Recovery

Jul. 22nd, 2017 11:34 am
razornet: (Default)
[personal profile] razornet
Part 1 in a, maybe, series of posts on recovery from addiction. Probably. We'll see. Preamble here, read it first, all of it: https://razornet.dreamwidth.org/497959.html

Inspired by the questions I've been asked about rehab and recovery I've decided to get my thoughts down in writing, much as I used to do sevenish years ago. For each entry I'll pick a subject that often comes up in conversation or a concept I've been musing on and see if I can't make some sense of it to myself and other people. Before I launch into the actual work it's worth being aware what in general terms is happening and a what some of the things I'm liable to write actually mean.

This post may grow as I find more terms I need to explain.

Recovery: The term recovery is used in the medical sense. You've been ill, you're recovering as from a cold, the flu or a stroke. You are vulnerable and life will, by necessity, be different. Some things you will no longer be able to do, some thing you must do. You must be constantly aware of yourself and your environment and react accordingly. Recovery must be protected at all costs. Failure to do so may kill you.

Selfishness: In fact this means exactly what it does in normal life, the difference comes in the application of selfishness. It's not a good thing in and of itself but in some situations it's simply the only thing to do. You have to own that you will upset people while protecting yourself and that what you do is correct and the only option. You may lose their goodwill, friendship or whatever but frankly, fuck 'em, your life is at stake. If you have to walk away without another word, raise a fuss, use your circumstances to prevent something triggering your illness, so be it. You have to accept the consequences however, it's not a free ticket to sympathy or license to bad behaviour. You just have to ask "is this worth risking my recovery over?" and if not, do what you have to.

Therapeutic environment: The environment surrounding detox, rehab, substance-abuse meetings, or support agencies. The qualities of such are a post in their own right. When I use it I'm likely referring to the rehab I attended treatment and the surrounding community unless otherwise specified.

Blogging Tiny Trains

Jul. 21st, 2017 01:33 pm
sparrowsion: male house sparrow (male house sparrow)
[personal profile] sparrowsion
If my plans for tiny trains ever materialise, and if I were to blog about it, do you think I should
  1. continue wibbling about it here
  2. resurrect/repurpose my Wordpress blog, or
  3. start an entirely new blog/site specifically for the purpose
?

(No poll, 'cos I'm a cheapskate free user.)

(no subject)

Jul. 21st, 2017 12:53 pm
naath: (Default)
[personal profile] naath
15.A song that is a cover by another artist

oh, I know one for this!

https://www.youtube.com/watch?v=KaOC9danxNo

Chis Hadfield sings space oddity.
emperor: (Default)
[personal profile] emperor
Fans of the coffee stall on the Cambridge market (link to my previous post on opening hours) may be interested to know that he doesn't seem to be open on Thursdays any more - AFAICT he's now Mon-Wed, Fri, Sat.

Not entirely co-incidentally, my coffee supplies are now rather low :(

(no subject)

Jul. 20th, 2017 12:55 pm
naath: (Default)
[personal profile] naath
14.A song that you would love played at your wedding

Well, I decided that Castemere was inauspicious...

I rather like this for an entry.although it's rather long, I think I'd have to extract the theme.

https://www.youtube.com/watch?v=YfprcvuHoG8

(entry of the gods into valhalla, das rheingold WagnerL)

(no subject)

Jul. 19th, 2017 04:11 pm
naath: (Default)
[personal profile] naath
13.One of your favourite 70's songs

I don't really have one... wikipedia claims this is c. 1570 and will do :-p

https://www.youtube.com/watch?v=iT-ZAAi4UQQ

(Spem in alium)
fivemack: (Default)
[personal profile] fivemack
I have a self-image as the kind of person who always has a book on the go and who reads at a ridiculous rate - I told Goodreads '52 a year' and thought that wouldn't be difficult.

I just finished number 19, which was Aliette de Bodard's _House of Binding Thorns_, featuring the cold shabby struggle between a Paris of fallen angels and a Seine of displaced Vietnamese dragons; this was one where I would read a chapter at the end of the day and drift off to sleep. It's the first book I finished in July. It's good, if you read _House of Shattered Wings_ you'll like it, it may be the only fantasy I've read with one of the protagonists pregnant.

It may simply be that I'm not on as many trains by myself; I don't think the lack of novel-reading coincides with having an Economist subscription, though that has meant my Sunday afternoons include two hours of sitting in a comfy chair with an ever-refilled mug of hot water reading quite dense reporting.

Trying some non-fiction (_The Box_, on Kindle, about how container shipping changed the world, _Sabres of Paradise_, in a physical hardback, about the Russian conquest of the Caucasus) next. It is sad that I am wary of reading _Sabres of Paradise_ on public transport because it is a thick black book with Arabic letters in gold on the front.

