Saturday, March 3, 2018

What was I reading in February 2018?

This month's reading list is quite light as I was on travel (multiple times) for most of the month. I'm also focused on generating another Element14 hardware review and attempting to get a user group organized. I also passed the GPYC certification.

Somehow I do this to myself at this time every year (volunteer for stuff in the Nov/Dec timeframe, slog through the obligations from Jan to Jun). In any case...


- Opera users claim that Microsoft is opening new tabs to advertise Edge Leopards. Spots.
- Programming the Linux Framebuffer - I may need this for the upcoming hardware review.
- Why Microsoft Office is a bigger productivity drain than Candy Crush Saga - Cause and effect, or just correlation?


- How to deal with NBSPs in a terminal
- Troubleshooting Tips: Failed Debugging with GDB - Having taken the Doulos class, I'm still trying to learn this. The Doulos course included an example of remote cross-platform debugging. For me, it's a much needed skill.
- Checking the Ubuntu Linux kernel updates on Spectre and Meltdown - The other time sink this past month.
- The SCO Vs IBM Zombie Shambles On - The annoying part of this bit of undead theater is "SCO's source code". I thought that it had been decided (in court) that SCO didn't own the source code. WTF?


- Running Microsoft SQL Server pod on OpenShift


- How writing can change your career for the better, even if you don't identify as a writer


- OpenBoard - the best interactive whiteboard for schools and universities
- How did Google Talk change from a dream to a nightmare? - I believe the author's problem is that he's using the tools provided by Google. I'm still using Bitlbee to connect to GT and little has changed since Day 1.


- FCC report finds almost no broadband competition at 100Mbps speeds My mom still can't get the Internet (without a satellite connection). She has to visit her children to update her Kindle.
- Eplox/TCP-Starvation
- Fizz Buzz in Tensorflow


- ARISS - Amateur radio on the International Space Station
- dtrace for linux; Oracle does the right thing
- The Risks Digest - For my own reference. I'll need it later.
- The cost of forsaking C - My opinion: C should be considered a basic skill. You should be able to read/fix C code, even though you don't use it on a daily/weekly basis.
- Appropriate Uses For SQLite - Should be required reading for "some people".
- Background removal with deep learning


- On Python Shebangs
- cknadler/vim-anywhere - I used this years ago. I don't remember why I stopped using it (given that I like to avoid mouse-based surfing).
- New Spectre/Meltdown variants leave victims open to side-channel attacks
- blog/unix/XNetworkTransparencyFailure
- How To Become A Centaur - Not surprising.


- The Benjamin Franklin Method of Reading Programming Books
- Determining Cat Chirality - Really? Someone needed to study this? (Hint; chirality = cat curls up clockwise or counter-clockwise.)


- Managing Someday-Maybe Projects with a CLI


- nuclearcat/cedarkey SSH key storage on cheap hardware


- Understanding the Limitations of HTTPS
- Who's Missing From America's Colleges? Rural High School Graduates - I'm a farmer's kid so this resonates a bit. I don't like concentrated city living but I don't fit in back home either. I work in tech and commute daily from what amounts to a small town.
- A Practical Introduction to Container Terminology
- Enhance an image - How it's done
- How to get yourself out of a funk
- Why Self-Taught Artificial Intelligence Has Trouble With the Real World - Reading for later.


- Study: students believe they are prepared for the workplace; employers disagree - This is why interviews include fizz buzz or similar. Also, author needs a dictionary (see if you can spot it).
- Heisenbug - ... and other fun "animals".
- Standing desks 'increase pain' and slow down mental ability study suggests - I could have told you that, but I'm old and my feet are having to deal with years of abuse (think 20 years of flight deck boots).
- AMP: the missing controversy - I can't help but feel tht this is a sour-grapes article. "Theoretical controversy" might be an indicator that the author is inventing conflict for the sake of clicks. It's open source. Don't use it if you don't want it. Me? I like reading content without the 40 or so advertisements pasted into the margins (or triggered pop-ups in the middle of an article).

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, February 3, 2018

What was I reading in January 2018?

