David Cafaro : Building a Pen Testing Laptop from Scratch ( WCTF / CTF Laptop ) part 2

February 21, 2018 02:43 AM

With all the hardware working from Part 1, it’s time to move onto getting all the software in place.  There were plenty of references to work from, and based the on the recommendations of Wireless Village to bring Pentoo Linux for the WCTF, that’s where I started.  Here are some lists that I worked from:

This is where I started just going through the list of packages and tried a dnf install.  Many of these are standard Linux packages installed by default, a lot of them are also included as part of the base Fedora distribution.  But, there are several that needs supplemental repo’s added to the dnf package system to make install (and upgrades/maintenance later) easier.  I didn’t install everything, but I tried to make sure I covered many of the big ones, as well as some others I had seen in tutorials.  As I get more time with the laptop, and other CTF/WCTF, I’ll be able to fine tune the install.

Supplemental Software Repositories

The following are the collection of external repos I’ve added to the base distribution to support the additional tools needed.

Fedora 27 openh264 (From Cisco)

This is really about just enabling the repo which is installed by default but disabled.  Some CTF may have audio coding/decoding requirements and this adds to your options.

sudo dnf config-manager --set-enabled fedora-cisco-openh264

RPM Fusion for Fedora 27 – Free

RPM Fusion provides a large collection of additional packages from several sources that the core Fedora team does not wish to provide in core Fedora.  It will also provide a lot of dependencies for packages from other repos.  Updates are not as guaranteed as the core Fedora repo, but most packagers are pretty good at keep them up2date.

The Free repo covers fully open-sourced packages that Fedora was unable to make part of the base distro for various reasons.

sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm

RPM Fusion for Fedora 27 – Nonfree

These are restrictive open-source or not-for-commercial use licensed packages.  If this is for personal use you should be fine, but if you mix work with pleasure, be warned, check the individual packages licenses before use.

sudo dnf install https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

CERT Forensics Tools Repository

Linux Forensics Tools Repository – LiFTeR is a gold mine for CTF based tools for forensics and similar operations.  You will want rpmfusion installed to help support some of these packages.

First I suggest adding the CERT gpg key to dnf to verify packages:

sudo rpm --import https://forensics.cert.org/forensics.asc

Then you can install the repo rpm.

sudo dnf install https://forensics.cert.org/cert-forensics-tools-release-27.rpm

Atomic Corp Repo

Atomic corp are the backers of OSSEC OpenSource HIDs solution, but they have a collection of security tools to supplement the above repos.  Tools like dirb.

sudo rpm -ivh http://www6.atomicorp.com/channels/atomic/fedora/27/x86_64/RPMS/atomic-release-1.0-21.fc27.art.noarch.rpm


It goes with out saying you’ll want to have Metasploit at your disposal, it’s a foundation tool that will help in your early offensive operations.  There are two versions that Rapid7 provides: the free Open Source Metasploit Framework and the paid Commercial Support Metasploit Pro.  The following instructions are for the free Open Source version, it will suffice to get you started, and provides opportunities to learn.

Unfortunately the install process is not a clean dnf focused procedure, they supply an install script that hides some of the complexity, but I choose to figure out how to get it working with out their install script and just add it to my dnf repo collection.  Again rpmfusion above will help with dependencies.

First thing is we need to get the Rapid7 GPG key.  That can be found in their installer script at the top here.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb 2>/dev/null | sed -e '1,/EOF/d' -e '/EOF/,$d' > metasploit.asc

We then need to add it to our rpm key signing store:

rpm --import metasploit.asc

Now we can manually add the Metasploit nightly rpm repo to dnf, and rpm install signatures should be happily verified going forward.

sudo dnf config-manager --add-repo https://rpm.metasploit.com/

You can run the following command to confirm the repos are installed and ready to go (you may be accessed to accept several Fedora GPG keys being imported from the local installs)

dnf repolist

You should see something like this:

Packages Installed

With all the above in place there are two obvious installs you’ll want to do.  The full LiFTeR suite of tools and MetaSploit (warning this is about 3GB of software about to be installed, it’s a LOT of tools):

sudo dnf install CERT-Forensics-Tools metasploit-framework

Besides Metasploit (Exploitation/Pen-testing tool) your going to get Autoposy/SleuthKit (Forensics tool kit), Volatility (Memory Forensics), Silk (Packet analysis suite), Snort (IPS and packet analysis), nmap (Network Mapping and recon), Wireshark (Packet Analysis), and a huge host of other tools and supporting libraries.

Next up are a collection of individual tools that are also included in Pentoo, but the above did not install.

First up is a collection of assorted tools that deal with a range of WCTF/CTF exercises including password cracking, binary/code analysis, network analysis, network recon, exploit development, and more provided by Fedora.

sudo dnf install aircrack-ng scapy masscan zmap kismet kismet-plugins kismon gdb strace nacl-binutils nacl-arm-binutils examiner upx pcsc-lite-ccid chntpw libykneomgr libu2f-host mhash ophcrack chntpw libykneomgr libu2f-host mhash john ophcrack xorsearch crack sucrack ncrack ophcrack aircrack-ng pdfcrack cowpatty hydra medusa airsnort weplab tor flawfinder sage reaver urh hackrf hackrf-static cracklib-python perl-Crypt-Cracklib nikto dirb unicornscan net-snmp net-snmp-utils net-snmp-python net-snmp-perl net-snmp-gui skipfish

The following are more standard Linux tools, but very helpful in WCTF/CTF to handle audio/video analysis/manipulation, picture analysis/manipulation, coding, and quick network controls.

sudo dnf install vim-enhanced gstreamer1-plugin-openh264 mozilla-openh264 vlc python-vlc npapi-vlc dkms audacity ffmpeg firewall-applet system-config-firewall gimp nasm

Software Manually Installed

There were three packages I wanted to work with, but could not find good pre-built rpms of: hashcat, SANS SIFT


This can be gotten via VM, ISO, or installed locally.  In truth, it duplicates a lot of the tools already installed above.  I started down this route, then realized I would probably want to stick to the previous rpm route.  You can find the different install instructions here.


This is a classic password cracker that supports a world of different CPU/GPU acceleration options.  I’m somewhat limited given I’m running this on a laptop, but still an important tool to have at hand.  Need to link it into some cloud based compute resources…

For install, it’s the classic download, verify, copy.

First lets make an area to handle non-normal apps (feel free to change this to your liking).

cd ~; mkdir Apps; cd Apps

Then retrieve the hashcat public key

gpg --keyserver keyserver.ubuntu.com --recv 8A16544F

Next download their pgp signing key

curl --output hashcat- https://hashcat.net/files/hashcat-

Then download their binary

curl --output hashcat- https://hashcat.net/files/hashcat-

Then verify signature

gpg --verify hashcat- hashcat-

Then we can expand it and then install it.

7za x hashcat-
cd hashcat-4.0.1/
sudo cp hashcat64.bin /usr/local/bin/hashcat

And now it’s ready and in our path.  Downside is that we have to remember to manually check for updates occasionally.


Now onto WEP/WPA2 Cracking!

In part 3 of course.  Yeah, I know, it’s a tease, but want to get this software install bit out there, while I write up what I learned about WEP/WPA2 hacking.  I’ll cover basics like packet captures, packet injections (to force handshakes), and brute force pass-phrase recovery.

Mark Turner : Radiation Will Tear Elon Musk’s Rocket Car to Bits in a Year

February 20, 2018 11:16 PM

Plastics expert Dr. William Carroll of Indiana University says Elon Musk’s Starman Tesla is no match for the rough-and-tumble environment of space.

The real forces that will tear the car apart over hundreds of millions of years in space, Carroll said, are solid objects and — most importantly — radiation.

Even if the car avoids any major collisions, over very long time horizons, it’s unlikely the vehicle could avoid the kind of collisions with micrometeorites that leave other space junk riddled with craters over time, Carroll said.

But assuming those collisions don’t completely tear the car apart, the radiation will.

Down on Earth, a powerful magnetic field and the atmosphere largely protect human beings (and Tesla Roadsters) from the harsh radiation of the sun and cosmic rays. But spacefaring objects have no such protections.

Source: Radiation Will Tear Elon Musk’s Rocket Car to Bits in a Year

Mark Turner : There are two Americas, and one of them is stupid

February 20, 2018 11:04 PM

Courtesy of TeeShopUSA.Com. Buy their stuff!

I was doing some online searching for a friend with whom I worked a long time ago, so I put her name into The Facebook to see if she was around. A woman with the same name came up in the search results. She was about the same age, listed as “retired,” and looked somewhat similar to how I imagined my friend to look now that twenty-five years have passed since I saw her last. Perusing this woman’s post soon convinced me this wasn’t the old friend I was looking for. In fact, there was this galling comment on this news story that made my jaw drop. It was on this BBC news story about the Lincoln Memorial being vandalized:

“What more do they want?”

“This is getting ridiculous,” she writes. “Lincoln freed the slaves – what more do they want? Oh I know – to erase America’s history!”

I had no idea that this woman was a master detective on par with the greatest of the world. Why, criminals far and wide must be shaking in their boots knowing that The Great Arm-Chair Detective is on the case. The Park Police should take the day off. Heck, take the whole week off, guys.

The Arm-Chair Detective has solved the case, you see. She knows just who vandalized this memorial, and I bet if you asked her to describe the perpetrators her description would almost certainly include the word “black.”

Because, you see, Ms. Great Arm-Chair Detective is a raging racist.

Now maybe she doesn’t realize she’s racist. Maybe she has lived her entire life in a white-people cocoon and has never had any meaningful interaction with people who are different than her. It doesn’t matter the cause because the effect is the same: black people are the “they,” because everyone knows white people have never sprayed graffiti on anything, ever, right?

So congrats, Ms. Detective, you’ve cracked the case! That is, if the case in question is whether or not you should reexamine your beliefs and prejudices.

Former presidential candidate John Edwards used to say there are two Americas, only they’re not rich and poor ones. There’s the America I live in and there’s the stupid one.

Mark Turner : “This Is Serious”: Facebook Begins Its Downward Spiral | Vanity Fair

February 18, 2018 11:39 PM

Years ago, long before Mark Zuckerberg became Mark Zuckerberg, the young founder reached out to a friend of mine who had also started a company, albeit a considerably smaller one, in the social-media space, and suggested they get together. As Facebook has grown into a global colossus that connects about a third of the globe, Zuckerberg has subsequently assumed a reputation as an aloof megalomaniac deeply out of touch with the people who use his product. But back then, when he only had 100 million users on his platform, he wasn’t perceived that way. When he reached out to my friend, Zuckerberg was solicitous. He made overtures that suggested a possible acquisition—and once rebuffed, returned with the notion that perhaps Facebook could at least partner with my friend’s company. The chief of the little start-up was excited by the seemingly harmless, even humble, proposition from the growing hegemon. Zuckerberg suggested that the two guys take a walk.

Taking a walk, it should be noted, was Zuckerberg’s thing. He regularly took potential recruits and acquisition targets on long walks in the nearby woods to try to convince them to join his company. After the walk with my friend, Zuckerberg appeared to take the relationship to the next level. He initiated a series of conference calls with his underlings in Facebook’s product group. My friend’s small start-up shared their product road map with Facebook’s business-development team. It all seemed very collegial, and really exciting. And then, after some weeks passed, the C.E.O. of the little start-up saw the news break that Facebook had just launched a new product that competed with his own.

Source: “This Is Serious”: Facebook Begins Its Downward Spiral | Vanity Fair

Mark Turner : Thirty years a sailor

February 16, 2018 01:11 PM

It was thirty years ago this morning when I woke up before the crack of dawn and officially entered the United States Navy. My mom and dad drove us through the early morning DC traffic the long way from our house in Great Falls, VA to the Baltimore MEPS (Military Entrance Processing Center), then at Linthicum Heights. It was my dad’s 47th birthday. Coffee hadn’t kicked in so there wasn’t much conversation, I recall.

About the time the sun was rising we arrived, I said goodbye to my parents, and got my first taste of the “hurry up and wait” that the military is famous for. I would be poked and prodded for my medical examination, be drug screened, retake the ASVAB test, select the job I wanted in the Navy, and finally be sworn in: the point of no turning back.

It was a two-day ordeal. The government put us up in a nearby cheap hotel because our travel would begin in earnest early the next morning. I was assigned a roommate; a slight, probably gay, Navy-bound African-American kid named Bernard (pronounced BUH-nard, he took pains to remind me) who was more interested in going out for one last night of partying than sleeping. I chose to sleep (as I usually do) and boarded a plane with Bernard and others at BWI early the next morning, bound for Orlando.

