WEDDING QUILT OMG SO HAPPY

Jul. 20th, 2017 10:11 pm
happydork: A graph-theoretic tree in the shape of a dog, with the caption "Tree (with bark)" (Default)
[personal profile] happydork
A few years ago, I watched my BFF, [twitter.com profile] amymariemason, spend a year making a beautiful wedding quilt for a friend of hers. I’m not saying my jealousy was the only reason I married [personal profile] such_heights, but I coveted that quilt, oh my goodness I coveted it so hard.

So when [personal profile] such_heights and I got engaged in August 2014, I asked my BFF if she would, maybe, perhaps, make us a wedding quilt, too?

It’s now July 2017, the wedding quilt is finally finished, and OH MY FUCKING GOD IT IS THE MOST AMAZING THING IN ALL EXISTENCE COME LOOK HOW TALENTED MY BFF IS SHE’S THE GREATEST THIS IS THE GREATEST COME LOOK COME LOOK COME LOOK OMG!

Many photos of the world's greatest quilt )
emperor: (Default)
[personal profile] emperor
Fans of the coffee stall on the Cambridge market (link to my previous post on opening hours) may be interested to know that he doesn't seem to be open on Thursdays any more - AFAICT he's now Mon-Wed, Fri, Sat.

Not entirely co-incidentally, my coffee supplies are now rather low :(

(no subject)

Jul. 20th, 2017 12:55 pm
naath: (Default)
[personal profile] naath
14.A song that you would love played at your wedding

Well, I decided that Castemere was inauspicious...

I rather like this for an entry.although it's rather long, I think I'd have to extract the theme.

https://www.youtube.com/watch?v=YfprcvuHoG8

(entry of the gods into valhalla, das rheingold WagnerL)

Lovely team!

Jul. 20th, 2017 09:34 am
wildeabandon: Champage bottle and flutes (champagne)
[personal profile] wildeabandon
Today is my last day at work before my holiday, and rather unexpectedly my team just came in and gave me an early birthday present (and sang at me). They got me a very goth card, a bread & cakes recipe book, and theatre tokens. Considering that I'm a temp and I've only been here for three months, I'm awfully pleased and surprised that they bothered at all, but especially that they seem to have got the measure of me quite so spot on. Lovely team :)

(no subject)

Jul. 19th, 2017 04:11 pm
naath: (Default)
[personal profile] naath
13.One of your favourite 70's songs

I don't really have one... wikipedia claims this is c. 1570 and will do :-p

https://www.youtube.com/watch?v=iT-ZAAi4UQQ

(Spem in alium)

an amusing confluence

Jul. 19th, 2017 11:03 am
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)
[personal profile] kaberett
1. Mr Men In London (press release); official merch; Londonist.

2. The Tube is dropping "ladies and gentlemen" as a passenger greeting.


Ergo: 3. Who do I gotta hassle to make e.g. "Mx Cool" and "Little Mx Stubborn" etc happen?

Recruiting soup kitchen volunteers

Jul. 18th, 2017 09:56 pm
wildeabandon: A London skyline (London)
[personal profile] wildeabandon
My church runs a soup kitchen every Tuesday evening to support the homeless and those in food poverty in the area. We're looking for volunteers to oversee the project about once every six weeks. The church is about 5 minutes walk from Finsbury Park station, so easy to get to from anywhere on the Victoria or Piccadilly lines. More details are here if you're at all interested, and if not but you know people who might be then I'd appreciate you pointing them there or here.

(no subject)

Jul. 18th, 2017 02:16 pm
naath: (Default)
[personal profile] naath
12.A song from your pre-teen years

strong memories of primary school discos... yes I know it is awful.

https://www.youtube.com/watch?v=XutaTTNihe0
(Blobby song)

Busy, busy, busy

Jul. 18th, 2017 11:17 am
wildeabandon: sushi (sushi)
[personal profile] wildeabandon
It's all gone a bit hectic. Definitely in a fun way, but at some point I should probably schedule some quiet nights in...

I mentioned last month ago that I was trying climbing again, and since then I've been going most weeks. So far I'm making fairly measurable progress in terms of each time getting up a route, or at least further up a route, that I got stuck on the previous week. I was particularly pleased because one of those routes hadn't been graded the first time I tried it, and when I came back to it the following week it turned out to be three grades higher than anything I'd successfully climbed before (I still didn't quite make it to the top, but I got past the move I was stuck on, and I'm fairly confident that I'm going to make it to the top tomorrow).

