Digital Shokunin

My talk from CarolinaCon is up.

This is not a professional talk, by any means, it was a humorous one, at a hacker con, meant to be somewhat entertaining, delivered late at night. Some of the sites displayed contain profanity, etc. I use some profanity in the talk as well. People liked it, one person told me it was their favorite talk which shocked me. The slides are here.

I will be attending CarolinaCon again this year with FALE since we are run the LockPick Village. The big difference this year will be I am giving a talk as well. This will be my first talk at a conference of any kind.

Unless something changes I’m scheduled Friday night(Mar 20th) at 10pm. Giving a talk at all was almost unexpected and only came about because they had extended the call for papers by a few days when not enough talks were received. I and several of the FALE members rallied for more speakers online and submitted our own talks. Mine was completely off the wall and related to a treasure trove of terrible but funny defacement pages I’d discovered. I hope to give an account of defacement pages, a short history of them, and deconstruct them with humorous results. I was surprised when it was actually excepted, especially since a lot of talks were submitted and some rejected.

I’ve completely messed up my Docker install on the server I was using it on so take my post with a grain of salt. I’ve been messing with Docker for over a year and found it advantageous for a lot of situations. The main thing a Docker container or LXC containers provide me in general, is a sandbox within which to experiment that doesn’t require running a full virtual machine, an extra server, or modifying the native OS settings to try out various applications, packages, or have a self contained environment for using certain software so I can keep it isolated from my base or default environment. One obvious application is doing development.

Someone recently asked for a free pentest in a private security related group for a site they had been working on for a while before it went live. Some of us guys at FALE obliged. Since it was a free pentest, I am taking the liberty to post about it. It was actually my first shell and first box I’ve popped that wasn’t mine. So it was a learning opportunity for me with some subtle direction by those more experienced.

I managed to make it to Vegas in a rather unexpected way, what originally was a planned beach trip ended up not working out, and I ended up being able to join FALE at BSides LV and DefCon 22.

I was working in the mornings, but most of my free time at BSides LV was spent at our lockpick village where we were joined by someone making hand made lockpicks as you can see above. I didn’t get to attend any talks, but the talks were found online shortly after, my favorite one being the Hack the Gibson talk which focused on IBM mainframes. Very educational considering I work with mainframes and do some operations on them at work. Jon McAfee, yes, that McAfee also made an appearance, which was interesting to say the least. He talked a little about his version of events regarding his recent troubles in Belize. Including alleged hired assassins out to get him, his personal spy ring, and people popping out from behind trees they’re hiding behind, and snapping pictures, etc. Later, he shifted into some Snowden-esque persona rallying for personal privacy online, and plugged his new product that spys on spyware, not sure how you protect yourself from spyware by installing his “trusted” spyware, but that was the sales pitch from my view. Also, there was the tower of vendor distributed condoms, collectively named “Bonerhenge”, built by some people who apparently didn’t have a better use for them in Vegas, thus had some time on their hands.

Oscar scanner is a project I mentioned in an earlier post. I wanted to follow up on that with my progress. It’s basically working now, more or less, after some hiccups trying to run it on Arch, and lack of time or motivation, ordering wifi adapters, etc. I have a video up demonstrating it’s use.

I have a short video of my the Adafruit UPC scanner in its 3D printed case being used here:

I don’t know if its because I’m now settled into the dad life or what, but I’ve been taking on more personal projects lately, working on them until I loose interest or find something else. Of course, leaving them in various states of completion, some times returning later. Sometimes its just lack of motivation, sometimes I hit a wall, a few cases are delays since continuing requires hardware or something that costs money. Sometimes its just lack of time. A big part of it is the problems I’m working on don’t hold my interest or seem of little point. I seem to be working on tutorials or guides, or very little that isn’t already well tread. I want to learn new skills, but I also want to solve real problems, or tangible improvments to something. I’d love to get involved in some real projects (but I can’t commit due to time), not run through a tutorial that gives me an example program to write that no one would actually use. That said, here is what I have in the hopper that I’ve slowly been trudging through.

I have an XPS 13 Developer edition laptop (aka Project Sputnick), after some updates to Ubuntu in recent months, it would randomly freeze. It became apparent it was the graphics card that was freezing as processes were still running even though the display image was frozen and the mouse nor any other input seemed to have no affect (if I left it on downloads would finish). This was very frustrating as I had bought an officially supported set of hardware for Ubuntu from Dell to eliminate these kind of hardware support headaches. Turns out the issue is a known issue with Intel 4400 graphics chipset and the old kernel. The solution was simple, get a more recent kernel, which means updating from the LTS 12.04 release of Ubuntu to a newer version. Since doing the update I’ve had only one freeze in almost a month.

I’ve been taking a Coursera crypto class, although I’m very behind, the theory has been informative. I was hoping to use what I learn to eventually get past where I’m stuck in the Matasano Crypto challenge.

Koding is a cool site that provides a web-based development environment that is perfect for budding programers and veteran programmers who want an easy to use sandbox environment to develop in. For free you get a VM that that comes pre-setup so that you can develop in several languages including Python, plus database backends ability to install more resources (you get full root access to your VM).

A lot of coders use it to stage or live demo a project, and of course the VM automatically shutsdown when you log off. You can expand the VM’s but that’s the point you start paying, or once your project needs some real resources, or you want to bring on additional team members, etc.