Orders in hand, I stepped off the plane at the Orlando airport and was motioned over to a large group of somewhat nervous-looking young people milling around. The adventure the Navy had promised me was just beginning. It was as life-changing as I thought it would be.

Tarus Balog : Prodigal Customers

February 16, 2018 12:46 PM

Growing up in the southern United States meant Sunday mornings were spent at Sunday School. One of the stories we would study was the Parable of the Prodigal Son. A man has two sons. The younger son asks for his inheritance in advance and he goes off and squanders it. When he returns, his father throws a big celebration to welcome him back.

I never really got the point of that story, as I always identified with the older, dutiful son, so it is surprising that it took working with OpenNMS for me to understand it.

We have great customers. Since we do little marketing, before we get a customer they have to first discover OpenNMS, then investigate it to see if it meets their needs, and only then do they contact us. It means that they are self-selecting, and without exception they are incredibly smart, physically beautiful and possessing of a wit so sharp they make Ginsu knives look dull. (grin)

The first company to ever buy an OpenNMS support subscription did so in December of 2001, and this year they renewed for the 17th time. It is a wonderful testament to the work of the team that they created something to inspire such a long commitment.

That said, we do lose a few customers each year. The first one I lost was a little heartbreaking. It was a hospital in Virginia, and when I called them to see if they would renew their support subscription they told me “no”. I was a little shocked, as I was unaware of any problems and they hadn’t opened tickets in awhile, and they told me that was the point. They loved OpenNMS but it “just worked” so they saw no value in getting support, they were still using it.

A more common case for us losing a customer is that our “internal champion” leaves. OpenNMS is a complex and powerful tool, and it does take awhile to climb the learning curve to see its full potential. If all of that knowledge is focused on one person, and that person leaves, their replacement can be overwhelmed and seek out something simpler, even if it is more expensive and less powerful.

I am alway saddened when this happens, but lately we’ve been experiencing what I’m calling “Prodigal Customers”. These are customers who leave and come back.

Cartoon by Chad Essley http://www.cartoonmonkey.com

I love them, and always want to slaughter (figuratively) the fattened calf to welcome them back.

It’s hard to explain, but while it is wonderful to have someone use something you’ve created for almost two decades straight, it is almost more rewarding to have someone go and try something else and discover it doesn’t stack up. Heck, I’d love it if all our customers could try out every possible option, because those that then chose OpenNMS for their solution would truly recognize what an awesome platform it can be.

Being 100% open source, OpenNMS does not have any way to “lock in” a particular customer. You can use it with our services or without, but you always have access to the latest code. Thus choosing to use OpenNMS is a validation of the work we’ve put into it, and whether you are a long time customer, a new customer, or a “prodigal” customer, your preference to use OpenNMS makes all the work to create it worthwhile.

Mark Turner : Conservatives are blind to their own madness

February 09, 2018 06:24 PM

A friend posted this account recently on their social media page:

A friend was standing in line at returns at Home Depot yesterday when the white man in front of him told another man, who was hispanic, he was going to call Trump to come get him. I was horrified and would not be able to keep my mouth shut if I had been confronted by that bigoted white man. Disgust!!!!!

Immediately, one of my friend’s friends, apparently a conservative, piped up with this:

What about freedom of speech? Please explain “HOW” this man is a bigot? It was probably not a nice thing to say, but we do have freedom of speech.

When several others on the thread pointed out how bigoted Conservative Person sounds, Conservative Person wilted from the controversy, claiming loudly “you don’t know me!”

I am appalled at Conservative Person’s enormous lack of recognition of the double-standard in play here. When a white person threatens a foreign-looking person with deportation it’s all fun and games or “freedom of speech.” When someone points out the hypocrisy of this thinking, suddenly they’re all “mind your own business.”

I tried to build a bridge here, gently showing Conservative Person how the Latino man deserves the same respect that Conservative Person does but there was just no connecting the dots. It’s like it never once occurred to Conservative Person that there was anything wrong with being an asshole towards people who look different. White people get a pass for their bad behavior, apparently.

This is what has me so worried about our country’s future. Outside forces, such as far-right so-called sources of news, have stirred up racial animosity and these fires take incredibly long to get under control, if they ever do. And I use the word “fire” here deliberately because of the damage these attitudes can do. Fires can get out control and have far-reaching, unintended consequences, beyond simply winning elections. Fires can cause permanent damage.

I read a headline this morning that an Oxford University report states that Trump supporters are now considered unreachable, stuck in an endless feedback loop of fake news. Says Ben Cohen of the Daily Banter:

I have argued that reconciliation with Trump supporters and the fringe right is a necessity at some point if the country is to survive in the long term. But in the short term, this is now completely impossible. Trump supporters cannot be reached, talked to, or negotiated with, so there is little point it trying. The only thing that counts is upholding the rule of law, voting the complicit GOP out of office in the midterms, and booting out Trump in 2020 (should he survive that long). There can be reconciliation, but only after the adults take back control of the country.

The adults have a lot of work to do. A astoundingly huge amount of work.

David Cafaro : Building a Pen Testing Laptop from Scratch ( WCTF / CTF Laptop ) part 1

February 09, 2018 04:40 AM

Last month for Shmoocon I decided I wanted to expand my skills a bit and take a shot at something I hadn’t really done much of in my InfoSec career lately, not since way back in the WEP and Linux Zaurus technology years.  Wireless hacking, i.e. a Wireless Capture The Flag event.

I’ve done some appsec testing, network pen testing, and similar in the past, but more side of desk to my core roles.  I haven’t played much in the wireless world, even after getting my Technicians class radio license last year (also at Shmoocon, baby steps I guess), so made the choice to learn as much as I could in my few days at the conference from their WCTF event put on by the good folks at Wireless Village.

These pages will describe what I’ve learned.  Order is hardware discussion then software discussion.  There will be references to some of the software tools in the hardware section, but don’t fear, all will be made clear in the end if you were like me and new to the subject.  Any software/terms mentioned early on aren’t critical, just for future reference as you manage to read through this page.

My Fedora WCTF Laptop

The WCTF Laptop hardware

The laptop: Dell Latitude 7370 with Fedora 27

To start I needed a laptop.  I have my personal Macbook Pro 13″ and an old Dell Vostro, but I didn’t want to deal with the silliness that MacOS presents to non-Mac’y things, and the Vostro is an ancient heavy 15″ stuck in the 32bit world.  I wanted something reasonably small, good battery life, great high-res screen and both USB-C and USB 3.0 ports to support a wide range of addons (like the wireless card I’ll talk about later).  I was targetting something that could handle four threads with no problem and at least have 16GB of ram and 256GB of SSD storage.  Also, needed to fully support Linux, and for well under $1K since I already had a perfectly fine daily laptop in the Macbook Pro.

The above quickly relegated me to the refurbished or used world.  Doing some searches I eventually found the Dell Latitude 7370 series.  This met all my requirements: ~2.5lbs weight, Intel M7 CPU, 16GB Ram, 256GB of Storage, QHD+ 3200×1800 13.3″ Touch Screen, WiFi AC, BT, USB-C and USB 3.0 ports.  And reports from the web said Linux installed fine on it.  Final key point, you can find these laptops (depending on exact spec) ranging from $500-800 refurbished, and often with a 3 year Dell hardware warranty included.  I managed to get mine on-sale at Newegg.com for a hair over $700 fully loaded about a week before Shmoocon.

Though the laptop came with Windows 10 Pro installed, I shrank the partition down and installed a dual boot with Fedora 27 (here is a straight forward write up).  I did a UEFI install of Fedora so that I could leave EFI Secure Boot enabled.  That caused some headaches (I mean learning opportunities) later when I was dealing with kernel modules for my new USB wireless card, but my goal was not to compromise host os security if at all possible.  I have kept the dnf security update process intact, I run SELinux enforcing, secure boot enforcing, encrypted partitions, and firewall, at all times.  Though there is always some level of “trust” that must be placed in Open Source software providers, I also make sure my dnf system has current keys and verifies software signatures regardless of providers.  So far there are only three software components that aren’t handled via dnf, which I’ll go into later.  I also made sure to create a new user and make them an “Administrator”, which is separate from the all powerful root user.

Hardware wise, almost everything works, and everything I needed did.  The only items I have not gotten to work in Linux is the fingerprint scanner, the WWAN, and the ID card reader.  And really, I just haven’t tried, maybe in Part 3?  There were only tow key changes I made to the standard Fedora install to make the hardware more effective.

First, was to add more scaling options to the monitor framebuffer.  Under “Settings -> Devices -> Display” by default you only have a couple of choices for scaling.  100% and 200% just weren’t right for me, needed something in between that didn’t punish my eyes but still took advantage of that lovely high resolution.  With the following command at the command line:

gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"

I was able to add additional choices, and found that 175% was the perfect scale for my vision.

Second was to add a gnome shell extension called “Block Caribou”.  This shell extension stops the virtual keyboard from popping up on the screen if you happen to use the touch screen.   Between accidently tapping the screen, and just trying it out, I don’t need another keyboard popping up and getting in the way of doing work.  Easier to keep it off using the shell extension.  You should be able to find it in the Fedora software shop under “add-ons -> shell extension”.  Ctrl-F to search for Caribou.

The WiFi: ALFA AWUS036AC 802.11AC 2.4/5Ghz

Though the Dell came with a perfectly good Intel 8260 802.11AC wireless network card, I wanted to have one that I believed had better support in the aircrack-ng community of tools and with solid monitor capability.  Also would like to stay on-net while learning my WCTF skills (access to online documentation and all).  Did some research and decided Alfa seemed to be making a large range of well supported USB adapters and that the AWUS036AC had driver support covering both 2.4 and 5Ghz networks in up-to the AC protocols.  What I didn’t learn until after my purchase and one day before Shmoocon, is that the support was “experimental” and limited.  But, in the end I was able to get it to work effectively for at least the basic skills I mastered.  Here is how:

Driver install:

This is the part I learned before Shmoocon.  There was no built-in driver for my Alfa card.  This I expected, so had already found the supported source code for the 8812au driver needed for this wireless card’s chip and aircrack-ng.  Install could be handled in two ways, “dkms” or manual “make” commands.  I originally went with dkms thinking it would make kernel upgrades easier, I was wrong.  Never cleanly integrated with Fedora kernel upgrades and with the need to sign drivers (details in a bit) I was stuck doing a lot of manual clean up and re-install work for the driver on each kernel update.  Stick with “make”, it’s easier.  Also, stick with the 5.1.5 branch for now, the 5.2.9 branch has issues.  This is what I did:

  1. Download the driver, you can either download a zip archive or use git to pull a copy from the repo (I’m showing the .zip method below)
  2. Make sure your user is setup as an administrator with access to sudo and wheel
    Hopefully you chose your primary Fedora user as an administrator when setting up, if not you may want to read up on User/Group Management in Fedora
  3. Make sure you have the latest source/headers for your kernel and build tools so you can build your kernel module against it.
    sudo dnf install kernel-devel kernel-headers dkms make gcc gcc-gdb-plugin libgcc glibc-headers glibc-devel
  4. Create a new directory using root/sudo in /usr/src called /usr/src/rtl8812au-5.1.5
    sudo mkdir /usr/src/rtl8812au-5.1.5
  5. Change permissions on it so that your regular user can handle the compiling part (save root permissions for when you really need them)
    sudo chown root:wheel /usr/src/rtl8812au-5.1.5
    sudo chmod g+w /usr/src/rtl8812au-5.1.5
  6. Copy the downloaded source code and tree into the directory as your normal user
    sudo cp rtl8812au-5.1.5.zip /usr/src/.
    cd /usr/src/
    unzip rtl8812au-5.1.5.zip
  7. Build the source tree with make
    cd rtl8812au-5.1.5
  8. Install the source tree with make (need root again)
    sudo make install

Now if you aren’t using secure boot, you are good to go with the driver working.  If you are using secure boot then you have to sign these drivers with a EFI recognized certificate or the kernel will refuse to load them.  That’s a good thing, throws more hoops that malware would need to jump through to gain persistent access on your system.  But it means a little upfront work on your part, and one additional command line entry step each time you install/update the driver in the future.  I think it’s well worth the effort and learning experience, the following is based on:

  1. First you need to create a certificate pair for signing (keep these certs protected, and replace “mycert” with something relevant to you)
    sudo dnf install mokutil
    mkdir .mokcerts
    chmod o-rwx .mokcerts
    cd .mokcerts
    openssl req -new -x509 -newkey rsa:2048 -keyout MOKmycert.priv -outform DER -out MOKmycert.der -nodes -days 36500 -subj "/CN=mycert/"
  2. Then you need sign your new drivers
    sudo /usr/src/kernels/4.14.16-300.fc27.x86_64/scripts/sign-file sha256 ./MOKmycert.priv ./MOKmycert.der /lib/modules/4.14.16-300.fc27.x86_64/kernel/drivers/net/wireless/8812au.ko
  3. Now you’ll need to request adding your cert as a trusted cert in EFI
    sudo mokutil --import MOKmycert.der
    (remember the password you set, you will need it later!)
  4. Still not done, now you need to reboot and install and confirm your cert to EFI
    On reboot the system should automatically detect the key addition request above and boot into the MOK key management system.  Here you will be requested to provide passwords and accept the addition of your key.  Unfortunately this may vary some depending on bios version and hardware so I can’t provide a lot of guidance here, just read carefully and follow the prompts.  Also, REMEMBER YOUR PASSWORDS!
  5. Now when you finish rebooting your signed kernel driver for your Alfa should load fine.

