DDR the second!!

16 Aug 2021

Two weeks gets incremental improvements.

More One Night score (AAA 97.13%) Bad Apple!! score (AAA 97.57%) DANCE ALL NIGHT score (AAA 98.55%)

DDR

02 Aug 2021

Not much to report lately. DDR continues to be fun, though I think given these timings I’m past due for replacing the control board in the pad so I can get better than 8ms resolution on steps.

More One Night score (AA 97.13%) Bad Apple!! score (AAA 96.65%) DANCE ALL NIGHT score (AAA 98.34%)

You Got Me

27 Apr 2021

MAX 300

24 Apr 2021

MAX 300 was the first¹ level 10 song I cleared at the arcade. I learned to play DDR with my older brother; I distinctly recall the sensation of finally being better than him at a game—whether it was Descent, StarCraft, anything, he always had such a lead.

I started DDR a bit later than him and had some catching up to do, but eventually crossed the level 9 mark before he did. It turned out rhythm games would be a good place for me to excel.

He lives overseas now, and at some point got an L-TEK DDR pad. I was a bit envious, but felt the shipping expense—far worse to Australia than the US—was too hard to justify. Pandemic closing the gym made it muuuuuch more palatable, and plus it’d mean I’d get to play DDR with my brother again in a way.

It’s been a very good way to get fit again, and hitting old milestones again is a lot of fun. I’ve done some other harder ones already, but today was the day for clearing MAX 300 again. My scores are much better than my 13-year-old self’s, even though my endurance isn’t.

MAX 300 score (87.23%)

Not counting 桜 or bag here. ↩

As best we can tell, the pub is shut

29 Mar 2021

I was alerted by a commenter that it’s been more than a year, now, since this video dropped:

COVID measures had already begun to be implemented; national borders shut, most schools already closed. Watching this press conference, a scene from The Simpsons played in my mind. I’d been getting a little comfy with a video editing program to record IIDX plays, so I gave it a crack.

I don’t really have networks to tap, but Niki liked it so much she diligently dropped it into comments on Facebook and Twitter replies wherever it seemed appropriate. Before I knew it, I had a moderately popular YouTube video. It entered the popular discourse when it was further remixed, but if you ask me, the Trump oversamples are just kinda gross.

One thing that’s been interesting to see has been how the popularity of the video corresponded with (literally) viral events:

A graph showing the views for the video

The three major events were:

Late March, video released, Dan Andrews said “get on the beers”.
Mid-May, first lockdown restrictions eased.
October 26, Victoria recorded zero new cases/deaths for the first time since June. Dan reported that he “might go a little higher up the shelf” than beers.

Knowing when to look past your code

28 Feb 2021

There’s a weird tension in programming — on the one hand, as you learn the ropes, you (hopefully) learn very quickly that the problem is almost always in your code, and not, say, the compiler, stdlib, kernel, etc. This is usually very correct; the people who’ve worked on those things have many times the experience you did when you decided that there must be a bug in printf or something.

You’ll later realise you tried to print something through a pointer to a stack-allocated variable that’s long since gone. These accusations tend to wane as you gain familiarity with your subject matter, and wax as you step out into lands populated with ever more footguns, exposing more of the architecture than you ever suspected was there. (See also: the emails from me to the libev mailing list in 2011.)

At some point, though, your journies will take you to places where things aren’t so clear cut, and you’ll start to gain a sixth sense; a kind of visceral experience that things are not as they have been promised to be.

A few weeks ago, that sixth sense whispered in my ear: “what if, instead of your cruddy bootloader written in a pre-1.0 systems language for a platform you don’t fully understand, it’s the 20 year-old project with 80,000 commits that’s wrong?” And it was right.

Inkplate done quick

19 Feb 2021

I recently received an Inkplate, and while I’m in the middle of a few interesting projects already, I couldn’t let it sit there unused. Until I get a longer chunk of time to turn it into something really nifty — maybe an embedded debugging helper of some kind — it can at least mean I no longer need to have Mail.app open.

kmlyink’s README explains:

This repo has two parts:

a Dockerised IMAP proxy written in Ruby.

It speaks plain HTTP, like an ESP can manage. It just fetches your Inbox listing and puts it in JSON.

a MicroPython module that connects to your wifi, speaks to the IMAP proxy, and formats it into the display.

It took just a few hours to get it all up and running. Delightful!

A photo of kmlyink in action. There's some emails listed on an e-ink
display.

DTB parser implementing notes

13 Feb 2021

Ever find yourself needing to implement a device tree blob (aka FDT, flattened device tree) parser and want to save yourself some time? Learn from my mistakes!

If you try to do it in one pass, you will hurt yourself

I charged headlong into writing dtb.zig by starting at the top of the Devicetree Specification page on the “Flattened Devicetree (DTB)” Format” and reading down. It looked delightfully simple. Keep in mind, I still didn’t know what I yet needed out of it, just that I probably needed to reference the DTB to get it. (I kind of know better now.)

Breaking homegrown crypto

20 Feb 2016

Note: this is a pretty long article which does a deep dive into breaking some amateur crypto. I go on for quite a bit. Make a cup of tea before reading, and get ready to read some code!

introduction

Everyone knows it. Rolling your own cryptography is a terrible idea. Here’s Bruce Schneier writing about it in 1999. Here’s an excellent answer on the Infosec Stack Exchange about why you shouldn’t do it. Here’s another Scheiner post with an excellent opening sentence.

This, then, is a post about a broken homegrown cryptosystem; namely, that used in CodeIgniter, pre-2.2. This version was current until the release of CodeIgniter 2.2, on the 5th of June, 2014, and you can still find sites on it today.

The attack described in the post depends on a lot of things to go right (or wrong, if you will); it’s not just that they used a bad cipher, but also the fact that they rolled their own session storage, and implemented a fallback, and a dozen other things. This is probably typical for most bugs of this class; a bunch of bad decisions which aren’t thought through find their logical conclusion in complete insecurity.

Let’s get into it!

Snapchat: not for state secrets

10 May 2013

I use Snapchat. It’s an app where you can take a photo or short (< 10 second) video and send it to your friends who use the service; they’ll then be able to see it, once, before it disappears forever.

Ostensibly, the app is for sexting, because there’s no fear that your photo will get spread around (no forwarding/etc.) or retained for longer than you’d like, but it seems like it’s not as much a sexter’s hangout as the media might want you to think.

My circle of friends use it basically as an extension of weird Twitter – most snaps I send and receive are strange angles of weird objects; the completely mundane but somehow therapeutic (7 seconds of the camera pointed outside the window of a tram, pointed at the ground moving below); or just closeups of Curtis Stone’s face, wherever we see him.

Curtis Stone. Ugh.

Of course, the promise that they won’t get retained is just that: a promise. Since your phone receives this image and shows it to you at some point, it must be downloaded by your phone. If it can be downladed by the phone, it can be downloaded by something else. We decided to find out how.