First a little backstory: last fall I joined WJHU, the student radio station at Johns Hopkins, as a sysadmin. A few weeks later I decided I really ought to actually use some of the equipment I was administering and started doing a show (Fridays from 23:00-01:00 US Eastern, for you curious folk). It was originally a mixed-genre whatever-I-feel-like-fest, but over time I settled into heavy usage of electronic dance music, to the point that my most recent few shows have been either all EDM or have had only one or two non-EDM songs. On a whim, I decided to try stringing together (using Audacity) some of last show’s songs with beatmatched transitions and played the result for a DJ friend from the station, who liked it. (And I’d share it, but some of the tracks in it have incompatible licenses, and I was just playing around with beatmatching and wasn’t thinking “Hey, I might want to share this later!” at that time.)

Anyway, being the free culture type of person that I am, and being a person who loves all kinds of EDM, the choice of what to aim for is clear: Creative Commons-licensed EDM mixes. For my last show (my current DJing is in the just-playing-songs-on-a-stream sense of the term), I used only CC-licensed EDM (and there’s quite a bit of really good CC EDM out there!), and a fun time was had by all.

Using CC-licensed songs, of course, brings up the question of which license I should use for any mixes I wish to publicly archive and share.

(Disclaimer since we’re about to go down a legal rabbit hole: I’m not a lawyer, and no part of this post is to be treated as legal advice. There are almost certainly flaws in my understanding of the licenses and of the laws relevant to them.)

I believe in free culture and in copyleft as a mechanism to promote it. For as long as I’ve had this particular incarnation of web presence, everything of mine on it except software source code has been BY-SA. I’d like to be able to release mixes under that or a similar license too, and I also want to ensure I fully comply with the licenses of the underlying songs. It’s all CC, so this shouldn’t be too hard, right?

But thinking about how the different CC licenses would interact with this, given the trends I noticed in how CC EDM tends to be licensed, made my brain start to melt and then made me really sad. I’ll go through condition by condition:

First we have BY (Attribution), which is a condition all of the CC licenses have. This one is not a problem at all. It’s customary to release a cuesheet (list of songs and the time each one starts and ends) alongside a DJ mix, and the attribution can be there. It’s the other three where issues arise.

It’s depressing how often ND (NoDerivs) showed up. This is not a problem for a just-playing-songs show, as the songs are used in their entirety, without any effects or other modification, distinctly separated from other songs. But these aren’t true of DJ mixes. So ND songs are right out. And I’ll bet that many of those artists didn’t completely think through the fact that ND would foreclose this kind of use.

I will consider NC (NonCommercial) and SA (ShareAlike) together, as their effects on what options I have and what decisions I have to make go hand-in-hand. NC, as you might expect for music, shows up far more often than not. And as I have said, I generally like copyleft, and many other people do too. But both BY-SA and BY-NC-SA exist, which are not compatible. As mixes are derivative enough that I don’t feel that I can use ND material, I’m inclined to believe that the SA condition would extend to the whole mix, which means I get the choice of including BY-SA material and excluding anything NC, or including BY-NC-SA material and excluding anything BY-SA. With the strong prevalence of NC over non-NC in music I want to be able to use, and the frequency with which SA shows up (usually in the form of BY-NC-SA), I feel like I have no choice but to adopt NC (which I’d rather not do, as it’s not truly free culture) in order to be able to use BY-NC and BY-NC-SA material. This means that BY-SA material, where the artist is really trying to do the right thing and has merely decided to be a little more forceful about it, gets the shaft. And that makes me really unhappy, as BY-SA is my favored CC license.

But BY-NC-SA it will (with great reluctance) have to be, then. There’s simply too much NC material out there not to. (Of course, separate BY-SA mixes are still a possibility, but I’d have a lot less to work with there.)

If I end up making and releasing any original EDM tracks, I think I might go with a BY-SA/BY-NC-SA dual license. Odd as that may sound, I want to do the right thing as much as possible but not cause problems for other DJs who feel that the NC condition has similarly been forced upon them.

On a non-license-related note, I’ve started playing around with Mixxx, a free software DJ console (you didn’t really think I was going to try to do this with anything other than an entirely free software setup, right?), but as I currently lack a secondary audio device on my laptop (a cheap USB audio device is currently on its way, hopefully to arrive by the end of the week so I can use it during my next show), I haven’t been able to meaningfully try real-time beatmatching yet, and how I do with that will probably determine whether I pursue this further. I’m really looking forward to it!

(Also, it’s totally been far too long since I wrote anything here. Hopefully I’ll remember to write stuff here more often in the future.)

