Wednesday, December 28, 2016

The dead (RadioShark) walks again!

One of the problems with Linux is that people cannot leave well enough alone. There's always someone that comes along, claiming that they have a "new and improved" method for performing a specfic task. It doesn't matter that their solution is non-universal. In this case, libhidapi (the replacement for libhid) is non-functional on Ubuntu (there's too many issues with using it). Since libhid was considered legacy, support for it was removed from Ubuntu.

For us not-really-a-good-programmer types, this can be a problem. In my case, the code for the inherited RadioShark is no longer compilable (even though the kernel recognizes the device and loads the proper kernel module for it).

Getting the RadioShark v1 working on Ubuntu 16.04.1 turned out to be a happy accident on my part. It shouldn't work but does. It relies heavily on the fact that people included compilied binaries with their code (as always, run at your own risk). I use this because it gives me a starting point at which I can sniff USB traffic and reverse engineer what needs to be sent to the RadioShark to control it. The bad news is that the provided source code still will not compile.


Following are the employed steps, just in case you're interested.

1) Grab libhid-dev_0.2.15+2006.325-2.2ubuntu1_i386.deb.tar.gz, which is attached to the forum post at:

2) Create a working folder, move the tarball into it, and untar the tarball. This creates three files:

  • libhid0_0.2.15+20060325-2.2ubuntu1_i386.deb
  • libhid-dev_0.2.15+20060325-2.2ubuntu1_i386.deb
  • python-hid_0.2.15+20060325-2.2ubuntu1_i386.deb

The third is not needed, unless you plan on using Python to control the RadioShark (and I doubt that it'll work in any case).

3) Use dpkg to install (first) the libhid0 file, then the libhid-dev files. Both will spit up errors about configuration but the libraries get installed. Note: you may need to run "apt-get install pkg-config" before using dpkg, and "apt-get -f install" afterwards.

4) Download the shark 1.0 tarball from:

5) Untar the tarball and cd to shark-1.0/bin/linux/i686. By default, the blue LEDs on the RadioShark should come on when you plug in the device. Run the following to see if you have control over the device:

  sudo ./shark -blue 0
  sudo ./shark -red 1

6) Tune a station by running:

  sudo ./shark -fm 98.7


1) If you hear nothing (not even static), open your PulseAudio volume control. Under "Input devices", you should see an entry for "Radio SHARK Analog Stereo", with a moving level meter underneath it. If the volume control is greyed out, hover your mouse to the left of the button with the lock on it. Another button should show up (this is the mute button). Click it to unmute the stream.

2) If there's no "Radio SHARK" entry in the PulseAudio Volume Control's "Playback" tab, run the following as your user:

  pactl load-module module-loopback

To make the above permanent, add the following to the end of /etc/pulse/

  load-module module-loopback

Update: The above does not work with USB 3.0 interfaces. Luckily, I have a computer with both USB 3 and USB 1.x/2.x buses.

Monday, December 26, 2016

Why it (crypto) is what it is

This week's Cron.Weekly newsletter included a pointer to Laurens Van Houtven's Crypto 101 web site. The site includes: a download link for his pending book and a You-tube link to his lightning-stlye PyCon 2013 talk, which discusses how we got "here" and "why". Even if you don't read the book, I recommend watching the video.

I'm reading the book now. The forward indicates that the book discusses the video's topics in greater detail, as well as providing hands-on experiment so that they reader can understand how specific types of crypto are considered broken. Will make additional commentary on the book later.

One initial comment that I can make: I wish this book had been around in the 70's, when I first learned Boolean math. We went into great detail on logic circuit design (including PCB fabrication) and LVH's book would have been a nice addition to the curriculum (I have the impression that it might be a good "foundation" book for that old curriculum).

Update: LVH's blog is here.

Saturday, December 24, 2016

RadioShark v1 on Ubuntu 16.04.1

Friend gave me a RadioShark v1 and a challenge (get it working on a current Linux distro). Woke up a bit early this morning and started pounding on it. Per usual practice, I started with other people's code (this is where I am now). It works because the tarball maintainer ( included a statically linked binary.

The tuning and LED functions work but (also as usual) there's bugs: no matter what command (other than "-h"), the binary stalls for 60+ seconds before it executes and returns. This doesn't affect the audio though.

Reversing this is going to be a challenge because Ubuntu no longer supports libhid, which was primarily a 32-bit library. I'm hoping that I can either port the code to use the libhid-api library or bypass the library calls altogether. If you know me, you'd realize that my preference is for the latter.

For now, I'm enjoying listening to local stations while catching up on a backlog for the document manager. Will take a first crack at tracing/debugging later today. I'm also wondering if plugging a USB1 device into a USB3 bus might have something to do with it.

Thursday, December 1, 2016

What was I reading in November 2016?

November was one of those very busy months, even with a couple holidays in the middle. I had a lot of fun with a NodeMCU, after a friend talked me into acquiring one (looking forward to acquiring and ESP32 now). Because of it, I'm revisiting all of my experimentation with I2C devices, this time without the Raspberry Pi! The home server is back online with (mostly) new hardware. Had to shuffle some peripherals to get it to work properly. (I now have two spare MSI video cards (w/ noisy fans) in my junk box. Anyone want 'em?)

I also acquired a Vocore1+Dock. Haven't had time to play with it much but I'm wanting to turn it into a portable access point for those ad-hoc/early evening demos for small groups/classes. (Note to self: the Vocore2 is out!)

December's looking to be similar to November. I'm considering burning some of my vacation time, just to take a break (have been burning the candle in the middle as well as the ends). In any case, I'm likely to need the time to set up the VMs and network for next semester's class.'

Other: A few weeks ago, I used Amazon Drop for the first time. They installed a Drop in a couple of the local grocery stores. I like it as I no longer have to worry about deliveries disappearing from the front steps.

