Security B-Sides Detroit is coming up soon, and it's going to be awesome. i will be giving a talk there on June 2 at 2:00pm about research i have done into HTTP Strict Transport Security. aside from that, there are two full days of talks and workshops; whatever your niche of interest within information security, there will be talks there to engage you and make you think. if there is any way you can get to Detroit that weekend, please make your plans, and get a ticket to B-Sides Detroit!

in anticipation of B-Sides Detroit, mwjcomputing and Tazdrumm3r have written scripts in several languages to print countdowns to B-Sides Detroit. mwjcomputing shared scripts in PowerShell, bash, and Ruby on his blog; Tazdrumm3r did his in Python.

i thought this was a fun idea, and i wanted to write a script. Python and bash are the languages i program in most often nowadays, but obviously i couldn't just redo the script in a language that had already been done. i love to program in x86 assembly, but hadn't had an excuse to use it much lately, so i decided to see if i could write my countdown script in it. after intermittently bashing my head against it for the last two days, racking up more segfaults than i could count, and becoming very good friends with gdb, i managed to get some code that works.

this should assemble and link, with nasm and ld respectively, on a 32-bit Linux machine. you can download the source code (which is far more readable, because it has things like "indentations" and "linebreaks" that the code tag seems to hate) or my executable (compiled in 32-bit openSUSE) here.

if you don't feel like downloading anything, here's what i hacked up:


; untilbsides.asm
; counts down days, minutes, and seconds until BSidesDetroit 2012
; by rogueclown
; May 16-17, 2012
; licensed under WTFPL
global _start
section .data
nextyear db "Wait 'til next year for BSidesDetroit!", 0x0a
nextlen equ $ - nextyear
itsnow db "BSidesDetroit 2012 is now! Be there!", 0x0a
nowlen equ $ - itsnow
thereare db "There are "
therelen equ $ - thereare
untilare db " seconds until BSidesDetroit 2012! Make your plans!", 0x0a
untillen equ $ - untilare
daytohour db " days, "
dthlen equ $ - daytohour
hourtomin db " hours, "
htmlen equ $ - hourtomin
mintosec db " minutes, and "
mtslen equ $ - mintosec
section .bss
counter resb 4 ; generic counter for packing digits
digit resb 4 ; holder for digit
days: resb 4 ; days until BSidesDetroit
daystringlen: resb 4 ; length of days string
hours: resb 4 ; hours in fractional days
hourstringlen: resb 4 ; length of hours string
minutes: resb 4 ; minutes in fractional hour
minstringlen: resb 4 ; length of minutes string
seconds: resb 4 ; seconds in fractional minute
secstringlen: resb 4 ; length of seconds string
section .text
_start:
; get the current system time
mov eax, 13
int 0x80
; unix 1338559200 is 9am on June 1, 2012
; unix 1338681600 is 7pm on June 2, 2012
; test if BSidesDet 2012 has passed
cmp eax, 1338681600
jg toolate
; if it hasn't passed, test if BSidesDet is going on
cmp eax, 1338559200
jge now
; otherwise, calculate days until BSidesDet
jmp daysuntil
toolate:
; tell user to wait until next year
mov eax, 4
mov ebx, 1
mov ecx, nextyear
mov edx, nextlen
int 0x80
; exit gracefully
jmp exit
now:
; tell user to get there now, it's starting!
mov eax, 4
mov ebx, 1
mov ecx, itsnow
mov edx, nowlen
int 0x80
;exit gracefully
jmp exit
daysuntil:
; get the number of seconds until BSidesDetroit starts
; the current unix time is still in eax
mov ebx, eax
mov eax, 1338559200
sub eax, ebx
; eax contains the number of seconds until BSidesDetroit
; there are 86400 seconds in a day
mov edx, 0
mov ecx, 86400
div ecx
; save number of days
mov [days], eax
; move remainder seconds (partial day) to eax
mov eax, edx
; there are 3600 seconds in an hour
mov edx, 0
mov ecx, 3600
div ecx
; save number of hours
mov [hours], eax
; move remainder seconds (partial hours) to eax
mov eax, edx
; there are 60 seconds in a minute
mov edx, 0
mov ecx, 60
div ecx
; save number of hours, and leftover seconds
mov [minutes], eax
mov [seconds], edx
; initialize counter variables for numbers
mov eax, 0
mov [counter], eax
mov [daystringlen], eax
mov [hourstringlen], eax
mov [minstringlen], eax
mov [secstringlen], eax
; prepare strings to display time left until BSidesDet 2012
stringsecs:
mov eax, [seconds]
digitsecs:
mov edx, 0
mov ecx, 10
div ecx
add edx, 0x30
; push digit in edx onto stack
push edx
; count digit
inc word [secstringlen]
; if all digits have been created, move to minutes
cmp eax, 0
jne digitsecs
stringmins:
mov eax, [minutes]
digitmins:
mov edx, 0
mov ecx, 10
div ecx
add edx, 0x30
; push digit in edx onto stack
push edx
; count digit
inc word [minstringlen]
; if all digits have been created, move to hours
cmp eax, 0
jne digitmins
stringhours:
mov eax, [hours]
digithours:
mov edx, 0
mov ecx, 10
div ecx
add edx, 0x30
; push digit in edx onto stack
push edx
; count digit
inc word [hourstringlen]
; if all digits have been created, move to days
cmp eax, 0
jne digithours
stringdays:
mov eax, [days]
digitdays:
mov edx, 0
mov ecx, 10
div ecx
add edx, 0x30
; push digit in edx onto stack
push edx
; count digit
inc word [daystringlen]
cmp eax, 0
jne digitdays
printcountdown:
; print out the intro string
mov eax, 4
mov ebx, 1
mov ecx, thereare
mov edx, therelen
int 0x80
printdays:
; print days digits from stack
pop eax
mov [digit], eax
mov eax, 4
mov ebx, 1
mov ecx, digit
mov edx, 1
int 0x80
inc word [counter]
mov eax, [counter]
mov ebx, [daystringlen]
cmp eax, ebx
jl printdays
; segue from days to hours
mov eax, 4
mov ebx, 1
mov ecx, daytohour
mov edx, dthlen
int 0x80
; reset counter before printing hours
mov eax, 0
mov [counter], eax
printhours:
; print hours digits from stack
pop eax
mov [digit], eax
mov eax, 4
mov ebx, 1
mov ecx, digit
mov edx, 1
int 0x80
inc word [counter]
mov eax, [counter]
mov ebx, [hourstringlen]
cmp eax, ebx
jl printhours
; segue from hours to minutes
mov eax, 4
mov ebx, 1
mov ecx, hourtomin
mov edx, htmlen
int 0x80
; reset counter before printing minutes
mov eax, 0
mov [counter], eax
printmins:
; print minutes digits from stack
pop eax
mov [digit], eax
mov eax, 4
mov ebx, 1
mov ecx, digit
mov edx, 1
int 0x80
inc word [counter]
mov eax, [counter]
mov ebx, [minstringlen]
cmp eax, ebx
jl printmins
; segue to seconds
mov eax, 4
mov ebx, 1
mov ecx, mintosec
mov edx, mtslen
int 0x80
; reset counter before printing seconds
mov eax, 0
mov [counter], eax
printsecs:
; print seconds digits from stack
pop eax
mov [digit], eax
mov eax, 4
mov ebx, 1
mov ecx, digit
mov edx, 1
int 0x80
inc word [counter]
mov eax, [counter]
mov ebx, [secstringlen]
cmp eax, ebx
jl printsecs
; finish message
mov eax, 4
mov ebx, 1
mov ecx, untilare
mov edx, untillen
int 0x80
exit:
mov eax, 1
mov ebx, 0
int 0x80


enjoy!

yesterday, I spoke at Security B-Sides Chicago about how to get started writing scripts in Python. it was part of the Tools and Teachers track at B-Sides Chicago; it's great that we had so many talks and workshops that were aimed at helping people learn how to use the the talk went extremely well, and i have gotten some great feedback from people who came to the talk for how i can make it better if i speak again about learning Python.

the slides from my presentation have been added to the presentations page. unfortunately, it was not recorded, but if you have any questions about the slides, please let me know, and i'll gladly talk to you about it.

last night, my friend Dani (@scrabbletron) and i got together, with the goal of rooting her Amazon Kindle Fire. it was running 6.3, and there was a quite clear set of instructions on the xda-developers forum, written by jcase, about how to root the device in 6.3.

