Alex from "A Byte of Coding" dropped me a note letting me know that they were featuring my recent "Escaping Groundhog Day" blog post in their newsletter today, and I thought a reciprocal link to them was the least I could do in return. Alex does a daily drop of great coding links/topics, some of which are in the queue for future dives here. Tap the banner to read the issue Alex linked me.

Now, on with today’s edition!

Tart

I grabbed a maxed out 14" M1 Max MacBook Pro (dumbest. name. ever.) the minute it was available in the Apple Store despite having some trepidation about abandoning the x86_64 world of containers and virtualization. Having a massive Xeon server at home helped me pull the trigger, and — if anything — Apple's move to a completely different architecture is breathing some innovation into the virtualization space (at least on macOS).

Apple's new virtualization framework lets us run arm64-based operating systems on Apple Silicon at near native speeds, with other architectures requiring an emulation layer. Tart is a virtualization toolset to build, run and manage virtual machines on Apple Silicon using said framework. It was built Cirrus Labs for continuous integration and automation and enables pushing/pulling virtual machines from any Open Container Initiative (OCI)-compatible container registry. It even has a Packer plugin to automate VM creation.

Unlike Parallels, Tart is free. You can get it up and running on your Silicon Mac after a mere 18GB (o_O) image download:

brew install cirruslabs/cli/tart
tart clone ghcr.io/cirruslabs/macos-monterey-base:latest monterey-base
tart run monterey-base

I did the above and it does what it says on the tin.

If you're game to try other solutions, you may be interested in UTM (GH) which also lets you use emulation (via QEMU) to run machines for other architectures.

Play This PDF

I'm going ask you to work a bit for this section. Please head on over to lab6 and download the file labeled "01 – An accessible PDF/MP3/TXT polyglot; Fantasy Footbyte" (SHA256 hash of 0145df4ffcd382db238d1bc87c014013aa9cbc2298fe2a68fef09ca66cc99da6). I suggest using a command line tool such as wget or (preferably) aria2. Go ahead. I'll wait…

…taps fingers impatiently…

Go it? Great! I'm making the assumption the file is named 1.pdf. Double-click/open it via the normal way you would a PDF file on your system. This what I see in Preview.app:

Now, close it, and fire up a console/terminal session and move to the directory 1.pdf resides and do your operating system's equivalent of head -60 1.pdf. You should see some weird PDF codes and then a very readable text section.

Now, rename it to 1.mp4 and open it up in whatever you use for playing random media files from the internet (NOTE: in general, please do not download and play random media files from the internet).

Crazy, right?!

This experiment from lab6 is what is known as a polyglot file. That link goes to a 'splainer by security researcher Vickie Li (@vickieli7) and I'll quote her definition of them here:

Polyglots, in a security context, are files that are a valid form of multiple different file types. For example, a GIFAR is both a GIF and a RAR file. There are also files out there that can be both GIF and JS, both PPT and JS, [PDF, text, and mp4] etc.

Polyglot files are often used to bypass protections based on file types. Many applications that allow users to upload files only allow uploads of certain types, such as JPEG, GIF, DOC, so as to prevent users from uploading potentially dangerous files like JS files, PHP files or Phar files.

I'll let you read Vickie's entire post (which has a full explanation) vs blather on my own here.

As Vickie notes, polyglots can be dangerous; they can also be fun and make documents more accessible (as in the case of lab6's experiment). They've also been around a long time (note: there's a word Cap' would not use in that site and publication).

We'll dive into polyglots more in the coming issues — especially on how to detect if a file is a polyglot — but I wanted to both whet your appetites and introduce some of you to this concept. You may never look at a simple PDF the same way ever again.

Space Ball

Thanks to the hourly chaos of the `45 years I missed a pretty significant development in 🇺🇸 NOAA/DoD weather telemetry plans. Between 2017 and 2018, the Air Force Space and Missile Systems Center (SMC) awarded Ball Aerospace & Technologies Corp a $349 million fixed-price contract to design and build two satellites equipped with passive microwave imaging radiometers and Energetic Charged Particle sensors to send into Low Earth Orbit.

These new weather satellite plans are centered around enhancing information technology, improving cyber safety/resilience, and deploying "small" vs large units to replace the aging components of the Defense Meteorological Satellite Program (DSMP) which "see" such environmental features as clouds, bodies of water, snow, fire, and pollution in the visual and infrared spectra.

For this mission, the pair of Weather System Follow-on Microwave (WSF-M) satellites will measure ocean winds, rain, snow, ice and soil moisture, ocean surface vector winds, tropical cyclone intensity, soil moisture, snow depth and sea ice. It also will carry a Air Force developed and furnished space weather payload.

The core component of the 1,200 kg WSF-M (hit that link for what the satellites really look like) is a microwave imager instrument developed by the aforementioned Ball. You know this company pretty well for another item they manufacture (a hint is in the section banner), even if you aren't able to place the company name to anything. Ball also makes those simple beverage cans, and you can read more about the evolution of the company into an aerospace giant over at Popular Science where I caught wind of these new dishes.

The previous generation of military weather satellites (over two decades old) can’t tell the wind’s direction over the ocean’s surface, just its speed. WSF-M can do both. It will also the structure of storms in high definition. These capabilities, and the long-term data record enabled by WSF-M and others that follow, will help us measure and understand climate change. It will also allow far more accurate forecasting, which is essential for military operations, industrial shipping, and disaster planning.

Hopefully you'll find the linked resources as fascinating and informative as I did, and never take that humble soda can for granted again, since it (in a Connections sort of way) helped make this new generation of satellites possible.

FIN

125 subscribers completely by word of mouth! Thank you all for reading and sharing my daily ramblings.

Since starting this project, I realized I should have been putting my mental notes for the resources I find into Feedly/Roam/Inoreader/Raindrop (et al) all along (it's all in human RAM but I'm not sure I shld rely on a 50 year old storage device moving forward). It's been a fun exercise manifesting my personal mental narrative for these resources and it's good to be writing regularly again. ☮