Everything But The Kitchen Sync

Tales From The Dork Web #23

In this issue of Tales From The Dork Web I’m going to share some more links with you around non-web networks you might like to visit, some Solarpunk developments you may have missed and share some of the things I’ve been playing with.

If you’re reading this online you can get Tales From The Dork Web in your inbox each fortnight by filling in the form below:

There are a lot of links in Tales From The Dork Web. If it gets too much, put it down and come back later. I wrote a guide to help you get the most from it.

This issue’s music comes from Kid Francescoli, a project by Marseilleaise producer Mathieu Hocine, and Julia Minkin. When the world finally ends this song will play in the credits. Press play and read on.

Escaping The Apple Trap

I have a pile of 2014-2015 era Macbooks from when I ran a consultancy practice. One of these is a Macbook Air used mostly for accounting-related stuff. My partner and I decided rather than downgrade the already slowing Macbook Air to Big Sur that she might want to try ElementaryOS, a Linux-based OS for Mac switchers. A firmware password was set back when the company had a standard Mac build. Whatever it was, it didn’t follow the standard. I couldn’t find the firmware password for this particular device in any backups, nor in any password vaults.

I got through to Apple tech support after an hour on hold. They said it was physically possible to clear the password, but I’d have to travel an hour to one of two specific Apple Stores (not other ones nearby) and do a ‘physical verification’ of ownership before they’d do it. Alternatively I could pay for a repair service to pick up the laptop by courier and do the physical verification for us. At that point they could clear the password. In the words of the gentleman on the call, “These are the only options”. These may have been his only options. They most definitely were not mine.

You might think this is about preventing theft. If it is, it’s not well thought out. If the device were stolen the theft would’ve already happened. A requirement to present physical proof of ownership is moot when the receipt was emailed. The device for years has been tied to an iCloud account. It was not reported stolen by me or anyone else. The ability to reset the password but to not allow passwords to be reset is Apple’s business decision. As such, my business decision is that unless otherwise forced to, I will neither buy nor support an Apple product again.

I decided I’d remove the firmware password myself. Don’t ever let anyone tell you what you can and can’t do with your own general purpose computation device. Computers do maths or are broken. All grey areas are artificial.

Please note, I will not help you fix your computer nor remove your own password, that’s not what I’m here for. I bought the kit because I have 3 Macbooks from the same era.

The A1466 2015 Macbook Air has an innocuous connector (J6100) on the bottom near the wireless card. This connector has lines running to the EFI firmware flash chip I wanted to reprogram. I bought an ENIT SAM J6100 adapter off eBay and hooked the Mac up to a CH341a chip programmer.

Before connecting the programmer to a laptop I had to disconnect the battery and plug in the power adapter for the Macbook Air. This caused it to switch on. I turned it off, and plugged in the CH341a. I used a slightly dodgy tool called CH341a programmer to detect the flash chip, in this case MX25L6473E. I dumped the chip contents and loaded it into UEFITool, a tool that lets me explore EFI boot firmware.

The nice thing about EFI binaries is that they’re in PE32 format. In plain English this means the binary is easily parsed. It’s not a Windows binary, so inside it’s more like reversing firmware. It was tough going but using UEFITool and Radare I managed to work out what displayed, took keyboard input and get some initial headway on figuring out how passwords were being stored. During a break I found a dear friend’s page from a while ago. In it he’d also reverse engineered the EFI firmware and gone far further than I. I carried on, working alongside his superb documentation.

Playing along with fG’s work I found the FirmwarePassword binary (2D61B52A-69EF-497D-8317-5574AEC89BE4) and confirmed it checked the supplied passphrase, issuing the underlying software with a 0 if correct or a 1 if false. Modifying it to always return a 0 should let me in with any password I wasn’t sure if it might cause other problems. I didn’t know if something else depended on it, if it would mean a password could never be set, or if later checks would put the laptop into an unsafe state. I decided to do read on. Then I saw this and my jaw dropped:

There is also another way to do this. The 3E6D568B variable is special because if you remove it, the NVRAM will be reset to a default state where the firmware password is not set anymore.

I had foolishly assumed that in 2015 Apple were competent at firmware security. I’m pretty sure that they’ve improved since but for now I thanked the security gods. I flipped the 3E6D568B variable to 3E6D568A, flashed the firmware onto the chip, unplugged the programmer and rebooted.

To my complete and total surprise it worked perfectly and I was in recovery mode in a jiffy. I wrote the process up in a bit more depth with more pictures on my Gemini blog, accessible in a web browser via this proxy. I wouldn’t recommend non-hackers try this approach but there are two lessons I feel matter here:

  1. Poor business decisions ultimately cost business.

  2. If we aren’t in control of our own hardware, there is no hope for our software.

I’d like to thank fG for his blog, without which it would’ve taken me days to get the confidence to alter the password check code instead of renaming a variable.

At The Other End Of The Scale

I recently upgraded my main laptop from a 2014 Macbook Pro to a 2012 Lenovo Thinkpad X230. You might think that’s a bit of a downgrade. In some ways you’d be right. It’s worth seeing the difference so you can see what computing could look like.

The Thinkpad X230 was the culmination of everything right about sustainable computing practices. It was one of the last great Thinkpad laptops. The hardware is either open or replaceable with open components. It was designed to be taken apart, have parts replaced and be put back together again and you can deblob the BIOS and get rid of Intel’s Management Engine, a hidden Operating System in control of your computer even when it sleeps.

It’s pretty heavily modified. I run Coreboot and SeaBIOS with Intel ME disabled and the OpenBSD Operating System. I use an X220 Keyboard instead of the native X230’s one (as it feels more like a grown up keyboard). I have an Atheros Wifi chip, 16Gb of RAM, a 120Gb boot SSD and 480Gb mSata data drive and an upgraded IPS screen. Aside from the motherboard, case and battery, nothing is original. How hard was it to do these mods? I did some, my partner (elbows shown below) did some too.