Reading for the month of January was a bit lite because I was studying for a test (which I passed yesterday). At the same time, I was acting as technical editor for an acquaintance's book (completed a week or two ago).

I have approximately 3 weeks before the next set of courses starts and I'm taking a break (to let stress levels subside). That said, somehow I've let myself be tasked to write another hardware review...

In any case, January's reading:


- Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails - Slashdot - SMH... This usually sources from an attitude of either: "The rules don't apply to me." or "I'm too smart to get caught."
- An Introduction to Counterfeit ICs: Counterfeiting Detection and Avoidance Methods
- facebookresearch/wav2letter - Facebook's speech recognition toolkit
- Home - Much Assembly Required - an assembly programming game


- Don't pirate or we'll mess with your Nest, warns East Coast ISP - From the This-Is-A-Bad-Idea Department: Yet another company that will have to learn (the hard way) that two wrongs don't make a right.
- Announcing the OpenWrt/LEDE merge
- Intel facing class-action lawsuits over Meltdown and Spectre bugs - I'm not sure how the complainants think they have legal standing for this. How damaging is a 5% slowdown? If they're trying to recoup funds spent on installing the patches, that's a weak argument because they'd need to start suing the OS vendors too (on a monthly basis?).
- Spectre-on-Kubernetes - a proof of concept


- Largest Prime Number Discovered With More Than 23m Digits
- Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices - Now this is something which might trigger a lawsuit.


- Control-C handling in Python and Trio - I'm starting to pay attention to these because I've been taking a course in automation with Python.
- Mental models - Much falls into the GTD bucket.
- Introduction to reverse engineering and Assembly.


- William James - The Thinker Who Believed in Doing
- Cory Doctorow: Persuasion, Adaptation, and the Arms Race for Your Attention
- Now Playing: Continuous low-power music recognition
- Writing a C Compiler - Part 5
- tonybaloney/mocker - How bad could it get? :)


- Signal partners with Microsoft to bring end-to-end encryption to Skype - I'm suspicious of this. End-to-end encryption was there before Microsoft acquired the tool. I'm also annoyed: Skype doesn't "see" my Microsoft web cam (Google Hangouts does, though).


- Coin Cell Hacks That Won the Coin Cell Challenge
- Has pop music lost its fun? - I'm thinking that #5 can be blamed on software (i.e., audio loops).
- VMware Advances Container Case


- Start Your Own ISP
- DNS over HTTPS


- Reverse engineering FPGAs
- Detecting Chrome headless - new techniques


- How to Show Asterisks While Typing Sudo Password in Linux


- Faster R-CNN: Down the rabbit hole of modern object detection
- Why Discrete Math Is Important


- Mary Lee Berners-Lee's obit
- grep your way to freedom
- Speed Kills - Enter an Age of Unbridled Hyperconnectivity


- How to Prepare a Talk


- Rocket Lab Criticized For Launching Their Own Private 'Star' Into Orbit - Given the response, has anyone considered that RocketLabs may have launched the ball to annoy exactly that set of people?
- Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You
- How Old School C Programmers Process Arguments
- Copyright Royalty Board Boosts Songwriters Streaming Pay Nearly 50 Percent - Anyone else confused by this? The streaming services don't pay the songwriters directly, they pay the publishers. Basic math: If the publishers still keep their (large) percentage, it's not going to budge the writers' cut. Yes, they'll get a bit more money but it won't move their percentage of the vig. Shenanigans by the usual parties?
- Selectric bug - Operation GUNMAN - how the Soviets bugged IBM typewriters
- Google's Cloud Shell
- Please Stop Using Local Storage
- halilozercan/halocoin - Learning about cryptocurrencies while learning Python
- Why We Forget Most of the Books We Read - Err... Speak for yourself.
- Taxonomy of Logical Fallacies - the old version
- [1801.01944] Audio Adversarial Examples: Targeted Attacks on Speech-to-Text
- The Feynman Technique: The Best Way to Learn Anything
- $530 Mln in XEM Stolen From Coincheck Can Be Traced, NEM Team Confirms
- Computer scientist uncovers clue to deciphering one of the most mysterious books in the world - Not holding breath but...


