W1siziisijiwmtuvmdivmtivmtyvmzyvmdqvnteyl0f2yxrhci5wbmcixsxbinailcj0ahvtyiisijmwmhgzmdajil1d?sha=40d429a2ffd553af
It’s amazing when hotel Wifi is so bad that it mitm’s its own sign up page and presents fake SSL certificates.

It’s amazing when hotel Wifi is so bad that it mitm’s its own sign up page and presents fake SSL certificates. And for some reason someone thought it would be a good idea to put the router in a guests room on their desk, aka my room. At least they put a sticker with “For hotel use only” on it.

In reply to: need.computer/yeq874
Ya know, the standard internet pool party hate, not the “I will tell my grandchildren that the only good JustSid is a dead JustSid” Breaking the internet @hmans.io is dreaming of!

Hate is a strong word! Different people have different opinions - and that’s fine! :)

Ya know, the standard internet pool party hate, not the “I will tell my grandchildren that the only good JustSid is a dead JustSid”

Btw.: what’s your day job? Just in case… :D

Breaking the internet @hmans.io is dreaming of! Kind of, in a way. To be absolutely fair though, it doesn’t speak HTTP(S) so technically it’s not web? :p
I can’t talk too much about it, but basically it’s an app for what could be a website and it centralizes data quite a bit, although across multiple servers, so maybe it is decentralized? :p

But anyway, I personally feel that there is a more nuanced approach to this. Don’t get me wrong, I love me the idea of pants, but I don’t feel like this is mass marketable. We are in this mess where we abuse the web because not many people want what might be a great thing from an ideological standpoint. People like convenience. Although this is neither here nor there, I’m just a lousy underling in the machinery of the web’s destruction.

In reply to: need.computer/eyx588
Man, you guys would hate me if you knew what I do at my day job.

Let me tell you about the web I want.

^ What he said!

Man, you guys would hate me if you knew what I do at my day job. Remind me to never say anything about it on #pants :p

Last couple of day I’ve been looking through some old screenshots of the engine project I’ve been working on.

Last couple of day I’ve been looking through some old screenshots of the engine project I’ve been working on. I really need to find some time to get back to that and clean up the last couple of bits.

Realtime shadows and atmospheric scattering:

Realtime Shadows
Realtime Shadows
Realtime Shadows

Tessellation, god rays and water:

Tessellation
Water

There is also this super old video that shows some of the first realtime shadows and the atmospheric scattering together:

#screenshotsaturday

In reply to: pants.morgvom.org/wzm878
Das ist eigentlich ganz interessant, als Xcode 4 rauskam und Apple Xcode und Interface Builder in eine single window app vereint haben, haben sich extrem viele Leute darüber aufgeregt.

Warum Affinity Photo sofort nach dem ersten Öffnen mit Pixelmator den Boden aufwischt: Anwendungsrahmen.

Das ist eigentlich ganz interessant, als Xcode 4 rauskam und Apple Xcode und Interface Builder in eine single window app vereint haben, haben sich extrem viele Leute darüber aufgeregt. Hab ich persönlich nie verstanden und ist auch mein größter Kritikpunkt an Acorn and wie du bereits erwähnt hast, Pixelmator.

Gibt wohl solche und solche Leute, wobei ich das Argument für mehrere Fenster gerne hören würde.

I too jumped on the standing desk hype train.

I too jumped on the standing desk hype train. I’ve been wanting one for quite some time now, since I sit at my desk for most of the day and even though I’m only 23 years old, my back is already showing first signs of problems. So, turns out, IKEA has pretty good standing desks and my employer was nice enough to pay for one. It’s nothing too fancy, but it works really well and it is also bigger than my old desk, so I’m also enjoying having much more space available! The thingy to move it up and down is a bit simple, but I think with a Raspberry Pi or similar it’d be trivial to let the desk partake in the Internet of Things.

