?

Log in

Welcome to Kompyotr's Discount OP-Amp and Pierogi Store [entries|friends|calendar]
bofh1459

[ website | My Website ]
[ userinfo | livejournal userinfo ]
[ calendar | livejournal calendar ]

It's official: DRM has jumped the shark. [09 Jan 2010|08:38am]
So I grabbed a copy of Antares' Auto-Tune VFX in order to make an ""operatic"" version of My Immortal as a result of a silly idea I had while chatting on IRC. Turns out... the Auto-Tune VST has DRM inbuilt, and it's the iLok USB-key type DRM. This DRM system loads two drivers, iLokDrvr.sys, which does low-level communication with the USB dongle, and TPkd.sys, which is the main driver for the rootk^H^H^H^H^Hcopy protection system here. Now, all I wanted was the 10-day trial, but it turns out that no, you need to install the relevant drivers for that as well. Now, given that I'm about as reluctant to install drivers for a DRM/Copy Protection scheme on my main computer as I am to try to restrain a cat which recently had an enforced bath, I first take a look at the current cracks for the damn thing. They all load an emulator for the iLok dongle, which...isn't hard, that thing's pathetically easy to emulate and they change device keys so infrequently that you only really have to check about once a year to see if there are any programs with which your crack no longer function, but this now means I'm loading three kernel-mode drivers, and they're all from sketchy sources, security-wise. So I decide to poke around in Auto-Tune EFX.dll...

...5 minutes later I have unlinked the iLok DRM system from it completely. Turns out all I had to do this was NOP over a single conditional JMP and a single call to Kernel32.ExitProcess, as well as changing 3 conditional JMPs to unconditional JMPs. There are probably more things I'd need to change for everything to be fully functional, but so far every feature I've wanted to use out of Auto-Tune is present, available, and does not seem to mind this crack at all, hilariously enough.

This really is hilariously dumb. iLok, while not exactly StarForce 3.4/3.6, is decently complex as copy-protection software, and is actually quite expensive for a site license if you want to redistribute it with your software as its means of copy protection. While the copy protection software itsself is implemented somewhat decent, the actual means of calling it is hilariously stupid and lends itsself to being bypassed by simple conditional JMP changes to unconditional JMP or NOP. Come on, don't these people learn the ancient JMP-CMP bypass method of cracking every single shitty copy protection algo ever? It's stupidly popular and stupidly easy and floating all over the internet still. Seems like Antares needs to read said PDF in question sometime.

This is the copy-protection code equivalent of putting the most expensive, complex, difficult-to-pick Medeco lock on your door...which is made of corrugated cardboard. The lock sure as hell isn't going to get opened, but good luck preventing the thieves from breaking into the room by other means, which, you have to admit, in this case, are painfully obvious.

God, can we please just scrap copy protection already? It doesn't work and will never work, just give it up. And if you're not going to give it up, then at least give us INTERESTING copy protection schemes to crack, instead of this bullshit that I can reverse quite literally in under 15 minutes. Seriously. What the hell, guize. This is just idiotic, on multiple levels. Fix it. Seriously.
{ [17] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

This is the worst filter ever and basically I hate people [01 Sep 2009|03:21am]
So I finally decided to do a frequency sweep test of my laptop speakers and fed them the following:



I got the following back out:




Jesus Christ, this redefines awful. Hope you don't want to hear ANY FREQUENCIES BELOW 125Hz AT ALL. Or, for that matter, want Middle C to be approximately half the amplitude of A440 because the next bit of the frequency response curve functions almost exactly like a single-order highpass filter with a center frequency of approximately 500Hz.

Also, I love the random peak at 60Hz because, of course, you can't have computers music without ground loop.

Holy shit.

I am still laughing. This may very well be worse than Bose(R) Acoustimass(TM) HorribleAffrontToAudio(TM).

Side Note: I checked in the source, audacity's "Hanning Window" is actually a Hann Window. Remind me to rename this and then yell at the audacity devs about this. Also yes I know audacity is horrible, I was lazy and in a hurry at the time.
{ [1] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

Firefox devs can go eat an ass for all I care [05 Aug 2009|11:54am]
Today I was forcibly updated to FF3. Cool. Time to see if any of the horrid memory management bugs have been resolved yet. But no, this is actually *not* a rant on how FF devs are completely unable to write a memory management algo. No, it's about the new FF url searchbar.

