You are here

Site në gjuhë të huaj

C.J. Adams-Collier: Windows is *still* loading files

Planet Debian - Hën, 21/04/2014 - 6:25pd

I’m moving the active directory server off of hardware on to the hypervisor. I think if I boot the drive as USB I can install the virtio disk drivers on the system. Fingers crossed!

Only thing is that this first boot off of a USB device takes *sooooo* long!

Drones On Demand

Slashdot.org - Hën, 21/04/2014 - 5:50pd
mikejuk (1801200) writes "Gofor is a new company that is promoting the idea of drones on demand. All you have to do is use the app to request a drone and it shows you were they are and how long before one reaches your location. You want to take the ultimate selfie? Scout ahead to see if the road is clear or just find a parking space? No problem just task a drone to do the job. For the photo you simply flash your phone camera at it and it pinpoints your location for an aerial selfie. If it is scouting ahead then it shows you what awaits you via a video link. See the promo video to see how it might work. Flight of fancy? Possibly but the company claims to be operational in five US cities." I wish my car had a drone for instant scouting of traffic-jam alternates.

Read more of this story at Slashdot.








Russell Coker: Sociological Images 2014

Planet Debian - Hën, 21/04/2014 - 4:00pd
White Trash

The above poster was on a bridge pylon in Flinders St in 2012. It’s interesting to see what the Fringe Festival people consider to be associated with “white trash”. They claim homophobia is a “white trash” thing however lower class people have little political power and the fact that we still don’t have marriage equality in Australia is clear evidence that homophobia is prevalent among powerful people.

Toys vs Fairies

I took the above photo at Costco in 2012. I think it’s worth noting the way that the Disney Fairies (all female and marketed to a female audience) are standing around looking pretty while the Toy Story characters (mostly male and marketed to a male audience) are running out to do things. Having those items side by side on the shelf was a clear example of a trend in toys towards girls being encouraged to be passive while boys are doing things. The Toy Story pack has one female character, so it could be interpreted as being aimed at both boys and girls. But even that interpretation doesn’t remove the clear gender difference.

It seems ironic to me that the descriptions on the boxes are “Read, Play, and Listen” for the Toy Story pack and “Read, Play, and Colour” on the Fairies pack. Colouring is more active than listening so the pictures don’t match the contents.

Make Up vs Tools

I took the above photo in an Aldi store in early 2013, today I was in Aldi and noticed that the same chocolate is still on sale. A clear and pointless gender difference. Rumor has it that some of the gender difference in kids clothing is so that a child can’t wear the clothes of an older sibling of different gender, but chocolate only gets eaten once so there is no reason for this.

Oath

The above poster was inside the male toilet at Melbourne University in 2013. It would probably be good to have something like that on display all the time instead of just for one event.

Locks

I took the above picture early this year, it shows hundreds of padlocks attached to a bridge across the Yarra River in Melbourne. Each padlock has a message written or inscribed in it, mostly declarations of love. I first noticed this last year, I’m not sure how long it’s been up. There was nothing formal about this (no signs about it), people just see it and decide that they want to add to it. I guess that the council cuts some of them off periodically as the number of locks doesn’t seem to be increasing much in recent times.

It would be interesting to do some research into how many locks are needed to start one of these. It would also be interesting to discover whether the nature of the inscriptions determines the speed at which it takes off, would a bunch of padlocks with messages like “I Love Linux” inspire others as well as messages declaring love for random people? All that is required is some old locks and an engraving tool.

I wonder what the social norm might be regarding messing with those locks. If I was to use those padlocks to practice the sport of lock-picking (which I learned when in Amsterdam) I wonder whether random bystanders would try to discourage me. It seems likely that picking the locks and taking them away would get a negative reaction but I wonder whether picking them one at a time and replacing them (or maybe moving them to another wire) would get a reaction.

