Slashdot Mirror
Review: QCast Tuner for PS2
It can handle many media formats; to me, the most important are MPEG-1, MP3, and JPEG. But it also handles DivX, MPEG-2 and MPEG-4, Ogg Vorbis, and PNG, and can be updated to handle other formats. But it doesn't handle the majority of my movie file archive, which are QuickTime, and that's a shame. And if you try to open a file it can't read (I changed some .mov files to .mpg, as it filters by name), it seems to hang.
I got the PS2 Network Adapter installed first, popped it onto the back of the machine, and ran the setup disk to configure it. Then I played a game of Madden 2003 online. I scored a touchdown on a tight end slant on the first play, then got one more play at the end of the half (a 30-yard reception to Troy Brown), and then didn't take another snap. Stupid 1-minute quarters. I lost 14-7.
Then I remembered I had this QCast Tuner thing, and I installed it on my PowerBook G3/500, where I keep my images, my MP3s, and my EyeTV recordings. It didn't take much to set it up, same as with the initial setup: I manually entered my IP address, router address, etc. and the IP address of the PowerBook G3. The software on the PowerBook updated and configured the PS2 software, and restarted it, and I was ready to go.
From the main screen you can elect to view pictures, or play music and video. I tried music first, where I had shared my iTunes directory, which has one directory per artist (except for compilations, which are in a separate directory). I have 293 directories in this directory, and there is no good way to skip to the bottom of the list; you can go one screen at a time, but that takes a little while. So I picked Ben Folds to start out with.
The user interface, apart from not handling long lists well, has several usability problems. To go up a directory, you select the ".." directory, which is something that Unix geeks know, but most PS2 users would expect to use the triangle button or something.
You cannot play songs from these lists, either; you need to add them to the playlist, then hit L1 to switch to the playlist, and then play from there. To get the ID3 tags to show up, you have to hit L1 again, and select that option (along with the shuffle and repeat options). And if you leave the playing screens (which makes the music stop, so you can't manage playlists while playing music) and come back, those options get reset.
You cannot get the time remaining of a song, and the UI doesn't show the full track name -- or track number -- if it is too large for the available space (it has trouble even with track "1/10", though "1/9" fits). And you can't scan forward or backward in a song or movie (which is often the case with streaming software), you can only pause, play, stop, and skip to another file.
To make it easier to find what you want to play, you can make playlists. Select the files you want to play in the interface, and save the playlist, which is stored on the server. I didn't want to do this for all my MP3s, but I had an easier solution: I wrote a small Perl script to create symlinks to my MP3 artist directories in other directories beginning with the first letter of the artist; and I share that directory of directories of symlinks instead. So instead of going down a list of 390 artists to get to Wesley Willis, I just select W, and he's right there.
My problem with EyeTV was greater: as noted in my review of EyeTV, the filenames bear no resemblance to the contents of the files, unlike the MP3s. But the solution I wrote for EyeTV was easily modified to serve me here, too. The playlists are just text files with the path (relative to the share point) on one line, and just the filename on the next line.
I thought I could change the filename line to be any arbitrary text (like "McLaughlin Group 2003.04.11") and have one playlist for all my EyeTV recordings, but that didn't have any effect; the display still showed the filename. So instead, I created multiple playlists, one for each program. So the playlist "EyeTV: McLaughlin Group" has paths for each McLaughlin Group recording I've got saved. It would have been nice to have an EyeTV playlist directory, instead of naming the playlists "EyeTV: ", but I could find no way to make nested playlists. If a playlist is not in the root playlist directory, it is not recognized as a playlist.
I can now watch the shows I used to have to watch on the computer, on the TV. It makes me feel kinda dirty, like it should have been on the TV all along. Oh well. And any changes to my music and TV recordings are regularly updated, as the two programs run via cron every half hour (and I can even begin watching a program that is currently recording).
QCast is bitten by the iTunes ID3 comment bug whereby data is stored with a frame header of "COM ", which is illegal. So QCast doesn't recognize any of the ID3 tag at all. I can't blame QCast for Apple's bug, especially since it bit my code too; this was the final straw that made me convert all my tags to ID3v2.2.0 (only v2.3.0 and v2.4.0 are affected). Maybe the QCast people can fix that problem when they add QuickTime support (he says hopefully).
