Recently Added

Notes & Bookmarks

  1. Quasars; power and metrics beyond all comprehension. Staggeringly beautiful information... and very well written.
  2. "I'm sorry. I can't come in today. Religious holiday. The feast of...Maximum Occupancy."
  3. Verifying myself: I am sgnls on UJa01G4v3YRJYB1LFjDRSf1Nh0bh1sOykCbq /
  4. Be sure to take care of your own infrastructure(s); purge dumps, tunnel and lock-down egress transit, encrypt and permission CORRECTLY!
  5. It really doesn't matter what else gets released; Sikth's 'The Future in Whose Eyes?' is THE album of 2017. #albumoftheyear

Building a New Tor that Can Resist Next-Generation State Surveillance

"Tor's growth in users has not gone unnoticed, and today the network first dubbed "The Onion Router" is under constant strain from those wishing to identify anonymous Web users. The NSA and GCHQ have been studying Tor for a decade, looking for ways to penetrate online anonymity, at least according to these Snowden docs. In 2014, the US government paid Carnegie Mellon University to run a series of poisoned Tor relays to de-anonymise Tor users. A 2015 research paper outlined an attack effective, under certain circumstances, at decloaking Tor hidden services (now rebranded as "onion services"). Most recently, 110 poisoned Tor hidden service directories were discovered probing .onion sites for vulnerabilities, most likely in an attempt to de-anonymise both the servers and their visitors."

The Ancient Black Holes That Can Outshine Entire Galaxies

Far beyond mindbending.

"Today, astronomers know quasars to be among the most remarkable objects in the cosmos: the hottest and brightest cores of distant galaxies. Powered by enormous black holes at their centres, these beacons shine across space and time, allowing astronomers to probe and map the far-flung corners of the Universe.

Quasars are extreme in almost every way. They can outshine their entire galaxies; their black holes can be billions of times more massive than the Sun; their temperatures reach tens of millions of degrees; and some of them fire jets of charged particles into space that can reach almost light speed.

But before Schmidt realised that the first quasar, dubbed 3C 273, was something extraordinary, it had been a puzzle. It was one of many so-called radio galaxies that astronomers were discovering in the 1950s."

Cross-Site Scripting (XSS) Payload

"This is a payload to test for Cross-site Scripting (XSS). It is meant to be used by security professionals and bug bounty hunters.

If you believe that this payload has been used to attempt to compromise your service without permission, please contact us using

We take abuse of our service seriously and only allow security testing of services which our users have consent to test.

-XSS Hunter Team

IP MTU and TCP MSS Missmatch : An Evil for Network Performance

The Maximum Transmission Unit (MTU) is the maximum length of data that can be transmitted by a protocol in one instance. If we take the Ethernet interface as an example, the MTU size of an Ethernet interface is 1500 bytes by default, which excludes the Ethernet frame header and trailer. It means that the interface cannot carry any frame larger then 1500 bytes. If we look inside the frame, we have a 20 byte IP header + 20 byte TCP header, leaving a 1460 byte of the payload that can be transmitted in one frame. This is what we refer to as TCP MSS.

Intel x86s Hide Another CPU That Can Take Over Your Machine

This 'revolutionary' concept will have been a reality for years...

" The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system."

Skype for Business External Authentication

Again, not a fan of M$ and where they've taken Lync and Skype, but they're functional as offerings and are ultimately quite interesting beasts under-the-bonnet. I found this article very 'cool';

"When we think about Lync/SFB with external authentication we first must articulate that there’s more than one form of authentication a user can attempt and there is many device types they can attempt authentication with. Therefore it can also be said that there is more than one endpoint and port on the edge of the corporate network listening, waiting and proxying these forms of authentication. What we need to do is make sure that each case is in a controlled and known measure to best suit your deployment."

Why You Shouldn't Share Links on Facebook

Though guilty of being a 'contributor', I am no fan of the morals at Facebook. This is an interesting and unsurprisingly enlightening read;

"Recently, security researchers at Checkpoint discovered a vulnerability that would have allowed attackers to change messages and links sent through Facebook Messenger. Facebook quickly patched the bug … but did you know links sent privately through Messenger can be read by anyone? Moreover, Facebook knows about this and has no plans to fix the issue."

A more reputable source also details this.

On Snappy and Flatpak : Business as Usual in the Canonical Propaganda Department

"You may have read some stuff this week about an application delivery mechanism called Snappy and how it’s going to unite all distributions and kill apt and rpm!