Unfortunately on every new kernel you will need to rebuild the module, install it, and sign it.  That consists of the following commands (and making sure you are in the correct directories you used in the above steps):

  1. In the /usr/src/rtl8812au-5.1.5 directory:
    make clean
    sudo make install
  2. In your .mokcerts directory (making sure you are referencing the new kernel directory):
    sudo /usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./MOKmycert.priv ./MOKmycert.der /lib/modules/`uname -r`/kernel/drivers/net/wireless/8812au.ko

The uname -r will insert the current kernel into the command, if you updated your kernel but hadn’t rebooted yet, it will be the wrong kernel version as you are still running the old kernel. You’ll need to manually figure out the kernel path.

You could script all the above into one command to make it easier to do on each new kernel upgrade.

Stopping NetworkManager from messing your aircrack-ng up:

This part I fully figured out on the last day of Shmoocon, unfortunately it really messed up my WPA hacking and I didn’t realize it until it was to late to fully recover before the end of the WCTF.  If you don’t do this you will be able to slowly crack WEP, and you’ll see things on WPA, but none of the techniques will work.  It will look like it’s working, but it really isn’t.  NetworkManager (which manages all your network connections) will constantly mess around with your monitor and packet injections even when it looks like it’s not.  Took some digging and testing, but finally found a nice way to get NetworkManager out of the way.

  1. First plug in your new network adapter and find out what interface name and mac address gets assigned. I would suggest running the command once before you plug it in and once after so you know which one is the new interface
    with output like:
    inet netmask broadcast
    inet6 fe80::c200:dca9:632:dbba prefixlen 64 scopeid 0x20
    ether XX:XX:XX:XX:XX:XX txqueuelen 1000 (Ethernet)
    RX packets 226897 bytes 315230079 (300.6 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 33918 bytes 4726882 (4.5 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    ip -a link
    with output like:
    2: NNNNNNNN: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
  2. Next you will need to open the following file to edit:
    sudo vi /etc/NetworkManager/NetworkManager.conf
  3. You need a section with the following:
  4. Then after that add a section with the following:
  5. Finally have a section with the following where the XXXXs are replaced with the MAC address and NNNNNNN is the interface name found above
  6. Now save the file and restart network manager
    systemctl restart NetworkManager
  7. That should now cover you.  You can check by running the following command and confirming it says unmanaged:
    nmcli dev status
    with output like this:
    wlp108s0    wifi     connected   wifinet
    lo          loopback unmanaged   --
    NNNNNNNN    wifi     unmanaged   --

Now NetworkManager should stay out of the way and allow you to have fun.

Next: Installing our pen-testing tools

I based the software I installed on the Pentoo Linux security focused distribution.  You could go the route of just installing Pentoo or Kali, and that’s fine, but I wanted a more general purpose setup.  I also wanted to make sure I was familiar with the small details that go into installing, using, and maintaining the software stack.

And those details will be for part 2….but here is a taste

From the base Fedora repo you can install an important tool aircrack-ng to get started.  From the command line run:

sudo dnf install aircrack-ng

When that finished up you can insert your wireless card and run the following command to start listening to what’s broadcasting around you (with NNNNNNNN being replaced by your actual wireless interface you worked on above):

sudo airodump-ng NNNNNNNN

Till next time…

Mark Turner : Fake Amazon survey gift webpage

February 09, 2018 02:06 AM

Fake Amazon survey popup

I was reading a cool story on BoredPanda.com this afternoon when suddenly my mobile browser was redirected to a fake survey purporting to be from Amazon.com. I’d seen this once before so I thought right away to screenshot it and save a copy of the page.

First it put a pop-up that enticed me to click “OK.” I declined. 🙂 After moving past that dialog, the user is presented with brain-dead-easy survey questions, promising an iPhone X or a $1000 gift card as a reward:

I Googled a handy webpage for reporting Amazon-like phishing emails or webpages to Amazon so I did the needful and sent the link to Amazon’s “stop spoofing” email address.

Poof! The site disappeared from the Internet instantly. I’m assuming the DNS record had a short time-to-live (TTL) to start with because, honestly, it vanished with astonishing speed. Or maybe Jeff Bezos’s secret worldwide team of minions tracked down the perpetrator and whacked him, I don’t know.

The con man in question registered the domain using Namecheap and hid his registration with WhoisGuard:

Registry Domain ID: D60434953-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL:
Updated Date: 2018-02-01T14:00:25.0Z
Creation Date: 2018-02-01T14:00:22.0Z
Registry Expiry Date: 2019-02-01T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C176571093-CNIC
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.

As you can see, the domain was only live for 7 days and I had it taken down in 7 minutes. 🙂

The HTML had some Javascript code that used Hungarian language:

var slidewhere = 0;
var holvanszlider = 0;
function drawszlider(ossz,meik){
var szazalek = Math.round((meik*100)/ossz);
holvanszlider = meik;
t = setTimeout("drawszlider(100, slidewhere);slidewhere = holvanszlider + 1; if (slidewhere > 100) {slidewhere = 100;}",62);

… and check this out! You can’t even win the iPhoneX or a Samsung S8. It’s totally rigged! Of all the low-down, sneaky schemes …

document.getElementById("pz2").innerHTML ="Your prize<br><b>$1000 Amazon Gift Card</b>";
document.getElementById("pz1").innerHTML ="<br><b>Apple iPhone X 256G</b>";
document.getElementById("pz3").innerHTML ="<br><b>Samsung Galaxy S8</b>";
document.getElementById("img2").src = "wm.png";
document.getElementById("img1").src = "iphoneX.png";
document.getElementById("img3").src = "samsungs8.png";
document.getElementById("img1").onclick = function(){alert("Unfortunately, this offer is no longer available, please select another offer. ")};
document.getElementById("img3").onclick = function(){alert("Unfortunately, this offer is no longer available, please select another offer. ")};

The trusting user is then left with the “Amazon Gift Card.” All they need to do is enter in their information into a form. I’m not sure what they’re asking for because I didn’t get that far with this. Hopefully not bank account information, though any info you hand over will be info you wish you hadn’t, I’m sure:

alert("Step 1: We reserved your $1000 Amazon Gift Card!\n\nStep 2: Fill in the correct deliver information and follow the instructions to receive your $1000 Amazon Gift Card!");

Here’s how the site looked in Google’s cache, right after the site was disabled:

Fake Amazon Survey Gift website

Bottom line: don’t be fooled by fake websites promising you something for nothing. 🙂

Mark Turner : Jimmy Buffett Does Not Live the Jimmy Buffett Lifestyle – The New York Times

February 08, 2018 03:05 PM

Jimmy Buffett awoke one morning last year in one of his many homes — he can’t remember which one, there are a lot of them — and a panic gripped him in his throat. His new Broadway musical, “Escape to Margaritaville,” was coming along nicely, but something was off.

It wasn’t the music — they’d been careful to include a finely titrated playlist of crowd pleasers. It wasn’t the book — the TV writers Greg Garcia (“My Name Is Earl,” “Raising Hope”) and Mike O’Malley (“Shameless”) managed to strike a balance of goofy, accessible romantic comedy and some deep cuts for the Parrotheads, as his fans are called. It wasn’t the casting, either; Paul Alexander Nolan is a compelling early-Buffett avatar as Tully Mars, a dreamy bar singer at a rundown Caribbean hotel called Margaritaville. And he was happy with the direction of Christopher Ashley, off a best direction Tony for “Come From Away.”So what could it be? The writers were refining the characters and their motivations and he felt pretty good about that. The producers were taking great care with the show experience as well; they had decided to deluge the audience with beach balls at the end, which Mr. Buffett thought would be fun and memorable.

But it wasn’t that, either. He searched his mind and his heart and still, nothing. In the shadow of the early morning light across his bedroom in either Palm Beach or St. Barts or Sag Harbor or Los Angeles or Waikiki or New York, Mr. Buffett realized he needed to find the answer.

Source: Jimmy Buffett Does Not Live the Jimmy Buffett Lifestyle – The New York Times

Mark Turner : Raleigh charities signed off on Simple Recycling deal

February 07, 2018 03:57 PM

I’m still poking through all the meeting notes, but I thought it notable that the local Salvation Army signed off on the deal when it was presented to Raleigh City Council at its 3 January 2017 meeting. From Council minutes: [PDF]

Lisa Rivers, Salvation Army Advisory Board, told about herself, work she has done and stated she and the Salvation Army Advisory Board are huge advocates of the proposed program. They feel it would be cost efficient, provide positive environmental impacts, etc. Ms. Rivers pointed out she is on the committee which looks for/receives donations and feels the proposed program will actually increase the donations many nonprofits receive. She stated most people who donate do not consider their donations “trash.” She feels the proposed program is a great opportunity for all and feels it will create a lot of awareness related to needs, donations, be a great thing, and
be much more effective and provide a return for all. It is a great opportunity and will provide a great partnership.

It turns out Ms. Rivers spoke a month before similar charities in Austin expressed their concern with the program there. Some even want the city of Austin to cancel its contract with the firm. From the Austin Chronicle:

Charities like Goodwill, the Salvation Army, and the Assistance League of Austin (ALA) see the situation differently. Traci Berry, senior vice president of Community Engagement and Education at Goodwill, believes the primary reason people donate is convenience. If that’s the case, relays Jan Gunter, communications director for the Salvation Army, what’s most convenient for Austin residents would be to “put recyclable textiles in green bags and put them at your curb.” In the two months since Simple Recycling arrived (Austin is one of the first big cities the company has contracted with) both Goodwill and the ALA report seeing a decline in donations. According to Berry’s numbers, Goodwill finds itself down 13,000 donations from the last two Januarys; a loss of $546,000. “There’s a lot we can do with half a million dollars, and a lot we can’t do without it,” she said.

In December, before the Simple Recycling campaign began, the ALA was $22,000 more profitable than they had been in Dec. 2015, according to Kathy Hurwitz, president of the nonprofit. This January, however, their profits dropped. While still ahead of the previous year, that margin has decreased to only a $9,000 lead. Hurwitz can’t be sure if Simple Recycling is responsible for the decline, but says “we haven’t seen anything change except [its] arrival.” ALA funds nine programs with the money their thrift house brings in, including School Bell, which clothes 6,000-7,000 local children each year.

“If our thrift house goes down, that’s our money,” Hurwitz explained. “Goodwill, Salvation Army – we can co-exist with them, but Simple Recycling is a convenience we can’t compete with.”

A year and change has passed since the local Salvation Army weighed in on this, to my knowledge. I have reached out to the Salvation Army Advisory Board to see if they still feel the same way.

Mark Turner : City of Raleigh begins first in state curbside textile recycling program | abc11.com

February 07, 2018 12:16 AM

Recycling bin

The City of Raleigh has teamed up with a for-profit company to collect clothing along with recycling. The company, SimpleRecycling, will resell the items.

I know Bianca Howard and I think the city’s recycling program is top notch, however I’m uneasy with the city’s staff doing the dirty work of a for-profit company. I’m especially uneasy with the idea that this clothing could instead have gone to charities to distribute to people who need it, free of charge. Austin’s deal with the company has become controversial after local non-profits complained it was hurting their donations.

I think I’ll pass.