Anyway, the new URL searchbar has two features:
- Can search for title as well as url (mildly annoying, though I can see it being useful sometimes... takes 5 seconds to disable in about:config).
- The new "RichResults" viewformat.

The latter is hateful. It is ugly, takes up too much bloody space, displaying less URLs than it could in the same amount of space, and gives me useless extraneous information (I do not CARE about what is in the webpage title tags. It is quite often 100% useless and irrelevant). The real issue is this:
https://bugzilla.mozilla.org/show_bug.cgi?id=407836
There used to be an option in about:config, browser.urlbar.richResults, which you could set to false to disable this new and shitty toolbar. This was removed, for some idiotic reason, as per that "bug". FF devs' rationale is, if you want the old url searchbar format, you could use an extension.

No, fuck you, I am not using an extension to do shit that MY BROWSER IS ALREADY CAPABLE OF DOING RIGHT NOW. So instead I decompressed browser.jar, opened up browser.xul in a text editor, and changed:
<panel type="autocomplete-richlistbox" chromedir="&locale.dir;" id="PopupAutoCompleteRichResult" noautofocus="true" hidden="true"/>
to
<panel type="autocomplete-richlistbox" chromedir="&locale.dir;" id="PopupAutoComplete" noautofocus="true" hidden="true"/>

Problem solved, I get the old FF2-style (i.e. SENSIBLE) url searchbar now. Now what completely BOGGLES THE MIND is why the FF devs decided to remove the configuration setting in about:config that let me do this without having to edit browser.xul. It's not like about:config needs the space, or doesn't already have eleventy billion OTHER configuration settings that are more useless and less likely to be modified by anyone, nor is it likely that the five-or-so lines of code that supported that option caused massive memory leaks or high CPU useage while idle (which, I see, is still an issue).

Basically Firefox is horrible and this is why I use Opera almost always.

Oh, I almost forgot, why is the default for max url results TWELVE? I had to manually set it to 999999 in about:config as well. What the shit, Firefox.
{ [1] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[01 Jul 2009|05:23am]
05:22 <@tgies> 4:2:0 subsample chroma every day
{ [3] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

Randomness [20 Jun 2009|09:44pm]
I really like this song. It's called "La Ronde Lunaire" and it's by Origa (Ol'ga Yakovlevna), you can listen to it here.

Lyrics are as follows:

От улыбки один шаг до тоски...
Ot ulybki odin shag do toski...
From the smile there is only one step to despair...



Лелеяла луна лунный свет
Lelejala luna lunnyj svet
The moon was cherishing the moonlight

Своих свечей храня тепло
Svoikh svechej khranja teplo
Taking care of the warmth of its candles

В водовороте вод маленький ручей
V vodovorote vod malen'kij ruchej
In the whirlpool the water of a small stream

Был от луны так далеко
Byl ot luny tak daleko
Was from the moon so far away



Ах, это вечная драма,
Ah, eta vechnaja drama,
Ah, this is eternal drama,

Друг от друга они, как и мы, далеки
Drug ot druga oni, kak i my, daleki
They, like us, are distant from each other...

Ах, это вечная драма,
Ah, eta vechnaja drama,
Ah, this is eternal drama,

От улыбки один шаг до тоски...
Ot ulybki odin shag do toski...
From the smile it's only one step to despair...

От улыбки один шаг до тоски...
Ot ulybki odin shag do toski...
From the smile it's only one step to despair...



Ласкали лилию воды пруда
Laskali liliju vody pruda
Waters in a pond cherished a lily

Обещая покой на спокойном дне
Obesh'aja pokoj na spokojnom dne
Promising her rest on a calm day.

Но любовь свою отдала ручью
No ljubov' svoju otdala ruch'ju
But her love she gave to the stream

И себя обрекла на страдания и смерть
I sebja obrekala na stradanija i smert'
And doomed itsself to suffering and death.