Of shoes and ships and sealing wax

Jul. 18th, 2017 05:15 pm
ghoti_mhic_uait: (Dancing in the sand)
[personal profile] ghoti_mhic_uait
I've often wondered why my shoes seem to wear out more quickly than other people's, given that I don't wear them often and I don't walk very far. Only Tom said I walked more than other people so I went to find the statistics to prove him wrong and it turns out, he's right. So, I generally walk about 15000 steps a day, according to a few varieties of pedometer I've tried (10000 on sedentary days, 20000 on busy days) and according to the NHS an average person walks 3000-4000 steps a day. So no wonder my shoes wear out quicker!

I do feel like more walking would benefit me, though, I don't tend to do very well on 'moderate' exercise, I get sleepy and lethargic and sad.

Speaking of, I am seeing a response to the folic acid. I'm getting fewer pins and needles in my legs, and they're generally more comfortable. I'm still very tired a lot, though, and I still feel worse if I eat less meat.

Other stuff:
Reading: I just finished Oz Reimagined: New Tales from the Emerald City and Beyond, edited by John Joseph Adams, which is delightful and if you like Oz related stuff, worth reading
Watching: nothing yesterday, but I've been listening to LeVar Burton Reads, which is a podcast of short stories with an introduction and a few words at the end.
Playing: On the Underground, Colin and I drew! Child favourites at the moment are Hey! That's My Fish and Coup. I really like Coup, can take or leave the penguins.
Eating: orzo with a tomato, mushroom and mozzarella sauce for the adults and lamb chops for the carnivores.

(no subject)

Jul. 18th, 2017 02:16 pm
naath: (Default)
[personal profile] naath
12.A song from your pre-teen years

strong memories of primary school discos... yes I know it is awful.

https://www.youtube.com/watch?v=XutaTTNihe0
(Blobby song)

Catch up

Jul. 18th, 2017 01:42 pm
lnr: (Default)
[personal profile] lnr
Done since Jun 14th:
  • Test rode an Onderwater tandem, which has the child stoker seat at front - Matthew loved it
  • Second parents evening for Matthew's school, nice to see teachers again and get more idea of school plans
  • Rainbow Sponsored Trike Ride - I ended up riding Matthew's bike as a balance bike since he didn't want to join in
  • Blood tests: my calcium, parathyroid hormone and vitamin D levels are all normal, but keep taking the vitamin D for now
  • We did HBA1C as well, which is average blood sugar levels, also fine - I'm at slight risk due to Type 2 diabetes in family and current weight)
  • Picnic lunch and playdate with Kirsten/Andre/Judith/Colin and Lammas Land - lots of fun
  • Shelford Feast - Matthew enjoyed all the stalls and mini steam train and bouncy castles, I helped out on the Rainbow stall
  • Eye Test for Matthew this morning: doing great, patching is helping his eyes work well together, ordered new lenses for his current glasses, next appointment in October half term
  • Work appointed one interim head, who only stayed 2 days, and are now appointing again
  • The "implementation" phase of Organisational Change is officially complete and we all now in theory have new jobs - but almost no management so not much actual change at the moment
  • Total resignations now at 4 (Patrick, James, Stephen, Andrew) with possibility of more to come

Plus assorted bike rides, visits to the park, dyeing hair purple again and so on - and lots of lego :)

Coming up in the near future:
  • Collect Matthew's school uniform (I see the school's admin at Pre-School and she's kindly said she'll bring it along for me)
  • Early start tomorrow for Rainbow Leavers Trip to Wandlebury
  • Rainbow end of term staff party tomorrow evening: as part of the committee I'm involved in helping host it
  • Rainbow leaving party on Friday morning - last day of pre-school!
  • A week in the lake district starting on Saturday
  • Test riding a Circe Helios tandem when we get back
  • Folk Festival on Sunday 30th - possibly with Matthew, possibly without
  • New Interim Head of IT Group starts (phased in) on 1st August (Hi Julian)
  • A week in Devon with family from 4th August - staying at Wortham Manor

In between the two weeks away Matthew will have a week at Hania's - and then when we get back he's got three weeks of holiday club before granny and grandad come to visit the first week in September, and then school starts on the 11th.

I think I know why I'm exhausted :)


nou: The word "kake" in a white monospaced font on a black background (Default)
[personal profile] nou

I seem to have got involved in organising Queer Code London. We have a breakfast meet in Central London on Tuesday 1 August Tuesday 8 August, 7:30am-9am, and I’d love to see as many people there as possible.

The breakfast is free and includes vegetarian options, and the building is step-free accessible. You’ll need to join the Meetup group to see the location, but it's in Central London within a couple of minutes’ walk of a zone 1 station. Spaces are limited, so sign up ASAP.

No allies, please – this event is for queer coders only — but please pass this on as widely as you like.

