Using Augmented Reality in the Server Room

I was sitting thinking the other day how awesome it would be to use augmented reality in the server room. What am I talking about? Well wouldn’t it be cool to be able to point a camera at a switch stack and see the description labels associated with each port hovering around a linked by clearly defined lines.

Is it out of the realms of possibility? I don’t think so. You could have several “markers” on either side of the stack. The computer would know where the camera is pointing, you know the distance, rotation and orientation of the stack. Knowing this information, you could quite safely draw on over the top of the image and indicate where the switch ports are.

Am I crazy or would this be a good idea?

BioShock 2 : Review

As I sit here looking at my notes and eating my breakfast, I’m reminded that I don’t get to do this often. No, I’m not talking about guzzling down an early morning meal, I’m talking about writing a review for game that has only been released only very recently. It’s a cost cutting exercise, and one which I personally believe is pretty damn sensible. Why pay out £40 for a game which you will be able to buy for £15 in 6 months time? Having said this, BioShock 2 was a very very much appreciated Valentines day gift from my wife. She’s the best, ain’t she?

BioShock 2 places you in the centre of the madness of Rapture yet again, but this time in the place of a Big Daddy. Yes, that’s right folks, those huge brutes that you tiptoed past in the first game? This time, that’s you! Of course this means that as well as having to kill some of your fellow brethren, you are also going to have new enemies to face. The first of these are the brute splicers, whose attacks take on a similar form to those of the Big Daddy. The second is the new, and much anticipated, Big Sister. Though initially these enemies are made out to be tough little urchins, if you’re confident fighting a Big Daddy, you should have no trouble taking on either of these.

Initially I was quite concerned how it would feel, being behind the wheel of a Big Daddy, though you get a glimpse of it in the first game, I wondered how it would transcend into being your regular persona. Would the controls feel lumpy? Would you even be able to run? My fears were slain during the first 10-15 minutes of gameplay, as I realised that 2K had taken a great deal of effort to make you feel agile, but at the same time, freakin massive. Jumping from a chair onto the floor results in a resounding thump and with it, I might add, a fair amount of satisfaction. I was equally pleased at how the ability to fire plasmids, and weaponry had manifested itself in the controls.

The one aspect I did enjoy in the second game, much more than the first, was the encouragement of strategy. Once a little sister has been prised from her Big Daddy, you have a new option to go around and gather adam from corpses strewn across the battlefield. This makes for an interesting spin on the game, for as soon as you place your little darling down to harvest some festering splicer, you are almost immediately attacked by a hoard of live splicers, accompanied by the odd brute splicer, as you progress.

Armed with trap rivets, proximity mines, electric cables and mini turrets, it’s quite fun to plan the harvest, using your environment to it’s advantage. Of course, if the corpse happens to lie in the sight of a bad-hacked-good security turret, who are you to argue with a little extra help on tap. In point of fact these little skirmishes were probably my favourite part of the game.

It seems 2K have really listened to the gamers whilst creating this gem of a sequel, though the game feel considerably shorter, my wife and I found ourselves often exclaiming, “Oh, they’ve fixed that, that’s good” Unfortunately one aspect which I sorely miss from the original, was the singing vending machines, one in particular which used to shout at you in Mexican as you finished making your purchase.

Though the number of improvements are numerous, I couldn’t help but feel there were one or two points in the game which lacked a certain finer detail. My first was the occasional glimpse of highly pixelated views, often through water, which jarred me from my gaming mindset quite badly. The second was, during a particularly heavy firefight, a definite stuttering of sound, as explosions raged and bullets flew.

The game brings a whole new aspect to the city of Rapture this time, with the addition of the multiplayer content. Alas though, at the time of writing this review, a) I am waiting on a train to arrive, and b) have not had a chance to play any multiplayer rounds yet, though the Little Sister CTF missions do sound quite fun.

In conclusion, the game definitely deserves it’s 18 certificate, the violence is very bloody at times, as can be expected when drilling through someone with what looks like a cross between a traffic cone and an electric drill. The story is once again beautifully told, in an environment that reeks of former beauty and completeness. If you enjoyed the first game, you should be pleased with the sequel, though personally I would question whether spending the full amount is going to satisfy you, if you don’t intent to play multiplayer.

Wanted: a new way of advertising on the web

I hate adverts. Even at the best of times, 95% of them are irritating, badly made and most importantly are not relevant to me. Today I visited a website to gain some information. Had I known how badly I was going to hate myself afterwards, I wouldn’t have bothered. To be honest, this particualr time wasn’t as bad as I have experienced, but it made enough of an impact on me to tweet about it almost immediately afterwards.