Ах, это вечная драма,
Ah, eto vechnaja drama,
Ah, this is eternal drama,

Друг от друга они, как и мы, далеки
Drug ot druga oni, kak i my, daleki
They, like us, are distant from each other

Ах, это вечная драма,
Ah, eto vechnaja drama,
Ah, this is eternal drama,

От улыбки один шаг до тоски...
Ot ulybki odin shag do toski...
From the smile it's only one step to despair...



От улыбки один шаг до тоски...
Ot ulybki odin shag do toski...
From the smile it's only one step to despair...
fgets(buf,MAXSIZE, stdin); }

The people at SMF need to be strung up by their bollocks. Seriously. [23 May 2009|12:21am]
So a couple days ago a friend of mine had his forum exploited and a fairly complicated PHP-based trojan got uploaded onto it. I still have not finished disassembly of it, partly due to having too little time and partly due to the fact that it's actually surprisingly complex and well-written, and also stupidly obfuscated in annoying ways (all the variables are what appear to be RC4 hashes, for instance. Makes reading painful until you do a search-and-replace).

Anyway, a couple minutes of googling around reveals that the exploit vector is the attachment upload/avatar upload code. A bit of poking around the codebase of SMF shows that at a key point it is possible to get your custom code included in the rest of the forum codebase.

So eventually shit hit the fan and there's an automated bot going around and infecting all SMF-based forums. So SMF is forced to release a fix. This is quite easily the most pathetic attempt at a fix for a security hole that I have ever seen in my entire life. There are two parts to it, the first is a file with the following contents in it:
<Files *>
IOrder Deny,Allow
IDeny from all
IAllow from localhost
</Files>
RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml

Yes, that's right, their idea of a fix is a fucking .htaccess file you drop in your /attachments/ dir that removes a couple protocol handlers and then sets the executable flag on everything in the dir to off. This completely does not fix the exploit at all, as you could just, ya know, upload a file with an executable extension not listed above (say python or ruby or even a fucking dll file) and it'll still get through, not to mention the fact that this underlying bug still exists in the code means you can just use this wonderous concept called XSS. Which we've known about since uh...early 2000? If not earlier.

The other part of the fix is a minor change to ManageAttachments.php which adds a file hash, the ability to store hashes of files and a line that denys uploading of that one file which is being used to infect forums automatically by means of some bot which typically uses the nick "Krisbarteo".

Now, the nice thing about hashes is you can change a single byte in the file, say, for instance, one of the VARIABLE NAMES, and this bypasses this pathetic attempt at a blocked upload trivially.

So in short, this isn't even remotely close to a patch. It does not fix the security hole at all, it's still there and still exploitable. The attempts it tries to mitigate it are pitiful at best and just downright awful at worst.

Let's see if I can get the guys at SMF to win a Pwnie Award for this year for "Worst Vendor Response to a Security Problem". Seriously. What the fuck, guys?!?
fgets(buf,MAXSIZE, stdin); }

Writer's Block: GIP (Gratuitous Icon Post) [30 Mar 2009|12:33am]
You finally have an excuse to use it—what userpic do you not get to use very often but can't delete because it's just that awesome?
fgets(buf,MAXSIZE, stdin); }

[02 Dec 2008|01:18am]
This paper pretty much perfectly describes my thoughts on the North American mathematics education system
{ [3] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[27 Sep 2008|12:08am]
Dear whoever is doing scheduling at my university:

Fuck you.

This semester I had so many course conflicts I settled on 4 courses instead of the usual 5 because holy fuck everything I wanted to take conflicted with something I was already taking.

Looking at next semester's schedule, the only way I can take all the courses I want to take involves taking 2 courses which have completely overlapping classes. Yes, the only way I will be able to take a normal amount of classes is by missing all the lectures for one class.

And the class I wanted to sit in also conflicts with a class I want to take. These are classes that people would want to take in the same year, such as Intro to ODEs/Intro to Combinatorics and Measure Theory/Intro to General Relativity.
{ [3] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[25 Sep 2008|04:44am]
I UNDERSTAND DIFFERENTIAL FORMS.

I AM HAPPY.

LIFE IS GOOD.
fgets(buf,MAXSIZE, stdin); }

Music Post [05 Aug 2008|10:23pm]
This is what I've been listening to lately.

