Apr 29, 2017
Stopping for a photoshoot at the (entrance to the) nude beach
Apr 28, 2017
Box Full o' Mite
Apr 25, 2017
This last week I decided I’d shove my rpm reader/generator up to a new fractional release by tweaking the
makepkg binary to generate rpm v3 format packages. I first just updated the on-disk data structure to v3 format (with a magic number at the start of each dictionary) but didn’t implement signature generation, because it didn’t seem to be mandatory.
Hah, no such luck. But that’s only a minor problem; I would simply implement md5 checksums because they’re simple to implement and they’re fairly resistant to a non-technical attacker (I was running under the logic that once I got this working then I’d be able to fit in ‘PGP’ – actually gnuPG, because that’s the only free implementation these days – and be able to sign the packages if they found a cure for mortality and I could pull Mastodon out of the grave for modern hardware.)
The “documentation” for RPM says that the md5 checksum is for the header (but not the signature header if it’s a v5 signature) and payload. This, apparently, is not actually what it is; I’d modified
xrpm so I could extract both the header + payload (
-D extracts the header, then
-d extracts the payload) into a separate file, so I could tuck those two things in a safe place and hand-verify checksums. So I did this with an actual
redhatcentos rpm, only to discover that the md5 checksum (at index 1007 in the signature dictionary) was not the same as the md5 checksum of the header+payload (or header+compressed payload, or header-sans-signature+payload, or header-sans-signature+uncompressed payload.)
I checked the rpm source code. Fucking mistake; it’s like the more opaque parts of discount on speedballs. Hundreds of tiny little functions, all alike, larded up with what looks like some sort of legacy lint configuration commentary, and all, needless to say, pretty close to completely unreadable. No, the only way I’m going to be able to figure out what’s being generated is to make a dinky little rpm that installs nothing, then write an automated check script that walks the thing byte by byte doing every possible variant of an md5 checksum until I can make a checksum that matches what the horrible reference code puts into index 1007. (I would not be surprised one bit if the checksum included parts of the signature dictionary, or if it salted the md5 sum with something stupid to discourage third-party reverse engineering.)
But it’s ~180mb of sccs on github, compared to xrpm’s 1.9mb, so it’s got to be 100 times as confusing. (And OF COURSE it uses the now-traditional three layer shitcake that GNU configure has become, just to ensure that trying to compile a fully debugged version and trace just exactly what’s being written into the md5 checksum generator won’t be happening unless you’ve gone back for a second helping of that lovely Open Source®©™ Flavor-Aid.)
xrpm itself can still pick apart current rpms, for whatever good that does in a world filled with GNU configure, Cmake, and other abominations in the eyes of G-d.
Apr 24, 2017
A set of P&W geeps run light along Division St, heading north towards the Steel Bridge (and then across NW Portland and back onto P&W rails in Linnton?)
Apr 22, 2017
I took the mountainhack down to Estacada this afternoon, and my middling-time loop was made a little slower when the front tire ate a piece of glass as I was crossing the Eagle Creek bridge (~15 minutes to look for the offending piece of glass + replace the tube (I started carrying co2 when it became painfully obvious that the frame pumps I carry don’t have the puff needed to inflate a Pari-Moto) and an additional 10 minutes of ride time because the pari-moto didn’t reseat properly and left a low spot that went thump~ thump! thump! all the way home.
Both tires now have a few oz of latex anti-flat goo in them which will hopefully diminish the deflation qualities of the fine shattered glass fragments I find along the edges of American™ byways.
Apr 21, 2017
Dust Mite and a couple of newly repaired White hubs
I’d been in the public beta program for macosx for a while, letting Apple shovel new versions of their latest&greatest onto my macbook at random intervals, and slowly growing more and more irritated with the whole thing because for some inexplicable reason the effing beta releases kept overwriting my ssh config files. Yesterday morning they popped another beta version onto my machine which overwrote, again,
/etc/ssh/ssh_config (as well as everything else in
/etc/ssh) and I snapped and pulled my mac out of their program.
But not, apparently, in time; they;d done something to their webkit which broke flickr – not only did uploads fail (leaving me with corrupted files on my flickr photostream – but the image editing page was broken to the point where I couldn’t change photo attributes anymore. It still worked with Firefox, which is something, I guess, and probably also worked with Chrome, but both of those browsers are just a little bit too tab-happy for my tastes, so I instead I decided to reset my mac, then reload it to macos from the night before the latest version was wedged onto the machine (and then dart on in the morning and turn off the stupid beta program – again – before the app store realized that there was a new über-buggy version that it needed to download and install.))
Ugh. What an utter pain.
Apr 19, 2017
I was stopped by a train by the ORHF shops.
Apr 17, 2017
A 10x10 porteur rack for an early-80s Trek (modified; I put midfork & crown shoulder mountpoints onto it so the rack would have something to hang onto.) It sits very high on these wheels, but the owner is planning on running ‘42s + fenders instead of the Confreries sans fenders that I’ve put under the frame to keep it off the ground until they come by to pick it up.
Apr 15, 2017
SCCS activity is not a perfect match for how much I’m writing, but it’s pretty close.
Apr 14, 2017
How much is that dust mite in the window? About 40 grams.