This is, to put it diplomatically, a heaping pile of steaming bullshit. You may not be surprised to learn that said pile has been served by the Canonical press department."

How Law Enforcement Tracks Cellular Phones

"Recent news stories, notably this story in USA Today and this story in the Washington Post, have brought to light extensive use of "Stingray" devices and "tower dumps" by federal -- and local -- law enforcement agencies to track cellular telephones.

Just how how does all this tracking and interception technology work? There are actually a surprising number of different ways law enforcement agencies can track and get information about phones, each of which exposes different information in different ways. And it's all steeped in arcane surveillance jargon that's evolved over decades of changes in the law and the technology. So now seems like a good time to summarize what the various phone tapping methods actually are, how they work, and how they differ from one another."

Git : The Heroes Guide

An invaluable and almost untouchable guide to Git, for users a little more comfortable or curious.

"The entire Pro Git book, written by Scott Chacon and Ben Straub and published by Apress."

Git : The Simple Guide

A pretty clean and neat guide (quite literally) for users new to Git.

"Just a simple guide for getting started with Git. No deep shit ;)"


"LORAN, short for long range navigation,[a] was a hyperbolic radio navigation system developed in the United States during World War II. It was similar to the UK's Gee system but operated at lower frequencies in order to provide improved range up to 1,500 miles (2,400 km) with accuracy of tens of miles. It was first used for ship convoys crossing the Atlantic Ocean, and then by long-range patrol aircraft, but found its main use on the ships and aircraft operating in the Pacific theatre.

LORAN, in its original form, was an expensive system to implement, requiring a cathode ray tube (CRT) display. This limited use to the military and large commercial users. Use was never widespread, and by the time new receivers were available in the 1950s, the same improved electronics led to new systems with higher accuracy. The US Navy began development of Loran-B, which offered accuracy on the order of a few tens of feet, but ran into significant technical problems. The US Air Force had worked on a different concept, known as Cyclan, which the Navy picked up as Loran-C. Loran-C offered longer range than LORAN and accuracy of hundreds of feet. The US Coast Guard took over operations of both systems in 1958."

Everything You Know About Artificial Intelligence is Wrong

Not the most interesting article I've read on the subject, but a good read nonetheless...

"It was hailed as the most significant test of machine intelligence since Deep Blue defeated Garry Kasparov in chess nearly 20 years ago. Google’s AlphaGo has won two of the first three games against grandmaster Lee Sedol in a Go tournament, showing the dramatic extent to which AI has improved over the years. That fateful day when machines finally become smarter than humans has never appeared closer—yet we seem no closer in grasping the implications of this epochal event."

Greatest Video Game Garage Sale Ever

"Many gamers go to garage sales hoping to find a few cheap games for their collection and maybe get lucky and get a really good deal. Rob Walters found games worth more than $50,000 dollars at a garage sale! Including games like 1990 Nintendo World Championships, 1991 Campus Challenge, 1992 Campus Challenge, and 1994 Powerfest. Below is the story of Rob's legendary garage sale find and the games and memorabilia he found."

The Cold War Race to Build the Concorde

"On January 21, 1976, two Concorde jets took off simultaneously from airports in Paris and London on the world’s inaugural supersonic passenger flights, culminating a high-stakes, 15-year race between the Soviet Union and the West to be the first to transport passengers faster than the speed of sound. On the 40th anniversary of the Concorde’s first commercial flights, read about the development of the rival Soviet “Konkordski” and a Cold War tale of industrial espionage that took a deadly turn."

The TTY Demystified

"The TTY subsystem is central to the design of Linux, and UNIX in general. Unfortunately, its importance is often overlooked, and it is difficult to find good introductory articles about it. I believe that a basic understanding of TTYs in Linux is essential for the developer and the advanced user.

Beware, though: What you are about to see is not particularly elegant. In fact, the TTY subsystem — while quite functional from a user's point of view — is a twisty little mess of special cases. To understand how this came to be, we have to go back in time."

Transparently Routing Traffic Through Tor

"Tor has support for transparent proxy connections in addition to SOCKS connections. With traditional proxy methods like SOCKS, setting up the proxy server itself isn't enough; proxy-supporting applications must be chosen, and each application on each machine using the proxy must be specially configured by the user or network administrator to connect through the proxy. Sometimes this isn't possible because an application doesn't support SOCKS, or the administrator doesn't want users to know their traffic is being sent through a proxy. These problems can be avoided by using your operating system's packet filtering facility to redirect outbound connections into a transparent proxy, so named because its presence is intended to be invisible to clients.