I've been swimming a bit as well, both on my own and with [personal profile] sfred. The funny thing about swimming compared to most other forms of exercise that I do is that whilst I'm doing it it feels as though I'm going fairly gently and not working very hard, and then I get out of the pool and all my muscles go "gosh, that was bracing!". I think it's a combination of the water softening the impact of the motion, and feeling as though the only reason ones breathing is constricted is because of being underwater half the time, rather than from the exertion, and as Fred pointed out, not noticing that you're sweating, because it gets washed straight off.

I had my first singing lesson in ages last week, to get in a bit of improvement before choir starts in September. I'd forgotten how physical singing is when you're doing it right - I think my core muscles were getting more of a workout then than from the climbing!

I've also been enjoying various dinners. Last month I went to Morito with [personal profile] borusa and a couple of weeks ago I went with my sister to the Barbary to celebrate her birthday. They both do Middle Eastern/North African small plates on barstools overlooking the kitchen. Both were very good, and in both cases the aubergine thing was the high point of the meal. On that comparison Morito comes out on top, because their deep fried aubergine with date molasses and goat's curd was so delicious that I ordered a second plate of it instead of pudding. The crisp batter/melty soft aubergine texture contrast was heavenly, and the curd was light and fluffy but with a warm richness just made to be cut through by the sweet/sharp molasses.

Last weekend had more delicious food. On the Friday [personal profile] hjdoom was in town, so I had the fun challenge of finding somewhere good for a coeliac vegan to eat. We went for Itadaki Zen, the vegan Japanese place near Kings Cross, which is always fantastic. We had a mixture of small dishes to start, with lots of crunchy textures and umamish seasonings and sauces, then six pieces of sushi, all exquisite. My main was decent, but Oliver's tempura really won the day. I was especially excited by the vine leaf and the seaweed. On Saturday Ramesh & I went out for a very (very!) belated celebration of our anniversary to St Moritz. We ate all the cheese. And then we ate all the chocolate as well, because why not. I didn't think the fondue was quite as good as the late lamented L'art du fromage, but it was still basically giant pile of cheese, so hard to complain too much. On Sunday I'd invited Beryl, one of the St John's grandames, over for lunch, and then delegated the cooking to [personal profile] robert_jones, who did us proud with a lovely summery pea and basil soup, roast lamb that was just perfectly tender, and strawberries in balsamic syrup.

Tonight I'm dining with [personal profile] borusa again at Rok, and planning a dinner on Friday, when I've got the day off work so can pull the stops out a little bit. Then next week Ramesh & I are off to Amsterdam, where cultural and culinary delights various await us.
[personal profile] mjg59
In measured boot, each component of the boot process is "measured" (ie, hashed and that hash recorded) in a register in the Trusted Platform Module (TPM) build into the system. The TPM has several different registers (Platform Configuration Registers, or PCRs) which are typically used for different purposes - for instance, PCR0 contains measurements of various system firmware components, PCR2 contains any option ROMs, PCR4 contains information about the partition table and the bootloader. The allocation of these is defined by the PC Client working group of the Trusted Computing Group. However, once the boot loader takes over, we're outside the spec[1].

One important thing to note here is that the TPM doesn't actually have any ability to directly interfere with the boot process. If you try to boot modified code on a system, the TPM will contain different measurements but boot will still succeed. What the TPM can do is refuse to hand over secrets unless the measurements are correct. This allows for configurations where your disk encryption key can be stored in the TPM and then handed over automatically if the measurements are unaltered. If anybody interferes with your boot process then the measurements will be different, the TPM will refuse to hand over the key, your disk will remain encrypted and whoever's trying to compromise your machine will be sad.

The problem here is that a lot of things can affect the measurements. Upgrading your bootloader or kernel will do so. At that point if you reboot your disk fails to unlock and you become unhappy. To get around this your update system needs to notice that a new component is about to be installed, generate the new expected hashes and re-seal the secret to the TPM using the new hashes. If there are several different points in the update where this can happen, this can quite easily go wrong. And if it goes wrong, you're back to being unhappy.

Is there a way to improve this? Surprisingly, the answer is "yes" and the people to thank are Microsoft. Appendix A of a basically entirely unrelated spec defines a mechanism for storing the UEFI Secure Boot policy and used keys in PCR 7 of the TPM. The idea here is that you trust your OS vendor (since otherwise they could just backdoor your system anyway), so anything signed by your OS vendor is acceptable. If someone tries to boot something signed by a different vendor then PCR 7 will be different. If someone disables secure boot, PCR 7 will be different. If you upgrade your bootloader or kernel, PCR 7 will be the same. This simplifies things significantly.