Other: Only two more classes in this semester. Some of you still haven't given your presentation. Considering taking points from those that wait until the last minute (or maybe giving extra credit to those who present early?).

In any case, this past month's reading...


- Cryptanalysis of Enigma


- YBlog - Learn Vim Progressively Knowing Vi/Vim is a survival skill. You may not like Vi/Vim, but it's everywhere. You should know (at least) the basics. It's sizable enough that you cannot learn it all even in a single semester.
- The Mirai Botnet is Proof the Security Industry is Broken - Methinks that Max has given up. (Hint: if a service is that valuable, you should be runnning a local, non-public (or controlled-access) instance of it.


- So you think you know C? - (Partially a note to self) It's good to have reminders that you should remain humble.
- Bugsnag Blog - Benefits of using tmux - From the Know-your-tools department...


- C for Python Programmers
- Leonard Cohen Dead at 82


- Gridmaster - Learn Spreadsheets by Doing - Training!
- Docker user? Haven't patched Dirty COW yet? Got bad news for you.
- Would California be more successful as an independent country rather than as a state? - (sigh) And who's not catching on that wanting to set up your own government, because you don't like the current one, only amounts to you switching sides. Short version: you're incorrectly assuming that everyone in California agrees with you. Move on (or wait here). Another election will come around shortly. (Meh.)
- New attack reportedly lets 1 modest laptop knock big servers offline - This was a configuration issue. Blaming Cisco accomplishes nothing. Note that the author doesn't explain the different ICMP packet types. Also, with 1 TB of traffic, it isn't just endpoint firewalls that are "straining"...
- What So Many People Don't Get About the U.S. Working Class - Missed point: what about the internal shenanigans revealed. Why isn't that "influence" was used to skew the primaries for both parties also being discussed?
- Cubietruck: Ubuntu SSD install and boot from disk - This is a nice stepping-stone method to installation of Ubuntu 16.04 on the Cubietruck.


- The 7 most vexing problems in programming


- A Theory of Taxonomy
- Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing
- Killing Lara Croft
- Practical Cryptography


- Oracle and Dyn
- At Sea- The sailor's verion of "Fun with Flags".


- How Install Microsoft SQL Server on Ubuntu / RHEL / Centos / Docker - Don't run off bellowing that MS works with Linux just yet. This is a limited version of MS SQL.


- JTAG Mobile Phones - I'll add: being able to solder small "stuff" is important.


- Wells Fargo says that its customers gave up right to sue by having their signatures forged - Wait! Wut?
- DNS leak test
- Learning to Read x86 Assembly Language


- Hackers Breached San Francisco's Transit System and Demanded a Ransom
- An Ivy League professor explains chaos theory, the prisoner's dilemma, and why math isn't really boring

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Wednesday, November 2, 2016

What was I reading in October 2016?


- Open Sourcing a Deep Learning Solution for Detecting NSFW Images
- The Art of Making a Nixie Tube
- Learning Reinforcement Learning with Code Exercises and Solutions
- Introducing gr-satellites
- Machine Learning with Talend - Getting Started


- FQA 1 - Introduction To 9front
- Audio Fingerprinting with Python and Numpy Will Drevo
- Lessons learned while studying Machine Learning


- TLS version intolerance - Working around bugs in legacy TLS stacks
- Who Makes the IoT Things Under Attack? Krebs on Security
- Dead Man's Switch


- Vim misconceptions (Tim: it's that first step that's a bit hairy.)


- History Of Xenix Microsoft's Forgotten Unix-based Operating System
- gurinderhans/esh
- When her best friend died she used artificial intelligence to keep talking to him
- cloudflare and rss
- Introducing a new kind of Wi-Fi system


- A Brief History of Who Ruined Burning Man
- How should mathematics be taught to non-mathematicians?


- The Important Habit of Just Starting


- Why Writers Are the Worst Procrastinators
- Common Nonsense


- Computational Law Symbolic Discourse and the AI Constitution
- TLS nonce-nse
- Most of the time innovators don t move fast and break things W Patrick McCray Aeon Essays
- How to find information that is not there


- Crash: how computers are setting us up for disaster Tim Harford


- The Birkana hexadecimal number symbols
- The United Federation of "hold my beer, I got this"
- Wirth's law


- Will the Real Schrodinger s Cat Please Stand Up
- Using feedback loops for greater work satisfaction
- Linux Containers: Comparing LXC and Docker - Container Journal


- Fuck Off As A Service FOAAS
- Your brilliant Kickstarter idea could be on sale in China before you ve even finished funding it
- A Remote Job Comes With Free Land and a Sense of Community. 50 000 Apply.
- Social Gentrification


- OpenSSL after Heartbleed []


- Why Friday's Massive DDoS Attack Should be Terrifying
- Dyn Statement on 10/21/2016 DDoS Attack
- Why Haters Hate: Kierkegaard Explains the Psychology of Bullying and Online Trolling in 1847
- Introducing Internationalized Domain Name IDN Support - Let's Encrypt


- Introduction of Pipes


- Cognitive bias cheat sheet
- Hacksplaining: Learn to Hack
- Ten things you probably didn't know about Ada Lovelace - Raspberry Pi

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, October 2, 2016

What was I reading in September 2016?

September turned out to be much like August, in that I didn't have much spare time to read. Example: I'm just getting back from a week-long trip to DC. Thus, the month's reading list is a bit thin.

The old server is offline, probably for good. Something more than the fan appears to have gone wrong. I'm currently copying data out of the VMs via a double-nested mount (vmfs-fuse, losetup, and mount). It'll be awhile as, even at 18.5 MB/s, it's taking 2 hours 45 minutes to copy off a 200 GB VM.