This document details two common uses for Tor's transparent functionality. The first is routing all traffic on a standalone machine through Tor. Once this is set up, every network application will make its TCP connections through Tor; no application will be able to reveal your IP address by connecting directly. The second is creating an anonymizing middlebox that intercepts traffic from other machines and redirects it through Tor."

The DROWN Attack

"DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack."

Deprecating Secure Sockets Layer Version 3.0

"The Secure Sockets Layer version 3.0 (SSLv3), as specified in RFC 6101, is not sufficiently secure. This document requires that SSLv3 not be used. The replacement versions, in particular, Transport Layer Security (TLS) 1.2 (RFC 5246), are considerably more secure and capable protocols."

Prohibiting Secure Sockets Layer (SSL) Version 2.0

"This document requires that when Transport Layer Security (TLS) clients and servers establish connections, they never negotiate the use of Secure Sockets Layer (SSL) version 2.0. This document updates the backward compatibility sections found in the Transport Layer Security (TLS)."


Fortran (formerly FORTRAN, derived from "Formula Translation") is a general-purpose, imperative programming language that is especially suited to numeric computation and scientific computing. Originally developed by IBM in the 1950s for scientific and engineering applications, Fortran came to dominate this area of programming early on and has been in continuous use for over half a century in computationally intensive areas such as numerical weather prediction, finite element analysis, computational fluid dynamics, computational physics and computational chemistry. It is a popular language for high-performance computing and is used for programs that benchmark and rank the world's fastest supercomputers."

Backus–Naur Form

"In computer science, BNF (Backus Normal Form or Backus–Naur Form) is one of the two main notation techniques for context-free grammars, often used to describe the syntax of languages used in computing, such as computer programming languages, document formats, instruction sets and communication protocols; the other main technique for writing context-free grammars is the van Wijngaarden form. They are applied wherever exact descriptions of languages are needed: for instance, in official language specifications, in manuals, and in textbooks on programming language theory."

I Challenged Hackers to Investigate Me...

"...and what they found out is chilling.

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.

I’m being hacked -- and only have myself to blame."

A Guide to Efficiently Using Irssi and Screen

"Irssi is a text-only IRC client. It does not get in your way and its commands are intuitive and useful. Non-standard features are implemented with perl scripts, rather than in the core. Irssi can range from a functional, no-frills client to a highly-customized and automated client.

Irssi : Documentation & Tips

Handy if you use Irssi; hopefully a tempting hook if not...

HTTP Strict Transport Security (HSTS)

"HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797.

The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named 'Strict-Transport-Security'. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion."

Flash Memory

You know of it, but learning about how it works is fascinating (isn't everything?);

"Flash memory is an electronic non-volatile computer storage medium that can be electrically erased and reprogrammed.

Introduced by Toshiba in 1984, flash memory was developed from EEPROM (electrically erasable programmable read-only memory). There are two main types of flash memory, which are named after the NAND and NOR logic gates. The individual flash memory cells exhibit internal characteristics similar to those of the corresponding gates."

Cluster Shared Volume (CSV) Inside Out

Though the consumer level products are generally woeful at best (save for the Office suite, that's acceptable), Microsoft's enterprise offerings are generally not THAT bad... although you'd be a fool to chose Hyper-V over VMware (costs considered);

"Cluster Shared Volume in Windows Server 2012 is a completely re-architected solution from Cluster Shared Volumes you knew in Windows Server 2008 R2. Although it may look similar in the user experience – just a bunch of volumes mapped under the C:\ClusterStorage\ and you are using regular windows file system interface to work with the files on these volumes, under the hood, these are two completely different architectures. One of the main goals is that in Windows Server 2012, CSV has been expanded beyond the Hyper-V workload, for example Scale-out File Server and in Windows Server 2012 R2 CSV is also supported with SQL Server 2014."

GPG Tutorial

In my opinion, one of the best tutorials on configuring and using GPG that exists; thorough, detailed and with demonstrated and concise examples.

"In short, public-key cryptography solves the age-old problem "how do I communicate with someone securely without somehow exchanging a secret password first?" Exchanging a shared password securely is a hard problem. You may have no way to do so if your communications are monitored.

With public-key encryption, instead of sharing a password, each party generates a "keypair" consisting of a "public" key and a "secret/private" key. Each party can then publish their "public" key to the world or send it directly to the other party, while keeping their secret key private and safe."