The final issue I have is how to integrate it into my TV "experience." I don't want to have to turn on the PS2 and wait for it to boot every time I want to listen to music, so do I leave it on whenever I am around? And my system isn't set up to easily switch between PS2 and TiVo and DVD; my switch box has no remote, but does switch to a device that is turned on, which is nice for DVDs, but useless for when you leave the PS2 on all the time. I could plug the PS2 into the spare inputs on the VCR (which is on a separate input to the amplifier, and has its own button on the remote control), but that is kinda sloppy. And do I buy an IR remote control for the PS2? Is there an IR remote that can turn the PS2 off and on? These are problems mostly inherent in the design of using PS2 for multimedia, and there's not a lot I can do except to try to figure out ways to do things that work for me.
Basically, QCast Tuner is a nice idea, and it works well despite its UI and design flaws (some of which can be fixed on subsequent updates, I imagine), if you can fit it into your setup (or change your setup to suit it). I'm still undecided on using it long-term, but I am going to keep trying it out for awhile and see how it goes.
stfu!
fucking whores post.
The vulnerability can be demonstrated by sending some specially crafted
packets with the free command line packet creating utility called hping
which you can download from http://www.hping.org.
In the following example 192.168.22.6 and 192.168.22.2 are both hosts
that actually exist and are on a network and running Slash.
Two packets are sent from 192.168.22.2 to port 111 on host 192.168.22.6
and then one packet is sent back to host 192.168.22.2 from 192.168.22.6.
hping 192.168.22.2 -a 192.168.22.6 -s 3339 -p 111 --ack --rst -c 1 -d 0x1 \\
--setseq 0xffff0023 --setack 0xc0c4c014
hping 192.168.22.2 -a 192.168.22.6 -s 3339 -p 111 --ack --rst -c 1 -d 0xF00 \\
--setseq 0xffffffff --setack 0xc0c4c014
hping 192.168.22.6 -a 192.168.22.2 -s 111 -p 3339 --ack -c 1 -d 0 \\
--setseq 0xc0c4c014 --setack 0xffffffff
The first packet sets up a new Session structure in the stream4 module
and the important detail is that the base_seq in the client Stream is
set to 0xffff0023.
The second packet sends 3840 bytes of data in a large fragmented IP
datagram. This adds a packet with the sequence number 0xffffffff to the
tree of stream data to be reassembled.
The last packet sets the last_ack of the client stream to 0xffffffff
and since the difference between the base_seq and the last_ack of the
client stream is very large it is flushed for analysis.
When the stream is reassembled and the second large packet is added,
the stream is set up with these values in TraverseFunc() in
spp_stream4.c.
s->base_seq = 0xffff0023
s->next_seq = 0xffff0024
s->last_ack = 0xffffffff
The packet itself has these values
spd->seq_num = 0xffffffff
spd->payload_size = 0xf00
The first sanity check makes sure that the packet sequence number is
between the base_seq and last_ack values for the stream
spp_stream4.c:Traversefunc()
if(spd->seq_num < s->base_seq || spd->seq_num > s->last_ack)
This condition must evaluate to FALSE or the function returns.
Then there is a check that is supposed to detect conditions that would
overflow the buffer so that later code can handle it by truncating
the data.
The packet sequence number must be greater than both the base_seq and
next_seq for the stream
spd->seq_num >= s->base_seq &&
spd->seq_num >= s->next_seq &&
This condition is supposed to detect a packet that will overflow the
buffer (since the difference between base_seq and last_ack has already
been verified to be smaller than the buffer size). However, if
(spd->seq_num + spd->payload_size) overflows a 32 bit integer value
the expression evaluates to a small integer and the condition is passed.
(spd->seq_num + spd->payload_size) <= s->last_ack
Then the offset in the buffer to copy the packet to is calculated.
With our values, this becomes 0xffdc which is near to the end of
buffer.
offset = spd->seq_num - s->base_seq (offset = 0xffdc)
This memcpy() copies spd->payload_size (0xf00) bytes of data starting at
buf + offset (near the end of the buffer) overflowing into the heap.
memcpy(buf + offset, spd->payload, spd->payload_size)
On our Linux build of Slash 1.9.0 this overflow conveniently overwrites a
function pointer that is called immediately after the reassembly
preprocessor returns:
80 while(idx != NULL)
(gdb)
82 assert(idx->func != NULL);
(gdb)
83 idx->func(p);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x58585858 in ?? ()
We have successfully exploited this vulnerability and produced an exploit
that functions on several different binaries of Slash 1.9.0 and 1.9.1.
extreme.javachat.org
6667 #dimebag
come in and talk with gays around the world.
free beer! (free as in beer)
So the point of that whole thing was...?
It has been a full year since I first laid down the challenge. And since that time I have re-issued the challenge many times yet, YOU STILL FAIL IT!.