ZUN/Team Shanghai Alice/Touhou Project
Necrofantasia - MP3 Youtube video (mp3 is from Magical Astronomy, video has the original from Perfect Cherry Blossom)
Magical Astronomy - MP3
Phantom Ensemble - MP3 Youtube video
History of the Moon - MP3 Youtube video
Magic Shop of Raspberry - MP3 PMD

By now, if you're a friend of mine, you've probably heard me talking about touhou project. A lot. It's this incredibly awesome series of 2D shooters with really awesome characters and storyline. And also, really excellent music. And to make it even more awesome, everything from the game programming to the music is all made by one person, ZUN.

The trumpet patch you hear is something called "Romantic Trumpet", it exists on one of the Edirol synths. It is basically trumpet with high vibrato and resonance. Magical Astronomy is especially great as he mixes sample-based synths with FM synthesis. Also Necrofantasia is the demo song for music.

Jeroen Tel
Ice Age - MP3 SID
Jeroen Tel is probably one of the most prominent musicians in the demoscene, dating back to the C64 era. Most of his work was done on the SID6581, the sound chip in the Commodore 64 which was at the time cutting-edge technology (despite only having 3 voices) and which had a very distinctive sound. Later, he moved to sample-based synthesis.

Yellow Magic Orchestra
Rydeen - MP3 Youtube video Super Locomotive!

I suggest first listening to Rydeen on crappy earphones from the youtube vidya. Then switching to the mp3, and a good pair of speakers. It's like getting two songs for the price of one! Rydeen is incredibly complex, incredibly clever and amazingly good-sounding. Welcome to the band that was one of the biggest influences on Japanese vidya gaem music. At times they're almost as synthpoppy as Kraftwerk and at other times they rival classical music in terms of sheer depth and complexity.

Their vidyas also contain lots of silly analog vidya effects :D

Jean Michel Jarre
Oxygene II - MP3 Youtube video

A Frenchman, and one of the pioneers of electronic music. His music is vaguely "avant-garde" in style, and he is well-known for using a lot of instruments and effects. In Oxygene one of the really prominent aspects is theremin not being used for effects, but rather for large parts of the main melody.

Johann Sebastian Bach
Prelude and Fugue in E Major (BWV854) - Youtube video

Ah yes, who can forget good old "Four-Voice" Johann? Bach was pretty much the original chiptune composer and, to be honest, a musical genius.

Basically anything from The Well-Tempered Clavier/The Art of Fugue is perfect. Also, if anyone has a good recording (preferably the Glenn Gould version above) of the fugue I linked above, please send me it, thanks.

Also, Ancestral Recall from the Assembly 2008 music compo is also amazing.
fgets(buf,MAXSIZE, stdin); }

[26 Jul 2008|02:28pm]
Yukari: Take me away to Gensokyo. Please.
{ [1] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[24 May 2008|06:12pm]
HOLY SHIT

RUSSIA WON EUROVISION 2008!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
{ [3] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

SHITTY CHINESE ELECTRONICS [20 May 2008|06:38pm]
SHITTY CHINESE ELECTRONICS
{ [1] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[14 May 2008|08:35pm]
Read more...Collapse )
{ [3] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

Wow wikipedia [13 May 2008|02:03am]
The Hausdorff measure (see Hausdorff dimension) is a generalization of the Lebesgue measure that is useful for measuring the subsets of Rn of lower dimensions than n, like submanifolds, for example, surfaces or curves in R³ and fractal sets. The Hausdorff measure is not to be confused with the notion of Hausdorff dimension.

Try and guess what is wrong with the above sentence.
fgets(buf,MAXSIZE, stdin); }

Why thank you Corporal Ground-Loop [11 May 2008|03:19pm]
"Huh why does everything seem lowpassed"

"...Oh, because it is. Fuck"

Thanks to some stray ground loop hum the tweeter element on one of my speakers is now fried.

fff anyone know good replacements for the tweeter element of a Smaller Advent?
{ [2] fprintf(stdout, buf);||fgets(buf,MAXSIZE, stdin); }

[27 Apr 2008|05:37am]
05:36 < poopkid> FireKing: Error: "watashi" is not a valid japanese word.
fgets(buf,MAXSIZE, stdin); }

Cars [24 Feb 2008|02:48am]
02:45 < tgies> LAOAL HELP GUYS CARS ARE SORT OF HILARIOUS I MEAN THAT IS JUST A COUPLE OF COUCHES IN A BOX WHICH MOVES FORWARD BY BLOWING UP REALLY FAST
fgets(buf,MAXSIZE, stdin); }

[18 Feb 2008|12:42am]
Ah, reading week. A time to relax and to get caught up in all of your classes. Basically I've been needing this for a bit now, not so much for the relaxing part, but to actually have enough time to make sure I know everything in depth for midterms.