Blackface for Schoolkids

A craft shop at the Highpoint shopping center in Melbourne is selling “Teacher’s Choice” brand “Multicultural Face Masks”. “Multicultural” is a well regarded term in education, teaching children about other cultures is a good concept but can be implemented really badly. When I was in high school the subject “Social Studies” seemed to have an approach of “look how weird people are in other places” instead of teaching the kids anything useful.

Sociological Images has an informative article on the Australian Hey Hey it’s Saturday blackface incident in 2009 [1].

The idea of these masks seems to involve students dressing up as caricatures of other races. The mask which looks like someone’s idea of a Geisha is an even bigger WTF, mixing what the package calls “culture” (really race) with sex work. When I visited Tokyo I got the impression that “French maids” fill a similar niche to Geisha for younger Japanese men and the “maid cafe” thing is really popular there. I think it’s interesting to consider the way that a French maid costume is regarded differently to a Geisha costume. I expect that “Teacher’s Choice” doesn’t sell French maid costumes.

Delicious Cow

Usually meat is advertised in a way that minimises the connection to living animals. Often adverts just show cuts of meat and don’t make any mention of animals and when animals are shown they are in the distance. The above picture was on the wall at a Grill’d burger restaurant in Point Cook. It shows a bovine (looks like a bull even though I believe that cows are the ones that are usually eaten) with a name-tag identifying it as “Delicious”. The name tag personalises the animal which is an uncommon thing to do when parts of an animal are going to be eaten.

Of the animals that are commonly eaten it seems that the general trend is to only show fish as complete live animals, presumably because people can identify with mammals such as cattle in a way that they can’t identify with fish. Fish are also the only complete animals that are shown dead, adverts for fish that are sold as parts (EG salmon and tuna) often show complete dead fish. But I’ve never seen a meat advert that shows a complete dead cow or sheep.

Related posts:

  1. Sociological Images 2012 In 2011 I wrote a post that was inspired by...
  2. Sociological Images I’ve recently been reading the Sociological Images blog [1]. That...
  3. Links January 2014 Fast Coexist has an interesting article about the art that...

Axel Beckert: Xen: Running a Sid DomU with PyGrub on a Squeeze Dom0

Planet Debian - Hën, 21/04/2014 - 3:07pd
I’m running one Debian Sid and one Jessie (Testing) Xen guest domain on a Debian Squeeze (Oldstable) Xen 4.0 running host server.

Recently I had to reboot one these virtual machines after more than a year of uptime. But the new 3.14 kernel from Debian Experimental didn’t boot. Neither did 3.13 from Debian Unstable. Nor did any other kernel image newer then the 3.5-trunk (from Debian Experimental back than) work.

Everytime pygrub bailed out with this error message:

Error: (2, 'Invalid kernel', 'xc_dom_find_loader: no loader found\n')

(Yes, the parentheses and the “\n” were part of the error message.)

After some searching on the web I found hints that this message may be caused by an unsupported compression type in the kernel image.

And indeed, if I unpack the “vmlinuz” with the extract-vmlinux tool which is part of Linux’ source code (but not yet part of any binary package in Debian), and use the extract file in grub’s menu.lst (which is then read by pygrub) instead, the DomU boots Linux kernel 3.14 again, even on a Squeeze-running Dom0.

Matthew Garrett: Home entertainment implementations are pretty appaling

Planet GNOME - Hën, 21/04/2014 - 2:39pd
I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable start.

Panasonic provide a nice download site for firmware updates, so I grabbed the most recent and set to work. Binwalk found a squashfs filesystem, which was a good sign. Less good was the block at the end of the firmware with "RSA" written around it in large letters. The simple approach of hacking the firmware, building a new image and flashing it to the device didn't appear likely to work.