The box was missed because both the DMS and the VPN are offline. This made the trip to DC (for work) a bit abysmal in that I could not work on documents. I'm now two weeks behind and the queue is already up to 200+ docs.

The good news is that the Frankenbox will be getting a fanless video card and I'll have a couple 1-inch displays to play with, courtesy of Amazon. I also have the server replacement picked out (just need the funds).

In any case, this past month's reading...


- Introduction to Functional Programming in OCaml
- Pinball Was Banned in NYC Until a Miraculous Shot Convinced Lawmakers It Was a Game of Skill
- How to steal any developer's local database
- Little Endian vs Big Endian The Bit Theories
- A Brief History of the College Textbook Pricing Racket


- Move over silicon: Machine learning boom means we need new chips


- The FBI s Approach to the Cyber Threat
- Plan 9 from ?
- For first time carbon nanotube transistors outperform silicon
- In pictures: The Prisoner at 50 - BBC News
- OARC's Open DNS Privacy Resolver Testbed
- 5.6 Million Reasons to Stop Ignoring the Skills Gap
- Will Amazon Kill FedEx?
- In Defense of Douglas Crockford


- MOOCs no longer massive still attract millions
- excel-messenger: A Terrible Experiment In VBA
- When Will New York City Sink?
- How to Raise a Genius: Lessons from a 45-Year Study of Supersmart Children
- Snow Crash Revisited: Grokking a Satire of Mimesis
- Fermat's Library A theorem about primes proved on a chessboard annotated/explained version.


- Falsehoods Programmers Believe About Names
- Sorry Tesla you can t issue yourself a dealer franchise court rules
- This is What Python Beginners Have to Deal With


- Why Sys-Admins Are Disabling The Lights on WiFi Access Points


- The Six Dumbest Ideas in Computer Security


- Brain-sensing technology allows typing at 12 words per minute
- How I learned to program


- Microsoft researchers achieve speech recognition milestone - Next at Microsoft
- Microsoft has more open source contributors than Google
- Robot arrested by Russian police at political rally in Moscow


- turbo/alwsl


- A DNS Primer
- Blockchain Tutorial: Write a message to the Bitcoin Blockchain

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, September 10, 2016

Virginia Beach Hamfest 2016

Went to the annual Virginia Beach Hamfest this morning. It was looking a bit thin (worst I've ever seen). Only a few vendors were there.

That said, I picked up the following:

  • a couple new dental picks, for family jewelry emergencies
  • some zip ties
  • some hemostats, for use as heat sinks
  • some new diagonal cutters
  • a couple more of the brass connectors (1 mm, I think) for my ongoing attempt to resurrect a bricked GoFlex
  • curved, knurled tweezers for parts placement
  • a USB endoscope, with side mirror accessory (this will probably end up at work)

Still no set of brass jewelers hammers. It's on my wishlist but further down (somewhere after the SIOC clip set and a better wired keyboard).

Was able to play with the endoscope for a bit. It works with Cheese, as does the USB microscope acquired a couple years ago.

Tuesday, September 6, 2016

Non-techie journalists

I'll admit that I sometimes criticize non-tech journalists who attempt to write tech articles (there was that incident with the wifi-enabled t-shirt). Latest temptation is an article in which the author attempts to limit the impact of a certain malware by stating that it affects _only_ ARM, ARM7, MIPS, PPC, SH4, SPARC, and x86 platforms. Must control fist of...

Sunday, September 4, 2016

What was I reading in August 2016?

August was one of "those" months, serendipity causing my schedule to be hopelessly jammed (2 courses, surgery, weddings, etc.). Coupled with multiple equipment failures and starting up yet another class, I was actually "in" my office for about 6 of the month's 20 workdays. I was able to get some reading done but it was done mostly while waiting in line or while battling a bout of insomnia. Proving that I still haven't learned my lesson, I'm considering adding an OCaml class to my workload.

I managed to complete a course in Security for Virtual Environments and another for Industrial Controls Security. I won a challenge coin in the latter by being overly "detail oriented" while reviewing a packet capture with Wireshark and strings. Also from the latter class: I'm the owner of "yet another Raspberry Pi". It turns out that you can actually have too many of them. Current count: 8, down from 12 (I've been giving them away to interested locals).

The Linux class is shaping up. It got off to a rough start because the school waffled on using Red Hat Academy. The last minute decision was to use the RHA, so Dave and I had to scramble to get things set up (I'm spending part of this 3-day weekend building CentOS boxes).

I've had a serious infestation of gremlins. Only a few hours apart, the CPU fan on the vSphere box quit, followed by a hard drive failure on the Xen box. A few days later, a laptop (provided by my employer, for use in one of the aforementioned classes) breathed it's last, right in the middle of the first-day-of-class for the aforementioned ICS class. I managed to do all 5 day's worth of labs in four days by working through breaks, lunches, and evening surfing times. The class was interesting and I now have hands-on experience with some new (to me) ICS monitoring and malware analysis tools. Pics of the coin are at the bottom of this post.

