Mark Turner : Rewriting computer history

April 23, 2018 04:55 PM

I was reading this New York Magazine article about how the pioneers of the Internet were apologizing for what it has become, nevermind that many of the “pioneers” they mentioned were Johnny-come-latelys in comparison to the actual beginning of the Internet.

NYMag’s story did feature two actual pioneers, though computer pioneers more than Internet ones: Steve Wozniak and Steve Jobs. They included this photo and captioned it “Steve Jobs (left) in his parents’ garage in 1976, working on the first Apple computer with Steve Wozniak.”

There are a few problems with this photo and caption. First off, the photo is backwards. If you switch the photo to the proper orientation, you’ll be able to read that the text on the computer under Wozniak’s hand reads “Apple II.”

This brings us to the second issue with this photo and caption: it is not the first Apple computer (the “II” thing kinda gives this away). Apple’s first computer, the Apple I, did not come with a keyboard nor case. It was essentially a circuit board.

Was this photo really taken in the garage of Jobs’s parents? Wozniak has said that the whole garage thing is a myth and that no testing or production ever took place there. The photo shows a very neat-looking workspace with a workbench. According to what’s said to be the first news story on Apple Computer, the Steves were still working out of the Jobs garage when the article was written.

Many sources claim the photo dates from 1976. The fact that the Apple II is shown probably puts it in late 1976 at best if this is actually the year it was taken, but I’m guessing it was actually later because the II wasn’t released until June 1977.

Jobs and Wozniak are obviously just posing here because there’s no monitor connected to the computer Woz is typing on and Jobs is shown looking at an oscilloscope, which he most likely didn’t know how to use.

It’s possible Apple itself is responsible for the wrong date. This Business Insider story on the aforementioned first press article is illustrated with a photo said to be a press handout photo from Apple Computer:

Steve Wozniak and Steve Jobs pose with the Apple II

Whether or not it was Apple that annotated this photo is unclear but you’d think the company would realize the Apple II was not in existence in 1975. Apple Computer itself wasn’t in existence in 1975, for that matter.

The problem with these errors is that media like Business Insider, Slate, and others will take these bogus dates and descriptions and run them, never bothering to check to see if they’re legit.

Mark Turner : Ride along as an F/A-18 gets launched from a carrier

April 23, 2018 02:09 PM

If there were GoPros when I was the Navy you’d get to see videos of me chipping paint, buffing passageway floors, putting down floor tile, and other exciting work! LT Evan Levesque, a Navy fighter pilot, used his to show us what it’s like to launch off an aircraft carrier’s catapult in an F/A-18 Super Hornet.

All good things must come to an end. Leaving the boat flying business for a little while. Going to miss it. #FlyNavy #Hornet #Rhino #GoPro #GoProAviation #AvGeek

A post shared by Evan Levesque (@rhinodrvr) on

\

Looks like fun, doesn’t it?

TheDrive has the background on the pilot and his videos.

Mark Turner : ‘My Dearest Fidel’: An ABC Journalist’s Secret Liaison With Fidel Castro – POLITICO Magazine

April 20, 2018 07:52 PM

Love, sex, and political intrigue. A great read.

Lisa Howard had been waiting for more than two hours in a suite of the Hotel Riviera, enough time to bathe, dress and apply makeup, then take it all off to get ready for bed when she thought he wasn’t coming. But at 11:30 p.m. on that night in Havana—February 2, 1964—Howard, an American correspondent with ABC News, finally heard a knock at the door. She opened it and saw the man she had been waiting for: Fidel Castro, the 37-year-old leader of the Cuban revolution and one of America’s leading Cold War antagonists.

“You may be the prime minister, but I’m a very important journalist. How dare you keep me waiting,” Howard declared with mock anger. She then invited Castro, accompanied by his top aide, René Vallejo, into her room.Over the next few hours, they talked about everything from Marxist theory to the treatment of Cuba’s political prisoners. They reminisced about President John F. Kennedy, who had been assassinated just a few months earlier. Castro told Howard about his trip to Russia the previous spring, and the “personal attention” he had received from the “brilliant” Soviet Premier Nikita Khrushchev. Howard admonished Castro for the repressive regime he was creating in Cuba. “To make an honorable revolution … you must give up the notion of wanting to be prime minister for as long as you live.” “Lisa,” Castro asked, “you really think I run a police state?” “Yes,” she answered. “I do.”

Source: ‘My Dearest Fidel’: An ABC Journalist’s Secret Liaison With Fidel Castro – POLITICO Magazine

Mark Turner : How To Successfully Get Launched Off A Carrier At Night In A F-14 Tomcat

April 20, 2018 07:47 PM

I’ve only seen carrier flight operations from the perspective of my destroyer sailing behind it, acting as plane guard. This is a good overview of what is actually happening there.

LCDR Joe “Smokin” Ruzicka, the last F-14 Radar Intercept Officer to fly the Tomcat Tactical demonstration, is back to walk us through exactly what it took to strap on a 70k pound F-14 Tomcat in the dark of night and successfully get flung off the front of a US Navy super carrier via one of the ship’s mighty steam-piston catapults.

I walk closely behind Corky through the passageway, making sure I have all of my gear strapped down while there is still a fraction of light. Once you step outside the hatch to the flight deck, it’s likely the only real light will be a partial moon hidden behind some clouds. Corky told me to grab the back of his survival vest once we stepped out onto the flight deck and not to let go. The flight deck of an aircraft carrier is simply too dangerous for a new guy to wander around on, especially at night and alone.

Immediately after you step outside, your senses strain to help your brain figure out what is going on. Your eyes see nothing. It’s too dark. You better have your flashlight out and pointed at the ground or you will step on something dangerous. Your ears hear the high whine of other airplanes turning just above you. The first thing you smell is jet fuel. Lots of it. The fumes are everywhere, but it’s not suffocating, just omni-present. Mostly, you just feel the rush of wind interspersed with an intermittent burst of jet exhaust. The wind might be hot or it might be cold, depending on the time of year and the location of the ship, but the exhaust is always hot. In any case, the air is definitely moving and it creates a noise inside your helmet that can be partially deafening.

Source: How To Successfully Get Launched Off A Carrier At Night In A F-14 Tomcat

Bill Farrow : Macbook OS X disk recovery

April 19, 2018 07:54 PM

This is another story of why we should all do automated backups...

Problem:
Kelly's Macbook stopped booting.  It would show the Apple Logo and a progress bar, and then just switch itself off.

Diagnosis:
To show boot sequence details; hold down the "Command" and "V" keys when powering on.  This is called the Verbose Boot Mode, and it might show you what is going wrong.  In my case the boot sequence was failing at the filesystem check:

** The volume Macintosh HD could not be repaired.

Raw Disk Backup:
Before risking further damage and loss of data, I make a backup of the entire drive.  Many failures like this are caused by a failing hard disk with bad sectors. Normal copying programs fail when they hit a back sector, so I use the GNU ddrescue tool.  This makes a low level raw copy of the disk, and attempts to recover as much data as possible from dying disks.

The ddrescue tool is available for on most Linux distributions. I used an Ubuntu computer with the Macbook hard drive attached via a SATA cable for maximum speed.  You will need to work out which disk is the macbook drive, and then run:

mount /dev/sdb1 /mnt
ddrescue /dev/sda /mnt/macbook-ddrescue.img /mnt/macbook-ddrescue.log

If ddrescue fails to fully recover all of the data from the disk due to back sectors, you can run it again to make further attempts.  Don't worry, it uses the log file to only repeat reading the parts that it couldn't copy the first time.

File Backup:
Now that I have a full raw disk image, I am less concerned about doing something wrong and loosing data.  Putting the hard drive back into the macbook and booting into Single User mode, I was able to mount the broken filesystem in read-only mode and copy the files to another backup drive over USB.  This backup drive was previously formatted with HFS+, and could be mounted in Single User Mode.

Insert the Snow Leopard Install DVD and boot it by holding "C" down while powering on.

Eventually the Snow Leopard install screen will be displayed.  Don't follow the usual install process, but select Terminal from the Utilities menu.  From the terminal we can hopefully mount the broken drive and backup the files.

mkdir  /Volumes/internal
mount -o rdonly /dev/disk0s2 /Volumes/internal

mkdir /Volumes/backup
mount /dev/disk9s2 /Volumes/backup

ditto -v -V /Volumes/internal /Volumes/backup/.

First Attempted fix:
Boot into Single User mode by holding down the "Command" and "S" keys while  powering on, and run the filesystem check by hand.

fsck -fy /dev/disk0s2 

If this doesn't work, try running this command to rebuild the B-Tree catalog:

fsck_hfs -r  /dev/disk0s2

Some people reported that they had to run this up to three times to finally fix their filesystem. In my case this didn't help.

Manufacturers Disk Diagnostic Tools
Most hard drive manufactures provide free tools to check and diagnose their disks for low level hardware errors.  They do this to help minimize people RMA'ing perfectly good disks due to software problems.

The Seagate tools are available as a DOS bootable CDROM image.  Run the short test first, and then the extended tests.  These tests can take several hours, so be patient.

Re-Installing Snow Leopard
Now that I have the two separate backups, I felt more confidant about erasing the Macbook drive and re-installing Snow Leopard from scratch.

Insert the OS X installation DVD and hold down the "C" key to boot from the DVD drive.

The installation process will present you with an option to restore from a backup or migrate data from another machine. I was able to plug in the USB backup drive and restore all of the user data and applications. This was the easy part - thankyou Apple.

After all that, the Macbook is up and running with everything exactly as it was. Nice.

Bill Farrow : OpenWRT on Linksys WRT350N

April 19, 2018 07:54 PM

My Linksys WRT350N wireless router started locking up more frequently recently, requiring a power cycle to reset it. When this started happening every day, I decided to re-flash it with OpenWRT and replace the buggy Linksys v1.03.7 firmware last updated in 2007.

I made the mistake of installing a pre-built Kamikaze 8.09 RC1 image (openwrt-wrt350n_v1-squashfs.bin) using the upgrade webpage on the router. When the router rebooted itself the Power LED flashed continuosly for a couple of minutes and then stayed on, but the ethernet switch was not functioning.

TFTP
The router responded to pings on 192.168.1.1 for the first few of seconds after the router was powered up. This indicates that that the bootloader was functional and sending a new firmware image using TFTP should work. See Installing OpenWRT via TFTP

echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-wrt350n_v1-squashfs.bin\n" | tftp 192.168.1.1
Unfortunatly this didn't work for me, the transfer would complete successfully but the router didn't appear to recover or reflash itself with the new image.

Serial Port
The only option left was to add a serial port and gain access to the bootload console. This wepage has instructions on Modding the Linksys WRT350N v1 and WRT350N External Serial shows a way to access the serial port via the WAN port. Several Linksys models have this special serial port connector on the WAN port, but there don't seem to be any connectors sold for it. So I ended up opening the case and soldering on a header and custom cable - yuk. Armed with an RS232 level converter and USB serial adaptor I got a serial console running and access to the bootloader.

