Jump to Navigation

Work

xrayspx's picture

Name your vulns better

Music: 

George Clinton - Yank My Doodle

Drupalgeddon is silly, but at least it gets the point across that something is wrong and you must go fix it right now. Heartbleed, Shellshock, POODLE... not so much. At least we all had a heads-up that "some horrible SSLv3 attack" was coming even if no one knew specifics.

We've had enough this year already. Who wants a do-over on 2014?

xrayspx's picture

GoFlex Headaches

Music: 

click-click-click-bzzzzzzzzzzzz-WHACK

A couple of weeks ago the drive in my GoFlex home finally died. It had had some filesystem corruption earlier this year, so I pretty much knew it was coming. I replaced the drive, and started making rash decisions. All the stupid factory junk software is disabled, but the big change was that I formatted New Drive with EXT3, since they were using NTFS (on Linux) for some unholy reason that I will probably never understand.

Well, now the drive seems not to sleep, and the drive LED blinks continuously. It doesn't vary at all, so I'm not convinced it's activity related, but there's also no LSOF on the machine, so I'm a tiny bit blind. I think a lot of the issue with Old Drive was that I was writing syslog to it from all my local hardware, which prevented it from ever spinning down. I'd like to prevent that with New Drive by sending all my shit to a Raspberry Pi instead (Raspberry Pi runs extremely well off the USB port from the GoFlex, and it also does a great job of running Privoxy).

I'm looking at ps and netstat -pnat output, and don't see anything which should necessarily be slamming the drive. Meanwhile, I need to go find an ARM lsof binary I can drop on this thing.

xrayspx's picture

T**e *h* S**n****s B***i**G, **k* ***m b****n*.

Music: 

Xebox - Bunker Buster

This week David Lowery grumpled many of the Interbutts as he published a list of 50 "undesirable" (read: "un-licensed") music lyrics sites to target for legal action by the National Music Publishers Association (NMPA). With some major exceptions (RapGenius!), many of these sites do, in fact, suck. They're undesirable from an Internet user standpoint as well what with pop-unders and malware.

The fact is, they are worried about lost revenue from the licensing fees these guys should be paying, and the fact that lyrics sites have tons of ads, and that it follows that their owners are sitting on massive piles of cash in the Caymans. So let's go sue 'em all and get that Scrooge McDuck money silo each of them has to have. Here's a better idea, why doesn't the industry run its own goddamn lyrics sites? Well hell, I bet since we live in The Future and all, you could even track how many times someone searches for a song and give Dave Lowry his quarter of a cent per 100 impressions for Euro-Trash Girl lyrics.

The claim that it's "ripping us off as artists" is unconvincing though. If someone's reading the lyrics, you must assume they're listening or have just listened to that song, which they either own or they don't (Keep going after those pirates, I can at least see the point kind of, best of luck). Very very few songs have lyrics that merit reading on their own without music surrounding them. No one is reading the lyrics to Dr. Heckyll & Mr. Jive who isn't also listening to that song right now.

The Musician as modern Shelley is in all but the most exceptional cases disingenuous at best (Fun fact: Search for Percy Shelley on Google, and the #3 hit after Wikipedia and Poets.org is poemhunter.com, one of the NMPA's targeted sites of IP thieves). Off the top of my head, I can think of four musicians whose lyrics I could just sit and read, and even that is only a handful of songs per artist. Also off the top of my head, I can think of zero musicians whose lyrics I have just sat and read as art for its own sake.

It certainly didn't take Tennyson to write Take The Skinheads Bowling.

"Industry Sues Morons, film at eleven". Fine. "Fragile snowflake genius loses livelihood when someone can search for their lyrics for /free(!)/". Well you lost me there pal.

xrayspx's picture

Exercise

Music: 

IT Crowd Theme

Here's how we work out at the Curtiss household:

- Smoke

- 20 minutes of elliptical

- Smoke

- Crack beer, do lifting for 25 minutes or whenever show ends

- Steak bomb

xrayspx's picture

Password Policy

Music: 

30 Helens (and two Jesuses) agree, nice password policy.

My wife bought this day calendar to store in her purse and found these two horrifically disturbing pages toward the front. It's extra convenient, because if you get mugged, now the thieves can go home and log into your online banking, and clear the rest of it out too while you're all groggy talking to a policeman after waking up laying next to a brick with no purse. Wonderful.

Fixed Tags:
xrayspx's picture

Expedient Potato Clock

Music: 

Joe Buck - Muddy Waters

Expedient sent me a potato clock today.

Today one of our ISPs, Expedient(Warning: Opens annoying talking flash-based woman talking over your music), sent me a potato clock. I think it was to mark the 10 month anniversary of a new circuit we haven't quite been able to turn live yet (fault of another 3rd party vendor, long story) :-)

You'll notice the sticker on top is not centered, and that made it rest on this like 1/32" lip around the right "potato cup". That was going to drive me mental, so I was able to re-center it, now my inner Monk is happy.

Aside from that, it works great. It took me 10x as long to set the clock as it did to get it powered by potato, but it's pretty much staying right on time after 30 minutes anyway.

This is not the first such strange vendor swag they've sent me. The last thing I can remember was an Expedient branded USB hub, that had a keyboard controller in it. The Keyboard controller was so that whenever you plugged it in, it could send "http://www.expedient.com" to your default browser and open their homepage when you attach it. It also had a button on the top that would send you to their site, which is why it needed to be a "keyboard". I can't put my hand on that thing at the moment, but if I ever do, I'll definitely update this entry. It may not have survived my move from my last cubicle.

Photos:

xrayspx's picture

How To Use An Elevator

Music: 

Chris Cornell - You Know My Name (watching Casino Royale)

Many people seem to require a refresher course on how elevators work. For those of you who would like to brush up, it works like this:

Fixed Tags:
xrayspx's picture

Once again with security Spam

Why can't we pay attention to FB hacking warnings?

People do hack FB profiles, it happens every day. They often do it by inducing the target user into clicking a link that can steal their login information in any number of ways. This happens. It's a Big, Bad Internet, and in all likelihood at some point you will:

xrayspx's picture

Hey Hey RSA

Today I got a customer satisfaction survey from EMC. It was specifically about RSA and how we like their products and the company in general. Cynically, I have to believe that it's not entirely a coincidence that they did this survey during BlackHat & DefCon because, well jeez maybe because half of the people receiving this aren't even in their home fucking state? There was a comment field to one of these asking "why do you feel this way".

xrayspx's picture

Converting Visio Stencils to OmniGraffle

Someday, we'll live in The Future, I swear it.

Last year I bought OmniGraffle 4 Pro, I really, really like that app, and it makes using Visio seem like self torture. Now only if the formats were open all the way around...

Pages

Subscribe to RSS - Work


by Dr. Radut