Which left dealing with the installed software. The BDT-230 is based on a Mediatek chipset, and like most (all?) Mediatek systems runs a large binary called "bdpprog" that spawns about eleventy billion threads and does pretty much everything. Runnings strings over that showed, well, rather a lot, but most promisingly included a reference to "/mnt/sda1/vudu/vudu.sh". Other references to /mnt/sda1 made it pretty clear that it was the mount point for USB mass storage. There were a couple of other constraints that had to be satisfied, but soon attempting to run Vudu was actually setting a blank root password and launching telnetd.

/acfg/config_file_global.txt was the next stop. This is a set of tokens and values with useful looking names like "IDX_GB_PTT_COUNTRYCODE". I tried changing the values, but unfortunately made a poor guess - on next reboot, the player had reset itself to DVD region 5, Blu Ray region C and was talking to me in Russian. More inconveniently, the Vudu icon had vanished and I couldn't launch a shell any more.

But where there's one obvious mechanism for running arbitrary code, there's probably another. /usr/local/bin/browser.sh contained the wonderful line:export LD_PRELOAD=/mnt/sda1/bbb/libSegFault.so , so then it was just a matter of building a library that hooked open() and launched inetd and dropping that into the right place, and then opening the browser.

This time I set the country code correctly, rebooted and now I can actually watch Monkey Dust again. Hurrah! But, at the same time, concerning. This software has been written without any concern for security, and it listens on the network by default. If it took me this little time to find two entirely independent ways to run arbitrary code on the device, it doesn't seem like a stretch to believe that there are probably other vulnerabilities that can be exploited with less need for physical access.

The depressing part of this is that there's no reason to believe that Panasonic are especially bad here - especially since a large number of vendors are shipping much the same Mediatek code, and so probably have similar (if not identical) issues. The future is made up of network-connected appliances that are using your electricity to mine somebody else's Dogecoin. Our nightmarish dystopia may be stranger than expected.

comments

Matthew Garrett: Home entertainment implementations are pretty appaling

Planet Debian - Hën, 21/04/2014 - 2:37pd
I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable start.

Panasonic provide a nice download site for firmware updates, so I grabbed the most recent and set to work. Binwalk found a squashfs filesystem, which was a good sign. Less good was the block at the end of the firmware with "RSA" written around it in large letters. The simple approach of hacking the firmware, building a new image and flashing it to the device didn't appear likely to work.

Which left dealing with the installed software. The BDT-230 is based on a Mediatek chipset, and like most (all?) Mediatek systems runs a large binary called "bdpprog" that spawns about eleventy billion threads and does pretty much everything. Runnings strings over that showed, well, rather a lot, but most promisingly included a reference to "/mnt/sda1/vudu/vudu.sh". Other references to /mnt/sda1 made it pretty clear that it was the mount point for USB mass storage. There were a couple of other constraints that had to be satisfied, but soon attempting to run Vudu was actually setting a blank root password and launching telnetd.

/acfg/config_file_global.txt was the next stop. This is a set of tokens and values with useful looking names like "IDX_GB_PTT_COUNTRYCODE". I tried changing the values, but unfortunately made a poor guess - on next reboot, the player had reset itself to DVD region 5, Blu Ray region C and was talking to me in Russian. More inconveniently, the Vudu icon had vanished and I couldn't launch a shell any more.

But where there's one obvious mechanism for running arbitrary code, there's probably another. /usr/local/bin/browser.sh contained the wonderful line:export LD_PRELOAD=/mnt/sda1/bbb/libSegFault.so , so then it was just a matter of building a library that hooked open() and launched inetd and dropping that into the right place, and then opening the browser.

This time I set the country code correctly, rebooted and now I can actually watch Monkey Dust again. Hurrah! But, at the same time, concerning. This software has been written without any concern for security, and it listens on the network by default. If it took me this little time to find two entirely independent ways to run arbitrary code on the device, it doesn't seem like a stretch to believe that there are probably other vulnerabilities that can be exploited with less need for physical access.