(for anyone who has never rooted an Android device before, start looking for information on the xda-developers forum. it may not be the be-all-end-all, but there are a lot of people on there who are very good at hacking Android, and chances are there will be some good resources for how to get started with rooting or otherwise hacking your device.)

the problem is, the instructions were old. the post itself notes that the instructions are no longer current, and that people should use Kindle Fire Utility instead. i'm a little hesitant about using utilities other than adb and fastboot to root devices, given that the only time i tried any kind of one-click on a phone, i bricked it. however, we had an even more pressing problem -- Kindle Fire Utility is a Windows program. Dani runs Mac OS X, and i run Linux. we were trying to root it from her machine; to my knowledge, she isn't running a Windows VM on her laptop. i do have a few Windows VMs kicking around on my Linux box, but she already had the files on her machine, and were already at a nice rhythm playing around at her terminal.

the good news? after some trial and error, we successfully rooted the Amazon Kindle Fire, running 6.3, without using Kindle Fire Utility. we ran this on Mac OS X, but it should work on other platforms as well, with adb and fastboot. a lot of these instructions are similar to those in jcase's post, but they have been updated to reflect no longer being able to piggyback the FIREFIREFIRE bootloader off of the Team Win Recovery Project image.

here's how we did it.

before beginning, note that /workingdir will refer to your working directory. this should be the directory in which your adb and fastboot utilities are saved; it makes sense to save your other files in this directory as well.

knowing this, download the files you need.

• adb - https://developer.android.com/sdk/index.html (adb is the Android Debug Bridge, part of the Android SDK. this needs to be installed on your machine before you begin.)
• fastboot - http://android-dls.com/wiki/index.php?title=Fastboot (fastboot is the client on your computer that allows you to interact with the Android device in fastboot mode. this executable needs to be downloaded, preferably in the same directory as adb, before you begin.)
• fbmode.zip - http://forum.xda-developers.com/show....php?t=1414832 (utility to run on Kindle Fire to force fastboot mode on next boot)
• FIREFIREFIRE - http://forum.xda-developers.com/showthread.php?p=23492717 (the custom bootloader to install on the Kindle Fire)
• twrp2 - http://teamw.in/project/twrp2/79 (the custom recovery image to install on the Kindle Fire.)
• su - http://dl.dropbox.com/u/8699733/kindlefire/su (the binary necessary for accessing a root shell on the Kindle Fire)
• Superuser - http://downloads.androidsu.com/superuser/Superuser-3.0.7-efghi-signed.zip (the Superuser package, which contains the graphical front-end to the su binary)

first, unzip the fbmode utility, which forces the Kindle Fire to go into fastboot mode on the next boot. then, push it onto the Kindle Fire.


/workingdir$ unzip fbmode.zip
/workingdir$ adb push fbmode /data/local/fbmode
/workingdir$ adb shell chmod 755 /data/local/fbmode
/workingdir$ adb shell /data/local/fbmode
/workingdir$ adb reboot


at this point, your Kindle Fire will reboot. it will look like it is stuck on the boot screen, but it's not stuck. it's in fastboot mode, ready for you to flash the FIREFIREFIRE bootloader on it. unzip the FIREFIREFIRE bootloader, and place it on the Kindle Fire as the bootloader image:


/workingdir$ unzip u-boot.zip
/workingdir$ fastboot -i 0x1949 boot u-boot.bin
/workingdir$ fastboot reboot


at this point (or any point at which you issue "fastboot reboot", the Kindle Fire may hang. let it, for a minute or two. if it doesn't reboot, don't freak out. just use the power button to turn it off, and turn it back on again. it will boot back up to the regular Kindle Fire OS.

now, the FIREFIREFIRE bootloader is installed on your Kindle Fire; your boot screen will now be an Android logo by the Kindle Fire logo. you can now use FIREFIREFIRE to assist you in getting the recovery image onto the Kindle Fire. again, this is done from fastboot mode, so run the fbmode utility to force fastboot mode:


/workingdir$ adb shell /data/local/fbmode
/workingdir$ adb reboot


your Kindle Fire will reboot, and it will again appear to hang on the boot screen. it is back in fastboot mode, and you can flash the Team Win Recovery Project image from here, replacing twrp.img in the code line with whatever filename your recovery image is saved as, in your directory:


/workingdir$ fastboot flash recovery twrp.img
/workingdir$ fastboot reboot


after doing this, it will not boot into the regular Kindle Fire operating system at all. it will reboot, and go into fastboot mode on its own. once the Kindle Fire is back on the FIREFIREFIRE bootloader screen (with your friend, the green Android logo), issue the following commands:


/workingdir$ fastboot oem idme bootmode 5002
/workingdir$ fastboot reboot


this will reboot the Kindle Fire directly into the Team Win recovery image. at this point, issue the following commands to install the su binary -- the program that actually gives you your root prompt:


/workingdir$ adb shell mount system
/workingdir$ adb push su /system/xbin/su
/workingdir$ adb shell chown 0.0 /system/xbin/su
/workingdir$ adb shell chmod 06755 /system/xbin/su


once su is installed, disable the root check, tell it to boot back into the OS on next boot, and then reboot back into Android:


/workingdir$ adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
/workingdir$ adb shell idme bootmode 4000
/workingdir$ adb reboot


at this point, you should have root access. once the Kindle Fire has booted back into Android, check to make sure that you have root:


/workingdir $ adb shell
$ su
#


if your prompt changes from $ to # after issuing su, congratulations! you're rooted.

if not...you're not rooted. if you are not rooted, go back to start, or look to see if these instructions have become outdated. (and, if you find anything, let me know!)

if you are rooted, exit out of the root prompt in adb shell, exit out of adb shell, unpack the Superuser zip file, and install the Superuser Android package:


# exit
$ exit
/workingdir$ unzip Superuser-3.0.7-efghi-signed.zip
/workingdir$ cd Superuser-3.0.7-efghi-signed/system/app
/workingdir/Superuser-3.0.7-efghi-signed/system/app$ cp Superuser.apk /workingdir
/workingdir/Superuser-3.0.7-efghi-signed/system/app$ cd /workingdir
/workingdir$ adb install Superuser.apk


at this point, the Superuser application should show up on your Kindle Fire as one of your available applications. take a deep breath...you're done! your Kindle Fire is rooted, you have a way of managing superuser privileges, and you can proceed from here to mess around, or install a custom ROM.

**********

a big thanks to jcase for writing the Kindle Fire 6.3 instructions that started our exploration, as well as to kinfauns for maintaining the FIREFIREFIRE bootloader, and providing enough info on his post for us to figure out how to flash recovery with FIREFIREFIRE installed.

Notacon 9 is coming up in less than a week!

i'm presenting on Friday, April 13th, at 2:00pm. my presentation is entitled Code That Sounds Good: Music Theory and Algorithmic Composition. if you're at all interested in making music with your computer, or just how in the world i got all that music for my spam station, the talk should be right up your alley. it will be an introduction to algorithmic composition frameworks, as well as basic concepts of music theory that come in handy when starting to compose with code. finally, it exhibits some examples (complete with both Python examples and audio!) of algorithmically composed music.

i'm also hosting Whose Slide Is It Anyway again this year. this year, Whose Slide is going to be Saturday night, from 8:00pm until 10:00pm. for anyone who is not familiar with Whose Slide, the concept is simple: i create twenty short decks, of nonsensical slides, and people sign up to give improvised five-minute talks based on the slide decks (and maybe, just maybe, subject themself to a bit of good-natured trolling and ribbing from the crowd). if you're coming to Notacon this year, make sure to sign up early to speak, because all twenty slots always fill up.

see you in Cleveland!

say ohai to Lovely Spam Music!

a few weeks ago, niteshad told me about spamradio.com, a stream of synthesized spoken spam emails set over ambient electronic music. this amused me greatly and was strangely soothing to listen to, so it became my default background music.

however, it started to annoy me that the stream only played the same few spams over and over again. judging from the fact that any of the spams with dates in them referenced dates in 2006, i get the feeling that the content of the stream has not been updated since then. so, i decided to take matters into my own hands. i started collecting spam, tried my hand at a bit more algorithmic composition...

