LiveJournal Needs To Tighten Security

Hmm… as part of my ongoing work with Abnib v3.0, I’ve noticed a couple of interesting little quirks in the way that LiveJournal handles security for “friends only” and “private” posts. In fact, I’m pretty sure I’ve found a way to – for any given user – produce a list of the times, dates, and URLs of all posts made by anybody – even ones to which I don’t have access. Not terribly disturbing news, as I still can’t get access to the content of the posts or even the comments to them, but it’s an “opening” – a “way in” – which could potentially lead to a full-blown exploit.

For example, I can tell you that there is a post on Andy’s blog that I’m not allowed to read, that he wrote on the 17th of Januaryat about quarter past four in the afternoon (I hope you don’t mind me using you as my “guinea pig”, Andy – you’re the first person I came to who had a “recent” private post).

The numbers near the end of LiveJournal post URLs are supposed to be semi-random to prevent people from just “guessing” their way to posts, but it turns out this isn’t necessary. I’ve e-mailed LiveJournal to try to explain their flaw to them, but as I can’t be arsed to debug it myself (hey: not my weblog at risk, here), I don’t know yet how much of a priority they’ll make it.

Ho hum.

Edit: Further investigations have revealed that I can easily get the title (but not the content or the comments) of any LiveJournal post, including protected ones. For obvious reasons, I’ve now stopped using my friends’ weblogs as testbeds, and I’ve set up a couple of “play” accounts to try things out with. I wonder if I can get the content of posts? That’d be an interesting challenge.

Abnib v3.0, First Release

Well, I’ve completed the first release of Abnib v3.0. It’s not quite as full-featured as I’d have liked, yet, but a lot of the new “core” functionality is there. I hope you’ll all agree that it’s been worth the wait. And, if you’re reading this on Abnib… Hello there!

So: what’s new –

“Friends-Only” Support For LiveJournal Users
Just add ‘abnib’ to your friends list and abnib-readers will be notified when you make “friends only” posts, so they don’t have to check more pages than they need to. Abnib won’t show your “friends only” text – it’ll just tell people that you’ve made a “friends only” post, and invite them to click the link to go to it. If you’re particularly paranoid, you can even set up a custom group that doesn’t include abnib, so you can make private posts that abnib readers don’t get told about.

I’d appreciate it if a few of you would try out this feature, so that we can be sure that it works.

Integrated Member Descriptions
Click on somebody’s name in the upper-right, and you can read a short description of them. I’ve filled a few in to start us off. You can opt to only view posts by a certain person, and, soon, you’ll be able to cloak posts by certain people (if you always find their ‘blogs boring, for example). If you want to edit your description, you can! If you do this, abnib will ask you to prove that you are who you claim to be by posting a certain unusual series of words in your weblog within the next few days. Please give this a go!

Gallery, RockMonkey, and Troma Night Integration
Abnib talks to Abnib Gallery, the RockMonkey Wiki, and the Troma Night web site in order to bring you the latest news and pictures. These features – particularly the Gallery and RockMonkey ones – are yet to be enhanced even further, so watch this space. The Gallery “Random Picture” feature refreshes itself every 30 seconds, so even during the most boring blog rant, there’s always something to occupy your interest.

New Look-And-Feel
It’s got wavy corners and transparent bits and everything. Looks great in FireFox and Opera, tolerable in Internet Explorer 6 (good in Internet Explorer 7)…

Read More…
If you’re really “out of the loop” and need to catch up, just scroll to the bottom of Abnib and you can easily view “older” posts at the click of a link. The page doesn’t even need to refresh!

