Last Login:
December 16, 2017


User Profile

Hits: 104,787
Joined July 15, 2007
Games (5)
Favorite Users
Dev - Sort these by name
Favorite Games

Inspired by 64D
Posted on November 28, 2017 at 00:24

Yesterday, I released something called Trollcave on my main blog. It's a bit like a game, but not quite, and there's a bit of a barrier to entry. It's an infosec challenge VM, so the idea is you download a VirtualBox ova, load it up (with sensible precautions), and try to gain unauthorised access to it by exploiting vulnerabilities and misconfigurations, ultimately to read /root/flag.txt.

Web application security experience helps, but it should be completeable by anyone with good technical and security knowledge about webdev. Here's a screenshot:

As must be obvious from the screenshot, the website on this VM is pretty heavily inspired by 64Digits. This is partially because I spent a week writing a 64D clone in Rails (driven by boredom) and then only later decided to do this with it, and partially because I had some cool ideas around how some features similar to those this site has could be used in a hacking challenge.

Bear in mind that none of the fake users are meant to be anyone here, and none of the vulnerabilities I poked into the design are indicative of anything here either.

Not sure if this is really anyone here's cup of tea, but I felt I had to mention it in a 64D blog considering the inspiration for it. Download link is here: Oracle Virtualbox .ova file (891MB)

Ludum Dare 37
Posted on December 09, 2016 at 01:27

Ludum Dare #37 is to be hosted on their new website

Starts in ~19 hours. Who all's participating? Seeing as I'm actually free this weekend (my year-end leave starts on Sat) I'm going to give it a shot, unless the theme totally sucks (but most of the contenders look reasonably interesting, so I don't think that'll be the case).

VT-d GPU Passthrough
Posted on May 09, 2016 at 13:41

What is the best single-PC setup for a Linux enthusiast who still likes to play Windows-only games and run other Windows-only software?

Not WINE, because despite working surprisingly well in many cases and being in general better than you might expect, it's often flaky and unstable, and is absolutely not guaranteed to run every program.

Not dual-booting, because then you have to constantly reboot and context-switch.

Not a Windows virtual machine, because those don't let you run anything graphically intensive.

Not a Linux virtual machine on a Windows host, because then you're not really using Linux (especially evident when Windows blue-screens and takes your poor VM along with it).

What you want is a way run Linux and Windows simultaneously, allowing each operating system access to the tools it needs to run your system: Windows should get the graphics card and everything else it needs for playing games, and Linux should get the rest for doing everything else.

Solution: set up a Linux host with a Windows virtual machine that uses modern virtualisation technology (VT-d & IOMMU) to directly access the graphics card.

I set this up over the last week or so, and it was actually a lot easier than I thought it would be. A year or two ago you needed to compile custom kernel images to get it right, but with the latest version of Ubuntu (16.04) running Linux kernel ~4.4, all I had to do was:

1. Make some minor config changes to assign my graphics card to the pci-stub driver1 on boot instead of the default radeon driver.
2. Set up a Windows virtual machine with Qemu-KVM and assign it my card (there was even a neat GUI for this, and only one point where you need to abandon it and dip into config files).
3. Install graphics card drivers on Windows VM.

I had to do a bit more futzing around to get keyboard and mouse sharing (Synergy), some futzing with that to get mouselook in FPS games to work (by default Synergy sends absolute mouse coordinates, but games want relative ones, so you end up with a madly spinning screen or a crosshair that simply refuses to move) and a little more mucking around to get my onboard graphics card to play nice so I could use it for the Linux host.

All-in-all, easier than getting graphics card drivers to work on Linux itself. /s

Under my setup, I have both monitors wired to both graphics cards. So I can start up my Windows VM, move my mouse up, switch output on the screens, and then feel exactly like I'm using Windows on a normal Windows PC. And if I don't want to actually use Windows, I can Steam's in-home streaming to literally play games on Linux.

Graphics settings in games are exactly the same as when I was running Windows, and performance seems the same too (though this may take a few weeks to fully assess).

Startup is obviously faster, and I can now spend most of my time using my favourite minimal tiling window manager.

Overall, this worked a lot better than I expected, and was almost entirely painless to set up. My thoughts could change in the coming weeks (during which I plan to do a full writeup of how I set things up on my other blog), but so far, so good. Really worth a shot if you think you'd like it and have compatible hardware (you need to be able to enable VT-d in your BIOS and will also require a reasonably recent graphics card). For reference, the three main resources I used were this Linux Mint forum thread, this Arch Wiki page and the five-part guide on the VFIO Tips and Tricks blog.

