The Great Repeal Bill...

Jul. 20th, 2017 11:24 am
ffutures: (Default)
[personal profile] ffutures
 ...seems to be an attempt to weaken most of Britain's human rights protection. There's a petition against it here:

https://speakout.38degrees.org.uk/campaigns/save-our-rights

spread the word.

gacked from [personal profile] history_monk 


Yongnuo 50mm f1.8

Jul. 19th, 2017 12:23 am
ffutures: (Default)
[personal profile] ffutures
Picked up one of these lenses for my Canon a few days ago, took it out to the park and took some test photos on Tuesday. I think it's actually pretty good, and considering I got it for £30 I'm very pleased. One picture of berries is a bit out of focus, I think I simply got closer than the minimum for the lens without noticing, the rest are OK. Gallery here:

https://flic.kr/s/aHskZyx37y

I'm beginning to think more seriously about switching to Canon as my main system, but I'd want a better camera body, say 12 megapixels or better. The other thing I'd want to add is a longer zoom with some macro capability, the only other lens I've currently got is an 18-55. Whereas my most used Nikon lens is a 28-300 Tamron with macro capability. Any recommendations?

Another RPG bundle offer - Rifts

Jul. 18th, 2017 06:34 pm
ffutures: (Default)
[personal profile] ffutures
This is one I'm fairly sure I'm not interested in, but it's supporting Doctors Without Borders and tastes do differ:

https://bundleofholding.com/presents/Rifts

Kevin Siembieda's Rifts® is set on a future Earth shattered by countless otherworldly invasions. This all-new collection, the debut of Palladium Books in the Bundle of Holding, is a well-rounded set of complete .PDF ebooks that give players and Game Masters everything they need for a campaign of mind-blowing, dimension-spanning adventure across a transformed North America.

Ten percent of each purchase (after gateway fees) goes to this offer's designated charity, Doctors Without Borders.

The total retail value of the titles in this offer at launch is US$82.50. Customers who pay just US$17.95 get all four titles in our Starter Collection (retail value $38.50) as DRM-free .PDF ebooks, including the complete 384-page Rifts® Ultimate Edition™ (retail price $20), plus the Rifts® Primer (retail $3), Rifts® Sourcebook One™ Revised Edition (retail $10.50), and the Game Master Kit with useful play aids and pregenerated characters (retail $5).

Those who pay more than the threshold (average) price, which is set at $24.95 to start, also get our entire Bonus Collection with four more supplements worth an additional $44, including three World Books -- Juicer Uprising™ (retail $10.50), Psyscape™ (retail $10.50), and New West™ (retail $12.50) -- and the location supplement MercTown™ (retail $10.50).

At least one more title will be added after launch. When a title is added after launch, ALL customers who previously purchased the bundle automatically receive the newly added title, REGARDLESS of whether or not they paid more than average. This is their reward for buying early.


I'll be honest - I own some of this system in dead tree format but I was never really that interested in the setting, and found it a bit rules-heavy. Having said that, it's one of the first true multi-genre RPG systems, and its take on putting the genres together is unusual, although not one I'd really want to run. As usual your mileage may vary.
 


[personal profile] mjg59
In measured boot, each component of the boot process is "measured" (ie, hashed and that hash recorded) in a register in the Trusted Platform Module (TPM) build into the system. The TPM has several different registers (Platform Configuration Registers, or PCRs) which are typically used for different purposes - for instance, PCR0 contains measurements of various system firmware components, PCR2 contains any option ROMs, PCR4 contains information about the partition table and the bootloader. The allocation of these is defined by the PC Client working group of the Trusted Computing Group. However, once the boot loader takes over, we're outside the spec[1].

One important thing to note here is that the TPM doesn't actually have any ability to directly interfere with the boot process. If you try to boot modified code on a system, the TPM will contain different measurements but boot will still succeed. What the TPM can do is refuse to hand over secrets unless the measurements are correct. This allows for configurations where your disk encryption key can be stored in the TPM and then handed over automatically if the measurements are unaltered. If anybody interferes with your boot process then the measurements will be different, the TPM will refuse to hand over the key, your disk will remain encrypted and whoever's trying to compromise your machine will be sad.

