Which brings me to the jackassiest comment of the day regarding Amazon MP3, from Jupiter Research analyst David Card to the Associated Press: “In and of itself, (Amazon MP3) isn’t enough to change any market share. They have to do a good job at building their store.â€
Well, perhaps Amazon can find a book or something about how to build a successful high-volume online store.
— John Gruber, More on the Amazon MP3 Store
25 September 2007, evening time
I got an email from one of the artists that lives in the area:
We are now deep into the school Bloor NIGHTLIGHT “sticky light” project and it’s very exciting – we may have well over 300 original tiny sculptures that light up – all created by hundreds of art students from five schools and colleges. The Student School have been very excited about he project and have their whole school participating in a special outing at High Park .
There are a ton of events happening in my area for Nuit Blanche, this is one of them. If you are out that night be sure to make your way out to Bloor and Lansdowne. There are 10 exhibits in the area, all based around the theme of light. One of the exhibits is taking place in the house of lancaster (one of the strip clubs); artists are taking over the joint and doing various performances in that venue. Sadly, there won’t be any naked ladies. There are more details about the Bloor Night Light exhibit at the Nuit Blanche site itself.
Bloor and Lansdowne
25 September 2007, mid-morning
I’m listening to John Gruber and Dan Benjamin ramble on about getting their wisdom teeth out. It’s time for a rambling-ass Shima and Ram podcast.
cue intro music
Ram: So last night I cleaned the bathroom.
Shima: Oh yeah, you totally did.
R: We need more of that powered bleach cleaner stuff.
S: I think you can buy it at food basics. Maybe are listeners can recommend some places. Listeners, you can email us your bleach suggestions at rambling@funkaoshi.com
R: That powered bleach really makes my hands feel weird. I should use gloves.
S: You don’t use gloves? Ram!
R: Yeah, you know how it is. Gloves get all wet and gross on the inside. Or maybe that’s all in my head.
S: Ram!
R: Lets take some viewer mail. Dave writes, “How long can you too ramble on about nothing?” Well Dave, pretty damn long i’d say.
S: I gave cut eye to the men standing in front of Club Paradise last night.
R: You love doing that, eh?
S: Yes. It’s the only way they’ll learn.
R: Its true.
and 45 minutes later cue outro music
Shima seems to find all the cool podcasts. I don’t have so much luck. The Talk Show isn’t as bad as I make it sound. It’s very much like morning radio. I also like how the show just starts with them talking: no annoying lead-in music is a big plus. It’s just too all over the place for my liking. And episode 10 is an hour long? Come on dudes. (Update: Actually, now 40 minutes in, I suppose it is strangely engaging.)
[4] Technology
24 September 2007, evening time
The hardest part about unlocking my iPhone was finding a paperclip. You need a paperclip to pop the sim tray out of the phone. In my entire condo I didn’t have a single paper clip laying around. I was tempted to use a pin, but I was worried it’d pierce something. Finally, I found something that would work: one of Shima’s hoop earrings.
Getting the actual iPhone was a little bit convoluted, and involved a lot of help from some coworkers.
So far I’m liking it. Of course, my prior phone sucks a lot, so it was going to be easy for this phone to wow me. Obviously i’ll have a lot more to say on this, but I’ve put off both eating and cleaning the condo to get the thing unlocked and muck around with.
[8] iPhone
Riley: (showing the chair brawl scene to Huey) ‘Ey. You ever noticed whenever someone throws a chair…a brawl jumps off?
Huey: Aren’t you worried about Grandad?
Riley: (slight pause) Look. You wanna see it again? (shows chair brawl scene again) ‘Ey look. Look. Look-looky look, see? I bet you don’t even have to hit nobody with the chair. And niggas would still start wilding out.