The Mangohol Experiment – Day Two

Flushed with success at my wine-making efforts (which have ranged from “barely drinkable” to “good”) over the last few months, I thought I’d turn my hand to fermenting some different kinds of fruits in my spare time. The first of these that I decided to try is mangoes. So, a few mangoes from the greengrocer on Chalybeate Street and a few litres of additional mango juice from Morrisons later, I was ready to start. I kicked it off yesterday with a hunk of mango pulp, juice, sugar, and – of course – brewers’ yeast. This drink, I have decided, will be called “mangohol”. And if it turns out to be undrinkable, I’ll try my hand at distilling, too, and try to make a spirit out of it. =o)

This morning, I was quite surprised to find that the proto-beverage had escaped from the captivity of it’s bottle, forcing mango pulp up through the airlock and out onto the table by the sheer force of it’s expanding gases. It turns out that mangoes actually have quite a high sugar content, and the yeast in the bottle is having a bit of a party. I looked at my chopping board (which has pictures of various fruits and vegetables and suggestions on how to prepare and serve them). For mangoes, it reads: “Mango [sic] have a juicy, pale, orange flesh, which is full of flavour. Sliced lengthways and served in a fruit salad, puréed for ice creams and mousses, used in chutneys, veg curries, tarts, and pies.” Does it say anywhere, “Warning: may ferment explosively, spewing mango pulp across your surfaces?” Does it buggery.

The mangohol escapes from the bottle.

Mangohol spreading itself around.

So violent was the push of the excited fungi, they even managed to compress whole chunks of mango through the airlock, where they became lodged. I’ve no idea how – if it’s at all possible – I will get them out, but I’ll be using one of the larger-style airlocks for the rest of the brewing process.

Blocked airlock

Of course, it doesn’t take a physicist – even one who’s not been caught in the explosion of an immersion heater (whoever that might have been) – to tell you that the expansion of gasses in an enclosed space is a bad thing. In fact, what biologists might call an “uncontrolled yeast reaction in a sealed container” has another, more brutal, name amongst chemists and physicists. The name they use for it is “bomb.”

Thankfully I noticed the problem before the pressure became sufficient to detonate my (glass!) demijohn, and I had the sense to remove the cork and airlock from the neck of the bottle. No prizes for guessing what happened: suddenly, I found my face, my hands, my body, the room – pretty much everything, actually – showered with partially-fermented mango juice and pulp. It’s not nice stuff to be shot in the eye with. That said, it smells fantastic.

The majority of the drink remained in the bottle, and it’ll be continuing to ferment for a couple of weeks, yet (although I’ll be keeping a closer eye on it’s airlock). I’d never had guessed mangoes were so sugary, but this is really volatile stuff: having already diffused it the first time around I took a short video clip of it bubbling out (observe in the video how it “spurts out” if I hold my hand over the top of the bottle for a few seconds, and how much of the bottle is “froth” generated by the yeast):

× × ×

Geek Night Tonight

Now our few “odd weeks” are done, Geek Night is returning to Friday nights. See you tonight from 7pm for board games!

If you don’t know why I’m writing this here, then that’s probably for the best: Eat my ticklish surfboard. There. I said it.

How To Repair A Nintendo GameCube

For the last few months, Claire and my GameCube has been broken. It broke at one point, which I attributed to the drive motor being jammed up with dust and hair and crap, so I opened the lid and wiggled a knife-blade around inside it for awhile, which seemed to fix it… but a couple of weeks later, it was dead again. I decided to have another look into this, yesterday, and a little bit of research online revealed that the problem was probably that the strength of the laser had degraded, rendering it unable to read any discs. This is, apparently, one of the most common causes of death for the GameCube (and I’ve seen a good number of ‘cubes go on eBay which would appear to have exactly this problem). Thankfully, there’s a really well-written guide on lens calibration for the gamecube, which helped a lot. However, the thing that’s lacking online is a photographic guide: so, as part of this ‘blog entry, I’ve written one.

Usual disclaimer: following this guide will void your warranty. Plus, if you do it the way I did it, you risk electrocution, exposure to laser radiation, and worse yet, you may break your GameCube beyond repair.

I recommend that you read the guide to lens calibration for the gamecube – it’s far more in-depth than this blog entry. However, this blog entry has prettier pictures.

Symptoms

  • GameCube fails to load games – it claims that the disc is missing or unreadable, and will only load up as far as the “configuration cube” screen with the funky ambient noises.
  • Open the lid and detach the clips under the lid to release the circular plastic Nintendo-branded thing that sits on top of the lid: this will allow you to watch the disc spinning while the ‘Cube is running, even with the lid closed. Try again – the disc will start to spin (so, it’s not a broken drive motor) but then stop (when the system finds it can’t read the disc).