With that being said, I suck at standing for a long time. After three hours I can already sit down for an hour or more before being able to stand for a prolonged amount of time again. That hopefully goes away in the upcoming time though. Other than that, I actually really like standing at my desk and the desk itself is pretty solid itself (literally. I didn’t expect it to stand that rock solid)

Up
Down

Wer hat eigentlich die touch sensitiven buttons auf der PS4 designed?

Wer hat eigentlich die touch sensitiven buttons auf der PS4 designed? Oder soll man die nicht staubwischen können?

In reply to: need.computer/pia425
In der Tat, wobei Youtube seit dem Google aufkauf nicht mehr wirklich ein hippes web-startup ist.

Natürlich ist das jetzt nichts Neues und ganz normales Tagesgeschäft bei YouTube, aber meiner Meinung nach höchst interessant da mal einen Einblick zu bekommen.

In der Tat, wobei Youtube seit dem Google aufkauf nicht mehr wirklich ein hippes web-startup ist. Auch wenn viele Leute das noch von Google annehmen, Youtube ist eine absolute Bereicherung zu Googles Geschäft Werbung zu verkaufen. Kein Wunder das die lieber lieb spielen um Content zu behalten für den User ankommen.

Interessant aber alle male. Die Welt ist halt leider nicht Ideal.

Integrating Crashlytics into Build Bots

Integrating Crashlytics into Build Bots

Testflight has seemingly no interest in its regular business anymore and broke the crashreport symbolication a long time ago. We are quite dependent on that though, we don’t want to know how many times the app crashed but where it crashed. So, a week and a bit ago we jumped ship to Crashlytics, which is a really nice platform to analyze crashes. The only issue is that their dSYM upload requires a run script build phase, so their upload script runs as part of the build process. Now, you can add plenty of ifs around that to make sure that you don’t upload debug dSYMs, but still, chances are you will end up uploading more dSYMs than you need to. And I was on cruiseship wifi and am now in hotel wifi, both are shitty, and I don’t want Crashlytics to use up bandwidth that I don’t have to upload dSYMs that we don’t need. We have a build server running Xcode bots, that uploads builds to Testflight and these are the builds for which dSYMs are needed. Local crashes I can debug using the debugger.

So, I spend the day trying to figure out how the Crashlytics binary works using the disassembler Hopper and lldb, after the naive way of just batching it into a post integration script didn’t work. Actually, the start was quite easy, since the run binary complained about missing environment variables:

  • INFOPLIST_PATH
  • DWARF_DSYM_FILE_NAME
  • DWARF_DSYM_FILE_NAME
  • DWARF_DSYM_FOLDER_PATH

After providing these, it bailed with:

Crashlytics: Use a Target Run Script Build Phase
Make sure the Crashlytics command is added to your project Target and not the scheme ‘Post-actions’.
Then, Build your project to continue.
(Crashlytics error 602)

Looking that string up in Hopper led to the discovery that it also expects the SRCROOT variable to be set and after providing that… Nothing. The binary exited without error code, but I could see that there was no upload going on. Looking into the Console.app for hints, I found a crashreport from the Fabric.app:

Assertion failed: (0), function -[CLSXcodeIntegration openURL:withReplyEvent:], file /Users/crashlytics/buildAgent/work/741cdaa878dfaeb/MacApp2_5/MacApp/Controllers/Integrations/CLSXcodeIntegration.m, line 81.

Okay, cool, someone put an assert(0) on line 81 of a source file I have no access too. Don’t put too much info in, buddy. So, lldb attached to the Fabric app and a breakpoint set. Turns out, it openURL:withReplyEvent: is an Apple Script endpoint, and the URL parameter is not a NSURL. Apparently Crashlytics is creating a plist with information about the build and copies the dsym and app file into an intermediate directory and then posts an Apple Event to the Fabric App which opens the plist to find out what to do. That plist also contains the environment variables, however, stepping a bit more through the code and looking at it Hopper as well, it expects a bunch of more environment variables which the Crashlytics app isn’t complaining about ever when missing.

