- Managing Configuration Snakes On A Plane
Well for various reasons I'm quite inebriated while trying to write this particular description. Enough so that I'm attempting to write it all with my eyes closed. Oh, sure, I'll look at what I've actually written at some point when I post this to the meetup, But right now I I just need to rest my eyes for a moment. Thank goodness for those typing classes in high school, eh? And those little bumps on the "F" and "J" keys to let my fingers know where they are on the keyboard. Makes it easier to tell you about the fascinating presentation we have for the next STL2600 + DC314 meetup on Friday. (Okay, I peaked my eyes open a tiny bit to get the title correct just then. Using the "Shift" key can still mess me up with my eyes closed.) Bill is taking things on this month, in what will be his first talk for all of us. And from what I hear so far, there's already plenty of procrastination involved. Just like a proper STL2600 + DC314 talk should have. Or else Bob and I haven't been setting a good example for you all. Bill will be advocating to us the virtues of configuration management. Every system is constantly evolving and changing. With the installation of every application, update, or patch, the system constantly changes. We feeble bags of meat, particularly the ones that responsibly indulge in the wonderful beers and spirits, are completely unreliable when it comes to tracking the endless changes to any particular system. But hey, what are computers for if not to automate the mundane tasks so the rest of us can keep the party going. There's plenty of options to manage and automate configuration changes to your systems. To keep track of what's been successfully delayed, versus what's been fouled up by our sausage-like digits clacking mnemonic abbreviation into a monolithic silent automaton. In soberish English, come next Friday to learn a thing or tow about Configuration Management from Bill, what tools are available to you, and probably some pretty obvious reasons (at least once you hear them) as to why you should practice good change control in the first place. And if you are wondering: Only 7 spelling errors from typing that whole thing with my eye's closed. Also, the plane gag is mostly irrelevant to the topic. It's just a nod to Bill and he can explain it if he wants. Though you'll probably be disappointed by the answer.
- "Peeking at Data's Firmware"
I was browsing online as one does when I came across an unfortunate question: "Does Lt. Cmdr. Data poop?" Dammit if that question is going to continue to haunt me. I can't think of an answer to that question without going to dark disturbing place, and I'm pretty sure we'd all regret it if I did. There's all the subsequent questions that it raises as well. I mean, assuming Data was equipped with the correct "hardware", there must be corresponding software to drive it, right? Is that a solved coding problem in the 24th century? What kind of variables are you dealing with? Did Data have to wear diapers until Dr. Soong got all the incontinence bugs worked out? Can you file a software patent for that kind of thing? There must be a way to answer these kinds of questions. And you should all know at this point that when I start talking about Lt. Cmdr Data that I'm eventually going to twist it into some kind of awkward metaphor about the topic for the upcoming STL2600 + DC314 talk. Well aside from the addition of poop jokes this time around, why should this time around be irregular? Let's assume for the moment we've somehow got a copy of Data's sphincter control drivers. How are we suppose to figure out how it works? Buttholes for a Soong-type android aren't just something you can pick up at Micro Center, so it would be difficult to just run the code and tap that ass's I/O. What if we took a look at the compiled driver itself? It certainly would be a lot less messy, right? Regardless of how smooth an androids bottom might be. Well Nik, "The Borg Queen", has returned to help us assimilate all the knowledge we need to get started reverse engineering all the robotic soft-serve drivers we can handle. Nik is going to show us how to use Radare and Cutter to pull apart a binary and make sense of the underlying assembly code. We'll learn some of the Basic syntax, instructions, registers and conditions, as well the fundamental precepts in Reverse Engineering CTFs. Why is she doing this? Because she's the shit, that's why. Part of this talk will be a workshop, so everyone is encouraged to play along. You can download the Cutter software for Windows, Linux, or MacOS from https://github.com/radareorg/cutter/releases. Ideally you'd want a VM setup as well to play around in, but it's not strictly necessary since we won't be handling anything malicious. I'm so excited about this one, I might just crap myself.
- QEMU Virtual Machines: Taste just like the real thing!
Apologies for the cancellation/rescheduling thing. Of course the STL2600 + DC314 meetup is still happening. It's just the first time I've actually had the chance to sit down and actually write the post for this months meetup. And if it's less than six days before, I can't "announce" the event. Which also just means I need to be better about scheduling these earlier, but that's not news to anyone. Is it? Anyway, back to what's important: I'm thinking this month we should take a look at QEMU. Just feels like it's a pretty underrated virtual machine platform. It actually emulates a lot more CPU architectures than just your standard Intel chips. So it's really got me wondering what kind of archaic crazy software we can actually get running on this thing. So that's the plan. I'm going to reach into the depths of the underworld and see what we can resurrect from the dead, and justify our necromancy by figuring out some practical reason as to why we can't leave this dead software in peace. So yeah, regular time and place.