Problem

The power output of the laser which is used to read the surface of the disc has reduced with age. This is a common problem in GameCubes, apparently, between two and five years old. It can be repaired by a Nintendo engineer, but the price is prohibitive (you might as well buy a working second-hand one). However, we can fix it ourselves. [if you can’t see the rest of this article, read it here]

Tools

I didn’t have all the tools to hand that the author of the guide I followed had, but I made do. Here are my tools:

 Screwdriver and ball-point pen
  1. Screwdriver – this is a standard “size 0” (small, but not really small) Phillips-head screwdriver. This particular one cost me 45p from my local hardware store.
  2. Ball-point pen – mine was a WHSmiths-branded one with blue ink.

Method

First step is to prepare the tools as you’ll need them. The four main case screws that prevent you from taking a GameCube apart are a strange custom design deeply recessed within deep holes on the underside of the device. You can apparently buy a specialist tool for manipulating these screws, but I couldn’t be bothered, so I made one: remove the ink tube and nib from the pen, so you’re left with a long plastic tube. Then, using a hot flame (I used a gas ring) melt/ignite the end of the tube you’d normally write with (where the nib was, before you removed it). It will probably catch fire, but just blow it out while trying not to breathe in too much of the toxic black smoke you’re producing. It needs to be molten enough to be malleable. Then, once it’s hot, put it down into one of the four deep holes on the underside of your upside-down GameCube.

 Upside-down GameCube with holes highlighted

Push it down firmly but evenly so that it points directly up, and hold it there for a minute or so while it begins to take shape. What you’re doing is moulding the shape of the screw head into the molten plastic of the pen, so that when the plastic sets you will have a tool that exactly fits them. Of course, if then pen snaps, you’ve buggered any chance you had of ever getting into your GameCube, so be careful! Once it’s standing upright by itself, leave it for four or five minutes to finish cooling. Now’s a good opportunity to read the rest of this guide, if you haven’t already.

 The strange-headed screws that you need to remove

You should now be able to use your new tool to unscrew the four screws that hold your GameCube together. That’s the hard bit over with. Flip your GameCube the right way up again, put your hands on it’s sides, and pull upwards to remove the cover. If there isn’t one already, put a GameCube disc onto the spindle. This will serve two purposes: it will allow you to test the GameCube without reassembling it, later, but more importantly it will help to protect the laser lens from damage when you turn the drive mechanism upside-down, later. Next you need to remove the front and rear panels. These are attached by small plastic clips in the corners of the cube, as shown below.

 Howo to remove the front panel from a GameCube

Be careful not to detach the cables that connect the front panel to the rest of the GameCube, as these ribbon cables are very difficult to re-attach without damaging them! Now you’re ready to start removing the chassis screws (which are holding the fan in place and preventing you from getting at the underside of the disc drive. There are 14 screws to remove, in the areas shown below, but 3 of these are concealed underneath the fan and the 2 holding the fan in place will need to be removed to reveal them. Why did Nintendo see fit to use 14 screws where 6 would have done is beyond me.

 The 14 screws

By now you should have something that looks a lot like this:

 The 14 screws

A GameCube with the top, sides, and fan laid bare, and the screws removed from the main chassis. Now’d be a good time to have a closer look at what goes on when your ‘Cube turns on. This is optional, but I think it’s interesting. If you look near the back of the GameCube, on the right-hand side, you’ll see two plastic forks. This is the switch that detects whether or not the lid is closed (as a safety precaution, the disc will not spin and the laser will not turn on if the lid is opened).

 The switch that makes the lid work

Danger: laser radiation – do not do this! Connect the GameCube’s power (it connects to the back of the fan module) and output (where it normally is, albeit without the faceplace), to test it. Hold the “lid switch” (above) backwards to tell the GameCube that the lid is closed and press the power switch (it’s on the fan module). You should see the following happen:
  1. The power LED will turn on.
  2. The disc will start to spin.
  3. The laser, under the disc, will turn on. You should be able to see it shining through the disc. Now stop looking at it; you’re irradiating your eyes.
  4. The laser will move back and forth to try to “read” the disc.
  5. At this point, the laser will probably turn off and the disc will stop spinning – this is because the GameCube you’re using is broken. If it was working, the game would load. You can use this test later on to see if you’ve successfully fixed the device without having to re-assemble the entire thing!
  6. Don’t leave it running too long, because by this point the fan will be in the wrong place to help cool the unit.