RALEIGH, NC (WTVD) –The City of Raleigh will begin to offer a textile recycling program on February 20th.Stay on top of breaking news stories with the ABC11 News AppRaleigh is the first city in North Carolina to partner with Simple Recycling, a for-profit company that sells the items domestically and internationally so residents will not receive a tax write off for their items.”They’re providing this service at no charge to residents of Raleigh,” City of Raleigh Environmental Coordinator Bianca Howard said.”Residents who prefer to get a tax deduction or help a favorite charity should continue to do that,” she said. “We really see this as another way to help people learn about textiles and keep good textiles out of the landfill.”

Source: City of Raleigh begins first in state curbside textile recycling program | abc11.com

Mark Turner : Trump’s Would-Be Weather Czar Tried to Shut Down Free Forecasts | Vanity Fair

February 06, 2018 11:01 PM

Oh, for fuck’s sake. The story of today’s erroneous tsunami warning quoted AccuWeather CEO Barry Myers, who Trump tapped to lead NOAA. I had no idea that Myers was up for this position.

This would be another case of Trump trying to destroy government from the inside. Myers’s company AccuWeather tried to quash free forecasts: one of the most useful and lifesaving services of the federal government.

Fuck this guy and fuck Trump for nominating him.

As extreme weather conditions and natural disasters lay waste to Northern California and Puerto Rico, Donald Trump is poised to hand over control of the National Oceanic and Atmospheric Administration—the government organization that focuses on weather and climate research—to a known opponent of the agency. Barry Myers, the C.E.O. of for-profit weather forecasting service AccuWeather, has supported measures that would limit how much information the National Weather Service can publicly release, so private companies like his can use N.W.S. data to sell their own products to consumers.

Source: Trump’s Would-Be Weather Czar Tried to Shut Down Free Forecasts | Vanity Fair

Mark Turner : Some New Yorkers may have woken up to erroneous text alerts about a tsunami warning – Recode

February 06, 2018 10:54 PM

Interesting that the National Weather Service is sending test messages about a tsunami, knowing that there is an elevated threat of tsunami from the Canary Islands’ La Palma volcano.

A test of the U.S. National Weather Service’s system to warn Americans about tsunamis appeared to go awry this morning, as residents in states like New York erroneously received alerts that the east coast might be in harm’s way.

At about 8:30 am ET, NWS officials said it sought to complete a monthly test of its tsunami warning system — with an alert that had the word “test” in its message — yet “some users received this test message as an actual tsunami warning.”

Source: Some New Yorkers may have woken up to erroneous text alerts about a tsunami warning – Recode

Mark Turner : How Insulin Became Unaffordable | Harvard Political Review

February 06, 2018 02:39 PM

This is appalling. People are dying because they can’t afford insulin.

The U.S. health care is broken. Only single-payer will fix it and I will support any politician who supports it. No one should die over profits!

On May 20, 2017, Smith turned 26, aging out of his parents’ insurance. Because he was a single man with a decent job, Smith didn’t qualify for subsidies under the Affordable Care Act. The most inexpensive plan Smith and his mother could find on the Minnesota exchange was around $450 per month with a $7600 deductible. Smith could have afforded the monthly premiums, but the deductible made the plan too expensive. Although the family had been researching plans for Smith since February, he had to go off of health insurance entirely.

When Smith went to the pharmacy to pick up his insulin in early June, the bill was over $1300 without insurance. He couldn’t afford the medicine that day, and decided to ration his remaining insulin until he was paid. Smith did not tell his family that he was adjusting his carbohydrate intake so he could lower his dosage.

“He knew the signs of being in trouble with his diabetes,” Smith-Holt told the HPR. “But when your body starts shutting down like that, you’re not making very clear, rational decisions.”

On June 25, Smith went to dinner with his girlfriend, where he complained about stomach pains. It was the last time anyone saw him alive. He called in sick to work the next day. On June 27, Smith was found dead in his apartment.

Source: How Insulin Became Unaffordable | Harvard Political Review

Mark Turner : No one does it alone

February 06, 2018 01:41 PM

Will Rogers on “Trickle Down”

A few weeks ago I was scrolling through my Facebook feed when I saw one of my liberal friends had posted humorist Will Rogers’s famous “trickle down” quote. My friend didn’t offer much (if any) commentary on it other than to post it, and indeed I’ve seen it widely shared. It’s worthy of sharing.

Then I noticed a few comments down that the quote had drawn a dissenting voice. A conservative friend of his took offense at the quote, essentially griping that if people would simply work hard they’d get whatever manna that was coming to them. Conservative Guy then berated Liberal Guy for doing nothing for the country and implied that Liberal Guy wasn’t a true citizen because Conservative Guy served in the military and Liberal Guy did not. It didn’t seem to matter to Conservative Guy that Liberal Guy had worked since he was 16 in a very physically-demanding line of work.

I’m sure alcohol was involved in this exchange (at least on the part of Conservative Guy), and Liberal Guy soon deleted it, but it was shocking to read. It flabbergasts me that some people are so blind to their privilege, unable to see the shoulders they stood on – and, often, the pure luck – that got them where they are. Hard work? Yeah, that is part of it, but it’s not the only thing holding others back. Not by a long shot.

Secondly, never would I consider someone to be less of a citizen for not serving in the military. I’ve said before how we have so many heroes in our daily lives, not just those who served in the military. My family and I attended the N.C. State basketball game against Notre Dame on Saturday on what was the university’s Military Appreciation Day. I felt sheepish when the announcer asked veterans to stand and be recognized. To me military service is no big deal. There are lots of ways to serve.

For me, the most valuable lesson from my military service is the insight I gained from serving with men from so many backgrounds. White, black, Latino, Puerto Ricans, Filipinos. Rich, poor. Straight, gay. Straight arrows and those whose choice was between the military and jail. So many of these guys are like brothers now, and will be for life. For a sheltered rich white kid growing up in the South it was a world-changing experience. If you come out of the military with anything other than a stronger appreciation for the struggles of others you’re doing it wrong.

Both Liberal Guy and Conservative Guy own their own businesses, which is great. I have no doubt that both of them work hard but only one of them recognizes the “village” it took to get him where he is.

I hope this understanding spreads. No matter what one’s ego might tempt one to think, no one does it alone.

Mark Turner : I now remember why I left DOS behind

February 05, 2018 03:40 PM

This is harder to emulate than you think.

Because I apparently haven’t had enough technical challenges to solve, this weekend I decided to return to my little side project of getting my old DOS-based PCBoard BBS running in a virtual machine. For this project I’m using oVirt as the VM host and booting FreeDOS 1.2.

Needless to say, I’m running into some challenges. My first thought is: oh my God what a kludgy mess DOS is! It’s a half-assed solution on top of a half-assed solution on top of a half-assed solution. Device drivers up the wazoo. More than 640K memory? Gotta load EMM drivers. Want to use a CD? Load an ATAPI driver. Want USB? Hah, not available! Want networking? Find a packet driver for your specific network card and ensure you use the right interrupts. Oh, and you’ll still need to load a separate TCP/IP stack! With so many parts to the puzzle it’s a miracle anything ever worked at all!

It took me a little while but I finally did get my DOS VM networked via TCP/IP. Then when I loaded PCBoard it initially seemed to be looking for a (non-existent) modem. Subsequent runs had it complaining about “Cannot run as a child of BASIC” before exiting. I am assuming this is a problem with the way PCBoard was compiled using QuickBASIC and QuickBASIC (QB) might not be playing nicely with FreeDOS. I’ve seen others say QB works fine with FreeDOS but I don’t know if that applies to the compiled programs or not.

So, now I’m on to installing a DOS VM using MS-DOS 6.22. I can’t imagine QuickBASIC not liking MS-DOS.

The project continues. It may or may not be worth the trouble but at the very least it is a reminder of just how far we’ve come with operating systems!

Mark Turner : Sound bite: Despite Pono’s promise, experts pan HD audio – CNET

February 04, 2018 01:21 AM

This isn’t a new story but it’s one that I found very enlightening on the topic of digital audio formats.

Pono Music’s roaring success on Kickstarter, raising $4.3 million so far, shows that thousands of people believe better audio quality is worth paying for.

The company — backed by star musician Neil Young and selling a $400 digital audio player along with accompanying music — promises people will hear a difference between Pono Music and ordinary music that’s “surprising and dramatic.” The company’s promise is based in part on music files that can contain more data than not only conventional MP3 files, but also compact discs.

There’s no doubt that highly compressed music files, played over tinny laptop speakers or cheap earbuds, leave a lot of room for improvement. But outdoing CD quality? That’s a harder sell.

Source: Sound bite: Despite Pono’s promise, experts pan HD audio – CNET

Tarus Balog : 2018 New Zealand Network Operators Group (NZNOG)

January 31, 2018 11:38 PM

One thing that all open source projects struggle with is getting users. Most people in IT and software are overwhelmed with a plethora of information and options, and matching the right material to the right audience is a non-trivial problem.

Last year my friend Chris suggested that I speak at a Network Operators Group (NOG) meeting, specifically AusNOG. It was a lot of fun. I felt very comfortable among this crowd. so I decided to reach out to more NOGs to see if they would be interested in learning about OpenNMS.

The thing I like the most about NOGs is that they value getting things done above all else. While “getting things done” is still important with the free and open source crowd, there seems to be more philosophy and tribalism at those shows. “Oh, that’s written in PHP, it must suck” etc. As a “freetard” I live for the philosophical and social justice aspects of the community, but from a business standpoint it doesn’t translate well into paying customers.

At NOGs the questions are way more business-focused. Does it work? Is it supported? What does it cost? While I’m admittedly biased toward OpenNMS and its open source nature, the main reason I keep promoting it is that it just makes solid business sense for many companies to use it instead of their current solution.

Plus, these folks are pretty smart and entertaining while dispensing solid advice and knowledge.

Anyway, with that preamble, at AusNOG I learned about the New Zeland NOG (NZNOG) and submitted a talk. It got accepted and I found myself in Queenstown.

NZNOG Scenary

The main conference was spread out over two days, and like AusNOG it consisted of 30 to 45 minute talks in one track.

While I know it won’t work for a lot of conferences, I really like the “one track” format. It exposes me to things I wouldn’t have gone to otherwise, and if there is something I am simply not interested in learning about I can use that time to catch up on work or participate in the hallway track.

NZNOG Clare Curran

The conference started with a presentation by the Honorable Clare Curran, a newly minted Member of Parliament (they recently held elections in New Zealand). I’m slowly seeing politicians getting more involved in information technology conferences, which I think is a good thing, and I can only hope it continues. She spoke about a number of issues the government is facing with respect to communications technology.

Several things bother me about the US government, but one big one is the lack of understanding of the importance of access to the Internet at broadband speeds. Curran stated that “lack of reliable high-speed network access is a new measure of poverty”. Later in the day John Greenhough spoke on New Zealand’s Ultra-Fast Broadband (UFB) project, where on one slide broadband was defined as 20Mbps download speed.

NZNOG John Greenhough

Where I live in the US I am lucky to get 10Mbps and many of my neighbors are worse off, yet the government is ceding more of the decision making process about where to build out new infrastructure to the telecommunications companies which have zero incentive to improve my service. It’s wonderful to see a government realize the benefits of a connected populace and to take steps to make it happen.

Because we all need Netflix, right? (grin)

There was a cool talk about how Netflix works, and I didn’t realize that they are working with communications providers to provide low-latency solutions distributed geographically. This is done by supplying providers with caching content servers so that customers can access Netflix content while minimizing the need for lots of traffic over expensive backhaul links.


I did find it cool that one of the bandwidth graphs presented was obviously done using RRDtool. I don’t know if they collected the data themselves or used something like OpenNMS, but I hope it was the latter.

With this push for ubiquitous network access comes other concerns. New Zealand has a law called TICSA that requires network providers to intercept and store network traffic data for use by law enforcement.

NZNOG Lawful Intercept

I thought the requirements were pretty onerous, but I was told that the NZ government did set aside some funds to help providers with deploying solutions for collecting and storing this data (but I doubt it can cover the whole cost, especially over time). The new OpenNMS Drift telemetry project might be able to help with this.

NZNOG Aftab Siddiqui

There were a couple of talks I had seen in some form at AusNOG. The ever entertaining Aftab Siddiqui talked about MANRS (Mutually Agreed Norms for Routing Security) but unlike in Australia he was hard pressed to find good examples of violations. Part of that could be that New Zealand is much smaller than Australia, but I’m giving the NZ operators the credit for just doing a good job.