— Boondocks (Episode 5 Grandpa Fight)
21 September 2007, early afternoon
John Gruber has written what I assume will be his last post on the David Maynor Apple WiFi exploit story. Maynor has finally published a paper on the exploit, which outlines a kernel panic he found. I think Gruber’s criticism of Maynor back during the summer of 2006 was spot on. There were so many ways Maynor could have proven he had an exploit without disclosing too much information, yet he didn’t choose to pursue any of them. That’s his prerogative I suppose.
Let’s say I tell you I have in my pocket a frog that can recite the entire alphabet. You doubt it, and ask me to show you. I refuse. You ask me to show it to a trusted third party. I refuse.
A year later, I show you a frog who can recite the alphabet. That’s certainly something. But it doesn’t prove I had the frog in my pocket a year ago.
This post is a bit too bitter. The implication that Maynor didn’t have a working exploit back in 2006 doesn’t seem fair. The idea that he’s been sitting at home trying to exploit an out of date version of MacOS X seems a bit off to me. You don’t get props for exploiting out of date operating systems. He also really has no reason to lie now. He didn’t seem all too bothered by the criticism leveled against him over the past year or so. It also doesn’t seem to have effected his standing in the security community. Though the Mac community may have felt he had something to prove, judging by his actions since 2006 he certainly didn’t feel this was the case.
Maynor said that he had been under a nondisclosure agreement, which had previously prevented him from publishing details of the hack. The security researcher wouldn’t say who his NDA was with, but that agreement is no longer in force, allowing him to talk about the exploit. “I published it now because I can publish it now,” he said.
This strikes me as the most reasonable reason for Maynor’s silence. It is possible Maynor wanted to make everyone crazy, and so decided the best course of action was to say he had an exploit, and then shut up. (That the story was as big as it was back in 2006 — a story about an exploit that didn’t exist — does in fact say a lot about the mac community and the way people react to criticism. In 2006 Maynor had basically proven nothing, yet people wouldn’t stop talking about him.)
If Maynor didn’t have a working exploit back in 2006, I imagine it would relate to the following point:
Worth pointing out: Maynor’s paper describes an attack that leads to a kernel panic. He claims it can be exploited to instead inject code and, rather than crash, take over the machine — but this is not described in the paper.
While it is true that Maynor’s paper only describes an attack that leads to a kernel panic, it also discusses in a fair amount of detail how to proceed if you want to inject code. It’s possible Maynor had figured out how to get a kernel panic, but not a full exploit. However, reading the paper, it doesn’t seem like going from the panic to the exploit is too tricky. (Of course, I don’t really know that much about this sort of thing. Patrick can probably say more on the topic.)
The most promising avenue for getting execution can be found in a function named ath_copy_scan_results. This function uses the fields that are overwritten to copy memory.
As an initial test, the author overwrote every function pointer in the structure with a pattern such as 0×61413761 (or aA7a in ASCII, which is the typical Metasploit buffer padding pattern). A crash dump with an error message about failing to execute code at a bad address like 0×61413761 proves that remote code execution is theoretically possible.
As Gruber himself said:
This entire saga boils down to one simple question: Have Maynor and Ellch discovered a vulnerability against MacBooks using Apple’s built-in AirPort cards and drivers?
The answer looks to be yes, but as of today this is really only of interest in an academic sense.
Apple Computers | Technology
21 September 2007, early morning
Rishi would rave about CBC’s Intelligence to anyone who would listen. It’s pretty much the only show he watches: no Lost, no Prison Break, just Intelligence. (I know, I thought he was crazy too.) I finally started watching the show yesterday: it’s very good. There are basically two lead characters for the show: James Reardon who is a mob boss, and Mary Spalding who runs the organized crime unit. Intelligence is basically about the intersection of their two lives. The show looks at Canadian spy and law enforcement agencies, and the power struggles that take place between them and within them. It also looks at the issues Reardon has running his “business”, dealing with the law, and dealing with his rivals. A big part of the show is the interplay between the intelligence agencies and their informers. The entire cast is quite good, and you’ll recognize a few faces I’m sure. I would be remiss if I didn’t mention that Reardon’s ex-wife is hot (but crazy), and Cristina the Stripper is perhaps even hotter. (She has an accent: meow) So yeah, it’s a really good show.