Apr 12, 2017
My q&d Code 128 generating program code128 has been pushed up to version 0.4 because when I was in the throes of getting it to work with more recent versions of the GD graphics library (not much needed to be done to code128 to make it work, but libgd was a bit of a pain because not have its maintainers gone to using GNU autoconfigure [for maximum portability to both Redhat and Debian!!!], they switched from Make to Cmake [on Unix. If you want libgd on Netware or Windows they’ve still got makefiles] to ensure that nobody else can build the damned thing. So I used configure.sh and a handmade Makefile.in to get a libgd that builds on MacOS & Redhat [but not FreeBSD 4, because for portability they assume that nobody will use anything older than gcc 4])
But anyway, after I got a libgd that actually built on redhat and macos, I generated a few barcodes and scanned them with an online barcode scanner. And they didn’t scan. So I took a look at the spec and realized that I’d messed up the checksum computation and had to redo it so it worked.
And thus version 0.4 for your viewing enjoyment. No CODEC numeric compression support, no FNC4 shift to get characters
$80-$FF, but it seems to be fine for 7-bit usascii barcodes. Try it out and see if you can get your computer to barcode itself.
Apr 07, 2017
Garnish with Mite
This juvenile osprey had been caught in todays windstorm and blown onto the new trolley bridge at the south edge of downtown. Audubon had been called to retrieve it by the time I left, but after making one attempt to fly away and basically being blown down into 4th Ave SE it was in no mood to go anywhere despite three people trying to act as a windbreak between it and the gale-force winds.
Apr 06, 2017
I was chugging upgrade through downtown Portland this morning when some commuter decided that they really needed to pull into a parking lot right then and did so, not noticing the bicyclist wearing reflective clothing (including a red jacket) and with a lit eDelux headlight. Fortunately I got a split seconds warning and was able to start turning away before the car hit me, so I just bruised the fuck out of my left forearm as the car and I shuddered to a stop inches before a bicycle-rider-eating curb.
Need I mention that I was in a bike lane? OF COURSE I was in a bike lane, just as I was the last two times I got right hooked (the first time, on Oahu, the bike lane was actually physically separated, except for at the driveway where the right-hooker caught me.) I think the vehicular cycling people are fairly obnoxious, but on days like today I begin to see their point; if I’d have been rocking up the middle of the for-all-vehicles-except-bicycles-thanks-to-the-mandatory-sidepath-law lane this driver would have been behind me where I couldn’t get scraped along the right side of their car when they decided to pull into a parking lot.
(I hope that I just bruised my forearm; I’m going to pop into the doctor’s office this afternoon to have someone take a look to verify that I did not actually miss broken fragments of bone sticking out.)
Apr 03, 2017
Fortunately I didn’t have to go up or down any hills today; the heavy cargo load got squirrelly enough at low speed that I wouldn’t have wanted to climb any serious ramp in the bigger ring (normally if I’m desperate I can kick the chain off that ring and onto the alpine ring – remember that the mountainhack doesn’t have a front derailer because I woefully misplaced the pusher mount – but the failure case means the chain overshoots and flops onto the bottom bracket. This would be bad with a loaded truck trying to hold me back.)
Apr 02, 2017
So many bulky groceries that I had to use toestraps to tie the last bag onto the cargo net for the ride home. Maybe it’s time to get a cargo net that’s larger than ~13x17?
Mar 31, 2017
Mar 30, 2017
A two-car train of S70s runs along the cutting between Monroe & Harrison St in Milwaukie, Oregon.
Mar 29, 2017
Stopping by Henry James to pick up a couple of chainstays for the emergency randonneuse.
After many years of sticking with an older copy of dropbear and after several months of being in the macos beta program (which on EVERY SINGLE FREAKING UPDATE overwrites the config files in /etc/ssh regardless of any local customisations anyone might put into ssh_config & sshd_config), I finally decided that I’d grab a newer copy and make a more determined attempt at getting it to actually build on my pile of hardware.
Problem: modern versions of dropbear use GNU c*nf*g*r*, and to add insult to injury don’t actually use c*nf*g*r* but use GNU autoconf (which generated the configure file, which is then used to generate, as is traditional, binaries for both Redhat & Debian) and I, as a matter of policy, try my damnest to keep that particular pile of cruft off my machines.
So what to do? configure.sh was written to mimic the published interface of GNU c*nf*g*r* so that it could theoretically be used to generate makefiles from GNU
.in files, but I’d never actually tested it out. But here was an opportunity, and an opportunity that carried most of its dependencies along with it (Tommath & Tomcrypt; the toplevel
Makefile.in has hooks in it to use external copies of these libraries, but it was easy to build a
configure.sh that told the makefile to use the internal ones) so I sat down for a couple of hours and worked on a configurator that would look for the proper things to build on a Centos 7 machine.
Which finally “worked” (generated a dhclient that I could use to ssh into localhost; The first dropbear is going to be on a machine that’s inside my local firewall so if it leaves any horrible gaping security holes floating around (will clang optimize out
memset(,0,)? Let’s not test that in an environment that the script kiddies have access to) I’ll have a chance to find them before anyone else), which means I actually have more of a chance of being able to take more recent software and getting it to work on machines that don’t run Redhat or Debian.
And the offending dropbear? Mirrored at github for your reading amusement.
I was getting ready to pull the fork & rack so I could repaint them, but then the kit bike died and I had to put that project aside pending gluing up the emergency randonneuse. So here it sits, still being used; the BB has started to creak on the NDS (either the bearings, the joint between the crank arm and the spindle, the chainstay
<->BB braze, or the pedal; I checked the chainstays (and the seatstays, though if one of them had failed I’d know it because the mountainhack would start to plane like it was going out of style) dumped oil into the pedal this morning before heading out, so they were
nt it; tonight I’ll need to pull the BB and replace it with a newer one that I’d bought with last year’s REI dividend and see if that will fix the offending wagon.
But here it is, in full free pile glory; almost every component stuck to this frame is worth more than the frame itself, unless there happens to be some collectable value in it being the first frame I (fractionally) built.