Older blog entries for mcr (starting at number 63)

5 Jun 2010 (updated 25 Jun 2010 at 17:07 UTC) »

Datavalet hotel Internet "service" is broken

If you've stayed at a Hotel that "features" Internet service from Montreal supplier datavalet, you may experience that it... well... isn't Internet.

It's not surprising that hotel Internet services think they are "forced" to use Network Address Translation (NAT), so you aren't really on the Internet, but only half of it. It is also not surprising that they intercept all of your packets until you sign in through their portal (possibly paying).

What is surprising is that after doing that, that they continue to intercept many of your packets, violating both your privacy and BREAKING THE INTERNET.

What does Datavaley do? Well they intercept ALL of your DNS requests. DNS is the Domain Name System, the thing that translates names like www.kame.net to IP addresses like 203.178.141.194, but also to IPv6 addresses like: 2001:200:0:8002:203:47ff:fea5:3085.

Except that Datavaley doesn't. If you ask them for the IPv6 address (the AAAA resource record), then instead of answering either "do such name", they just don't answer. And they do this, even if you asked your own corporate server rather than their server. It requires EXTRA programming to do this.

The result? Anyone running with IPv6 turned on experiences the Internet to be broken. Who does that? Today, if you are running modern software: Windows 7, Linux, Mac OSX. Even XP and Vista (if you turned on IPv6).

I first experienced this at Indigo Hotel at the Toronto Airport in April. I reported this to the hotel and to DataValet. My colleagues report that the Holiday Inn (Terasse de Chaudiere) also has this.

My advice: don't stay there. DataValet broke RFC1034/RFC1035. Those documents are 23 years old --- the is no excuse for breaking the fundamental protocols. There is also no excuse for not having fixed this in the past two months.

Syndicated 2010-06-05 13:37:00 (Updated 2010-06-25 17:07:02) from Michael's musings

5 Jun 2010 »

Huawei U1250 -- not so good afterall

Three weeks ago I switched from Rogers/Fido to WIND. While I had purchased an unlocked quad-band Motorola RAZR back in 2007 in anticipation of more open competition in GSM, this didn't help me. Anyway, I moved with a T-Mobile UMTS Android G1. After that success, I wanted to move my wife too.

Her Nokia (locked to Fido) was not going to do UMTS, so she needed another phone, alas. We picked a Huawei U1250, and everything seemed good for a few days. She liked the size, the weight, and the headset that came with it. To play music, we needed a microSD card, and fortunately I read the instructions which told me that 8GB was the biggest it would take. I bought two (one to upgrade my G1), and they arrived today.

We plugged it into her Ubuntu Hardy desktop with the USB cable. Up pops a window, and I think we are golden. Oops. It's a CDROM image, with windows drivers. Maybe there are Mac ones there (is that what 'res' folder is?) too, but I can't tell.

DUMB. DUMB. DUMB. DUMB. Make it a USB DRIVE. Then it's totally useful. Imagine, you go to the grocery store with your... PHONE CAMERA and plug it in, and guess what... it just works, and you make print outs.

Okay, we got out the microSD/USB adapter and copied some things to the card. I copied some ogg and some MP3. Guess what... yes, you guessed it, ogg fails. Even some of my MP3s didn't work.

My opinion: don't buy a Huawei U1250. It has only been five days, and I may try to return it.

Syndicated 2010-06-04 01:57:00 from Michael's musings

4 Jun 2010 »

Huawei U1250 -- not so good afterall

Three weeks ago I switched from Rogers/Fido to WIND. While I had purchased an unlocked quad-band Motorola RAZR back in 2007 in anticipation of more open competition in GSM, this didn't help me. Anyway, I moved with a T-Mobile UMTS Android G1. After that success, I wanted to move my wife too.

Her Nokia (locked to Fido) was not going to do UMTS, so she needed another phone, alas. We picked a Huawei U1250, and everything seemed good for a few days. She liked the size, the weight, and the headset that came with it. To play music, we needed a microSD card, and fortunately I read the instructions which told me that 8GB was the biggest it would take. I bought two (one to upgrade my G1), and they arrived today.