I understand that website operators are often forced to run adverts, just to stay afloat, but it’s often the way they are implemented which really does force me to reconsider my clickage. Todays example forced me to manually close two particularly invasive adverts which were hovering over the text that I wanted to read. That’s not advertising people, that’s just plain annoying. There’s putting things where you can see them, and then there’s actively inhibiting a users intentions. Imagine you wanted to use a cash machine, and everytime you went to use it, a little mn in a green money motifed suit would jump out and explain the benefits of opening a stupendous super saver account. Would it be just annoying? Or would it force you to move bank?

As aforementioned, I have no problem with adverts on sites, provided they are implemented in a way which does not leave me wanting to write blog posts about them. Now, many of you are probably sitting there thinking, “Ah-ha, but the advertising people did their job, I bet you know what the products were? Right?” Actually….No. I can honestly say I do not have a clue what those particular adverts were about. Nor do I remember the adverts that we have click through to get to the content we require. It begs the question, is it just me? Am I in a minority that are somehow not “impregnated” with the advertisers seed of interest? Do many people seriously get sidtracked into a barrage of adverts which are so delightful to them, that they completely forgot what they googled for in the first place?

If I’m not a minority, if there are others out there who feel the same way I do, then I feel sorry for the website operators who are potentially missing out on visitors, purely because the advertisers are driving them away. It reminds me of the other tactic sites often use, of requiring users to sign up to some kind of forum, before they will allow them to view content. This tactic is both annoying and unnecessary and it seems is often nothing more than a ploy to collect email addresses for some, unknown reason.

Maybe I’m going crazy, maybe I just don’t understand the “new” web. I’ve been here since the mid 90s, when adverts consisted of “marquee” scrolling text in IE. Have I really got it so wrong? Does everyone want to be submerged in a sea of marketting scrawl? I’d be very interested to hear your feedback.

Mom I did it, I passed my Internet Driving Test

This story grabbed my attention today. Microsoft’s Chief Research and Strategy Officer is calling for the creation of something called the Internet Drivers License. Now, this isn’t and entirely new idea, it has been mentioned several times before. The real question is, whether it would actually have any benefit to the Internet as a whole.

The Slashdot article puts a rather negative spin on the idea, citing the fact that the Internet is unable to cause death, and raises the question of anonmity and incresed identity fraud. It closes by comparing the Internet to the aging telephone networks, stating that we have had a scammers and spammers presence here for many years, without requiring a license.

Whilst overall, I think I agree that the idea of an Internet Drivers license is a bad one, there are some benefits which we may be able to draw something from. Now the whole honus on this idea is that people get a license. A license is defined as a legal document, giving someone official permission to do something. Most often it is accompanied by some form to test, to ensure competancy in a particular field.

This is the part I agree with. Though it can not be mandated, few can argue that the Internet wouldn’t be a better place, if people understood more about the risks of being on the World Wide Web. Imagine if 90% of the worlds compromised machines were no longer under the control of botnets. It’s a nice thought eh?

So there definitiely is some kind of benefit here, but really it’s not so much about giving legal permission, as it is to educating the potential holder in the field of The Internet. What do I mean by this? I mean showing people how easy it is for their computers to fall under the control of the bad guys.

Last year, at around this time, I presented a talk for people in my area to learn more about securing themselves online. I will never forget their faces when I told them that the front page of a particular banking website that they had ll agreed looked legitimate, couldn’t be because I wasn’t even on the Internet.

We need to find a way to instill some basic security knowledge and common sense into the average user. The general public seems to have gotten it into their heads that we don’t just let anyone into our houses, but when it comes to computers, it’s more of, “Why do come on in and put your feet up. Would you like a cup of Tea?”

The problem with a license is it conjours up images of lawyers, police and paperwork. Why I say paperwork, I’m really talking about holding a piece of paper that says that you have a license to be on the Internet. Personally, I think this is taking things a little too far. Who would police it? How would you police it? And more importantly how much do you think you can sell someone elses license for on the black market.

If the license truly is going to abolish anonymity on the web, then we are going to see a sharp rise in the advent of identity theft. It’s hard to think that the license could be any more secure that current web technologies. If I’m wrong here, please tell me 🙂

In short, I think it brings up some good ideas. Some things which we could use to further protect the general public. Do I think it will work as described? Hard to say. Come back to me once I’ve passed and have my license 🙂

But I don’t wanna use my head….or do I?