In any case, August's readings included:


- On the boundaries of GPL enforcement []
- Lambda Calculus Live Tutorial with Klipse: Boolean Algebra


- Google's QUIC protocol: moving the web from TCP to UDP
- The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse
- Meet Moxie Marlinspike the Anarchist Bringing Encryption to All of Us


- Moonshine Master Toys With String Theory Quanta Magazine
- How to Listen When You Disagree: A Lesson from the Republican National Convention
- Profanity is pretty f king good for us actually
- The Human Cost of Tech Debt - DaedTech
- The Headless Web - Tales of a Developer Advocate


- DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP


- Frequent Password Changes Is a Bad Security Idea
- I Have No Confidence... So This Is What I Do - Altucher Confidential
- Looking Into a Cyber-Attack Facilitator in the Netherlands
- How to kill yourself in Python
- The Lost Art of C Structure Packing


- How Teletext and Ceefax are coming back from the dead
- Reverse Engineering a Quadcopter RC or: How to not miss the needle while throwing the haystack in the air Part 1
- Fear and Loathing in Debian^H^H^H^H^H^H/Ubuntu or: who needs /etc/motd
- A Letter to My Daughter About Young Men


- Internet Archive Posted 10 000 Browser-Playable Amiga Titles
- The 39th Root of 92
- Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea The Register


- Evidence Mounts that Rembrandt Used Optics to Paint Self-Portraits


- How do we build encryption backdoors?
- Intelligent people tend to be messy stay awake longer and swear more
- Why it pays to be grumpy and bad-tempered


- Richard Feynman and The Connection Machine


- My Text in Your Handwriting
- Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon


- 15 Page Tutorial for R


- 25 Phrases That Kill Workplace Relationships [The one that sets me off: "It's not my problem." Grr...]
- Fuzzing Perl: A Tale of Two American Fuzzy Lops
- Hold On... We May Actually Be In For A THIRD Oracle/Google API Copyright Trial Techdirt
- How To Enable Ubuntu on Bash on Windows 10 Anniversary Update


- The Macaroni in 'Yankee Doodle' is Not What You Think
- Massimo Pigliucci recommends the best books on Stoicism


- Why Software Patents are Bad Period.


- The New Rules of Form Design UX Booth


- A Brief History of the College Textbook Pricing Racket. [It's not just the pricing rackets. Some of the books we're forced to use are absolute crap. It's why Open Texbook is highly supported (high-priced text book, written by poorly trained author vs. free text book, written by volunteers).]
- The Dropbox hack is real

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, August 20, 2016

(Re-)Enabling DSS for key-based authentication

By default, recent versions of OpenSSH don't employ DSS-based authentication. Some claim this is due to performance reasons (RSA encrypts faster, DSS decrypts faster) and others will point to vague discussions on security. It appears to be a preference by the maintainer.

It's not that the server refuses to use DSS. DSS is actually disabled in the client. To enable the use of DSS, create ~/.ssh/config containing the following line:


You shouldn't need to restart any service. The next time that you use your client, DSS authentication should work.

Thursday, August 18, 2016

Docker, Armbian, and the CubieTruck

I took the easy way out (or so I thought) in rebuilding the Cubietruck (the very low end SSD was showing signs of failure at day #1 but it lasted 2 years before total failure). Instead of Cubian, I installed the Legacy version of Armbian. I burned up most of a day getting the OS installed, the wifi to work without interaction, and getting Docker installed.

The short version (from a couple hour's "research") is that there are two versions of Armbian for the CubieTruck: the Legacy (kernel 3.4.x) version and the Vanilla (kernel 4.6.x) version. The short version is that Docker will not install on the Legacy version of Armbian for the Cubietruck.

The good news is that you can run the following (as root) to upgrade the Legacy (3.4.x) version to the Vanilla (4.6.x) version:

wget -q -O - | bash

Once the upgrade is complete, and the machine rebooted, Docker will install without complaint. Thanks go to "admin" at the Armbian forums, whoever you are...

Sunday, August 7, 2016

What's been in my wallabag this week? (20160731)

First week of August completed. Three to go...

Achievements so far: 2000+ miles traveled. 8 states crossed by car. One out-of-town assignment completed. Travel claim successfully submitted (this is harder than it sounds). Discovered and reported SQL injection vulnerability in a vendor's web site (this was easier than it sounds; I wasn't actively looking for one but I do read error messages).

Failures so far: caved and violated diet in Connecticut (Dunkin' Donuts and Nathan's Hot Dogs are sold at I-95 rest stops). Circadian rhythm irreparably borked.

Still to go: Two (each) week-long courses, one with a test. Surgery on one eye. A 5-yr physical that's 2 years overdue. Meeting due date for writing two procedures and performing research for a smart card presentation. Possible 2nd trip to DC. Need to apply at ODU or Capital, or re-apply at St. Leo (I've been a slacker for the last 5 years, taking "shiny stuff" courses instead. Supervisor wants me to pass Calculus again, mostly as a "shut up" move to others). Need to brush up on cross-debugging for the pending industrial controls class (I'm reading two books during lunch and playing with gdb in the evenings.). Need to find out if I'm teaching this fall.

Would you believe that I volunteered for all this? (Okay, maybe not the Calculus part.) Looking forward to September, where schedule drops back into sleep/drink coffee/work/eat dinner/sleep routine

In any case, the stuff I've been reading in the last few weeks... Will be switching to a (trial) monthly format for the Wallabag stuff. Below closes out July.


- The Magic of "Untranslatable" Words


- Whatever Happened to Wordstar? Dvorak News Blog
- Memory management in C programs
- You Might Not Need Electron
- The Fake Townhouses hiding Mystery Underground Portals
- Give me 15 minutes and I'll change your view of GDB


- Git for Windows accidentally creates NTFS alternate data streams


- A tcpdump Tutorial and Primer with Examples


- TV Loses Grip on Eyes and Ads That Want Them
- 10 Facts Schools Never Taught You Adal Paredes


- Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry


- Shut up snitch! - reverse engineering and exploiting a critical Little Snitch vulnerability - SentinelOne
- USB charging part 1: requirements []
- Concerning Attribution of Hacking
- WikiLeaks Has Officially Lost the Moral High Ground
- Twitter's Fucked
- Fuzzing Unserialize Security Research
- XSA-148 from guest to host

Sunday, July 17, 2016

What have I been reading this week? (20160717)

Having issues getting Windows installed in a Xen VM. Will try XenServer 7.0 next. Issue may be with my hardware (odd make DVD drive), though it does work with Virtualbox.