L4 Microkernel Family

"L4 is a family of second-generation microkernels, generally used to implement Unix-like operating systems, but also used in a variety of other systems.

L4, like its predecessor L3 was created by German computer scientist Jochen Liedtke as a response to the poor performance of earlier microkernel-based operating systems. Liedtke felt that a system designed from the start for high performance, rather than other goals, could produce a microkernel of practical use. His original implementation in hand-coded Intel i386-specific assembly language code in 1993 sparked off intense interest in the computer industry. Since its introduction, L4 has been developed for platform independence and also in improving security, isolation, and robustness."

How to Create a Debian Image for an ALIX Board

"I have recently acquired an Alix board (model alix2c3) from PC Engines and decided to install Debian on it to use it as a server. This post is a step-by-step tutorial which describes how this can be done. I have made the assumption that you are using Ubuntu/Debian; if not, you might have to adapt some of the commands below to have them work on your distribution.

Unfortunately this task is not as easy as creating a Debian live USB stick, booting and installing from it. This limitation comes from the fact that the Alix boards come with a very simple firmware (called tinyBIOS) which does not support booting from a USB drive.

Fortunately there is a slot on the board for a Compact Flash (CF) card which the tinyBIOS can boot from. The solution is then to build a Linux image on a file, flash it directly to a CF card and insert it on the board."

MACVTAP : Guest Can Reach Outside Network, But Can't Reach Host...,_but_can't_reach_host_%28macvtap%29

"macvtap interfaces (type='direct' - see the libvirt documentation on the topic) can be useful even when not connecting to a VEPA or VNLINK capable switch - setting the mode of such an interface to 'bridge' will allow the guest to be directly connected to the physical network in a very simple manner without the setup hassles (or NetworkManager incompatibility) that accompany use of a traditional host bridge device.

However, once a guest has been configured to use a "type='direct'" network interface (a.k.a. macvtap), users will commonly be surprised that the guest is able to communicate with other guests, and also with other external hosts on the network, but cannot communicate with the virt host on which the guest in question lives.

This is not a bug, it is the defined behavior of macvtap - due to the way that the host's physical ethernet is attached to the macvtap bridge, traffic into that bridge from the guests that is forwarded to the physical interface cannot be bounced back up to the host's IP stack (and also, traffic from the host's IP stack that is sent to the physical interface cannot be bounced back up to the macvtap bridge for forwarding to the guests.)"

Cisco : Configuring Web Cache Services Using WCCP

I've only recently had to deal with this, but it's pretty interesting in it's configuration;

" The Cisco IOS WCCP feature allows utilization of Cisco Cache Engines (or other caches running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.

WCCP enables Cisco IOS routing platforms to transparently redirect content requests. The main benefit of transparent redirection is that users need not configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and have their requests automatically redirected to a cache engine. The word "transparent" is this case means that the end user does not know that a requested file (such as a web page) came from the cache engine instead of from the originally specified server.

When a cache engine receives a request, it attempts to service it from its own local cache. If the requested information is not present, the cache engine issues its own request to the originally targeted server to get the required information. When the cache engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and substantially reducing transmission costs.

WCCP enables a series of cache engines, called a cache engine cluster, to provide content to a router or multiple routers. Network administrators can easily scale their cache engines to handle heavy traffic loads through these clustering capabilities. Cisco clustering technology enables each cache member to work in parallel, resulting in linear scalability. Clustering cache engines greatly improves the scalability, redundancy, and availability of your caching solution. You can cluster up to 32 cache engines to scale to your desired capacity."

Amazon Wishlist

Here for my reference as I'm losing track of my baskets...

Raspberry Pi Zero Hidden in an Xbox Controller

"OK, so what can I do with a wafer-thin Linux box? I had thought of turning it into a simple door sensor, or perhaps wiring it in to a lightswitch, or swallowing it to see if I would get super powers. Then it struck me - turn it into a games console!

Now, don't get me wrong, this has been done many times before - but I think I've come up with a unique twist. Build it directly into the controller!"

Maximum Transmission Unit

"A larger MTU brings greater efficiency because each network packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means an improvement in bulk protocol throughput. A larger MTU also means processing of fewer packets for the same amount of data. In some systems, per-packet-processing can be a critical performance limitation.

However, this gain is not without a downside. Large packets occupy a slow link for more time than a smaller packet, causing greater delays to subsequent packets, and increasing lag and minimum latency. For example, a 1500-byte packet, the largest allowed by Ethernet at the network layer (and hence over most of the Internet), ties up a 14.4k modem for about one second."

