Just the Medals, please.

Here’s a great site for anyone who follows the Olympics but hates all the mindless chatter and commercials.  Also good for anyone who doesn’t really care about the Olympics at all but still wants to know how his/her country is faring.

 

Medal Count

 

This site just gives you the number of medals won by each country, ranked by amount and type.

It should probably contain a Spoiler warning for anyone who gets their coverage from NBC.  (Check out #NBCFail to share the pain)

How Cable TV worms its way into your house

While chewing through my daily RSS feast, I found a video describing how Time Warner Cable’s TV network operates.  It’s a brief rundown of how satellite feeds are received, decoded, encoded, then pumped out through fiber and copper to the consumer’s home.  No deeply technical explanations, but it gives you the broad strokes and a look at their NOC.

Lots of delicious video of their hardware.  Yes, hardware can be delicious.

Source:  Time Warner Cable

TV’s Miles O’Brien: Real Person!

Miles O'Brien headshot from PBS

A real person.

You may know Miles from segments on CNN or PBS – he’s the go-to Science Guy (other than Bill Nye) for stories about rocket launches and other fun stuff.  Having only been exposed to his talking head role, I never envisioned that he was a “real person”… you know, able to drop pop culture references, use naughty language, etc.

Well, check this out:

Miles O’Brien.  Science guy.  Using the word “douchebag”, referencing Spın̈al Tap, discussing a show about meth cooks.

Excelsior to you, sir!

Video source:  boingboingPhoto source:  PBS

Voter Data Breach Update

Well well well, the privacy breach at Elections Ontario is worse than expected.

The Chief Elections Officer initially stated that the memory sticks were encrypted and that there was no evidence that the data had been accessed.  Twenty-four hours later we’re told that they were not encrypted (!!!) but they’re still confident that the data have not been accessed…

Oh, and we’re now up to a possible 25 ridings affected, not just 24.

I wrote about the questionable logic behind the “we’re pretty sure nothing’s been accessed” concept in my last post, so I won’t go over it again.

Elections Ontario needs to improve their communication on this breach.  I went to their official site to get more information about the affected ridings, but they are unsure (or unwilling to disclose) which 24/25 were definitely affected out of a list of 49 potentially affected ridings.  Okay, let’s see the list of 49 potentially affected ridings…

Oh, an Excel Spreadsheet

An Excel Spreadsheet???  Is it really that difficult for them to append the riding names to the press release, or are they just trying to make the information less obvious?

Oy vey.

Voter Personal Data Out in the Wild

I just saw an article on CBC about a “privacy breach” at Elections Ontario.  A set of “memory sticks” has gone walkabout, taking with it the names, addresses, birth dates, and genders of registered voters in 24 provincial ridings.  Oh dear.

The Chief Electoral Officer for the province says that the information was encrypted and that there is no evidence that the data were accessed.

Hold on.  If the memory sticks are missing, and therefore not available for inspection, then you have no information whatsoever on the state of their contents.  It is perfectly true that there is no evidence that the data were accessed… because you can’t check them to find out.

I could just as easily tell you that my autographed photo of Eddie Murphy is missing, and that there’s no evidence that someone else has crossed out my name and written “Bono” in permanent marker.  Indeed, I have no evidence of the portrait’s Bonofication, but that absence of evidence is not evidence of absence.  Damn you, Bono.

It would be nice if the Chief Electoral Officer gave out details of the encryption used on the memory sticks.  Without defining the method being used, the term “encryption” could mean anything from symmetric key crypto (AES, Twofish, etc.) to giving the files inconspicuous names (not_voter_data.dat) and everything in between.

There was also mention that the data may indicate whether the individual voter actually cast a ballot in the last election.  I have no issue with them tracking participation, but that data should not be stored with information that could identify individuals.  Information that uniquely identifies individual people must be kept segregated.  There should be no master database that contains all data points, big and small.  At a minimum, sensitive data should be stored in one database, non-sensitive data in another.  Each person would have a unique, randomly-assigned identifier (a number, for example), and that would be the common link between the two databases.  If the voter registry was leaked, you would know who the voters were, but not know if they voted.  If the record of voter participation was leaked, you would know which unique identifiers were associated with someone who voted, but not have any information about who that person was.  Obviously there will be occasions when you need some information from both databases (accomplished with a JOIN, in SQL) but the resulting mix of personal and non-personal would be temporary, not something that you would store on a USB stick.

At least, that’s how it should be done.  Let’s see what the morning briefing reveals…

MST3K on YouTube!

Damn you, Internet!  I’m actively trying to do useful things with my life, and then YouTube shows me a pile of Mystery Science Theatre 3000 and RiffTrax clips.  Time sink++.

For the uninitiated, MST3K and RiffTrax take horrible movies and add snarky/funny comments to the audio.  It’s like a strange drug that transports you to a nerd movie night.  MST3K was mostly older B- and Z-movies, whereas RiffTrax takes on recent releases (Twilight, The Dark Knight, the Star Wars prequels, etc.).