Crossed the 5000 document mark this week (for docs in the document management engine). Processing seems to be okay, though midnight re-indexing is taking longer. May need to switch to differential indexing and moving full indexing to a longer periodicity (weekly/monthly?). It took roughly the first year to enter 500 docs and the second year to enter the next 1000. The remainder have been entered in the last six months, thanks to a bit of automation. Most articles are "captures" via PrintFriendly, which employs a common format where some metadata can be easily extracted. Makes adding docs a bit less of a manual process.

In any case, here's what I've been reading this past week.


- Let's Play a Game - find bugs in popular open-source projects
- SYN Flood Mitigation with synsanity
- FBI officially closes its investigation into famous 'DB Cooper' hijacking


- Race conditions on the web
- A Course in Machine Learning
- The Fight for the "Right to Repair"
- Bayesian machine learning


- Sandstorm
- Book of Proof

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, July 10, 2016

What have I been reading this week? (20160710)

Considering making this a monthly post (to stand apart from "normal" traffic). Have built the code for WBIMB (the tool that produces this text) into a Docker container. Will post it on Github in the coming weeks (still tweaking stuff). The Frankenbox continues to work (ignoring that the low-end video card makes a lot of noise).


- How to Start Learning Deep Learning
- Notes for PulseAudio 9.0
- There Is No Handbook for Being a Writer


- Information about DuckDuckGo's Partnership with Yahoo
- How Sony Microsoft and Other Gadget Makers Violate Federal Warranty Law


- Visual Studio Code June 2016 1.3
- Mental Models I Find Repeatedly Useful
- joshnewlan/say_what (Okay, this is silliness, but I wouldn't be surprised if someone actually uses it.)
- My favorite meme has been erased from the internet by copyright claims
- 32 Animated Videos by Wireless Philosophy Teach You the Essentials of Critical Thinking


- In Siberia in 1908 a huge explosion came out of nowhere
- Skype protocol dumps
- Pittsburghese Expertise: Dropping "To Be" The Glassblock (Interesting (to me) 'cause I grew up in the North end of that area.)
- Never a Hippie Always a Freak
- Learn Difficult Concepts with the ADEPT Method BetterExplained
- Data mining reveals the six basic emotional arcs of storytelling


- Life Behind the Stacks: The Secret Apartments of New York Libraries 6sqft
- Video Conference Part 1: These Things Suck
- Philosophy of Ghost in the Shell

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, June 26, 2016

What have I been reading this week? (20160626)

A very light list this week. I was approaching my deadline and needed to work on the Element14 submission, which I posted last night. The project turned out to be much larger that I'd originally thought but I did manage to complete what I'd proposed, as well as adding in a couple semi-related sub-projects. Notes and code are at the bottom of this page.

I'm looking for reading recommendations. Just finished binge-reading Charles Stross's Laundry series. I have three text books to wade through in the next month and will be looking for recreational reading after that.

I used the last gift card from Christmas and the newly acquired one for Father's day. Bought a case and multiple cables for the Bus Pirate, a handful of ESP8266 boards, a few logic level converters, and some cheap smart cards (to run through the laser engraver). I may be a bit ESP8266-obnoxious for awhile (at least until the 8285 becomes available). Some of the components arrive this week, the rest are estimated to arrive sometime around 17 August. UPS must have moved their distribution hub off-planet again.

The Frankenbox is still ticking along. Came up with another short-coming for the motherboard though. Apparently the built-in NIC doesn't handle WOL, though the BIOS does. I now there's a usable NIC in the junk box somewhere. Just need to find it.

I've also been meaning to update the Github page for the Si4703 code. Another Element14 user asked a question about the reset function, which led to a D'oh! type moment. I'd been brute-force coding, using the chip's spec sheets and ignoring the board's spec sheets. This led to a function that servers no purpose, other than to cause more knowledgeable people to scratch their heads and ask "Why?" What I'd missed was the statement about the board being hardwired for I2C mode and that attempts to reset into SPI mode will not work. Sorry, Niko! Will have the code updated shortly.

In any case...


- Espressif Releases ESP8266-Killer!


- Build Your First Thing With WebAssembly
- Cygwin library now available under GNU Lesser General Public License
- How To Brainstorm Like A Googler

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, June 20, 2016

What have I been reading this week? (20160619)

The Frankenbox is still running. Added memory to it this week. Found an old 3TB hard drive in the junk box and added that. Have a mix of Xen and Docker running on it at the moment. Looking to install a Win 7 or Win 8 VM in the near future (before the free upgrade ends). Probably won't be able to do much more on it, before the end of Summer, since I have a number of writing assignments (mostly point papers and critiques) to work.

Speaking of writing assignments, the Raspberry Pi 3 review should be completed this coming week. The final sub-project turned out to be easy. Getting the FM receiver working was simple as I'd already ported the controls to a non-WiringPi version. The most difficult part was determining the proper settings for DarkIce.

For those that asked, yes, the RPi3 has enough power to run the controls, DarkIce, and an instance of Icecast. The periodic cache exhaustion still exists, as it did in the previous RPi models. The difference is that it appears less often and is less pronounced in the RPi3. I have some proof-reading and a bit of tweaking to do, then I'll post it on the Element14 site.

From this past week...


- Feck! A history of swearing from the very first F to the 21st C
- Machine Learning Trading Stock Market and Chaos
- bash aliases for Harry Potter enthusiasts
- How Intel Makes a Chip


- Berkeley AI Materials
- AI Deep Learning and Machine Learning: A Primer


- OSC Semantic Search with Latent Semantic Analysis
- What is Differential Privacy?
- Get C.H.I.P. - The World's First Nine Dollar Computer


- Deep Learning Isn t a Dangerous Magic Genie. It s Just Math
- Intel NUC Kit NUC6i7KYK Features and Configurations

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, June 13, 2016

What have I been reading this week? (20160612)

Missed posting last week due to having to (yet again) rebuild the Frankenbox. It's up and running (somewhat) with a super-powered CPU (4+ GHz!) and an ancient video card. Many thanks to friends for donating parts from their junk boxes. I'm glad that the old Frankenbox waited until after the end of the embedded programming course before it fell over.

