Succumbed to temptation today and bought a laptop. I’ve been thinking about it for a while. In two more weeks, I’ll need to hand back in the one I’ve been using from work. This Macbook has stood me well through college and capture the flags, and I’ll be sad to see it go, particularly since it’ll take another week after that before my new one arrives. That said, 32GB of RAM, a 1 TB NVME drive, an NVIDIA GPU with 8GB, and an AMD Ryzen chip: gotta put this poor box to shame. I’m going to have to grow my chops in reverse engineering and cyber exploitation to match it!
You may have seen a few more geek notes on here of late. I’ve really enjoyed jumping into CTFs. My objective isn’t to win, but to find more ways to solve puzzles.
This weekend’s adventures were a little different, though. My company sponsors UMBC’s CyberDawgs team, and they’ve asked us to contribute challenges to their upcoming CTF. I tasked our IRAD team with coming up with a few and I wrote a couple, as well. So this weekend I spent some normalizing our submissions’ README files and doing a final test of the submissions.
One of the submissions was really giving me trouble. The IRAD team member who’d developed it had demonstrated it to us, but the solution instructions in the README just weren’t “clicking” to then be able to reproduce a solve, much less help anyone else understand how to solve. It’s customary in CTFs to have a Discord channel where mentors can offer assistance to those on the right track; given that I don’t want to be up all night myself providing that support, thought it best to provide a walkthrough for someone else..
Not only did I “crack” it (helped, of course, by the solution instructions in his README), but then I was able to provide a linked reproducible recipe using a tool called CyberChef that is really useful for a lot of CTF grunt work. I’m avoiding linking to the recipe or giving any more info on the challenge, of course, given that there’ll be hopefully lots of folks taking a crack at it in early May. I’m now more confident, though, that there may be some folks who solve it AND I better understand a particular kind of encryption approach.
Notes from this week’s CTF – geek notes for Tina. Should have collected notes on more challenges, but, eh…
Received a PCAP file that said it had secret coordinates in it. PCAP was completely USB traffic, specific URB_INTERRUPT
- Isolated traffic for appropriate device, after examining device descriptor response to find keyboard
- Started mapping out the HID keys by hand, until a teammate suggested https://github.com/TeamRocketIst/ctf-usb-keyboard-parser
- Ultimately used tshark to extract the data, via
tshark -r ~/Downloads/file.pcap -Y 'usb.device_address == 2 and usb.data_len > 0 and !(usbhid.data == 00:00:00:00:00:00:00:00)' -T fields -e usbhid.data | sed 's/../:&/g' | sed 's/^://g' > keys.txt
- (Note: the second se is because the recommended one ended up prefixing all the lines with : – second sed strips it off)
Things I’m in the middle of reading, also known as glimpses into my psyche:
- Thinking, Fast and Slow, by Daniel Kahneman: we’re reading this for our Women In Technology Group at work. So far, a couple of chapters in, my System 1 brain is convinced the book should progress more quickly
- The Clown in You, by Caroline Dream: reading this to try to think about my clowning in new ways, to spark my thinking in new paths
- Hacking, the Art of Exploitation, by Jon Erickson: my cyber masters program is leaving me less than inspired, and more feeling slogged in its various papers. Hoping this book gives me some new angles and inspiration
I frequent some Facebook groups related to buying and selling used clown and circus supplies. Last month, a guy posted 3 or 4 pictures of this massive yard sale amount of stuff. Folks kept offering him money for individual items, but he’d say he’d only deal with folks who’d pick up. He ALSO said he’d be willing to take a reasonable offer for the lot. After seeing enough folks make individual offers, I decided, heck, the guy’s in New York, I’ll make him an offer, and if he takes it, I’ll make it back by shipping out just the things folks have offered on.
So, that’s what I did. I made the guy an offer. I came back with a mini-van chock full of things. A full-size Scooby Doo costume. A full-size Easter bunny costume. 6 large Lowes’ boxes filled with costumes and supplies, including a couple of puppets that run usually for $300+. Two boxes of videos. Another full (+!) box of clown magazines. A full bin of various magic tricks. A box of juggling bean bags. All in all, a bonanza of random fun. I spent a weekend building out an inventory spreadsheet and looking things up to figure out their probable retail value. I’ve been putting them up on Facebook, selling them off at a bit at a time.
So, if you know anyone who wants an Easter bunny costume or a set of dove pans, I’m your gal! I’ll be taking at least a representative box or two to the local clown convention next month – see if I can find some willing homes for another thing or two, at least!
Quarantine, day N… Was at work last week, and now off again.
Early in, I set up a Google Doc in which I listed goals for the quarantine. Projects I could accomplish with the extra time. Some of them are already complete – I got my Grace Hopper application in, built out some challenges for a CTF, planted seeds. Some are in progress – about half of the front yard has had its onion grass removed. I’ve done more running and pushups. Still working towards pullups. Have mostly left the burpee goal alone, though I think that’s on the list today.
What I’ve realized isn’t strongly on the list are household organizing or cleanup projects. I could wash windows. I could dust floorboards. I could… These are the sorts of projects my parents used to give me when I’d done something wrong, though. The sort of work penance aspects to grind a spirit down. I’m not in the mood to punish myself.
