Monday, December 31, 2018

Modify Recoll's Web-UI Template

I've been experimenting (again) with search engines (other than the Sphinx/MySQL-based document management system (DMS) currently used in-house), in attempt to come up with a less input-intensive approach to managing thousands (coming up on 11K) of documents. The tool that I'm currently testing is Recoll (something that I've worked with before).

In an attempt to make each document's metadata more portable, I'm working on embedding such within each document's EXIF data (via the exif tool). This approach dovetails nicely with my kluge of Gleebox, Chromix, and (recently added) SurfingKeys browser extensions.

Mod 1

I've added an "Edit" link to Recoll's "Open/Download/Preview" menu. Clicking on Edit takes the user to the metadata editor from the existing DMS system. Of course, the editor no longer saves to the database. Instead, it saves the metadata in the documents EXIF header.

Mod 2

I've enabled display of tags (Recoll calls them "keywords") in the Web-UI's output. This was a simple addition because Recoll already indexes keywords from document EXIF headers (if they exist). In a future version, I intend to modify the template so that each tag is actually a link to a listing of other documents with the same keyword. Implementation will likely require use of a SQLite3 database, which is periodically (nightly?) rebuilt.

So far, I have the following opinions about Recoll:


  • The approach is much more portable as there's no longer a separate database to replicate/back up/otherwise maintain.
  • I don't have to write additional document parsers (\o/ -yay!). Not that I have very many Word documents in the data store but...


  • A C++ engine that uses HTML templates for the front-end, which contain embedded Python commands, with Javascript and CSS making everything look pretty. Need I say more?
  • A cannot seem to get a consistent output from the same search phrase. When more than one page of results exists, relevence sorting returns slightly different ordering each time the query is run. Note: this may be a result of my ongoing updating of metadata info but it should affect results to the degree that it does.
  • There's no "sort by title" search option. Shouldn't this be a must-have?


Overall, it's a usable tool but the following may make it more attractive:

  • Thumbnails in the results.
  • Keywords which are individual links to external tag lists.
  • Triggering recollindex via inotify.
  • Sort by title


The new Web-UI result.tpl template is posted on: Github.

Sunday, December 16, 2018

To-do items

Notes to self/for the to-do list:
  • need a way to reference specific docs as external links (probably need a get function and an internal link)
  • feature for DMS - flag for possible project or useful for pending/existing project
  • after start of new year, clean out deprecated/non-functional feeds from rss reader

Wednesday, August 22, 2018

Journalism? Meh.

I don't usually write this sort of post anymore, mostly because it's no longer catharsis for me, but there's an article on CSO Online, entitled "32,000 smart homes can be easily hacked due to misconfigured MQTT servers" (by Ms. "Not Her Real Name" Smith), that annoys me to no end. It comes across as little more than click-bait and the magazine doesn't allow comments. My issues with the article follow.

The author's derision, aimed towards use of an "older" protocol, is irksome. Talking about a "bygone era when security wasn't a concern" is the trademark of an engineer who's promoting something else (solution, self, or corporate stance). That said, I do like how the author avoided use of the word "legacy" (I see it all too often) but, using her logic, Tim Berners Lee could be blamed for the Equifax leaks. The insecurity lies in the lack of proper configuration, not the protocol.

You keep hearing about how IoT is insecure? It's the "I" in IoT that's the problem. The article somehow avoids discussing how MQTT was not meant to run in any environment other than a local LAN or within a single security enclave. As with any other similar protocol, running it "on the Internet" adds insecurities.

Another problem is use of the phrase "Avast found...". Let's give credit where credit is due. Avast did not scan the Internet looking for insecure MQTT servers. Instead, someone at Avast used Shodan to get their numbers. Effectively, this is taking credit for someone else's work. Do they no longer teach "quote your sources" in college?

I have a Shodan account. As of this morning, the MQTT numbers break out to:

Total:  49,223
China: 12,185
US:  8,315
Germany: 3,048
HK:   2,177
RoK:  2,033

If you search specifically for port 1883, the numbers are:

China: 12,115
US:  8,275
Germany: 3,042
HK:  2,186
RoK:  2,031

This article butts up against another topic: being a journalist doesn't exclude you from laws. It doesn't matter that an insecure server exists on the Internet. If you connect to that server without permission, you've violated a number of laws. It's irresponsible not to mention this. The article should include such a warning, vice implying how easy the servers are to access.