IPP Stellarator

"In a stellarator the magnetic cage is produced with a single coil system – without a longitudinal net-current in the plasma and hence without a transformer. This makes stellarators suitable for continuous operation, whereas tokamaks without auxiliary facilities operate in pulsed mode."

Use Cluster Shared Volumes in a Failover Cluster

"Cluster Shared Volumes (CSV) enable multiple nodes in a failover cluster to simultaneously have read-write access to the same LUN (disk) that is provisioned as an NTFS volume. (In Windows Server 2012 R2, the disk can be provisioned as NTFS or Resilient File System (ReFS).) With CSV, clustered roles can fail over quickly from one node to another node without requiring a change in drive ownership, or dismounting and remounting a volume. CSV also help simplify the management of a potentially large number of LUNs in a failover cluster."

FalconStor Founder Found Dead

An old, but interesting, read.

"ReiJane Huai joined microcomputer software producer Cheyenne Software in 1985 as a manager for research and development, stepped sideways to work at AT&T's Bell Labs from August 1987 to August 1988, and then returned to Cheyenne (aged 25) as director of engineering. At that time he was reportedly a self-confessed workaholic and his career was his life."

Sexism Row Over New UK Passport Design

Personally, I think it's incredibly arrogant to keep using everything as an example of sexism. If they could only fit (or opted for) 9 images, one sex has to feature less... are they saying it should be a 5:4 split?

"The government has been accused of sexism over the new UK passport design, which commemorates the achievements of two women but seven men. The redesign focuses on UK figures and landmarks from the past 500 years. Architect Elisabeth Scott and mathematician Ada Lovelace are the only women to feature."

WiFi Pineapple Mark V

"Hak5 focuses on making easily accessible, affordable and infinitely expandable wireless hacking tools. Since 2008 the WiFi Pineapple has been serving penetration testers, law enforcement, military and government with a versatile wireless auditing platform for almost any deployment scenario."

A “Language Universal”

"Language takes an astonishing variety of forms across the world—to such a huge extent that a long-standing debate rages around the question of whether all languages have even a single property in common. Well, there’s a new candidate for the elusive title of “language universal” according to a paper in this week’s issue of PNAS. All languages, the authors say, self-organise in such a way that related concepts stay as close together as possible within a sentence, making it easier to piece together the overall meaning."

The Facsimile of Tutankhamun's Tomb

"On the 30th 2014 April the facsimile of the tomb of Tutankhamun was opened to the public by the minister of Antiquities, Mohamed Ibrahim, the Minister of Tourism, Hisham Zazou, The Governor of Luxor, Tarek Saad el Din, the EU ambassador James Moran and about 25 other ambassadors from the EU countries, Malaysia, Mexico, India and elsewhere. The atmosphere was one of deep excitement and joy - a facsimile has been made that is identical to the original at normal viewing distances. It has been placed within a small museum that reveals why it looks as it does and why it is so difficult to preserve something that was built to last for eternity but not to be visited. It was announced that work will now start on the creation of a training centre in Luxor and on the complex task of recording of the tombs of Seti I and Queen Nefertari."

Delta-Sigma Modulation

"Delta-sigma (ΔΣ; or sigma-delta, ΣΔ) modulation is a digital signal processing, or DSP method for encoding analog signals into digital signals as found in an ADC. It is also used to transfer higher-resolution digital signals into lower-resolution digital signals as part of the process to convert digital signals into analog.

In a conventional ADC, an analog signal is integrated, or sampled, with a sampling frequency and subsequently quantized in a multi-level quantizer into a digital signal. This process introduces quantization error noise. The first step in a delta-sigma modulation is delta modulation. In delta modulation the change in the signal (its delta) is encoded, rather than the absolute value. The result is a stream of pulses, as opposed to a stream of numbers as is the case with PCM. In delta-sigma modulation, the accuracy of the modulation is improved by passing the digital output through a 1-bit DAC and adding (sigma) the resulting analog signal to the input signal, thereby reducing the error introduced by the delta-modulation."