The Facebook folks were back to talk about their NetNORAD project. While I have a personal reluctance to deploy agents, there really isn’t a way to measure latency at the detail they want without them. I think it would be cool to be able to gather and manage the data created by this project under OpenNMS.

NZNOG Geoff Huston

What I like most about these NOG meetings is that I always learn something cool, and this one was no different. Geoff Huston gave a humorous talk on DNSSEC and handling DNS-based DDoS attacks. While I was somewhat familiar with DNSSEC, I was unaware of the NSEC part of it.

Most DNS DDoS attacks work by asking for non-existent domains, and the overhead in processing them is what causes the denial of service. The domain name is usually randomly generated, such as jeff123@example.com, jeff234@example.com, etc. If the DNS server doesn’t have the domain in its cache, it will have to ask another DNS server, which in turn won’t have the domain as it doesn’t exist.

The NSEC part of DNSSEC, when responding to a non-existent domain request, will return the next valid domain. In the example above, if I ask for jeff123@example.com, the example.com DNS server can reply that the domain is invalid and, in addition, the next valid domain is www.example.com. If implemented correctly, the original DNS server should then never query for jeff234@example.com since it knows it, too, doesn’t exist.

Pretty nifty.

NZNOG Rata Stanic

One talk I was eagerly awaiting was from Rada Stanic at Cisco. She also spoke at AusNOG but I had to leave early and missed it. While she disrespected SNMP a little more than I liked (grin), her talk was on implementing new telemetry-based monitoring protocols such as gRPC. OpenNMS Drift will add this functionality to the platform. Our experience so far is that the device vendor implementation of the telemetry protocols leaves something to be desired, but it does show promise.


It was nice being in New Zealand again, and our mascot Ulf seemed to be popular with the locals. Can’t imagine why.

Mark Turner : Drug firms shipped 20.8M pain pills to WV town with 2,900 people | Health | wvgazettemail.com

January 31, 2018 08:58 PM

Somebody needs to go to jail. Several somebodies, in fact.

Over the past decade, out-of-state drug companies shipped 20.8 million prescription painkillers to two pharmacies four blocks apart in a Southern West Virginia town with 2,900 people, according to a congressional committee investigating the opioid crisis.

The House Energy and Commerce Committee cited the massive shipments of hydrocodone and oxycodone — two powerful painkillers — to the town of Williamson, in Mingo County, amid the panel’s inquiry into the role of drug distributors in the opioid epidemic.

“These numbers are outrageous, and we will get to the bottom of how this destruction was able to be unleashed across West Virginia,” said committee Chairman Greg Walden, R-Ore., and ranking member Frank Pallone Jr., D-N.J., in a joint statement.

Source: Drug firms shipped 20.8M pain pills to WV town with 2,900 people | Health | wvgazettemail.com

Mark Turner : Oh noes! Mr. Belarus is tracking me with the pornz!

January 30, 2018 12:29 PM

Another spam email I got today. Not the only one, it seems.

In my opinion 330 usd is pretty enough for this little false!

Date: Mon, 29 Jan 2018 22:08:52 -0700
From: “Skylar_Moodie” info@linkleadsmta.com
Reply-To: “Skylar_Moodie” john_d0ne@yahoo.com
To: @markturner.net
Subject: =?utf-8?Q?WUV=3A_=3C=40markturner.net=3E_30-01-2018_07=3A08=3A53_Anyone_can_make_a_mistake

Ticket Details: WUV-273-205439
Camera ready,Notification: 30-01-2018 07:08:53
Status: Waiting for Reply 85xuHa8n4kjjbiu84mbeioi1j438Hu5_Priority: Normal


If u were more attentive while playing with yourself, I wouldn’t write dis message. I don’t think that playing with yourself is extremely bad, but when all colleagues, relatives and friends receive video record of it- it is awful news.

I placed virus on a web-site for adults (with porn) which was visited by you. When the target press on a play button, device begins recording the screen and all cameras on ur device begins working.

Moreover, my virus makes a dedicated desktop supplied with key logger function from your system , so I was able to get all contacts from your e-mail, messengers and other social networks. I’m writing on dis e-mail because It’s your working address, so you will read it.

In my opinion 330 usd is pretty enough for this little false. I made a split screen video(records from screen (u have interesting tastes ) and camera ohh… its awful AF)

So its your choice, if u want me to delete this compromising evidence use my bitcoin wallet address: 1MVznZJSwdEWkdoJgbYDMeuDPsj3Ms26NA You have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will know.If ya want me to share proofs with ya, reply on this message and I will send my creation to five contacts that I’ve got from ur contacts.

P.S. You are able to complain to police, but I don’t think that they can help, the inquisition will last for 5 month- I’m from Belarus – so I dgf LOL

Mark Turner : Cheap Renewables Keep Pushing Fossil Fuels Further Away From Profitability – Despite Trump’s Efforts

January 30, 2018 12:08 AM

Rapid cost declines made renewable energy the United States’ cheapest available source of new electricity, without subsidies, in 2017. In many parts of the U.S., building new wind is cheaper than running existing coal, while nuclear and natural gas aren’t far behind. As renewable energy costs continue their relentless decline, they keep pushing fossil fuels further from profitability – and neither trend is slowing down.

This dynamic is apparent in the decade spanning 2008-2017, where nearly all retired U.S. power plants were fossil fuel generation, and was capped by utilities announcing 27 coal plant closures totaling 22 gigawatts (GW) of capacity in 2017. The U.S. Energy Information Administration (EIA) forecasts coal closures will continue through 2020, potentially setting an all-time annual record in 2018.

Source: Cheap Renewables Keep Pushing Fossil Fuels Further Away From Profitability – Despite Trump’s Efforts

Mark Turner : How high-tech Navy went off course on basic seamanship skills – News – Stripes

January 29, 2018 10:15 PM

An exasperated Sen. Angus King recently grilled the Navy’s top uniformed officer for reasons why two high-tech destroyers had collided with commercial ships since June.

“How in the world could a billion-dollar destroyer not know that there’s a freighter closing in on it?” King asked during a Senate committee hearing on Sept. 19. “This is just unacceptable from just a modern seamanship point of view, it seems to me.”

Adm. John Richardson, chief of naval operations, didn’t disagree. He promised King that all would be made known when investigations are completed into the June collision of the USS Fitzgerald and the August collision of the USS John S. McCain, along with a sweeping Navy-wide review of systemic flaws. The investigations would particularly focus on “proper operation of your equipment, fundamentals of watch standing,” Richardson said, using the nautical term for the continuous oversight of essential ship operations, most importantly bridge navigation.

The collisions, which left 17 sailors dead, have raised questions about how the Navy mans, certifies, maintains and operates its surface ships, particularly those operating in the Pacific’s crowded sea lanes.

Source: How high-tech Navy went off course on basic seamanship skills – News – Stripes

Mark Turner : USAF Is Jamming GPS In The Western U.S. For Largest Ever Red Flag Air War Exercise – The Drive

January 28, 2018 03:07 AM

Interesting. Glad to see the military conducting exercises without GPS, now that Russia has shown its willingness to jam it. In war we must be prepared to go without this incredibly-useful resource.

The year’s first iteration of the USAF’s premier set of aerial war games, known commonly as Red Flag, is kicking off today at Nellis Air Force Base just outside of Las Vegas, but this exercise will be different than any in the past. Not only is it the largest of its kind in the exercise’s 42 year history, but the USAF is going to blackout GPS over the sprawling Nevada Test and Training Range to challenge aircrews and their weaponry under realistic fighting conditions. The tactic will spill over throughout the region, with warnings being posted stating inconsistent GPS service could be experienced by aircrews flying throughout the western United States.

Source: USAF Is Jamming GPS In The Western U.S. For Largest Ever Red Flag Air War Exercise – The Drive

Bonus: Read more of the Navy’s rationale for blocking GPS.

Mark Turner : Candid camera: Dutch hacked Russians hacking DNC, including security cameras | Ars Technica

January 27, 2018 05:14 PM

Hackers hacking hackers. Reason #47,672 why I love the Dutch!

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands’ domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as “Cozy Bear,” one of the “threat groups” that would later target the Democratic National Committee.

Russia’s hack of State Department was “hand-to-hand” combatAIVD’s intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin.

Source: Candid camera: Dutch hacked Russians hacking DNC, including security cameras | Ars Technica

Mark Turner : The Startling Link Between Sugar and Alzheimer’s – The Atlantic

January 27, 2018 04:30 PM

I’ve considered high-carb diets to be dangerous, and this troubling research linking high-carb diets to cognitive decline gives me yet another reason to avoid excessive carbs. Yikes!

In recent years, Alzheimer’s disease has occasionally been referred to as “type 3” diabetes, though that moniker doesn’t make much sense. After all, though they share a problem with insulin, type 1 diabetes is an autoimmune disease, and type 2 diabetes is a chronic disease caused by diet. Instead of another type of diabetes, it’s increasingly looking like Alzheimer’s is another potential side effect of a sugary, Western-style diet.

In some cases, the path from sugar to Alzheimer’s leads through type 2 diabetes, but as a new study and others show, that’s not always the case.

A longitudinal study, published Thursday in the journal Diabetologia, followed 5,189 people over 10 years and found that people with high blood sugar had a faster rate of cognitive decline than those with normal blood sugar—whether or not their blood-sugar level technically made them diabetic. In other words, the higher the blood sugar, the faster the cognitive decline.

Source: The Startling Link Between Sugar and Alzheimer’s – The Atlantic

Mark Turner : Raleigh’s in the Running for Amazon’s HQ2. But Do We Really Want the Damn Thing? | Wake County | Indy Week

January 27, 2018 01:34 PM

IndyWeek pretty much repeats what I’ve been cautioning about Amazon HQ2 landing in Raleigh. Be careful what you wish for.

There’s been something surreal about watching cities all over the country prostrate themselves before Amazon in hopes of landing HQ2, the company’s second headquarters, which will employ some fifty thousand workers and pump $5 billion into the local economy over the next two decades. Newark has offered the internet behemoth $7 billion in incentives. Philadelphia offered as much as $2 billion over ten years. Missouri offered in excess of $2.4 billion (which wasn’t good enough; Amazon rejected bids from Kansas City and St. Louis). Other cities that have made their incentive packages public aren’t far behind. For those that haven’t—including North Carolina—it’s difficult to imagine that figure not reaching the billions.

Source: Raleigh’s in the Running for Amazon’s HQ2. But Do We Really Want the Damn Thing? | Wake County | Indy Week

Mark Turner : Lana Del Rey/Radiohead Dispute Shows Why Major Labels Fail

January 26, 2018 06:10 PM

“Get Free” was the product of three writers and three producers, not to mention a little village of people who work for the record company and the publishers. Probably around a thousand people heard “Get Free” before it was released (that’s not an exaggeration), and virtually all of ‘em knew the thing sounded exactly like “Creep” (these people are sniveling, arrogant, and cowardly, but not stupid). Yet not one of these check-cashing chimps who spend more on sushi in a single day then you make in a week raised a single wasabi-stained finger and said, “So, listen, Lana, how should I put this…well…I have heard that exact melody before.”

(Lana and her sushi-flinging shaven apes could have at least chosen to rip off a song that everyone didn’t know. I mean, people do that all the time. Heck, give a listen to “Airplane Song,” a fairly obscure ditty from 1967 by The Royal Guardsman. Really, listen to it. The Beatles did, and lifted it lock, stock, and barrel for “Ob-La-Di, Ob-La-Da.” The Fabs knew the first rule of plagiarism: When you steal, steal from someone who is less famous than you.)

Source: Lana Del Rey/Radiohead Dispute Shows Why Major Labels Fail

Mark Turner : Could a bubbling Canaries volcano see Britain engulfed by killer tsunami?

January 26, 2018 12:35 PM

A tsunami wave, perhaps 100 feet tall, will wreak havoc on the U.S. east coast the day that the Canary Islands’ La Palma volcano blows up. Increased seismic activity has experts worried that day is coming sooner rather than later. Are we ready?

WHEN you think about tsunamis, you don’t tend to picture the killer waves crashing down on British beaches.But with a volatile volcano in La Palma ready to blow, the government is now drawing up plans for dealing with monster waves on the British coast.

The terrifying truth is that we’re largely in the dark about tsunamis, and it’s difficult to say with any certainty when Britain will next see a killer wave.But many volcano experts point to Cumbre Vieja, an active volcanic ridge on La Palma, in the Canary Islands, as a probable source of a future tsunami.