- The Open Sourcerer's Magic Spell Book
- Qubes Air: Generalizing the Qubes Architecture
- Vulnerable industrial controls directly connected to Internet? Why not?


- Easy laser-cut electronics cases


- Hans Peter Luhn and the Birth of the Hashing Algorithm
- LinuxBoot - Linux as firmware

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, January 1, 2018

What was I reading in December 2017?

December was a busy, busy month. From being on travel for approximately half of the month (cumulative), to a 3-day some-assembly-required post-Christmas session to assemble a toy plastic robot arm, to a multi-week review/interpretation of SSH man pages. Mix in family functions and vehicle inspections, and (overall) there wasn't much time to sleep.

One of my Christmas presents was complete ReSpeaker rig (7-mic array, Core board, Grove board). After playing with it for a week, I can honestly say that I like the mic array but abhor the severely under-powered (and resource-limited) ReSpeaker Core. Maybe I've been spoiled by the RPi and ODroid people but, for the same price as the Core board, I can pick up a board that's 3 times as fast and has 4 times as much memory. I've already pulled the mic array off and attached it to a Raspberry Pi. A review is on the "to do" list.

In the latter half of the below, you'll notice at least one theme. This is because I'm scheduled for multiple training sessions in the coming year and I'm trying to get a head start on learning the technologies involved.

Note: that robot arm is not yet done as Amazon has just provided the USB interface to it.


- When the Judge Distrusts Your Lawyers: Waymo v. Uber - (tldr; - decide which foot to shoot)
- How the judge on Oracle v. Google taught himself to code - Hopefully he will accept the "geek" monicker.
- Stanford University data glitch exposes truth about scholarships
- Writing a C Compiler, Part 1
- sshtalk - For an unknown reason, I like this. Have been neck deep in the various SSH-related man pages (for a different reason which I'll explain later).
- norvig/pytudes - Python programs to practice or demonstrate skills.
- The power of tmux hooks - a bit deeper into the weeds with tmux (valuable!).
- A Hacker's Guide to Git
- OpenWrt in a WiFi card reader - This one is on my want/to do list though I have a sudden dislike for under-powered OpenWRT devices (re: ReSpeaker Core).
- NY Attorney General Investigating Why Dead People Supported The FCC's Attack On Net Neutrality - (*sigh*) No comment.
- Google is making a computer vision kit for Raspberry Pi - Another for the want/to do list. Apparently it has a Movidius chip on the board. One other Christmas gift (note to self: wish lists are a must!) was a Movidius USB stick.
- Tweaking TCP for Real-time Applications: Nagle's Algorithm and Delayed Acknowledgment


- joe-shenouda/awesome-cyber-skills - For Theresa, if you're still doing this sort of thing.


- Neural Networks in JavaScript with deeplearn.js
- Adventures in Computational Lexicology - Short version: languages (spoken, computer, etc.) tend to change over time, are influenced by culture, etc.
- wtsxDev/Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things
- brylevkirill/notes - Miscellaneous notes on machine learning.


- Writing a C Compiler, Part 2


- A fablab burned down in France by anarchists
- Bad News for the Highly Intelligent
- Recycling Chaos In U.S. As China Bans 'Foreign Waste'
- The U.S. Media Yesterday Suffered its Most Humiliating Debacle in Ages: Now Refuses All Transparency Over What Happened


- Modern SQL: Three-Valued Logic 3VL Purpose Benefits and Special Cases
- Fuzzy Thinking: Fuzz Testing and Formal Grammar


- Array of Things
- Communicating Advanced Mathematics to Kids
- Top Courses to Learn AI Deep Learning and Machine Learning
- AppCypher/WebAssemblyLanguages - A curated list of languages that compile directly to or have their VMs in WebAssembly


- Jam3/math-as-code
- Neighbors house alarm triggers when I put my car in reverse.
- Mining Bitcoin with pencil and paper: 0.67 hashes per day


- Barbed Wire Telephone Lines Brought Isolated Homesteaders Together - a bit of history...