All this talk of full body motion capture and second generation controllers sparked off a thought process yesterday. It happened as I was sat in my chair and picked up my PS3 controller to turn on a DVD. I mused briefly on what it would be like if the PS3 had full motion capabilities. I’d probably have to swing my arm or punch forward to start my DVD playing. It then occurred to me that in all honesty, I like having a controller, an interface that isn’t like the real world. Maybe this takes some explaining but, for me at least, I often want to sit and play a game in the comfort of my chair. It’s what takes me away from real life. If all of a sudden I have to stand up and jump around to play a game of Killzone 3, then I’m forced to wonder would I actually play it?

It’s not just because I’m a lazy monkey, though that’s probably a contributing factor, but I seriously like the way that a controller is a gateway into another realm. Seem strange? I spend my entire day moving my body around in order to get it to do things. That’s real life. Using a controller allows me to control a virtual world through a seemingly non real world interface. In actual fact, have you ever sat down and considered how ironic it is using a keyboard and mouse for playing things like FPS games. The very tools that were invented to do productive work, are also responsible for controlling virtual characters in one of the biggest wastes of time there is. Playing games 🙂

The Wii revolutionised the controller market, wireless controllers were nothing new, but actually using the orientation of the controller to bridge the gap between the physical and the virtual was something that hadn’t ever really been done before. Credit where credit’s due, it was a fantastic foray into the world of immersive controlling, where your body position and physical movements matter on a scale never before seen. With the addition of limb position being introduced into the gaming mix, I have to wonder whether we’re taking this a little too far too soon, or if a vital component is missing. I recall how much I used to fantasise about VR. Being able to explore a virtual world. Now couple a great stereographic head up display with all of these motion controllers and you have a far greater argument for me to actually want to use them.

You see the one problem which pains all of this motion activated gaming at the moment is that of head position. We are very much tied to a single screen. Our head must remain in the centre at all times and it’s this limiting factor that reduces the effectiveness of the virtual facade. For me it’s one of the key factors that leads me to prefer sitting on my butt with a controller. Being able to turn your head in any direction and still being able to see what’s going on around you? Now that is key. With the positional features of the new PS3 controllers being overlayed onto something like a VR headset, we could see something absolutely magical happening in the near future. The question is, are people now ready for the full VR experience? Were people ready for it before? I guess only time will tell.

Booting ISO images with Grub2, among other things

The other day I bought myself, at the great expense of £12, an 8Gb USB stick. My idea was to try out several things.

  1. Create a persistent BackTrack Live CD
  2. Create an encrypted USB partition, for all my secret things
  3. Try booting ISO images using grub2

I feel that before I go any further, I should take a leaf out of another bloggers book and point out that grub2 will not directly boot ISO images. So, it will not allow you to take a windows XP install ISO and boot it. It will not let you take just any old ISO image and boot it. There are some fairly restrictive criteria to getting this to work, however, it does lend itself to being a very useful tool.

So to start with I followed the BackTrack USB install video at the offensive security website. I’m not going to re-iterate all the commands here, but simply give an overview of what I did.

Using fdisk I created 3 partitions

  • 1 – 5Gb – Bootable – W95 FAT32
  • 2 – 1Gb – Linux
  • 3 – 1Gb – W95 FAT32

In my case, just to ensure I didn’t screw anything up, I installed this on my usb stick using a live CD, with my HDD unplugged. I have heard how the grub2 installer can be a little flaky and indeed will share an experience of this later. In the beginning I used the BackTrack, but later on I switch to using the ubuntu live CD for another reason.

So my stick had a device identifier of /dev/sda. I have replaced this in the instructions with /dev/sdX so that people trying to copy and paste don’t hose their systems.

The next step is to format the partitions;

mkfs.vfat -F 32 -n BT4 /dev/sdX1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdX2

Now we need to copy all the data from the BT4 CD. Before you all shout in unison, yes, I could have just used the BT4 ISO here, but I simply didn’t want to 🙂

So we mount the /dev/sdX1 partition, and run rsync -avh /media/cdrom/ /mnt/sdX1

This will take a few minutes and allow me to explain that the way we have created this allows us to run BT4 in one of two ways. First, we can run just as a live CD, with all the benefits that brings. Second we can run a persistent version of BT4 which will use the casper-rw partition as a sudo layer over the top of the live ISO layer. Any files we alter whilst booted in the persistent environment will be stored in this layer. Many people use a 4Gb partition for the casper-rw purely so that they can apt-get update their BT4 installation.