and, now, Lovely Spam Music is born!

i've also set up an email address, lovely.spam.music@gmail.com, for the specific purpose of collecting more spam. i've signed it up for all kinds of spammy newsletters that i'm pretty sure will sell this address far and wide; if you feel the urge to make Lovely Spam Music even more lovely, feel free to opt this email address into as many spam lists as you desire.

hopefully, you will find this as amusing as i do.

i've done a lot of netbooting-related stuff at work. a *lot*. i could probably talk your ear off about PXE, WDS, and a million other bits of netboot-related jargon in my sleep.

however, there was one quirk with Ubuntu that was driving me crazy. Ubuntu Server 10.10 and before worked flawlessly. however, starting with Natty Narwhal, i'd do a netboot install that would proceed as normal...until i booted into the system. at that point, i couldn't actually see anything on the screen. it was clear the computer was booting: it would go through the BIOS, and only stop displaying video when it went into the operating system. i was stumped.

this happened on any machine i tried the netboot install on: Dell, Supermicro, HP, no-name, you name it. it happened on new machines and old machines. it always happened. i googled and googled with no luck, and finally just forsook netboot installs of Natty in favour of burning discs.

Oneiric Ocelot came out earlier this month, and i was hoping this problem would be fixed. i put it up on the PXE server, and no dice. i was annoyed, but i was determined. i cast a wider net in my search for a solution, looking at more general forum threads about Ubuntu video issues, since limiting it to just netboot install advice was getting me nowhere.

finally, i figured out the problem, and how to get around it. the problem was that trying to display the splash screen was completely borking the virtual terminal. (i figured this out because, when i hit Ctrl-Alt-F2 on one of the "hosed" installs, that virtual terminal came up just fine.) the problem can be avoided by preseeding the Ubuntu install to call a post-install script that removes the splash screen instruction from the default boot line generated by GRUB2.

to implement this, put the following lines at the end your preseed file. (or, create a preseed file with these lines, if you're not using preseeding with your Ubuntu install):


# this is just a post-install script.
#
# update Grub to get rid of that splash screen that borks the
# video on netboot installs of 11.04 and later
d-i preseed/late_command string \
cd /target; \
wget http://bigtruck.minazo.net/unbork_splash.sh; \
chmod +x ./unbork_splash.sh; \
chroot ./ ./unbork_splash.sh; \
rm -f ./unbork_splash.sh


this pulls a script down that fixes the GRUB issue, executes it in a chroot of the new install, and then deletes the script.

for the sake of openness, here's the script it pulls:


#!/bin/bash
# by rogueclown, 2011
# WTFPL (Do What The Fuck You Want To Public License)
cd /etc/default
sed "s/quiet splash/quiet/g" grub > grub.new
mv grub grub.orig
mv grub.new grub
update-grub
exit 0


voila: the box reboots, and you've got video.

why a server, much less a Linux server needs a splash screen, i'll never know. i love Ubuntu Server, but i'm quite angry that such a useless feature as a splash screen causes such an annoying problem as borking the virtual terminal on which it tries to display.

con-related busy season is right around the corner.

July 30 and 31 are Maker Faire Detroit; i'll be there from the 29th to the 31st. i'll be back from that for a whole two days, and then on August 2 i'm off to Vegas. i'll be attending BSides Vegas, as well as Defcon. i missed Vegas Con Week last year, so i'm over the moon that i'll be able to see everyone again this year.

then, less than two months later, i'll be attending DerbyCon in Louisville, Kentucky. DerbyCon is a first time con, but a lot of my good friends are attending, and there are a lot of speakers i recognize from other cons who i think are pretty neat.

(of course, if you see me at any of these events, come say hi! i'm not that scary, i promise.)