[3] Television
19 September 2007, early morning
Mail.app crashes like a champ when accessing my IMAP mail on Dreamhost. I don’t recall when it started doing this, but it does it consistently. My work around thus far is to load up Mutt on the Funkaoshi server, purge deleted mail there, and then load up Mail.app. This seems to fix things. Why Mail.app chokes I have yet to investigate. The lack of any good email clients for the Mac is perplexing. I’m surprised some indie-developer hasn’t tried their hand at one. There must be open-source email libraries one could start off with. Maybe I should try using Mulberry again. GyazMail looks interesting.
Apple Computers
17 September 2007, late morning
Herman, how could you? We’ve all thought about counterfeiting jeans at one time or another, but what about the victims? Hard-working designers like Calvin Klein, Gloria Vanderbilt, or Antoine Bugle Boy. These are the people who saw an overcrowded marketplace and said, “Me too!”
I was reminded of this quote when reading some of the bad press Apple has been getting about their entry into the ring tone market. I have probably said this several times already, but paying for ring tones is stupid. (Paying a $1 for a DRM’d up ACC file is also stupid, but at least when you’ve paid your dollar you have a whole song to listen to.) Back when there was no way to get a song on to your phone except via your cellphone provider I can understand paying a premium to do so, but now? It’s rare to find a phone that is missing USB and Bluetooth and WiFi. There is always at least one way to get data onto your phone all by yourself. Thankfully, we live in a world where there are people who like gadgets and hate paying for stuff they don’t have to.
Apple Computers | Quotes
16 September 2007, late evening
Flash Point is the latest film by Wilson Yip, staring Donnie Yen. Yen plays a hard boiled cop who needs to lay the beat down on some Viet gangsters. When Donnie Yen needs to kick some ass he doesn’t fuck around: Flash Point features some of the best fight scenes i’ve ever seen. The film is so gritty. Watching the film during TIFF was quite the experience. The crowd pretty much cheered whenever Yen would start laying the smack down. You need to watch Flash Point.
Movies
14 September 2007, early morning
While waiting for Flash Point to start, one of my coworkers and I went to get some coffee; the third stayed behind to save our spot. When we got back, she nudges me and tells me to ask the newly arrived guy in front of us about his phone. He looks at her, then me, then takes out his iPhone.
— Has your life been reduced to showing strangers your cell phone.
— Pretty much.
Damn. I want the iPod touch all the more now. You feel like you’re playing with something from the future.
Life | Apple Computers
14 September 2007, early morning
TIFF 07 was looking to be a bust till my coworker informed me she had grabbed me a ticket to see the Hong Kong action-flick Flash Point. Flash Point was kick ass. The night before, Limin called me out of the blue to let me know I needed to rush over to Varsity: she was at the front of the Rush line, but someone had just sold her a ticket to the film about to play. So, I also got to watch the Iranian drama Unfinished Stories. Next year i’ll make sure to buy a coupon book.
Life
12 September 2007, late morning
The placement of braces is a very contentious issue. People can get quite passionate about their placement.
Read the rest of this post. (237 words)
[7] Code
11 September 2007, evening time
I love the Office. It’s so damn good. Shima and I blitzed through Season 3, watching everything over the course of 2 days. I’ve started watching the commentaries to get an Office fix. I’m hoping the writers can keep things up in Season 4. The way Season 3 ends really doesn’t leave them many options. It’s not as subtle as the British show, but it’s funny and poignant in its own right.
Television
10 September 2007, the wee hours
Some family friends are in town from London. I took them downtown today. We went to New Generation Sushi and then the Green Room. Both spots seemed like quintessential things to see in the Annex. Both places were reasonably busy considering it was a Sunday night. The night began with us hoping off the train at Bathurst station. Walking East, I hear someone screaming my name. “Ramanan!” Matt, Kathleen, and Charlie are all back in the city. What are the chances I’d see them driving down Bloor on a Sunday night? I imagine they are pretty slim.