I've put together a (not well-tested) patchset for Shim that adds support for including Shim's measurements in PCR 7. In conjunction with appropriate firmware, it should then be straightforward to seal secrets to PCR 7 and not worry about things breaking over system updates. This makes tying things like disk encryption keys to the TPM much more reasonable.

However, there's still one pretty major problem, which is that the initramfs (ie, the component responsible for setting up the disk encryption in the first place) isn't signed and isn't included in PCR 7[2]. An attacker can simply modify it to stash any TPM-backed secrets or mount the encrypted filesystem and then drop to a root prompt. This, uh, reduces the utility of the entire exercise.

The simplest solution to this that I've come up with depends on how Linux implements initramfs files. In its simplest form, an initramfs is just a cpio archive. In its slightly more complicated form, it's a compressed cpio archive. And in its peak form of evolution, it's a series of compressed cpio archives concatenated together. As the kernel reads each one in turn, it extracts it over the previous ones. That means that any files in the final archive will overwrite files of the same name in previous archives.

My proposal is to generate a small initramfs whose sole job is to get secrets from the TPM and stash them in the kernel keyring, and then measure an additional value into PCR 7 in order to ensure that the secrets can't be obtained again. Later disk encryption setup will then be able to set up dm-crypt using the secret already stored within the kernel. This small initramfs will be built into the signed kernel image, and the bootloader will be responsible for appending it to the end of any user-provided initramfs. This means that the TPM will only grant access to the secrets while trustworthy code is running - once the secret is in the kernel it will only be available for in-kernel use, and once PCR 7 has been modified the TPM won't give it to anyone else. A similar approach for some kernel command-line arguments (the kernel, module-init-tools and systemd all interpret the kernel command line left-to-right, with later arguments overriding earlier ones) would make it possible to ensure that certain kernel configuration options (such as the iommu) weren't overridable by an attacker.

There's obviously a few things that have to be done here (standardise how to embed such an initramfs in the kernel image, ensure that luks knows how to use the kernel keyring, teach all relevant bootloaders how to handle these images), but overall this should make it practical to use PCR 7 as a mechanism for supporting TPM-backed disk encryption secrets on Linux without introducing a hug support burden in the process.

[1] The patchset I've posted to add measured boot support to Grub use PCRs 8 and 9 to measure various components during the boot process, but other bootloaders may have different policies.

[2] This is because most Linux systems generate the initramfs locally rather than shipping it pre-built. It may also get rebuilt on various userspace updates, even if the kernel hasn't changed. Including it in PCR 7 would entirely break the fragility guarantees and defeat the point of all of this.

(no subject)

Jul. 17th, 2017 01:16 pm
naath: (Default)
[personal profile] naath
11.A song that you never get tired of

So many. I nearly went with a Rick Roll. This one I thought about putting for Wedding but no.. that wouldn't bu a great choice really.

I do so hope he plays 'The Rains of Castamere.' It's been an hour, I've forgotten how it goes.[

https://www.youtube.com/watch?v=vnuCsp_tVs0

(Rains of Castamere)

dispatches

Jul. 16th, 2017 10:13 am
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)
[personal profile] kaberett
So far today I have spontaneously woken up before 9am, un/loaded the dishwasher, and made myself pancakes (using batter from the freezer; thank you, past Alex). I do not feel a pressing need to immediately go back to sleep.

Yesterday, I swapped over which brand of fexofenadine I was taking (Chanelle Medical to Dr Reddy's, self), had an afternoon nap, and woke up feeling actually refreshed.

I don't care if this is entirely placebo effect, I'll take it.

(I'm pretty sure it's not, though -- I think my post-nasal drip is also reducing again. So.)
happydork: A graph-theoretic tree in the shape of a dog, with the caption "Tree (with bark)" (Default)
[personal profile] happydork
I watched A Very British Sex Scandal last night — it’s a great docu-drama made in 2007 about the Wolfenden Report and the Montagu Affair, largely following Peter Wildeblood. The Montagu Affair was a very high profile case in the 1950s in which three men were tried for “homosexual acts” — it’s credited with helping to change public opinion and, eventually, the law. Wildeblood was one of the men tried.

I strongly recommend the film. The docu bit is fascinating — the contributors are queer men born in the 20s and 30s who watched this all play out, including, rather amazingly, Lord Montagu himself.

The drama bit is sweet, compelling, understated, and doesn’t take too many liberties. I was also particularly touched by the context-setting voiceover, which provided us with such gems as, “In 1952 The Daily Mail was a serious establishment newspaper. Its opinions were highly respectable.”