We plugged it into her Ubuntu Hardy desktop with the USB cable. Up pops a window, and I think we are golden. Oops. It's a CDROM image, with windows drivers. Maybe there are Mac ones there (is that what 'res' folder is?) too, but I can't tell.

DUMB. DUMB. DUMB. DUMB. Make it a USB DRIVE. Then it's totally useful. Imagine, you go to the grocery store with your... PHONE CAMERA and plug it in, and guess what... it just works, and you make print outs.

Okay, we got out the microSD/USB adapter and copied some things to the card. I copied some ogg and some MP3. Guess what... yes, you guessed it, ogg fails. Even some of my MP3s didn't work.

My opinion: don't buy a Huawei U1250. It has only been five days, and I may try to return it.

Syndicated 2010-06-03 21:57:00 from Michael's musings

8 Apr 2010 (updated 4 Jun 2010 at 02:07 UTC) »

Legends of Zork

A friend turned me on to www.legendsofzork.com. It's a web game, really more straight D&D, rather than the text adventure that Zork was. It was kinda fun to hit "fight again" while waiting for compiles. The UI was okay, I just didn't like that it scrolled rather fit into a single regular height browser window.

I haven't played in awhile, and I tried last week.

They changed it ... a lot. The graphics are all over the place. I can't focus on anything. When the battle is over, there is a pop up (it's slow to pop up too!) to tell you what happened.

Now it takes two clicks to fight... and my eyes can't follow what is going on. I stopped playing.

Syndicated 2010-04-08 16:57:00 (Updated 2010-06-04 02:07:47) from Michael's musings

28 Mar 2010 (updated 8 Apr 2010 at 21:07 UTC) »

Online Fraud

My MPP, Yasir Naqvi has been in the news complaining that someone "stole" his identity, and sent out an email mis-representing his views. Nevermind what his views are.

http://www.yasirnaqvimpp.ca/pressreleases.aspx?id=61

http://www.ontla.on.ca/web/members/members_detail.do?locale=en&ID=7097

Mr. Naqvi's identity was not stolen --- he is clearly still him. If it was stolen, then he would no longer have it.

His email account was not "hacked" --- someone simply set up a new identity on gmail claiming to him. But really, there are dozens of higher-tech ways to impersonate him. In fact, ANYONE CAN IMPERSONATE ANYONE on the Internet.

The press have repeatedly written the story wrong. http://www.vancouversun.com/news/politician+livid+after+fake+mail+sent+list/2732203/story.html

"On the Internet, nobody can tell you are a dog", was the comic from over a decade ago.

The real question is, why, in 2010, 12 years after S/MIME became a standard (1998) and 14 years after PGP was documented (1996), our governments and representatives are still completely in the dark about what it means to be online.

http://www.rfc-editor.org/info/rfc1991 http://www.rfc-editor.org/info/rfc2311

And there are lots and lots of further documents about PGP, OpenPGP, and S/MIME. My email has been signed with PGP since about 1994. Think about this: I've been signing my email longer than the kid serving you at McDonald's has been alive.

"Poor planning on your part does not constitute an emergency on my part".

You were warned. MANY MANY MANY TIMES.

Provincial governments and federal governments have very clear, centralized IT support and services, and they could trivially roll out email security.

Have they done so? Why haven't they? It seems like NEGLIGENCE to me.

I documented above when the standards were written, but in fact that is 3-8 years after the technology became available --- so it's more like 20 years since you could have started using PGP.

It's not like S/MIME is not ubiquitous --- it's one of the major reasons that I've been told that government organizations HAVE to run Outlook: Nothing else has been evaluated by the CSE for use in government work. (Why that is, is another rant)

SO WHY ARE THEY NOT USING IT?

This is not a rhetorical question. I want to know. What part of "email is not secure" did they not get? Maybe they were not there that day in class.

Shame on you Mr. Naqvi. Go do some learning and start asking some real questions.

