Geeking

A few years ago, I read an academic paper on how to hack cars. Today news came out that what was previously demonstrated via direct access is also possible over the air. I thought it would be fun to look at the firmware update file that fixes this, to see what format it is in, what’s in it, etc. To get an update for 2014 Jeep Cherokees, you need a VIN. It turns out a used car sales website posted the VINs of their inventory on their website, so I found one: 1C4PJMDB6EW255433 ...

Thanks, Dave, for speaking up for what’s right. I’m with you, buddy. I also find harassment offensive, and I pledge to do the same as you. We need to draw a line in the sand, and organize ourselves so that healthy, respectful teams are on one side of it, and trolls are on the other side of it. I’m so thankful that my boss has created a respectful, mixed workplace.

Today at work, on a Redhat 5.5 machine, I tried to build Go 1.4. This happened: ` $ cd go1.4/src $ ./all.bash …snip… runtime/cgo /usr/bin/ld: unrecognized option ‘–build-id=none’ /usr/bin/ld: use the –help option for usage information collect2: ld returned 1 exit status ` The solution is to retry without the “–build-id=none” option: diff --git a/src/cmd/go/build.go b/src/cmd/go/build.go index ad03239..ca45217 100644 --- a/src/cmd/go/build.go +++ b/src/cmd/go/build.go @@ -2436,13 +2436,21 @@ func (b *builder) cgo(p *Package, cgoExe, obj string, pcCFLAGS, pcLDFLAGS, cgofi // --build-id=none. So that is what we do, but only on // systems likely to support it, which is to say, systems that // normally use gold or the GNU linker. + retryWithoutBuildId := false switch goos { case "android", "dragonfly", "linux", "netbsd": ldflags = append(ldflags, "-Wl,--build-id=none") + retryWithoutBuildId = true } if err := b.gccld(p, ofile, ldflags, gccObjs); err != nil { - return nil, nil, err + if retryWithoutBuildId { + ldflags = ldflags[0:len(ldflags)-1] + err = b.gccld(p, ofile, ldflags, gccObjs) + } + if err != nil { + return nil, nil, err + } } // NOTE(rsc): The importObj is a 5c/6c/8c object and on Windows Just in case someone else is looking for it… :) ...

There is lots of information out on the net about how to access the camera in the AR.Drone, but it is all for the original model. In the AR.Drone 2, the cameras have been replaced and upgraded. So settings for v4l that worked to get data out of the camera need to be updated as well. The front camera is on /dev/video1. If you are talking to V4L directly via ioctls and all that jazz, you need to request format V4L2_PIX_FMT_UYVY, width 1280 and height 720. UYVY format uses 2 bytes per pixel, so a full image is 1843200 bytes. fwrite those bytes from the mmap buffer into a file. ...

I just made this blog HTTP and HTTPS, thanks to Cloudflare. But that made me realize that lots and lots of internal links in the HTML output of my Wordpress point back to the HTTP version of the site. Part of the solution to this is to install the HTTP plugin in Wordpress which fixes some of the mess. But some of the URLs in my posts need to be fixed too. ...

Cloudflare was already my favorite non-Google internet company because I’m a Golang fan boi and Cloudflare is vocal about their love of Go. So when I heard that Cloudflare was willing to help me, for free, put SSL on my website(which I’ve been meaning to do since like forever), I was ready to go for it. First the rocks. Well, it’s free, for little dinky domains like mine. And that’s a hell of a great way to teach techies like me how their system works. I’d happily sell it to a client who asked me about it. The signup process is fast and easy and interesting. And it works: nella.org via SSL ...

I just fetched a Raspian disk image via bitorrent. It is a .zip instead of the .gz I would have chosen myself. If you have a .zip and you don’t want to do a temporary uncompress of it to get the .img to use with dd, you can use “unzip -q -c foo.zip” to get the contents of the zip file sprayed onto stdout. Then you can pipe it into dd. ...

A long time ago, I worked for WebTV. The part of WebTV doing filtering for parental control was comparing IP addresses as strings. I managed to evade the parental controls when I noticed that the IP address parser was using an atoi that treated leading 0’s as octal and leading 0x’s as hex. By converting the octets of one of the blocked IP addresses into octal, I tricked the blacklist checker into letting me access the naughty bits. ...

While I was reading this blog about how NSA’s bad-BIOS malware probably works, I was struck by a “coincidence”: Dell does significant amount of government contracting work. In fact, Ed Snowden worked for Dell at one point. NSA’s bad-BIOS targets the RAID cards in Dell servers. Now, Dell servers are widely deployed. I’ve used them in several jobs, for example. So it’s not unreasonable that NSA would target them, to get the best bang for the buck. But it also seems possible that in order to achieve the things Dell’s executives promised to NSA executives in fancy sales calls, some Dell engineers would find themselves using what they know about Dell servers to write bad-BIOS malware to attack those very servers. ...

Medium.com, why do you require me to use Twitter or Facebook to comment? With all your respect for language, ideas, and design, is it really possible that you think people who choose not to use either of those services don’t have anything useful or interesting to add to your conversations?