This isn’t the first time that I have said to myself, “Hey, I should start using gpg!” I have had that idea twice before. And each of those times I made myself a key then just forgot about actually trying to use it and collect signatures on it. I never published those keys, and as time went by I forgot their passphrases.

I’m off to a much better start this time, as I cross-signed with my friend Asheesh today, published my key, and configured gpg integration in my MUA. So my new key will actually be seeing some use.

For those of you interested, my key ID is 9C121F46, and the fingerprint is C25D 9D2F F3F1 3D72 ADEB D54C F1DB 6C38 9C12 1F46. I uploaded my key to keys.gnupg.net and pgp.acm.jhu.edu. I will put this information on my contact page too.

I had been wanting to do this for some time, but I was finally convinced to do it when I had an hour-and-a-half-long power outage (and therefore lost Internet access) when I was about to commit a change to libfogg. The inability to do more work and keep clean development history without resorting to diffing out what would have been my commit really got to me.

Happy distributed hacking!

Welcome to my blog of code, freedom, gaming, computing, and some other stuff. (I will say it now: most of my blogging will probably be software-related.)

How right that last part has been. Since establishing this and letting it (most of the time) just sit here, my computing focus has switched almost entirely to software. I just haven’t felt inclined to blog about the other stuff.

I have many software projects going on now. I am in the process of placing all of them onto my Subversion server, but the ones I work on the most are there. Check it out (literally) at https://svn.stump.jstump.com/svnroot/ (read-only – I commit through svn+ssh) or browse around at https://svn.stump.jstump.com/websvn/. Patches are always welcome! I will always post when I tag a release, including full build instructions.

It’s http://svn.jstump.com/r/ and http://svn.jstump.com/websvn/ now, but help is of course still welcomed. Some projects have even grown their own mailing lists and Trac instances now that I run my own VPS. I haven’t stuck to what I said about blogging releases, but I didn’t feel any were that major anyway – the only stuff with release tags is Python extension modules used by FoFiX (which I probably should move to the FoFiX repository). There’s stuff that’s nearing completion that is more blog-worthy though (if, say, the kexec project’s intentions are any guide to go by). Also, when I amass the willpower to rewrite lots of my infrastructure code, we’re going to git, as mentioned in my most recent post before this.

I write software for Windows and GNU/Linux; nearly all of it is under “GPLv3 or later”. I will post about specific software projects whenever something interesting happens.

Since that post, I have indeed maintained a habit of writing strictly cross-platform code unless there is a reason not to, and have stuck to the GPL wherever it makes sense.

I am an avid player of Dungeons and Dragons (version 2) and the Classic Marvel RPG. (My GM is the very best.) When it comes to downtime, it’s hard to beat rolling oddly-shaped dice. Knights of the Dinner Table is the most epic magazine.

The place in which I played in said campaign closed up in July 2009, and the campaign died with it, but I got involved with other campaigns around that time. Unfortunately, moving into college killed those, and nothing I have found since has been the same. (In a way, though, the timing of the closing of the store worked out for the best, as I’m not sure how well I could have borne having to leave that campaign behind were it still active.)

Until Stump GNU/Linux works (which is probably quite a long time from now), I primarily use Ubuntu and Debian. (Naturally, I will be “eating my own dogfood” once it’s feasible.) My preferred non-free OS is by far Windows Server 2003, and I know both Windows and GNU/Linux quite well (as both a user and an administrator). (Indeed, I have dabbled in Windows enough to gain a certification or two.)

I shelved Stump GNU/Linux very soon after that post but am interested in picking it back up again at some point. ’03 is still my favorite non-free OS, even with Windows 7 now out, though 7 came close to unseating it.

See you when something interesting pops up

Yes, yes, yes…

Probably the best part of deciding to contribute was actually learning git itself so I could maintain the history of my own changes even before I shared my changes with the other developers. This marks the first time I have made serious use of a DVCS of any kind, and I must say that I am impressed by the new workflows DVCS makes possible, especially those that would be nigh-on impossible under a non-DVCS such as my current VCS of choice, which is Subversion.

You can probably reasonably expect any new projects I create on jstump.com to use git unless there is a major reason to still use svn. I may even convert some of my other projects. (The main obstacle, of course, is forcefully shoving git into my awesomely-constructed current svn+trac+custom authentication setup. I guess we’ll see how that goes when I have some extra time on my hands.)

Performous is a GPLv2+ band rhythm game that started out with just vocal play and expanded into guitar and drums not too long ago; this is the opposite of how Frets on Fire X evolved. (My commit access to FoFiX was granted last New Year’s Day, and in that time I have arguably become one of its core developers. I will look back on my experiences working with FoFiX once I hit the one-year mark since it’s so close and I’ve digressed enough already.)

