vulnerability - noun - A group of one or more blockchains.
(source: Sarah Jamie Lewis)
vulnerability - noun - A group of one or more blockchains.
(source: Sarah Jamie Lewis)
A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen. If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated. Good times.
You've probably wondered why stolen passwords are dangerous. There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services. Coupled with the fact that many online services use e-mail addresses as usernames, this means that all someone has to do is try to log into... well, everything.. with those stolen credentials and see which ones work. The second is that attackers now have lists of passwords that people actually use, and not huge dictionaries of potential passwords assembled for completeness. This means that password cracking attacks can be much more precisely targeted and will probably take less time.
There is no shortage of helpful suggestions for generating passwords that are relatively strong and easy to remember. The one that I find the most useful is the Diceware technique, which is fairly straightforward.
It's a bit tedious, though. Of course, people have written their own implementations of Diceware for various platforms and with varying states of usability. I use plain old diceware on Windbringer, mostly because it's available through the AUR but it lacks a few features that I really find useful. For one, to mix things up I like to sprinkle numbers over my generated passwords, like so: rerun-anteater-idly-00877-lining-paddling-8283
(No, I don't really use that passphrase anywhere. Come on.)
So, I decided to write my own Diceware utility in Python. I wrote it to be as self-contained as possible, which is to say as long as you have Python installed on a system it should run. The wordlist is built into the utility (which accounts for most of its size) and it's as easy to use as I can make it. I deliberately did not make some options I prefer defaults because I wanted it to be as helpful to people as possible. Per GNU standard, running ./diceware.py --help will print the online help. It's also open source so feel free to use it anywhere you like. I've tested it on Arch Linux and Mac OSX, and I don't see any reason why it wouldn't work on, say, Ubuntu or Raspbian.
Share and enjoy!
If you have multiple systems (like I do), a problem you've undoubtedly run into is keeping your bookmarks in sync across every browser you use. Of course, there are services that'll happily do this job on you behalf, but they're free, and we all know what free means. If you're interested in being social with your link collection there are some social bookmarking services out there for consideration, including what's left of Delicious. For many years I was a Delicious user (because I liked the idea of maintaining a public bookmark collection that could be useful to people), but Delicious got worse and worse every time it was sold to a new holding company. I eventually gave up on Delicious, pulled my data out, and thought long and hard about how often anybody actually used my public link collection. The answer wound up being "In all probability, not at all," largely because I never received any feedback at all, on-site or off. Oh, well.
For a couple of years I used an application called Unmark to manage my link collection, and it did a decent enough job. It also had some annoying quirks that, over time got farther and farther under my skin, and earlier this year I kicked Unmark in the head and started the search for a replacement. Quirks like, about half the time bookmarks would be saved without any of the descriptions or tags I gave them. No search API. The search function sucked so I couldn't plug my own search function in. Eventually, the Unmark hosted service started redirecting to the Github repository, and then even that redirect went away. Unmark hasn't been worked on in eight months, and Github tickets haven't been touched in about as long. In short, Unmark seems dead as a doornail.
So I migrated my link collection to a new application called Shaarli, and I'm quite pleased with it.Click for the rest of the article...
I didn't really do anything for my birthday this year, in part because I just wanted some downtime (rather than go to Pantheacon I stayed in a hotel and caught up on my reading, and later on went on a coffee shop crawl) and in part because my birthday gift this was a a road trip to Joshua Tree, California for a long weekend in March. It's been a long time since I was last in the high desert and, even though it didn't seem like it at the time I was looking forward to both the road trip as well as a couple of blessed days in the middle of nowhere in a rented AirBnB flat. Even though we were in the middle of the desert, I was most certainly not off the grid. I didn't expect to have strong cellular connectivity there, though DSL bandwidth was bobbins.
We didn't drive ten hours to the high desert to goof off online, though.
The first time I was in the high desert, I was there on assignment. When driving to the flat we'd rented we drove past Edwards AFB, and it felt like I was coming home. There are few places that I've ever really felt at home, and the high desert is one of them. I felt welcome someplace for the first time in a long while, and took full advantage of it by spending a good four or five hours a day hiking and rock climbing in the desert of Joshua Tree, exploring the desert, following some trails, taking pictures, and discovering that I haven't been climbing in a long time indeed (causing my knees and lower back to complain mightily for a couple of days). We made a couple of trips to Joshua Tree Outfitters to pick up a few things, and while I was there the owner was nice enough to repair one of the seams of the backpack I was using on this trip. I didn't bring any of my radios with me (probably unwise) so I didn't spend any time working local repeaters.
I haven't seen that many stars in the sky since I used to go camping at Four Quarters Farm back east. There was practically no light pollution that far out, and we could hear the wind almost the entire time. I felt a little regret packing up at the end of the long weekend to go home, when fate threw a spanner into our plans.
After packing up the TARDIS and getting ourselves settled in, the first thing we did was turn on the air conditioning... and a curious thumping, fluttering sound filled the passenger cabin, swiftly followed by a strange, almost acrid scent.
"Oh, shit. Did something climb into the engine compartment and get shredded when the engine turned over?"
