Saturday, December 2, 2017

What was I reading in November 2017


- Court reinstates SCO's misappropriation claim against IBM in long-running lawsuit - Here's what I don't get: How does SCO have standing if they didn't own the code? This has passed through rediculous and has reached the realm of really annoying.


- Give old electronics new life with Linux and Raspberry Pi - On my "to do" list. One thing missing all along is a decent non-commercial IR interface (at one point, I used Global Cache equipment).
- 7 deadly sins of documentation
- What is the TensorFlow machine intelligence platform?


- Cheap Tricks: The Low Cost of Internet Harassment
- Niagara Falls - Dewatered American Falls 1969


- Becoming Your Own ISP Just for Fun
- kren1/tosheets - Send your stdin to google sheets. I think Dave S. might like this.
- Introducing security alerts on GitHub
- How I use Vim
- Schneier: It's Time to Regulate IoT to Improve Cyber-Security - I disagree. Education should be tried first. Legislation usually causes the price of the product to increase.
- Rural Americans can't check email or use credit cards because of slow Internet officials say - Odd. My mom still can't get Internet (other than satellite or driving into town).
- Concise electronics for geeks
- Introducing container-diff a tool for quickly comparing container images
- Skype faces fine after refusing to allow eavesdropping
- SmallData Blog Building a voice assistant to control music
- A Guide to Natural Language Processing


- Judge Finds Stupid Patent Web Story is Protected Speech
- Introduction to Computer Organization


- Hitler Quote Controversy In the BSD Community
- Google's Public NTP
- CVE-2017-16544: A Busybox autocompletion vulnerability
- 200 universities just launched 600 free online courses. Here's the full list.
- The Supreme Court Wanders into the Patent Troll Fight


- Using a logbook to improve your programming
- Glowstone - Open source Minecraft server.
- 1300 Free Online Courses from Top Universities


- Free Data Ebook Archive
- NLKNguyen/awesome-language-engineering
- The Beginning of the End for Copper
- The Citizens of Detriot Are Building Their Own Internet
- ondevice ssh just like ssh but for devices without public IP
- A Year in Computer Vision


- Munich Switching From Linux to Windows 10
- Review: Certified Ethical Hacker CEH Course - Hacking Tutorials

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Friday, November 24, 2017

Adding TCP service checking to Node-Red

The following C program can be used with Node-Red to provide service indicators in a dashboard. Basically, it accepts two arguments: the IP address and the port number of the target system/service. It then attempts to connect to that IP and port and returns either the word "on" or the word "off". When run with Node-Reds timer and exec modules, it provides a dashboard status for each of the targeted services.

Save the following to "portcheck.c" and compile it by running "gcc -o portcheck portcheck.c"

  // Tim Kramer - 18 Nov 2017

  // adapted from Silver Moon's code at:

  // Purpose of this is to work with Node-Red in checking on services.
  // This determines if a specific port on a specific machine is open
  // and returns "on" if a port is open, or "off" if port is closed.

  // This will exit without two arguments
  // Syntax:  portcheck IP_ADDR PORT

  // Possible issue: takes a few seconds to timeout if target machine 
  // is offline

  #include <stdio.h>
  #include <sys/socket.h>
  #include <errno.h>
  #include <netdb.h>
  #include <string.h>
  #include <stdlib.h>

  int main(int argc, char **argv){

     // check if there are two arguments, exit if not //

     if(argc!=3) {
        printf("usage: portcheck IP PORT\n");

     // declare variables and structures //

     struct hostent *host;
     int err, i, sock;
     struct sockaddr_in sa;

     // set up the sa struct //

     strncpy((char*)&sa, "", sizeof sa);
     sa.sin_family = AF_INET;

     // add the IP and port to the sa struct //

     sa.sin_addr.s_addr = inet_addr(argv[1]);  

     // check the IP and port //

     sock = socket(AF_INET, SOCK_STREAM, 0);
     if(socket < 0){
     err = connect(sock, (struct sockaddr*)&sa, sizeof sa);

     // return "on" if port is open, "off" if port is closed //

     if (err < 0){
     } else {

     return 0;

Thursday, November 9, 2017

Why MQTT use has increased, and why I'm hating on a certain ZWave IP owner

I ran across the this post during my daily perusal of tech news. It's both interesting and a bit limited, in that it only looks at protocol use and doesn't dig into why.

I believe that the "why" for the increased MQTT/MQTTS use is: hobbyists and developers. Tools like HomeAssistant and Node-Red have experienced a large growth in the home automation area. Both tools can use locally implemented protocols (Zigbee, ZWave, etc.) but tend to focus on use of MQTT for over-the-netwrok communications. Although they've been around for about 5 years, prices for Linux-based automation hubs, like Samsung's Artik boards, have decreased recently (mostly due to increases competition[1]). Couple this with free (for hobbyist) Internet-based MQTT(S) servers (list here) and it's easy to see why use of the protocol has expanded.

That's not to say that everything is sunshine and roses. Example: I have some reservations about Samsung's Artik series boards, it's mostly due to third party licensing for the Z-Wave interface. To explain, the Artik 5 board can be acquired for less than $100 and has interfaces for Wi-Fi, Bluetooth, Zigbee, and a few other not-so-popular wireless protocols. While the board does have a ZWave chipset, its use requires a separate purchase of firmware and a license from the intellectual property owner of the ZWave technology. The bad news is that said third party requires that you purchase a $1500 development kit, just to acquire the firmware. This greed effectively kills[2] just about every hobbyist-driven ZWave project and will likely create a market for alternative protocols and solutions.