Worldcon excitingness

Jul. 18th, 2017 09:22 am
ceb: (Default)
[personal profile] ceb
Worldcon has a programme! See here: http://www.worldcon.fi/programme/schedule/

Also, Worldcon has an at-con volunteer sign-up page! See here: https://urly.fi/Nos
If you're happy to help me set up the Exhibits hall on Tuesday then please say you've been assigned an area and pick "Exhibits MIMO" and I will be eternally grateful :-)
[personal profile] mjg59
In measured boot, each component of the boot process is "measured" (ie, hashed and that hash recorded) in a register in the Trusted Platform Module (TPM) build into the system. The TPM has several different registers (Platform Configuration Registers, or PCRs) which are typically used for different purposes - for instance, PCR0 contains measurements of various system firmware components, PCR2 contains any option ROMs, PCR4 contains information about the partition table and the bootloader. The allocation of these is defined by the PC Client working group of the Trusted Computing Group. However, once the boot loader takes over, we're outside the spec[1].

One important thing to note here is that the TPM doesn't actually have any ability to directly interfere with the boot process. If you try to boot modified code on a system, the TPM will contain different measurements but boot will still succeed. What the TPM can do is refuse to hand over secrets unless the measurements are correct. This allows for configurations where your disk encryption key can be stored in the TPM and then handed over automatically if the measurements are unaltered. If anybody interferes with your boot process then the measurements will be different, the TPM will refuse to hand over the key, your disk will remain encrypted and whoever's trying to compromise your machine will be sad.

The problem here is that a lot of things can affect the measurements. Upgrading your bootloader or kernel will do so. At that point if you reboot your disk fails to unlock and you become unhappy. To get around this your update system needs to notice that a new component is about to be installed, generate the new expected hashes and re-seal the secret to the TPM using the new hashes. If there are several different points in the update where this can happen, this can quite easily go wrong. And if it goes wrong, you're back to being unhappy.

Is there a way to improve this? Surprisingly, the answer is "yes" and the people to thank are Microsoft. Appendix A of a basically entirely unrelated spec defines a mechanism for storing the UEFI Secure Boot policy and used keys in PCR 7 of the TPM. The idea here is that you trust your OS vendor (since otherwise they could just backdoor your system anyway), so anything signed by your OS vendor is acceptable. If someone tries to boot something signed by a different vendor then PCR 7 will be different. If someone disables secure boot, PCR 7 will be different. If you upgrade your bootloader or kernel, PCR 7 will be the same. This simplifies things significantly.

I've put together a (not well-tested) patchset for Shim that adds support for including Shim's measurements in PCR 7. In conjunction with appropriate firmware, it should then be straightforward to seal secrets to PCR 7 and not worry about things breaking over system updates. This makes tying things like disk encryption keys to the TPM much more reasonable.

However, there's still one pretty major problem, which is that the initramfs (ie, the component responsible for setting up the disk encryption in the first place) isn't signed and isn't included in PCR 7[2]. An attacker can simply modify it to stash any TPM-backed secrets or mount the encrypted filesystem and then drop to a root prompt. This, uh, reduces the utility of the entire exercise.

The simplest solution to this that I've come up with depends on how Linux implements initramfs files. In its simplest form, an initramfs is just a cpio archive. In its slightly more complicated form, it's a compressed cpio archive. And in its peak form of evolution, it's a series of compressed cpio archives concatenated together. As the kernel reads each one in turn, it extracts it over the previous ones. That means that any files in the final archive will overwrite files of the same name in previous archives.

My proposal is to generate a small initramfs whose sole job is to get secrets from the TPM and stash them in the kernel keyring, and then measure an additional value into PCR 7 in order to ensure that the secrets can't be obtained again. Later disk encryption setup will then be able to set up dm-crypt using the secret already stored within the kernel. This small initramfs will be built into the signed kernel image, and the bootloader will be responsible for appending it to the end of any user-provided initramfs. This means that the TPM will only grant access to the secrets while trustworthy code is running - once the secret is in the kernel it will only be available for in-kernel use, and once PCR 7 has been modified the TPM won't give it to anyone else. A similar approach for some kernel command-line arguments (the kernel, module-init-tools and systemd all interpret the kernel command line left-to-right, with later arguments overriding earlier ones) would make it possible to ensure that certain kernel configuration options (such as the iommu) weren't overridable by an attacker.

There's obviously a few things that have to be done here (standardise how to embed such an initramfs in the kernel image, ensure that luks knows how to use the kernel keyring, teach all relevant bootloaders how to handle these images), but overall this should make it practical to use PCR 7 as a mechanism for supporting TPM-backed disk encryption secrets on Linux without introducing a hug support burden in the process.

[1] The patchset I've posted to add measured boot support to Grub use PCRs 8 and 9 to measure various components during the boot process, but other bootloaders may have different policies.