- Project Nephology: Phase III - Gitting Back On Topic.
I had a horrible nightmare the other night. Bob and I were just platonicly laying on a grassy hill staring up at the sky. As they do, several clouds were moving across the sky taking on odd shapes. I pointed to one and asked Bob what he thought it looked like. He said "That puff of cumulus there? It looks like someone else's computer, to me." I pointed out another to him and asked "Well what about that wacky bit of cirrus over there?". "Hmm... Looks like a forgotten series of topics for an STL2600 + DC314 talk." he responded. Next thing I know I'm waking up in my own bed filled with dread. Disturbing, right? Even the aliens who were about to abduct me read my mind and were like "Shit. That was fucked up. Will just beam out now. You've got enough problems already." So well over a year ago (June 2017), I ranted on a bit about my short attention span. Clearly the situation hasn't improved any. But as a sure as you'll one day find your goldfish auditioning to be a pool toy for a Lego mini-fig, I do eventually find my way back on topic. I'm sure everyone remembers a few months ago when Microsoft surprised everyone when they bought Github, immediately followed by a huge exodus of users who remember the 80's and 90's when Microsoft's favorite pastime was ripping off code they couldn't buy or squash. Seemed like an apropos excuse to dust off "Project Nephology" and talk about setting up your own hosted git server. So for the next STL2600 + DC314 meetup, we'll discuss some of the options available for hosting your own git server. And, if all of my notes are still up-to-date, possibly walking through what it takes to git one of these bad boys up and running. FYI: We won't be teaching how to use git. I don't have the time to learn it myself first, and Bob's gitting ready to push out a new release.
- 1.21 Jiggawatts of Talks
Well it was bound to happen sooner or later. After years of rambling on about random topics, it was only a matter of time before Bob and myself truly snapped. I mean, just take a look at this passage? Whens the last time I was able to write a coherent sentence like this? Definitely a sign that I've gone and lost my marbles. Combine that with how busy everyone gets around the holidays, it just seemed down right impossible come up with a single topic for us to bullshit our way through this month. Key word there being "single". That's right, we are going to lean into the chaos this month and see how many topics we can cram into a single evening! And we are encouraging you all to participate. Rapid fire, one after another, will being having an evening of lightening talks. Five minute stints of everyone covering their favorite tools, tips, and/or tricks. We are going to cram as much content into this evening like it's a time travelling delorean full of clowns. Now both Bob and I will have a few talks ourselves, but we are really hoping for some audience participation. If you can ramble on for five minutes about something, now's your chance! Bring slides, or tempt the demo gods by doing it live, we don't care. You can let me know ahead of time, or just surprise us the night of. Regardless, you'll have your shot to take the stage. This 1.21 jiggawatts will be striking the clock tower at the usual time and place. Hopefully these presentations will hit 88 mph and we'll see some serious shit... Though admittedly, I don't know how that would actually work. I decided to include the Back to the Future references pretty late into writing this, and I've got to get it done so I can still hit "Announce" on the Meetup.
- An Encore of "REST is dead, long live GraphQL!"
Both Bob and I recently gave talks at last weekend's PhreakNIC in Tennessee. And despite the unfounded and yet self-speculated miraculous abilities of both Bob and myself, pulling more than one presentation a month out of our collective metaphorical orifices is beyond even our legendary abilities. So we are going to cheat! At the next STL2600 + DC314 meetup, Bob will be presenting his talk that is so nice, I've asked him to do it some number of times that rhymes with the word "nice". But I'm going to cut this description about short, as I am dealing with some virulent cold that could be turned into a biological weapon. So I'm just going to copy and paste what Bob wrote for his PhreakNIC description: "GraphQL is a next generation query system for the internet. If you've ever been frustrated by a REST API because the data came back in an uncomfortable format, or you weren't able to ask for exactly what you need, then GraphQL is for you. In this talk, I'll give an overview of how GraphQL APIs are built, how to use them as a client, and (since this is PhreakNIC) a brief breakdown of the security implications. The services demoed in the talk will be live and publicly accessible, so feel free to bring a laptop along to test out what you'll learn in real time." There you go. See you all next week... If I survive. Until then, I'm going back to bed and REST. (Well what do you know? I still had one pun left in me.)
- Solving Math Problems for Fun!