*****

as for my own projects...i feel like i'm at a bit of a standstill. i wish i could say more than just "i'm attending these events"; i wish i could say "i'm talking about this awesome thing i figured out". it's frustrating, and i'm thoroughly embarrassed that i don't have anything worth talking about or presenting about at any of these events.

part of it probably has to do with work: specifically, the fact that it has been really busy. i'm still working for the same company i've been with for over a year, and i'm really happy with my job, but there have been a few changes that have caused me to devote far more of my time and energy to work than usual, leaving me really just wanting to do things outside of there that don't require much brainpower.

most of it, though, i don't think i can blame on that. maybe i've hit a plateau, or a place where i lack direction. there are a lot of things i know a tiny bit about, or can explain at 30,000 feet. there's very little i feel i know well enough to use fluently, much less apply in new and interesting ways. my lack of natural aptitude in all things computer-related is a double-edged sword: it keeps the field interesting because i'm fighting uphill every step of the way to learn anything at all, but it also means i get frustrated by my shallow skill set, and intimidated by how much i have to retain in order to make it deeper and more useful.

alright, end of rant. back to your regularly scheduled radio silence.

facebook. diaspora. google+. blah. blah. blah.

there has been a lot of talk over the last few years about social media and privacy: how information is taken, how information is used, and how information is shared. it seems like such talk has only intensified now that google+ seems to have become what diaspora couldn't: a widely adopted social networking competitor to facebook. some say google+ has better controls. some say facebook does. i see the volleys going back and forth on twitter, as well as on technology news and opinion websites, about who has the better privacy controls.

i shake my head in astonishment that people care so much. the idea that anything you post on a social networking site is going to remain private, no matter how tightly controlled your privacy settings, circles, or whatever else you want to call them...that's naive, and nothing short of laughable. there is no such thing as social media privacy.

am i saying that this is reason not to use social networking sites? no.

i'm an avid user of social networking sites. i'm hopelessly addicted to twitter and facebook, and google+ is swiftly approaching that top tier of my social networking hierarchy. i post more information than most people do to such sites...my name, the city in which i live, my google voice phone number, what college i attended, whatever silliness i felt like ranting about on the way to work that morning? it's all there, and it's all on the internet. i have certain "privacy" controls set, like circles-only on google+ or friends only on facebook, but i know full well that the information may seep outside that range of people: either by a data breach, by some stranger shoulder-surfing a friend of mine who is reading my social networking posts, or any one of a million other ways that information could leak out.

of course, the only concern isn't other individuals reading your information -- there's also the issue of the site leveraging or selling various information you post in order to target ads and make money. the social networking sites may try to tell you that they're going to protect your privacy, or give you certain rights to your information, but those rules may change at any time. (case in point -- the twitpic terms of service kerfuffle.) available privacy controls and data use rules may change at any time. furthermore, sites may be not entirely truthful about how accessible your information is, or who they're selling your information to. it's not in their interests to protect your data. the only one who cares in the least about how well your information is protected, or how accessible your information is, is you.

in short, no matter what privacy controls i set, i don't post anything to a social networking site that i wouldn't post to something completely public. that's the only meaningful privacy control there is, as far as your data getting posted on the internet: if you don't want a certain piece of information out there, take your hands off that keyboard, get off the social networking site, and don't post that piece of information on the internet, anywhere. if you post your information on a social networking site, and then whine that it has been misappropriated or misused, i've got no pity for you.

am i saying that every single piece of information that is used anywhere online is public information? no.

posting on social networking sites, blogging sites, things meant for people to read is one thing...conducting sensitive business such as banking, online shopping, or anything involving medical records is another. in those cases, there should be strict auditing and oversight of privacy policies and data retention, and legal recourse when information is misused. it's analogous to real life: if you're carrying on a transaction with a brick and mortar bank, store accepting credit cards, doctor, or the like...you have a reasonable expectation that the institution isn't going to misappropriate the information necessary to complete the transaction, and should not have to give up that expectation because you're doing that bit of business on the internet.

whereas, if you're at the coffee house hanging out with some friends or acquaintances, and you share a piece of information out loud, there's not a thing you can do about someone else overhearing what you say, or someone in your conversation spreading that as gossip to someone else. if you're telling a friend a secret in the comfort of your own living room, even, there's nothing you can do to stop it if your friend turns around and tells someone else the secret, or someone was surreptitiously listening through your window. you can get mad, you can get annoyed, but the only way you could truly prevent it is by not divulging that bit of information in the first place.

it's the same thing with social networks: if you don't want it to get out there, don't say it in the first place.

