE;
set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
set->ssl.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
set->general_ssl.sessionid = TRUE; /* session ID caching enabled by
default */
set->proxy_ssl = set->ssl;

set->new_file_perms = 0644; /* Default permissions */
set->new_directory_perms = 0755; /* Default permissions */

TRUE is defined as 1, so we want to change the code that currently sets verifypeer and verifyhost to 1 to instead set them to 0. How to find it? Look further down - new_file_perms is set to 0644 and new_directory_perms is set to 0755. The leading 0 indicates octal, so these correspond to decimal 420 and 493. Passing the file to objdump -d (assuming a build of objdump that supports this architecture) will give us a disassembled version of the code, so time to fix our problems with grep:
objdump -d target | grep --after=20 ,420 | grep ,493

This gives us the disassembly of target, searches for any occurrence of ",420" (indicating that 420 is being used as an argument in an instruction), prints the following 20 lines and then searches for a reference to 493. It spits out a single hit:
43e864: 240301ed li v1,493
Which is promising. Looking at the surrounding code gives:
43e820: 24030001 li v1,1
43e824: a0430138 sb v1,312(v0)
43e828: 8fc20018 lw v0,24(s8)
43e82c: 24030001 li v1,1
43e830: a0430139 sb v1,313(v0)
43e834: 8fc20018 lw v0,24(s8)
43e838: ac400170 sw zero,368(v0)
43e83c: 8fc20018 lw v0,24(s8)
43e840: 2403ffff li v1,-1
43e844: ac4301dc sw v1,476(v0)
43e848: 8fc20018 lw v0,24(s8)
43e84c: 24030001 li v1,1
43e850: a0430164 sb v1,356(v0)
43e854: 8fc20018 lw v0,24(s8)
43e858: 240301a4 li v1,420
43e85c: ac4301e4 sw v1,484(v0)
43e860: 8fc20018 lw v0,24(s8)
43e864: 240301ed li v1,493
43e868: ac4301e8 sw v1,488(v0)

Towards the end we can see 493 being loaded into v1, and v1 then being copied into an offset from v0. This looks like a structure member being set to 493, which is what we expected. Above that we see the same thing being done to 420. Further up we have some more stuff being set, including a -1 - that corresponds to CURLSSH_AUTH_DEFAULT, so we seem to be in the right place. There's a zero above that, which corresponds to CURL_TLSAUTH_NONE. That means that the two 1 operations above the -1 are the code we want, and simply changing 43e820 and 43e82c to 24030000 instead of 24030001 means that our targets will be set to 0 (ie, FALSE) rather than 1 (ie, TRUE). Copy the modified binary back to the device, run it and now it happily talks to MITMProxy. Huge success.

(If the app calls Curl_setopt() to reconfigure the state of these values, you'll need to stub those out as well - thankfully, recent versions of curl include a convenient string "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!" in this function, so if the code in question is using semi-recent curl it's easy to find. Then it's just a matter of looking for the constants that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set to, following the jumps and hacking the code to always set them to 0 regardless of the argument)
beable: (gonzo journalism)
[personal profile] beable
One of the things I don't tend to revisit all that often is posts that predate the introduction of tagging.

I ended up close and personal with several as I was going through my LJ memories in prep of (after the most recent import completes) deleting most of my LJ content, and the nostalgia was nice.

Definitely richer than the "going back to look at old photos" nostalgia, because I had not just my words, but also peoples' comments and reactions, and most of the ones that were in my LJ memories were the ones that [livejournal.com profile] ambiviolent would call one of those "YOUR BRAIN, BEABLE" moments.

Media

Apr. 10th, 2017 12:25 pm
brainwane: My smiling face, in front of a wall and a brown poster. (smiling)
[personal profile] brainwane
Watching: Season 2 of Jane the Virgin. I said to a friend that my favorite character was Rogelio, and he said "Rogelio is my second-favorite character after the narrator," and I realized, yes, same here. Also watching Jon Bois's sports history/analysis videos which are, among other things, worth watching as vidding experiments.

Listening: re-listening to Cabin Pressure for pleasure, and listening to Pete Seeger stuff like "Tomorrow Is A Highway" for energy, and to the Tron: Legacy soundtrack for work background music. Also, MetaFilter Music just led me to a fun poppy synth song, "You're So Dangerous", that is now stuck in my head.

Reading: I'm partway through, like, ten books. I'm reading a lot of MetaFilter, mostly through the Popular Posts/Comments page, and Twitter, and I'm reading my Dreamwidth reading page -- sometimes I go to Dreamwidth Latest Things to find new people to subscribe to. Also I'm rereading Maureen McHugh's China Mountain Zhang again. I love that book. The interiority, the attention to the way people act when they're trying to be more decisive than they feel, the compassion, just so good.
beable: (Default)
[personal profile] beable
Given that the recent TOS isn't just the usual "who reads the TOS" stuff but has the potential to cause real harm, I will no longer be cross-posting to LJ, or actively reading it much.

Specifically: LJ is now fully housed in Russia, and the most recent TOS affirms that it operates under Russian law - including laws restricting LBGTQ content and political discourse.

(https://boingboing.net/2017/04/08/six-to-end.html )

I'm beable on Dreamwidth and have been cross-posting for awhile.

Setting up a Dreamwidth account is easy, the interface is similar to LJ, and you can import your LJ into DW if you want to preserve a sense of history for your journal.

I encourage you all to come join me there.
Page generated Apr. 23rd, 2017 01:57 pm
Powered by Dreamwidth Studios