The RPi3 review is almost done. I've completed the portions for Docker, the Jabber/IRC bridge and the home-grown, Liquidsoap/Icecast-based jukebox. Hopefully I'll have the tuner/streamer notes finished this week so that I can start another project before the summer class craziness starts.

The world is just a bit emptier as Christina is now missing from it. If you've ever enjoyed her music, please consider helping her family.

From the past two weeks...


- Out-of-Box Exploitation: A Security Analysis of OEM Updaters


- Free Linux training


- Cyber security basics
- Most For-Profit Students Wind Up Worse Off Than If They Had Never Enrolled in the First Place
- CBS Beats Lawsuit Over Pre-1972 Songs With Bold Copyright Argument


- We want information
- Why IQ matters more than grit


- Mastering Programming


- A Lament For The LAN Party
- Inspired by Genius: How a Mathematician Found His Way
- Mathematicians are chronically lost and confused and that's how it's supposed to be Jeremy Kun
- Untitled


- A Lament For The LAN Party


- The Golden Age of MOOCs is over and Why I hate Coursera

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, May 30, 2016

What have I been reading this week? (20160529)

I missed posting last week because I was finishing up an online course called "Developing with Embedded Linux", which included cross-compiling ARM binaries on an X86 system, followed by cross-debugging for same. I have little experience with the former and none with the latter so completing the lab took a bit of extra time. It's definitely something that I have to keep practicing.

The class itself was interesting. It was an online class with one instructor (somewhere in Britain) and three other students (mostly in the Eastern time zone). There was at least one lab per day (sometimes two). The course was more or less an overview of skills needed when developing on Linux-based SBCs.

U-boot was also covered. The course may have given me enough information to debrick an old NAS in my junk box. Some soldering (putting a header on the JTAG interface) and a bit of courage will be required on my part.

In preparation for this fall's classes (pursuing my next degree)(Dave has been after me to get off of the dime), I've started building my next computer. I'm taking my time with this one and making as few compromises as possible.

In any case, from the past two weeks (usual disclaimers[1] apply):


- The slow death of purposeless walking - BBC News
My parents used to "go for a walk" quite often, taking us kids with them (I miss it). Later in life, it often involved a horse and cart. My father was notorious for going for a "short walk" and not coming back for hours (he would always stop at neighbors' places to chat or help with a chore).

- UC students suit claims Google scanned accounts without permission
Recommend filing this in the "Too Dumb To Read ToS's" category. Is there any hope that they get smacked with the legal fees?


- Academics Make Theoretical Breakthrough in Random Number Generation
Ok, but I'm not holding my breath. How soon can it be practical? I seem to remember that using multiple low quality inputs tends to reduce the quality of the output, not improve it.


- How to Write 225 Words Per Minute With a Pen


- The Curse of Culture

- TOTP SSH port fluxing
Something for my "to do" list.


- Esperanto: the language that never was

- 45 years since its creation. The C language still very popular.

- A list of everything that could go in the header of your HTML document


- 4 bit computer built from discrete transistors
I'm old enough to remember when it was done this way (but I _was_ a kid).

- FaceTime iMessages hang in the balance after possible Apple loss to patent troll
Maybe I'm missing something but, in reading the patent claims, I'm not "seeing" anything new/novel.

- Extinction Level Event
Discusses the future of FPGAs.

- Op-ed: Oracle attorney says Google's court victory might kill the GPL
This one looks like it's in the running for the title of "Most asinine case" (or maybe it should be in the greed category?), competing with the SCO and Prenda cases. Hopefully it doesn't turn into another one of those shambling zombies like the SCO case (which is still out there).

- Three tips for getting started with NLU

- Google stole Java: Oracle loses again case closed for now
You think that this was ugly? I'm watching for a MySQL-related case. From Oracle's commercial license page for MySQL: "Purchasing a commercial license means that the GPL does not apply,..."

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

[1] Usual disclaimers include but aren't limited to:
   - Commentary is just my own opinion.
   - Don't get yer knickers bunched up!
   - I am NOT a lawyer. If you need, you should consider me a layman or just a dumb blogger.

Sunday, May 15, 2016

What have I been reading this week? (20160515)

Working hard on the RPi3 review and finding out (the hard way) that 1 GB still isn't enough. Have worked my way through updating Docker to v1.11 (doesn't work well as a number of things are missing from the ARM build script), have built out Bitlbee with almost all plugins (it randomly crashes just like the x86 machines!), and am now working my way through setting up a homegrown jukebox based on Savonet/Liquidsoap. Still have about 5 weeks to go so, if there's ample time, will probably be running other stuff on it (Traccar, Squeezebox, etc.).

Call me paranoid, but I think my new favorite author (Charles Stross, whom I'm currently binge reading) has visited a few of my places of employment (or his commenters have). Take a gander at the classic workplace sabotage article!


- Four Episodes in the Life of Einstein s Mother
- Why I do not sign Non-compete agreements


- Which first language is best for learning programming techniques? Future-Tech Blog


- Announcing SyntaxNet: The World's Most Accurate Parser Goes Open Source
- Google Calendar gains the ability to automatically log you into conference calls


- I must sadly withdraw my endorsement of yubikey 4 devices and perhaps all


- In Oracle v. Google a Nerd Subculture Is on Trial


- Updating classic workplace sabotage techniques
- How I found a huge data leak of a company during a college lecture
- Why I haven't fixed your issue yet

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, May 9, 2016

What have I been reading this week? (20160508)

Spent the weekend trying to get Spectrum2 to compile on an ARM board. (I'd been chosen to provide a hardware review and often use odd solutions to put them through their paces.) So far, no joy. Savonet/Liquidsoap is next. I like Spectrum2, I hate building it. (This is related to why I greatly like Docker.)

