Fri, 03 Nov 2006
... but, at least I took the time to try out XGL/Compiz as many others have done before me. The Ubuntu CompositeManager/XGL manual worked flawlessly, to be honest; it was a breeze to get things working the way I wanted.
I'm not going to post a screenshot of my own stuff here, since I can't be bothered to clean up the desktop enough and set up a spiffy drool-worthy collage of transparent windows, full-speed movies and real-time window/icon previews, etc etc.. Ontop of that, the whole thing really doesnt look as cool in a screenshot anyhow; it's full of motion and effects that only video can do justice to..
Soo.. here's a link to a YouTube Search for a list of XGL-related videos. this one in particular is kinda nice as it's a dual-screen setup.. THIS one is also very nice; it shows how touchscreen+xgl really makes for a nice combo.
The effects may look like they'd suck massive amounts of CPU-power , but really it runs nice and smooth and takes less than 10% CPU-time for even the most intense effects, so far.
So, if you're running Ubuntu Dapper Drake (aka: 6.06 LTS), go ahead and try out the above-mentioned HOWTO to get it running. It's easy enough to set up GDM so that you can select an XGL-enabled session without risking losing the way back to 'normal X'.
Power to the candy!
Wed, 18 May 2005
Today, I got into a talk with a co-worker about the possibilities left open to people to snoop data from your system in all manners possible. It started when he discovered the Microsoft USB-keyboards with fingerprint-readers on some of the desks at our/my part of the office.
Basically, we discussed a few 'physical domain' attacks that you could try and do against these types of devices (gelatin-fingerprint molds, etc), and we progressed from there, discussing the fact that a lot of these fingerprint-readers seem to send a tiff-like image to the host-machine with a raw fingerprint in it. The possibility of using replay attacks agains these things looks interesting; imagine one of these gumstix devices used as a 'USB-device' and 'USB-host' at the same time; not much bigger than a stick of gum, you could stick it underneath a desk and have it send out all it logs through bluetooth or even WiFi.
From there, I remembered about some papers I have stumbled into over the last few years and discussed some of the possibilities of Tempest/Van Eck-type devices with these co-workers. Afterwards, I decided to back my assertions/suspicions up with literature-study, of which I provide a neat overview below, for your convenience.
First off, the Van Eck device. A device which uses the electromagnetic noise produced by a typical CRT-display and pushes it through a fully analog 'synch-lock' circuit that will allow you to produce a luminosity-map (grey-tone display) of whatever the 'monitored device' is showing at that moment. Wim van Eck's paper about this method was published way back in 1985 already and is still a workable method for spying on CRT-style devices in the wild; as long as no electromagnetic shielding is in place. Chances are, there isnt.
Secondly, I remembered a paper that discussed the feasibility of using the visual domain (light) for information-interception. One of the most well-known uses of this method is where one is able to 'log' the data travelling across a modem just by 'looking at the leds'. In most modems, the RX/TX (recieve/send) leds are directly coupled to the serial data-pins of the UART/modem in question; blinking exactly in time with the signals that go across the (RS-232)-cable that the modem is connected to. With modem-speeds not reaching above 64kbit, mostly, perhaps 128kbit when we're talking about ISDN2. As such, it turns out that the after-glow of most leds in production seems to be short enough to pose any real 'protection' against just using a well-aimed lense-system+photo-diode (and amp) on a modem-led and coupling it to a serial port. Allright, perhaps put a bit simply, but the principle should work.
Even more fun is the fact that what works for modems and light seems to work (with a bit more complexity, granted) for CRT-style displays and the light that is projected from them onto walls, curtains , etc. Back into the digital domain, it turns out that even for laptop-screens (which do not have a linear screen-buildup) it is possible to re-construct, with some accuracy, what is being displayed on those devices. You can find three papers about this on http://www.cl.cam.ac.uk/~mgk25/ which is the webpage of a very clever guy; Mark Kuhn.
Three papers from his page are mirrored here, unchanged:
His PhD thesis, about "Compromising emanations: eavesdropping risks of computer displays", in the optical and electro-magnetic domains.
A summary about the method of using optical snooping, which is eleborated upon in his thesis paper.
Another summary that discusses the possibility of snooping flat-panel displays in the electromagnetic-domain, also eleborated upon in his thesis.
Also of interest might be the Keyboard Acoustic Emanations paper from two people at IBM, Dmitri Asonov and Rakesh Agrawal. The paper is mirrored locally here and it discusses the possibility of using the acoustic emanations (tap/clicking-sounds) of keyboards to figure out which keys have been pressed. It turns out that using one particular keyboard, it's quite foolproof in figuring out which key has been pressed. Even between two keyboards of the same model it turns out to be feasible to use this method to limit the set of possible keys being pressed to a number where brute-forcing a (say) password becomes a lot more interesting proposition. Oh, and ofcourse, sound DOES travel across phonelines....