In defense of the Artik 5 board, it's a nice piece of kit. Simply put, it's an ARM board that comes with the Fedora 22 distro[3] pre-installed. It has multiple antennas for the supported wireless technologies[4] and also has the ability to interface with Arduino boards. Of serious value is the USB-based serial interface (separate from the power supply connector) which allows for operating system access[5] without having the network configured.

For now, I'm stuck with working around the no-ZWave limitation by using getting automation software on the Artik 5 to talk to the same software running on a Raspberry Pi, which hosts a HUSBZB-1 dongle[6]. To tie in the opening of this post, such is achieved via use of Node-Red, using MQTT and/or MQTTS for over-the-network comms (rule of thumb: develop with MQTT, put into productions with MQTTS).

For anyone that wants to experiment with Samsung's offerings, I'd recommend the Artik 7 or 10 series boards. They come with a USB host interface (which the Artik 5 lacks) that allows for use of ZWave via the addition of a HUSBZB-1 or Anteon dongle. I'm also taking a look at using USB2IP, but such requires cross-compiling because the Artik 5 doesn't have enough storage to support installation of the tool chain needed to compile the code. In any case, it's not much of a shortcoming for me as I only have 3 ZWave outlets and 2 Zigbee bulbs. Moving off of ZWave, should I ever do it[7], will not be a major financial hit. I'll just continue experimenting with the other protocols.


[1] Manufacturers have no one to blame but themselves. Being first out of the gate doesn't justify exorbitant pricing. That just leads to having your lunch eaten in the time it takes for an engineer to design a similar product (these days, it's down to weeks).
[2] I learned about the licensing problem after I'd received the Artik 5 board for my birthday.
[3] I've managed to update the board to both Fedora 24 and the current Fedora 25. I've also managed to run Ubuntu 16.04 LTS from the SD card. (Note: the Artik 5 board does not support installation of Ubuntu, though the Artik 7 and 10 does.)
[4] It also has an antenna jack for ZWave, should you ever get around to adding it.
[5] On Linux, the easiest method for accessing the serial interface amounts to: screen /dev/ttyUSB0 115200
[6] Both Node-Red and HomeAssistant also work with the ZWave interface provided by the RaZberry daughterboard.
[7] I originally used the SmartThing's hub, with a MQTT interface to control those but I didn't like the need to have Internet connectivity to control the lights. We live in an older (Internet-wise) neighborhood and connectivity can best be described as "intermittent during damp weather".

Friday, November 3, 2017

What was I reading in October 2017?


- ntpd won't save you from one particular rogue bit


- How SSH became port 22


- alvarcarto/url-to-pdf-api - I need to experiment with this as I've been wanting an internal PrintFriendly-like service.
- WaveNet launches in the Google Assistant DeepMind - Another item on my list to try.
- An Update on Firefox Containers - ... and another...
- AWK for Multimedia - ... and another.


- Steve Wozniak announces tech education platform Woz U
- Exploding Git Repositories - Discussion of an issue similar to zip bombs.


- Falling through the KRACKs
- Dive into Deep Learning with 15 free online courses
- Practical public key cryptography
- Screen capture in Google Chrome - A possible partner for the url-to-pdf tool above?
- URG - A discussion of TCP.
- Everything You Wanted To Know About Blockchains - Part 1
- Vim After 15 Years
- Using cgroups to limit I/O


- Researchers find that LastPass 2FA can become 1FA
- ssh_scan: A SSH configuration and policy scanner for Linux and UNIX server


- An ode to pack: gzip’s forgotten decompressor
- Getting the Most out of Sqlite3 with Python
- Do you have the Learners Syndrome? - Uhm... I admit nothing, because I do get use out of what I learn. (Okay, maybe not the Japanese language lessons, but...)
- Unix is my IDE


- The Uncanny Resurrection of Dungeons & Dragons
- SSH Escape Sequences (aka How to Kill Dead SSH Sessions) - Just when you think you know a tool... Guess it pays to reread man pages now and then.
- Remember that $86 million license plate scanner I replicated? I caught someone with it.
- Newfound Wormhole Allows Information to Escape Black Holes


- Speech Recognition Is Not Solved - I'm not liking the author's argument because speech recognition only needs to be "good enough". Much of what he wants borders on AI (e.g., recognition of context).
- learnbyexample/Command-line-text-processing - Notes on processing text with awk.


- SNMP Authentication Bypass Cripples Numerous Devices
- OpenSSH Removes SSHv1 Support


- Secretary problem
- Outlawry Supervillians and Modern Law
- Replace your exploit-ridden firmware with a Linux kernel
- 10 charts that show why sleep is so important


- Understanding deep learning requires re-thinking generalization
- Stop Feeling Like an Imposter

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, October 1, 2017

What was I reading in September 2017?


- Perl as PID 1 under Docker - How to shut down gracefully
- The real prerequisite for machine learning isn't math, it's data analysis
- The Ultimate List of Youtube Programming Channels - Sometimes you need more than CS50 (Yeah! I said it. Whatchya gonna do about it?)
- A.I. Bias Doesn't Mean What Journalists Say it Means
- The Mathematics of Machine Learning
- Lu Ban's Axe and Working with Your Chinese Suppliers
- Mastering Bayes
- Comcast sues Vermont to avoid building 550 miles of new cable lines


- Learning Python without Library Overload


- Is systemd's hand-rolled Desktop-Bus-over-SSH tunnel a security worry?