In any case, this past week's readings:


- Recovering Evidence from SSD Drives in 2014: Understanding TRIM Garbage Collection and Exclusions
- The Feed Is Dying


- How the Pwnedlist Got Pwned Krebs on Security
- 7 lessons from DuckDuckGo's Instant Answers project


- Supersingular isogeny Diffie-Hellman 101
- The Cryptographically Provable Con Man
- Validating Satoshi Or Not


- IBM allow free access to quantum processor online - BBC News
- Please please please stop asking how to find a technical co-founder.
- Preparing for the Future of Artificial Intelligence

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, May 1, 2016

What have I been reading this week? (20160501)

Work had signed me up for a out-of-town course, and then rescheduled it when they found an in-town offerring (which turned out to be better). The out-of-town course required completion of 4 online mini-courses, the in-town didn't mention them. I managed to work through all four by Sunday night. Finished the new course a few days ago.

Looking forward to the next class (in about 6 weeks) as it involves coding for for embedded systems and it's online (Jammies, food I'm not allowed to cook at work, and overworking the coffee pot while in class!).

In any case...


- Where Do the Terms Nerd and Geek Come From?
- Docker on Windows Server 2016 Technical Preview 5
- Inside OpenAI Elon Musk s Wild Plan to Set Artificial Intelligence Free
- Artificial intelligence now fits inside a USB stick
- HTTP Evader - Automate Firewall Evasion Tests


- The Code4Lib Journal How to Party Like it s 1999: Emulation for Everyone
- Poor Software QA Is Root Cause of TAY-FAIL Microsoft's AI Twitter Bot


- Microsoft has created its own IFTTT tool called Flow
- Minecraft ENHANCE! Neural Networks to Upscale & Stylize Pixel Art
- 15 Fundamental Laws of Software Development


- The Increasing Problem With the Misinformed
- To become a good C programmer
- Harvard Institute of Technology Magazine The Harvard Crimson
- I'm Writing a Book on Security
- Infosec's Jerk Problem
- CABINET // Forensic Topology
- Art of the Steal: On the Trail of World s Most Ingenious Thief
- Former Tor developer created malware for the FBI to hack Tor users
- Introduction
- We've found the real Bastard Operator From Hell The Register

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, April 24, 2016

What have I been reading this week? (20160424)

Another short posting for the week. Passed the certification test, then focused on writing Traccar code. Prototype is working well enough this morning for me to notice that a friend's phone has an almost-dead battery (Dave!!).

Next class starts tomorrow, I still have two read-aheads to finish, so...


- A Look Back at One Year of Docker Security
- Android s Model of Open Innovation
- Universal Install Script by XKCD Combat test


- Windows Subsystem for Linux Overview
- Bill Gates' worst decisions as CEO according to a longtime Microsoft exec
- The web is Doom - mobiForge
- The Rise of Pirate Libraries

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, April 10, 2016

What have I been reading this week? (20160410)

I ignored it at the end of last month/first of this month because I thought it was an April 1st joke. Apparently it (Bash on Windows) wasn't. Now the only thing that I can think of is that they've successfully ported the Vi vs. EMACS wars to Windows. (heh)

Have spent a LOT of time studying for my GMON certification test. Still more to go. Will be taking it either this week or next..


- Issue 326539 - chromium - OS X Notification Center should be used on Mac
- GPG signature verification
- OpenPGP Best Practices -
- Use Vim Inside A Unix Pipe Like Sed Or AWK
- Why Microsoft needed to make Windows run Linux software


- TrustInSoft/tis-interpreter
- Exploding offers are bullshit Erik Bernhardsson
- The Revenge of the Listtning Sockets


- Bash on Ubuntu on Windows Download Now!
- Reverse engineering the popular 555 timer chip CMOS version

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, March 27, 2016

What have I been reading this week? (20160327)

Much this past week's free time was spent experimenting with Monit, Bitlbee, Openfire, and Docker. Specifically, writing/tweaking code that connects to Openfire, checks for the presences of specific bots, and (if needed) restarts the missing bot's Docker container. Fun, huh?

I'm also studying for two tests in the month of April so my reading lists may be a bit short for a while. In any case, this weeks reading included the following:


- Google opens access to its speech recognition API going head to head with Nuance
- Docker now has native Mac and Windows apps


- Certified Ethical Hacker website caught spreading crypto ransomware
- Cryptography Is Harder Than It Looks
- Stealthy malware targeting air-gapped PCs leaves no trace of infection
- Having cheap PCB s made part 2.


- Amazon's Raspberry Pi guide lets coders use Alexa - BBC News
- Adventures in Narrated Reality
- From fuzzing to bug reporting

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, March 26, 2016

Troubleshooting a crashing bitlbee container in Docker

I've been experimenting with running containers on different flavors of Linux.  I've been noticing that what builds/runs on Hypriot is a bit buggy on Ubuntu or Debian (or just won't build).  Same problem for the other direction.

One of things I've been doing to teach myself Docker is to build a non-purple bitlbee container, with all of the available plugins enabled.  Wanting the bitlbee container to start on boot, I added Monit to the mix (wanting the additional features that Monit has when compared to Docker's restart capabilities).  On Hypriot (running on a RPi2), the kit runs without issue.

The same build on a "normal" Docker server periodically disconnects the IRC client.  In looking at the container's running processes, it shows a second instance of bitlbee running.  This shouldn't happen when using bitlbee's "-D" switch, which is what I'd employed in the container's start script.