6 September 2007, the wee hours
I bumped into my friend Mike on Queen St. It was pretty random: I haven’t seen Mike in a few years now. He told me he was downtown because his band was playing at the Horseshoe later that night. I figured if I bumped into him randomly on Queen that was a good sign that I should go to his show. I am so glad I did. Mike’s band is awesome. And I’m not just saying that because I know him. Vinnie and Raju showed up as well, which made the night all the more enjoyable. Be sure to check out the Hots when they are playing next. They play rock music you can dance to. What else do you need really?
Life | Music
5 September 2007, mid-morning
There’s a time when the operation of the machine becomes so odious, makes you so sick at heart that you can’t take part! You can’t even passively take part! And you’ve got to put your bodies upon the gears and upon the wheels, upon the levers, upon all the apparatus — and you’ve got to make it stop! And you’ve got to indicate to the people who run it, to the people who own it — that unless you’re free the machine will be prevented from working at all! — Mario Savio, Sit-in Address on the Steps of Sproul Hall, December 2nd 1964
Mario Savio was a student leader at Berkeley during the 60s involved in the free-speech movement. He sounds like an amazing fellow. I learned of him from watching Battlestar Galactica of all things. In the season finale for Season 2 of the show, Lay Down Your Burdens, Chief Tyrol gives this stunning speech to his workers — It’s a really great scene. It turns out the speech just paraphrases some of the things Savio said in his speech on the steps of Sproul Hall.
Tyrol’s union speech is an almost word for word quote of Mario Savio’s address during the Free Speech Movement at Berkeley in 1964. According to Ron Moore and David Eick in the podcast, they even got permission from Savio’s widow to use it (even though, due to the way copyright laws work from back then, they could have just used it without permission, they felt they should get it). As a result, it’s even listed in the credits: “Mario Savio speech excerpted courtesy of: Lynne Hollander Savio”. Actor Aaron Douglas (Chief Tyrol) actually studied film of Savio, so all of the hand gestures Tyrol makes when he gives the speech are gestures that Savio actually used.
Battlestar Galactica is by far one of the most interesting shows on television. I am dying to see season 3. (Television Executives: There are lots of reasons people pirate television. Off the top of my head, waiting months and months and months for a DVD set would be one reason.)
[1] Life | Quotes
4 September 2007, mid-morning
Shima organized a picnic in High Park, inviting anyone and everyone she knows. Early in the day, while waiting for people to slowly trickle in I get a call from Limin, who is one such person we were waiting for. High Park is big and she isn’t sure where we are. It turns out she was calling from a pay phone at the Cafe just North of where we decided to sit. I’m about to tell her where she needs to go when she interrupts me: “Ram, I think I see Shima’s brother." This is interesting because Limin, whose been outside of Canada for a while now, has never met Shima, let alone her brother. I hear her yelling, “Excuse me, you wouldn’t by chance happen to be Shima’s brother,” then, back into the phone, “Yeah, that’s her brother, I’m going to follow him.” I learned yesterday that plastering photographs of your friends and family on the Internet can actually serve a useful purpose.
[3] Life
30 August 2007, late evening
It cost me 6 pounds, over $12, to visit Heather and Ben and Maida Valle. Now that is an expensive trip. We went to two pubs. They were both quite nice. British pubs make the Canadian ones look kind of lame. — Me, in London, May 7th 2007
I use my Moleskine Sketchbook as a sort of poor mans scrap book, since I can’t actually sketch.
[1] Life
29 August 2007, late at night
You may recall that I was using GMail as a way to read and reply to email all over the place. I had 1&1 (and then Dreamhost) forward all my email to a GMail account, as well as storing it for download via POP3. GMail lets you send emails as if they were from another account, so this worked well enough, but it was far from perfect. Emails I sent from the GMail web interface were stuck on Google’s servers unless I forwarded them to myself. Related to this, people started emailing me directly at this dummy GMail address. The dummy GMail account was supposed to be a mirror of my actual email account, but this wasn’t the case. Finally, I like using desktop applications. As nice as GMail is, I still find it slow and kludgey. This convoluted set-up existed because 1&1 didn’t support IMAP properly — or at all, as far as I could tell; Dreamhost, on the other hand, does.