[2] This is because most Linux systems generate the initramfs locally rather than shipping it pre-built. It may also get rebuilt on various userspace updates, even if the kernel hasn't changed. Including it in PCR 7 would entirely break the fragility guarantees and defeat the point of all of this.

(no subject)

Jul. 17th, 2017 01:16 pm
naath: (Default)
[personal profile] naath
11.A song that you never get tired of

So many. I nearly went with a Rick Roll. This one I thought about putting for Wedding but no.. that wouldn't bu a great choice really.

I do so hope he plays 'The Rains of Castamere.' It's been an hour, I've forgotten how it goes.[

https://www.youtube.com/watch?v=vnuCsp_tVs0

(Rains of Castamere)

Not what I had planned for the day

Jul. 15th, 2017 09:45 pm
rmc28: Rachel smiling against background of trees, with newly-cut short hair (Default)
[personal profile] rmc28
I lost my house keys this evening, almost certainly while trying to help catch a loose dog in the local park. The dog is unharmed and reunited with his owners, who live nearby, but there was some terrifying running into a busy road first, and a bunch of talking to people after (including a long-overdue catchup with my neighbour).

Between that and my subsequent pacing around the park failing to find my keys, I am 50% over my target step count and extremely grumpy with tiredness.

LJ account compromised?, deleted

Jul. 15th, 2017 06:03 pm
damerell: NetHack. (normal)
[personal profile] damerell
Today, I got an email from LJ to the effect that my LJ account had been logged into from 212.129.2.227, which is J. Random IP Address in France. Mysteriously, although this was some hours ago, I don't seem to have embarked on a spree of Viagra posts/comments or anything. Hence I've ended the unknown login session, changed password, deleted account (weirdly, all of which I could do without agreeing to the evil new T&Cs).

I imagine this is a manifestation of the downfall of LJ, but:
worth checking yourself (www.livejournal.com/manage/logins.bml ) if you ain't already deleted your account?
let me know, please, if I suddenly go spammy anywhere else...

new skill

Jul. 15th, 2017 12:12 pm
ghoti_mhic_uait: (Default)
[personal profile] ghoti_mhic_uait
It occurred to me that I should take up a new craft, so I could use the slogan 'Come for the embonpoint, stay for the needlepoint'

Today's best spam

Jul. 14th, 2017 06:47 pm
ceb: (jelly angel)
[personal profile] ceb

Good morning,my friend,Selina again J

The toys I recommend today is :

BEACH TOYS

BEAUTY SET

WATER GUN

KITCHEN SET

SHOPPING CART

BABY NURSERY SET

BABY NURSERY SET

BEACH TOYS WATER GUN BEACH TOOL TOYS BEAUTY SET SHOPPING CART


That last one's quite specific, I wonder if they sell many?
rmc28: Rachel smiling against background of trees, with newly-cut short hair (Default)
[personal profile] rmc28
First of all, I accidentally bought the wrong shiny new phone outright, but that's ok, I'm being sent a returns envelope and I'm being refunded, and that's a lesson to double-check the version number before hitting buy.

Then I bought the right shiny new phone on contract from my current mobile SIM provider. I had it delivered to a local store, because it was that or my house, and slogged into town yesterday to collect it.  I was under the impression that the local store staff could sort out moving my number - this isn't a PAC situation because it's same-company to same-company.  But no! They were powerless! If I had come into the store to buy the thing in the first place they could have helped me, but because I bought in online I had to ring up the helpline to sort out my number.

So I did that this morning. But apparently because I have Not Done Things The Expected Way, the only way the person on the phone could resolve things is to have the phone company ship me another phone, and separately ship me a prepaid envelope to send back the other one -the one I have already spent ages setting up, naturally.  The idea that they could just update the records on the database on which they can see the details of both my contracts is just not possible, and there was a definite flavour of them graciously helping me out of my own mistake because it was clearly stated on the website that I had to go into a store to upgrade. 

(I checked this morning, and the relevant page does say "you can upgrade by going into a [brand] store" - in a page that has a bunch of other stuff on it, and in definitely smaller print than the big banners saying "get special deal on our shiny new phones".  Were it me, I'd change it to say "to upgrade, you must go into a store".)

I mean, I think I'm not going to be out any money due to my Not Doing It Properly, just some tedious admin.  But it's annoying and I'm frustrated both by the weddedness to Going Into A Shop, and by the idea it's somehow better to ship two phones back and forth than to update a database.

The phone is very shiny and lovely though, and I'm sure its twin will be just as good.

(no subject)

Jul. 13th, 2017 05:43 pm
naath: (Default)
[personal profile] naath
10.A song that makes you sad

oh so many, but I'll pick this one

https://www.youtube.com/watch?v=ljijk2T8zV4
(Empty chairs at empty tables)
Page generated Jul. 22nd, 2017 06:46 pm
Powered by Dreamwidth Studios