The next couple of hours was spent searching for a garage in the vicinity that could work on a fairly recent hybrid, by way of a stop for breakfast to both get our blood sugar up and give whatever it was that might be inside the engine compartment a chance to either climb or fall out. Ultimately, we were only partially correct, much to our relief. The mechanic we saw informed us that, in the high desert it is not uncommon for local mammalian wildlife, including kangaroo rats to climb into the engine compartments of vehicles from below to stay warm overnight. Of course, they also tend to bring food with them, and we found a couple of seedpods cached here and there inside the engine compartment. We were also shown a nontrivial amount of leaf litter and assorted cruft that had accumulated atop the cabin air vents beneath the hood that probably wound up inside the ventilation ducts. In short, no dead critters, just some amount of plant matter that was dislodged and fell inside the ductwork. It's a fairly straightforward fix, but one that we can't do ourselves.
Since I last worked on this article a couple of days ago, the TARDIS was taken in for maintenance. I'm sorry to say that the initial assessment was incorrect; there is, in fact, a dead desert rat trapped in the environment control system. It sounds as if the air circulation fan didn't do in the critter because none of the usual adjectives were used to describe the situation (shredded, chipped, pureed, liquified, needs a squeegie). It also didn't sound like it was a very large desert rat because, we were informed, if it was bigger it would smell a lot worse than it does now. So, in addition to sundry repairs and tune-ups, the environment control system is being dismantled, cleaned out, and rebuilt, to the tune of $1200us.
Anyway, enough of my rambling. Here are the pictures I took while I was out hiking and rock climbing.
GSCA - acronym, verb - Using grep, sed, cut, and awk on a Linux or UNIX box to chop up, mangle, or otherwise process data on the command line prior to doing anything serious with it. This is not to preclude the use of additional tools (such as sort).
nopefully - adverb - Something in a state or manner in which one fervently hopes something does not happen.
A couple of weeks back, as part of our continuing education program at my dayjob I ran a hands-on class on locksport, the quasi-science (perhaps art) of picking locks for fun and... well... fun. I'm a security wonk so most of the talks I run have some security content in them, but I wanted to do something that was fairly suitable for everyone (coders and not). So, I got the go-ahead to expense a few more locks and some intro picksets to give away from The Lockpick Shop (no consideration for mentioning or using them, they had what I needed at a good price) and hauled most of my collection of locks and tools to work over the course of a couple of days.
I used the Creative Commons licensed lockpicking village slides from the TOOOL website for my talk after editing them a bit to condense them for time and spent a couple of evenings practicing both my slides and craft to gear myself up for the class.
What follows are some pictures and ruminations I have on the topic of locksport that come from years of playing around with locks (after spending about as long trying and failing to get any locks open) and doing formal and informal sessions on the topic. Please bear in mind, I'm far from a master of this particular art. I've competed only once (and pulled a Charlie Brown by picking the lock backwards, thus jamming it at the worst possible time) and, while I recognize that there are some very talented people out there who are into locksport for the sheer artistry of it, I'm not one of them. I'm a pragmatic lockpicker: I'm on assignment, I need into something, I'm going to pick the lock and get in. I'm not a spring steel artist.
Okay. Enough chitchat, here's what I actually wanted to write.Click for the rest of the article...
Going rogue - noun phrase - Ignoring the directions Google Maps (or whatever map navigation application you have on your phone) gives you in favor of using the knowledge inside your head and local area expertise. The thing about map navigation applications is that so many people use them, the moment you deviate from the main course you have almost entirely empty streets, with a significant reduction in travel time.
So, you're probably wondering why I'm posting this, because it's a bit off of my usual fare. The reason is I think it would be useful to make available a fairly simple algorithm for implementing a general purpose dead man's switch in whatever language you want, which is to say a DMS that could conceivably do just about anything if it activated.
But what's a dead man's switch? Ultimately, it's a mechanism that has to be manually engaged at all times if you want something to happen, and if that switch turns off for some reason, something else happens (like a failsafe). A good example of this is the bar on the handle of a power lawnmower you have to hold down so it'll move while the engine's running. If you let go of the bar the engine keeps running but the lawnmower doesn't keep rolling forward. Another example can be found in locomotives; the conductor has to hold down a switch or lever so the engine will pull the train, and if that lever is ever let go (say the engineer has a heart attack or is otherwise incapacitated) the throttle closes and the train will grind to a halt. More along the lines of what I'll be talking about are the watchdogs found in industrial controllers and realtime operating systems. While running normally a software process inside the device flips a bit somehow - say, writing a 0 into a certain device node. If the underlying hardware ever finds that the bit didn't get flipped within a certain period of time it reacts somehow to fix things (for example, it might reboot in an attempt to un-stick the gizmo).Click for the rest of the article...
I've been keeping quiet about the mass school shooting in Florida some weeks ago because it's such a hot-button topic, and many people speaking out are catching harrassment and death threats - even the students who survived the massacre. Of course, the National Rifle Association went on the record as saying, quote, "The NRA doesn't back any ban." Meaning, of course, they'll do their damndest to hamstring any new legislation that has to do with guns. It's also worth noting that there were multiple law enforcement officers - trained and armed - at the school, and they did nothing. Which isn't surprising to me; if they're anything like the police in the school I went to, they went out of their way to not do their jobs (the students selling both drugs and guns I graduated with did so with relative impunity). Oh, and let's not forget what can happen if you play the part of the hero and disarm the shooter - the cops think the hero's the shooter, and open fire. No good deed goes unpunished.
But that's not what I want to talk about. What I want to talk about is gun culture, as someone who's part of it, but who stays as far away from it as possible.Click for the rest of the article...