Bootloader
When the router boots it outputs the bootloader and kernel console info on the serial port (115200 baud, 8bits, no parity). With access to the bootloader I was able to tftp and flash a new image. Simple really.

echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput openwrt-wrt350n_v1-squashfs.bin\n" | tftp 192.168.1.1
CFE> flash -ctheader : flash1.trx
CMD: [flash -ctheader : flash1.trx]
Reading :: upgrade_ver[v1.4.1] upgrade_ver[10401] 4712_ver[0]
Done. 3215392 bytes read
fname=flash1.trx
CODE Pattern is correct! (EWCG)
Programming...done. 3215360 bytes written
*** command status = 0
Configuration
OpenWRT has lots of configuration options, more than most routers. My favorite features include being able to assign a dhcp assigned IP address to a particular MAC address and then give this IP address a host name. Now I can browse to my PAP2 VOIP box using "http://voip/" from any computer on my network. No more typing in IP addresses.

Software Packages
Now that it was booting and I could log in via telnet and the web interface, I was able to cross-compile more packages from OpenWRT and install them. First off the line was dropbear ssh server, install my ssh key, and disable telnet and ssh password logins. Extra packages include statistic charting using collectd.


Conclusion
My router has been running OpenWRT software for over a month now and has been doing a fantastic job. There is still room for improvement and polish, but everything just feels solid.

Update 2012-12-22
The latest OpenWRT version called "attitude adjustment" does not work - the kernel panics during boot.  I was trying to use 12.09-rc1 openwrt-wrt350n_v1-squashfs.bin from the OpenWRT website.

Bill Farrow : Touch Lighting Controller

April 19, 2018 07:54 PM

This was created for my nephew, Mark W, as a component of his year 12 high school design project. He wanted mood lighting for a Four Poster Bed.


Touch Sensors
The Capacitive Touch Sensor is similar to this circuit. To simplify the electronics I used the AVR to generate the 20kHz signal and a simplified transistor circuit.

PIR Sensors
The PIR Motion Sensors was bought from JayCar and stripped down and hacked.

RF Remote Control
The reading lights on the bed are 240v halogen lamps and I didn't want to be responsible for electrocuting someone so these are controlled using RF Power Switch devices. The remote control unit was re-wired and is now controlled by the AVR micro.


White LEDs
The bed has 12 White LEDs around the base. These provide mood lighting and turn on and off via touch sensors and PIR motion sensors. They are controlled by the AVR micro and are pulse width modulated to provide dimming.

AVR Micro
The central controller was built using an old AVR 2313 micro (superseded by the AtTiny2313).


Bill Farrow : My Old Webcams

April 19, 2018 07:53 PM

"Reference Design"
This is the cheapest webcamera that I could find, and at AU$11 you get what you pay for. Bought from http://msy.com.au

  • Name: PC Camera
  • Vendor/Product: 0x0C45:0x613A
  • Bridge Chip: SN9C120
  • Image Sensor: OV7648
  • {{bill:lsusb_microdia.txt|lsusb -v -d 0c45:613a}}
I have tried the following Linux drivers:
  • OVCam Drivers: http://alpha.dyndns.org/ov511/
  • Generic SN9Cxxx http://www.linux-projects.org (closed source)
  • GSPCA / SPCA5xx http://mxhaard.free.fr/
  • Usb Video Class UVC http://linux-uvc.berlios.de/
I'm really not confident in getting this webcam working on Linux. It seems to be very hard to get the chip specifications, which leaves us with reverse engineering and usb packet sniffing. It's probably not worth my time given the crappy image quality.

I have been communicating with Sonix, the maker of the SN9C120 chip, and so far they have stated that they don't release the Register Descriptions or source code. They then said that the SN9C120 was supported by gspca and UVC :-)


Windows Driver Info
The Install disk for Windows says that it is installing "USB PC CAM-168" drivers and applications. This installs an application "C:\Windows\AMCap.exe" and some driver files:
  • Windows INF file {{linux:oem36.inf.txt|oem36.inf}}

Datasheets

GSPCA

I'm running Kubuntu on my laptop, so initially I installed the gspca-source package and used module-assistant to do the compilation. When it didn't recognise the webcam, I modified the gspca_core.c code to include the 0x613a product id by copying the 0x613b code. The commands to try this out are:

sudo -i
./gspca_build
rmmod gspca.ko
insmod gspca.ko debug=5
dmesg | tail

It still doesn't actually work, but it is closer. The camera image is just a gray square with some periodic dots. The problem is probably that the I configured the sensor chip as the OV7660 because there was no entry for the OV7648 yet. Next step is to add the usb and i2c init sequence for this sensor.

Here is a good email about adding sensor support: http://lists-archives.org/spca50x-devs/01093-modifying-settings-for-0c45-613b.html

To capture images from the webcam I am trying out fswebcam from http://www.firestorm.cx/fswebcam/

UVC
[215180.048000] usbcore: registered new interface driver uvcvideo [215180.048000] USB Video Class driver (v0.1.0) [215194.344000] usb 1-1: USB disconnect, address 6 [215201.336000] usb 1-1: new full speed USB device using uhci_hcd and address 7 [215201.496000] usb 1-1: configuration #1 chosen from 1 choice [215201.500000] /usr/src/modules/gspca/gspca_core.c: driver gspca probing [215201.500000] /usr/src/modules/gspca/gspca_core.c: driver gspca allocating memory [215201.500000] /usr/src/modules/gspca/gspca_core.c: driver gspca detecting camera [215201.500000] /usr/src/modules/gspca/gspca_core.c: USB SPCA5XX camera found. SONIX JPEG (sn9c1xx) [215201.500000] /usr/src/modules/gspca/gspca_core.c: [spca5xx_probe:3997] Camera type JPEG [215201.500000] /usr/src/modules/gspca/gspca_core.c: [spca5xx_getcapability:1192] maxw 640 maxh 480 minw 160 minh 120
luvcview version 0.2.1
Video driver: x11
A window manager is available
video /dev/video0
Error opening device /dev/video0: unable to query device.
Init v4L2 failed !! exit fatal


Reverse Engineering
I'm now using the latest source code: gspcav1-20070508.tar.gz

After adding the i2c init sequence for the OV7648 that I reverse engineered from the Windows driver USB packet sniff, I still get the same "test pattern" image as above.

Turn the camera LEDs on by writing 0x44 to the SN9C120 register 0x02 to set the required GPIO lines. This code example uses the usb functions provided in the gspca module code.

__u8 regF1 = 0x44;
sonixRegWrite(spca50x->dev, 0x08, 0x02, 0x0000, &regF1, 1);

QuickCam Express
This camera is operational - more details to come when I get time.

  • Ubuntu (Dapper) kernel quickcam driver
  • Standard v4l applications like xawtv and streamer
$ lsusb
Bus 003 Device 003: ID 046d:0870 Logitech, Inc. QuickCam Express

$dmesg
[254694.256000] usb 2-1: new full speed USB device using uhci_hcd and address 5
[254694.420000] usb 2-1: configuration #1 chosen from 1 choice
[254695.320000] Linux video capture interface: v2.00
[254695.416000] quickcam: QuickCam USB camera found (driver version QuickCam USB 0.6.6 $Date: 2006/11/04 08:38:14 $)
[254695.416000] quickcam: Kernel:2.6.22-14-generic bus:2 class:FF subclass:FF vendor:046D product:0870
[254695.424000] quickcam: Sensor HDCS-1020 detected
[254695.428000] quickcam: Registered device: /dev/video0
[254695.428000] usbcore: registered new interface driver quickcam


Aiptek Pencam

This camera is operational - more details to come when I get time.

GPhoto2 is able to capture and download "preview" photos

$ lsusb
Bus 002 Device 012: ID 2770:9120 NHJ, Ltd Che-ez! Snap / iClick Tiny VGA Digital Camera

$ gphoto2 --auto-detect
Model Port
----------------------------------------------------------
Argus DC-1510 usb:
Argus DC-1510 usb:002,012

$ ghoto2 --capture-preview
Saving file as sq_cap.ppm

Mark Turner : Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

April 17, 2018 06:32 PM

Yet another security flaw with Intel chips.

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory —a mandatory component used during the boot-up process.

According to Lenovo, who recently deployed the Intel fixes, “the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware.”

Source: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Mark Turner : Cops Around the Country Can Now Unlock iPhones, Records Show – Motherboard

April 17, 2018 06:29 PM

FBI Director Christopher Wray recently said that law enforcement agencies are “increasingly unable to access” evidence stored on encrypted devices.

Wray is not telling the whole truth.

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.

Source: Cops Around the Country Can Now Unlock iPhones, Records Show – Motherboard

Mark Turner : These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database

April 17, 2018 06:28 PM

When Mark Zuckerberg appeared before the House Energy and Commerce Committee last week in the aftermath of the Cambridge Analytica revelations, he tried to describe the difference between “surveillance and what we do.” “The difference is extremely clear,” a nervous-looking Zuckerberg said. “On Facebook, you have control over your information… the information we collect you can choose to have us not collect.”

But not a single member of the committee pushed the billionaire CEO about surveillance companies who exploit the data on Facebook for profit. Forbes has uncovered one case that might shock them: over the last five years a secretive surveillance company founded by a former Israeli intelligence officer has been quietly building a massive facial recognition database consisting of faces acquired from the giant social network, YouTube and countless other websites. Privacy activists are suitably alarmed.

Source: These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database

Mark Turner : The psychological impact of an $11 Facebook subscription | TechCrunch

April 16, 2018 08:36 PM

Would being asked to pay Facebook to remove ads make you appreciate their value or resent them even more? As Facebook considers offering an ad-free subscription option, there are deeper questions than how much money it could earn. Facebook has the opportunity to let us decide how we compensate it for social networking. But choice doesn’t always make people happy.

In February I explored the idea of how Facebook could disarm data privacy backlash and boost well-being by letting us pay a monthly subscription fee instead of selling our attention to advertisers. The big takeaways were: Mark Zuckerberg insists that Facebook will remain free to everyone, including those who can’t afford a monthly fee, so subscriptions would be an opt-in alternative to ads rather than a replacement that forces everyone to pay Partially decoupling the business model from maximizing your total time spent on Facebook could let it actually prioritize time well spent because it wouldn’t have to sacrifice ad revenue The monthly subscription price would need to offset Facebook’s ad earnings. In the US & Canada Facebook earned $19.9 billion in 2017 from 239 million users. That means the average user there would have to pay $7 per month.

However, my analysis neglected some of the psychological fallout of telling people they only get to ditch ads if they can afford it, the loss of ubiquitous reach for advertisers, and the reality of which users would cough up the cash. Though on the other hand, I also neglected the epiphany a price tag could produce for users angry about targeted advertising.