Next, you need to remove the four long screws behind the ports (above the memory card slots).

 Four earthing screws need to be removed

 

This will also release two strange bits of metal which are held in place by these screws. I don’t know what they do, but I’m sure they’re probably important, so make sure you put them back after you’re done! Right; time to detach the disc drive. Lift the entire upper part of the system up and away from the base: there’ll be a little resistance as a plug becomes detached, but if you find you’re having to pull hard, you’ve probably left a screw in somewhere. The whole metal plate with the drive on top will come away in one piece. This is the bit we’ll be working with. Flip it over. Now, you’ve got to remove six small screws, highlighted in red on the photo below. I’ve also highlighted (in blue) the connector that links the drive to the bottom half of the console.

 Underneath the upper chassis

Removing the screws allows you to detach the metal plate and gain access to the circuitboard underneath. This is what we’re looking for. Again, I’ve highlighted the connector port in blue to help you navigate.

 Circuitboard

What you need to do is to turn the screw (highlighted in red) about 3 or 4 degrees anti-clockwise. This will increase the power given to the laser and fix your problem. If you turn it too much, your laser will overheat and burn out. If you turn it too little, the problem won’t be fixed. I recommend that you turn it a little at a time to find how short a distance you can turn it (anti-clockwise) to have the console begin to work again (i.e. so it “barely” works)… then turn it an extra 2 degrees or so to be sure. Be gentle!!! When you’ve made the adjustments you want to, re-assemble the thing so far as you need to to test it. You don’t need to put any screws in or even put the fan or panels back on – just hook it up to the TV and try not to look directly at the laser lens. If it still doesn’t work, go back and turn the screw a little more anti-clockwise (to boost the power some more). Hope that helps you get your GameCube back up-and-running again: it did mine! Feedback is welcome, but if you need more information I still highly recommend Lens Calibration For The Nintendo GameCube, which also has pointers on some of the other things that could be wrong (if this fix fails), what tools you need to do it without melting pens, and tips from somebody more-experienced on how far to turn the circuitboard screw. Good luck!

Another Odd Couple

Remember a few years back an unlikely couple got together? Well, an even stranger pairing just occured down here in Aberystwyth. I ought not to say who it is, but the bottom line of this LiveJournal post will say it all for those who can read it.

In other news, the Nintendo GameCube that Claire bought for me us with the money her dad sent me for my birthday arrived today… I want to go home and play!!!

Penguins And Parachutes And Bears, Oh My!

I had a particularly strange dream last night. I’ll relate:

[some bits at an airport that I don’t remember]. Claire and I boarded an aeroplane. It was somewhat unusual as a ‘plane in that it seemed to be carrying cars, a bit like short-run passenger ferries or the channel tunnel. In addition, each car’s “space” had tall hospital-like curtains that could be pulled around it in a square to isolate it from those around it, providing some kind of privacy.

After having looked around the rest of the ‘plane, I returned to Claire’s car and looked out of the window, and saw that this lead on to what initially looked like more storage for cars (like the segment we were in), but later appeared to be hung under the wing (yes, out in the open). No cars on it, though. Thinking this was strange, I tried to open the window. It turned out we’d already taken off, and the air pressure difference, coupled with several hundred mph speeds, pulled Claire and I from the aircraft and started us plummeting.

A few moments of lucidity (which isn’t at all uncommon in my dreams) later I was able to deploy a parachute, as was Claire, and we sailed through the clouds and circled while we attempted to work out where we were. As it turns out, we were over the edges of Antarctica, and with some effort, we were able to maneuver our ‘chutes such that we landed (roughly, in high winds) on the shores, rather than in the water!