The article ignores that there are some servers (okay, only a few) that are set up to be intentionally insecure. There are a number of use cases where a server might be set up insecure:

  • A few of the insecure servers might be the honeypots set up by varous organizations. A Google search for "honeypot mqtt" returns some interesting examples.
  • Some servers are intentionally set to be insecure. Ignoring the usual hackme/CTF stuff, brokers like HiveMQ are set up open, so that others can develop code and/or learn about use of MQTT. (Google search for "free mqtt broker"). Others are set up to provide public services (e.g., weather stations, ISS locator, stock data, Twitter feeds, BBC Radio 3 LiveTexts) (examples here and here).
  • Some people don't care that they're being tracked. More often than not, they're tracking themselves and don't care if anyone else knows their location. The free MQTT servers are "open" and the encrypted/authenticated servers are not. Some people make the conscious choice to use the open servers. Some of those already know that they can be tracked via other means (e.g., your Android or Apple phone). The author's "shot" at OwnTrack fails to recognize that OwnTrack requires the user to "find" an Internet-accessible MQTT server (OwnTrack doesn't provide such). The author should probably next write an article about how APRS is insecure.

This doesn't mean that there aren't insecure MQTT servers on the Internet. They do exist and they make up the majority of the numbers discussed in the article. However, not accounting for legitimate use cases, warning about accessing systems without permission, etc. (when writing a "doom & gloom" article) is just shoddy journalism. My 7th grade English teacher would have given this article a C (also, he'd probably make a comment about the quality of the magazine editor).

Wednesday, August 1, 2018

What was I reading in July 2018?

This was another of those months where I've been so busy that I did very little reading. Once again, I'm studying for multiple certification tests (re-tests?). Related to reading, the current Humble Bundle is looking quite interesting.

For those with access to the house network, the ESXi upgrade (to 6.5) appears to have worked without issue. Also in the network are: 2 Kali instances with the first target and a full reverse proxy, a Gogs instance, a Markdown editor, a Vim trainer, and a web-based man page reader. Some heavy tweaking of the reverse proxy was required but it appears to be working (including access to VMRC from the Hamachi network).

For awhile, I was having issue with the "s" (star) key in TT-RSS. It turns out that my customized instance of Gleebox had updated and the navigation settings had shifted from the right-side of the keyboard to the left. Finding it required that all extensions be turned off and behavior studied while each was re-enabled. It appears to be "playing nice" again.

I received a DLP-to-RPi adapter board from Mick Makes. Although it's intended to work with the RPI Zero, I'm hoping that it'll work with the new B+. It should, because the Zero and the B+ have the same header pin-out. Fingers crossed!

I've also turned on HTTPS for the blog (just now). Whether or not it works well remains to be seen. In any case, this past month's reading...


- How we discovered three poisonous books in our university library
- Pointers Are More Abstract Than You Might Expect in C
- There was a time when search engines were a thing. And it seems they still are
- SMS over IRC
- Reverse Engineering for Beginners


- Anti-Flow
- The advantages of an email-driven git workflow
- Water compresses under a high gradient electric field


- This new dual-platform malware targets both Windows and Linux systems


- Your IoT security concerns are stupid


- A Short Guide to Hard Problems
- did.txt file
- How to Implement Open Source Container Security: Part 1 - Runtime Security


- C's Biggest Mistake
- Autopsy of a deep learning paper


- Leonardo Da Vinci's To Do List (Circa 1490)

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, July 2, 2018

What was I reading in June 2018?

Didn't get much reading done this past month. Between the day job and moving/updating the lab, there was very, very little leisure time was left. I did manage to write a script to clean up buddy requests in a Bitlbee/ZNC architecture (separate post in this blog).

For those with connectivity to the lab, it's now running on ESXi v6.5. This means that ESXi labs are possible, without having to install the vSphere Client. Because most modern hypervisor platforms are "nestable", this means that you can install/learn about other hypervisors (or install ESXi on top of ESXi).

