@tptacek -- you're so awesome. I keep meaning to reply on some of these security threads but then I see you've made the relevant points of sanity in a well reasoned manner.
For what it's worth, when I was setting up the culture and values of Google's first bug bounty programs, I hammered "be magnanimous" into the reward committees. i.e. look for reasons to reward more, not less. Find the value in the information provided, even if the person is being a jerk. etc. I don't think this culture has changed. There are teams of people rooting for incoming reports to succeed, and they get excitement and joy from issuing large bounties (because this means Google security is getting stronger).
The floppy disc controller doesn't have a way of knowing if the write worked or not. There are some corner cases here, like the drive can signal a fault line if it's on fire, but if there's simply a dodgy patch of disc surface, nothing will be apparent during the write.
So, the operating system could verify the write by reading it back, but I don't think the BBC Micro disc ROMs typically did that for file writes -- only for formats.
Great that you're working on something similar! How are you finding those tools for handling degraded tape waveforms? I keep bouncing back and forth between hacking up my own vs. wanting to find some existing tool that has some clever math formula.
Both those I linked seem to work fine, though the tapes I'm recovering from are mostly in good condition. The Python one is a bit more robust than the one included with ti99sim, but much much slower and picky about DC offset.
(Note that both of these also decode the TI's frame format; but it should be easy to pull out the core waveform decoder of either.)
The blog post uses conventions associated with the machine in question, the BBC Micro, which is an iconic 1980s UK machine. It was pretty much "Disc" back then, e.g. the dreaded "Disc error 0E" from the OS, or the spelling written on the discs themselves, e.g. this Watford Electronics Diagnostics disc:
> Early BBC technicians differentiated between disks (in-house transcription records) and discs (the colloquial term for commercial gramophone records, or what the BBC dubbed CGRs).
I love that.
In my own usage I've always made the magnetic distinction without really knowing why. At least now I can identify the boundary as 'magnetism'..!
The Beeb in school in the 80s had a 5¼-inch floppy disc drive. The BBC Domesday project, 84-86, was on Lazer Disc. But as Compact Discs took flight in the domestic market we'd moved to 3½-inch floppy disks; which by the 90s were labelled "diskette" IIRC and so were called disks. Then hard drives were called hard disk drives I think because they came from the global/USA market, so the only "discs" that remained in common use were optical discs, and the split - for me at least - was kinda-retconned in that optical discs were always 'discs' and magnetic were always 'disks'.
I (American) agree with chungy; there is a strong convention that specifies floppy disks and compact discs. We could say that "disk" is the American spelling of "floppy disk", but not that it is the American spelling of disc.
I suspect that "disk" is used because it is shortened from "diskette", which wouldn't work at all if spelled "discette".
By the 20th century, the "k" spelling was more popular in the United States, while the "c" variant was preferred in the UK. Consequently, in computer terminology today it is common for the "k" word to refer mainly to magnetic storage devices (particularly in British English, where the term disk is sometimes regarded as a contraction of diskette, a much later word and actually a diminutive of disk).
So in the mid eighties there was a distinct color/colour kind of split between disk/disc in the US/UK. And someone immersed in the world of restoring data from magnetic storage for a distinctly UK computer of the eighties? Eminently sensible for them to use the UK term, when everything on the computer is going to be saying "INSERT DISC 2".
----
There are also some notes in that page on how Phillips/Sony's choice of "disc" for the CD has ended up with that being the common choice for optical media vs magnetic; back in the eighties this convention was not yet established. And then there are also sections for disc/disk in medical literature, and in disc-throwing games. English spelling is weird.
I'd personally phrase things a bit differently: an _individual_ was able to pull this off while surrounded by screaming children. A large government, with all its resources and hundreds+ of people, would pull this off regularly and without breaking a sweat.
We definitely wanted fun! I guess there are two ways to slice and dice it: 1) fun because the application is exotic / iconic, or 2) fun because the chip is exotic. This is definitely a case of the latter: an exotic chip with interesting history.
Happy to change it to a better title, i.e. something more accurate and neutral. We're particularly happy to do that with corporate press releases, which often deliberately obscure the situation. But usually that requires a suggestion (and at least partial consensus) from users who understand the story.
Yeah, Apple's page titles generally suck, especially when they are presented without context. The big things in this one is that they're pushing fixes to devices that people had considered abandoned for almost two years, and that these fixes explicitly mention that they have been exploited in the wild in what I believe is Apple's second admission of this, and the first time they did so without blaming Google Project Zero of a mischaracterization. That's clearly a bit too much to put in a title, but something like "Apple releases iOS 12.4.9, backporting fixes for severe security vulnerabilities". I'd like to put "exploited in the wild" in there somewhere as well since I think it's an important part of the story, but I am not sure if this would keep it neutral.
It's an idiosyncrasy of the site that we avoid highlighting things in titles ("stories are community property, and submitting one doesn't give anyone the right to editorialize them").
I agree that the title we ended up with is suboptimal! "Exploitable" is a word I'd have been comfortable seeing there. But you take the good with the bad with the HN title rule; the site is primarily about discussion, not about being a noticeboard, and titles determine the discussion we have.
I’m not sure if it actually means “being used to exploit unknowing devices” given that Apple doesn’t define how they use it on that page. It very well could be referring to news about iPhone 12 jailbreaks (not that there is one yet https://twitter.com/fce365/status/1320691136890109952?s=21)
These are some good hacks and tricks!
The good news is that these fun days are still upon us. I'm a member of the Bitshifters collective: https://bitshifters.github.io/
If only there had been an internet then, rather than just me with my books and a few years to spare :-) I guess most of us were like that at the time.
I see the 6845 still has surprises yet. Now you've made me read the Wikipedia article on it, and I learned something new, that it can be tricked into reloading the display address in the middle of a frame. If only I'd figured that out that back in the day, that would have been very handy!
I wish there was an internet back then too, one that was fast, had a good search engine or directory ... and was only online for 2 hours a day for research purposes. A 24x7x365 internet would have gotten in the way of my tinkering which was mainly driven by boredom.
That's an interesting story of the 6522 VIA for sure :) I don't think it is what I was hitting though, for a few reasons:
1) "The 6522 has a bug in mode 011, shifting synchronous serial data in under control of external CB1 clock" -- this is not the mode I tried.
2) The bug appears to be intermittent data loss. What I had trouble with seemed deterministic, the chip is just too slow to respond.
3) I wonder if this hardware bug was ever fixed? The BBC Micro doesn't use the MOS 6522 VIA. It tends to use Synertek or Rockwell. It's unclear if those companies were just using the buggy MOS mask under licence, or something else.
For what it's worth, when I was setting up the culture and values of Google's first bug bounty programs, I hammered "be magnanimous" into the reward committees. i.e. look for reasons to reward more, not less. Find the value in the information provided, even if the person is being a jerk. etc. I don't think this culture has changed. There are teams of people rooting for incoming reports to succeed, and they get excitement and joy from issuing large bounties (because this means Google security is getting stronger).