Here’s a taste.  The first hit is free.

Where do you find used oscilloscopes?

Or rather “Where do you find really cheap used oscilloscopes?”

Brockville isn’t exactly a surplus electronics mecca, much less a surplus metering equipment mecca, so I’m not sure where to focus my search.

My fallback is a USB-dependent model from China, somewhere in the $50-$100 range.  I’ve been told that old-school CRT versions are best, but you can’t exactly order those for less than $100… or so I’ve found.

Does anyone have a suggestion?

Those Magnificent Men and their Frauding Machines

I have a sort of love/hate relationship with phone spammers.  I enjoy watching them backpedal and deflect when I ask them something they can’t answer, but I hate getting called in the first place.

Four calls this afternoon from the “Computer Department” regarding my “Windows error messages”.  My standard response is “What is my IP address?”  So far I’ve been told:

  • They can’t tell me for privacy reasons
  • I’ll have to speak to the manager
  • Windows 7
  • F**k you m***erf***er

The best part is that the **** guy has called me before.  He makes it a point of honour to call me back and spout expletives when I call him on his bullshit.  Alas, he knows more English swear words than I know [Middle-Eastern | East-Indian | North-African] swear words.

Shame, really.

Part of me wants to play along and follow their instructions on a virtual machine, just to see what kind of payload they get me to install.  Part of me wants to waste as much of their time as possible.  There’s also a part of me that doesn’t want to receive heavily accented cursing through voicemail.  Which part will win?

First success with JTAG er, UART

Update 02/26/2013: Yeesh, my youthful exuberance got the better of me.  What I accessed was actually the UART, or serial, port for the device.  It’s still a cool and useful thing to do, but it’s not JTAG.  Using the UART on a mainboard is like being the engineer at the front of the train; you can watch all the gauges and readouts that the passengers don’t see, press buttons to turn on the headlights, turn dials to go faster or slower, etc.  You have more control and more information.  JTAG is like having mechanics sitting at each large component of the train but only being able to talk to one of them directly.  You can phone the mechanic who operates the door of the first passenger car and ask him to open the door, close the door, tell you if it’s open or closed, and you can also tell him to act as a messenger between you and the mechanic who controls the fuel valve.  You can tell the fuel valve guy to open it, close it, tell you how open or closed it is, etc. even though he doesn’t have a phone.  With JTAG, individual devices on the board all have a little guy who can do things to that one device or act as a messenger between you and another device on the same board.  So why don’t we just have JTAG on everything or UART on everything?  Well, JTAG is a very simple interface that can be inserted into a tiny component like a piece of flash memory or a big component like a processor and everything in between very easily.  But, the number of basic actions you can perform with JTAG and the speed at which you can send data are limited; it’s not meant to be pleasing to the end user.  UART is like having an 800-number for easy access to your board.  You want to observe detailed operating messages and have low-level control over the whole device’s operation?  Here, call our 800 number and just tell the operator what you need.  *** I’m going to bed.  I’ll finish this FANTASTIC explanation later 😉

My electronics tinkering street-cred is a teensy bit more, well, credible now.  I’ve been looking through my piles of old devices and newly-acquired broken devices, trying to gain experience in troubleshooting electronics.  One tool to which I am completely new is JTAG, a very low-level interface on most modern devices that allows you to access, operate, and reprogram all sorts of things even when the device isn’t bootable using normal means.  It’s not a silver bullet for electronics repair, but it gives you capabilities beyond jiggling cables and cycling the power.

The first step to getting JTAG access is to identify a set of pins or pads on the device’s circuit board.  Sometimes the manufacturer makes life easy and labels the pins with their proper names, like “VCC” and “GND”.  Sometimes there are no labels and no pins.  I have to use a multimeter to test voltage and resistance.  It’s fun when nothing is labelled and you’re blindly probing solder pads hoping to find 3.3 volts.

Once you identify the correct pins/pads/holes you need an interface that converts the JTAG signals into something your computer can chew on.  I purchased a few USB-to-TTL adapters from somewhere in Hong Kong or Singapore for about $2 each.  Until today, I was almost certain that I had been ripped off; I had tried to use the adapters on at least four different devices with no luck.  I finally tasted success when I hooked up an LG BD300 Blu-ray player and saw a bunch of bootup information scrolling on my terminal window:

Booting Secured CFE...
Common Firmware Environment (CFE) version 1.30 for BCM97440 CX-V12-384MB, (Little Endian Mode)
Build Date: Thu Aug 14 09:12:06 EDT 2008 (christj@stb-mhtb-04)
Copyright (C) 2000-2008 Broadcom Corporation.

Woo hoo!  I didn’t waste $6!

The victory was small, but I’m marginally more useful today than I was yesterday.  I’ll take it.