In any case, last month's articles:


- De Bruijn sequence
- Microsoft Is Said to Have Agreed to Acquire Coding Site GitHub
- The Long View: Nobody Expects an Accountable Inquisition
- Patents - how and why to get them
- Price's Law: Why Only A Few People Generate Half Of The Results
- Today we mitigated
- Microsoft's Interest In Buying GitHub Draws Backlash From Developers


- Marcus Hutchins WannaCry-killer hit with four new charges by the FBI


- Reverse Engineering One Line of JavaScript


- SPARK Core - Nextron Systems - Yara scanner. Looks interesting.


- Face recognition with OpenCV, Python, and deep learning
- x86 assembly doesn't have to be scary interactive


- Calm Down: It's Only Assembly Language
- Trachtenberg system

Thursday, June 14, 2018

Auto-answering friend/buddy requests

I use a combination of Bitlbee and ZNC to maintain a persistent presence on Jabber and IRC, even when I'm not actually online. Bitlbee will convert a number of non-IRC chat services (Facebook, Twitter, Jabber, Gtalk) into IRC channels and ZNC provides the ability to cache any/all incoming messages. My setup:

   chat client -> ZNC -> Bitlbee -> multiple non-IRC servers
                     \-> multiple IRC servers

The problem: One of the problems with public chat servers is that your receive a lot of buddy/friend requests from people you don't know. Bitlbee requires that you type the word "no" in response to each request (there is no group-answer function).

The solution: The following script leverages another ZNC feature, where multiple concurrent connections are allowed. This means that you can run the following script while being connected with your favorite IRC client. It will watch for the phrase "You can use the yes/no commands to accept/reject this request." and send "no" in response.


  • Assumes that you're already logged onto Bitlbee, from your IRC client, via ZNC,
  • Run this script once you're on a Bitlbee channel which has a number of friend/buddy requests.
  • You must type the first "no".
  • Recommendation: only turn on one Bitlbee channel at a time.

The script:


use IO::Socket;

# set up the connection
$con = IO::Socket::INET->new(PeerAddr=>'',
        Proto=>'tcp') || print "Error! $!\n";
print $con "User tim\r\n";

# allow time for any server side stuff to happen
sleep 3;

# connect to the bitlbee channel on ZNC
print $con "PASS tim/bitlbee:PASSWORD\r\n";

# following shouldn't be needed
#print $con "NICK tim\r\n";

# join the bitlbee command channel
print $con "JOIN \&bitlbee\r\n";

# loop and process messages from the server
while ($answer = <$con>) {

        if($answer =~ /^PING(.*)$/i) {
                print $con "PONG $1\r\n";

        # following 2 lines should be on 1
        if($answer =~ /\:root\!root\@cubietruck PRIVMSG \&bitlbee :You can \
use the \^Byes\^B\/\^Bno\^B commands to accept\/reject this request/){
                print $con "PRIVMSG &bitlbee :no\r\n";

Sunday, June 3, 2018

What was I reading in May 2018?

There was a slight delay in posting the below. Between spending last weekend at the ER and spending this weekend moving the office, there was very little time to post. In the interim, we've ordered some cheap toys from eBay. Will talk about them later.


- Cloudflare DNS service Blocked By AT&T - Why there's a blocklist at all is cause for concern.
- Fail Of The Week: Never Assume All Crystals Are Born Equal


- Authoritative GNU Radio training videos
- Google Duplex: An AI System for Accomplishing Real-World Tasks Over the Phone
- Researchers hide information in plain text - It's not what you immediately think. Instead, it's minor variations in the font's pixels.
- Pipe Logic - Code equivalents of circuits and components.
- Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs
- Terry Gilliam Reveals the Secrets of Monty Python Animations: A 1974 How-To Guide
- Low Level Bit Hacks You Absolutely Must Know
- Linux sandboxing improvements in Firefox 60


- The Big Lie ISPs Are Spreading in State Legislatures Is That They Don't Make Enough Money
- The State of Cryptocurrency Mining
- Top 20 Essential ESXCLI Commands You Need to Know


- Metasploitable3 CTF


- The sad state of sysadmin in the age of containers
- Finland offers free online Artificial Intelligence course to anyone, anywhere
- To Build Truly Intelligent Machines Teach Them Cause and Effect
- How to Run a Blockchain on a Deserted Island with Pen and Paper
- Why Great Employees Quit -- Instead Of Admitting They're Unhappy
- The Cyber Security Body Of Knowledge (CYBOK)
- Eigenvectors and Eigenvalues explained visually
- Beginner's Guide to IDAPython