Also, for some reason, someone thought it was a great idea to do the equivalent of this:

@try
{
    LoadInfoPLIST();
}
@catch(NSException *e)
{
    assert(0); // Line 81
}

Again, please, don’t try to be too helpful here…

So, long story short, here is the complete list of environment variables that need to be present in order to get Crashlytics and Fabric running:

  • SRCROOT
  • BUILT_PRODUCTS_DIR
  • INFOPLIST_PATH
  • DWARF_DSYM_FILE_NAME
  • DWARF_DSYM_FOLDER_PATH
  • PROJECT_FILE_PATH
  • CONFIGURATION
  • PLATFORM_NAME
  • CODE_SIGN_IDENTITY
  • SDKROOT
  • TARGET_NAME
  • INFOPLIST_FILE
  • DEVELOPER_DIR
  • PROVISIONING_PROFILE

On the upside, I’m getting quite good at working with lldb and Hopper. On the downside, I’m not sure if I really want to. Maybe this post will help someone encountering the same issues, or at least, help future me.

#xcode-build-bots #crashlytics

I’m sitting here in my hotel room in Miami beach, it’s pretty darn warm given that it is January.

I’m sitting here in my hotel room in Miami beach, it’s pretty darn warm given that it is January. I miss Canada, Canadians and for some reason also the snow.

Luckily I’ll be back in Germany soon, after being in the Americas for two months. There will be rain, which kind of is like a nice middle between snow and sun.

#microblogging

In reply to: malwarehub.net/flg695
Sadly I had to add some extra rules for a couple of hosts I regularly SSH into.

A great, detailed article about how to configure OpenSSH to minimize its broken crypto usage: Secure Secure Shell.

Sadly I had to add some extra rules for a couple of hosts I regularly SSH into. And I wish apps like Prompt would allow me to do this kind of configuration. But that’s not the fault of the article, which is great indeed.

In reply to: hmans.io/cay401
Used to feel the same, until I switched to Obsidian and tweaked it a little bit.

I have a confession to make: I prefer my code editing light, not dark.

Used to feel the same, until I switched to Obsidian and tweaked it a little bit. Can’t switch back and hate Xcode for not being completely customizable (the themes only affect the text editing area, the panes on the left and right remain light).

Obsidian + Source Code Pro Light @10px:

Editor

Although I also really like Ubuntu Mono as a monospace font.

There was a bug that I couldn’t figure out for the life of me.

There was a bug that I couldn’t figure out for the life of me. It was somewhere deep in my hobby kernel Firedrake and it made zero sense.

It manifests as memory corruption, more specifically, at some point a pointer suddenly becomes zero. I tried to narrow it down with printf() debugging, but that didn’t get me very far because at that point the scheduler is already running and regular task switches occur, which have the side effect of the kernel not running in consecutive order any longer. Luckily, QEMU, my go to emulator, has support for GDB. The easy solution is therefore to fire up GDB, attach it to the remote debugger exposed by QEMU and set a watchpoint on the address… And suddenly everything was fine, the pointer was no longer overwritten and retained its correct value.

I have an uncommitted .bochrc file that I sometimes use when I want to understand what is truly going on at the CPU side, since Bochs is not only incredibly slow, but also verbose when it comes to APIC and MSRs etc, which usually are more like black boxes. Bochs verified that the pointer is indeed overwritten as it has the same behaviour. It didn’t tell me why, at least not out of the box.

I put the whole thing aside for days. I disabled the memory manager and just used whole pages for every allocation. I disabled reclaiming memory and turned the free/delete functions into stubs. It worked, somewhat but still broke somewhere else. I rewrote the memory manager as I suspected it to be broken since a long time already. It broke again.

Then I just decided to let Bochs trace all memory access, reading and writing. It took five minutes to get through Grub and another two to get it to load the kernel and have that one crash. I ended up with a 3gb log file that took another two or so minutes to import into Sublime Text and which made me glad I have an SSD and 16gb of RAM in this laptop. It still took about 20 minutes to search the output for the address I was interested in, with Sublime Text hanging for a good 1-3 minutes when jumping around.