The depressing part of this is that there's no reason to believe that Panasonic are especially bad here - especially since a large number of vendors are shipping much the same Mediatek code, and so probably have similar (if not identical) issues. The future is made up of network-connected appliances that are using your electricity to mine somebody else's Dogecoin. Our nightmarish dystopia may be stranger than expected.

comments

$42,000 Prosthetic Hand Outperformed By $50 3D Printed Hand

Slashdot.org - Hën, 21/04/2014 - 2:18pd
An anonymous reader writes "A man named Jose Delgado was so used to using a $42,000 myoelectric prosthetic hand for the last year that he didn't realize that there were other options out there. Although Delgado, born without a left hand, was able to obtain the hand via his insurance, he found that a 3D printed 'Cyborg Beast,' open source hand ,which costs just $50 to print, actually was more comfortable and performed better than the device which costs 840 times as much money."

Read more of this story at Slashdot.








Biofuels From Corn Can Create More Greenhouse Gases Than Gasoline

Slashdot.org - Hën, 21/04/2014 - 1:08pd
New submitter Chipmunk100 (3619141) writes "Using corn crop residue to make ethanol and other biofuels reduces soil carbon and can generate more greenhouse gases than gasoline, according to a study published today in the journal Nature Climate Change. The findings by a University of Nebraska-Lincoln team of researchers cast doubt on whether corn residue can be used to meet federal mandates to ramp up ethanol production and reduce greenhouse gas emissions."

Read more of this story at Slashdot.








L.A. Science Teacher Suspended Over Student Science Fair Projects

Slashdot.org - Hën, 21/04/2014 - 12:11pd
An anonymous reader writes "A high school science teacher at Grand Arts High School in Los Angeles was suspended from the classroom in February, after two of his science fair students turned in projects deemed dangerous by the administrators. "One project was a marshmallow shooter — which uses air pressure to launch projectiles. The other was an AA battery-powered coil gun — which uses electromagnetism to launch small objects. Similar projects have been honored in past LA County Science Fairs and even demonstrated at the White House."

Read more of this story at Slashdot.








Why Portland Should Have Kept Its Water, Urine and All

Slashdot.org - Dje, 20/04/2014 - 11:12md
Ars Technica has nothing good to say about the scientific understanding (or at least public understanding) that led Portland to drain 38 million gallons of water after a teenage prankster urinated into the city's water supply. Maybe SCADA systems shouldn't be quite as high on the list of dangers, when major utilities can be quite this brittle even without a high-skill attack.

Read more of this story at Slashdot.








SpaceX Successfully Delivers Supplies To ISS

Slashdot.org - Dje, 20/04/2014 - 10:08md
Reuters reports on the successful SpaceX-carried resupply mission to the ISS: "A cargo ship owned by Space Exploration Technologies arrived at the International Space Station on Sunday, with a delivery of supplies and science experiments for the crew and a pair of legs for the experimental humanoid robot aboard that one day may be used in a spacewalk. Station commander Koichi Wakata used the outpost's 58-foot (18-meter) robotic crane to snare the Dragon capsule from orbit at 7:14 a.m. (1114 GMT), ending its 36-hour journey. ... "The Easter Dragon is knocking at the door," astronaut Randy Bresnik radioed to the crew from Mission Control in Houston. Space Exploration, known as SpaceX, had planned to launch its Dragon cargo ship in March, but was delayed by technical problems, including a two-week hold to replace a damaged U.S. Air Force radar tracking system."

Read more of this story at Slashdot.








Lubuntu Blog: Lubuntu 14.04

Planet UBUNTU - Dje, 20/04/2014 - 9:52md
First of all, my apologies for disappear due to personal reasons (went out for a few days). But it's here, Lubuntu 14.04 codename Trusty Tahr. The missing links for PowerPC machines have been recovered. Feel free to go to the Downloads section and grab it. If you need more info check the release page.

Ask Slashdot: Professional Journaling/Notes Software?