The problem here is that a lot of things can affect the measurements. Upgrading your bootloader or kernel will do so. At that point if you reboot your disk fails to unlock and you become unhappy. To get around this your update system needs to notice that a new component is about to be installed, generate the new expected hashes and re-seal the secret to the TPM using the new hashes. If there are several different points in the update where this can happen, this can quite easily go wrong. And if it goes wrong, you're back to being unhappy.

Is there a way to improve this? Surprisingly, the answer is "yes" and the people to thank are Microsoft. Appendix A of a basically entirely unrelated spec defines a mechanism for storing the UEFI Secure Boot policy and used keys in PCR 7 of the TPM. The idea here is that you trust your OS vendor (since otherwise they could just backdoor your system anyway), so anything signed by your OS vendor is acceptable. If someone tries to boot something signed by a different vendor then PCR 7 will be different. If someone disables secure boot, PCR 7 will be different. If you upgrade your bootloader or kernel, PCR 7 will be the same. This simplifies things significantly.

I've put together a (not well-tested) patchset for Shim that adds support for including Shim's measurements in PCR 7. In conjunction with appropriate firmware, it should then be straightforward to seal secrets to PCR 7 and not worry about things breaking over system updates. This makes tying things like disk encryption keys to the TPM much more reasonable.

However, there's still one pretty major problem, which is that the initramfs (ie, the component responsible for setting up the disk encryption in the first place) isn't signed and isn't included in PCR 7[2]. An attacker can simply modify it to stash any TPM-backed secrets or mount the encrypted filesystem and then drop to a root prompt. This, uh, reduces the utility of the entire exercise.

The simplest solution to this that I've come up with depends on how Linux implements initramfs files. In its simplest form, an initramfs is just a cpio archive. In its slightly more complicated form, it's a compressed cpio archive. And in its peak form of evolution, it's a series of compressed cpio archives concatenated together. As the kernel reads each one in turn, it extracts it over the previous ones. That means that any files in the final archive will overwrite files of the same name in previous archives.

My proposal is to generate a small initramfs whose sole job is to get secrets from the TPM and stash them in the kernel keyring, and then measure an additional value into PCR 7 in order to ensure that the secrets can't be obtained again. Later disk encryption setup will then be able to set up dm-crypt using the secret already stored within the kernel. This small initramfs will be built into the signed kernel image, and the bootloader will be responsible for appending it to the end of any user-provided initramfs. This means that the TPM will only grant access to the secrets while trustworthy code is running - once the secret is in the kernel it will only be available for in-kernel use, and once PCR 7 has been modified the TPM won't give it to anyone else. A similar approach for some kernel command-line arguments (the kernel, module-init-tools and systemd all interpret the kernel command line left-to-right, with later arguments overriding earlier ones) would make it possible to ensure that certain kernel configuration options (such as the iommu) weren't overridable by an attacker.

There's obviously a few things that have to be done here (standardise how to embed such an initramfs in the kernel image, ensure that luks knows how to use the kernel keyring, teach all relevant bootloaders how to handle these images), but overall this should make it practical to use PCR 7 as a mechanism for supporting TPM-backed disk encryption secrets on Linux without introducing a hug support burden in the process.

[1] The patchset I've posted to add measured boot support to Grub use PCRs 8 and 9 to measure various components during the boot process, but other bootloaders may have different policies.

[2] This is because most Linux systems generate the initramfs locally rather than shipping it pre-built. It may also get rebuilt on various userspace updates, even if the kernel hasn't changed. Including it in PCR 7 would entirely break the fragility guarantees and defeat the point of all of this.

13th Doctor is Jodie Whittaker

Jul. 16th, 2017 10:11 pm
ffutures: (Default)
[personal profile] ffutures
Well, count nobody entirely surprised by this, after the Master = Missy thing of the last couple of series - The next Doctor will be Jodie Whittaker, an actress I know little about:

http://www.bbc.co.uk/news/entertainment-arts-40624288

Let's hope the plots improve a little.