Source: The psychological impact of an $11 Facebook subscription | TechCrunch

Mark Turner : Goldman asks: ‘Is curing patients a sustainable business model?’

April 16, 2018 02:51 PM

When I first confronted my GERD stomach issues a few decades ago I had a choice: I could simply take an antacid pill each day for life or I could get surgery to fix it. The pill would’ve been easy, painless, and relatively inexpensive but I chose the surgery simply because I didn’t want to be dependent on Big Pharma.

This Golden Sachs analyst’s remarkable candor shows, in a nutshell, what’s wrong with a capitalistic health care system. What’s good for the patient is not always good for the investor. In fact, pretty frequently it’s not.

If you had any illusions about the true motivation of the medical industry you should now know the truth.

Wall Street greed is often why we can’t have nice things.

Goldman Sachs analysts attempted to address a touchy subject for biotech companies, especially those involved in the pioneering “gene therapy” treatment: cures could be bad for business in the long run.

“Is curing patients a sustainable business model?” analysts ask in an April 10 report entitled “The Genome Revolution.”

“The potential to deliver ‘one shot cures’ is one of the most attractive aspects of gene therapy, genetically-engineered cell therapy and gene editing. However, such treatments offer a very different outlook with regard to recurring revenue versus chronic therapies,” analyst Salveen Richter wrote in the note to clients Tuesday. “While this proposition carries tremendous value for patients and society, it could represent a challenge for genome medicine developers looking for sustained cash flow.”

Source: Goldman asks: ‘Is curing patients a sustainable business model?’

Mark Turner : Pahrump-based radio host Art Bell dies at 72 – Las Vegas Review-Journal

April 16, 2018 01:41 AM

North Carolina native, talk show pioneer, and fellow explorer Art Bell has passed away, or as we in the amateur radio field say, W6OBB is now a “silent key.”

I started listening to Art Bell’s Coast to Coast show back around 1995. Much of what I heard was off-the-wall nonsense but some of it was truly amazing. Life-changing amazing, in fact.

He was always a gentleman on the airwaves, no matter whom was his guest. In the depths of those dark nights you always felt like you had a friend out there, somewhere in the desert of Nevada.

Thanks for all the stimulating conversation and for shining a light on some of the most interesting topics imaginable.

He was awake when most of the country was asleep, cultivating a loyal following while sharing his fascination with the unexplained on his nighttime paranormal-themed show.

For the better part of two decades, longtime late-night radio personality Art Bell was his own producer, engineer and host of his show, “Coast to Coast AM.” He later launched his own satellite radio program from his Pahrump home after retiring from full-time hosting duties in 2003.

On the airwaves, Bell captivated listeners with his fascination for the unexplained, such as UFOs, alien abductions and crop circles. He died Friday at his home at the age of 72.

“As he begins his journey on the ‘other side,’ we take solace in the hope that he is now finding out all of the answers to the mysteries he pursued for so many nights with all of us,” Coast to Coast said in a statement Saturday.

Source: Pahrump-based radio host Art Bell dies at 72 – Las Vegas Review-Journal

Mark Turner : NFS Exports And XFS’s inode64 Mount Option – mmacleod.ca

April 11, 2018 07:51 PM

I recently formatted my home NAS with the XFS filesystem, then was mystified when some NFS exports worked fine while others didn’t. It turns out it’s an XFS quirk and needs a tweak to the /etc/exports file, as detailed in this blog post below.

I fixed it by adding fsid=1, fsid=2, … to the export options of each share in /etc/exports so that NFS could individually identify them. Kind of a bother but it works!

I recently turned up a new RAID array and plopped an XFS filesystem down on it. I didn’t bother setting any specific tunings when I created the filesystem. However I couldn’t for the life of me export any subdirectories from the volume over NFS. Local access was fine and I could export via netatalk and samba.On the server I saw messages like this in the logs:

Feb 14 13:08:43 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.50:1003 for /mnt/music (/mnt/music)Feb 14 13:08:57 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.50:1002 for /opt/music (/opt/music)Feb 14 13:15:19 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:717 for /mnt/music (/mnt/music)Feb 14 13:15:20 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:1001 for /mnt/music (/mnt/music)Feb 14 13:15:22 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:1002 for /mnt/music (/mnt/music)Feb 14 13:15:26 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:801 for /mnt/music (/mnt/music)Feb 14 13:15:34 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:967 for /mnt/music (/mnt/music)Feb 14 13:15:44 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:794 for /mnt/music (/mnt/music)Feb 14 13:15:54 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:855 for /mnt/music (/mnt/music)Feb 14 13:16:04 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:863 for /mnt/music (/mnt/music)Feb 14 13:16:14 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:932 for /mnt/music (/mnt/music)Feb 14 13:16:24 monolith rpc.mountd[3092]: authenticated mount request from 192.168.1.20:830 for /mnt/music (/mnt/music)

On the client I would get two different behaviours, depending on whether it was NFSv4 or NFSv3 that was being used. With NFSv4 it would mount the directory, but any attempt to read from it would give a ‘Stale NFS handle’ error:

root:~# mount -t nfs -v 192.168.1.10:/mnt/music /mnt/mount.nfs: timeout set for Fri Feb 14 16:49:39 2014mount.nfs: trying text-based options 'vers=4,addr=192.168.1.10,clientaddr=192.168.1.20'root:~# ls /mnt/ls: cannot open directory /mnt/: Stale NFS file handle

Source: NFS Exports And XFS’s inode64 Mount Option – mmacleod.ca

Mark Turner : Ten Years at Tonsler

March 28, 2018 12:00 PM

Today is the tenth anniversary of our moving to East Raleigh. A lot has happened between then and now but we’re happy to be where we are. It’s a great neighborhood and getting better every day.

Mark Turner : Howard Jones responds to email

March 26, 2018 06:43 PM

Howard Jones.

Over the years I’ve had a few email conversations with famous people. I once traded emails with legendary White House Reporter Helen Thomas. I got a reply from an email I sent entrepreneur and Dallas Mavericks owner Mark Cuban in 2005. An email from futurist and biographer Walter Isaacson helped me bust the Einstein Bees story. Oh, and though it’s not email comedian Norm MacDonald briefly followed me on Twitter.

Recently I got on a kick for Howard Jones’s music. Jones was an 80s synthpop god and his music still holds up very well. As does he, since he’s still touring and appears to be happy and healthy. I found Jones’s website and saw that his email address was listed there, with a promise that all emails would be acknowledged:

Hello, Howard.

I know you’re busy but wanted to reach out and thank you for all the
music. Your “Things Can Only Get Better” has been on my mind recently.
We so need its optimism right now.

Sorry I missed your latest US tour but I want to catch you the next time
you come near North Carolina.

Best to you and yours.

Your fan,

Mark Turner
Raleigh, NC, USA

I got back this reply two days later:

Thankyou Mark!!
Very best wishes
Howard

While it was a short response, it’s pretty cool that he took a minute to respond to me.

Interestingly, as I wrote this blog post I noticed I had also emailed Jones back in 2012. That time I got a canned response, so things really ARE only getting better!

PLEASE DO NOT REPLY TO THIS EMAIL

Hello
Thanks for emailing.

Your email is now on its way to Howard.
Please be aware that due to Howard’s hectic schedule and amount of mail that Howard receives, it is not always possible for him to reply directly to you.But please be assured that he does get to see them.

Unfortunately, we cannot honour requests for signed photos or concert dedications.

Thanks again for your support.

howardjones.com

Photo by Mark Kent.

Mark Turner : Cambridge Analytica: links to Moscow oil firm and St Petersburg university | News | The Guardian

March 21, 2018 03:23 PM

Surprise! Russian-born Cambridge professor Aleksandr Kogan has ties to St. Petersburg and did work for the Russian oil firm Lukoil (if not others). He claims he’s just a scapegoat but he certainly is looking more and more like a key player in Russian election meddling.

I wonder how North Carolina Senator Thom Tillis feels about getting elected with potentially Russian help?

Aleksandr Kogan, the Cambridge University academic who orchestrated the harvesting of Facebook data, had previously unreported ties to a Russian university, including a teaching position and grants for research into the social media network, the Observer has discovered. Cambridge Analytica, the data firm he worked with – which funded the project to turn tens of millions of Facebook profiles into a unique political weapon – also attracted interest from a key Russian firm with links to the Kremlin.Energy firm Lukoil, which is now on the US sanctions list and has been used as a vehicle of government influence, saw a presentation on the firm’s work in 2014. It began with a focus on voter suppression in Nigeria, and Cambridge Analytica also discussed “micro-targeting” individuals on social media during elections.The revelations come at a time of intense US scrutiny of Russian meddling in the 2016 US presidential election, with 13 Russians criminally charged last month with interfering to help Donald Trump.

In Britain, concerns about Russian propaganda have been mounting, with the prime minister, Theresa May, recently attacking Russia for spreading fake news, accusing Moscow of attempts to “weaponise information” and influence polls.

Lukoil, Russia’s second-largest oil company, discussed with Cambridge Analytica the data company’s powerful social media marketing system, which was already being deployed for Republican Ted Cruz in the US presidential primaries and was later used to back Brexit and Trump.

Source: Cambridge Analytica: links to Moscow oil firm and St Petersburg university | News | The Guardian

Mark Turner : Aleksandr Kogan: The psychologist at the centre of Facebook’s data scandal, Europe News & Top Stories – The Straits Times

March 21, 2018 02:04 PM

In a video published online in September, a social scientist named Alex Spectre made an earnest pitch for his new startup.Clad in the Silicon Valley uniform of open-collar shirt and blazer, Spectre boasted that his company – Philometrics – would revolutionise the way online surveys were done, making it easier for companies to design questionnaires that people would actually respond to on Facebook, Twitter or other sites.

Crucially, he said, the surveys could predict the responses for large groups from a small number of respondents and micro-target ads better.”The reality is working with big data, social media is incredibly difficult,” said Spectre, who more commonly goes by Aleksandr Kogan, which he uses in his role as a Cambridge University researcher.

“You want to work with people who have a lot of experience. You want to connect with people who have been working with these massive data sets.”

Kogan would know. On Friday (March 16), he was suspended by Facebook Inc. for his earlier work mining data on what the New York Times reported was as many as 50 million Facebook users and sharing it with Cambridge Analytica, a political-advertising firm that helped Donald Trump win the 2016 US presidential election.

Source: Aleksandr Kogan: The psychologist at the centre of Facebook’s data scandal, Europe News & Top Stories – The Straits Times

Mark Turner : Facebook caught spying on conversations again

March 21, 2018 01:55 PM

I was in need of wheelbarrows for a company project two weeks ago, so I pulled up the webpage for the Lowe’s hardware store on my work computer and perused their offerings. A day later, just like magic, Facebook presented me with a Facebook ad from Lowe’s featuring the same brand of wheelbarrows I looked at! The social media company made the connection between my work computer and my personal phone, even though I was not logged into Facebook on my work computer when I made the search. Apparently I had left some Facebook cookies behind on my work computer and Lowe’s webpage uses Facebook integrations to read those cookies.