- Adhesive action with position: sticky!
- XenServer 7.3: Changes to the Free Edition
- Advanced SQL Server Man-in-the-Middle Attacks
- Funding Yourself As A Free Software Developer
- WannaCry: End of Year Retrospective
- Staaldraad - netstat without netstat/what to do when the netstat command is not installed
- On Writing Short Papers - I'm told that I tend to violate the first two guidelines.


- Keras Tutorial - Traffic Sign Recognition - On my list for possible experimentation with the Movidius stick.
- Gamers Want DMCA Exemption for 'Abandoned' Online Games - This one will likely reopen old disagreements.
- Learning to operate Kubernetes reliably


- Monitoring my phone's internet activity with DD-WRT and Perl


- Read a MODBUS temperature sensor through USB-RS485 adapter on Ubuntu and Raspberry Pi


- Let's hand write DNS messages - Call me weird but I find this interesting.
- - Notes on using PulseAudio (note: that's not to say that violating some of these isn't fun).
- What happened to tcp flag URGENT, MSG_OOB and SIGURG?
- The Door Problem
- martin-ger/esp_wifi_repeater - Another for the "to do" list. I have a handful of these scattered about my desk and haven't had the time to play with them.


- How to avoid wasting megabytes of memory a few bytes at a time
- Filmmakers Want The Right To Break DRM and Rip Blu-Rays - Given the restrictions placed on us consumers, I'd say make the filmmakes pay a royalty for each and every disk they produce. What's good for the goose is good for the gander.
- How Hotmail Changed Microsoft and Email Forever - Comes across as self-referential puffery/history revisionist. That's not to say that I didn't like Microsoft's webmail products. I did win an internal award in 2003 for demonstrating an authentication bypass bug.
- How To Kill Inactive Or Idle SSH Sessions - uses pstree to determine the proper PIDs to target
- Escaping Docker container using waitid - CVE-2017-5123 - one for the "to try" list
- How to Write Articles and Essays Quickly and Expertly - more advice on writing

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, December 2, 2017

What was I reading in November 2017


- Court reinstates SCO's misappropriation claim against IBM in long-running lawsuit - Here's what I don't get: How does SCO have standing if they didn't own the code? This has passed through rediculous and has reached the realm of really annoying.


- Give old electronics new life with Linux and Raspberry Pi - On my "to do" list. One thing missing all along is a decent non-commercial IR interface (at one point, I used Global Cache equipment).
- 7 deadly sins of documentation
- What is the TensorFlow machine intelligence platform?


- Cheap Tricks: The Low Cost of Internet Harassment
- Niagara Falls - Dewatered American Falls 1969


- Becoming Your Own ISP Just for Fun
- kren1/tosheets - Send your stdin to google sheets. I think Dave S. might like this.
- Introducing security alerts on GitHub
- How I use Vim
- Schneier: It's Time to Regulate IoT to Improve Cyber-Security - I disagree. Education should be tried first. Legislation usually causes the price of the product to increase.
- Rural Americans can't check email or use credit cards because of slow Internet officials say - Odd. My mom still can't get Internet (other than satellite or driving into town).
- Concise electronics for geeks
- Introducing container-diff a tool for quickly comparing container images
- Skype faces fine after refusing to allow eavesdropping
- SmallData Blog Building a voice assistant to control music
- A Guide to Natural Language Processing


- Judge Finds Stupid Patent Web Story is Protected Speech
- Introduction to Computer Organization


- Hitler Quote Controversy In the BSD Community
- Google's Public NTP
- CVE-2017-16544: A Busybox autocompletion vulnerability
- 200 universities just launched 600 free online courses. Here's the full list.
- The Supreme Court Wanders into the Patent Troll Fight


- Using a logbook to improve your programming
- Glowstone - Open source Minecraft server.
- 1300 Free Online Courses from Top Universities


- Free Data Ebook Archive
- NLKNguyen/awesome-language-engineering
- The Beginning of the End for Copper
- The Citizens of Detriot Are Building Their Own Internet
- ondevice ssh just like ssh but for devices without public IP
- A Year in Computer Vision


- Munich Switching From Linux to Windows 10
- Review: Certified Ethical Hacker CEH Course - Hacking Tutorials

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Friday, November 24, 2017

Adding TCP service checking to Node-Red

The following C program can be used with Node-Red to provide service indicators in a dashboard. Basically, it accepts two arguments: the IP address and the port number of the target system/service. It then attempts to connect to that IP and port and returns either the word "on" or the word "off". When run with Node-Reds timer and exec modules, it provides a dashboard status for each of the targeted services.