For some reason this dream had been influenced more by Disney than by actual geography or biology, because Antarctica was populated not only by several varieties of penguin, but also by polar bears. Some of these polar bears were able to talk… through the medium of visible “subtitles” and sign language… and one of them was kind enough to tell us about a research station nearby that he was “able to get in to”, and we were relieved that we would not have to freeze to death. At the research station, the friendly polar bear demonstrated how to climb up to a window, and helped me to do so too. I prized open the window and climbed inside while a huge crowd of the animals (mostly penguins) stood and watched.

As I was doing this and Claire was beginning to climb up, too, three humans with guns appeared on the horizon and began shooting at us. Claire hid among the penguins and I took refuge in the research station, but it turned out that the shooters had keys and they came in and found me, and, soon after, found Claire. They originally planned to kill and eat us, but I persuaded them not to by offering them my services as a landmine disposal expert (landmines, it seems, are a significant problem in the Antarctica). I’d lied – I wasn’t by any stretch an “expert”, but this didn’t seem to be such a problem as, while I was scavenging the supplies at the station for tools to use in finding and disarming landmines, my alarm clock went off and I woke up.

Just thought I’d share it with you all on account of it being so weird. Right: now I need to step out of the office to deliver Claire’s cashcard to her, which seems to have been left in my wallet, and then I can get on with some work!

Extended Geek Night As “Birthday Party”

Yay. Woo. I’m 25. Etc. Quarter of a century old. [Insert meaningful speech here.] Ahem. Thanks to all of you who came to Troma Night yesterday and saw my birthday arrive; and in particular to those of you who brought me alcohol. Bonus.

As I seem to have been given at least two (three if you count expansion packs) board games for my birthday, and it is Geek Night (Aberystwyth’s favourite alternative board games night), tonight’s Geek Night will be extended such that it will start not at 7pm as usual but at 5pm. This’ll give us a chance to play not only the usual favourites, but also some of the new stuff – Gloom, the designer card game with funky semitransparent cards, in which the aim is to make your family as unhappy as possible and then die, while trying to cheer up the other families and give them happy lives – a great oppertunity for nanofiction; Il Principe, a renaissance Italy strategy and resource management game (why do the Germans make all the best board games, by the way?), and the 5-6 player expansion for Seafarers of Catan, which finally completes the main published tree of my collection of the Settlers of Catan games. Oh, and we’ve also got a copy I’ve assembled of my interpretation of the Programmer’s Nightmare card game, which Claire and I playtested yesterday and it seems to work… although anybody without a grounding in Assembly language might find it somewhat confusing.

So, hope to see you all at 5. Or at 7. Or whenever.

Back To Aber

Haven’t posted to my weblog in a while, owing to a lack of internet access. Will get things up-to-date soon.

Claire and I are just leaving Preston, heading back to Aber. Hope to see those folks who are there already soon!

Starting To Move

Many boxes are packed. Car is full of stuff. At 9am tomorrow, we start moving things. As stated before, all help is welcome!

This means that our internet connectivity is likely to be shaky for a few days, so, if you need us (or if something goes amiss: e.g. Abnib falls over, Dan & Alex fails to update, etc.), phone me rather than e-mailing or looking for me in the usual chat room. My contact details are on the “Where Is The Sharp?” page, along with our new address and other information.

More Madness From Super Bust-A-Move

I don’t get it. To prove to myself I could complete Super Bust-A-Move in Classic Mode, I did it again, by a slightly different route (you have some degree of choice over the levels you do as you progress through the game). I finished on a different level set, and got this final screen.

Another Super Bust-A-Move winning screen

It’s not as weird as the last one I saw, but I’m still finding these at least a little confusing.

Claire and I are moving tomorrow, so if you can help out, please do! We’ll be kicking off at about 9am at The Flat and going on for most of the day. Drop in to The Flat or The Sharp at any point during the day, or give us a call, and we’ll give you a job to do. Thanks in advance!

×

Abnib, Version 3.0

Abnib Version 1.0 was a funny little beast. It was built to accomodate for about half a dozen bloggers, but ended up with about nine or ten. It worked, though, and the principle of aggregating the blog entries of our friends and our friends’ friends took off. Abnib 1.0 had a few major flaws: firstly, it only showed a summary of the post. This was partially because all but two of the bloggers thereon were using free LiveJournal accounts, and a limitation of free accounts at that time was that you could only get the first couple of hundred characters of a post at once. Another limitation was that the site design was columnular – each person had a column of their own, which dramatically reduced the space available and made in-post images impossible. Furthermore, Abnib 1.0, which updated itself wholly or partially every time it was visited, was as slow as a dog.