- Understanding Crypto Regulations - Multicoin Capital
- What every software engineer should know about search


- Patching is hard; so what?
- Deprecated Linux networking commands and their replacements - Anyone else frustrated with the terms "legacy" and "deprecated"?
- Programmer's guide to the Computer Networking galaxy


- 2017 NSA Codebreaker Challenge
- NSA Launches 'Codebreaker Challenge' For Students: Stopping an Infrastructure Attack - Slashdot
- We've failed: Pirate black open access is trumping green and gold and we must change our approach
- Equifax Releases Details on Cybersecurity Incident, Announces Personnel Changes


- Introducing Keybase Teams
- Equifax Breach: Setting the Record Straight
- Learn from your attackers - SSH HoneyPot
- The Mysterious Origins of the Phrase 'Liar, Liar, Pants on Fire'
- A Brain Built From Atomic Switches Can Learn
- DuckDuckGo: The Solopreneur That Is Beating Google at Its Game
- Welcome to the World of Software Defined Radio


- Engineers have found a way to 3D print super strong aluminum
- The moon blew up without warning and for no apparent reason


- Huge Ethereum Mixer


- Pipe Logic
- We seem to be getting stupider and population ageing may be why - Before you get into lengthy discussions about how old people's brains are slowing down, this also implies that you younguns just aren't holding up your end of the stick. :P
- Search online courses from edX, Coursera, Udacity, and more
- The Princess Bride Turns 30: Rob Reiner, Robin Wright, and Billy Crystal Dish About Making the Cult Classic - 30 years? Inconceivable! (Someone had to say it.)
- Amazon Increases Production Spending for 2018, Developing Three New Sci-Fi Series
- Why You Shouldn't Slog Through Books
- The Inside Story of Equifax's Massive Data Breach
- Crypto Classics: Wiener's RSA Attack

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, September 3, 2017

What was I reading in August 2017?

Below is a bit lite due to August being an extremely busy month for me (changing employment, attending training, etc.). Will be playing catch-up in the next few weeks...


- LinkedIn: It's illegal to scrape our website without permission - Yet another "who owns your data?" argument.
- 100x faster, 10x cheaper: 3D metal printing is about to go mainstream - But how long until I can afford one of these printers?
- No Facebook Did Not Panic and Shut Down an AI Program That Was Getting Dangerously Smart
- Hacking Voting Machines at DEF CON 25
- Elixir School - More training!
- Are You A Teenager Who Reads News Online? According to the Justice Department You May Be a Criminal
- Shor, I'll do it


- Introducing the Keybase filesystem


- What is Nuitka - Hint: Python compiler
- Detecting Chrome Headless
- Geo for Bootstrap - a Timeless Theme - Warning! Extended exposure to this web site's theme is known to damage eyesight!
- Feynman on Fermat's Last Theorem
- Jordan B Peterson's answer to What is more beneficial in all aspects of life; a high EQ or IQ?
- Amazing Tensorflow Github Projects
- yrutschle/sslh - Another protocol multiplexer


- Let 'localhost' be localhost.
- Podcasting patent is totally dead, appeals court rules
- Dijkstra was right, recursion should not be difficult
- Porting Chrome Extension to Firefox Shing's Blog - Still on my 'to do' list.
- The Frame Problem Stanford Encyclopedia of Philosophy


- Typing with pleasure
- Mongoose OS - reduce IoT firmware development time up to 90
- 78rpm Records Digitized by George Blood L.P. : Free Audio : Download & Streaming : Internet Archive


- How can I help test Docker for RPi?
- Security Keys (hardware)
- Raspbian Stretch has arrived for Raspberry Pi


- Free Online Computer Science Courses - Yet more training!
- How to make your first steps in Open Source contributing
- How to write your own compiler
- What happened to memberships? - Google Express Help
- A Human-Friendly API Service for Crypto Currency Information
- Learn how to write a hash table in C
- Tackling Technical Writing


- Making your own custom USB cables
- The Chrome team is currently experimenting with a setting to mute/unmute a web site


- OCaml for the impatient
- Python Data Science Handbook
- An Argument For Why Windows Will Go Open Source
- An attempt to make computer machines run better
- Whitepaper: The Black Art of Wireless Post-Exploitation - Bypassing Port-Based Access Controls Using Indirect Wireless Pivots

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Tuesday, August 1, 2017

What was I reading in July 2017?


- Drones may soon have to identify themselves electronically while in flight
- 2FA using a postcard!
- Fake news: you ain t seen nothing yet - Remind me again why I visit this web site? It's Aug 1st and I'm locked out because I've "reached my limit". New candidate for the HN News filter, I guess.


- alexanderepstein/Bash-Snippets
- Eastlink customer's 20-year-old email account shut down over unusual address - I'm skeptical but will withhold comment until the address is used elsewhere.