So far this semester has been going much better in almost every way than the last one. All of my courses are fascinating and the assignments are actually marked sanely. Well, for the most part at least.

Measure Theory is actually quite fascinating. For something that is essentially a giant hack, it's surprisingly elegant and is usually immensely useful for determining conditions. For instance, a function is Riemann-integrable iff all of its discontinuities make up a set of measure zero. Similarly, a monotonic function is differentiable everywhere but on a set of measure zero. Both of these statements are intuitively obvious, but the proofs for them are actually quite challenging and require some clever tricks.

So yeah, I spent Valentine's Day and Cheap Chocolate Day (otherwise known as the day after valentine's day) doing measure theory. It was immensely fun, and it kind of reflects my feelings towards romance lately. I don't like it, but I don't hate it either. It's more of a willful obliviousness to it all. I used to think of it as perhaps a nice idea, but seeing what it does to people, I'm not sure I really want a romantic relationship really. Other than the fact that I simply do not have any time lately, the idea just doesn't appeal to me at all. I much prefer friendship.

I mean I personally find pretty much the entire point of it quite silly by now. Especially romance movies, and even worse, romantic comedies. Now, I occasionally like stories of this genre, for instance Pride and Prejudice is actually decent and you find yourself actually managing to identify with some of the characters, but pretty much all romance movies are just so pathetically formulaic that there is little point to seeing any of them.

For the record, the same can be said about action movies. I watched Die Hard 4 earlier today. What the christ. What the devil. The entire plotline is essentially random badass cop movie meets Hackers, with all the predictability of both. Seriously, I could easily guess what was happening 5 minutes into the movie, despite never actually seeing it before or reading any form of spoilers. It was rather pathetic actually, it's as if the movie industry can't think of anything new so it's running the same old tired garbage by us again and again.

So in the realm of *good* movies/TV, Read or Die is awesome. Pretty much prior to this I have held the standpoint that All Anime Sucks More Or Less Universally, due to seeing a bunch of it and noting it all sucked (though occasionally watching Death Note for the colliding Xanatos Roulettes). This show changed my mind. The script is actually not crappily written, the plot makes sense, for the most part, and it's not animated at 4FPS.

Also, in the realm of things-from-Japan-that-aren't-actually-awful, I've become insanely addicted to Touhou games, specifically Perfect Cherry Blossom. It's probably due to them having surprisingly good music, but I've basically played Perfect Cherry Blossom all weekend (and also if I close my eyes, I start seeing bullet patterns). Also the music itsself is good enough that I'm making a SID version of Phantom Ensemble (I mean there are 3 distinct instruments in the Ensemble... the SID6581 has 3 voices, I mean it's ideal) as soon as I finish defining the instruments in GoatTracker.

So in my bad habit of planning out my next year of studies, next semester in 2A I plan to take:
- MATH245, MATH247 - LinAlg2, Calc3
- PMATH351, PMATH352 - Real Analysis, Complex Analysis
- AMATH250, ECE241 - Intro to DiffEqs, Circuit Analysis
and in 2B:
- PMATH354 - Real Analysis 2 (aka Measure Theory and Fourier Analysis)
- PMATH451 - Measure and Integration
- ECE342 - Signals and Systems
- ECE318 - Communication Systems
- PMATH365 - Introductory Differential Geometry

I am also pondering double majoring PMath/AMath, though I am not sure if I actually want to take all the required AMath courses (diffeqs are fine, but I suck at vector calc and I really, really, really hate computation), so that's still up in the air.

So that ends it for this update. I'll probably start posting semi-regularly from now on, mainly due to actually managing time better so I have both time and will to update lj beyond say a 2-line post.
fgets(buf,MAXSIZE, stdin); }

navigation
[ viewing | most recent entries ]
[ go | earlier ]