How is it to use? The computer mostly runs along fine, but Chrome feels sluggish on this system running OpenBSD. The keyboard is great to type on, but the nipple can be frustrating. I disabled the Track pad as I kept accidentally touching it. It’s slightly smaller than I’d prefer but that’s not inconvenient. I can recompile every aspect of this computer and I’ll be able to get spare parts way into the late 2020s. For anything not involving the modern (i.e. bloated) web this is brilliant. By having a slower modern web experience, I’m less distracted by things when I use it.

It’s my main but not only laptop. I still have the Macbook I used previously, which I use for certain work. But for what I care about this is /home, and /home is free.

Pak Choi Paradise

My partner and I started running indoor farming experiments with Pak Choi. She’s unhappy with the British winter effectively ending outdoor gardening for a months. We don’t know what kind of garden we’ll have when we eventually get to Ireland. While we’re growing other things we’re focusing on Pak Choi for experiments. Why Pak Choi? As a microgreen it has a 10 day seed-to-harvest cycle, which gives us time to iterate without pushing me too hard to build new setups.

So far we’ve had a couple of runs of Pak Choi under red/blue spectrum lighting, with control groups on a Kitchen window sill (left) and in the (cold) conservatory (right). The differences are quite startling. As well as growing food over winter, we’re going to use our developing setup to nurture seeds earlier for the summer garden.

I’ve started building a low-power modular wireless sensor network for plant monitoring. I’ll write more on it when it’s ready, but for now I’m building a firmware based on ESP32 microcontroller with a camera, DHT22 temperature and heat sensor, TSL2561 light sensor and two types of moisture sensor for medium and base spillage. Readings are sent to an MQTT service and I’ll set up a dashboard for graphing. Later on I plan to do some tests with reflective surfaces and lower-power RGB LEDs as much of the light from grow lights seems to be completely wasted.

A Missage From Our Sponsors

This hip new handheld from the good folks at Atari might be just what you need. With tech like this I’m sure Atari will be around for decades to come. Come to think of it, that kid does look familiar.

Things You May Have Missed

I just want to say if you worked on this you are contributing to the very worst parts of technology’s intersection with humanity and should be ashamed. In other news, AWS went down taking expensive smart devices with it in what’s best seen as a trial run for when the smart doohickie companies decide they no longer want to ‘support’ a product. Haroon Meer’s thoughts on features are 100% on point, as always.

SCP Is one of the best collaborative fiction sources I’ve ever lost hours, maybe days to. Evan Royalty (of Red vs Blue fame) made Overlord, a short SCP movie. Brilliant visual creepypasta.

The Arecibo radio telescope has collapsed. Unlike most telescopes, Aricebo was able to transmit. Many discoveries have been linked to it including discovering the length of Mercury’s day, the first radar images of the Venusian surface, even the discovery of the first exoplanet but my favourite memory is the Aricebo message.

The Amiga Show is a Youtube series produced entirely on a Commodore Amiga. Speaking of Amiga, Datagubbe wrote about little things that made Amiga great.

The Video Game History Foundation has a brilliant deep dive into the secrets of Monkey Island’s source code, complete with a 2 hour fireside chat and livecoding session with Ron Gilbert.

If like me, you’re a Minidisc user you’ve probably used the rather dated minidisc.org site to check for information about your model. The new minidisc wiki is coming along and worth a look. I also spotted a new Palm software website. I’ve been uhmming and ahhing about getting an old Palm for a year after letting go of my Vx.

Gallery-dl is a handy youtube-dl type tool for downloading images from popular gallery sites. Youtube-dl is developing again and has a new update. Steve Gattuso reminds me to write up my selfhosted setup, but you should check out his. Sarah Jamie Lewis had a go at beating the Stockfish Chess Engine by exploiting memory corruption instead of playing legitimately. Not the first, but a nicely detailed writeup.

YouTube is shadowbanning a video titled “Is the CIA a Terrorist Organization?” - you can watch the video (via invidio.us) if you like. Incidentally, if you like using alternative front-ends to reduce tracking, you might want to check out nitter and teddit.

I really enjoyed reading about public food spaces such as Incredible Edible Todmorden and this food garden in Le Havre. In other green news, the Standing Rock Sioux Tribe of North Dakota (whom you may remember from environmental protests) are raising money to build wind farms in order to bring green electricity to the region. What’s significant is that they want this to be a community-based energy authority with everything going back into the community, rather than having no ownership in the output. While the West has been busy building it’s panopticon, the Singaporean government have approved the world’s first lab-grown no-kill meat products. This is the future of agriculture I’m here for. I just hope it uses less overall energy than modern agriculture.

The weirdest thing I’ve seen lately is Can Dialectics Break Bricks, “a kung fu flick in which the martial artists spout Situationist aphorisms about conquering alienation while decadent bureaucrats ply the ironies of a stalled revolution.” - If you’re into philosophy and debate on the failures of socialist revolution, check it out. If not, you might like it almost as much as clownc0re.

I thought I’d end with Kazka’s KAPMA. Although Kazka are a Ukrainian pop band their music has a lot of electro-folk elements to it. It’s been jamming on my minidisc player for weeks. I hope you like it. I’ll leave you with a quote I saw on Mastodon. Bob doesn’t know where it came from, but more people in tech need to see it:

If it’s inaccessible to the poor it’s neither radical nor revolutionary

I hope you’ve enjoyed this issue. If you have a friend that might enjoy it, please do share it with them. I’ll return in two weeks with more Tales From The Dork Web