The year desktops stopped evolving


Somewhere around 1998, a bought a PC desktop. It was grey tower, had some USB ports, a graphic card capable of doing 3D operations, a sound-card, and later I added an ethernet card. The new thing was the USB port, and an optical mouse. Today, at work, under my desk, there is a another desktop PC, the case is more black than grey, and it has more cores, more RAM, more disk space and a better graphic card, but it has basically the same set of features. The mouse is still connected to the USB port, and is still optical (and the laser is still red).

Basically, the desktop PC stopped evolving around 1998. The parts have kept improving and generally following Moore’s law, a few legacy components where dropped (the floppy drive), and various components have been consolidated in integrated chips on the motherboard (sound-card, network card), but those were all incremental changes, nothing ground-breaking. Strangely, they are still called desktop even though they invariably sit below the desk.

The box I bought 14 years ago was assembled by microspot, a company that still exists, but nowadays, they don’t assemble their PCs anymore. The box under my desk is a Dell, and even Dell is looking to move out of the PC sector.

When people talk about [desktop] PC dying, they don’t really mean die out, like the Dodo, they actually mean, become irrelevant, like mainframe computers. Nearly nobody talks about mainframe computers nowadays, still they have not disappeared: there are still many of them in various companies and administrations, churning around numbers.

IBM will happily sell you a z-series computer, and the POWER processor they sport are nothing to sneeze at, in fact the big irony is that while Apple switched from the POWER architecture to the x86 architecture in 2005, the same architecture has been powering all gaming consoles since (and one version of my NAS).

What will happen with desktop computers? I really don’t know. Maybe they will keep existing in their current form, satisfying a niche market. Maybe they will become more of a hobbyist thing, and include some Arduino like functionality, become more hackable. Maybe they will morph into something closer to NAS boxes.

Crashing the PS3 Browser

Playstation Logo

I doubt that anybody still want to hack the Sony Playstation 3 at this stage: all its defences have been broken down. Still if anybody is interested, it seems by blog post on HTML for old geeks manages to crash the PS3, hard: the whole console freezes, and the only way to unblock it is to forcefully shut it down, only to be greeted at boot time with the message that the system was not shut-down properly, that a file-system check is needed. If feels a lot like Mac OS 20 years ago. I don’t know if this could be exploited, but given the general health of Sony corporation, I doubt we will see an updated firmware soon.

Java and security

Ever increasing hard-drive capacity basically mean that one can keep a lot of old stuff around. While looking around, I found the files for old Java applets I wrote early in my PhD. I though it would be cool to be them into this blog. Except it would be pointless as Java is increasingly disabled in web-browsers, and given Oracle’s horrible track record with Java security, I would be hard pressed to tell people to activate it.

The big irony, of course, is that when it was launched back-then, Java was about solving the horrible security problems posed by insecure languages like C, I remember all the talk about the lack of pointers, the sandbox… I would find the irony more amusing had I not been paged twice this week because of a Java program crashing because of something that looks like a memory leak.

Java is not the only language plagued by security issues, Ruby also has its share of problems. In all cases, the issue is not in the language per se, but either in the runtime system or in naive idiosyncrasies of coders, we are not so far from using sprintf. In the end the sandbox for web-browsers has been implemented where it should: at the operating system level. I’m not saying that C/assembly is in any way better, this year’s CCC showed its share of low-level exploits, I found the presentation on hacking Cisco IP phones very interesting. Basically, implementing secure system call dispatching is hard, who would have known…

In my opinion security is not so much a language problem as a serialisation/validation issue. The fact that every language comes with a new way of serialising data, and that none of them let you the code define constraints on what field can legally contain what does not help. We moved from to , the first has provision for specifying constraints on the data, the latter does not…

DDC – the unused link


I learned to code on a commodore 64, while this machine had external connectors, even something of fake serial port, connecting a computer to anything was a challenge: the world was analog and chips were expensive. Because of this, I am of the mentality that if I have a data-bus somewhere, I want to be able to use it, and having a connection that I cannot use is quite frustrating.

One bus that is very common and nearly unused is DDC, basically an i²c bus that runs between your computer and you display. Nowadays all monitor host a small CPU that can display menus, adjust the brightness, maybe the volume of the built-in speakers. DDC was introduced with VGA, but is present in DVI, HDMI and DisplayPort. HDMI also supports another control bus called CEC which originated in the SCART specification. So I have my main CPU and the CPU on my display, and a data-bus between, what can be done with them? Not much, this is basically used by the computer to read information from the display, what is called Extended display identification data. The VESA specification seems to define many other functionalities, but I never saw them in use.

