Working At Home Sitting/Standing Cycle

In the past few months of working from home I started having aches and pain around my shoulder and chest area. I have a rising desk that allows me sit and stand like I've been doing in the office with the sit/stand keyboard tray (side note: getting it mounted gave us a bit of amusement; … Continue reading Working At Home Sitting/Standing Cycle →

COVID-19

No real thoughts on the subject; just want to put this as a historical marker of sorts. Some things that have gone on so far: All the school-age kids are doing distance learning/homeschooling for at least another week.Movement/travel throughout the world have significantly slowed down.Restaurants are only available for to-go/delivery orders. No dine ins currently.I've … Continue reading COVID-19 →

Return Proper Exit Code, One Must

While working on functional tests for tlslookieloo I discovered that it's not returning an error exit code when it exits because of a configuration issue. This oversight would make it difficult to use tlslookieloo as part of automated testing.

tlslookieloo 0.1.0 Released

After a few months of working on it on the side tlslookieloo 0.1.0 is finally out the door. I'm releasing it as an alpha version; because, I worked on it alone for the most part. Keane Wolter (@d43m0n3y3, LinkedIn) helped out by reviewing the documentation and smoke tested it on a different platform. Why build … Continue reading tlslookieloo 0.1.0 Released →

Mocking C APIs in testing

I started working on tlslookieloo after failing to find a utility that I can use to basically MITM a client-server application I was testing at work. I looked at sslsniff and Cisco Talos' Mutiny Fuzzing Framework and Decept Proxy to see if it provides what I need, or modify it for my own needs. In … Continue reading Mocking C APIs in testing →

Keeping Upstream and Working git Repos In Sync

This tutorial is intended for git beginners who need to sync up their working repo with changes made to the upstream repo. Cloning repos within collaboration platforms such as gitlab will not be part of this tutorial. Setup For the purposes of this project, we will use https://github.com/w3c-social/activipy as the upstream repository. Create a clone of the project, and … Continue reading Keeping Upstream and Working git Repos In Sync →

Remind Platform CDN misconfiguration

I stumbled into this issue since one of my kid's teacher uses Remind. The issue is any pictures posted on Remind is publicly accessible from Cloudflare CDN. I have notified Remind's Security Team of the issue. Here is an example of a picture that my son's teacher posted to Remind that can be accessed by … Continue reading Remind Platform CDN misconfiguration →

Be the Little Drummer Boy

One of my favorite Christmas songs is the little drummer boy. Although there was no drummer boy recorded in the Bible I feel the story of the Little Drummer Boy summarizes what God expects of us all: to come to Him--warts and all--and be willing to be used by Him. The first two lines of … Continue reading Be the Little Drummer Boy →

A Broader Issue Exposed by CVE-2018-14665

CVE-2018-144665 refers to "An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges." Here's the link to Matthew Hickey's tweet that shows the exploit. I'm not … Continue reading A Broader Issue Exposed by CVE-2018-14665 →

Someone Used My Email for a Twitter Account

I found out that someone created an account on twitter using my email address. So, I decided to take over the account. For the longest time, I never saw the point of having a twitter account. I had one during twitter's early days. I'm talking back when you twitted by sending a text message, and … Continue reading Someone Used My Email for a Twitter Account →