One of the next steps in the process on the video is to install grub. I’m actually going to skip this step and go straight to a CD change, now booting into ubuntu 9.10. There is good reason for this. Though BT4 seems to have all of the relevant files for grub2 on the DVD in the /boot/grub directory, the actual install only appears to have grub1.

Once I was booted up into ubuntu-desktop, I remounted that same /dev/sda1 partition, moved the /boot/grub directory to /boot/grub-old and then created a new /boot/grub directory, initially blank. After this I ran the grub installer.

sudo grub-install --no-floppy --root-directory=/media/BT4

The /media/BT4 was where my /dev/sda1 partition was mounted. This should correctly install grub2. After this we just have to modify the grub.cfg file. It’s not actually present right now, as we are not supposed to create one from scratch. Grub2 works differently to previous incarnations and prefers users to use a grub-update command, which pulls various lines from various files and merges them into it’s own grub.cfg which will get overwritten each time an update is made, hence the advice not to edit it ones self.

Since we are not going to be running the grub-update command we are safe to create our own. Just before we do this, I want to mention about the /boot/grub/iso folder I created in out BT4 partition. I have copied an ubuntu netbook install there, so that I can demonstrate just how easy it is to boot Ubuntu live cds.

Below is my grub.cfg file. You will notice upon booting backtrack that we maintain the fancy terminal screen during boot and tty sessions. However I haven’t, as yet, messed with the grub boot image. Enjoy.

GRUB_GFXMODE=1024x768x16
insmod vbe

menuentry                "Start BackTrack FrameBuffer (1024x768)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x317
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack FrameBuffer (800x600)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x314
initrd                /boot/initrd800.gz
}

menuentry                "Start BackTrack Forensics (no swap)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0x317
initrd                /boot/initrdfr.gz
}

menuentry                "Start BackTrack in Safe Graphical Mode" {
linux                /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet 
initrd                /boot/initrd.gz
}

menuentry                "Start Persistent Live CD" {
linux                /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet 
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack in Text Mode" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack Graphical Mode from RAM" {
linux                /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet 
initrd                /boot/initrd.gz
}

menuentry		"Ubuntu Server 9.10" {
loopback loop /boot/iso/ubuntu-9.10-netbook-remix-i386.iso
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/boot/iso/ubuntu-9.10-netbook-remix-i386.iso noeject noprompt --
initrd (loop)/casper/initrd.lz
}

menuentry                "Memory Test" {
linux                /boot/memtest86+.bin
}

You can see the loop commands tell grub to loopback mount the CD ISO. This is where the magic happens. Notice also the iso-scan option passed, which tells the kernel where to find the iso image once the second stage is loaded. Different distros have different ways of accomplishing this on live CDs, it’s worth googling to find out how. The one distro I haven’t heard of people having success with is fedora, but I’m unsure just why this is. I guess I need to take a look.

There are options to tell the loopback mounter to pull isos from different partitions, but if you place them in the same dir that grub lives, you don’t need to do this. This was the main reason for having such a large initial BT4 directory. BT4 is only 1.5Gb 🙂

That’s enough for one sitting. Have fun.

Lamest phone stand in the world – but hey, it works

So in an effort to make the geekdeck recording sessions even easier I figured I’d need some kind of tripod or stand. Instead of shelling out for something in the shops, I went for the more “student” approach. Using two business cards stapled together, and a little bit extra for a cross brace, I fashioned this little stand that sits atop my screen. The best part, it can fold up and fit neatly into my wallet. It is a business card after all.

Simply, cut two business cards as shown, making sure the gaps are the right widths for your phone and screen, staple them at the points indicated and fold them. Finally make another piece, approximately 2.5 cm and cut two slits in it, to attach into the slots in the construction.

There ya go 🙂

Edit: It’s surprisingly stable

Video Games inspiring new tactics

I saw this tweet today by our good friends “Wired”

wired
For years, the sophisticated play of pro teams trickled down to colleges & high schools. Videogames are reversing that. http://bit.ly/9GNpaB

It piqued my interest and off I clicked to have a look. The article in question was discussing an incident that happened in an American football game, where, in the closing seconds, a player forwent scoring a goal immediately and instead ran across the width of the field. When questioned about his tactic, it was apparently revealed that his time-wasting tactic was learned from a video game. True enough, it’s a tactic that I myself have employed several times.