Wow, so this month's talk isn't actually about Android this time. That means no more Lt. Cmdr Data jokes and I just don't know what to do about that. Well I could keep making Lt. Cmdr Data jokes, but it just wouldn't be appropriate since the next topic doesn't have anything to do with androids, or even Star Trek. But we'll continue on with our mission... boldly... where someone may or may not have gone before. Oh, and while we are on the subject; The prime Trek universe is the only true Star Trek! That Abrams/Kelvin Timeline is crap. I know I've said it many times before, but I'm stating it again! Admittedly, I'm saying it mostly just because I'm trying to work the word "prime" into the conversation so I can then bring up prime numbers, and from there some ham-fisted segue into the actual topic. There were probably other ways to bring up prime numbers in the context of Star Trek. Like in the season three episode of TNG titled "Allegiance". Captain Picard taps out prime numbers on a keypad, so his captures will know he is intelligent and comprehend mathematics. I think they did it in the film/book, Contact, as well, but then it wouldn't be a Star Trek reference. And if I'm honest with myself, that's not much better than the awkward transition of a topic that I've already made. This is usually the time where people start to frustratingly demand what my point is. Well, from what I hear, prime numbers are important to things like encryption and the algorithms that love them. And that's where we start getting closer to the actual topic for the next STL2600 + DC314 meetup. Or at least I think it is. I'm hoping to find out for sure during the presentation. I think the answer is... math? The point is that Perri has been gracious enough to offer a talk on cracking RSA challenges. I thought this sounded really... really... hard, but I've been assured it's as easy as playing Mastermind. The board game that is, not the terrible 1997 movie where a mustached Patrick Stewart plays the villain (Seriously... it happened: https://www.imdb.com/title/tt0119630/). Though I'm still a little suspicious, because that assurance came along with a lot what I think might have been math in the explanation. I'm taking Perri's word for it though. Still might want to bring a pencil, pad of paper, and a supercomputer for this one. Perri's bringing some challenges we'll be able to try out for ourselves.
- Never Stop Partying Like It's 07CF!
Copypasta... September is our annual local 2600 PGP Key-Signing Party! Food, People, and Cryptography! What could be more fun? If you already have a PGP key-pair, bring the fingerprint with you and some ID so everyone can verify and sign your public key. The more people you can get to sign your key, the more trustworthy it is! If you have an android device, you can make things easier by using the APG or OpenKeychain app: https://play.google.com/store/apps/details?id=org.thialfihar.android.apg (https://play.google.com/store/apps/details?id=org.thialfihar.android.apg) https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain Also checkout https://keybase.io/ That's the easiest way we've found to manage your keys. They support text input, QR code, or even NFC. There are some lesser iOS apps that will get the job done as well. And we'll have paper for those that want to keep it old school. If you don't have a key, don't worry! We'll be more than happy to help set you one up. Remember, it's also a party! Feel free to bring food and drink to share. Seems like we do this every year or something...
- “Smooth As An Android's Bottom, Eh Data?”
The following is a transcript of a recording Bob made. He claims it was "just in case they needed evidence". It contains a conversation he observed me having a with one of my cats: What? Seriously? We are doing Android stuff again? ... How many Lt. Cmdr Data jokes do you think I actually have? ... It doesn't matter that I stole most of them from the internet! That doesn't mean there's an infinite supply of Data jokes! ... Can we go a different direction maybe, like make a joke about Big Data? ... No, I don't mean Tasha Yar's nickname for his anatomical correctness. I mean the other kind of big data. ... I guess you are right, that doesn't really tie into Android subject matter. What about a Westworld joke? ... Good point, nothing could be funnier than that Westword Rick Roll they did earlier this year. (https://youtu.be/W7oeROkyPgs) So we are just going to fall back on the usual? ... It's settled then, we post another picture of Data with a bit of incoherent rambling and a summary of the topic. So at the next STL2600 + DC314 meetup, the Android OS will take center stage again. Bob is is finally going to take the plunge and fulfill one of his oldest fantasies right in front of is all. You guessed it! He's put together a walkthrough for configuring your basic Android mobile device to give you the best possible combination of security and privacy the platform can offer. And with DEFCON happening the following week, this is the perfect preparatory protect for anyone planning to attend that most hostile environment for networkable devices. On a side note, this is still the actual transcript. Bob looks like he's kind of freaking out right now while I scream all of this at him. He's just dropped the recorder and is running away. Bob! Where are you going? ... Bob! I thought we were going to get a beer next, and then go shopping for friendship bracelets! ... Bob!... BOB!... Dammit... He was my ride home. Oh well. See everyone Friday at the next STL2600 + DC314 mee- *click* The recording reached the end of the tape.