With seismic activity picking up in the area, volcano monitors are on high alert over fears that an eruption could send a huge chunk of the mountain crashing into the sea – triggering a monster tsunami.

There’s still debate around how big the tsunami would be by the time it reaches Britain, although there are fears that waves as high as 25 metres could threaten New York and Miami.

Source: Could a bubbling Canaries volcano see Britain engulfed by killer tsunami?

Mark Turner : A Complete Taxonomy of Internet Chum – The Awl

January 26, 2018 11:32 AM

The Awl provides an in-depth look at the outrageous “suggested for you” news stories that are on many media sites (like the News and Observer).

This is a chumbox. It is a variation on the banner ad which takes the form of a grid of advertisements that sits at the bottom of a web page underneath the main content. It can be found on the sites of many leading publishers, including nymag.com, dailymail.co.uk, usatoday.com, and theawl.com (where it was “an experiment that has since ended.”)

The chumboxes were placed there by one of several chumvendors?—?Taboola, Outbrain, RevContent, Adblade, and my favorite, Content.ad?—?who design them to seamlessly slip into a particular design convention established early within the publishing web, a grid of links to appealing, perhaps-related content at the bottom of the content you intentionally came to consume. In return, publishers who deploy chumboxes receive money, traffic, or both. Typically, these publishers collect a percentage of the rates that the chumvendors charge advertisers to be placed inside the grids. These gains can be pocketed, or re-invested into purchasing the publisher’s own placements in similar grids on thousands of other sites amongst the chummy sea, reaping bulk traffic straight from the reeking depths of chumville.

Source: A Complete Taxonomy of Internet Chum – The Awl

Mark Turner : Stand-up kids

January 26, 2018 02:50 AM

Lost dog spurs action

Last night we had an unexpected guest as a dog followed Hallie home from her neighborhood run. It was a pitbull-looking dog named Dexter who turned out to live at a home just down the street.

When we first were presented with Dexter, the excited pup was all over the place, barely sitting still for me to take a photo. His excitement was contagious, it seems. As I scrambled to photograph the dog and then to ask the neighborhood for advice, both Hallie and Travis were excitedly barking out suggestions for what we should do.

I had to ask them to stop so I could think clearly but this morning I began to appreciate how awesome this really was. We were presented with an emergency event – a strange dog needed rescuing – and both kids jumped in right away with ideas for what to do. I’d seen them do this before – that time when Hallie jumped into gear when a classmate had a seizure, for instance – but it was great to see it demonstrated again.

The world won’t change unless there are people willing to change it. I’m super-proud that I’m helping raise two who won’t pass up the opportunity.

Mark Turner : Inside Amazon: Wrestling Big Ideas in a Bruising Workplace – The New York Times

January 26, 2018 02:00 AM

Speaking of Amazon, here’s an NYT piece from 2015 on its workaholic ways. This is largely confirmed by former Amazon employees I know.

I read this stuff and wonder why I give my money to Amazon. And then I do it anyway.

On Monday mornings, fresh recruits line up for an orientation intended to catapult them into Amazon’s singular way of working.

They are told to forget the “poor habits” they learned at previous jobs, one employee recalled. When they “hit the wall” from the unrelenting pace, there is only one solution: “Climb the wall,” others reported. To be the best Amazonians they can be, they should be guided by the leadership principles, 14 rules inscribed on handy laminated cards. When quizzed days later, those with perfect scores earn a virtual award proclaiming, “I’m Peculiar” — the company’s proud phrase for overturning workplace conventions.

At Amazon, workers are encouraged to tear apart one another’s ideas in meetings, toil long and late (emails arrive past midnight, followed by text messages asking why they were not answered), and held to standards that the company boasts are “unreasonably high.” The internal phone directory instructs colleagues on how to send secret feedback to one another’s bosses. Employees say it is frequently used to sabotage others. (The tool offers sample texts, including this: “I felt concerned about his inflexibility and openly complaining about minor tasks.”)

Source: Inside Amazon: Wrestling Big Ideas in a Bruising Workplace – The New York Times

Mark Turner : From Seattle, a former Raleighite advises about living with Amazon | News & Observer

January 26, 2018 01:56 AM

Again, be careful what you wish for, Raleigh. The question we should be asking Amazon is “what will you do for us?

Well, congratulations, Raleigh! You made the cut! You’re one of 20 cities that Amazon is considering for its second headquarters, better known as “HQ2.” (Best to get hip to the lingo if you want to stay in the game.)

Best, too, to know what you’re in for if you win the online retailer’s heart – the existence of which some Seattleites wonder about. Like Sasquatch, or sunshine past September.

But let’s not get into that just yet.

This civic lottery means one hell of a windfall: Amazon promises a $5 billion capital investment and 50,000 new tech jobs.

Win it, and the Triangle will be brimming with new energy, new money and that trademark Tar Heel satisfaction that comes from besting those bank nerds in Charlotte.

hBut I know the charm and ease of Raleigh; I lived there for 1994 to 1998. I know what’s at stake.

And I’ve lived in Seattle through Amazon’s explosive growth, which has been going on for several years and hasn’t let up.

Source: From Seattle, a former Raleighite advises about living with Amazon | News & Observer

Mark Turner : Google (GOOG) can still use Bluetooth to track your Android phone when Bluetooth is turned off — Quartz

January 26, 2018 01:52 AM

This seems to cross the “don’t be evil” line, Google. Tracking people after the fact? Really?

When it comes to tracking the precise location of an Android user’s phone, Google appears to use every means available—including Bluetooth-based location information transmitted to the company when the user might think they have Bluetooth turned off entirely.

A Quartz investigation found that a user can turn Bluetooth off on their smartphone running Google’s Android software, and the phone will continue to use Bluetooth to collect location-related data and transmit that data to Google. It does this by sending Google, among other things, the unique identifier codes of Bluetooth broadcasting devices it encounters. Such devices, known as beacons, are often used in stores, museums, and other public places to help phones ascertain their locations within buildings. Alphabet-owned Google does the tracking in part so advertisers can target “more useful” digital ads to users, but Quartz discovered that the company taps into an array of signals that can yield an individual’s whereabouts even when the user thinks they’ve disabled such tracking.

Source: Google (GOOG) can still use Bluetooth to track your Android phone when Bluetooth is turned off — Quartz

Mark Turner : Bot sends email with U.S. News links. Wut?

January 26, 2018 01:44 AM

I got this unsolicited email two days ago from someone purportedly from U.S. News and World Report, asking if I would post some links to their site. The links provided appear to be legit and the message headers do, too. The one thing that looks out of place is the date of the domain registration for usnewsmoney.com, which is a recent May 2017.

The link the email goes to a post of a Mitt Romney story in Rolling Stone to which I added exactly zero of my own commentary. Hardly anything that would “really stand out!” So, it appears a keyword search found the word debt in my post (or title) and that’s why this post was chosen.

Ashley McNamara does not appear in other Internet searches, nor on LinkedIn as far as I can tell. Oh, and there was never any “email sent a few weeks ago.” There never is.

I checked my webserver logs back to the start of the month and the only thing that’s touched that link since Christmas are bots: mostly Google, but ones called Semrush (www.semrush.com), BLEXbot (webmeup-crawler.com), CommonCrawl (commoncrawl.org), and AwarioRssBot (awario.com), too.

Guessing this email came from a bot of some sort but I’m not sure of the endgame. What do y’all think? What’s the hustle here?

Hi Mark,

I wanted to follow up with you about an email I had sent a few weeks ago, did you get a chance to review it? It’s attached below just in case you needed it again. Let me know if you have any questions!

From: Ashley
Reply-To: ashleym@usnewsmoney.com
Date: Tue, 23 Jan 2018 14:50:43 -0800
Subject: Following up on my previous email – financial literacy resources and information
To: Mark Turner

Hi Mark,

I wanted to connect with you because I saw all your resources and information on your website, like the ones found here (https://www.markturner.net/2017/06/21/greed-and-debt-the-true-story-of-mitt-romney-and-bain-capital-rolling-stone/) and it really stood out to us here at U.S. News & World Report! We really appreciated all the insights and tips you are able to provide to you readers and are hoping that you might be interested in additional financial literacy resources. Perhaps this is something you might want share with your readers?

Our team here at U.S. News & World Report recently created a guide that breakdowns when a secure credit card makes sense for consumers, how they work as well as their benefits. – I think your readers would find it beneficial!

You can see our work here:






Your website provided such amazing resource and I thought our guide would be great supplemental information for your readers! Would you be interested in mentioning our guide on your site?

Please let me know if this is something you would be interested in discussing further. I can be reached at ashleym@usnewsmoney.com

Thank you for your consideration,

Ashley McNamara
Outreach Associate working with U.S. News & World Report

Tarus Balog : 2018 Linuxconf Australia Sysadmin Miniconf

January 25, 2018 06:31 PM

I just wanted to put up a quick post on my trip to Linuxconf Australia (LCA) being held this week in Sydney.

First, a little background. I’ve been curtailing my participation in free and open source software conferences for the last couple of years. It’s not that I don’t like them, quite the opposite, but my travel is funded by The OpenNMS Group and we just don’t get many customers from those shows. A lot of people are into FOSS for the “free” (as in gratis) aspect.

Contrast that with telcos and network operators who tend to have the opposite viewpoint, if they aren’t spending a ton of money then they must be doing it wrong, and you can see why I’ve been spending more of my time focusing on that market.

Anyway, we have recently signed up a new partner in Australia to help us work with clients in the Pacific Rim countries called R-Group International, and I wanted to come out to Perth and do some training with their team. Chris Markovic, their Technical Director as well as being “mobius” on the OpenNMS chat server, suggested I come out the week after LCA, so I asked the LCA team if they had room on their program for me to talk about OpenNMS. They offered me a spot on their Sysadmin Miniconf day.

Linuxconf Australia Sign

The conference is being held at the University of Technology, Sydney (UTS) and I have to say the conference hall for the Sysadmin track was one of the coolest, ever.

Linuxconf Australia - UTS Lecture Hall

The organizers grouped three presentations together dealing with monitoring: one on Icinga 2, one from Nagios and mine on OpenNMS. While I don’t know much about Icinga, I do know the people who maintain it and they are awesome. One might think OpenNMS would have an antagonistic relationship with other FOSS monitoring projects, but as long as they are pure FOSS (like Icinga and Zabbix) we tend to get along rather well. Plus I’m jealous that Icinga is used on the ISS.

Linuxconf Australia Icinga2 Talk

I think my talk went well. I only had 15 minutes and for once I think I was a few seconds under that limit. While it wasn’t live-streamed it was up on YouTube very quicky, and you can watch it if you want.

I had to leave LCA to head to the New Zealand Network Operator’s Group (NZNOG) meeting, so I missed the main conference, but I am grateful the organizers gave me the opportunity to speak and I hope to return in the future.

Linuxconf Australia During a Break

Magnus Hedemark : Moving to TerraMagnus

January 25, 2018 05:06 AM

As I’d mentioned previously, I’m consolidating my personal blogging down to one place. I couldn’t really get the flexibility I wanted with wordpress.com, so I’ve been spending some time exploring my options.

Going forward, find me at TerraMagnus.

Warren Myers : the death of the “car analogy”

January 24, 2018 03:39 PM

With the rise of the “sharing economy”, and companies like Lyft proudly declaring 250,000 people ditched cars in favor of ride-sharing, what will be the fate of the venerable “car analogy“?

Heck, what was the common analogy before cars?

How will language and colloquial usage change with the [eventual] death of the car as the most common means of transportation (presuming, of course, it actually will die)?

I wonder if the death of the car will prove to be, in the historical view, something like the loss of the shared social experience that TV used to be.

Mark Turner : Russian agents pollute social media

January 23, 2018 06:09 PM

A few weeks ago, I shared my long-held skepticism about the effectiveness of influenza vaccines and was pleased to see a friend chime in in agreement. My skepticism of flu shots is based on science – that the effectiveness of the mass-produced vaccine is abysmal and has been for years. My friend’s skepticism is based on something less reliable, it seems, because she shared a post from the dubious news site, YourNewsWire.com. It quotes an unnamed CDC doctor:

A CDC doctor has warned this year’s “disastrous” flu shot may be responsible for the deadly flu epidemic sweeping the country.

“Some of the patients I’ve administered the flu shot to this year have died,” the doctor said, adding “I don’t care who you are, this scares the crap out of me.”

