So… I was just driving down the road, and I said:
My zfold2 phone comes to life and says:
So… I was just driving down the road, and I said:
My zfold2 phone comes to life and says:
Let me save you all an hour+ of your life.
Grab the latest version of Ghidra: https: https://ghidra-sre.org/
Use the Ghidra GUI to install the GnuDisassembler and the SleighDevTools.
Install the following dependencies to Kali:
Download the latest binutils source into your ~/.ghidra/ghidra_<version>/ directory. Link for the right version can be found in the build.gradle file in that directory.
Set your GHIDRA_INSTALL_DIR to the location of your ghidra install (mine was /opt/ghidra/ghidra_<version>.
Check your version of gradle:
Compare the version of gradle Kali installed, to the required version listed in the /Ghidra/application.properties file from the source for the version of ghidra you installed.
If there is a version difference, download the binary for the right version of gradle and use that to run your build command..
Sad to say, I spent over an hour trying to debug completely ambiguous errors from gradle (e.g. Could not find method get() for arguments  on platform ‘linux64’ of type org.gradle.platform.internal.DefaultNativePlatform).
I’ve recently come back up for air (so to speak).
I’ve spent the last year in pandemic world trying to enable one of the world’s largest used car sales companies to have better experiences and more efficient ways to buy and sell cars online – without leaving the comfort of your “home”.
In some ways, I might be tempted to think that I am doing something really cutting edge.. which is why I feel like I have just come up for air.
I just finished a pretty amazing book called Sapiens – https://amzn.to/3jGq2bV.
Here are my thoughts:
I followed up by reading A Crack In Creation – https://amzn.to/3ArJz6b.
Here are my thoughts:
But, that’s not all… we now have flying cars: https://youtu.be/a2tDOYkFCYo, and autonomous physical in-store shopping experiences: https://youtu.be/FynpkeS7RUM, and containerized housing: https://youtu.be/qVV6CyGJgZo, and artificial intelligence running buildings as a super organism: https://youtu.be/ssZ_8cqfBlE.
I just picked up Homo Deus: https://amzn.to/2UToQaT.
It is incredible to think about how far we have come, as a species, in such a short period of time; I am really excited, but slightly reticent to see how deep this rabbit hole goes.
One of the things I do on the weekend, is run my small data center….
Tomorrow, I’m going to tear down the old esxi and rebuild new arrays for boot and storage and try and merge it into the xen pool and try to live transfer some guests between hosts in the pool. Wish me luck..
Then, if that all works, I’ll need to install another patch panel in the network rack, setup a new ups, and reconfigure the switch for new VLAN and trunk ports.
I will say that the pfsense on a protectli box with 6 ports, and a Unifi SDN costroller, managed switches and WAPs throughout the house had made the networking side extremely easy!
Maybe tonight I’ll find time to finish up the Azure DevOps course and get back to learning React.
Oh, and I mowed the lawn and took Bob for a ride too.
p.s. if anyone knows why mdadm isn’t activating my raid10 on reboot, please drop me a DM.. its a huge PITA.
p.p.s. Second xcp-ng server is up with 2x ssd raid1 arrays, 48GB of ram and the migrations between the two hosts completed; also created and deployed my first Azure ASE tonight. Tomorrow I relocate it to the secondary media closet.
Update a week later: media closet was still too hot so I attached a nice fan to it; dropped the CPU temp by 10 degrees!
; This is the way the world ends, in Assembly
; Author: Jediah Logiodice
; Date: 11/05/2020
mov ebp, esp
xor eax, eax
add esp, 4
cmp eax, eax
mov esp, ebp
Just finished up a thought provoking and highly-entertaining treatment of concepts and ideas swirling around related to life, the universe and everything.
Unlike some reviewers of the book, I specifically appreciate that the author tries to synthesize the scientific world view with the religious world view.
There are too many in life that think the world is so black and white, on both sides, thus being completely unwilling to give credence to what another might say or think across the divide.
The dichotomy reminds me of a couple maxims summarized by Covey and Bragg: 1) first seek to understand, then to be understood, and 2) science and religion are opposed as the thumb and forefinger – between the two you can grasp anything.
I came to a similar simulation theory ages ago (without much science knowledge to back it up, just through general observation and cognitive experiences), I’m glad to see we have some great thinkers spending significant clock-cycles on it.
Somewhere in our future is “The Theory of Everything”. Keep seeking!
While having conversations with a couple friends the last few weeks, I came to the conclusion that there might be value in writing down some of the ideas I have floating around in the big tin-can on my shoulders, as it relates to opensource software (oss).
Or, then again maybe not.
Regardless, I took a few minutes to jot down some thoughts. This list is by no means exhaustive, it’s just a quick brain dump around what comes to mind when I think about using oss in the enterprise.
There are some definite and perhaps obvious implications to attracting talent when it comes to participating in the oss community. First and foremost, it is an easy way for an organization to market itself, its culture, its people and its technology capabilities. Secondarily, in my mind, developers that engage with the oss community show an increased dedication and passion for ongoing learning and development outside of the 9×5. So participatory individuals definitely represent a type of individual I want to have in my organization.
OSS can be fickle, as it involves many people with diverse backgrounds and perspectives agreeing to agree. 😊
When using oss, I would suggest setting up a company repository where oss and dependencies are curated and maintained as approved for corporate use. In addition, I would also recommend blocking teams from using external repositories, in order to manage and mitigate various risks based on company appetite. JFrog Artifactory is one such example of a solution that can be used for a corporate repository.