Just because you're paranoid, it doesnt mean they're not after you
--
Black-helicopter-man
Wed, 04 May 2005
Okay, the car doesnt seem to be exhibiting the same problems anymore but it's re-gressed into a problem that happened a few times in the past; it'll run fine but when suddenly, for a while at least, it requires a lot more 'pushing the paddle to the metal' to get it to really 'go'.
Now, I've had this issue before with a similar car I've driven in by ways of a test-drive; another Carina E, 1.8 GLI that just wouldn't "go go go!" when pushing the paddle; unless you pressed it really deep. The explanation I got for that behaviour was that this is the default acceleration-profile for the GLI-leanburn series; allowing you to 'twiddle' the gas very accurately while trying to maintain a steady speed which, in turn, should be good for your gas-mileage.
So, perhaps this is just a 'backup profile' my car's ECU (Electronic Control Unit.. how poetic), has reset itself to for a while; who knows... at least it DOES go when you tell it to.
As ever, will keep you up to date ;)
Tue, 03 May 2005
Seems that so far the car looks to be 'fix0rized'. I picked it up yesterday evening at the garage I had it fixed at. They weren't ready with computing the bill for me, so I'll be getting it in the mail. I'm not entirely sure if this is a good or a bad thing, really *gulp*.
They've replaced a fuel-injector now and taken care of a defective thermostat; also taking a moment to check the other fuel-injectors for clogged nozzles or what-have-you. There also seems to be some product you can chuck into your gas-tank and have it dissolve/clean/atomize/automagickally-fix0r the fuel-injectors in case they're dirty 'n such; at 22 Euro's, it's a bargain! *cough*
Interestingly, my car was parked behind another Carina E station-wagon (a diesel, however). The manager came, personally, to brute-force the car open with a pneumatic wedge and some typical car-jacking widgets (stiff steel-wires and slim-jims). This led to me commenting that it was a shame I'd left my lock-picks at home and from there it progressed into a general talk about security and physical security in particular. Since a few days ago, many more dutch people were informed about the BumpKey Vulnerability that many locks turned out to be susceptible to. On the 27th of April, Nova had a report about this that many people saw.
Needless to say, he left a little bewildered and perhaps a bit worried about the safety of his car/house/whatever.... ignorance is bliss, perhaps ? HTH, HAND!
Mon, 02 May 2005
On the 18'th of last month (it's May now, it was April then) we had Alex Bik (from Bit) come over and have a look at the 'Swords of Fury' pinball machine that we had standing here at the office.
Despite the fact that several parts were missing or missing... or both, he managed to get the thing running again in a nearly perfect way, too!. One of the 11-segment VFD's was defective, a fuse had blown in a most exebitionistic way for no apparent reason; several parts had cracks in them (cracks... not crack), and generally the device was as dirty as a subway toilet in places.
We spent a fun-filled evening , fueled on pizza's, getting the thing taken apart, cleaned and re-assembled again. With a 'bit of glue', 'some dabs of solder', 'a shitload of rubber-bands' and all manner of other bits of 'odds and ends', it's now running again; it works like a charm!
Sadly, or luckily, however it seems that several 'quirks' now work a liiiitle bit differently than some of the pinball-wizards here were used to. This gives them an excuse to blame their 'lack of practice' on the 'weirdness of the machine, instead. The same effect allows us 'pinball-noobs' to have _some_ hope of actually beating the pro's on this '(good as) new' machine. Benefits for all! Perhaps I'll manage to pry a few pictures from the camera used that day to document 'where everything was before we unscrewed it'. Perhaps non-surprising is that we really needed it a few times.... damned there's a lot of analog-mechanic-stuff in there... Evil!
Well, it seems that finally, today, I'm gonna have a _working_ car again when I leave for home from the garage. After a good week of having found problems that weren't, fixing things that havent and not paying for things that HAVE been done...finally the problem's been narrowed down to a defective fuel-injector on the 4th cylinder of my 4-cylinder , 16 valve 1.8liter Lean-burn injection-motor-thingy....
Uhm, well, it's been interesting at least; seen new parts of my car I never thought that were in there; learned a lot about ignition and fuel-distribution systems and about which cars drive nice and which don't. Over the course of one week i've driven in:
- - Toyota Yaris (silver 3-door little town-car, half-automatic; icky, but kinda cool anyway)
- - Toyota Corolla Verso (large silver super-cool MPV-type car with a start-button! )
- - Toyota Yaris Verso (small car, but at least it had the decency to posess 5 doors)
- - and... now a small Toyota starlet ?.. dunno, but it's mint-green and smalllll.
Will report more about if they got the problem fixed THIS time, or not. Stay tuned!