EDIT 2016/09/09: And here at long last is my comprehensive guide to setting this up, as promised months ago.

What are you watching/reading?
Posted on November 13, 2015 at 13:16

We've got music, games and projects already, so this is for books, movies, series and other things of that ilk you've been enjoying lately. Recommendations and condemnations alike are welcome.

Images and videos in hide tags, please, as per the usual protocol.

Some Projects
Posted on September 01, 2015 at 14:49

I've been busy lately. Here's some stuff I've been doing:

First off, there was Ludum Dare about two weeks ago. I really want to thank you guys -- Jani, Acid and Ferret especially -- for all getting into it and inspiring me to do the same and just sit down and make a damn game. It's lacking in areas, but it's a start that I might not have otherwise made. I've started on the post-LD version and hope to have it done in a couple weeks, and then I'm probably going to keep exploring this text game thing.

I've always been put off finishing my games because I don't enjoy drawing graphics, but this way I don't have to do that. What's more, in text I can do stuff with story, which always requires the most graphical resources in the world of pictures. Plus, working in infosecurity has made me a lot less comfortable about downloading and running random EXE files as is the way of hobbyist game dev, and so I have some reservations about making others do the same. I would rather, at this point, make browser games.

And speaking of random downloaded EXEs, I'm working on a Windows Metro app to turn this:

into this:

I've got well over a thousand of these games, collected and organised over ten years, sitting in folders and I'd like to get some search and automatic statistics going. Integration with some sort of API (like on GameJolt) or web scraping system for screenshot covers would be killer as well.

I've hit a few issues with the Windows app permissions system and sandbox, which I'm in two minds about. From a security perspective, it's great that apps are sandboxed and stuff like file access is heavily policed, especially in a phone context. But if you want to make a game launcher like I am, well, you can't really do that so well: Windows apps can't launch EXEs. So I'm probably just going to settle for opening the game folder. That's security, I'm afraid: you gotta sacrifice some convenience and/or elegance not to get pwned (Benjamin Franklin can suck it).

I've always quite liked a lot about the modern Windows flat style, and now that the modern apps fit in normal windows on Windows 10 they've become quite pleasant to use. So that's mostly why I made this slightly odd choice of platform. This project is also an interesting exercise in using a verbose language in an IDE on Windows, which is pretty much the exact opposite of how I normally program stuff these days.

And on an even less useful and relevant note, I've recently redesigned the CSS on my personal site so that it's all my own work rather than just a modified version of someone else's theme. I've also written a plugin that integrates nice typography into my chosen hipster blogging framework, mostly for the curly quotes. The results looks quite nice, I think, though the main font's ligatures don't render wonderfully, especially on Windows, so I probably need to experiment with different fonts or hack ligatures out of Typeset.js. The source HTML is quite messy now as well, full of <span>s for kerning and smallcaps.

My little plugin has the distinction of being one of the few to actually exist, mostly because the framework's plugin features are in very early stages with little documentation. I'm planning to write a tutorial to alleviate the latter though.

Seguing from that, since I like to do a roundup of the more formal posts I make on that site when I blog here, I've written:

* A long article about using Vim, first in a series I'm slowly doing on all the major/interesting text editors.
* Some web-app security stuff about unexpected side-effects of JSON on potential cross-site request forgery vulnerabilities.
* A reworking of a post about Iji I made on this site a few years ago, to be slightly less pretentious.
* A technical tutorial on LUKS encrypting a second HDD after you've installed Ubuntu.
* And finally a post-mortem of my Ludum Dare game.

I've got a lot more articles planned and partially drafted, mostly about game programming and web app security, plus a couple of reviews of things and one or two more tutorials (Google Webmaster Tools indicates that the tutorials are my most popular articles -- feels good to give back). The main idea is to keep things fairly varied and hopefully interesting to people completely external to me. I'm also open to requests, but tend to have a rather long turnaround time on articles.

My job is going well as well. They say your first job is supposed to be quite awful, but mine is so good I'm scared it's only downhill from here. I've learnt so much about web technologies, Linux and Windows services and networks, and I'm about to start some stuff on Android and iOS security. I get to work with incredibly competent people on interesting things, don't have to work on one project for more than two weeks or so, and use both my technical and writing skills.

Plus it's fun to see the faces of developers when you tell them what you just did on their pretty little websites, from bypassing authorisation controls to popping shells. And it's definitely given me a better attitude towards testing and intentionally trying to break software, something I was always bad about in my gamedev.

Prev Page | Next Page

Recent Activity
Active Users (0)