And then it made click. The linear address 0x18008, the one that was getting overwritten, was previously mapped to 0x8008, the physical address that contains the SMP bootstrap location (ie the code that all non bootstrap CPUs execute to be hoisted out of real mode and get into protected mode and then rendezvous with the Firedrake bootstrap CPU). The value at the physical address was 0x0. Later 0x18008 is mapped to another location, but when I was rewriting the virtual memory interface, I forgot the code to invalidate the page table entry when remapping virtual addresses. Writes where going to the new physical locations, and reads where still served from the old one.

And that’s why no hardware breakpoints where helping and why the Bochs hardware watchpoints where useless. And I guess QEMU disables TLB simulation when GDB is attached, or something like that. Not that a GDB watchpoint would’ve helped, the memory was never actually overwritten in the first place after all.

I feel incredibly stupid right now.

The first snow here in Canada since my arrival.

The first snow here in Canada since my arrival. I can’t decide if I like it or hate it.

Snow. Duh

In reply to: ausnahmsweise.net/zfo675
Auf der Produktseite steht das sie optional cloud sync anbieten.

Wie verrückt muss man eigentlich sein, um Passwörter in der Cloud zu speichern?

Wo steht, dass es in der Cloud gespeichert wird?

Auf der Produktseite steht das sie optional cloud sync anbieten. Aber das Masterpasswort nirgendwo speichern und daher wohl AES-256 verschlüsselte blob(s) verteilen. Wie sicher das ist hängt dann wohl eher vom eigenen Passwort ab. Quelle

Was ich mich bei so etwas aber immer Frage ist was die App gegen sidechannel Attacken macht. AES-256 ist jetzt nicht so schwer zu implementieren, das kriegt man schon an einem Nachmittag auf der Wikipedia Seite dazu hin. Das ganze sicher zu implementieren ist dann schon eher tricky und auch das wo die meisten dann versagen.

Tante Edith sagt: Ich hätte mal weiter runterscrollen sollen, da findet sich das hier:

Password Changer takes the same manual steps that you normally would when you change your passwords, only now you don’t have to! We follow best security practices while securing communications between Dashlane, our servers, and websites, and your data remains encrypted with AES-256 while within the app or being synced across your devices. Not to mention, you’ll have unique passwords on each site, which greatly increases your online security. For more technical details, see our Security Whitepaper.

Hab das whitepaper noch nicht überflogen, aber offenbar geht doch etwas über deren server? Oder das ist einfach nur unklar formuliert.

Parable of the Polygons, ziemlich gut gemacht.

Parable of the Polygons, ziemlich gut gemacht.

Xcode build server can go fnck itself

Xcode build server can go fnck itself

We1 used to use Jenkins running on Rackspace for CI, but it was behind a super slow VPN and it just sucked so much. Worse yet, the actual Mac doing the builds was in Russia, and more often than not, the connection between Jenkins and the build server timed out and the changes history got lost and one had to connect to the VPN again to schedule a new build. It was a hassle. Apple promised to make CI a one click thing with the build bots in Xcode 4. We have Xcode 6 now, so enough time should’ve passed to have a stable CI server, right? Heck no!

In theory, build bots are amazing. Scheduling a build, or in Xcode speak an Integration, directly from Xcode is sweet. Seeing a nice overview of all the builds is also nice. That it is somewhat clumsy to get some custom behaviour into the build process via scripts can be forgiven, after all, no matter how fancy the interface could be, I would still write the scripts in Sublime Text and it’s nice that it’s scriptable. But build bots got some real issues, and the Apple developer team doesn’t seem to be too fond of fixing them.

Probably the worst offender for most projects is that it simply breaks when working with git submodules that are on a detached HEAD. We use ReactiveCocoa, but they made quite a lot of breaking changes recently on their master branch, which is all cool because they use tags correctly so it’s easy to pin git to the right version. Except that Xcode doesn’t want to hear any of that, it simply ignores it and checks out the latest changes. So local builds worked, CI builds just broke for no reason. That took us some time to figure out and then we had to fork ReactiveCocoa and create a branch from the commit we wanted to use. So much for one click and it just works magic.