- Chicago To Make Future Plans a Graduation Requirement - Can hear it now: "I would have graduated if not for that meddling bureaucrat." (Points for a Scooby Do reference?)
- Putin Signs Law to Remove Pirate Proxies From Search Engines
- A rift in the NTP world - (*sigh*) The whole lot needs to be sent to bed without their dinner.
- Florence Nightingale Saved Far More People With Her Grasp Of Numbers Than Of Nursing


- Monte Carlo theory methods and examples - Note: Be very careful with your use cases! (My apologies to my coworker who used the Monte Hall gambit as an example but I did enjoy that.)
- OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux Windows?
- Running Any Linux Browser in (almost) Headless Mode - On my "to do" list. (This has "trouble" written all over it.)


- Elon Musk's big battery brings reality crashing into a post-truth world
- Where Machine Learning meets rule-based verification
- Introducing HumbleNet: a cross-platform networking library that works in the browser


- Qubes OS
- Slaying the 'math monster': It's not about numbers it's about learning how to think.


- Contempt Culture - The Particular Finest
- Elliptic Curve Cryptography Tutorial


- Machine Learning Crash Course: Part 4
- Machine Learning Crash Course: Part 1 ML B
- Machine Learning Crash Course: Part 2 ML B
- Machine Learning Crash Course: Part 3 ML B
- learnbyexample/Command-line-text-processing


- The future of deep learning


- Cosette: An Automated SQL Solver
- On Password Managers
- The rise of Python for Embedded Systems
- Kaisa Matom ki Dreams of Primes
- How Checkers Was Solved
- NIST Randomness Beacon
- Introducing Bluetooth Mesh Networking - I've been working with Z-Wave and Zigbee technologies for the past month. Mesh Bluetooth is something that I'd like to see, if only for having another option for automation.


- Movidius launches a $79 deep-learning USB stick - Trying hard to come up with a use case so I can justify buying a handful!
- Browser Abuse Syndrome - This is how your lunch gets eaten. #stuck_in_the_90s


- To become a data scientist focus on coding
- Alternatives to a Degree to Prove Yourself in Deep Learning
- The clever electronic inks rewriting our energy future
- A Practical Guide to Tree Based Learning Algorithms


- NTLM Hash Leaks: Microsoft's Ancient Design Flaw


- TeachCraft - (Minecraft plus Python)
- Voice Synthesis for in-the-Wild Speakers via a Phonological Loop
- How to: Create a Z-Wave Smart Home hub using a Raspberry Pi
- MS Paint is here to stay
- Microsoft Paint Was Never Going to Die But It Made for Good Headlines


- Tracing a packet journey using Linux tracepoints perf and eBPF
- One of the fathers of modern computing used this 6-step process to solve any problem


- The Worst Internet in America - I'm thinking that their source for data is the comms companies 'cause the data appears to be COMPLETE AND UTTER BS! My mom lives in an Appalachian area with a single line strung into the one side of the valley. Because she and most everyone else doesn't live near it, they don't have Internet. Hint: on cell phone maps, it's a blank spot.
- Millennials are the ones keeping libraries alive
- Going down the rabbit hole with go-fuzz
- Robot cracks open safe live on Def Con's stage
- Breaking open the MtGox case part 1
- Waze for Android Auto is Here - I've already installed it. Now I remember why I used to say "Don't cross the Waze Lady!" (heh)

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, July 9, 2017

Bash - exit on failure

The problem

Scripts like the following will execute each step, even if one fails:

 echo "Shutting down mysqld. Please wait."
 # following shuts down mysql before stopping the container
 docker exec mysql /usr/bin/mysqladmin shutdown
 echo "Stopping the individual containers..."
 # stop the containers
 docker stop mysql
 docker stop sphinx
 docker stop apache

The problem with the above is that: if MySQL service does not completely shutdown (i.e., has some sort of error), there is nothing to stop the script from executing the last three steps. Without the database services stop, those will corrupt your database. (I learned this the hard way.)

One solution

The desirable solution is for the script to exit without stopping the Docker services. This can be done by making the MySQL shutdown line look like:

 docker exec mysql /usr/bin/mysqladmin shutdown || \
  { echo 'MySQL shutdown failed' ; exit 1; }

Note: above should all be on a single line (without the "\").

The above gives you a warning that something didn't work right and exits the script before attempting to stop the Docker containers.

Sunday, July 2, 2017

Copy and paste in a terminal

LatestHackingNews has an article about Linux commands, one of which involves using the keyboard to copy and paste. The article indicates that ctrl-c will copy whatever's highlighted to the clipboard. This isn't accurate in that ctrl-c does what you expect it to do (interrupt a running process). The proper key sequence is shift-ctrl-c (paste is shift-ctrl-v).

Saturday, July 1, 2017

What was I reading in June 2017


- GEF - GDB Enhanced Features documentation
- Practical Guide to Bare Metal C GitBook
- Free software is suffering because coders don't know how to write documentation - It's not limited to free software.
- Pinboard Acquires Delicious - I miss the original verison of Delicious. The later versions, not so much.
- Mobile Sensors Exploitation


- The Telnet BBS Guide - Ah, memories....
- scores a $1.2M seed round to simplify developer encryption key security


- Five years of IPv6: whither the next five? APNIC Blog
- The Boolean Satisfiability Problem [SAT] and SAT solvers in 5 mins or more - A bit math-heavy.
- A Brief History of the UUID - I'm of the opinion that the faster you put technology and people on line, the sooner we'll start seeing collisions (not every conforms to standards, even when you make it mandatory).
- How highly advanced hackers ab used satellites to stay under the radar


- Docker Containers Are Hard Just Like All Great Technologies - Container Journal - I might agree to that statement later. For now, Docker containers are hard because the developers keep modifying features and syntax. Then again, mebbe I'm just annoyed because I've had to rewrite Dockerfiles due to deprecated features.