"NeXTSTEP was an object-oriented, multitasking operating system based on UNIX, which was developed by NeXT Computer in the late 1980s and early 1990s. It was used initially its range of proprietary workstation computers such as the NeXTcube and later ported to several other computer architectures. Although relatively unsuccessful at the time, it attracted interest from computer scientists and researchers. It was used as the original platform for the development of the first AppStore, The Electronic AppWrapper [1] was the first commercial electronic software distribution catalog to collectively manage encryption and provide digital rights for apps and digital media and it was also the platform that created the first web browser by Tim Berners-Lee . After the purchase of NeXT by Apple, it became the source of the much more popular Mac OS X and iOS and now WatchOS. Many bundled OS X apps, such as TextEdit, Mail and Chess, are descended from NeXTSTEP applications."

SSL/TLS & Perfect Forward Secrecy

"Forward secrecy allows today information to be kept secret even if the private key is compromised in the future. Achieving this property is usually costly and therefore, most web servers do not enable it on purpose. Google recently announced support of forward secrecy on their HTTPS sites. Adam Langley wrote a post with more details on what was achieved to increase efficiency of such a mechanism: with a few fellow people, he wrote an efficient implementation of some elliptic curve cryptography for OpenSSL."

Perfect Forward Secrecy

"Perfect Forward Secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. Perfect Forward Secrecy represents a huge step forwards in protecting data on the transport layer and following on from Heartbleed, everyone using SSL/TLS should be looking to implement it."

Deploying Forward Secrecy

"Every SSL connection begins with a handshake, during which the two parties communicate their capabilities to the other side, perform authentication, and agree on their session keys. The session keys are then used to encrypt the rest of the conversation (session), possibly spanning multiple connections. They are deleted afterwards. The goal of the key exchange phase is to enable the two parties to negotiate the keys securely; in other words, to prevent anyone else from learning these keys.

Several key exchange mechanisms exist, but, at the moment, by far the most commonly used one is based on RSA, where the server's private key is used to protect the session keys. This is an efficient key exchange approach, but it has an important side-effect: anyone with access to a copy of the server's private key can uncover the session keys and decrypt the conversation."

The C10K Problem

"It's time for web servers to handle ten thousand clients simultaneously, don't you think? After all, the web is a big place now.

And computers are big, too. You can buy a 1000MHz machine with 2 gigabytes of RAM and an 1000Mbit/sec Ethernet card for $1200 or so. Let's see - at 20000 clients, that's 50KHz, 100Kbytes, and 50Kbits/sec per client. It shouldn't take any more horsepower than that to take four kilobytes from the disk and send them to the network once a second for each of twenty thousand clients. (That works out to $0.08 per client, by the way. Those $100/client licensing fees some operating systems charge are starting to look a little heavy!) So hardware is no longer the bottleneck."


"Irssi is a terminal based IRC client for UNIX systems. It also supports SILC and ICB protocols via plugins."

Coupled with tmux, this is a perfect version of IRC for the sort of person who'd appreciate something like tmux.

UrbanSensing (In Progress)


"Cities are complex systems, with emerging qualities which cannot be reduced to static understandings or representations. Dynamic networks of human flows and social interactions are deployed within an evolving infrastructure and architecture that defines the urban morphology. New models and analytical work based on complexity science and network theory can inform our understanding of both what the city is and what it could be. Such studies, rely heavily on the availability of appropriate data at the city level, which has always been a serious problem for urban policy making. Major economic data for measuring the health of the urban economy, like city product, investment, income disparity, and financial status and other data for measuring the living condition of the city, like infrastructure service levels and environment, are increasingly easy to access, especially in Western countries."

Microsoft Support for Secure Shell (SSH)

It might not happen for many years, but this makes me excited... Though it doesn't trouble me too much, it's about bloody time!

"As Microsoft has shifted towards a more customer-oriented culture, Microsoft engineers are using social networks, tech communities and direct customer feedback as an integral part on how we make decisions about future investments. A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux – both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems."

Cybersecurity and the Tylenol Murders

"When a criminal started lacing Tylenol capsules with cyanide in 1982, Johnson & Johnson quickly sprang into action to ensure consumer safety. It increased its internal production controls, recalled the capsules, offered an exchange for tablets, and within two months started using triple-seal tamper-resistant packaging. The company focused on fixing weak points in their supply chain so that users could be sure that no one had interfered with the product before they purchased it."

The Tech Giants’ Plan to Mine Our Bodies for Data... and Profit

"Apple, Google, and Samsung want to capitalize on your personal health data. But is there really big money in it?"

KftpAgent has User ID 0

"IMPORTANT: Do not ignore this email. This message is to inform you that the account KftpAgent has user id 0 (root privs).