- An Interesting Pattern in the Prime Numbers: Parallax Compression
- Abusing Proxies for DSLs - Stuff and Things
- The Markov Property, Chain, Reward Process and Decision Process


- Quantum Physics May Be Even Spookier Than You Think
- General Thinking Tools: 9 Mental Models to Solve Difficult Problems


- Command-line Tools can be 235x Faster than your Hadoop Cluster


- Making Driverless Cars Change Lanes More Like Human Drivers Do


- Why You Can't Just Block EU Visitors, EU Customers, or Any EU Traffic Under GDPR
- Letting Neural Networks Be Weird: When Algorithms Surprise Us


- USB Packet Snooping

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, May 6, 2018

What was I reading in April 2018?

Another busy month. Participated in a local CTF (team placed third!). Took a class on ISA standards for industrial control systems (now studying for those tests). Spent most of the last two weeks face down in a single spreadsheet and the danged thing still won't load.

In any case, here's this past month's list...


- sigrok - Short version: a portable, cross-platform, Free/Libre/Open-Source signal analysis software suite. Supposedly ti will work with the HackRF One.
- "Error 19874: You must have Office Professional Edition to read this content please upgrade your licence." - Lower tech malware with in interesting twist.
- A Pickpocket's Tale
- Fewbytes/rubber-docker - Understanding Docker by building it (or something like it) from scratch.
- Poor grades tied to class times that don't match our biological clocks - Not true! I aced the 8 a.m. basic electronics class. (Or was that because I'd already had the theory in trade school?)
- Turn TensorFlow functions into mathematical notations and diagrams


- Cloudflare's new DNS attracting 'gigabits per second' of rubbish - Exposing DNS shenanigans, because not everyone learned to play nicely in Kindergarten. Note: there's also a web server at that address. They also have a Twitter feed.
- chpmrc/zero-width-chrome-extension - Exposing web bugs by replacing them with emojis?
- Venetian Cryptography - A bit of history.
- Failing to secure DNS is 'savage ignorance': Geoff Huston - Not sure that I'd agree with the "it must not lie" part. There's all sorts of lies in the DNS system that we rely on (e.g., poisoning your own DNS is a simple/quick way of keeping your users off of certain sites).
- Computer system transcribes words users speak silently - Remember the looks we'd get when Bluetooth headsets first came out? I don't care, I want one of these.
- Writing To The Framebuffer Just keeping track of a needed reference here...
- Google bug bounty for security exploit that influences search results
- Giving every Tor Hidden Service a IPv6 address
- Linux kernel lockdown and UEFI Secure Boot - This is an attempt to make things better, unlike other shenanigans that can be performed within that architecture (including persistent "malware"). Hint: go read the guidance.


- Another reason why your Docker containers may be slow
- iliasam/OpenSimpleLidar - Open Hardware scanning laser rangefinder


- Probability Theory For Scientists and Engineers
- The chemistry of William Gibson's Neuromancer.


- Toward better phone call and video transcription with new Cloud Speech-to-Text


- A graphene roll-out - Weird things to come, I'll bet.
- (semi-related to the above) Graphene is Grown With the Same Band Gap as Silicon
- Tokyo and Hong Kong in 2018
- Scuttlebutt: A Decentralized Alternative To Facebook
- WiFi Backscatter
- nslookup, host, dig, whois: DNS Information Gathering - Basic theory, know-your-tools skills


- how I taught people about load balancers - This one is very interesting as it explains why things are very bad when load balancers go awry.
- A Moby-based container engine for IoT - I'm still not convinced that this is a good idea (adding complexity rarely improves security in the long run).


- Many Amazon Warehouse Workers are on Food Stamps - My biggest problem with the post: it doesn't suggest a solution. It's just stereotypical Internet bitching. This is nothing more than a hit piece. Same comment about public assistance can be said about U.S. military and adult burger flippers.


- The Pentagon's Ray Gun Can Stall Cars - Knew a guy in the 70's that could do this but he used a spark-gap generator and a directional antenna (car had to be idling, too).
- Microsoft Attempts To Spin Its Role in Counterfeiting Case
- Intel Movidus and the Forthcoming AI Overlord Revolution - Still haven't had much time to play with this.
- A Mass of Copyrighted Works Will Soon Enter the Public Domain - Holding breath. Watching.