Syndicated 2010-03-28 12:36:00 (Updated 2010-04-08 21:07:51) from Michael's musings

28 Mar 2010 »

Thing I saw at Active Surplus

I was in Toronto at the AGM for http://www.EspressoCode.com/. I had to stop at Active Surplus for switches and what-not for my model railroad. I certainly the a "what-not"

Check it out:

[[http://www.sandelman.ca/mcr/humour/2010-02-04-10-46-whatnot.jpg][Some kind of Pumpy Thing]]

Syndicated 2010-02-08 01:40:00 from Michael's musings

8 Feb 2010 (updated 8 Feb 2010 at 02:11 UTC) »

Thing I saw at Active Surplus

I was in Toronto at the AGM for http://www.EspressoCode.com/. I had to stop at Active Surplus for switches and what-not for my model railroad. I certainly the a "what-not"

Check it out:

[[http://www.sandelman.ca/mcr/humour/2010-02-04-10-46-whatnot.jpg][Some kind of Pumpy Thing]]

Syndicated 2010-02-07 20:02:00 (Updated 2010-02-08 02:11:25) from Michael's musings

8 Feb 2010 »

Sharp microwaves

My Samsung microwave died last March. It makes sparks from the magnetron. I tried a bit to see if I could get a new one, but it's annoyingly difficult, since the magnetron is half the cost of the unit.

I'd really like to buy a microwave not-made-in-China. Sharp is reported to make them in Japan, assemble them in the USA.

But, I can not find a store that sells them. I'd really like to touch one before I buy it.

Syndicated 2010-02-02 00:44:00 from Michael's musings

2 Feb 2010 »

Sharp microwaves

My Samsung microwave died last March. It makes sparks from the magnetron. I tried a bit to see if I could get a new one, but it's annoyingly difficult, since the magnetron is half the cost of the unit.

I'd really like to buy a microwave not-made-in-China. Sharp is reported to make them in Japan, assemble them in the USA.

But, I can not find a store that sells them. I'd really like to touch one before I buy it.

Syndicated 2010-02-01 19:44:00 from Michael's musings

2 Feb 2010 »

no-op instructions for ARM

At http://www.credil.org/ we had to deal with some code that was not yet GPL compliant, fixing bugs (removing features!) from a .so file that we had. We had some of the source code, but not enough to recompile it.

We needed to disable certain calls, so we disassembled the object file with objdump -d. We then reviewed the code, looked for the calls we wanted to remove, which are "bl" instructions.

../../prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-objdump -d libmyso.so >libmyso.S

All branch instructions are conditional, but one valid condition is "branch always" (and link, which means it's a subroutine). See: http://www.peter-cockerell.net/aalp and http://www.peter-cockerell.net/aalp/html/frames.html, section C which is at: http://www.peter-cockerell.net/aalp/html/app-c.html

Just look, if we change 'e' to 'f', it becomes Branch Never! We tried that.

Oops, this doesn't work. Peter Cockerell's book (from 1987) documents ARMv3, and we are up to ARMv9. It seems that his bit pattern now means to branch, and change to THUMB mode... The clue that this is what happens is that when we disassembled the result we saw "blx", but the real clue was that the offset was no longer "place", instead was "place+2". Thumb instructions are 16-bit big.

See http://www.keil.com/support/man/docs/armasm/armasm_cihfddaf.htm for details of BLX.

So, how to create a NOP? We didn't see an official one. Some googling revealed that "MOV R0 R0" is a good choice.

http://www.keil.com/support/man/docs/armasm/armasm_cjafcggi.htm

To assemble this:

First nibble is 0b1110 (15, 0xE) for "Always".

Second nibble is 0b0001 (1, 0x1), for 00, Immediate bit = 0, first bit of opcode is 1. (The Opcode is 0b1101 (14, 0xD) for MOV)

Third nibble is 0b1010 (10, 0xA), three bits of opcode, S bit set to 0.

Fourth nibble is 0x0000 (R0), and Fifth nibble is 0x0000 (R0).

The last 12 bits are 0.

The result is: 0b1110 0001 1010 0000 0000 0000 0000 0000. Or 0xE1A00000.

We didn't realize that the Android phones are in big-endian mode, so when we searched for the right instructions to change, we did not find them.

When you objdump a .so file, it's mapped directly, so the offsets that objdump products are actual file offsets.

Syndicated 2010-01-06 03:11:00 from Michael's musings

54 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!