It’s a strange feeling, now having commit access to two projects that the uninitiated observer might say are directly competing. Things are friendly and fair, though, and I have only the best intentions for my participation in both.

Merry Christmas to all, and to all, happy hacking!

I actually figured this out some time ago and have been using it in many of my projects; I first did it for Frets on Fire X (FoFiX), and now, upon finding a certain lack of this information elsewhere on the Internet, I’m bringing it to you here.

Other documents advocate excluding the OpenGL package from your distribution and manually adding it back in after you actually run py2exe.  However, it’s actually quite trivial to work around the weird import hooks.  The hooks don’t care whether import (well, really, __import__…) is operating the standard CPython way (loading modules and packages directly from the filesystem) or through zipimport, just as long as it returns something useful and doesn’t raise ImportError.  So we can just force the stuff that gets indirectly imported to be included when py2exe does its thing.

It’s a case of passing the necessary module names to py2exe via the py2exe includes option.  To do that, pass a dictionary as a keyword argument named options to setup. In that dictionary, assign the key py2exe to another dictionary. In that sub-dictionary, set includes to a list that contains (at least) the following strings:

OpenGL.platform.win32
OpenGL.arrays.ctypesarrays
OpenGL.arrays.numpymodule
OpenGL.arrays.lists
OpenGL.arrays.numbers
OpenGL.arrays.strings

(Note that you probably won’t need all of those array converters, and you may in fact need extra ones. Those should cover practically all use cases, though. FoFiX, which is a quite involved codebase, only needs those.)

If all goes well, everything that pyOpenGL 3.x needs to run should end up actually in the distribution (cleanly!) once py2exe is invoked with the new includes.

If you need to see an example of this in action, see FoFiX’s setup.py script, and all will become clear to you.

Happy py2exeing with pyOpenGL 3.x!

If you know me, you will know that I have generally shied away from social networking in the past.  But I finally realized that there’s no sense in doing so any longer.  (Being able to much more reliably stay in contact with my friends as I jump from high school to college is a very good thing.)

Don’t expect me to be glued to my account the way I know some people are.  I will check it regularly but not (always) constantly.

Every time I have not used of some sort of social technology and then started using it, I wondered why I did not start sooner.  Hopefully this is what will happen as I open this new chapter in my Internet life.

Today I got to experience dealing with a nasty rootkit on my brother’s Windows machine.  I was successful, but the full story behind discovering and destroying the infection has a lot of interesting little twists and turns to it.

I first noticed that DNS lookups had suddenly become rather slow on my network.  This is not out of the ordinary due to my very buggy, flimsy router, but this time it was a fair deal worse than usual.

More weirdly, the router was quite happily handling tons of packets.  And the blinking lights were Internet, wireless (where my brother’s computer is), and my testbed Windows Server 2003 box that acts as my internal DNS and DHCP server when I’m not doing anything else with it.

Suspecting to find something a small bit out of the ordinary, I popped open Wireshark on my brother’s computer and was horrified to find that it was attempting to send out spam at an alarming rate.  (All those parallel DNS MX and A queries had brought some intermediate DNS server, most likely that of my router, to its knees.)  I immediately used the netstat command to locate the guilty process.

The process at fault was services.exe.  Immediately I knew that I wasn’t just dealing with a typical spambot – it had probably injected a thread into there to do its bidding.  And yet services.exe is a core system process…

I watched the spam flow for a short time to try to catch the spambot grab addresses from whatever entity is controlling it, when I noticed a binary blob get HTTP POSTed to a PHP script on grizimvozim.name, with another binary blob sent in reply.

I then filtered my Wireshark capture to HTTP requests so as to wait and see whether any other servers were being contacted.  No others were, so I made the domain in question resolve to 0.0.0.0 in the hosts file to see what would happen.  The spam stopped almost immediately upon the next request (which I knew happened due to the machine starting to broadcast for the name via NetBIOS upon it failing to resolve through DNS), and I started investigating in earnest.

Firing up Process Explorer, I looked in services.exe for any unknown DLLs.  There were none.  There were no services out of the ordinary running out of services.exe itself either.  Somewhat perplexed, I updated AVG’s definitions and carried out a full system scan, which turned up nothing.

Suspecting that whatever malware I was dealing with had entered via an exploit in some piece of software in the system (and was covering its tracks unbelievably well), I decided to update critical network-facing system components to try to prevent it from happening again in the future after I got to the bottom of this one.  It was when I attempted to perform a Windows update that I was led down the path of discovery of the true extent of the infection.