Now I feel REALLY stupid...

Jul. 14th, 2017 09:28 pm
ffutures: (Default)
[personal profile] ffutures
Suddenly thought of rebooting my iPhone, and immediately the phone network is working again, not a problem with Freedompop at all. I'm obviously an idiot - all I can say is that my previous mobile phones (nice dumb ones) never had this problem....
xiphmont: (Default)
[personal profile] xiphmont

Remember a few weeks ago when I expressed some dissatisfaction with my AmScope's picture quality?

Well, I've put another iron in the fire: Collecting parts off eBay to build a once-top-of-the-line Olympus SZH. Now waiting for more bits to start trickling in.

Freedompop again

Jul. 13th, 2017 11:06 pm
ffutures: (Default)
[personal profile] ffutures
A while back I was fairly positive about Freedompop's free service. Unfortunately the last few days have been less than impressive; I'm getting no service, on my mobile or my separate mobile WiFi hub's SIM. And there is nothing on their site to explain what's happening.

I really don't want to start paying for cell service, but in case things don't improve - I make one or two calls and texts a month and use around 50-100mb of data. Is there a paid service for lower usage in the UK that won't break the bank?
ffutures: (Default)
[personal profile] ffutures
Two more bundle offers, both aimed at FRPG games with a city setting, but adding some extras:

First, some golden oldies - the Flying Buffalo catalyst bundle, containing lots of stuff from the golden age of D&D (and in that spirit from later years):

https://bundleofholding.com/presents/Catalyst

"This all-new offer highlights the Catalyst line and other RPG ebooks from Flying Buffalo. Along with four of the Grimtooth's Traps collections of devious dungeon obstacles, this offer presents, for the first time anywhere, new .PDF scans in Buffalo's CityBook series. Compatible with any fantasy RPG, the CityBooks present dozens of individual shops, establishments, and characters, geniercally written to be added smoothly to any urban fantasy setting. Originally published from 1982 to 1997, the CityBooks featured contributions by leading designers including Larry DiTillio, Liz Danforth, Mike Stackpole, Dave Arneson, Jennell Jaquays, Greg Gorden, and many more.

This collection includes all seven CityBooks, four Grimtooth's Traps books, and the complete RPG Mercenaries, Spies, & Private Eyes. We provide each ebook complete in .PDF (Portable Document Format). Like all Bundle of Holding titles, these books have NO DRM (Digital Restrictions Management), and our customers are entitled to move them freely among all their ereaders.

Ten percent of each purchase (after gateway fees) goes to this offer's designated charity, the RPG Creators Relief Fund.

The total retail value of the titles in this offer at launch is US$71. Customers who pay just US$7.95 get all six titles in our Starter Collection (retail value $30) as DRM-free .PDF ebooks, including the first three CityBooks (I: Butcher, Baker, Candlestick Maker, II: Port o' Call, and III: Deadly Nightside, retail price $5 apiece, total retail $15), plus the first two Grimtooth's books (retail $5 apiece, total retail $10) and Treasure Vault (retail $5), another new Catalyst scan.

Those who pay more than the threshold (average) price, which is set at $17.95 to start, also get our entire Bonus Collection with seven more titles worth an additional $41:

  • Mercenaries Spies & Private Eyes (retail $7): Michael Stackpole's classic action/espionage RPG inspired by Tunnels & Trolls. Includes the Adventure of the Jade Jaguar solo adventure (retail $4).
  • CityBooks IV-VII (retail $5 apiece, total retail $20): Four more sets of people and places you can easily drop into any city adventure -- IV: On the Road, V: Sideshow, VI: Up Town, and VII: King's River Bridge.
  • Grimtooth's Traps 3-4 (retail $5 apiece, total retail $10): Titled Fore and Ate (don't ask us why), these two books give you hundreds more traps to waylay dungeon delvers.