Abnib died when I accidently deleted a few key files for which I didn’t have backups, and that was the end of that. However, with Gareth‘s help, it was reborn in August 2004 as Abnib 2.0. This was powered by Planet, a Python-driven flexible feed aggregator which is used in all kinds of places for just the kinds of purposes we use it for. Jon went a step further and added an interesting new style to it, and we added the Abnib Gallery (Abnib 2.1), a place for all things Abnib to share photos. Abnib became a real “centre” for our fun little crowd, gathering information on Troma Night and the RockMonkey wiki, as well as the usual weblogs. The release of Abnib 2.2 brought extra abilities much-requested by users, such as the ability to “hide” the community feeds. That’s where we are now.

However, all is not well. There are a few key things I’d like to see improved in Abnib:

  • Several LiveJournal users have commented (Paul comments, Matt comments) that sometimes, when they make multiple posts in quick succession, Abnib only picks up on the most recent of them. I’m not sure what’s causing this, so it’s probably Planet.
  • Some people like to make lots of “friends only” posts (a LiveJournal feature whereby you can restrict visability of your posts to specific other LiveJournal users). As more and more people use Abnib as their “quick window” onto Aber blogs, people are finding the need to make superficially-pointless posts (like this one) in order to ensure that people realise that they have made a “friends only” post that might otherwise be overlooked.
  • Abnib 2.2 still isn’t quite doing so much for the community as I’d like it to be; it isn’t as interactive or as inspiring as I feel a weblog aggregation portal should be.

So, in order to fix these problems (among others) and implement some new features, I’ve begun work on Abnib 3.0. This new version of Abnib will:

  • Correctly deal with multiple posts in quick succession from LiveJournal users.
  • Better integrate with Abnib Gallery.
  • If permitted (by individual bloggers – either overall or on a case-by-case basis), advertise when you have made a “friends only” post, and how to go about reading it if you have permission.
  • Load faster by holding content back until requested (for example, only the 20 most recent posts are shown by default, but more can be displayed without a page refresh: up to 80!).
  • Hold meta-information on members such as a short description, which can be updated by that member only.
  • Allow readers to ‘hide’ any or all feeds, in order to focus on the things that matter to them.

It’s all powered by a new weblog aggregation engine called Phatnet, which I’ve been building for the last few weeks specifically for this purpose. And it’s pretty damn gorgeous. But that’s not all. Experimental features which might end up part of it now or later include:

  • Tighter integration with RockMonkey – see what pages other people are reading.
  • Ajax-powered “keep me posted” features, such as a checkbox that, when checked, automatically adds new posts to Abnib as they are written – right in front of your eyes.
  • Comment counting: know how many comments have been made on standards-compliant blog posts.
  • A couple of other things I’ve been playing with.

Hopefully, I can get Abnib 3.0 finished and released later in December. If you want to see what’s been done so far and how it all fits together, take a peep at the Abnib 3.0 Preview (it updates every few days, so it’s no good for actually reading blog posts on, but it should give you an idea about some of the features: try clicking the “More Posts…” link at the bottom or on people’s names in the sidebar). It’s ugly as sin, but hey. Feedback appreciated.

Super Bust-A-What-The-Fuck?

Just completed Super Bust-A-Move in Classic Mode. When you win, you’re presented with the following screen (the text slowly fades in a line at a time):

Super Bust-A-Move end screen

What the fuck?

×

Where Are We Moving?

On Wednesday, 14th December 2005, Claire and I are moving house. For those of you who are allowed to know where we’re going, here’s a map and things [update: link killed late 2006]. You’ll need to answer two to six weighted-value questions of your choice to demonstrate that you actually know us and aren’t just scary stalker types before you get the address, but these have been geared such that most of our friends and family are able to come up with sufficient answers to “get in”. And if not, just get in touch with us and we’ll tell you what you need to know.