- Jupyter Notebooks


- Visual Cryptography Kit


- forsyth / plan9-9k Bitbucket - Wife once asked me what I'd do when Linux becomes mainstream. My answer: probably run Plan9. (heh)


- Grammar Puss - One possible quick-answer: because we don't conduct business in slang. Contracts writing, as well as technical spec writing requires very structured grammar. If you cannot speak/write properly, your corporate customers are likely to take their business elsewhere. Also, good luck with getting that job interview if your resume contains "jank", "dox", "fubar", and/or similar words.


- 16 commands to check hardware information on Linux
- The 25 Most Disruptive Companies of the Year


- Writing a Unix Shell - Part I
- mattn/sudo - Sudo for Windows? Not sure if it's a good idea but it should be about as entertaining to watch as a Windows user try to exit Vim.
- Beginner's Guide to Linkers


- The calibre Content server calibre 3.0.0 documentation


- Revealed: Facebook exposed identities of moderators to suspected terrorists
- Why You Should Stop Using a Raspberry Pi for Everything - This comes across as click-bait. The RPi is a learning/development tool, not infrastructure. The article leverages another article which is eaven worse (e.g., "You can't run MS Office on a Pi" is treated as a rational justification.)
- Keys Tokens and Too Much Trust Found in Container Images


- Open Textbook Library
- Your own company? You can do it!
- vendu/wizardcode
- Intro to SDR and RF Signal Analysis
- 10 Free Must-Read Books for Machine Learning and Data Science
- Language summit lightning talks []
- DeepMind Open Source Datasets DeepMind
- Security/Guidelines/OpenSSH - MozillaWiki
- The new subtle ways the rich signal their wealth


- The Stack Clash


- Why So Many Top Hackers Hail from Russia Krebs on Security
- Erlang/OTP 20.0
- Academy - MLJAR - Machine learning training.
- Government wants to permanently legalize the right to repair - I've always felt that this is something that should be left to "the market". Once an industry angers its customer base, it's ripe for "disruption".
- 7 Ways to Get Better at C During this Summer


- How to Call B.S. on Big Data: A Practical Guide


- Audio streaming: Icecast HLS MP3
- astorfi/TensorFlow-World


- AWS Security Primer
- Deep Learning in Robotics Robohub
- Over 150 of the Best Machine Learning NLP and Python Tutorials I've Found
- Quantum Computing: A beginner s notes and overview of IBM's Quantum Experience - The developerWorks Blog
- This Ikea Bowl Has Been Setting Things on Fire


- European Commission - PRESS RELEASES - Press release
- 'Infarm' Startup Wants To Put a Farm In Every Grocery Store - I can't get away from the thought that this is being stood up by non-farmers. How fast do they think things grow? They're going to need a lot of space, for lengthy periods of time, with no immediate ROI.
- Canada's top court backs order for Google to remove firm's website from global searches - Yet another group of people who don't understand how search engines work. Hint: take the data off of the source and ask the search engine to re-index the site. Otherwise the data is still on the Internet. Google just won't be able to find it (but other search engines will).


- 5 Cool Docker Projects You May Have Missed - Container Journal
- Sysdig Container isolation gone wrong
- Explain like I'm 5: Kerberos


- Couple Asks Internet To Photoshop Out Shirtless Guy From Engagement Photo Regrets It Immediately
- What Happens When You Ask The Wrong Guy For Help 10 New Pics

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Friday, June 2, 2017

What was I reading in May 2017


- How to Read Mathematics
- Building a BlackBerry QNX 7 Desktop
- How to point GDB to your sources


- Getting Started with Headless Chrome - I'm thinking that this consume a sizable portion of my future.
- Why Walking Helps Us Think
- Programming as a Way of Thinking


- Kryptonite - the new home for your SSH private key. - I have this feeling that it's not an improvement of security. It's a convenience, therefore...
- evilsocket/opensnitch - One to watch?
- Fix your crappy ads and I'll stop blocking them - The author closes the browser tab. I go a bit further and inject code into my browser that highlights (in yellow) any link to the site, warning me that they have crappy ads. In short, I don't block the ads, I avoid the site altogether.
- Forensics - TeamViewer file extraction


- OpenSSH Removes SSHv1 Support


- Machine To Machine Talk Using ESP8266


- Thousands of Veterans Want to Learn to Code But Can't
- Avoid these 35 habits that lead to unmaintainable code
- Why Don't People Return Their Shopping Carts? - This is one of my peeves. We have strong winds here and my cars have had more than one scratch from these wheeled missiles.


- The hijacking flaw that lurked in Intel chips is worse than anyone thought
- WuTheFWasThat/vimflowy - This can also be used as typing practice for new Vi/Vim users.