Back to scripting for a second. It’s nice that it has the possibility to add scripts that perform various post processing on the, but it’s really easy to hit the limits there. For example, there are simply not enough environment variables to do basic things like uploads to Testflight with the output of git shortlog attached to list all the changes of that build. For starters, the commit hashes aren’t exposed, so we do some weird hackery of writing the latest commit hash in a file within the integration directory at the end of a build and when a new build is scheduled we compare that against the current HEAD. At least they expose where the generated Xcode archive is on disk so that can be grabbed and re-signed for Testflight. Except not quite, because then you have to hard code the name of the .app bundle because of course that’s not exposed. These are basic environment variables that are all exposed in the scripts that run as part of the build process, why not expose these as well for integration scripts?! We have duplicated scripts just to change a single line.

And then, last week, the build bots just broke. I mean, we could schedule an integration, it would build it, our post-integration scripts ran and uploaded the result to Testflight. And then it just hung itself up at Uploading logs and spun there eating up a whole CPU core. Looking at the crash reports it became apparent that for some reason Xcode was trying to put an NSDate into the NSJSONSerialization which then promptly threw up on it taking down the build server process. The watchdog spawned a new process, which immediately tried to do the same thing again. By the way, even getting those crash logs turned out to be harder than expected because the Xcode build server runs as its own user and you need admin rights to change the permission of its folder to view it. A DTS later, we were told that they don’t do support for apps and that we should pretty please go away and go to an Apple store. As a reasonable developer, the next step was to attach lldb to the process, which thankfully was written in Objective-C which makes these things considerably easier, and see what input it was fed. Well, as it turns out, as the final step the build bot attaches the whole info.plist of the project which is passed as raw NSDictionary to the JSON serialization. And guess what, we had a date in there (the build date to be exact), which is a perfectly valid object for a plist, but not so much for JSON.

I wish I had a conclusion for this post. The sad thing is, the Xcode build bot is actually much nicer than what we had with Jenkins and I don’t want to switch back. But ideally the build bots would really just work, instead it seems like they are kind of abandoned by Apple and no one really seems to use them. At least it’s hard to find anything via Google. And bug reports on the Apple bug reporter also remain open.

  1. The small company which I work but don’t speak for. This is a personal rant, because for some reason I ended up being the guy who has to maintain our build server and I’m frustrated.

In reply to: ausnahmsweise.net/uzj998
Das Sparrow icon sollte aber auch ausgetauscht werden, damit es in das Schema passt… Wobei es dann vermutlich zu stark nach Telegram aussieht.

(Einige Icons sind ausgetauscht, weil die Originale im Yosemite-Dock einfach furchtbar waren.)

Das Sparrow icon sollte aber auch ausgetauscht werden, damit es in das Schema passt… Wobei es dann vermutlich zu stark nach Telegram aussieht.

In reply to: pants.morgvom.org/eia884
Oha, das sieht sehr interessant aus.

Lyn, ein schlanker Bilderbrowser. Meine iPhoto Alternative.

Oha, das sieht sehr interessant aus. In iPhoto ist es möglich Bilder zu verstecken, was zwar auch mehr security by obscurity als alles andere ist, aber vor peinlichen Momenten beim nächsten Familientreffen bewahrt. Geht das auch in Lyn? Bzw, ist es eventuell möglich ganze Ordner zu verstecken?

In reply to: need.computer/ulx999
Gute Idee, hab das mal in meinen post rein editiert.

Wäre glaube ich cool, wenn wir auflisten (vielleicht von links nach rechts) was im Dock ist?! Meins kommt später dann auch noch :)

Gute Idee, hab das mal in meinen post rein editiert. Pants sei Dank gibt es hier ja eine edit Funktion.