Lowe’s wheelbarrow ad on Facebook

Creepy? Perhaps for some, but at least I can understand how this magic was done. I might not necessarily like Lowe’s sharing my searches with Facebook but I understand how and why it happened. I chalk this up to good, clean, targeted advertising. It’s fair game.

But there’s apparently another, more nefarious kind of targeted advertising done by Facebook, whether or not they care to admit it. A friend had lunch with a colleague yesterday and they were waiting for their meals when his colleague casually mentioned that his car was in need of a new ignition coil. Upon returning to his office, my friend checked Facebook and was astounded to find a Facebook ad for an ignition coil!

What are the odds of this happening by chance? I mean, I know that a recent story on this by Digg has pointed to the Baader-Meinhof phenomenon as a possible explanation. This theory might apply to more common phrases or objects, like cat food, but ignition coils? How often does anyone ever utter the words “ignition coil” in their lifetime? Saying I hear it maybe once every ten years would be generous. It’s pretty damn uncommon phrase.

An ignition coil ad, surely just a coincidence


My friend insists that he never searched for ignition coils, typed it in, or did anything active that would’ve drawn the ad to him. He also was not on any WiFi networks at the restaurant and had no other overt ties to his colleague and their conversation. While it may be possible his colleague Googled it at the restaurant my friend doesn’t think so, and certainly he didn’t use my friend’s phone to do it. The odds against this being coincidence are simply staggering.

I’ve seen the video of the couple who talked about dog food and summoned dog food ads to their Facebook page. That’s interesting to be sure, but I don’t know these people the way I know my friend. I can certainly vouch for my friend’s honesty.

The Facebook app has been banned from my phone since I caught it using the photos on my phone that I didn’t share to send me ads. That was too creepy for me, but it appears that listening in on what people say now feeds the social media giant’s insatiable appetite to know everything about you.

Are you frightened yet?

Warren Myers : hey, virtualbox – don’t be retarded

March 20, 2018 07:48 PM

Ran across this error recently in an Ubuntu guest on my VirtualBox install: VBoxClient: (seamless): failed to start, Stage: Setting guest IRQ filter mask Error: VERR_INTERNAL_ERROR

Gee, isn’t that a useful message.

Fortunately, there was a forums.virtualbox thread on just this error.

The upshot is that this error is actually caused because of a failure during the initial install of the VirtualBox Guest Additions.

In the middle of what looks like, at quick glance, a successful GA installation, is this nugget: Please install the gcc make perl packages from your distribution.

The GA installer can’t compile kernel modules without a compiler.

And that makes sense.

What doesn’t make sense is that this error is even possible to get! The GA installer must run as root (or via sudo).

If those package are missing, the installer should stop what it’s doing, ask the user if they want to install these packages (because without them the GA installer won’t install everything), and then when the user invariably answers “yes” (because – duh! – why wouldn’t they want this to work?), go run an apt -y install gcc make perl.

But is that what Oracle in their infinite wisdom decide to do?

No. They decided it’s better to just quietly report in the middle of a bunch of success statements that “oh, by the way – couldn’t actually do what you wanted, but if you don’t notice, you’re going to spend hours on Google trying to figure it out”.

Morons.

It realy isn’t that hard to make human-friendly error messages … nor to even try to pre-solve the error condition you found!

Mark Turner : Russian spy: This is how nerve agent Novichok destroys your mind and body, even if you survive | The Independent

March 19, 2018 07:11 PM

If Sergei and Yulia Skripal survive being poisoned by Novichok nerve agent, they may be left suffering illnesses that ruin their lives – which may be the point of the attack, security experts have warned.

The case of a Russian military scientist accidentally exposed to Novichok appears to show that even surviving the effects of the supertoxic nerve agent is horrific.

Andrei Zheleznyakov was said to have been injected with an antidote almost immediately, but a friend said he still went from being a jovial, creative man to suffering “chronic weakness, toxic hepatitis, epilepsy, severe depression and an inability to concentrate”, before dying five years later.

Source: Russian spy: This is how nerve agent Novichok destroys your mind and body, even if you survive | The Independent

Mark Turner : Soviet Scientist Who Developed Novichok Poison Used on Sergei Skripal: ‘I’m Sorry’

March 19, 2018 07:03 PM

The person who understands the effects of novichoks best is Vil Mirzayanov, a scientist and later head of Foreign Technical Counterintelligence at the State Scientific Research Institute of Organic Chemistry and Technology (GosNIIOKhT) in Moscow in the 1970s and 1980s, which allegedly produced the shadowy class of binary nerve agents known as the “novichoks” (newcomers). And he has a message for Skripal and his daughter: my bad.

“I’d tell him [Skripal] that I’m very sorry that I participated in the development of these weapons,” Mirzayanov told The Daily Beast.

GosNIIOKhT scientists developed the agents under a program codename “Folio” beginning in the 1980s. Mirzayanov spoke out about the covert program as the Soviet Union fell, earning him a prison term at home before he escaped to exile in the United States.

During the Cold War, the idea that a novichok agent would be used in a covert assassination seemed alien to Mirzayanov and his fellow scientists. The weapons, developed in intense secrecy by Soviet scientists, were originally designed for use in bombs and shells on a battlefield rather than a cloak-and-dagger assassination in a suburb in southern England.

“I couldn’t imagine. No one could imagine. It’s outrageous. We were convinced at the time that we were developing these weapons and testing others for the protection of the country and for defense,” Mirzayanov said. “It was not our goal. None of the scientists supposed that it would be used with terrorist goals. It was a military thing. It was a weapon for mass killing.”

Source: Soviet Scientist Who Developed Novichok Poison Used on Sergei Skripal: ‘I’m Sorry’

Mark Turner : American General In Syria Confirms US Forces Killed Hundreds Of Russians In Massive Battle – The Drive

March 19, 2018 06:25 PM

Remember that rumor of a Russian attack on U.S. forces in Syria? Apparently it’s more than a rumor.

I’m not sure what Putin was thinking here. Did he think he could get away with it?

A senior U.S. general appears to have confirmed that hundreds of Russians fought – and died – in a major battle against American forces and their local counterparts in Syria. More importantly, U.S. Army Brigadier General Jonathan Braga, director of operations for the main U.S. military task force in charge of operations in Iraq and Syria, said he feared the situation could have escalated into an all-out conflict with Russia, something we at The War Zone have warned repeatedly is becoming a worryingly realistic possibility.

Braga gave the surprisingly candid account of what had happened to NBC’s Richard Engel, who traveled with the general to visit the exact site of the incident in Syria and to see what the U.S. military was doing to improve its defensive posture.

Source: American General In Syria Confirms US Forces Killed Hundreds Of Russians In Massive Battle – The Drive

Mark Turner : Ex-Russian Chemical Weapons Specialist: Moscow Was Sure No One Would Find Poison

March 19, 2018 06:22 PM

Vil Mirzayanov is a Russian emigre to the U.S. and chemical weapons specialist who helped develop the poison believed to have been used in the attack in Britain on Sergei Skripal, a former colonel in the GRU, Russia’s military intelligence, and his daughter Yulia.

Mirzayanov spoke with VOA’s Russian service.

Q: You were involved in the development of unique Soviet chemical toxic substances of nerve agent, “Substance 33,” “A-232” and “?-234,” known today as “Novichok” (Newcomer). At the same time, you claim that no other country in the world except Russia has ever had such weapons. How were British investigators able to establish what kind of substance was used to poison Sergei Skripal?

Mirzayanov: To establish which chemical agent was used in this case, you need to have access to a powerful high-resolution mass spectrometer, in the library of which are the spectra of all known compounds. The sample taken is compared with those already known, and the computer indicates a spectrum with a 96 percent probability. That is, there can be no error here.

Source: Ex-Russian Chemical Weapons Specialist: Moscow Was Sure No One Would Find Poison

Mark Turner : Ominous biosecurity trends under Putin

March 19, 2018 06:20 PM

Regimes of all types throughout history have sought to harness science for war. As a result, otherwise beneficial technology can become ‘dual-use’. Biological weapons are among the starker examples: research meant to save lives is used to take them. Now, in the run up to elections in Russia, and with concerns mounting about the nation’s role globally, biological-weapons specialists Raymond Zilinskas and Philippe Mauger deliver Biosecurity in Putin’s Russia.

Bioweapons research in Russia and its environs extends back as far as 1928. It took off in the 1970s, for example through the infamous clandestine Biopreparat network. There, the Soviets weaponized pathogens including the smallpox and Marburg viruses and the anthrax bacterium Bacillus anthracis. Zilinskas and Mauger focus on the years 2012–16, when political tensions between Russia and the West intensified markedly. Concerned by apparent shifts in Russia’s pronouncements and actions regarding dual-use activities related to biosecurity, Zilinskas and Mauger write that they wish to “move the discussion over Russian compliance concerns to the public sphere”, where an evaluation based on evidence becomes possible.

Source: Ominous biosecurity trends under Putin

Mark Turner : How a group of neighbors created their own Internet service | Ars Technica

March 14, 2018 05:41 PM

When you live somewhere with slow and unreliable Internet access, it usually seems like there’s nothing to do but complain. And that’s exactly what residents of Orcas Island, one of the San Juan Islands in Washington state, were doing in late 2013. Faced with CenturyLink service that was slow and outage-prone, residents gathered at a community potluck and lamented their current connectivity.

“Everyone was asking, ‘what can we do?’” resident Chris Brems recalls. “Then [Chris] Sutton stands up and says, ‘Well, we can do it ourselves.’”

Doe Bay is a rural environment. It’s a place where people judge others by “what you can do,” according to Brems. The area’s residents, many farmers or ranchers, are largely accustomed to doing things for themselves. Sutton’s idea struck a chord. “A bunch of us finally just got fed up with waiting for CenturyLink or anybody else to come to our rescue,” Sutton told Ars.Around that time, CenturyLink service went out for 10 days, a problem caused by a severed underwater fiber cable. Outages lasting a day or two were also common, Sutton said.Faced with a local ISP that couldn’t provide modern broadband, Orcas Island residents designed their own network and built it themselves. The nonprofit Doe Bay Internet Users Association (DBIUA), founded by Sutton, Brems, and a few friends, now provide Internet service to a portion of the island. It’s a wireless network with radios installed on trees and houses in the Doe Bay portion of Orcas Island. Those radios get signals from radios on top of a water tower, which in turn receive a signal from a microwave tower across the water in Mount Vernon, Washington.