After watching the film, I immediately bought Peter Wildeblood’s Against the Law, first published in 1959, which is largely about Wildeblood’s experiences of being gay, the Montagu Affair, and Wildeblood’s subsequent time in prison. In it he argues equally hard for the decriminalisation of homosexual acts and for penal reform in general. It’s reckoned to be the first sympathetic book about male homosexuality to reach a wide audience in Britain.

It’s hard to overstate how brilliant and brave this book is, and I would have loved it for that no matter how it was written — but it’s also such a clear, spare, honest, witty, engaging piece of writing, one that leaves me feeling both in breathless awe of this hero of a man and, at the same time, like it’s only an accident of space and time that we aren’t friends. When I finished it, I missed him.

Yes, so, I fucking love this book and I recommend it even more strongly than the docu-drama. (I think there’s a new docu-drama coming out pretty soon, actually, called Against the Law? AVBSS was made for the 40th anniversary of decriminalisation, and AtL is for the 50th anniversary. So if you’re only going to watch the one docu-drama, you’ll soon have a choice.)

My version has an intro written by Matthew Parris which I liked a lot and found very interesting but at the same time ended up disagreeing with quite strongly in places. (Which is, tbf, my normal reaction to Matthew Parris.) If you get the same version, I’d suggest not reading the intro until after you’ve read the book itself.

I also wanted to share with you the absolute gut punch I got when reading the very opening paragraph of the book.

Sometimes, when a man is dying, he directs that his body shall be given to the doctors, so that the causes of his suffering and death may be investigated, and the knowledge used to help others. I cannot give my body yet; only my heart and my mind, and trust that by this gift I can give some hope and courage to other men like myself, and to the rest of the world some understanding.


It’s. I don’t know. I read that, and I was struck by how very different it was from David Wojnarowicz’s If I die of AIDS - forget burial - just drop my body on the steps of the FDA — but at the same time, by how strong the thread is that connects them.

LJ account compromised?, deleted

Jul. 15th, 2017 06:03 pm
damerell: NetHack. (normal)
[personal profile] damerell
Today, I got an email from LJ to the effect that my LJ account had been logged into from 212.129.2.227, which is J. Random IP Address in France. Mysteriously, although this was some hours ago, I don't seem to have embarked on a spree of Viagra posts/comments or anything. Hence I've ended the unknown login session, changed password, deleted account (weirdly, all of which I could do without agreeing to the evil new T&Cs).

I imagine this is a manifestation of the downfall of LJ, but:
worth checking yourself (www.livejournal.com/manage/logins.bml ) if you ain't already deleted your account?
let me know, please, if I suddenly go spammy anywhere else...

Question thread #54

Jul. 14th, 2017 08:47 pm
pauamma: Cartooney crab holding drink (Default)
[personal profile] pauamma posting in [site community profile] dw_dev
It's time for another question thread!

The rules:

- You may ask any dev-related question you have in a comment. (It doesn't even need to be about Dreamwidth, although if it involves a language/library/framework/database Dreamwidth doesn't use, you will probably get answers pointing that out and suggesting a better place to ask.)
- You may also answer any question, using the guidelines given in To Answer, Or Not To Answer and in this comment thread.
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)
[personal profile] kaberett
This week I finally got around to seeing what happened if I tried making Kardemummebullar, seeing as I tend to want to eat them more often than I'm in Sweden. Recipe taken from BBC Good Food, and archived against that august institution's eventual demise.

Read more... )

(no subject)

Jul. 13th, 2017 05:43 pm
naath: (Default)
[personal profile] naath
10.A song that makes you sad

oh so many, but I'll pick this one

https://www.youtube.com/watch?v=ljijk2T8zV4
(Empty chairs at empty tables)

Busy day!

Jul. 13th, 2017 12:20 am
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
[personal profile] azurelunatic
Morning: feeding cat, finishing car registration.
Lunch: driving to Kirkland.
Afternoon: orientation for temp stuff.
Dinner: driving back, locating closed toe shoes and black pants.
Evening: catching up with Purple, sharing leftovers and various video content with partner.
Night: curled up happily.

(no subject)

Jul. 11th, 2017 02:04 pm
naath: (Default)
[personal profile] naath
9.A song that makes you happy

hard. I don't think songs make make me happy, there are songs for when happy but that's not the same. Anyway this is quite cheering

https://www.youtube.com/watch?v=Rs3dPaz9nAo
(modern major general)