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, April 2, 2018

What was I reading in March 2018?

A little less busy than the previous month. Same amount of travel but did get some site-seing in (Grand Tetons!), at the end of a very interesting class. Putting a lot of time in on a complicated project, which is due the first week in April.


- Machine Learning Crash Course
- google/oss-fuzz
- When distributions get it wrong
- Contributing to OpenMined metaflow-ai
- Learn with Google AI
- Schools are safer than they were in the 90s and school shootings are not more common than they used to be researchers say


- alevchuk/vim-clutch - Have all of the parts in my junk box but lack the time to do it.
- How To Code Like The Top Programmers At NASA - 10 Critical Rules
- The Hitchhikers Guide to the Galaxy is back with the original cast
- The real cause of large DDoS - IP Spoofing
- Rarely Asked Questions (RAQs)
- learnbyexample/Command-line-text-processing


- How to write an IRC bot
- Just start writing and the rest will follow
- Advent of D
- How To Corrupt An SQLite Database File


- Implementing FizzBuzz on an FPGA


- CrypTools - Learn
- To Test Einstein s Equations Poke a Black Hole
- How Einstein Lost His Bearings and With Them General Relativity
- Hackers Are So Fed Up With Twitter Bots They're Hunting Them Down Themselves - Can someone do something about IRC spam too?


- PostgreSQL Full Text Search Tutorial
- Louis-Philippe Veronneau - Playing with water
- Kyubyong/speaker_adapted_tts


- An Introduction to Machine Learning
- An employee whose job was to be sacked - I had a job like this when I was a teenager. Restaurant manager would publicly fire me every Friday and Saturday night. I was a cook the remainder of the time.


- joaoventura/full-speed-python - Book on learning Python
- Our Discovery of Cramming


- TCP Tracepoints


- New bill would prepare us for AI threat - While we're at it, can we do something about Popehat's pony threat? Or better, address the issues we currently have?


- More Tips for Managing a Fast-Growing Open Source Project - Will not touch this one as it's written from a proprietary point of view. Certain phrases in the article are just...


- Hilarious and Terrifying? Ways Algorithms Have Outsmarted Their Creators


- Fediverse Wiki
- Using gpg-agent Effectively
- Look for the duct tape
- You probably have too much motivation - and not enough follow-through
- Why I usually run 'w' first when troubleshooting unknown machines


- Introducing Cloud Text-to-Speech powered by DeepMind WaveNet technology
- Master your tools
- Google loses Android battle and could owe Oracle billions of dollars - 2018 is turning into The Year of the Undead (Court Cases). This one will be trouble.
- Being Open and Connected on Your Own Terms with our New Facebook Container Add-On


- Free SSL with a custom domain on GitHub Pages


- Former Walmart US CEO says Congress should consider splitting up Amazon - Given what Walmart did to businesses in small town America, isn't this just a bit disingenuous/hypocritical?
- Tracing stolen bitcoin
- Total Meltdown?
- Origami-Folded Hydrogel Paper Instantly Generates 110 Volts of Electricity

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, March 3, 2018

What was I reading in February 2018?

This month's reading list is quite light as I was on travel (multiple times) for most of the month. I'm also focused on generating another Element14 hardware review and attempting to get a user group organized. I also passed the GPYC certification.

Somehow I do this to myself at this time every year (volunteer for stuff in the Nov/Dec timeframe, slog through the obligations from Jan to Jun). In any case...


- Opera users claim that Microsoft is opening new tabs to advertise Edge Leopards. Spots.
- Programming the Linux Framebuffer - I may need this for the upcoming hardware review.
- Why Microsoft Office is a bigger productivity drain than Candy Crush Saga - Cause and effect, or just correlation?


- How to deal with NBSPs in a terminal
- Troubleshooting Tips: Failed Debugging with GDB - Having taken the Doulos class, I'm still trying to learn this. The Doulos course included an example of remote cross-platform debugging. For me, it's a much needed skill.
- Checking the Ubuntu Linux kernel updates on Spectre and Meltdown - The other time sink this past month.
- The SCO Vs IBM Zombie Shambles On - The annoying part of this bit of undead theater is "SCO's source code". I thought that it had been decided (in court) that SCO didn't own the source code. WTF?