This could mean that your system was compromised (OwN3D). To be safe you should verify that your system has not been compromised."

What looks to be the reality behind this is very uncool indeed...

Nick Taylor : Design / Code

"My work merges digital art with programming, exploring a range of fields including generative design, procedural animation, interactive experiences, and data visualisation.

I'm always keen to take on new projects. Please visit the Contact page to make an enquiry."

zzuf Multi-Purpose Fuzzer

"zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs."

Logitech K810 Keyboard Configurator

It really is quite a brilliant keyboard, but again it's functionality 'out-the-box' is limited in the Linux environment. To a degree, that's not Logitech's issue, but Mario Scholz has done a great job of making it work;

"I was disappointed when I figured out that the configuration is not permanently stored in the keyboard and has to be sent everytime the keyboard is turned on. As I prefer Linux as operating system and do not use Microsoft Windows I could not use Logitech's software. I analyzed the communication to the HID device and created a small piece of software to sent the configuration message to the keyboard."

Linus and GNOME3

Interesting read of Linus' opinion of some of the quirks with GNOME3.

WebGL Fluid Experiment

Not really sure I should explain this is any other manner than; HOLY SHITBISCUITS! This is one of the most impressive demonstrations of browser-based JOY that exists.

Fedora : Changes/NoDefaultSyslog

So, that's where it went...

"No longer install a traditional syslog service by default. (Specifically, remove rsyslog from the @core or @standard groups in comps.)

The systemd journal will be the default logging solution. Rsyslog, Syslog-NG, and even traditional sysklogd will continue to cover use cases outside of the default."

Threat Spotlight : TeslaCrypt – Decrypt It Yourself

Fight fire with fire.

"After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to many variants and campaigns targeting even localized regions in their own specific languages. Although it is possible that these multiple variants are sponsored by the same threat actor, the most likely conclusion is that multiple threat actors are jumping in to claim a portion of an ever increasing ransomware market. One of the latest variants is called TeslaCrypt and appears to be a derivative of the original Cryptolocker ransomware. Although it claims to be using asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES instead. Talos was able to develop a tool which decrypts the files encrypted by the TeslaCrypt ransomware."

Disable Tracker on Fedora 21 / Fedora 20

"If you are using a higher end system usually tracker doesn't get in your way, except for the initial index. But I have heard problems when people have large amounts of data on a USB drive, or even a network drive and tracker tries to index those locations."

Black Nebula

Possibly one of my favourite discoveries; both the artist, and his work... especially this strain.

Linux Future

An interesting read from an interesting site...

"Some time ago I came across yet another angry discussion[1] about systemd, and have been reading and thinking a great deal about the design of Systemd, and what it says about Linux. I’ve come to realize that the strife in the Linux community is because an active and well-funded group of developers who have been driving the direction of various core components are not building UNIX. They are building some other philosophically divergent system on top of the Linux kernel, with roughly the same relationship to UNIX as Plan9[2]. For convenience I’m going to call the non-UNIX environment they’re building FLOS for the remainder of this post (F since the folks, and their backers in the Fedora project, are driving this, L for the Linux kernel, OS should be self-explanatory). I intend this term to be value-neutral[3]."

Irssi - The Client of the Future (CLI IRC)

Irssi is a terminal based IRC client for UNIX systems. It also supports SILC and ICB protocols via plugins.

Inno A Satana (Hymn to Satan) by Giosue Carducci, 1865

The poem was originally written as a dinner-party toast. A toast!? It is easy to visualize the poet with glass raised as he recites the poem.

Beautiful moral mercenaries.

Antonín Dvořák

A beautifully under-rated composer (along with Rachmaninov).

"Antonín Leopold Dvořák (/ˈdvɔrʒɑːk/ DVOR-zhahk or /dɨˈvɔrʒæk/ di-VOR-zhak; Czech: [ˈantoɲiːn ˈlɛopolt ˈdvor̝aːk]; September 8, 1841 – May 1, 1904) was a Czech composer. Following the nationalist example of Bedřich Smetana, Dvořák frequently employed aspects, specifically rhythms, of the folk music of Moravia and his native Bohemia (then parts of the Austrian Empire and now constituting the Czech Republic). Dvořák's own style has been described as 'the fullest recreation of a national idiom with that of the symphonic tradition, absorbing folk influences and finding effective ways of using them'."

RegExr v2.0

Edit the Expression & Text to see matches. Roll over matches or the expression for details. Undo mistakes with ctrl-z. Save & Share expressions with friends or the Community. A full Reference & Help is available in the Library, or watch the video Tutorial.