“We have seen people dying across the country of the flu, and one thing nearly all of them have in common is they got the flu shot.”

Scientists were worried this year’s flu season was going to be rough and their fears have been proven well founded. The flu season is off to a record-breaking start, with the CDC reporting widespread flu activity from coast to coast. Many health officials believe that 2018 will ultimately be the worst flu outbreak that we have experienced since 1918.

The CDC doctor’s experience of patients dying of the flu after receiving the flu shot is sadly not uncommon. Eight Santa Barbara County residents have died from the flu in the last fortnight. Seven of them had the flu shot.

This seemed like a pretty radical claim, so I searched the Internet for it and … nothing. The unnamed doctor obviously does not exist. YourNewsWire is the place Russian trolls work to perfect their craft.

On Twitter the other day, I read an interesting post on the Al Jazeera account about immigration or something similar. A number of other Twitter users chimed in, including a few posting incendiary comments about immigrants in general and Muslim immigrants in particular. The comments in question were in broken English and did not directly respond to anyone who challenged the poster. To my jaundiced eye as someone who’s been on the Internet for decades it is unquestionably a bot, designed to inflame the fear some people haven’t let go of.

Now, I can easily tell a troll when I see one, but I worry about others who can’t. According to a study by the University of Southern California, 48 million Twitter users are bots. That’s 15% of Twitter’s 319 million users. Says McClatchy:

In February, Twitter announced it had 319 million monthly active users worldwide, or just slightly under the number of every person in the United States.

But of those 319 million, as many as 48 million aren’t actually real, according to a study conducted by researchers from the University of Southern California: They’re just software programs, designed to do everything a normal person on Twitter would do, including following other accounts and liking and retweeting certain messages.

Those accounts, called “bots,” can range from accounts dedicated to alerting their followers about emergencies to political advocates intended to boost the numbers of a programmer’s preferred candidate.

“Many bot accounts are extremely beneficial, like those that automatically alert people of natural disasters … or from customer service points of view,” a Twitter spokesperson told CNBC.

The “many bots are extremely beneficial” line above cracks me up. There aren’t 48 million beneficial Twitter bots, that’s for sure!

Selina Wang of the San Francisco Gate says Twitter might not want to clean up its bot problem to keep Wall Street happy:

… cracking down on bots puts Twitter in a vulnerable position with Wall Street. Investors have penalized the company for failing to get more users. The more that Twitter cracks down on fake accounts and bots, the lower the monthly active user base, the metric most closely watched by Wall Street.

“I think there’s a business reason why Twitter doesn’t want to be good at it. If you have fake accounts and you’re valued around active users, the valuation will be adjusted,” said Scott Tranter, partner at Optimus, a data and technology consultancy.

Fortunately, there’s a tool called BotCheck.me which can analyze a Twitter user’s posts and make an educated guess if it’s automated or not. It’s good for an occasional check for botness but what is needed is a systematic way of rating Twitter users so that some trust can be restored.

I also came across the Alliance for Securing Democracy (ASD), which has issued reports showing how certain Twitter hashtags have been artificially boosted by Russian Twitter bots. For instance, it shows the “schhumershutdown’ hashtag has been pushed by these Russian bots.

The Alliance for Securing Democracy tracks Russian bot activity

All this revealed activity has me even more convinced that Russia was behind the Mitt Romney Facebook fake likes activity I uncovered during the last election.

I am glad groups like the ASD are out there calling out bullshit from Russia. I home fellow freedom-loving hackers like myself will take up the call to help shut these bots down.

Putin has done a great job screwing up his own country. Let’s keep him from screwing up ours, too.

Mark Turner : I feel the need … the need for speed

January 23, 2018 02:07 PM

Optimizing MarkTurner.Net

A few days ago I was playing with Pingdom’s Website speed test and shocked to find how long it was taking MT.Net to load for my legions of website visitors. There were several things slowing it down, earning my site a grade of a gentleman’s “C.”

After digging through some of Pingdom’s suggestions and carefully pruning my WordPress plugins and settings, I’ve managed to whittle down the load time from an average of over 3 seconds to just a hair over one second.

While there’s probably a little bit more performance I could squeeze out this is far better than it was. Enjoy!

Mark Turner : Reading about Ulysses S. Grant

January 23, 2018 02:09 AM

I’m spending less time at the keyboard lately and more with good old-fashioned low-tech entertainment: a book! I checked out Grant, Ron Chernow’s biography of Ulysses S. Grant, back in November and have been working my way through this 1,000+ page tome. Yes, it’s way overdue back to the library but I can’t put it down and – good Lord – who can finish a thousand-page book within the skimpy time frame that Wake County Public Library provides its borrowers?

I’ll have more to say about the book and Grant when I finish it but so far I like how Grant faced failure after failure in life until the war broke out and he found his place.

So, if you wonder why I’m not busier here at the moment, you know I have my nose in a book!

Mark Turner : Forty-nine trips around the sun

January 23, 2018 01:59 AM

Birthday volunteering at the Food Bank of Central and Eastern North Carolina

Yesterday was my 49th birthday. I spent it being celebrated by my family, catching up on well wishes from Facebook, eating a birthday brunch with Kelly at 18 Seaboard, and going on a fun bike ride with Kelly and Travis down to Lassiter Mill dam and back. A sunny, spring-like day warmed to 65 degrees and rapidly melted away the last piles of snow from last week’s snowfall.

As part of my birthday weekend, the whole family and I volunteered for four hours at the nearby Food Bank of Central and Eastern North Carolina, where we sorted potatoes along with about 30 other volunteers. It felt good to help out, and Kelly and the kids enjoyed it, too.

Life at 49 is pretty good, I have to say. While my body is starting to show some signs here and there of being ancient, overall I’m in excellent health. I’m loving my family, enjoy my job, and have countless friends near and far whom I’m honored to call friends. While my life isn’t perfect I am learning how to enjoy the things I have and to help others as well.

Mark Turner : January snowfall

January 23, 2018 01:52 AM

A drone’s eye view of the snow.

Last Wednesday morning we got a rather significant snowfall here in Raleigh that kept us out of work and school for the rest of the week. For a while there, it looked as if the heaviest snow would be directly over Raleigh but the fictitious “Raleigh weather dome” (said by equally-fictitious blogger William Needham Findley IV to be controlled by former Raleigh city council member Bonner Gaylord) kept the heaviest snow to the west of us. When it stopped snowing at our home in East Raleigh I had measured 4.75″.

I worked from home Wednesday through Friday (ah, the joy of being a knowledge worker) but did enjoy how beautiful the snow looked on the trees. It was a clumping sort of snow that wound up sticking very well to branches but causing few issues with broken limbs. I also caught up on some technical projects I’d been meaning to get done. It was a nice winter event, though when the streets had cleared I was quite ready to go for a bike ride!

Warren Myers : document what didn’t work

January 22, 2018 03:17 PM

In a recent episode of Paul’s Security Weekly, an off-hand comment was made about documentation: you shouldn’t merely document what to do, nor even why, but also what you tried that didn’t work (ie, augment the status quo).

The upshot being, to save whomever comes to this note next (especially if it turns out to be yourselfeffort you spent that was in vain.

This is similar to a famous quote attributed to Edison,

I have not failed. I’ve just found 10,000 ways that won’t work.

In light of my recommended, preferred practice and policy of “terse verbosity“, I would strongly suggest not placing the “doesn’t work” in-line, typically. Instead, put footnotes, an appendix, etc. But always

explain everything you did, but use bullet points if possible, rather than prose form

Loads of other goodies in that episode, too – but this one jumped-out as applicable to everyone.

Mark Turner : Arrest made after woman stabbed 6 times at Raleigh Food Lion | WNCN

January 19, 2018 01:04 PM

Only 20 years old, Mr. Dixon has been arrested 19 times over the last four years. With his attitude, I am not sure how managed to get all that time outside of jail.

Friends and neighbors have set up a GoFundMe for the victim.

A Raleigh man was arrested Wednesday, less than a week after a woman was stabbed six times outside a Food Lion in Raleigh, police said.

Khawan Dixon, 20, of Milbank Street in Raleigh, is charged in connection with the attack that happened around 6:30 p.m. Jan. 11 in the parking lot of a Food Lion in the 1100 block of N. Raleigh Boulevard, police said.

Police said the woman was near her car when a male suspect came up to her and tried to rob her.

He then stabbed her three times in the head and three times in the back, police said.The suspect left the scene and was able to get away with nearly $1,000 worth of property, according to a Raleigh Police Department report.

Source: Arrest made after woman stabbed 6 times at Raleigh Food Lion | WNCN

Mark Turner : Amazon won’t say if it hands your Echo data to the government | ZDNet

January 19, 2018 12:59 PM

Amazon has a transparency problem.Three years ago, the retail giant became the last major tech company to reveal how many subpoenas, search warrants, and court orders it received for customer data in a half-year period. While every other tech giant had regularly published its government request figures for years, spurred on by accusations of participation in government surveillance, Amazon had been largely forgotten.

Eventually, people noticed and Amazon acquiesced. Since then, Amazon’s business has expanded. By its quarterly revenue, it’s no longer a retail company — it’s a cloud giant and a device maker. The company’s flagship Echo, an “always listening” speaker, collects vast amounts of customer data that’s openly up for grabs by the government.

But Amazon’s bi-annual transparency figures don’t want you to know that.

Source: Amazon won’t say if it hands your Echo data to the government | ZDNet

Tarus Balog : Conferences: Australia, New Zealand and Senegal

January 18, 2018 04:43 PM

Just a quick note to mention some conferences I will be attending. If you happen to be there as well, I would love the opportunity to meet face to face.

Next week I’ll be in Sydney, Australia, for linux.conf.au. I’ll only be able to attend for the first two “miniconf” days, and I’ll be doing a short introduction to OpenNMS on Tuesday as part of the Systems Administration Miniconf.

Then I’m off to Queenstown, New Zealand for the New Zealand Network Operators Group (NZNOG) conference. I will be the first presenter on Friday at 09:00, talking about, you guessed it, OpenNMS.

The week after that I will be back in Australia, this time on the other side in Perth, working with our new Asia-Pacific OpenNMS partner R-Group International. We are excited to have such a great partner bringing services and support for OpenNMS to organizations in that hemisphere. Being roughly 12 hours out from our home office in North Carolina, USA, can make communication a little difficult, so it will be nice to be able to help users in (roughly) their own timezone.

Plus, I hope to learn about Cricket.

Finally, I’m excited that I’ve been asked to do a one day tutorial at this year’s African Network Operators Group (AfNOG) in Dakar, Senegal, this spring. The schedule is still being decided but I’m eager to visit Africa (I’ve never been) and to meet up with OpenNMS users (and make some new ones) in that part of the world.

I’ll be posting a lot more about all of these trips in the near future, and hope to see you at at least one of these events.

Mark Turner : Spoken stats from my weather station

January 16, 2018 02:47 AM

Last Christmas (2016), I got an AcuRite weather station from Costco as a gift to replace my falling-apart Oregon Scientific station. It’s a decent little setup, with wireless transmission from a multi-sensor box outside to the panel inside. For the longest time my biggest complaint was its need to use Windows software to archive its data.

Acurite weather station

Then early last year I hooked up the open source weather software weewx to my station. Weewx creates a nice (if simple) graph of weather data (as seen at https://www.markturner.net/wx) and also kicks the data over to my MySQL database so I can save and query those stats. Last month I was able to create a fancy Grafana dashboard that dynamically displays that data in a beautiful format. Now I had taken a $75 weather station and made it much more useful!

Grafana weather graph

But I wasn’t ready to stop there. I got an Amazon Echo Dot as a Christmas gift and decided I wanted to learn how to teach it tricks, including reading me weather from my weather station, not someone else’s. I found a YouTube video of someone using the Echo to call phone numbers. This a neat trick but what really caught my attention was the guy’s phone system reading out his weather data.

I’ve used Asterisk as a home phone server for well over a decade now and have long thought it would be neat to add some text-to-speech (TTS) capability to it. The open source TTS tools are good but not great. The commercial ones cost more money than I want to spend on an experimental setup (though all in all not too expensive … if I weren’t a cheapskate!). That left some middle ground to be explored.

Google has excellent TTS services as everyone knows from using it on their smartphones. Luckily for me, someone built a perl-based tool to send text to Google and fetch the corresponding speech in a wav file. This tool has been rolled into a Github project called asterisk-googletts which is an Asterisk AGI application that gives your Asterisk server the ability to speak. After adding a few dependencies and putting the sample text into my dialplan, I was delighted to dial an extension and hear my Asterisk server talking to me smoothly and legibly.