Source: How a group of neighbors created their own Internet service | Ars Technica

Warren Myers : more thoughts on `|stats` vs `|dedup` in splunk

March 08, 2018 05:46 PM

Yesterday I wrote-up a neat little find in Splunk wherein running stats count by ... is substantially faster than running dedup ....

After some further reflection over dinner, I figured out the major portion of why this is – and I feel a little dumb for not having thought of it before. (A coworker added some more context, but it’s a smaller reason of why one is faster then the other.)

The major reason stats count by... is faster than dedup ... is that stats can hand-off the counting process to something else (though, even if it doesn’t, incrementing a hashtable entry by 1 every time you encounter an instance isn’t terribly computationally complex) and keep going.

In contrast, dedup must compare every individual returned event’s field that matches what you’re trying to dedup to it’s growing list of unique entries for that field.

In the particular case I was seeing yesterday, that means that every single event in the list of 4,000,000 events returned by the search has to be compared one at a time to a list (that I know is going to top out at about 11,000). To use Big-O Notation, this is an O(n*m) operation (bordering on O(n2))!

That initial list of length m fills pretty quickly (it is, after all, only going to get to ~11,000 total entries (in this case)), but as it grows to its max, it gets progressively harder and hard to check whether or not the next event has already been dedup’d.

At ~750,000 events returned (roughly 1/5 my total), the list is unique field values was 98% complete – yet there were still ~3.2 million events left to go (to find just 2% more unique field values).

Those last 3.2 million events each need to check against the list of >10,500 entries – which means, roughly, 16,8 billion comparisons still need to be made!

(Because linear searching finds what it’s looking for on average by the time it has traversed half the list. If the list is being created in a slighly more efficient manner (say a heap or [balanced] binary search tree), it will still take ~43 million comparisons (3.2 million * log2(11,000)).)

Compare this to the relative complexity of using |stats count by ... – it still has to run through all 4 million events, but all it is doing is adding one to the list for every value that shows up in that particular field – IOW, it “only” has to do a total of 4 million [simple] things (because it does need to look at every event returned). dedup at a minimum is going to do ~54 million comparison (and probably a lot more – given it doesn’t merely take 13x the time to run, but closer to 25x).

The secondary contributing factor – important, but not as much a factor as what I covered above – is that dedup must process the whole event, whereas stats chucks everything that isn’t part of what it’s counting (so if an event is 1kb in size, dedup has to return the whole kb, while stats is only looking at maybe 1/10 the total (if you include a coupld extra fields)).

Another neat aspect of using |stats is that it creates a table for you – if you’re running |dedup, you then have to |table ... to get the fields you want displayed how you want.

And adding |table adds to the run time.

So there you have it – turns out those CompSci 201 classes do come in handy 18 years later 🤓

Warren Myers : splunk oddity #17681 – stats vs table

March 08, 2018 12:27 AM

It’s fairly common to want to table the data you’ve found in a search in Splunk – heck, if you’re not prettying the data up somewhy, why are you bothering with the tool?

But I digress.

There are two (at least) ways of making a table – you can use the |table <field(s)> syntax, or you can use |stats <some function> <field(s)> approach.

Interestingly, in my testing in both test and production environments, using the |stats... approach is consistently 10-15% faster than the |table... option.

Why? I don’t know. He’s on third. And I don’t give a darn!

This is another case of technical intricacies mattering … but I don’t know what is going on under the hood that makes the apparently-more-complex option run faster than the apparently-simler option.

Maybe someday someone in Splunk engineering will be able to enlighten me to that.

This reminds me a bit of an optimization I was able to help a friend with upwards of 12 years ago – they had queries running in MySQL that were taking forever to complete (and by “forever”, I mean they were running sometimes 4-5 times a long as the interval between running them (they ran every 5 mintues, but could take 20+ minutes to finish!)).

What I found, at least back in the dark days of MySQL 3.x was that using IN(...) was loads faster than using OR statements.

So a query that had a clause WHERE name IN("bob","sarah","mike","terry","sue") would run anywhere from 20-90% quicker than the logically-equivalent WHERE name="bob" OR name="sarah" OR name="mike" OR name="terry" OR name="sue" (given a large enough dataset overwhich it was running … on small [enough] tables (say up to a couplefew thousand records), the OR version would run equally, or occasionally faster).

In their case, by switching to the IN(...) form, queries went from taking 20+ minutes to finishing in ~20 seconds!

Bonus tidbit:

It is well-known in Splunkland that using dedup is an “expensive” operation. Want a clever way around it (that is much faster)? Instead of doing something like index=myndx | fields ip host | dedup host, run index=myndx | fields ip host | stats count by host | fields -count. The |stats .. |fields -count trick seems to run anywhere from 15-30% faster than dedup.

Warren Myers : a lot of travel

March 06, 2018 11:41 PM

Over the past month, and through the end of March, I’ve done, and will be doing, a lot of travel for work.

Nothing I haven’t done before, but it’s been a long time since I’ve had to be onsite for more than a couple weeks at a time – most customer leap at the chance to do remote work.

Sadly, that has not been possible with one customer, and the other is highly reticent to allow contractors to engage remotely until they’ve put in several weeks of face time.

Face-to-face interactions are certainly important (I even noted so 4.5 years ago), but conference calls, webexes, and the like can most assuredly replace much of that.

Mark Turner : Amazon built its hyper efficient warehouses by embracing chaos — Quartz

March 06, 2018 05:57 PM

Good look at how Amazon takes advantage of randomness in its warehouses.

Amazon has completely redefined warehouse efficiency and customer convenience. Through its Prime membership, it has promised tens of millions of customers free two-day shipping on more than 100 million products, and, last year, it shipped 5 billion items to them. “That was the major innovation,” says Daniel Theobald, who cofounded a warehouse robotics company called Vecna in 1998 and counts major retailers and logistics companies as clients. “As soon as people realized, you can order something and get it tomorrow, that turned the industry upside down.”

The core of this disruptive efficiency, though, is not Amazon’s automated shelf-moving warehouse robots, which is the innovation that gets the most attention. And it isn’t, on its surface, something that you would associate with a well-oiled machine. It’s not even a breakthrough technology. In fact, some version of it was already in place when Alperson worked in Amazon’s early warehouses.

What makes Amazon’s warehouse work is the way they organize inventory: with complete randomness.

Source: Amazon built its hyper efficient warehouses by embracing chaos — Quartz

Mark Turner : U.S. Has Been Secretly Watching Russia’s Nuclear-Powered Cruise Missiles Crash and Burn – The Drive

March 05, 2018 01:30 AM

Good luck with that, Pootie-Poot.

Russia’s President Vladimir Putin publicly announced the as yet unnamed missile in an annual speech on March 1, 2018. The Kremlin says it successfully tested one of the weapons near the end of 2017 and released video footage claiming to show the launch and it in flight. So far, Russian authorities have not released any other significant details about the weapon’s configuration or capabilities, though Putin implied that the final design would be broadly similar in size and shape to the existing, conventionally-powered Kh-101 cruise missile.

At the most basic conceptual level, the weapon could conceivably reach supersonic speeds, fly at very low altitudes, and have effectively unlimited range thanks to its nuclear powerplant, allowing it to hit targets anywhere in the world with little warning and dodge anti-missile defenses.

But shortly after Putin’s address, CNN, in a story citing an anonymous U.S. government official, cast doubt on the possibility that this weapon was anywhere near operational. That individual added that the “United States had observed a small number of Russian tests of its nuclear-powered cruise missile and seen them all crash.” Fox News said its own sources indicated the same thing, that the weapon was in the research and development phase and that at least one had crashed during testing in the arctic.

Source: U.S. Has Been Secretly Watching Russia’s Nuclear-Powered Cruise Missiles Crash and Burn – The Drive

Mark Turner : Drawing the lines on sexual harassment

March 03, 2018 04:47 PM

Rep. Duane Hall

Once upon a time, I learned of a former female coworker who had allegedly been sexually harassed by an executive at the company where we both worked. He had locked her in his office and demanded sexual favors from her. The man held all the cards: she was fresh out of college, she reported to him, and who would believe her word against his?

I was shocked and sickened by this allegation, having never had a clue it was going on, and lost all respect for this man to the point that I later turned down a lucrative job offer simply because it would have made him my boss.

I think it’s pretty clear when your boss locks you in his office and attacks you, that’s sexual harassment if not outright rape. It certainly isn’t consensual nor anywhere near that. It’s plainly wrong.

Then the #MeToo movement came around, a long-overdue reckoning of bad-boy behavior. Creep behavior from the likes of Roy Moore, Harvey Weinstein, Roger Ailes, Matt Lauer, and Louis CK was rightfully called out and, I believe, we could all agree that what they did was wrong. But then Sen. Al Franken was forced to resign for a scripted kiss with LeeAnn Tweeden, a female fellow performer, and for pretending to grope her in a photograph. Both were on a USO tour that was clearly sexually charged by all involved parties.

Is this sexual harassment? Franken had no power over Tweeden. Both had agreed to perform and perhaps both had gotten carried away at times. I failed then and I fail now to see how a scripted kiss between two actors could possibly be construed as sexual harassment. My Democratic Party was all too happy to throw Franken – a man of great integrity who was known to champion women – under the bus to serve some absurdly unrealistic appearance of purity.

Bad taste? Perhaps. Sexual harassment? I’m not so sure.

These incidents were on my mind when last week news broke from Billy Ball at N.C. Policy Watch that several women were accusing N.C. Rep. Duane Hall of sexual misconduct. Hall was accused of chatting up a female Democratic campaign worker when they met at a bar, had a few drinks, and the topic of relationships was broached. I’m sorry, but I fail to see how the banter between an unmarried legislator and a female campaign operative who agreed to meet at a bar could be considered sexual harassment.

It’s a bar, for goodness sakes! That’s what people do at a bar! Stuff that goes on at a bar should be off the record.

As for allegations that Rep. Hall grabbed a woman at the Equality Ball and snapped a selfie with her against her will, he denies the allegation and makes a valid point that there were hundreds of people there, making it difficult to hide any alleged misconduct.

Is what Hall is accused of a hanging offense? I am not convinced. I know Hall and, yes, he can be flirty. I’ve only seen this in social situations, however, and have never seen it in any professional setting. A single male legislator chatting up women in social situations does not strike me as strange. It might seem stranger to me if this weren’t the case. Politics is, was, and always will be a very sexually-charged business. Confidence, competitiveness, and political power are attractive. Not to mention that the unique challenges of holding public office can make it a lonely endeavor.

And it’s not just males who take advantage of this. Many women in political office are known to be just as flirty, even some who are almost certainly speaking out against Rep. Hall under the cover of anonymity. Having been around politics for a while now I, too, have been the subject of this flirting on several occasions, including an unwanted kiss from an elected official. You know what? It’s no big deal to me. My wife chuckled when I told her of the kiss, taking it as seriously as I did. No harm, no foul.