Slashdot.org - Dje, 20/04/2014 - 9:03md
netdicted writes "At the very outset of my career the importance of keeping a daily journal of activities and notes was clearly evident. Over the years I've always had a college ruled composition notebook nearby to jot down important ideas, instructions, tasks, etc. Putting away the rock and chisel was not optional when the volumes grew beyond my mental capacity to successfully index the contents. Over the years I've tried countless apps to keep a digital journal and failed miserably. In my mind the ideal app or solution is a single file or cloud app where I can organize personal notes on projects, configurations, insights, ideas, etc., as well as noting major activities or occurrences of the day. My original journals saved me on a number of occasions. Unfortunately my tenacity for keeping one has suffered from a fruitless search for a suitable solution. Currently I'm experimenting with Evernote and Tiddlywiki. They approach the problem from two different angles. What do you use?"

Read more of this story at Slashdot.








Sindhu Sundar: Hacker School

Planet GNOME - Dje, 20/04/2014 - 8:30md

I am very pleased to tell you that I am going to attend Hacker School this fall :-) The process was short and fast with a application form, two short Skype interviews and voila! I was in :)

To all those who asked me, "How was it?", I tell you, you should apply too :) If programming pikes your curiosity enough to spend hours at a stretch at it chasing a bug, building something and deriving satisfaction out of understand how software (and a bunch of them mashed together) work, then Hacker School is for you!

When I was asked what is the most fascinating thing I learnt recently I mentioned: Docker project - this thing can eliminate the need for VMs...well almost :) Related to it is an issue I faced when I messed up my existing Arch Linux installation and the kernel could find no hard disk to boot from and then I learnt this and it lead to me reading http://kernelnewbies.org/RootFileSystem.

So, at Hacker School, I intend to...

Focus Areas: The Linux Kernel, Web Programming/Dev Operations Focus platforms/languages:

  • [Web]: Python, Rails/Ruby, Databases(What?Why?How?)
  • [Systems]: C, Go (or Rust?)

Currently

  • Counting days left for NYC
  • Lots of meta Hacker School planning (grant, accomodation et al)
  • Setting up stuff to learn about Kernel
  • Reading Apprenticeship patterns by Hoover and Oshineye.
  • Mentoring for Outreach Program for Women (Documentation)

Sindhu Sundar: Gist it!

Planet GNOME - Dje, 20/04/2014 - 8:30md

So I wrote a script for gEdit's External Tools plugin called Gist it!. The code is here. Like all things recursive, I dogfooded the script of my accounbt :) Watch how it works in this screencast video.

I came up with the idea for Hacker School interview round 2. It was based on the fpaste script for the same project. The code is mainly for use inside gEdit editor with the External Tools plugin enabled. The code has three external dependencies that may not be available by default on your computer even if you have GNOME desktop installed. It's a python3 script so make sure you pip3 install requests module, gi.repository module. Install zenity via your system's package manager.

I could have removed the dependency on zenity by simply using gi.repository's function to build Dialogs but that means longer code and eyesore reducing reability. Zenity is concise and pretty :)

Google Aids Scientology-Linked Group CCHR With Pay-Per-Click Ads

Slashdot.org - Dje, 20/04/2014 - 7:59md
An anonymous reader writes "The Citizens Commission on Human Rights (CCHR), a Scientology front group, has received a 'grant from Google in the amount of $10,000 per month worth of Pay Per Click Advertising to be used in our Orange County anti-psych campaigns.' CCHR believes that ALL psychiatrists are evil. They believe that psychiatrists were behind the holocaust, and these shadow men were never brought to justice. CCHR also believes that psychiatrists were behind the 911 attacks. Scientologists believe that psychiatrists have always been evil, and their treachery goes back 75 million years when the psychiatrists assisted XENU in killing countless alien life forms. Thanks Google! We may be able to stop these evil Psychs once and for all!"

Read more of this story at Slashdot.