The article then went on to talk about how athletes today are getting far more training than their predecessors, by using video games instead of real world experience. Apparently it seems to be working, but I couldn’t help but wonder how many other tactics in video games could be useful in the real world.

Would you really see soldiers jumping up and down on the battlefield to avoid getting hit by their enemies? Would we see drivers trying to drive their cars through walls and over jumps to find a shortcut to work?

Don’t get me wrong I love video games, but sometimes you have to wonder if the younger generation is basing too much of their reality on a virtual world.

Simple NASM assembler code leaves me baffled

Ok, so you all know I’m new to assembler. I have started using NASM so that it is easier to look at the shell code. I’m trying my best to get this tiny piece of code to run. However it keeps segfaulting. Can anyone explain. It is the mov to [esi + 2] that causes it.

jmp short	stuff
code:

pop		esi
xor		eax, eax
mov byte	[esi + 2], al

mov		al, 0x01
xor		ebx, ebx
int		0x80

stuff:
call		code
db		'help###'

This is what the registers look like at the crash point

pete@satsuki:~/hck$ nasm nasm.S -o nasm.o -f elf
pete@satsuki:~/hck$ ld nasm.o -o nasm-bin
ld: warning: cannot find entry symbol _start; defaulting to 0000000008048060
pete@satsuki:~/hck$ gdb ./nasm-bin 
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /home/pete/hck/nasm-bin...(no debugging symbols found)...done.
(gdb) run
Starting program: /home/pete/hck/nasm-bin 

Program received signal SIGSEGV, Segmentation fault.
0x08048065 in code ()
(gdb) info registers
eax            0x0	0
ecx            0x0	0
edx            0x0	0
ebx            0x0	0
esp            0xbffff4f0	0xbffff4f0
ebp            0x0	0x0
esi            0x8048073	134512755
edi            0x0	0
eip            0x8048065	0x8048065 
eflags         0x10246	[ PF ZF IF RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x0	0
(gdb) 

The outcome should have been that the "l" from "help" should have become a 0x00 byte. Any takers?

GeekDeck Mini Intro Concept

So, here’s the concept for the new GeekDeck Mini Vlog series. Comments, suggestions?

Social networking – What do we actually use it for?

So, before I get a torrent of abuse from this one, I’d like to point out that I am a user of social networking. I use both twitter and facebook to some extent, mainly to promote my book and blog. Though recently I have been wondering about the real use of social networking. Granted we can stay in touch and find old friends that we maybe haven’t spoken to in a number of years, but is this what we use it for primarily?

For me, I find myself using twitter much in the same way that I used podcasts and videocasts like Shot of Jaq, Hak5, Lugradio and the Network Security Podcast; to gain information. Usually to find out about cool things which I haven’t stumbled across yet. Recently Stuart mentioned DeVeDe on SoJ, and I immediately downloaded and tried it. It turned out to be the first DVD authoring package I have found for Linux that actually did what it said on the tin. Consequently I now have a limited edition iso image of all the pr0g80X.vid episodes. Thanks Stuart!

Occasionally I use social networking to comment on something someone else has said but even then, only really if it’s of particular relevance to me. I’ve begun to liken twitter to an RSS feed. Yes, yes, I know it’s called microblogging, but the majority of the tweets I receive from people, or are “subscribed” to, all have links attached to them. For me, this puts it firmly in the glorified RSS pen, the only difference between the two being that with twitter, I am able to interact with the poster in ways previously unrealised.

The same with facebook to a large extent. I find myself in one of two modes here. The first is looking for how friends and relatives are doing, the second is looking for useful links and bits of information. Though twitter seems to get a bad name for having large amounts of bilge spilling out of it, I often find that I get more information from twitter than I do facebook. This could be down to many reasons, from the company I keep, the effort I put in to each “site” and even the demographics of each service.

I tend to find the people on twitter are more technically inclined, though that observation may not be echoed by others reading this. People seem to start off on facebook, with status updates and then get dragged into twitter after a certain level of experience.

For some people, social networking appears to me to be a constant streaming dosage of gossip. I would go as far to call it the Internet’s Reality TV. I have seen numerous comments by people who begin by moaning about person X, only to be attacked back by person Y, because person X is actually a “really good friend”. Surely this can’t be the only thing people are using this technology for?

So my question goes out to you all, just what do you use social networking for? Is it to keep in touch with people, to promote a product or service, or merely to gain information? Let me know……