What I keep doing is more minor things: clean up a corner. Put away something that’s been in the wrong place for far too long. Work to keep the kitchen quasi-clear with all of the extra food preparation going on. (Somehow kids love making food, but never connect it with the extra cleanup.) Go for more long walks with my hubby. I’m most of the way through a puzzle, which is usually something we only do over Christmas break. Try a new recipe or two once in a while… We had a Monte Cristo casserole the other day that was pretty good!
The weeks without a rhythm are long. Completing big household projects and then seeing them be overrun would be too discouraging. So I’d describe myself as pacing. We’re in a time of unknown length and I’m just trying to make it through.
Monday, day 1 of quarantine for me. The kids have been off of school for a week, but this was the first day I was told to stay home from work. So, what did I do?
Mostly… worked. On either work (IRAD supervision, resume tweaking for a staff member, phone meeting to get news of quarantine, pulling together ideas for kids & STEM) or our church website (solved some email problems for folks, updated a page or two). Got Cameron up and harangued him for not going to therapy. Planted some seeds. Got in a workout (burpee hell!). Got in a run. Listened to a webcast on cyber machine learning. Snuggled some cats. Uh, wrote a blog post.
Ultimately, stayed pretty busy. 4 more days to go this week…….!
Folks who are paying closer attention to this blog than it warrants may have caught notice of a link in the left navigation to a ‘Kubernetes 101‘ presentation. That link came about when I was asked a year or two ago to give a presentation at work on Kubernetes. I built the presentation deck based on a presentation I’d put together at a previous company which they were kind enough to give me access to again, and THAT presentation was a recap of some training materials I’d built out for a customer. So, I’ve gotten to present on Kubernetes a few times.
I’m now on my third project making use of Kubernetes, or k8s for short. The first go-round, I helped developers understand how to deploy things to it and someone else stood up and maintained the cluster. The second project, I built tools (“operators”) to run within k8s, as well as built scripts that automated the deployment of our clusters. This go-round, we’re using a new k8s distribution, with its own tooling for deployment and administration, and part of my role is to figure out whether our team found all the bits I’d been able to turn on in previous installations. (Auditing, for the record, is a good thing…). With each new project, k8s has matured and my angle for working with it has changed, so I get to learn and try new things.
That’s generally how software and systems development works… no one (or at least, vanishingly few) ever really knows a tool or language inside and out completely, particularly in connection with its full ecosystem. I’ve gotten to write Golang, Ansible, and Java (via k8s’s client-sdk). I’ve used REST APIs invoked via curl or hit the same endpoints using kubectl and its command syntax to interrogate k8s internal state. I’ve figured out how to query Prometheus using PromQL, and then how to interact with a time series database to which we’d exported the Prometheus data. Oh, and with each new release of k8s (they’re about to release 1.18), the capabilities and APIs change.
I got to interview an internship candidate today, and she (yay!) asked me what sorts of things you have to know to be a good candidate for our company. I told her a few of the technologies our current interns are using, but tried to make clear that the biggest thing about a career in technology is that you have to keep learning. That you have to keep humbly realizing you don’t (and can’t!) know it all. That you keep plugging away at deepening and widening your experience. That sometimes your experience tells you to bring in someone whose breadth and depth hits the problem from a different angle than your own.
Today was a fun day. Can’t wait to see what projects 3, 4, … and n, in k8s or other things, bring my way.
Exemplars of search history on Google: “alternatives to Terraform”. “alternative to rubber chickens”. The things that software engineers who are also clowns search for.
Update!!!! Further down in my Google search result for rubber chickens I find a blog post that crosses rubber chickens and software development: Why rubber chickens make for better meetings! Hmmm – might be time to expense some rubber chickens!
Home sick today.. It’s a lousy day to be sick, as tomorrow I’m supposed to run a half-marathon and today is the day most of the rest of my software team is off. Read that as: no meetings, great day to code day. Instead I’m home, laptop in my bed, puttering away whilst keeping my head not quite upright so it doesn’t feel like it’ll explode.
So, what’s a gal to do in such a situation? Clean out her email backlog! I’m not an inbin zero kind of gal… I file some emails away, delete a good number, but somehow the pile still generally stays. There’s too much useful info there, and I long since discovered if I tried to file things away, I’d have to clean out however many other files, rather than one big inbin. So instead my goal is to just keep it below some threshold number. Over time that number’s changed. For my personal email bin (the worst offender), right now the target number is 7700. Every so often, I’ll try to decrease it by 100. The number used to be 8000 something before, so I’m making progress.
How do I have 7700 emails worthy of keeping, you ask? Well, I don’t, I’m sure. I have 7700 emails that were mostly at one point worthy of keeping. Many have degraded in value since then, but the effort to go clean out the ones that aren’t valuable is more than the cost to me of having 7700 emails. I have emails in which I get told my grandmother passed away and what the funeral arrangements are. That’s now 4 years ago. My memory’s faulty, but my email history isn’t, so I can go back and check the timeline and particulars. I have emails in which I get back acceptances to speak at conferences. Again, my memory’s faulty, so I use those emails to go back and remind myself – what year, what topic… I have emails that have information I meant to read sometime and never got around to. Some of that information is now stale, some isn’t, etc, etc.
So I accept my email pile. I actively prune both new and old emails. Since I started writing this post, I’ve gotten 6 more messages, which push me over 7700. I’ll prune back down below, and go back through the old pile and try to give myself some headroom by pushing it down to, say, 7650. By later today, though, I’m sure I’ll have to compress it again.
It’s my own email garbage collection strategy. Trading off the cycles required to do the collection and cleanup for time to do more useful things.