There might be some hope there: as that protocol is finally getting some interest. There was a very interesting presentation at last year’s black-hat conference: HDMI – Hacking Displays Made Interesting by Andy Davis from NGSecure. Basically he shows how a device can be compromised by exploiting weaknesses in the code that handles EDID, the display information sent back to the computer using DDC.

Slanted view of a japanese city street

Amer Béton / Tekkonkinkreet

Slanted view of a japanese city street


J’ai regardé le film d’animation Amer Béton, je ne connaissais pas le manga. Le style de dessin et la musique sont époustouflant, je l’ai vraiment beaucoup aimé.

I watched the animation movie Tekkonkinkurīto, I did not know the manga. The graphical style and the music are very impressive, I really loved the movie.

The core of the movie is a japanese town district called 宝町 (Takaramachi), literally treasure town. Set sometimes in the 60s or the 70s, the district is the battleground between the police, the yakuza and the street urchins. The main characters are two kids called (kuro) (black) and (shiro) (white). While they battle, the old style district with its market streets is getting demolished to make place for an amusement park.

Besides the gorgeous depiction of those old style streets, the movie is interesting because the story follows the path of various characters, the dichotomy of black and white, but also the ageing yakuza (nezumi) (rat), his younger lieutenant, the ambitious new guy (hebi) (snake) and his dragon goons, the old tramp and various gangs. In the background lurks the mythological Minotaur. The movie gracefully mixes realism and fantastic elements, with a really symbolic end-sequence.

I found it interesting that the movie was directed by Michael Arias, which is one of the first non-japanese animation directors, maybe because of this, the movie is a loving depiction of post-war city districts, with their alleys and their stalls, they have nearly all disappeared now.

All in all, a very good movie, which I really recommend.

あげましておめでとうUne bonne et joyeuse nouvelle annéeHappy new year and happy returnsGuten Rutsch und ein frohes neues Jahr!

Rive du lac léman pendant une tempête


Une bonne et joyeuse nouvelle année !

Happy new year and happy returns!

Guten Rutsch und ein frohes neues Jahr!

2012 aura été pour moi une année de transition, avec plusieurs changements dans ma vie, chacun avec sa transition chaotique. C’est aussi l’année où le futur commence: adolescent, je lisais beaucoup de Cyberpunk, et le jeu éponyme plaçait le jeu en 2010, j’avais plus de facilité à me projeter dans ce univers que de m’imaginer ayant 40 ans, les deux sont arrivés.

À quoi ressemblera le futur ? Cela me semble être une question très compliquée, vu le nombre de changements qui sont en cours : réchauffement climatique, fin des énergies fossiles, montée en puissance de nouveau pays, dématérialisation de la production, de l’économie. Je n’ai vécu qu’une seule transition durant mon existence, la chute du rideau de fer, avec en second plan l’apparition d’internet. Là, on nous promet quatre en même temps !

Si on a droit à quatre transitions en même temps, elles sont toutes lentes, et ont techniquement déjà commencé il y a plus de 20 ans, elles sont juste devenues différentes à ignorer. De plus, simplement additionner le chaos me semble naïf, chacune de ces transitions porte en elle son lot de solutions qui pourront être appliquées aux autres problèmes.

Ce que je trouve intéressant, c’est le vide au poste de pilotage : les politiciens continuent à se chamailler en utilisant leur vieilles théories en isme, avec comme mot d’ordre général Keep calm and carry on, viennent ensuite une kyrielle de mouvements avec l’œil braqué sur une partie du problème : les tenants de la décroissance, les makers, les partis pirates.

À mon avis, l’absence de belle théorie est aussi liée au fait qu’aucune de ces crises ne peut être résolue avec une idée, un concept ; ce sont plutôt des problèmes à résoudre en se retroussant les manches et en empoignant des pelles. Il va falloir adapter l’agriculture et l’infrastructure à un climat changeant, construire des sources d’énergies alternatives, améliorer les rendements d’à peu près tout pour consommer moins. Pour cela, nous n’avons surtout besoin d’ouvriers et d’ingénieurs…