Once I had that figured out my attention turned to my weather data. Weewx is very extensible and uses the concept of reports to distribute its data. The default one creates a very readable page, the MySQL one dishes the data to my database, and there’s even a forecast one that fetches info from the National Weather Service. All of these are fancy but what I needed was a simple report that put the data into a narrative format that I could feed into Google TTS. After several searches, I was unable to find one I needed. So I built my own.

My narrative Weewx report is built from weewx’s “Standard” report, stripping out the HTML markup. It uses an “if” statement to provide info on whether the barometer’s rising, steady, or falling. I also adjusted the labels in the report to change the abbreviations to their full phrases so that the speech translation said everything properly. The result is pretty good, I think!

The next obstacle was how to get this into my phone server, which lives in a different host. Weewx has an rsync report for sending data elsewhere but I am already using it to push data to my webserver. Rsync seemed overkill for this use, too. I opted for a cron job that pulls down the three-line text file from my weewx webserver and makes this available to Asterisk.

Then I decided that I didn’t want this script running every x minutes when I would likely only be calling it occasionally. Wouldn’t it be better if I had Asterisk fetch the narrative text on-demand? It turns out Asterisk has a CURL function that can be used to directly pull web data, rather than have to make a system call to get it. This was the perfect answer but after a few tries I realized I had not compiled Asterisk with libcurl support. D’oh! I then spent the next half-hour pulling down the latest Asterisk code, installing the libcurl library, and compiling it. I also added some new codecs while I was at it and improved some other stuff along the way.

With libcurl added my system was complete! I could now dial an extension and hear my Asterisk server read my weather stats. Success!

My setup works for me but there’s some cleaning up I need to do to make it public. I hope to put it in a wee_extension format so that it can be easily installed by others. And now that my weather station is properly kicking out narrative text it should be fairly straightforward to get Alexa reading it, especially if I can adapt one of the sample apps out there.

Here’s my current skin.conf file:

# STANDARD SKIN CONFIGURATION FILE                                            #
# Copyright (c) 2010 Tom Keffer                            #
# Modified in 2018 by Mark Turner 

    # Put any extra tags here that you want to be available in the templates

    # This section is for managing the selection and formatting of units.
        # For each group of measurements, this section sets what units to
        # use for it.
        # NB: The unit is always in the singular. I.e., 'mile_per_hour',
        # NOT 'miles_per_hour'

        group_altitude     = foot                 # Options are 'foot' or 'meter'
        group_degree_day   = degree_F_day         # Options are 'degree_F_day' or 'degree_C_day'
        group_direction    = degree_compass
        group_moisture     = centibar
        group_percent      = percent
group_pressure     = mbar                 # Options are 'inHg', 'mmHg', 'mbar', or 'hPa'
group_radiation    = watt_per_meter_squared
group_rain         = inch                 # Options are 'inch', 'cm', or 'mm'
group_rainrate     = inch_per_hour        # Options are 'inch_per_hour', 'cm_per_hour', or 'mm_per_hour'
group_speed        = mile_per_hour        # Options are 'mile_per_hour', 'km_per_hour', 'knot', or 'meter_per_second'
group_speed2       = mile_per_hour2       # Options are 'mile_per_hour2', 'km_per_hour2', 'knot2', or 'meter_per_second2'
group_temperature  = degree_F             # Options are 'degree_F' or 'degree_C'
group_uv           = uv_index
group_volt         = volt

# The following are used internally and should not be changed:
group_count        = count
group_interval     = minute
group_time         = unix_epoch
group_elapsed      = second

# This section sets the string formatting for each type of unit.

centibar           = %.0f
cm                 = %.2f
cm_per_hour        = %.2f
degree_C           = %.0f
degree_F           = %.0f
degree_compass     = %.0f
foot               = %.0f
hPa                = %.1f
hour               = %.1f
inHg               = %.2f
inch               = %.2f
inch_per_hour      = %.2f
km_per_hour        = %.0f
km_per_hour2       = %.1f
knot               = %.0f
knot2              = %.1f
mbar               = %.1f
meter              = %.0f
meter_per_second   = %.1f
meter_per_second2  = %.1f
mile_per_hour      = %.0f
mile_per_hour2     = %.1f
mm                 = %.1f
mmHg               = %.1f
mm_per_hour        = %.1f
percent            = %.0f
second             = %.0f
uv_index           = %.1f
volt               = %.1f
watt_per_meter_squared = %.0f
NONE               = "   N/A"

# This section sets a label to be used for each type of unit.

centibar          = " cb"
cm                = " cm"
cm_per_hour       = " cm/hr"
degree_C          =   " degrees"
degree_F          =   " degrees"
degree_compass    =   °
foot              = " feet"
hPa               = " hPa"
inHg              = " inches"
inch              = " inches"
inch_per_hour     = " in/hr"
km_per_hour       = " km/h"
km_per_hour2      = " km/h"
knot              = " knots"
knot2             = " knots"
mbar              = " milli-bars"
meter             = " meters"
meter_per_second  = " m/s"
meter_per_second2 = " m/s"
mile_per_hour     = " miles per hour"
mile_per_hour2    = " miles per hour"
mm                = " mm"
mmHg              = " mmHg"
mm_per_hour       = " mm/hr"
percent           = " percent"
volt              = " V"
watt_per_meter_squared = " W/m²"
day               = " day",    " days"
hour              = " hour",   " hours"
minute            = " minute", " minutes"
second            = " second", " seconds"
NONE              = ""

# This section sets the string format to be used for each time scale.
# The values below will work in every locale, but may not look
# particularly attractive. See the Customization Guide for alternatives.

day        = %X
week       = %X (%A)
month      = %x %X
year       = %x %X
rainyear   = %x %X
current    = %x %X
ephem_day  = %X
ephem_year = %x %X

# The ordinal directions. The last one should be for no wind direction
directions = north, north-northeast, northeast, east-northeast, east, east-southeast, southeast, south-southeast, south, south-Southwest, southwest, west-southwest, west, west-northwest, northwest, north-northwest, N/A

# This section sets the base temperatures used for the calculation
# of heating and cooling degree-days.
# Base temperature for heating days, with unit:
heating_base = 65, degree_F
# Base temperature for cooling days, with unit:
cooling_base = 65, degree_F

time_delta = 10800  # 3 hours
time_grace = 300    # 5 minutes 


# Labels used in this skin

# Set to hemisphere abbreviations suitable for your location: 
hemispheres = N, S, E, W
# Formats to be used for latitude whole degrees, longitude whole degrees,
# and minutes:
latlon_formats = "%02d", "%03d", "%05.2f"

# Generic labels, keyed by an observation type.

barometer      = Barometer
        dewpoint       = Dew Point
        heatindex      = Heat Index
        inHumidity     = Inside Humidity
        inTemp         = Inside Temperature
        outHumidity    = Outside Humidity
        outTemp        = Outside Temperature
        radiation      = Radiation
        rain           = Rain
        rainRate       = Rain Rate
        rxCheckPercent = ISS Signal Quality
        UV             = UV Index
        windDir        = Wind Direction
        windGust       = Gust Speed
        windGustDir    = Gust Direction
        windSpeed      = Wind Speed
        windchill      = Wind Chill
        windgustvec    = Gust Vector
        windvec        = Wind Vector

    # The labels to be used for the phases of the moon:
    moon_phases = New, Waxing crescent, First quarter, Waxing gibbous, Full, Waning gibbous, Last quarter, Waning crescent


    # This section is used by the generator CheetahGenerator, and specifies
    # which files are to be generated from which template.

    # Possible encodings are 'html_entities', 'utf8', or 'strict_ascii'
    encoding = utf8
            encoding = utf8
            template = narrative.tmpl

# The list of generators that are to be run:
        generator_list = weewx.cheetahgenerator.CheetahGenerator

And here’s the narrative.tmpl file that goes with it:

#errorCatcher Echo
## Specifying an encoding of UTF-8 is usually safe, but if your text is 
## actually in Latin-1, then you should replace the string "UTF-8" with "latin-1"
## If you do this, you should also change the 'Content-Type' metadata below.
#encoding UTF-8
#if $trend.barometer.raw > 6
#set $bartrend="rising very quickly"
#elif $trend.barometer.raw > 3.5
#set $bartrend="rising quickly"
#elif $trend.barometer.raw > 1.5
#set $bartrend="rising"
#elif $trend.barometer.raw > 0.1
#set $bartrend="rising slowly"
#elif $trend.barometer.raw > -0.1
#set $bartrend="steady"
#elif $trend.barometer.raw > -1.5
#set $bartrend="falling slowly"
#elif $trend.barometer.raw > -3.5
#set $bartrend="falling"
#elif $trend.barometer.raw > -6
#set $bartrend="falling quickly"
#set $bartrend="falling very quickly"
#end if
At of $current.dateTime.format("%_I:%M %p") in $station.location, the temperature is $current.outTemp. The humidity is $current.outHumidity. The dewpoint is $current.dewpoint. Winds are from the $current.windDir.ordinal_compass at $current.windSpeed. The barometer is $current.barometer and $bartrend. Today's rainfall is $day.rain.sum.

Here’s the snippet from Asterisk’s extension.conf that calls googletts.agi:

exten => 8300,1,Answer()
exten => 8300,n,Set(wx=${CURL(http://weatherstation/weewx/narrative/narrative)})
exten => 8300,n,agi(googletts.agi,"${wx}. Goodbye.",en)
exten => 8300,n,HangUp

One thing I soon found out is that googletts.agi expects the text to be one line. If your weewx report contains multiple lines it will abort without saying anything. Keep that in mind as you’re crafting your template.

If you want to check the output of my weewx report, you can pull down the text-file report here. Note that Apache is serving this up without any MIME types so your browser will probably balk at displaying it, though wget or curl won’t have any problem with it.

Here’s a sample wav file from googletts so you can hear how it sounds:

Mark Turner : The leadership itch returns

January 16, 2018 01:30 AM

Last Thursday, I attended an RPD Community Meeting at Lions Park Community Center. It was a meeting to answer neighborhood concerns about the recent incident of delayed police response as well as answer any questions about crime in the area. A handful of neighbors attended, the usuals I’ve become used to seeing at CAC meetings, and a bevy of police officers, detectives, and representatives from the Communications Center.

I have two pages of notes on that meeting that I would like to type up into a report, but the point of this post is how at home I found myself feeling in that room. After three years of conducting CAC meetings, I was all too happy to volunteer questions when the presenters asked for them. I didn’t organize the meeting nor was I in charge of it but I certainly felt right at home quizzing these people for things I wanted to know.

In short, I may indeed miss being a CAC chair. More than that, I miss that I wasn’t able to run for City Council. I have not forgotten how absolutely jazzed I used to feel after my CAC meetings. The small taste I got of it Thursday reminded me that this is where I’m in my element. I hope some day I can get there.

Mark Turner : The Space Review: A NEMESIS in the sky: PAN, MENTOR 4, and close encounters of the SIGINT kind

January 16, 2018 01:07 AM

PAN/NEMESIS satellite

Here’s an interesting story from 2016 about spy satellites. Amateur satellite spotters determined that the “PAN” satellite of the U.S. Government were tiptoeing up next to geostationary commercial communications satellites so they could vacuum up the signals being relayed through them. Speculation is that PAN was able to triangulate the position of satellite phones used by terrorists, enabling drone strikes.

This would make a fun new hobby.

After launch, the enigma became even bigger. PAN was placed in a geostationary orbit and observations by amateur satellite trackers (including this author) from Europe and South Africa revealed very unusual behavior. Every few months—usually once every six months—PAN moved to a new position. In a mere four years time, it moved at least nine times to various longitudes scattering between 33 and 52.5 degrees east (see my blog post “Imaging Geostationary satellites, and PAN’s past relocations”). This costs fuel, and it is something you normally do not do with a geostationary satellite, as liberally spending fuel drastically shortens the satellite’s operational lifetime. In late 2013, the relocations suddenly stopped and PAN has remained at longitude 47.7 degrees east. This active stationkeeping at this longitude means it must still be operational, although the satellite obviously has ended its previous roving state. All very mysterious! What was this spacecraft doing?

Source: The Space Review: A NEMESIS in the sky: PAN, MENTOR 4, and close encounters of the SIGINT kind