- MTK51 8051 Microcontroller Trainer Kit
- A Lot of What Is Known about Pirates Is Not True, and a Lot of What Is True Is Not Known
- The Physicist Who Sees Crime Networks


- New device can harvest indoor light to power electronics
- Announcing SyntaxNet: The World's Most Accurate Parser Goes Open Source
- The Discipline of Chaos Engineering - Not only is it a good idea to know what "normal" looks like, you should be familiar with what "abnormal" looks like...
- Maintainers make the world go round
- Google releases DIY open source Raspberry Pi 'Voice Kit' hardware -- here's how to get it
- IPv6 as a metadata store


- KFUZZ, a fuzzer story.
- Amazon enables free calls and messages on all Echo devices with Alexa Calling


- “Google Is as Close to a Natural Monopoly as the Bell System Was in 1956″ - Complete and utter BS from another self-promoting armchair critic. Big != monopoly. He's also ignorant if he thinks that musicians don't make their primary income from touring.
- Lasp: a little further down the Erlang rabbithole. This is not a Monad tutorial
- SQL Notebook
- Exploiting the Linux kernel via packet sockets
- Get started Learning Music (Beta)
- Beware of Transparent Pixels


- dns-violations - Given the ways DNS has been "adapted" to support miscellaneous non-DNS services, I'm not sure that this is worth the time being put into it.
- Standing Up to a Dangerous New Breed of Patent Troll
- When Bash Scripts Bite


- Your Brain Can Only Take So Much Focus - Yeah, but it's like a muscle. With practice, you can focus longer. (Warning: Crappy ad website. Vertical reading area =~ 50% of browser.)


- The Tools We Use To Stay Afloat
- Rejection Letter - Could this be where the Iraqi Information Minister retired? (geesh)


- MP3 is dead missed the real much better story


- The Secret History of William Gibson's Never-Filmed Aliens Sequel
- Amazon Announces Notifications for Alexa' Feature Is Coming Soon Sign-Up to Stay Tuned


- Scientists Claim 'Cold Spot' In Space Could Offer Evidence of a Parallel Universe


- So You Want to Learn to Break Ciphers
- Algorithms and Data Structures
- PyCon 2017 - YouTube


- Building a legacy search engine for a legacy protocol
- Updating Logitech Hardware on Linux


- taviso/loadlibrary
- Don't use Hadoop - your data isn't that big
- US politicians think companies should be allowed to 'hack back' after WannaCry - If this becomes law, I'll attempt to corner the market on popcorn.


- MicroPython running "bare metal" in the browser via unicorn.js
- The Magic of XOR
- Little Things I Like to Do with Git
- Repurposing Thin Clients
- A brief history of IPv4 address space exhaustion
- 1922: Why I Quit Being So Accommodating
- Dirty COW and why lying is bad even if you are the Linux kernel


- The American Scholar: Writing English as a Second Language
- Reflections on reflection (attacks)
- firmware-security-training


- (Important: the reach of a patent) IMPRESSION PRODUCTS INC. v. LEXMARK INT'L INC.
- Overview of top cryptocurrencies
- Pipes - Watching this one. I miss Yahoo Pipes.
- Computer science students should learn to cheat not be punished for it - Uh. No. Doing so defeats the purpose of learning how to do something (which is why the school is there). In the long run, someone will be sued for misappropriating someone else's code.
- Older Adults Learning Computer Programming: Motivations, Frustrations, and Design Opportunities
- MySQL 8.0: Retiring Support for the Query Cache
- oss-security - Qualys Security Advisory
- Writing a Unix Shell - Part I
- Remaining Trouble Spots with Computational Thinking

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, May 1, 2017

What was I reading in April 2017

April was a busy month. Took a course on security for embedded devices (explains the gap at the end). Picked up an external 480 GB drive the size of two postage stamps. Overhauled one laptop. Installed Linux on two others (harder than it sounds when you're wrestling UEFI _and_ TPM). Sick for a number of days with whatever bug was hanging around. In short, those are my excuses for the 10 day gap near the end of April's reading list.


- Open Source Needs FPGAs; FPGAs Need an On-ramp
- The Shell Hater's Handbook
- Why Japan's Rail Workers Can't Stop Pointing at Things
- How to Write Portable C Without Complicating Your Build
- Destroying Cockroaches and the Hackathon Experience
- Microsoft closing down CodePlex, tells devs to move to GitHub - This is one of those things that probably shouldn't be announced on April 1st.
- - Remains to be seen if this is actually useful.


- Over The Air: Exploiting Broadcom's Wi-Fi Stack - Part 1
- How To Learn Hadoop For Free


- Unix is not an acceptable Unix
- Build Your Own Text Editor
- SEI CERT C Coding Standard - SEI CERT C Coding Standard
- Oath isn't just a terrible name, it's going to be a nightmare ad-tracking machine
- ShelfJoy - 17 Essential Machine Learning books suggested by Michael I. Jordan from Berkeley


- corkami/pics - Posters for various technical bits.
- Federated Learning: Collaborative Machine Learning without Centralized Training Data


- Introduction to the Domain Name System DNS
- The 5 Phases of Vim Use


- Exploring 3-Move - A LambdaMOO inspired environment
- My giant JavaScript Basics course is now live on YouTube. And it's free.