What I do have a problem with is the pretense that our elected officials should be saints because saints are in very short supply and those that arearound tend not to make good leaders. There are degrees of appropriateness in any situation and it’s wrong (and, frankly, stupid) to paint every supposed transgression with the same brush. To group what Rep. Hall allegedly did with the deeds of Harvey Weintstein and others is false equivalence and a dangerous trap to fall into.

How about we always let the punishment fit the crime and not submit to knee-jerk reactions for the sake of saying we’ve done something?

Mark Turner : Are these SpaceX’s Starlink satellites?

March 01, 2018 03:00 PM

Looks like I may have found the orbital elements (TLEs) of SpaceX’s Starlink Internet satellites. I noticed on SatView’s site that three objects entered orbit on 22 February, one of which was SpaceX’s PAZ satellite. PAZ was the primary payload on SpaceX’s most recent Falcon 9 flight and the Starlink birds were the secondaries.

Starlink orbits!

Following Satview’s links takes you to the real-time tracking of 43616U and 43617U (International Designators 2018-020A & 2018-020B), two satellites that are almost certainly Starlink’s TinTin A & B (or Microsat 2A & 2B). They show up in NORAD’s catalog as the bland descriptions of “Object B” and “Object C” and were launched from Vandenberg Air Force Base on the same day as PAZ. From CelesTrak:

So now I know both what to look for and where and when to look for it. Now I need to acquire the gear to acquire the signals, which might be the biggest stumbling block of all. Well, aside from actually decoding any signals I happen to get.

Yes, folks, this actually is rocket science.

Mark Turner : ‘A Total F***-up’: Russian Mercenaries in Syria Lament U.S. Strike That Killed Dozens

March 01, 2018 01:02 PM

Russian mercenaries in Syria tried to attack Americans. The U.S. Army kicked their asses. Putin talks a good game but when push comes to shove we win.

Recordings have emerged in which Russian mercenaries subjected to a joint U.S. strike that killed dozens of their comrades describe the incident as “a total fuck-up.”

Polygraph.info, a Voice of America project, published three recordings, which it received from a source close to the Kremlin. The source said that the recorded phone calls were made by personnel from CHVK Wagner, a Russian private military company.

The incident in question occurred on the night and early morning of Feb. 7-8, when Syrian government forces—backed by Russian mercenaries employed by CHVK Wagner—attempted to capture an oil refinery near the Syrian city of Deir Ezzor. After Russian personnel came into contact with American troops stationed there, the U.S. forces responded with artillery and air strikes.

Source: ‘A Total F***-up’: Russian Mercenaries in Syria Lament U.S. Strike That Killed Dozens

Mark Turner : Back Pain May Be The Result Of Bending Over At The Waist Instead Of The Hips : Shots – Health News : NPR

March 01, 2018 02:04 AM

It seems that Americans bend over all wrong. Learn how to hip-hinge, a more natural way to bend. Fascinating!

To see if you’re bending correctly, try a simple experiment.

“Stand up and put your hands on your waist,” says Jean Couch, who has been helping people get out of back pain for 25 years at her studio in Palo Alto, Calif.

“Now imagine I’ve dropped a feather in front of your feet and asked to pick it up,” Couch says. “Usually everybody immediately moves their heads and looks down.”

That little look down bends your spine and triggers your stomach to do a little crunch. “You’ve already started to bend incorrectly — at your waist,” Couch says. “Almost everyone in the U.S. bends at the stomach.”

In the process, our backs curve into the letter “C” — or, as Couch says, “We all look like really folded cashews.”

In other words, when we bend over in the U.S., most of us look like nuts!But in many parts of the world, people don’t look like cashews when they bend over. Instead, you see something very different.

Source: Back Pain May Be The Result Of Bending Over At The Waist Instead Of The Hips : Shots – Health News : NPR

Mark Turner : The Deep State Takes Out the White House’s Dark Clown Prince

March 01, 2018 01:48 AM

If you’ve ever filled out a form SF-86 for a U.S. government security clearance, you’ll know the hassle of dealing with the sheer volume of information it entails. Listing contacts, personal, financial, and travel information in enormous, painstaking detail isn’t trivial, and even small errors will get the form kicked back to you or your clearance rejected. Applicants are required to spell out in great detail the specifics of foreign travel and overseas contacts. Investigators need to know where you’ve made your money and to whom you have debts.

I did it in my early twenties when my life was relatively uncomplicated, and it was still a pain in the ass. It’s not easy, and it’s not supposed to be.

It’s even harder when you’re a corrupt, entitled snake who repeatedly lies about your finances to federal investigators and serves as a living, breathing poster child for privileged venality. It’s even harder when you’ve rather clumsily attempted to use both your familial relationship and proximity to the president of the United States to save your family’s failing real-estate empire.

All of which helps explain Jared Kushner’s very bad day on Tuesday. White House Chief of Staff John Kelly, a man who has compromised himself and his supposed values to accommodate and indulge President Trumphausen’s various whims, impulses, urges, feuds, and paranoid episodes, finally drew the line and busted Kushner’s security clearance down from TS/SCI to Walmart Greeter Background Check (Provisional).

Source: The Deep State Takes Out the White House’s Dark Clown Prince

Mark Turner : There’s a better way to use a standing desk | Popular Science

February 28, 2018 01:19 PM

I’m a little skeptical that a standing desk could be worse for you than sitting on your ass all day. I’m certainly not going to take as gospel a study with a mere 20 participants in it. As for the Canadian study, I have my doubts, too, but need to delve further into the science.

Often I think these studies are driven by the disdain that Sitters often show towards Standers. Desk discrimination is what it is.

There’s always that one person in the office—you know the one. The one with the standing desk. Whenever you happen to pass their cube you think, wow, there’s a person being proactive about their health. There’s someone fighting the good fight against modern society’s unavoidably sedentary lifestyle. Good on them, bad on me.

But is that really true? A growing body of evidence suggests that yes, sitting for long periods of time can have a detrimental effect on your health. But unfortunately, standing for large spans of the day isn’t that great either. And a recent study adds to this pile. This month in the journal Ergonomics, researchers report that when they had 20 participants stand for two hours at a time, subjects showed an apparent increase in lower limb swelling and decreased mental state.

Source: There’s a better way to use a standing desk | Popular Science

Mark Turner : SpaceX’s Starlink satellite internet: It’s time for tough talk on cyber security in space | Science| In-depth reporting on science and technology | DW | 21.02.2018

February 27, 2018 08:45 PM

It’s time to talk about how secure our flying Internet will be.

Imagine a cutting-edge industry that’s all about pushing boundaries, finding solutions to problems that never existed and “disrupting” absolutely everything we’ve come to rely on with a cast-iron belief in better-life-through-technology. Now, imagine them just “sitting around a big table with a lot of coffee, and talking about it.”

It’s not exactly an image of action, is it? No matter what the “it” is.

And yet that’s precisely the way Constantin Constantinides describes the satellite industry today. Constantinides is a radio frequency engineer with a satellite company in Glasgow called Alba Orbital. And the “it” refers to … cyber security.

Cyber security is one of the biggest unsolved challenges we have on Earth, and it’s about to become a far larger challenge in space.

You could say, “Well, at least they are talking about it.” At least cyber security is on the new space agenda. And it had certainly better be, because the more satellites we fire up into space, and the more those satellites form huge constellations, the more we rely on the data they accrue — the communications networks, location services, Earth Observation, shipping, flight and freak weather tracking, plus masses of unimagined stuff.

And, the more we’re putting our daily lives — human life — at risk.

Source: SpaceX?s Starlink satellite internet: It?s time for tough talk on cyber security in space | Science| In-depth reporting on science and technology | DW | 21.02.2018

Mark Turner : Hacking and tracking SpaceX’s Starlink Internet satellites

February 27, 2018 07:35 PM

Starlink Microsat/TinTin

Update 1 March: I found the satellites!

As my family and I strolled our neighborhood at sunset, my eagle-eyed son spotted a light in the sky sliding slowly away from us before fading. At first we thought it was the International Space Station (ISS) but it was too dim for that. We decided it was a low-earth orbit satellite and the conversation shifted to SpaceX’s recent launch of two low-earth-orbit test satellites for their proposed satellite Internet service, Starlink.

I have no idea whether the satellite we watched is a Starlink Satellite (more formally called TinTin A & B and previously known as Microsat 2A and 2B). I didn’t have my satellite tracking app fired up on my phone at the time. It did get me thinking, though, that it would be fun to track the TinTin satellites to see what I could discover.

A search on the Internet reveals very little information about these birds. I have not yet found the two-line elements (TLE) which describe their orbits. They haven’t been mentioned on my satellite-tracking email list, either.

What if I could locate them, then what? I’d like to try to collect whatever telemetry is being broadcast, even if it’s just beeps. Better yet, I could capture the data stream from the Internet side but that would be challenging to do anything with as it’s said to be encrypted. The birds do have imagery capability. What if I could tune into that and download an image snapped from orbit? Wouldn’t that be cool!

I have found some interesting blog posts and news stories which give some technical information. Gunter’s Space Page also has physical characteristics of the TinTin satellites, which apparently weigh only 400kg:

The primary structure for the Microsat-2a and -2b test spacecraft will be a box design measuring 1.1 m × 0.7 m × 0.7 m and carries the spacecraft flight computer, power system components, attitude determination and control components, propulsion components, GPS receiver, and broadband, telemetry, and command receivers and transmitters. The primary bus is mounted on the payload truss system, which also carries communications panels, inter-satellite optical link transmitters and receivers, star trackers, and a telemetry antenna. There are two 2 m × 8 m solar panels. Each demonstration spacecraft has a total mass of approximately 400 kg. The attitude of each spacecraft is 3-axis stabilized, and is dynamically controlled over each orbit to maintain attitude position for two pointing modes of operation: broadband antenna (antennas to nadir for testing) and solar array (solar arrays facing sun for charging). Power is provided by solar panels designed to deliver sufficient power at the predicted end of spacecraft life to not impair any test objectives. The Thermal Control System ensures that components are kept within operational temperature ranges.

The most technical information, which Spaceeflight101.com located, comes from SpaceX’s FCC application [PDF] Here’s a screenshot from the FCC application. There’s a ton of interesting information here!

Starlink command bandplan

Here’s the video bandplan:

Starlink video bandplan

And last but not least, here’s the broadband bandplan:

Starlink broadband bandplan

Looking at the frequencies above there doesn’t appear to be too much that would be out of reach for a hobbyist like me. The 2GHz control links certainly are within the range of an RTLSDR, though they might need an amplifier. As for the other frequencies, we’re looking at a ton of cable loss at these extremely-high GHz frequencies, though with a proper LNB it could be done.

So let me do some more sleuthing to locate these orbits, firstly, and then figure out what information they might give up. Fun stuff!