Raspberry Pi: Bits and Pieces, Hardware and OpenEmbedded support

I have two Pis, a WRAP board and a Thin Client all performing various tasks 24/7. I love embedded and so should everyone else.

"The Raspberry Pi is yet another community focused development/education ARM board in the mould of many a Gumstix, BeagleBoard and others before it.

That in itself is not overly remarkable but the Raspberry Pi foundation managed to keep one little trick up their sleeve. It’s well priced coming in at around the £25 for the basic ‘Model A’ and £35 for the ‘Model B’ (The ‘Model B’ giving you a highly useful Ethernet port, driven off USB, and extra USB host port). Neither model features a connector for a serial console but it is put out on the GPIO header at 3.3v so easy enough to convert if you need it (like I do Winking smile). There is also an abundance of other I/O to play with on the headers."

Raspberry Pi vs. BeagleBone Black

More embedded creaming...

"Both boards are Linux-based single board computers about the size of a credit card. You can attach monitors, networks, keyboards and mice to both of them and both of them have GPIO connectors that allow you to attach and control external electronics. This makes them suitable for all sorts of DIY projects, from home automation to robot control."

Ångström Distribution

Yet to give this a go, but even the thought makes me warm inside.

"The Ångström distribution is a Linux distribution for a variety of embedded devices. The distribution is the result of a unification of developers from the OpenZaurus, OpenEmbedded, and OpenSIMpad projects. Amongst other options the user interface in one of the reference builds achieveable with BitBake is the GPE Palmtop Environment."

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)

"Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169.

Updated bash packages that address CVE-2014-7169 are now available for Red Hat Enterprise Linux 4, 5, 6, and 7, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support, and Shift_JIS for Red Hat Enterprise Linux 5 and 6. See also Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux."

PLD Linux Distribution

"PLD is a free, RPM-based Linux distribution, aimed at the more advanced users and administrators, who accept the tradeoffs of using a system, that might require manual tweaking in exchange for much flexibility. Simultaneous availability for a wide variety of architectures and non-conservative approach to RPM usage provides our users with a consistent environment on almost all available architectures. More details are available in the about section."

Multiprotocol Label Switching

"Multiprotocol Label Switching (MPLS) is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL."

Another one of those pesky great artists...

[Voyage-linux] releasing /dev/ttyS0 from the console once booted... - msg#00019

Hi Mark

> Is it possible to disconnect the console from /dev/ttyS0 once it has
> booted? Or do I need to get a new kernel? It would be nice to have the
> flexibility to keep using /dev/ttyS0 as console for booting, but then
> free the serial port up by some command that could be executed before
> an application loads that needs the port.

The console is directed to ttyS0 via a line in the inittab file.

- /etc/inittab
# Example how to put a getty on a serial line (for a terminal)
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100

So it would be possible to adjust this file after boot once your system
is in a state where you do not need the console.

By the way the command 'init q' will cause init to reload this file.


Points in Space

Points in Space: Set 1, 2014, acrylic and ink on paper mounted to wood panels, 60" x 60", each panel measures 10" x 10"

Gustave Doré

Paul Gustave Louis Christophe Doré (French: [ɡystav dɔʁe]; 6 January 1832 – 23 January 1883) was a French artist, printmaker, illustrator and sculptor. Doré worked primarily with wood engraving.

John Atkinson Grimshaw

John Atkinson Grimshaw (6 September 1836 – 13 October 1893) was a Victorian-era artist, a "remarkable and imaginative painter"[1] known for his city night-scenes and landscapes.[2][3]

His early paintings were signed "JAG," "J. A. Grimshaw," or "John Atkinson Grimshaw," though he finally settled on "Atkinson Grimshaw."

Voyage Linux on a WRAP Board

This find was a life-saver, and one of the most functional distros I found worked well with my WRAP.

"Voyage Linux is Debian derived distribution that is best run on a x86 embedded platforms such as PC Engines ALIX/WRAP, Soekris 45xx/48xx and Atom-based boards.

It can also run on low-end x86 PC platforms. Typical installation requires 128MB disk space, although larger storage allows more packages to be installed.

Voyage Linux is so small that it is best suitable for running a full-feature firewall, wireless access point, Asterisk/VoIP gateway, music player or network storage device." © 2006-2017

Comments, submissions and errors to desk[at]

Material and content adheres to the Creative Commons (NC-SA 4.0) license.