Save the following to "portcheck.c" and compile it by running "gcc -o portcheck portcheck.c"

  // Tim Kramer - 18 Nov 2017

  // adapted from Silver Moon's code at:

  // Purpose of this is to work with Node-Red in checking on services.
  // This determines if a specific port on a specific machine is open
  // and returns "on" if a port is open, or "off" if port is closed.

  // This will exit without two arguments
  // Syntax:  portcheck IP_ADDR PORT

  // Possible issue: takes a few seconds to timeout if target machine 
  // is offline

  #include <stdio.h>
  #include <sys/socket.h>
  #include <errno.h>
  #include <netdb.h>
  #include <string.h>
  #include <stdlib.h>

  int main(int argc, char **argv){

     // check if there are two arguments, exit if not //

     if(argc!=3) {
        printf("usage: portcheck IP PORT\n");

     // declare variables and structures //

     struct hostent *host;
     int err, i, sock;
     struct sockaddr_in sa;

     // set up the sa struct //

     strncpy((char*)&sa, "", sizeof sa);
     sa.sin_family = AF_INET;

     // add the IP and port to the sa struct //

     sa.sin_addr.s_addr = inet_addr(argv[1]);  

     // check the IP and port //

     sock = socket(AF_INET, SOCK_STREAM, 0);
     if(socket < 0){
     err = connect(sock, (struct sockaddr*)&sa, sizeof sa);

     // return "on" if port is open, "off" if port is closed //

     if (err < 0){
     } else {

     return 0;

Thursday, November 9, 2017

Why MQTT use has increased, and why I'm hating on a certain ZWave IP owner

I ran across the this post during my daily perusal of tech news. It's both interesting and a bit limited, in that it only looks at protocol use and doesn't dig into why.

I believe that the "why" for the increased MQTT/MQTTS use is: hobbyists and developers. Tools like HomeAssistant and Node-Red have experienced a large growth in the home automation area. Both tools can use locally implemented protocols (Zigbee, ZWave, etc.) but tend to focus on use of MQTT for over-the-netwrok communications. Although they've been around for about 5 years, prices for Linux-based automation hubs, like Samsung's Artik boards, have decreased recently (mostly due to increases competition[1]). Couple this with free (for hobbyist) Internet-based MQTT(S) servers (list here) and it's easy to see why use of the protocol has expanded.

That's not to say that everything is sunshine and roses. Example: I have some reservations about Samsung's Artik series boards, it's mostly due to third party licensing for the Z-Wave interface. To explain, the Artik 5 board can be acquired for less than $100 and has interfaces for Wi-Fi, Bluetooth, Zigbee, and a few other not-so-popular wireless protocols. While the board does have a ZWave chipset, its use requires a separate purchase of firmware and a license from the intellectual property owner of the ZWave technology. The bad news is that said third party requires that you purchase a $1500 development kit, just to acquire the firmware. This greed effectively kills[2] just about every hobbyist-driven ZWave project and will likely create a market for alternative protocols and solutions.

In defense of the Artik 5 board, it's a nice piece of kit. Simply put, it's an ARM board that comes with the Fedora 22 distro[3] pre-installed. It has multiple antennas for the supported wireless technologies[4] and also has the ability to interface with Arduino boards. Of serious value is the USB-based serial interface (separate from the power supply connector) which allows for operating system access[5] without having the network configured.

For now, I'm stuck with working around the no-ZWave limitation by using getting automation software on the Artik 5 to talk to the same software running on a Raspberry Pi, which hosts a HUSBZB-1 dongle[6]. To tie in the opening of this post, such is achieved via use of Node-Red, using MQTT and/or MQTTS for over-the-network comms (rule of thumb: develop with MQTT, put into productions with MQTTS).