Cody Wilson Interview at Reason: Happiness Is a 3D Printed Gun

Slashdot.org - Dje, 20/04/2014 - 6:45md
An anonymous reader writes "Cody Wilson details his conflict with the State Department over 3-D printable guns in this new interview with ReasonTV. In this video, he discusses how 3-D printing will render gun control laws obsolete and unenforceable; why Dark Wallet, his new crypto-currency, is much more subversive than Bitcoin; his legal defense, headed by Alan Gura (attorney in District of Columbia v. Heller and McDonald v. Chicago); and his forthcoming book about anarchy and the future."

Read more of this story at Slashdot.








Google and Facebook: Unelected Superpowers?

Slashdot.org - Dje, 20/04/2014 - 5:48md
theodp (442580) writes "'The government is not the only American power whose motivations need to be rigourously examined,' writes The Telegraph's Katherine Rushton. 'Some 2,400 miles away from Washington, in Silicon Valley, Google is aggressively gaining power with little to keep it in check. It has cosied up to governments around the world so effectively that its chairman, Eric Schmidt, is a White House advisor. In Britain, its executives meet with ministers more than almost any other corporation. Google can't be blamed for this: one of its jobs is to lobby for laws that benefit its shareholders, but it is up to governments to push back. As things stand, Google — and to a lesser extent, Facebook — are in danger of becoming the architects of the law.' Schmidt, by the way, is apparently interested in influencing at least two current hot-button White House issues. Joined by execs from Apple, Oracle, and Facebook, the Google Chairman asserted in a March letter to Secretary of State John Kerry that the proposed Keystone XL pipeline is not in the economic interests of the U.S.; the Obama administration on Friday extended the review period on the pipeline, perhaps until after the Nov. 4 congressional elections. And as a 'Major Contributor' to Mark Zuckerberg's FWD.us PAC, Schmidt is also helping to shape public opinion on the White House's call for immigration reform; FWD.us just launched new attack ads (videos) and a petition aimed at immigration reform opponent Rep. Steve King. In Dave Eggers' The Circle, politicians who impede the company execs' agenda are immediately brought down. But that's fiction, right?"

Read more of this story at Slashdot.








Why Tesla Really Needs a Gigafactory

Slashdot.org - Dje, 20/04/2014 - 4:56md
Hodejo1 (1252120) writes "Tesla has already put over 25,000 cars on the road with more to come and, presumably, most will still be running well past the 8-year battery warranty. What would happen if it is time to replace the battery pack on an old Model S or X and the cost is $25K? Simple, it would destroy the resale value of said cars, which would negatively affect the lease value of new Tesla automobiles. That's a big part of the real reason why Tesla is building its own battery factory. They not only need to ensure enough supply for new cars, but they have to dramatically bring down the price of the replacement batteries low enough so owners of otherwise perfectly running old Teslas don't just junk them. The Tesla Roadster was not a mass produced vehicle, so the cost of replacing its battery is $40K. The economies of scale of a gigafactory alone will drop battery costs dramatically. Heavy research could drop it further over the next decade or so."

Read more of this story at Slashdot.








LADEE Probe Ends Its Mission On the Far Side Of the Moon

Slashdot.org - Dje, 20/04/2014 - 3:27md
The mission of NASA's LADEE probe was brought to an intentional violent end yesterday, when it smashed into the far side of the moon. As the Ars Technica report explains, "NASA's policy is to treat the locations of the Moon landings as historical sites, and it takes pains to preserve them from possible damage. LADEE didn't have the fuel to control its orbit indefinitely. As a result, the controllers had been preparing to terminate the probe for several weeks. ... The exact moment of impact isn't clear, since the precise terrain it hit couldn't be determined in advance. (If it hit a ridge, it would have happened earlier than if LADEE plowed across a plain. What is clear is that the impact destroyed the probe." Before the end of LADEE's mission, besides close up observations, the craft was used to test a new laser-based communication system.

Read more of this story at Slashdot.








Faqet

Subscribe to AlbLinux agreguesi - Site në gjuhë të huaj