Monthly Archives: June 2006

3DO Special

At long last, I have finally gathered up all my 3DO titles accumulated over the years and studied them with the help of the Opera filesystem Linux module. Thus marks the triumphant return of my inexplicably popular Multimedia Exploration Journal.

3DO Console

I have been curious about 3DO multimedia for a long time, ever since someone sent me some FILM files that he had found on the 3DO version of Lemmings using a custom tool to read the disc. Early CD-ROM-based consoles rarely had standard FMV API so the developers had to explore the emerging field on their own.

During this investigation, I found a number of the titles were published by Electronic Arts. A number of them used AIFF files for audio and a custom container format for what appears to be Cinepak data.

Son Of Early Adopter

Pursuant to my senseless HD DVD purchase a few months ago, fairness demands that I give equal time to Blu-Ray now that the discs are out…

Fifth Element Blu-Ray Package
Click for larger image

… even though you may have heard that the players aren’t available yet. Best Buy told me that the Sunday is the official day to start selling the Samsung player (no Sony in sight), though some Best Buy stores allegedly accidentally sold some prematurely.

The box copy touts 1920×1080 progressive scan video. Subtitles come in 7 varieties including English, English SDH (what’s that?), and Thai. The audio is listed as English 5.1 (uncompressed), English 5.1, and French 5.1. Presumably, the latter 2 options are compressed. The package sports the Dolby Digital logo. How is 5.1 audio stored uncompressed on these discs? If each channel were allocated 48 KHz, 16 bits/sample, that would require ~8.7 GB of the 23 GB disc for this 126-minute feature.

Anyway, for those who want to look for hidden messages in the literature accompanying the disc, see below (click any picture for a larger image).

Continue reading

Secure Automated Builds

I have a small, low-power x86 Linux box sitting on the internet. I want to use it to set up an automated build system for FFmpeg. To what end? At the outset, I would like to validate that the entire codebase builds, with all extra modules enabled, under different gcc versions and post results to a webpage.

The process outline is pretty straightforward. At periodic intervals:

  • check out a fresh copy of the FFmpeg SVN tree
  • ‘configure’ with all relevant options and the desired compiler version
  • ‘make’, log the stdout and stderr text in separate text files
  • log the status report to a public website

Pretty simple so far. Other ideas include compiling with multiple compiler versions, including cross-compilers for multiple platforms; automated regression testing; aggregated results sent to a new mailing list [insert your brainstorm here]. I’m starting small because this particular machine requires almost a half hour to complete just one FFmpeg build.

Here is the big item I’m concerned about: How to guard against malicious script injections? Not to say that I don’t trust my FFmpeg brethren but… I can’t think of a good way to end that sentence. But think about it: When you run the configuration script and Makefile, you’re executing free-form shell commands. One of the worser-case scenarios:

    find / | xargs rm -rf

“But Mike,” I hear you exclaim, “as long as you run it as your own unprivileged user vs. root, it won’t destroy the entire system.” That’s terrific news; the easily replaced Linux base system would be safe. So what about running the build process as a heretofore non-existent user (something other than ‘nobody’ since a standard Linux box is going to have files owned by him)? Random shell commands could still, for example, read world-readable files and transmit them offsite. What kind of files? I’m not interested in the fine details, it’s still a security hole.

So there is the possibility of switching to the unknown user in its own chroot’d shell. Ideally, this environment would:

  • prohibit network access (setup process gets the fresh SVN tree before entering chroot shell)
  • have access to various build tools

I guess what I’m wondering is: Have these problems already been solved? Are there open source projects that already provide good solutions to these problems? Otherwise, I already know it’s a lot of work to set up such an chroot environment (and I have no idea how to prohibit network access for a particular user).