- Running Microsoft SQL Server pod on OpenShift


- How writing can change your career for the better, even if you don't identify as a writer


- OpenBoard - the best interactive whiteboard for schools and universities
- How did Google Talk change from a dream to a nightmare? - I believe the author's problem is that he's using the tools provided by Google. I'm still using Bitlbee to connect to GT and little has changed since Day 1.


- FCC report finds almost no broadband competition at 100Mbps speeds My mom still can't get the Internet (without a satellite connection). She has to visit her children to update her Kindle.
- Eplox/TCP-Starvation
- Fizz Buzz in Tensorflow


- ARISS - Amateur radio on the International Space Station
- dtrace for linux; Oracle does the right thing
- The Risks Digest - For my own reference. I'll need it later.
- The cost of forsaking C - My opinion: C should be considered a basic skill. You should be able to read/fix C code, even though you don't use it on a daily/weekly basis.
- Appropriate Uses For SQLite - Should be required reading for "some people".
- Background removal with deep learning


- On Python Shebangs
- cknadler/vim-anywhere - I used this years ago. I don't remember why I stopped using it (given that I like to avoid mouse-based surfing).
- New Spectre/Meltdown variants leave victims open to side-channel attacks
- blog/unix/XNetworkTransparencyFailure
- How To Become A Centaur - Not surprising.


- The Benjamin Franklin Method of Reading Programming Books
- Determining Cat Chirality - Really? Someone needed to study this? (Hint; chirality = cat curls up clockwise or counter-clockwise.)


- Managing Someday-Maybe Projects with a CLI


- nuclearcat/cedarkey SSH key storage on cheap hardware


- Understanding the Limitations of HTTPS
- Who's Missing From America's Colleges? Rural High School Graduates - I'm a farmer's kid so this resonates a bit. I don't like concentrated city living but I don't fit in back home either. I work in tech and commute daily from what amounts to a small town.
- A Practical Introduction to Container Terminology
- Enhance an image - How it's done
- How to get yourself out of a funk
- Why Self-Taught Artificial Intelligence Has Trouble With the Real World - Reading for later.


- Study: students believe they are prepared for the workplace; employers disagree - This is why interviews include fizz buzz or similar. Also, author needs a dictionary (see if you can spot it).
- Heisenbug - ... and other fun "animals".
- Standing desks 'increase pain' and slow down mental ability study suggests - I could have told you that, but I'm old and my feet are having to deal with years of abuse (think 20 years of flight deck boots).
- AMP: the missing controversy - I can't help but feel tht this is a sour-grapes article. "Theoretical controversy" might be an indicator that the author is inventing conflict for the sake of clicks. It's open source. Don't use it if you don't want it. Me? I like reading content without the 40 or so advertisements pasted into the margins (or triggered pop-ups in the middle of an article).

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, February 3, 2018

What was I reading in January 2018?

Reading for the month of January was a bit lite because I was studying for a test (which I passed yesterday). At the same time, I was acting as technical editor for an acquaintance's book (completed a week or two ago).

I have approximately 3 weeks before the next set of courses starts and I'm taking a break (to let stress levels subside). That said, somehow I've let myself be tasked to write another hardware review...

In any case, January's reading:


- Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails - Slashdot - SMH... This usually sources from an attitude of either: "The rules don't apply to me." or "I'm too smart to get caught."
- An Introduction to Counterfeit ICs: Counterfeiting Detection and Avoidance Methods
- facebookresearch/wav2letter - Facebook's speech recognition toolkit
- Home - Much Assembly Required - an assembly programming game


- Don't pirate or we'll mess with your Nest, warns East Coast ISP - From the This-Is-A-Bad-Idea Department: Yet another company that will have to learn (the hard way) that two wrongs don't make a right.
- Announcing the OpenWrt/LEDE merge
- Intel facing class-action lawsuits over Meltdown and Spectre bugs - I'm not sure how the complainants think they have legal standing for this. How damaging is a 5% slowdown? If they're trying to recoup funds spent on installing the patches, that's a weak argument because they'd need to start suing the OS vendors too (on a monthly basis?).
- Spectre-on-Kubernetes - a proof of concept


- Largest Prime Number Discovered With More Than 23m Digits
- Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices - Now this is something which might trigger a lawsuit.


- Control-C handling in Python and Trio - I'm starting to pay attention to these because I've been taking a course in automation with Python.
- Mental models - Much falls into the GTD bucket.
- Introduction to reverse engineering and Assembly.