- The Bulwer-Lytton Fiction Contest - An annual contest to come up with the worst ever opening line for a book that doesn't exist (in a recognizable category, I think). Goal for self: achieve (at least) a "dishonorable mention".
- Vi's Complete Key Binding List
- New York becomes only state to offer free four-year college - Sure, now that I've spent a decade paying off my school debt...
- Packet Sniffing on Layer 2 Switched Local Area Networks


- How To Secure Your Web App With HTTP Headers


- Open Source Search Engines Retrieval Tools and Libraries - I agree with V3ss: Why wasn't SphinxSearch mentioned? (I'm using it in a home-grown document management system and a bookmark tracker.)
- nvbn/thefuck
- Learn 90 of Python in 90 Minutes
- The Hacker Dictionary - Hacker terms lingo slang and acronyms
- How To Host Your Own Private Git Repositories
- How to write a simple operating system in assembly language
- Unfixed security bugs
- Low level programming university


- I reverse engineered a motherboard
- StarCraft 1.18 Release: 18 April 2:00 PM PDT - StarCraft Forums

(insert excuses for 10 days sick+busy here)


- How Many x86-64 Instructions Are There Anyway?
- Learn LaTeX in 30 minutes

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Friday, April 14, 2017

Finding RSS feeds

One you have a feed reader up and running, you'll want to subscribe to RSS feeds that support your favorite topics. You can search for them with Google, by using the "inurl" or "filetype" search modifiers. Example searches could include:
 inurl:rss security
 filetype:rss linux
 inurl:xml asterisk
 filetype:atom sphinx search
Note that there are multiple feed formats (rss, atom, xml, etc.) so it's recommended that you experiment with the search parameters.

Saturday, April 1, 2017

What was I reading in March 2017


- x86 Paging Tutorial - Ciro Santilli


- selfie by cksystemsteaching - For MIPS studens
- Consistent Hash Rings Explained Simply
- The Collapse of the UNIX Philosophy - Not an attractive article. Appears to be written by comparing it with Windows, without saying "Windows". Then again, I'm an old fart and am used to the "borken way".


- CS department updates introductory courses
- cs01/gdbgui


- Learn C Programming With 9 Excellent Open Source Books - OSS Blog


- I'm Old, Part XLI: Trolling Creative People
- Vacant Homes Are A Global Epidemic And Paris Is Fighting It With A 60 Tax Better Dwelling


- I learned how to do math with the ancient abacus — and it changed my life
- A right to repair: why Nebraska farmers are taking on John Deere and Apple


- Apologies. I had a article here but it's since been moved behind a pay wall. I've also added the site to my news filter.
- Phyllis Diller Gag File - Smithsonian Seeks Digital Volunteers


- 18 Things You'll Understand If You Went To High School In A Small Town - #8 is bs 'cause it assumes a certain level of traffic. #13 - if you had to look up FFA, you didn't grow up in a small town. #14 - If you had a DQ, (again) you didn't grow up in a small town. We had Tastee Freez and it was in the next town over. #16 - the rodeo was for the townees. Farmers already have horses, cattle, etc. We showed them off at the county fair (4-H/FFA, remember?). #18 - I'm hoping the cool girls still know how to saddle a horse.


- My Response to: How to never complete anything
- Google goes after Slack and splits Hangouts into Chat and Meet
- Backdooring MySQL Backups
- Baidu’s Artificial Intelligence Lab Unveils Synthetic Speech System


- Draft NIST SP 800-63-3 Digital Identity Guidelines
- Real-time notifications from systemd to Slack


- Teach Yourself Computer Science
- Gödel and the limits of logic
- On Programming Languages; Why My Dad Went From Programming to Driving a Bus


- Notes on Programming in C
- The Cyberpunk Sensibility
- Why We Desperately Need To Bring Back Vocational Training In Schools
- Why I've Retired My PGP Keys and What's Replaced It


- Chrome getting support for animated PNGs - A sign the end is near?
- Reverse Culture Shock - The Challenges of Returning Home: Reverse Culture Shock - Somewhat, this also applies to returning to a small towns.
- Scrolling on the web: A primer - Microsoft Edge Dev Blog


- How to Clear a Path Through 60 Feet of Snow Japanese Style
- Learning when to skim and when to read
- The Cult of DD
- A Good Vimrc
- The Surprisingly Simple Logic Behind Japanese Sentence Structure


- They Used To Last 50 Years
- How to Write a Git Commit Message - Just what Git needs: an effin' style guide. This kind of stuff gets my ire up because it makes assumptions (who's the expected audience, why you're pushing to Git, that there's a human involved in pushing to Git, etc.). We now know where the don't-ever-top-post people went...


- Why losing a dog can be harder than losing a relative or friend
- A hot bath has benefits similar to exercise
- How I Built a Profitable "Startup" in 28 Days With a $100 Budget


- Dig once bill could bring fiber Internet to much of the US


- The Days of Google Talk Are Over - Please, please no!


- Linux x86 Program Start Up
- Writing a Linux Debugger Part 1: Setup
- Writing a Linux Debugger Part 2: Breakpoints
- How to learn on your own
- 21 XMPP use-cases and the best ways to achieve them
- tmuxp tmuxp 1.2.7 documentation


- A Second Life for very old C programs
- No. I Don't Want to Subscribe to Your Newsletter


- 'Cards Against Humanity' Creator Just Pledged To Buy and Publish Congress's Browser History - Is it just me or does the law somehow miss that much of our web traffic is encrypted? If ISPs are going to start intercepting SSL traffic (ala mitmproxy or similar), isn't such still illegal?
- The Arrival of Artificial Intelligence
- Learn Redis the hard way in production
- TRS-80 Model III Emulator for Windows - Yes, I'm an old fart. I spent many hours playing "Hack" on Trash-80 CP/M.
- DNSCrypt - Official Project Home Page
- /dev/lawyer - Open Source License Business Perception Report