The link below gives a brief example of what can happen if you aren’t careful in how you manage the repository in the oss world. 😳
In addition, in order to maintain bench strength, autonomy, ensure continuity, and enforce corporate quality gates, it is also important to not become reliant on compiled binaries; as such, I would ensure the company has the toolchains and configurations to compile source code into binaries in a CI/CD type of model.
Security of open source:
On the upside, oss allows for easier identification and crowdsourced remediation of vulnerabilities; however, on the flip-side, it is easier for hackers to identify vulnerabilities, fingerprint companies using the oss, and subsequently exploit vulnerabilities, without disclosing them.
Thus, it is important to have a solid program in place for monitoring for emergent vulnerabilities and patching in a timely manner, especially for externally facing solutions. This also drives back to the discussion of having a centralized repository for curating approved oss.
I’m not a legal expert by any means but know enough to state that careful considering needs to be made as it relates to the usage and mixing of different license models in the oss and proprietary world.
As an example, some license models cannot be combined with others and some licenses like “copyleft” licenses are viral (to a greater or lesser degree) and may require disclosure of source even for derivative or combined works.
In addition, there are nuances and interpretations related to words like “propagate” or “distribute” when modifying oss. As an example, using it on your internal corporate network may have different implications compared to embedding it into a website and having people remotely access it, which may also be viewed differently than using it in the mobile app and putting it in an app store.
OSS has many cost factors, but I saved cost for last because it is tired to all the previous discussions. While the initial investment is often lower for an individual package, taking on maintenance and support for more complex oss packages will likely increase the TCO and have a negative impact on opportunity cost over time, as you will have teams that will need to continue to maintain and provide upkeep for what is likely to be a commodity for the organization – rather than focusing that same time slice on things that are of a competitive advantage.
A quick wrap up. I am a huge proponent of both the concepts and implementations of oss, however, I often see companies going down the route of oss because it is perceived to be “cheaper”. While, in some cases, that may be true, especially for smaller companies with very limited IT budget and a high tolerance for risk.
My advice is to think through the risk and exposure around the use of OSS for the company, and then compare what it would take for investments to make oss elevate to the same first class citizen as internally developed software. That’ll give you a head start on understanding the TCO and opportunity costs of using oss in the overall aggregate of your technology economy.
Finally – while I admit, I really haven’t read much of it, this looks like a great resource. https://opensource.org/faq
My hope is that you will find ways to manage the corporate risk, and still commit to engaging with, and supporting the OSS community!
As always, I am happy to learn from others, so if you have a perspective you’d like to share on oss – feel free to reach out to me and engage.
23 years ago, on Feb 15th, the worlds most famous hacker, Kevin Mitnick, was apprehended in NC after years on the run from the FBI. Prompting many, many young hackers and computer enthusiasts (including yours truly) to take up the mantra “Free Kevin”.
A little over 28 years ago, I started my own journey into information security (thankfully never pursued by the FBI), and much like Loyd Blankenship (Hackers Manifesto), Kevin had a profound impact on my young security career.
Today, not only did I get see Kevin in action (POC exploits), but I got to say hello and shake his hand. I didn’t even think about taking a picture, I just wanted to shake his hand; but I’m thankful, someone there said “would you like a picture”.
Thank you anonymous picture taker!
It’s been 15+ years since I have received a coding assignment, so recently, I decided to try moving in the opposite direction from Assembly, C, and Reverse engineering, and decided to take a course on Udemy for learning python.
So far, it is an excellent course. If you are interested the course is located here.
The assignment: create a Tic Tac Toe game in Python. The results are as follows:
For years I trained my brain to engage in lucid dreaming, I’ve played with hypnosis, NLP, paraliminal learning, photo reading, and other crazy reprogram and expand your brain exercises. Last night I got what I deserved (I guess).
As I awoke, but still asleep, I began to dream that I was programming my body in my brain. I was pushing and popping instructions off the stack of my mind to create my heartbeat, to expand my diaphragm, to push blood through my veins. For a brief moment, I thought “this is awesome”, I’ve finally broken free of The Matrix.
However, very quick I realized that if I was controlling my autonomic functions, if I screwed up on the programming, my heart would stop, I would suffocate, my organs would die of asphyxia. Having this realization, I started to panic.
Mind you, I was dreaming, but aware I was dreaming.
So, I finally said to myself, this is silly, why panic, you can just wake up. But I couldn’t. I tried to stop thinking about programming my bodily functions. But I couldn’t. I tried to stop worrying about injecting the wrong opcodes. But I couldn’t. So then I started thinking, “Is this what happens when you go crazy”. “Will I wake up, insane”. “What if I can never get control over my mind again”.
I always thought going John Nash crazy wouldn’t be so bad, at least it would be in brilliance; but now, I couldn’t imagine being stuck in a world where I knew I was trapped in my own mind, but couldn’t break free.
Have you ever started thinking so much that your head started to throb? Burn? Ache? I felt like my CPU was overclocked, overheating and was about to core dump.
And then I crashed – I don’t remember how it resolved, or how long it went on, but I woke up this morning… a little ragged, with vivid memory of the whole ordeal. Happy to report, that I am still part of The Matrix, and I’m not John Nash insane.
Maybe I should stop messing so much with my brain. Maybe I should take a break from technology.
Nah. Back to The Matrix.