- William James - The Thinker Who Believed in Doing
- Cory Doctorow: Persuasion, Adaptation, and the Arms Race for Your Attention
- Now Playing: Continuous low-power music recognition
- Writing a C Compiler - Part 5
- tonybaloney/mocker - How bad could it get? :)


- Signal partners with Microsoft to bring end-to-end encryption to Skype - I'm suspicious of this. End-to-end encryption was there before Microsoft acquired the tool. I'm also annoyed: Skype doesn't "see" my Microsoft web cam (Google Hangouts does, though).


- Coin Cell Hacks That Won the Coin Cell Challenge
- Has pop music lost its fun? - I'm thinking that #5 can be blamed on software (i.e., audio loops).
- VMware Advances Container Case


- Start Your Own ISP
- DNS over HTTPS


- Reverse engineering FPGAs
- Detecting Chrome headless - new techniques


- How to Show Asterisks While Typing Sudo Password in Linux


- Faster R-CNN: Down the rabbit hole of modern object detection
- Why Discrete Math Is Important


- Mary Lee Berners-Lee's obit
- grep your way to freedom
- Speed Kills - Enter an Age of Unbridled Hyperconnectivity


- How to Prepare a Talk


- Rocket Lab Criticized For Launching Their Own Private 'Star' Into Orbit - Given the response, has anyone considered that RocketLabs may have launched the ball to annoy exactly that set of people?
- Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You
- How Old School C Programmers Process Arguments
- Copyright Royalty Board Boosts Songwriters Streaming Pay Nearly 50 Percent - Anyone else confused by this? The streaming services don't pay the songwriters directly, they pay the publishers. Basic math: If the publishers still keep their (large) percentage, it's not going to budge the writers' cut. Yes, they'll get a bit more money but it won't move their percentage of the vig. Shenanigans by the usual parties?
- Selectric bug - Operation GUNMAN - how the Soviets bugged IBM typewriters
- Google's Cloud Shell
- Please Stop Using Local Storage
- halilozercan/halocoin - Learning about cryptocurrencies while learning Python
- Why We Forget Most of the Books We Read - Err... Speak for yourself.
- Taxonomy of Logical Fallacies - the old version
- [1801.01944] Audio Adversarial Examples: Targeted Attacks on Speech-to-Text
- The Feynman Technique: The Best Way to Learn Anything
- $530 Mln in XEM Stolen From Coincheck Can Be Traced, NEM Team Confirms
- Computer scientist uncovers clue to deciphering one of the most mysterious books in the world - Not holding breath but...


- The Open Sourcerer's Magic Spell Book
- Qubes Air: Generalizing the Qubes Architecture
- Vulnerable industrial controls directly connected to Internet? Why not?


- Easy laser-cut electronics cases


- Hans Peter Luhn and the Birth of the Hashing Algorithm
- LinuxBoot - Linux as firmware

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Monday, January 1, 2018

What was I reading in December 2017?

December was a busy, busy month. From being on travel for approximately half of the month (cumulative), to a 3-day some-assembly-required post-Christmas session to assemble a toy plastic robot arm, to a multi-week review/interpretation of SSH man pages. Mix in family functions and vehicle inspections, and (overall) there wasn't much time to sleep.

One of my Christmas presents was complete ReSpeaker rig (7-mic array, Core board, Grove board). After playing with it for a week, I can honestly say that I like the mic array but abhor the severely under-powered (and resource-limited) ReSpeaker Core. Maybe I've been spoiled by the RPi and ODroid people but, for the same price as the Core board, I can pick up a board that's 3 times as fast and has 4 times as much memory. I've already pulled the mic array off and attached it to a Raspberry Pi. A review is on the "to do" list.

In the latter half of the below, you'll notice at least one theme. This is because I'm scheduled for multiple training sessions in the coming year and I'm trying to get a head start on learning the technologies involved.

Note: that robot arm is not yet done as Amazon has just provided the USB interface to it.