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, March 19, 2017

Command-line Docker tip

If you're developing/running command line tools in Docker containers, you'll probably want the tool to know from what folder you're running the tool. To do this, you'll want to pass the "-v `pwd`:/source" option, where:
  • "pwd" (surrounded by backticks) is aliased to the working directory within the container
  • "/source" is the internal working directory within the container

For this (above and below) example, I'm using the Pandoc container, developed by jagregory. If I save the script (below) as "md2pdf", the syntax to run it would be something like:

  md2pdf result.pdf

My Script:



# following must be "beamer" or "latex"
# note: use beamer when producing PDF slides 
#       and latex when producing papers

#$format = "beamer";
$format = "latex";

if($format eq "latex") {
 $margin="-V geometry:margin=1in";
 $toc = "--toc";
 $highlight = "--listings --highlight-style=tango";

system("sudo docker run --rm -v `pwd`:/source pg/pandoc $toc $margin \
  $highlight -f markdown -t $format $src -o $tgt");

Sunday, March 12, 2017

Oops! Fixed.

While posting about Pandoc, I noticed that the February reading list was missing (it was still in draft status). I've finished the content and have post-dated it.

How to install Pandoc in Docker and convert Markdown to PDF

Pandoc is described as the Swiss Army knife of document converters. Following are my notes describing how to combine Docker and Pandoc, with a bit of Perl, to implement a command line utility that converts from one format to another (in this case, Markdown to PDF).

Note: Following assumes that you already have a working instance of Docker and that you can either: configure Docker to run as a normal user or can configure sudo to allow the user to run Docker.


1) Create a working directory and navigate into it:

  mkdir work
  cd work

2) Pull in J. A. Gregory's Dockerfile by running:


3) Create the Docker container by running:

  docker build -t pg/pandoc .

Note the period at the end. The above will take a few minutes to build so take a bio break, make a cup of coffee, or do something else that takes about 5 minutes.

4) In a "/bin" directory (I use /home/tim/bin and have added that to my $PATH), create a file called "md2pdf", containing the following:

  # declare the output
  $format = "latex";
  # edit the following to tweak your output
  $margin="-V geometry:margin=1in";
  $toc = "--toc";
  # following should all be on a single line
  # use "sudo docker..." if your Docker can't be called by 
  # a normal user
  system("sudo docker run -v `pwd`:/source pg/pandoc $toc \
    $margin -f markdown -t $format $src -o $tgt");

In the above, "-v `pwd`:/source" allows you to convert a Markdown file in whichever directory you happen to be working in, when calling pandoc. Effectively, you're temporarily linking your current working directory to the "/source" folder in the container.

5) Make "md2pdf" executable by running:

  chmod a+x md2pdf

In the above, the $margin variable redefines the margins for the output. Without the declaration, the output's margins are a bit excessive. The $toc variable causes the output to have a table of contents. If you use that, you'll probably also want to use \newpage or \pagebreak in your Markdown code, to trigger a new-page in the output.

6) Test your instance by creating a file called "", containing:

  # This is a test
  Just want to see if this works

    #sample code
    blah blah

  Hopefully it worked.

7) Test the file conversion by running:

  md2pdf mine.pdf

8) Open the new file in Google Chrome or your favorite PDF reader.


Wednesday, March 1, 2017

What was I reading in February 2017?


- OpenScope An Open Source Multi-function Board - Electronics-Lab
- Stop Disabling SELinux: A Real-World guide
- Typing Practice for Programmers SpeedCoder
- CoVim - Collaboration in Vim!


- Using tmux properly
- Terrible Ideas in Git
- Military Reading List
- Shaarli


- House Passes E-mail Privacy Act
- oxford-cs-deepnlp-2017/lectures
- Op-ed: Windows 10 0day exploit goes wild and so do Microsoft marketers
- Learn C Programming With 9 Excellent Open Source Books


- Windows Subsystem for Linux: Wine runs on it! No idea why but...


- What Vizio was doing behind the TV screen


- muesli/beehive - An event/agent system
- marcan/ - Wipe and reinstall a running Linux system via SSH, without rebooting.
- Keybase's end-to-end encrypted chat
- Oracle refuses to accept pro-Google fair use verdict in API battle - Means there's more of the shambling horror to come...


- I Do Not Know C
- Now sites can fingerprint you online even when you use multiple browsers
- Fuzzing PCI express: security in plaintext


- a discussion of Fedora's legal state []
- Getting Started with Deep Learning - Silicon Valley Data Science
- A rift in the NTP world []


- Neuromancer - Audio Book : William Gibson : Free Download & Streaming : Internet Archive
- Toward the Discovery of Citation Cartels in Citation Networks
- Tsundoku - One man's libary is another's OCD. You decid(Never mind that! None of your business! Go away!)


- Getting started with Vim


- Google Site Search - Google Enterprise Search
- World of Tanks streamer dies during 24-hour Twitch marathon
- The Hidden History of the Laundry Chute
- The PMP - How it Ruined Project Management


- Encryption Primer


- Is Your Child A Hacker? - I'd thought this meme was dead, years ago.


- Why Nothing Works Anymore
- Secondhand Smoke Is Not Nearly As Dangerous As We Thought. Shouldn't That Matter?

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.