Next, one I don't know at all, the Great City Bundle

https://bundleofholding.com/presents/GreatCity

This Great City offer, a companion to the Flying Buffalo Catalyst offer now in progress, features the massive Great City Campaign Setting from 0one Games. Twice conquered by a distant empire, ruled by the incompetent son of a cruel emperor, the Great City faces upheaval. As its political factions scheme, and its monsters hunt from underground lairs, the city waits for heroes to guide its destiny. With 0one's near-systemless campaign guides, lightly ornamented with OGL/Pathfinder statistics, and its beautiful maps and bestselling blueprints (as state-of-the-art interactive .PDFs), you can easily add the Great City to any FRPG campaign.

Lou Agresta, co-designer of the Road to Revolution adventure path in this offer, wrote a July 2009 ENworld forum post about the design intent of the Great City: "The Great City Campaign Setting is specifically written as a plug-in city, so the surrounding areas (other than water to the left, mountains with monsters to the right, and dungeons under the mountain) are deliberately vague. The key aspect of the city is that it's been conquered by an overseas empire -- twice. The last time was 30 years ago, and resentments simmer, but are not presently aboil. The conquerors themselves are divided and playing factional politics. It's kind of a law-practical-serious-people conquer a chaotic-lively-deep-rooted-people sort of thing. Then there are the peoples left behind by the first occupation who did what they needed to survive. The Emperor's son rules, and he's a jackass. Nothing is in the open, but everything teeters on an edge. This is so (1) there's always lots of action and passion the player characters can interact with, and stances to either adopt or dispute, and (2) the PCs get to decide which direction -- or none -- the whole thing topples."

We provide each ebook complete in .PDF (Portable Document Format). Like all Bundle of Holding titles, these books have NO DRM (Digital Restrictions Management), and our customers are entitled to move them freely among all their ereaders.

Ten percent of each purchase (after gateway fees) goes to this offer's designated charity, the RPG Creators Relief Fund.

The total retail value of the titles in this offer at launch is US$94. Customers who pay just US$8.95 get all four titles in our Starter Collection (retail value $38) as DRM-free .PDFs, including the complete 162-page Great City Campaign Setting corebook (retail price $13), the companion Player's Guide (retail $14), and the Backdrops collection of locations (retail $11) -- plus 0one's Blueprints: The Great City (retail $2).

Those who pay more than the threshold (average) price, which is set at $19.95 to start, also get our entire Bonus Collection with three more titles worth an additional $56, including the complete six-part Road to Revolution adventure path (Pathfinder version, retail $35), Urban Creatures & Lairs (retail $14), and the beautiful Color Map Folio (retail $7).

At least one more title will be added after launch. When a title is added after launch, ALL customers who previously purchased the bundle automatically receive the newly added title, REGARDLESS of whether or not they paid more than average. This is their reward for buying early.


OK - I might as well be honest, I don't have a lot of use for this stuff; I don't run fantasy campaigns, and I tend to do my own design work for my own settings. The Flying Buffalo stuff is fun but a little dated, unless you're running a really old school sort of game - I also own most of it in dead tree format and haven't looked at it in decades. The Great City thing looks OK, though "great" is possibly not how I'd describe the city - it's about the size of a medieval walled town, and not an especially big one, unless I'm missing something - but does again seem to depend on you wanting to run lots of predefined encounters which is an old school sort of thing. If you like this sort of stuff it may be worth it, but I'm not entirely convinced. As usual opinions may differ.

Hosting of Flickr Images

Jul. 9th, 2017 12:53 am
ffutures: (Default)
[personal profile] ffutures
Is it possible to post images to flickr then use them on other sites by a link to the image? Photobucket are in the process of blocking all 2nd party links unless you pay vast amounts of money, trying to find an alternative which won't cost a fortune.

later - sorted! Thanks to [personal profile] dewline - the method isn't quite as easy as Photobucket was, but at least it can be done.
xiphmont: (Default)
[personal profile] xiphmont

Of course, there's still a bunch of wiring left to do :-|

xiphmont: (Default)
[personal profile] xiphmont

Yea finally, the Engineer called Form from the Void, according to its Design, and saw that it was nominal.