Denemo is a lot better than i remember it.

i sing in choir. since i'm a terrible pianist, i cannot really sit in front of a piano and play my line of a song easily. this isn't a big problem for some of the music we sing, either because there's an easily accessible rehearsal track, or because we rehearse as a group frequently enough that i pick it up at practice. however, if it's difficult but not particularly well known, i'm in a position to have to make my own rehearsal track.

Denemo is score editing software for Linux...basically, a front end for Lilypond, a GNU music score engraver. it's useful for writing down compositions, but also invaluable if you need to learn a vocal line. it is supposed to allow you to type in a line with associated directions, and then play it back. you can follow along with the score; it plays what you've typed in accurately, unlike my inept piano fingers.

i remember using it about two years ago to make some rehearsal scores, but it was a clunky mess. the keyboard shortcuts weren't particularly intuitive, the menus were a mess, and i had a terrible time getting any of the graphical windows or mouse shortcuts to work. it was an unpleasant experience...i slogged through because i needed to have something reliable from which to rehearse some solos i was trying out for, but i cursed that program left and right. it was so bad that i went back to taking pieces to the rehearsal pianos at the library and blundering through them there. that's BAD.

tonight, i finally revisited it. i needed something in order to make some rehearsal materials for pieces i'm singing this season, and there was no way i was ever going to be able to stumble through playing all my parts. i wanted to give it one more try, since it had been so long. i was excited to see that it worked significantly better than before. the default keyboard shortcuts were easier to type: numbers for notes, and alt-numbers for the corresponding rests. the menus and mouse shortcuts actually work...i'm not tearing my hair out anymore about how to enter a time signature, key change, a fermata, a repeat sign, or anything else! and, if i want to make keyboard shortcuts that make sense to me for any or all of the edits i commonly make to a score, i can.

it isn't perfect. it took me several tries to get triplets to work correctly; this annoyed me greatly, as there were two pieces i was entering in which my line had a ton of triplets. furthermore, even though counting up from 0 instead of from 1 is correct (and the geekier way to do it), it's annoying to have the keyboard shortcut for a whole note (0) on the right side of my keyboard, and then start at 1, 2, 3 for half note, eighth note, sixteenth note, etc. however, i think that can be rectified by changing my keyboard shortcuts around, something i may do if i end up using this program with some frequency.

finally, i'm even more excited because once i did the work of typing in my line from each of my scores, it was so easy to turn each rehearsal score into an mp3 that i can toss on my iPod and listen to when i'm running around town. i just saved the Denemo file as a MIDI file (from right inside Denemo). since i had timidity (a MIDI player, which will also play MIDI files as .wav files) and LAME (an .mp3 encoder) installed on my machine, i just ran the following two commands on the MIDI file:

$ timidity -Ow file.mid -o file.wav
$ lame file.wav

and, there it was. an .mp3 of a piano playing my line in the song, far better than i would ever be able to play it.

earlier this month, some sketchy start-up showed up at CES. their website is full of all kinds of vagueness and puffery. i'm doubtful their magical voice and data mesh will ever pan out, and the fact that Scott Redmond (the mastermind behind plenty of other tech-related epic fail) is behind this does not do anything to help the case.

however, one of the pictures in Rafe Needleman's CNet article is enough to make me want to travel back in time and laugh these fools right out of CES.

take a look at this picture:

according to Peep, the depicted object is the "Peep Pod walkie talkie", a $20 gadget that will allegedly sync with a bluetooth headset and transmit voice up to thirty-six miles. however, if you've ever logged into any somewhat sensitive computer systems, you're probably already thinking what i'm thinking. if you haven't, take a look at this:

this is not a Peep Wireless device. this is an RSA SecurID fob, a hardware token used in two-factor authentication.

compare it to the "Peep Pod" above. the shapes are identical. the recessed areas where it looks like something was removed are identical to the locations of the stickers on the RSA SecurID fob -- up to and including the little dent in the circle on the left. the layout of the number on the screen, as well as the dots down the side, are identical to an RSA SecurID fob.

from the looks of this, there's no such thing as a "Peep Pod" at all. it's a defaced SecurID, being used to try and dupe people at CES into thinking that they actually have prototyped hardware.