Bitlbee's "-D" switch is supposed to cause bitlbee to service all clients via the same instance (i.e., one running binary).  Without looking at the code, I'm guessing that there's some sort of HUP signal or function that interrupts operation of PID 1 just long enough to annoy Docker, restart bitlbee with a second instance, and cause the problem I'm seeing.

I proceeded to play with each of the three programs' settings and think (hoping!) I may have a solution.  It's non-intuitive, but replacing the "-D" switch with the "-F" appears to fix it.

Bitlbee's "-F" switch intentionally creates a new instance of bitlbee for each new client that connects.  What's not documented is that it appears that the instance at PID 1 handles the initial connection and, when the client authenticates, the client is passed to a newly spawned bitlbee process. This appears to leave PID 1 to continue listening for new clients.

Fingers crossed.  Time will tell...

DNS Ass-hattery [6]

About 3 years back, I answered a DNS-related ServerFault question about underscores in domain names.  The answer amounted to a short work-around for dealing with the difference between Windows' DNS and BIND (short version: former allows them in A records, the latter doesn't).

This week, I received thanks from someone helped by my answer.  (Thanks for the point Steve!)

Since no good deed should go unpunished, someone else commented with the following ass-hattery: "Such customers should be gently pointed to appropriate documentation, then told to obey the RFCs - or get off the internet."

To steal from John Scalzi's practice of grading hate mail, I have the following (rhetorical) questions:

  • Would you define appropriate?  There _are_ DNS servers (e.g., from Microsoft) which allow the use of the underscore.  Shouldn't you beat them up first?  You know: stomp out the root cause of the problem.  One problem: MS was using the underscore in hostnames before it was using the IP protocol.  You're going to have difficulty in getting them to change a ~30-year practice.  Another: there are A LOT of MS admins & users.  I'm thinking they out-number you.
  • You're also going to have to point out which RFC's are inappropriate.  At least one DNS RFC indicates that "the rules" are voluntary (to quote: "they are there for those who wish to minimize problems"[1]).
  • Are you somehow implying that the IETF now has an enforcement arm?  What if the customer doesn't want to "get off the Internet"?
  • I can't shake this feeling that customers are somehow (at least indirectly) responsible for our salaries.  If we start dictating to our customers, won't they take their business elsewhere?

Technically, my work-around does not violate the RFCs (putting the underscore in a CNAME record is allowed).  At the same time, it helped Steve.  If the RFC's are actually read, the prohibition against the underscore is limited only to A records (not CNAME, SRV, or other records).  The stated purpose is to differentiate host records from other records.[2]

The RFC's are Internet standards, somewhat like table manners[3].  Compliance is considered polite but not mandatory.[4]  There's no fines or prison terms involved for being mildly rude.[7]


[1] From RFC1912. That's the most derogatory statement I've yet seen in an RFC.
[3] I'm attempting to use the same level of subtle-ness as that used in [1].
[4] If everyone on the Internet complied with all of the RFCs, we wouldn't be able to use the Internet, not to mention that pigeons would become an overworked (and probably endangered) species [5].
[5] In some parts of the world, avian transport is actually faster.  (see "Pigeon versus Telkom SA" near the end of
[6] I wanted to entitle this post "Ass-hattery in Comments" with a subtitle of "What's wrong with ServerFault nowadays".  Since the blog engine doesn't allow such, I went with "DNS Ass-hattery".  I'm hoping that ServerFault has recognized that negative-value comments, such as described above, actually damage their business.
[7] See?  I'm not disagreeing that it's "a bad thing".  The difference is that I'd provided a solution rather than recommending that people get off of the Internet.

Tuesday, March 22, 2016

Managing Docker-based Jabber bots with Monit?

I've "Dockerized" much of my in-house automation, some of which has a Jabber interface (e.g., one bot can control the lights, fan, audio, etc. in the office). I've added monit into the mix, which ensures that the bots' containers are running (most of those using process matching since PID files are sandboxed).

I'm feeling the need for additional "support" in that there might be issues which prevent the bot from properly connecting to the Jabber server, even though the bots' containers are actually running.  I'm thinking that the solution might provide for monitoring via Openfire's presence service:

1) A cron job which periodically:

  • Connects to the Openfire presence service.
  • For each Jabber user present, touch (the Linux "touch") a file within a specific folder (call it that watch folder).
  • Deletes all files within the watch folder which haven't been "touched" in a specific number of cycles (I'm thinking 2).

2) A monit job which periodically:

  • Checks for the existence of a specific bot's watch file.
  • Restarts the bot (and sends alert?) when the bot's watch file doesn't exist.

What do you think?  Will attempt in the next few weeks (i.e., with this pose, it's on my "to do" list).

Sunday, March 20, 2016

What have I been reading this week? (20160320)

A bit more time for reading this week. The "shiny" has worn off of my new fascination with Docker, mostly because of my effort to Docker-ize Java programs (problematic at best). While I did write/adapt a few new programs for my own use, my note-taking went neglected (the "to do" list is a bit long now). Playing catch-up seems to have the highest priority.


- sdhand/x11fs - A tool for manipulating X11 windows


- Forget About It: Your Middle-Aged Brain Is Not On The Decline
- Intel Marrying FPGA, Beefy Broadwell for Open Compute Future
- Autoconf Tutorial - Part 1


- Mathematicians Discover Prime Conspiracy Quanta Magazine


- tcpdump is amazing
- How a Ragtag Gang of Retirees Pulled Off the Biggest Jewel Heist in British History
- The Translation Paradox
- Illegal Math
- If You Had 15 Days to Learn Calculus, How Would You Do It?
- Amazon and eBay to be held liable for VAT fraud by sellers


- Adjusting with Moore's Law


- SQLite with a Fine-Toothed Comb

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.