I could access Windows Update, but it errored out very early.  Microsoft’s recommendation for the specific error code I received was to stop the Automatic Updates service, clean out the temporary folder the AU service uses, and start the service again.

The service was already stopped, though it was set to automatic start.  I suspected that AU was one of those services that would just stop when it had nothing to do (in my case, since I have the AU functionality turned off, as I prefer to update the machine manually).  I cleaned the AU temporary folder, right-clicked the service, and chose Start.

“The system cannot find the file specified.”

I went into the service properties to verify the filename it was trying to execute.  It turns out that the AU service runs through svchost.exe, but the command line it was trying to use was “%fystemroot%\system32\svchost.exe -k netsvcs”.  Almost reflexively I started regedit and dug through to try to fix the spelling of the SystemRoot environment variable.

“Access is denied.”

Sure enough, whatever had perturbed the spelling of the command line had also revoked access to that Registry key.  I restored it to default permissions (inherit and pass through inheritable parent ACEs without modification), and tried to fix it again.  Same thing.

I opened Process Explorer again and combed for open handles to anywhere in the service area of the Registry.  I found nothing.

By this point I was sure I was dealing with a full-blown rootkit.  It would have to be kernel-based to do some of the things that it was doing.  I looked through the list of loaded kernel modules in Process Explorer and saw a .sys file named with eight random hexadecimal characters.

“net stop [those characters]“: no such service.  I figured as much.

The service key named with those characters came up existent but empty.  Suspecting that the rootkit was playing with the permissions on that key just like it did with the AU service key, I found that I could not even get to the permissions dialog for it without getting an error.

I found the .sys file in \windows\system32\drivers and tried to scan it with AVG via shell extension.  File not found.

I tried to open it in a hex editor for a quick look around.  File not found.

I tried to copy it into another folder.  File not found.

I refreshed the drivers folder.  File still very much there.

At this point, I rebooted into my rarely-used reserve installation of Windows on that computer to have a look around not (hopefully) under the influence of the rootkit.

I mounted the SYSTEM registry hive from the main Windows installation and went down to the service key for that driver.  One of the values was a base64-encoded string which I duly pasted into the base64.b64decode() function in an interactive Python prompt.  “grizimvozim.name” !

I duly changed the start type of the service from 1 (system – during the pulsating progress bar phase of bootup) to 4 (disabled) and renamed the driver for good measure.  I also looked for more information on “fystemroot” and found that malware that does that to AU also tends to do that to BITS (which Windows Update relies on), and sure enough the BITS command line was misspelled too.  I fixed the permissions and spelling on both and rebooted into the main installation.

Sure enough, no more references to grizimvozim in an extended Wireshark session, Windows Update worked once again, and AVG nuked the driver for being Win32/Rustock.M as soon as I tried to open it in a hex editor.

Upon looking for information about Rustock, I was only able to get information for earlier generations of it, but their injection of spambot threads into critical system processes (winlogon.exe rather than services.exe, though) is well documented.  I saw that some forms would gain access to the kernel by unloading a rarely-used driver (such as null.sys or beep.sys), overwriting it, and reloading it, but all the rest of the drivers checked out free of infection.

Moral of the story: I may not use Windows all that much, but I certainly know my way around it, enough to find a kernel-based rootkit and stop it in its tracks.  Stump 1, Rustock zip.

I have many software projects going on now.  I am in the process of placing all of them onto my Subversion server, but the ones I work on the most are there.  Check it out (literally) at https://svn.stump.jstump.com/svnroot/ (read-only – I commit through svn+ssh) or browse around at https://svn.stump.jstump.com/websvn/.  Patches are always welcome!  I will always post when I tag a release, including full build instructions.

I write software for Windows and GNU/Linux; nearly all of it is under “GPLv3 or later”.  I will post about specific software projects whenever something interesting happens.

I am an avid player of Dungeons and Dragons (version 2) and the Classic Marvel RPG.  (My GM is the very best.)  When it comes to downtime, it’s hard to beat rolling oddly-shaped dice.  Knights of the Dinner Table is the most epic magazine.

Until Stump GNU/Linux works (which is probably quite a long time from now), I primarily use Ubuntu and Debian.  (Naturally, I will be “eating my own dogfood” once it’s feasible.)  My preferred non-free OS is by far Windows Server 2003, and I know both Windows and GNU/Linux quite well (as both a user and an administrator).  (Indeed, I have dabbled in Windows enough to gain a certification or two.)

See you when something interesting pops up