For anyone that wants to experiment with Samsung's offerings, I'd recommend the Artik 7 or 10 series boards. They come with a USB host interface (which the Artik 5 lacks) that allows for use of ZWave via the addition of a HUSBZB-1 or Anteon dongle. I'm also taking a look at using USB2IP, but such requires cross-compiling because the Artik 5 doesn't have enough storage to support installation of the tool chain needed to compile the code. In any case, it's not much of a shortcoming for me as I only have 3 ZWave outlets and 2 Zigbee bulbs. Moving off of ZWave, should I ever do it[7], will not be a major financial hit. I'll just continue experimenting with the other protocols.


[1] Manufacturers have no one to blame but themselves. Being first out of the gate doesn't justify exorbitant pricing. That just leads to having your lunch eaten in the time it takes for an engineer to design a similar product (these days, it's down to weeks).
[2] I learned about the licensing problem after I'd received the Artik 5 board for my birthday.
[3] I've managed to update the board to both Fedora 24 and the current Fedora 25. I've also managed to run Ubuntu 16.04 LTS from the SD card. (Note: the Artik 5 board does not support installation of Ubuntu, though the Artik 7 and 10 does.)
[4] It also has an antenna jack for ZWave, should you ever get around to adding it.
[5] On Linux, the easiest method for accessing the serial interface amounts to: screen /dev/ttyUSB0 115200
[6] Both Node-Red and HomeAssistant also work with the ZWave interface provided by the RaZberry daughterboard.
[7] I originally used the SmartThing's hub, with a MQTT interface to control those but I didn't like the need to have Internet connectivity to control the lights. We live in an older (Internet-wise) neighborhood and connectivity can best be described as "intermittent during damp weather".

Friday, November 3, 2017

What was I reading in October 2017?


- ntpd won't save you from one particular rogue bit


- How SSH became port 22


- alvarcarto/url-to-pdf-api - I need to experiment with this as I've been wanting an internal PrintFriendly-like service.
- WaveNet launches in the Google Assistant DeepMind - Another item on my list to try.
- An Update on Firefox Containers - ... and another...
- AWK for Multimedia - ... and another.


- Steve Wozniak announces tech education platform Woz U
- Exploding Git Repositories - Discussion of an issue similar to zip bombs.


- Falling through the KRACKs
- Dive into Deep Learning with 15 free online courses
- Practical public key cryptography
- Screen capture in Google Chrome - A possible partner for the url-to-pdf tool above?
- URG - A discussion of TCP.
- Everything You Wanted To Know About Blockchains - Part 1
- Vim After 15 Years
- Using cgroups to limit I/O


- Researchers find that LastPass 2FA can become 1FA
- ssh_scan: A SSH configuration and policy scanner for Linux and UNIX server


- An ode to pack: gzip’s forgotten decompressor
- Getting the Most out of Sqlite3 with Python
- Do you have the Learners Syndrome? - Uhm... I admit nothing, because I do get use out of what I learn. (Okay, maybe not the Japanese language lessons, but...)
- Unix is my IDE


- The Uncanny Resurrection of Dungeons & Dragons
- SSH Escape Sequences (aka How to Kill Dead SSH Sessions) - Just when you think you know a tool... Guess it pays to reread man pages now and then.
- Remember that $86 million license plate scanner I replicated? I caught someone with it.
- Newfound Wormhole Allows Information to Escape Black Holes


- Speech Recognition Is Not Solved - I'm not liking the author's argument because speech recognition only needs to be "good enough". Much of what he wants borders on AI (e.g., recognition of context).
- learnbyexample/Command-line-text-processing - Notes on processing text with awk.


- SNMP Authentication Bypass Cripples Numerous Devices
- OpenSSH Removes SSHv1 Support


- Secretary problem
- Outlawry Supervillians and Modern Law
- Replace your exploit-ridden firmware with a Linux kernel
- 10 charts that show why sleep is so important


- Understanding deep learning requires re-thinking generalization
- Stop Feeling Like an Imposter

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.