Mark Turner : Roads to nowhere: how infrastructure built on American inequality | Cities | The Guardian

February 26, 2018 09:56 PM

This is a shocking, eye-opening look at the systemic racism in 1940s America. I had no idea this went on. On the bright side (and recognizing that we still have a lot of work to do) we have come a long way as a society.

It’s a little after 3pm in Detroit’s 8 Mile neighbourhood, and the cicadas are buzzing loudly in the trees. Children weave down the pavements on bicycles, while a pickup basketball game gets under way in a nearby park. The sky is a deep blue with only a hint of an approaching thunderstorm – in other words, a muggy, typical summer Sunday in Michigan’s largest city.

“8 Mile”, as the locals call it, is far from the much-touted economic “renaissance” taking place in Detroit’s centre. Tax delinquency and debt are still major issues, as they are in most places in the city. Crime and blight exist side by side with carefully trimmed hedgerows and mowed lawns, a patchwork that changes from block to block. In many ways it resembles every other blighted neighbourhood in the city – but with one significant difference. Hidden behind the oak-lined streets is an insidious piece of history that most Detroiters, let alone Americans, don’t even know exists: a half mile-long, 5ft tall concrete barrier that locals simply call “the wall”.

Source: Roads to nowhere: how infrastructure built on American inequality | Cities | The Guardian

Mark Turner : Taking my hacking to a new level: the serial level

February 23, 2018 01:59 AM

I void warranties. Showing off my custom-built CarolinaCon badge last year.

I spent some time over the long President’s Day weekend hacking some of my home devices with the goal of putting new firmware on them. Up until now this has consisted mostly of flashing custom firmware through the existing upgrade channels of whatever device I was working with. Other times I would flash the devices by having them download new firmware from a fileserver.

Sometimes, though, there is no other way to bend a device to your will than to tap into the device’s serial console. This is often done by using a special adapter to convert the low-level signals into the kind that a modem would use. Then you simply use any suitable terminal program to interact with the device. Even though most embedded devices do not come with real computer screens, one can use the serial console to read messages and type commands.

My new serial cable arrives this week which should allow me to unlock nearly any device in my home. I’m looking forward to voiding some more warranties!

Mark Turner : Lessons on Aging Well, From a 105-Year-Old Cyclist – The New York Times

February 22, 2018 01:48 AM

Monsieur Marchand is my new hero.

At the age of 105, the French amateur cyclist and world-record holder Robert Marchand is more aerobically fit than most 50-year-olds — and appears to be getting even fitter as he ages, according to a revelatory new study of his physiology.

The study, which appeared in December in The Journal of Applied Physiology, may help to rewrite scientific expectations of how our bodies age and what is possible for any of us athletically, no matter how old we are.Many people first heard of Mr. Marchand last month, when he set a world record in one-hour cycling, an event in which someone rides as many miles as possible on an indoor track in 60 minutes.

Mr. Marchand pedaled more than 14 miles, setting a global benchmark for cyclists age 105 and older. That classification had to be created specifically to accommodate him. No one his age previously had attempted the record.

Mr. Marchand, who was born in 1911, already owned the one-hour record for riders age 100 and older, which he had set in 2012.

It was as he prepared for that ride that he came to the attention of Veronique Billat, a professor of exercise science at the University of Evry-Val d’Essonne in France. At her lab, Dr. Billat and her colleagues study and train many professional and recreational athletes.

She was particularly interested in Mr. Marchand’s workout program and whether altering it might augment his endurance and increase his speed.

Conventional wisdom in exercise science suggests that it is very difficult to significantly add to aerobic fitness after middle age. In general, VO2 max, a measure of how well our bodies can use oxygen and the most widely accepted scientific indicator of fitness, begins to decline after about age 50, even if we frequently exercise.

But Dr. Billat had found that if older athletes exercised intensely, they could increase their VO2 max. She had never tested this method on a centenarian, however.

Source: Lessons on Aging Well, From a 105-Year-Old Cyclist – The New York Times

David Cafaro : Building a Pen Testing Laptop from Scratch ( WCTF / CTF Laptop ) part 2

February 21, 2018 02:43 AM

With all the hardware working from Part 1, it’s time to move onto getting all the software in place.  There were plenty of references to work from, and based the on the recommendations of Wireless Village to bring Pentoo Linux for the WCTF, that’s where I started.  Here are some lists that I worked from:

This is where I started just going through the list of packages and tried a dnf install.  Many of these are standard Linux packages installed by default, a lot of them are also included as part of the base Fedora distribution.  But, there are several that needs supplemental repo’s added to the dnf package system to make install (and upgrades/maintenance later) easier.  I didn’t install everything, but I tried to make sure I covered many of the big ones, as well as some others I had seen in tutorials.  As I get more time with the laptop, and other CTF/WCTF, I’ll be able to fine tune the install.

Supplemental Software Repositories

The following are the collection of external repos I’ve added to the base distribution to support the additional tools needed.

Fedora 27 openh264 (From Cisco)

This is really about just enabling the repo which is installed by default but disabled.  Some CTF may have audio coding/decoding requirements and this adds to your options.

sudo dnf config-manager --set-enabled fedora-cisco-openh264

RPM Fusion for Fedora 27 – Free

RPM Fusion provides a large collection of additional packages from several sources that the core Fedora team does not wish to provide in core Fedora.  It will also provide a lot of dependencies for packages from other repos.  Updates are not as guaranteed as the core Fedora repo, but most packagers are pretty good at keep them up2date.

The Free repo covers fully open-sourced packages that Fedora was unable to make part of the base distro for various reasons.

sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm

RPM Fusion for Fedora 27 – Nonfree

These are restrictive open-source or not-for-commercial use licensed packages.  If this is for personal use you should be fine, but if you mix work with pleasure, be warned, check the individual packages licenses before use.

sudo dnf install https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

CERT Forensics Tools Repository

Linux Forensics Tools Repository – LiFTeR is a gold mine for CTF based tools for forensics and similar operations.  You will want rpmfusion installed to help support some of these packages.

First I suggest adding the CERT gpg key to dnf to verify packages:

sudo rpm --import https://forensics.cert.org/forensics.asc

Then you can install the repo rpm.

sudo dnf install https://forensics.cert.org/cert-forensics-tools-release-27.rpm

Atomic Corp Repo

Atomic corp are the backers of OSSEC OpenSource HIDs solution, but they have a collection of security tools to supplement the above repos.  Tools like dirb.

sudo rpm -ivh http://www6.atomicorp.com/channels/atomic/fedora/27/x86_64/RPMS/atomic-release-1.0-21.fc27.art.noarch.rpm

Metasploit

It goes with out saying you’ll want to have Metasploit at your disposal, it’s a foundation tool that will help in your early offensive operations.  There are two versions that Rapid7 provides: the free Open Source Metasploit Framework and the paid Commercial Support Metasploit Pro.  The following instructions are for the free Open Source version, it will suffice to get you started, and provides opportunities to learn.

Unfortunately the install process is not a clean dnf focused procedure, they supply an install script that hides some of the complexity, but I choose to figure out how to get it working with out their install script and just add it to my dnf repo collection.  Again rpmfusion above will help with dependencies.

First thing is we need to get the Rapid7 GPG key.  That can be found in their installer script at the top here.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb 2>/dev/null | sed -e '1,/EOF/d' -e '/EOF/,$d' > metasploit.asc

We then need to add it to our rpm key signing store:

rpm --import metasploit.asc

Now we can manually add the Metasploit nightly rpm repo to dnf, and rpm install signatures should be happily verified going forward.

sudo dnf config-manager --add-repo https://rpm.metasploit.com/

You can run the following command to confirm the repos are installed and ready to go (you may be accessed to accept several Fedora GPG keys being imported from the local installs)

dnf repolist

You should see something like this:

Packages Installed

With all the above in place there are two obvious installs you’ll want to do.  The full LiFTeR suite of tools and MetaSploit (warning this is about 3GB of software about to be installed, it’s a LOT of tools):

sudo dnf install CERT-Forensics-Tools metasploit-framework

Besides Metasploit (Exploitation/Pen-testing tool) your going to get Autoposy/SleuthKit (Forensics tool kit), Volatility (Memory Forensics), Silk (Packet analysis suite), Snort (IPS and packet analysis), nmap (Network Mapping and recon), Wireshark (Packet Analysis), and a huge host of other tools and supporting libraries.

Next up are a collection of individual tools that are also included in Pentoo, but the above did not install.

First up is a collection of assorted tools that deal with a range of WCTF/CTF exercises including password cracking, binary/code analysis, network analysis, network recon, exploit development, and more provided by Fedora.

sudo dnf install aircrack-ng scapy masscan zmap kismet kismet-plugins kismon gdb strace nacl-binutils nacl-arm-binutils examiner upx pcsc-lite-ccid chntpw libykneomgr libu2f-host mhash ophcrack chntpw libykneomgr libu2f-host mhash john ophcrack xorsearch crack sucrack ncrack ophcrack aircrack-ng pdfcrack cowpatty hydra medusa airsnort weplab tor flawfinder sage reaver urh hackrf hackrf-static cracklib-python perl-Crypt-Cracklib nikto dirb unicornscan net-snmp net-snmp-utils net-snmp-python net-snmp-perl net-snmp-gui skipfish

The following are more standard Linux tools, but very helpful in WCTF/CTF to handle audio/video analysis/manipulation, picture analysis/manipulation, coding, and quick network controls.

sudo dnf install vim-enhanced gstreamer1-plugin-openh264 mozilla-openh264 vlc python-vlc npapi-vlc dkms audacity ffmpeg firewall-applet system-config-firewall gimp nasm

Software Manually Installed

There were three packages I wanted to work with, but could not find good pre-built rpms of: hashcat, SANS SIFT

SANS SIFT

This can be gotten via VM, ISO, or installed locally.  In truth, it duplicates a lot of the tools already installed above.  I started down this route, then realized I would probably want to stick to the previous rpm route.  You can find the different install instructions here.

hashcat

This is a classic password cracker that supports a world of different CPU/GPU acceleration options.  I’m somewhat limited given I’m running this on a laptop, but still an important tool to have at hand.  Need to link it into some cloud based compute resources…

For install, it’s the classic download, verify, copy.

First lets make an area to handle non-normal apps (feel free to change this to your liking).

cd ~; mkdir Apps; cd Apps

Then retrieve the hashcat public key

gpg --keyserver keyserver.ubuntu.com --recv 8A16544F

Next download their pgp signing key

curl --output hashcat-4.0.1.7z.asc https://hashcat.net/files/hashcat-4.0.1.7z.asc

Then download their binary

curl --output hashcat-4.0.1.7z https://hashcat.net/files/hashcat-4.0.1.7z

Then verify signature

gpg --verify hashcat-4.0.1.7z.asc hashcat-4.0.1.7z

Then we can expand it and then install it.