- When the Judge Distrusts Your Lawyers: Waymo v. Uber - (tldr; - decide which foot to shoot)
- How the judge on Oracle v. Google taught himself to code - Hopefully he will accept the "geek" monicker.
- Stanford University data glitch exposes truth about scholarships
- Writing a C Compiler, Part 1
- sshtalk - For an unknown reason, I like this. Have been neck deep in the various SSH-related man pages (for a different reason which I'll explain later).
- norvig/pytudes - Python programs to practice or demonstrate skills.
- The power of tmux hooks - a bit deeper into the weeds with tmux (valuable!).
- A Hacker's Guide to Git
- OpenWrt in a WiFi card reader - This one is on my want/to do list though I have a sudden dislike for under-powered OpenWRT devices (re: ReSpeaker Core).
- NY Attorney General Investigating Why Dead People Supported The FCC's Attack On Net Neutrality - (*sigh*) No comment.
- Google is making a computer vision kit for Raspberry Pi - Another for the want/to do list. Apparently it has a Movidius chip on the board. One other Christmas gift (note to self: wish lists are a must!) was a Movidius USB stick.
- Tweaking TCP for Real-time Applications: Nagle's Algorithm and Delayed Acknowledgment


- joe-shenouda/awesome-cyber-skills - For Theresa, if you're still doing this sort of thing.


- Neural Networks in JavaScript with deeplearn.js
- Adventures in Computational Lexicology - Short version: languages (spoken, computer, etc.) tend to change over time, are influenced by culture, etc.
- wtsxDev/Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things
- brylevkirill/notes - Miscellaneous notes on machine learning.


- Writing a C Compiler, Part 2


- A fablab burned down in France by anarchists
- Bad News for the Highly Intelligent
- Recycling Chaos In U.S. As China Bans 'Foreign Waste'
- The U.S. Media Yesterday Suffered its Most Humiliating Debacle in Ages: Now Refuses All Transparency Over What Happened


- Modern SQL: Three-Valued Logic 3VL Purpose Benefits and Special Cases
- Fuzzy Thinking: Fuzz Testing and Formal Grammar


- Array of Things
- Communicating Advanced Mathematics to Kids
- Top Courses to Learn AI Deep Learning and Machine Learning
- AppCypher/WebAssemblyLanguages - A curated list of languages that compile directly to or have their VMs in WebAssembly


- Jam3/math-as-code
- Neighbors house alarm triggers when I put my car in reverse.
- Mining Bitcoin with pencil and paper: 0.67 hashes per day


- Barbed Wire Telephone Lines Brought Isolated Homesteaders Together - a bit of history...


- Adhesive action with position: sticky!
- XenServer 7.3: Changes to the Free Edition
- Advanced SQL Server Man-in-the-Middle Attacks
- Funding Yourself As A Free Software Developer
- WannaCry: End of Year Retrospective
- Staaldraad - netstat without netstat/what to do when the netstat command is not installed
- On Writing Short Papers - I'm told that I tend to violate the first two guidelines.


- Keras Tutorial - Traffic Sign Recognition - On my list for possible experimentation with the Movidius stick.
- Gamers Want DMCA Exemption for 'Abandoned' Online Games - This one will likely reopen old disagreements.
- Learning to operate Kubernetes reliably


- Monitoring my phone's internet activity with DD-WRT and Perl


- Read a MODBUS temperature sensor through USB-RS485 adapter on Ubuntu and Raspberry Pi


- Let's hand write DNS messages - Call me weird but I find this interesting.
- - Notes on using PulseAudio (note: that's not to say that violating some of these isn't fun).
- What happened to tcp flag URGENT, MSG_OOB and SIGURG?
- The Door Problem
- martin-ger/esp_wifi_repeater - Another for the "to do" list. I have a handful of these scattered about my desk and haven't had the time to play with them.


- How to avoid wasting megabytes of memory a few bytes at a time
- Filmmakers Want The Right To Break DRM and Rip Blu-Rays - Given the restrictions placed on us consumers, I'd say make the filmmakes pay a royalty for each and every disk they produce. What's good for the goose is good for the gander.
- How Hotmail Changed Microsoft and Email Forever - Comes across as self-referential puffery/history revisionist. That's not to say that I didn't like Microsoft's webmail products. I did win an internal award in 2003 for demonstrating an authentication bypass bug.
- How To Kill Inactive Or Idle SSH Sessions - uses pstree to determine the proper PIDs to target
- Escaping Docker container using waitid - CVE-2017-5123 - one for the "to try" list
- How to Write Articles and Essays Quickly and Expertly - more advice on writing

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.