These FPs are pathetic and lame. Now, here is another vulnerability and it is used for a LAME ASS CRAP FLOOD.
Once again, I challenge you. If you really are a 1337 h4x0r or want to be a famous troll then you must successfully complete the ultimate troll. That is to replace the Slashdot banner ads with Goatse. Until then YOU ALL SUCK,
yesterday, i was resting my head in my arms on my desk. i felt the greatest, most satisfying feeling in the world.
I picked my head up and saw my 27 year old teacher kneeled down next to my desk. Dressed in a short black skirt with black nylons on, she was moving her hands across my inner thighs.
Her dark, full hair was all around my hands. she had my 3in penis in her mouth as she moved her head back and forth.
she sucked and licked me so well. then, she stood up and pulled off her skirt. she was fully shaved. she turned around and gave me a hot carl then proceeded to french kiss me.
then i stood up and walked home and told my mom it was chocolate, and not shit all over my face.
she said ok.
The possibilities are now endless...
If anyone cares, the real advisory is here.
Now modding myself down because this is Offtopic (I just wanted to quash any rumors... probably won't make a habit of this though).
You had no right to this post. It belonged to the REAL Minister of Information. I SO hope he replies to you and in the process destroys you. He will see this, don't you doubt it.
"look ma! no hands!!!" - random amputee
I have 293 directories in this directory, and there is no good way to skip to the bottom of the list; you can go one screen at a time, but that takes a little while. So I picked Ben Folds to start out with.
All my favorite artists are in the A to C range, with little or no interest beyond the Ms, so this sounds prefect for me.
Mmmmmm meatballs... Time for lunch!
and there goes what little karma i've gained in the past couple days. hehe.
"look ma! no hands!!!" - random amputee
Hey, this is a review of a ViewSonic V150 AirPanel! Not a QCast Tuner for PS2!
Best Windows Freeware
"text of the advisory has been edited (not very well)..."
Hey, maybe the original troll can apply for a job as Slashdot editor?
Slashdot is entertaining like pro wrestling is entertaining
Please do not lie sir! Security through obscurity is no security at all!
This vulnerability exists. Not only will your b0xen become r00tified, but you will contract AIDS and hemophilia! Upgrade now, before it's too late!
Get Your War On
.
Before declaring U.S. in violation of U.N. Security Council
resolutions
CANADIANS TO LEAD WEAPONS INSPECTION TEAM INTO USA
November 21, 2002
(Toronto) - A coalition of Canadian peace groups today
announced their intention to send an international team of
volunteer weapons inspectors into the United States later
this winter. The coalition, Rooting Out Evil, are recruiting
inspectors through their newly launched website,
Routing Out Evil
"Our action has been inspired by none other than George W.
Bush," said Christy Ferguson, a spokesperson for the group.
"The Bush administration has repeatedly declared that the
most dangerous rogue nations are those that:
1) have massive stockpiles of chemical, biological, andnuclear weapons;
2) ignore due process at the United Nations;
3) refuse to sign and honour international treaties; and
4) have come to power through illegitimate means.
"On the basis of President Bush's guidelines, it is clear
that the current U.S. administration poses a great threat to
global security," said Ferguson. "We're following Bush's
lead and demanding that the U.S. grant our inspectors
immediate and unfettered access to any site in the country -
including all presidential compounds - so that we can
identify the weapons of mass destruction in this rogue
state," added David Langille.
Visitors to Rooting Out Evil's website are invited to sign
on as honorary members of the weapons inspection team.
Honorary inspectors can participate in the action, or they
can simply lend the support of their name as they would on a
petition. The actual inspection team that crosses the
border will be comprised of prominent individuals from
Canada and other countries.
The Rooting Out Evil coalition includes Greenpeace Canada,
the Centre for Social Justice, and the Toronto Committee
Against War and Sanctions on Iraq, and is supported by
American groups such as the National Network to End the War
Against Iraq, Global Exchange and the US section of the
Women's International League for Peace and Freedom. They
oppose the development, storage, and use of weapons of mass
destruction by any state.--For information: David Langille or Christy Ferguson
info@rootingoutevil.org David Langille, Director of Public Affairs
CENTRE FOR SOCIAL JUSTICE489 College Street, Suite 303Toronto, Ontario M6G 1A5
Tel: 416-927-0777 x225 Fax: 416-927-7771 Toll free: 1-888-803-8881
Email: langille@socialjustice.org Website: http://www.socialjustice.org
Not interested in a war against Iraq?
Become a Weapons Inspector