Read the rest of this post. (713 words)
[5] Technology | Life
29 August 2007, early evening
Shima and I bought the new Kate Nash CD. We heard it playing in HMV. I have no idea who the lady is, but the song playing was pretty catchy. She sounds like a bunch of other singers, though I can’t think of who at the moment. I haven’t bought a CD just because in ages. (I also bought the M.I.A. CD so I can replace my MP3s from oink. You shouldn’t pirate music. Those artists need to eat.)
Life | Music
28 August 2007, early evening
The right side of my mouth is partially frozen. The last time my mouth was frozen like this I had just taken lost 4 wisdom teeth; today, I had a cavity filled. My old dentist was a little bit more gung-ho in his approach to dealing with cavities. Dr. Singh would look at my teeth and say to himself, “I think we can do this without freezing.” He would then proceed to drill a hole in my teeth. I managed to get two cavities filled this way, so clearly, he could do it without freezing. Still, I wouldn’t call either event pleasant.
[3] Life
28 August 2007, mid-morning
SSH private-keys are usually stored encrypted on the computers they are stored on. A pass-phrase is used to decrypt them when they are to be used. Since most people use SSH public-private key-pairs to get around typing in passwords all the time, the ssh-agent daemon exists to store decrypted private-keys you plan on using in a given session. The thing most people get tripped up on when using ssh-agent is that what the program outputs, some borne or csh shell commands, needs to be run. It may look like ssh-agent has set some variables for you, but it has in fact done no such thing. If you call ssh-add without processing ssh-agent’s output, it will complain it is unable to open a connection to your authentication agent. The most straightforward way to run ssh-agent on the command line is as follows: eval `ssh-agent`. After doing this, calls to ssh-add should succeed without error.
[45] Technology
27 August 2007, early morning
Shima and I watched the documentary Cricket and the Meaning of Life last night. The film is about how the director Sanjay Talreja, who came to Canada from Bombay, rediscovers his love of cricket. The film jumps between Talreja’s own story, and the story of a group of young boys who form the Toronto Cricket Academy, who are making their way to Trinidad for a series. It touches on a bunch of topics: the life of the new immigrant, and the isolation one feels in leaving the place you are from; the life of first generation kids growing up in Canada; the passion and spirit of the game of cricket. I quite enjoyed the film.
The Cricket and the Meaning of Life NFB web page.
23 August 2007, early morning
Bush has started going on about how Iraq is the new Viet Nam. Wait, I know what you’re thinking, why would you compare the new war to America’s most shining example of defeat? Well, Bush has been trying to argue that America shouldn’t have given up in Viet Nam when it did — I shit you not. This from the man who didn’t actually fight in Viet Nam. I’m sure if the US continued to bomb the shit out of Viet Nam, Laos and Cambodia for a few more years they would have “won” the war, whatever that even means.
Bush also thinks the Khmer Rouge would have cooled it with all the killing had the US won the war in Viet Nam. There are a few things to keep in mind here:
- Many historians believe that the US bombing campaigns in Cambodia are what pushed the Cambodian peasantry to support the Khmer Rouge. They certainly destabilized the country.
- This bombing campaign killed hundreds of thousands of Cambodians. The bombings were stopped in 1973, at which time the US had dropped 540,000 tons of bombs on the country. If you are going to talk about genocide and mass killing, you can’t leave the US out of things.
- It was the Communists in Viet Nam who actually invaded and stopped the Khmer Rouge.
- The US itself has supported the Khmer Rouge. After Pol Pot was ousted from power, the US supported him and his insurgents for much of the 80s.
So yeah, fuck Bush.
[6] Current Events | Politics