7za x hashcat-4.0.1.7z
cd hashcat-4.0.1/
sudo cp hashcat64.bin /usr/local/bin/hashcat

And now it’s ready and in our path.  Downside is that we have to remember to manually check for updates occasionally.

 

Now onto WEP/WPA2 Cracking!

In part 3 of course.  Yeah, I know, it’s a tease, but want to get this software install bit out there, while I write up what I learned about WEP/WPA2 hacking.  I’ll cover basics like packet captures, packet injections (to force handshakes), and brute force pass-phrase recovery.

Mark Turner : Radiation Will Tear Elon Musk’s Rocket Car to Bits in a Year

February 20, 2018 11:16 PM

Plastics expert Dr. William Carroll of Indiana University says Elon Musk’s Starman Tesla is no match for the rough-and-tumble environment of space.

The real forces that will tear the car apart over hundreds of millions of years in space, Carroll said, are solid objects and — most importantly — radiation.

Even if the car avoids any major collisions, over very long time horizons, it’s unlikely the vehicle could avoid the kind of collisions with micrometeorites that leave other space junk riddled with craters over time, Carroll said.

But assuming those collisions don’t completely tear the car apart, the radiation will.

Down on Earth, a powerful magnetic field and the atmosphere largely protect human beings (and Tesla Roadsters) from the harsh radiation of the sun and cosmic rays. But spacefaring objects have no such protections.

Source: Radiation Will Tear Elon Musk’s Rocket Car to Bits in a Year

Mark Turner : There are two Americas, and one of them is stupid

February 20, 2018 11:04 PM

Courtesy of TeeShopUSA.Com. Buy their stuff!

I was doing some online searching for a friend with whom I worked a long time ago, so I put her name into The Facebook to see if she was around. A woman with the same name came up in the search results. She was about the same age, listed as “retired,” and looked somewhat similar to how I imagined my friend to look now that twenty-five years have passed since I saw her last. Perusing this woman’s post soon convinced me this wasn’t the old friend I was looking for. In fact, there was this galling comment on this news story that made my jaw drop. It was on this BBC news story about the Lincoln Memorial being vandalized:

“What more do they want?”

“This is getting ridiculous,” she writes. “Lincoln freed the slaves – what more do they want? Oh I know – to erase America’s history!”

I had no idea that this woman was a master detective on par with the greatest of the world. Why, criminals far and wide must be shaking in their boots knowing that The Great Arm-Chair Detective is on the case. The Park Police should take the day off. Heck, take the whole week off, guys.

The Arm-Chair Detective has solved the case, you see. She knows just who vandalized this memorial, and I bet if you asked her to describe the perpetrators her description would almost certainly include the word “black.”

Because, you see, Ms. Great Arm-Chair Detective is a raging racist.

Now maybe she doesn’t realize she’s racist. Maybe she has lived her entire life in a white-people cocoon and has never had any meaningful interaction with people who are different than her. It doesn’t matter the cause because the effect is the same: black people are the “they,” because everyone knows white people have never sprayed graffiti on anything, ever, right?

So congrats, Ms. Detective, you’ve cracked the case! That is, if the case in question is whether or not you should reexamine your beliefs and prejudices.

Former presidential candidate John Edwards used to say there are two Americas, only they’re not rich and poor ones. There’s the America I live in and there’s the stupid one.

Mark Turner : “This Is Serious”: Facebook Begins Its Downward Spiral | Vanity Fair

February 18, 2018 11:39 PM

Years ago, long before Mark Zuckerberg became Mark Zuckerberg, the young founder reached out to a friend of mine who had also started a company, albeit a considerably smaller one, in the social-media space, and suggested they get together. As Facebook has grown into a global colossus that connects about a third of the globe, Zuckerberg has subsequently assumed a reputation as an aloof megalomaniac deeply out of touch with the people who use his product. But back then, when he only had 100 million users on his platform, he wasn’t perceived that way. When he reached out to my friend, Zuckerberg was solicitous. He made overtures that suggested a possible acquisition—and once rebuffed, returned with the notion that perhaps Facebook could at least partner with my friend’s company. The chief of the little start-up was excited by the seemingly harmless, even humble, proposition from the growing hegemon. Zuckerberg suggested that the two guys take a walk.

Taking a walk, it should be noted, was Zuckerberg’s thing. He regularly took potential recruits and acquisition targets on long walks in the nearby woods to try to convince them to join his company. After the walk with my friend, Zuckerberg appeared to take the relationship to the next level. He initiated a series of conference calls with his underlings in Facebook’s product group. My friend’s small start-up shared their product road map with Facebook’s business-development team. It all seemed very collegial, and really exciting. And then, after some weeks passed, the C.E.O. of the little start-up saw the news break that Facebook had just launched a new product that competed with his own.

Source: “This Is Serious”: Facebook Begins Its Downward Spiral | Vanity Fair

Mark Turner : Thirty years a sailor

February 16, 2018 01:11 PM

It was thirty years ago this morning when I woke up before the crack of dawn and officially entered the United States Navy. My mom and dad drove us through the early morning DC traffic the long way from our house in Great Falls, VA to the Baltimore MEPS (Military Entrance Processing Center), then at Linthicum Heights. It was my dad’s 47th birthday. Coffee hadn’t kicked in so there wasn’t much conversation, I recall.

About the time the sun was rising we arrived, I said goodbye to my parents, and got my first taste of the “hurry up and wait” that the military is famous for. I would be poked and prodded for my medical examination, be drug screened, retake the ASVAB test, select the job I wanted in the Navy, and finally be sworn in: the point of no turning back.

It was a two-day ordeal. The government put us up in a nearby cheap hotel because our travel would begin in earnest early the next morning. I was assigned a roommate; a slight, probably gay, Navy-bound African-American kid named Bernard (pronounced BUH-nard, he took pains to remind me) who was more interested in going out for one last night of partying than sleeping. I chose to sleep (as I usually do) and boarded a plane with Bernard and others at BWI early the next morning, bound for Orlando.

Orders in hand, I stepped off the plane at the Orlando airport and was motioned over to a large group of somewhat nervous-looking young people milling around. The adventure the Navy had promised me was just beginning. It was as life-changing as I thought it would be.

Tarus Balog : Prodigal Customers

February 16, 2018 12:46 PM

Growing up in the southern United States meant Sunday mornings were spent at Sunday School. One of the stories we would study was the Parable of the Prodigal Son. A man has two sons. The younger son asks for his inheritance in advance and he goes off and squanders it. When he returns, his father throws a big celebration to welcome him back.

I never really got the point of that story, as I always identified with the older, dutiful son, so it is surprising that it took working with OpenNMS for me to understand it.

We have great customers. Since we do little marketing, before we get a customer they have to first discover OpenNMS, then investigate it to see if it meets their needs, and only then do they contact us. It means that they are self-selecting, and without exception they are incredibly smart, physically beautiful and possessing of a wit so sharp they make Ginsu knives look dull. (grin)

The first company to ever buy an OpenNMS support subscription did so in December of 2001, and this year they renewed for the 17th time. It is a wonderful testament to the work of the team that they created something to inspire such a long commitment.

That said, we do lose a few customers each year. The first one I lost was a little heartbreaking. It was a hospital in Virginia, and when I called them to see if they would renew their support subscription they told me “no”. I was a little shocked, as I was unaware of any problems and they hadn’t opened tickets in awhile, and they told me that was the point. They loved OpenNMS but it “just worked” so they saw no value in getting support, they were still using it.

A more common case for us losing a customer is that our “internal champion” leaves. OpenNMS is a complex and powerful tool, and it does take awhile to climb the learning curve to see its full potential. If all of that knowledge is focused on one person, and that person leaves, their replacement can be overwhelmed and seek out something simpler, even if it is more expensive and less powerful.

I am alway saddened when this happens, but lately we’ve been experiencing what I’m calling “Prodigal Customers”. These are customers who leave and come back.

Cartoon by Chad Essley http://www.cartoonmonkey.com

I love them, and always want to slaughter (figuratively) the fattened calf to welcome them back.

It’s hard to explain, but while it is wonderful to have someone use something you’ve created for almost two decades straight, it is almost more rewarding to have someone go and try something else and discover it doesn’t stack up. Heck, I’d love it if all our customers could try out every possible option, because those that then chose OpenNMS for their solution would truly recognize what an awesome platform it can be.

Being 100% open source, OpenNMS does not have any way to “lock in” a particular customer. You can use it with our services or without, but you always have access to the latest code. Thus choosing to use OpenNMS is a validation of the work we’ve put into it, and whether you are a long time customer, a new customer, or a “prodigal” customer, your preference to use OpenNMS makes all the work to create it worthwhile.

Mark Turner : Conservatives are blind to their own madness

February 09, 2018 06:24 PM

A friend posted this account recently on their social media page:

A friend was standing in line at returns at Home Depot yesterday when the white man in front of him told another man, who was hispanic, he was going to call Trump to come get him. I was horrified and would not be able to keep my mouth shut if I had been confronted by that bigoted white man. Disgust!!!!!

Immediately, one of my friend’s friends, apparently a conservative, piped up with this:

What about freedom of speech? Please explain “HOW” this man is a bigot? It was probably not a nice thing to say, but we do have freedom of speech.

When several others on the thread pointed out how bigoted Conservative Person sounds, Conservative Person wilted from the controversy, claiming loudly “you don’t know me!”

I am appalled at Conservative Person’s enormous lack of recognition of the double-standard in play here. When a white person threatens a foreign-looking person with deportation it’s all fun and games or “freedom of speech.” When someone points out the hypocrisy of this thinking, suddenly they’re all “mind your own business.”

I tried to build a bridge here, gently showing Conservative Person how the Latino man deserves the same respect that Conservative Person does but there was just no connecting the dots. It’s like it never once occurred to Conservative Person that there was anything wrong with being an asshole towards people who look different. White people get a pass for their bad behavior, apparently.

This is what has me so worried about our country’s future. Outside forces, such as far-right so-called sources of news, have stirred up racial animosity and these fires take incredibly long to get under control, if they ever do. And I use the word “fire” here deliberately because of the damage these attitudes can do. Fires can get out control and have far-reaching, unintended consequences, beyond simply winning elections. Fires can cause permanent damage.

I read a headline this morning that an Oxford University report states that Trump supporters are now considered unreachable, stuck in an endless feedback loop of fake news. Says Ben Cohen of the Daily Banter:

I have argued that reconciliation with Trump supporters and the fringe right is a necessity at some point if the country is to survive in the long term. But in the short term, this is now completely impossible. Trump supporters cannot be reached, talked to, or negotiated with, so there is little point it trying. The only thing that counts is upholding the rule of law, voting the complicit GOP out of office in the midterms, and booting out Trump in 2020 (should he survive that long). There can be reconciliation, but only after the adults take back control of the country.

The adults have a lot of work to do. A astoundingly huge amount of work.