FxChiP

Dear anti-sec,

I read your manifesto today, and can only feel irritation at your antics and your attacks on the practice of Full Disclosure. While some may be applauding the supposed altruism of your actions, I... question your motives, to say the least.

You claim that if white hats were truly about security, they wouldn't release the information they gained to the world. I say, if the white hats didn't, who would? This is the primary reason I question your motives here; if exploits were found and never disclosed -- which no black hat would, and if there were no full disclosure, white hats wouldn't either -- then they would simply be left in the software, allowing for maximum time of exposure until some independent entity finds and reports it.

And, without question, exploits left in software are extremely beneficial to criminals who would seek to use them to steal or vandalize. The less disclosure the exploit itself receives, the more a criminal can use it to their illicit ends, with the victims all the while having a false sense of immunity and security. Full disclosure, at least, lets those who might be on the receiving end know that there is a threat to their business and customers (or site and visitors, as the case may be). Obviously, a black hat would want as little of that as possible.

You further say that full disclosure is bad because it allows the security industry -- no doubt you mean Symantec et. al. -- to profit off of its consequences; the script kiddies using the published exploits on any vulnerable site. Once again, though, common sense bears this out; just because you don't talk about the gaping hole in the wall doesn't mean it isn't there. All the obliteration of full disclosure would do is make security companies (and software vendors and developers) work harder to find an exploit they know nothing about. This is a double-edged sword in itself; they may find and fix a slew of other bugs, but still miss the original exploit used. Full disclosure would allow them to find and fix the bug quickly and get the patches rushed out for the user before any more damage can be done. Whereas, again, without full disclosure, even the patch is at-risk.

Your means of achieving this goal are also completely unnecessary. Rather than engage in discourse or do a thousand things more productive, you choose to seek the destruction of anyone who supports full disclosure and "the security industry in its present form." So, once again, what are your real motives? Because you're sounding very criminally black-hat to me, disguising your intent with altruism.

In short, I hope you guys get caught and your ridiculous anti-disclosure movement to keep the world insecure for your own unsavory ends fails miserably.

Sincerely,

FxChiP

rd = i^((i%8/2)%7)^ (3+(((i%8/4)*4)%7))^((i/8)*5)

Where "rd" is the transformed number of a given i and ends up being the "right digit" ("ones place") of the final value. Incidentally, this will generate palindromes if you run it over a range of i to i+7 where i % 8 == 0; in other words, any number divisible by 8 (including 0) up to that number +7, if you run it over that range, the first four numbers will *mirror* the last four numbers:

>> for i in range (256,256+8):
... print rsider_hells(i)
...
419
418
416
417
417
416
418
419


(Note, however, that that last bit probably does not generate a proper "rd" for 256 to 264, this just shows off the palindroming bit!)

If anyone can find an easier/simpler way to do all that (the generation, not the palindroming)... me love you long time.

ETA: fixed paste mistake in the example; also, the "rsider_hells" function is just a shorthand I made so that I wouldn't have to write out the equation but could test it using an arbitrary value for i.

For the given pattern of operations done:

0, 0, 1, 1
2, 2, 3, 3
4, 4, 5, 5
6, 6, 7, 7
5, 5, 4, 4
7, 7, 6, 6
1, 1, 0, 0
3, 3, 2, 2

The equation to figure out which one it is is:

op = (((i-(i%2))/2)%8) XOR (5*(i/16))

(thanks Jennie!)

( Cut for geekiness this time )

It's good to learn...

OMG APPLE WTF IS THIS SHIT

0xbc0-0xbc8: ffee0011 6262bfbf
0xbc8-0xbd0: eeff1100 40409d9d
0xbd0-0xbd8: ccdd3322 40409d9d
0xbd8-0xbe0: ddcc2233 6262bfbf
0xbe0-0xbe8: 4455bbaa 51518c8c
0xbe8-0xbf0: 5544aabb 7373aeae
0xbf0-0xbf8: 77668899 7373aeae
0xbf8-0xc00: 66779988 51518c8c

So you anticipate noticing the patterns in the individual numbers and then proceed to start doing much the same thing within *those* patterns!? This is cruelty!

Obfuscation tables: Apple's way of FUCKING with me.

( cut for excessive vertical length and whitespace )

Ah well. That's what makes it fun.

I just had dreams about it. I wanted to say last night, but really it was earlier today, like right after I got home from work. I seem to want to do that fairly frequently lately.

I actually dreamed about my new job. It was kinda weird. I was basically just hanging out with coworkers at the place I work, as a social event, I guess, and still getting tips on how to do stuff.

Ah well. Back to sleep for me, right after I get stuff done.

Life has been... erratic.

I have poured blood, sweat and tears into the last couple of months. I've had a lot of help from the best of friends; shoulders to cry on, places to sleep, and immeasurable help getting back on my feet. I've surely been knocked down a lot in life, and I'm truly thankful for all the help I've had in pulling myself back together and up and fighting.

I've lost the roof over my head, my bed, and my love. Large pieces of my life pulled out from under me like a rug. I've staggered, caught myself, been caught by others, pulled back up.

And the last thing I lose is one of the greatest curiosities I've had, one of the things I've spent month after month, perhaps year after year, playing at. Well, "lose" is the wrong word; the right term for it is "give up."

Over the past couple of months, I've noticed something. I've been withdrawing more and more from the psi chat I've been attending for a long time. I've sat through a lot the past two, maybe three years. Yet, it's become increasingly apparent -- especially recently -- that I'm not particularly wanted there. Which, you know, is fine by me; I've also been toning down my own psionic activity recently. Maybe I'll keep trying at it, or maybe I'll forget about it entirely. Maybe it'll be a more unconscious part of my life, always there, a way of knowing things I wouldn't otherwise ascertain, but not actively used.

But maybe, all in all, it's time I really and finally found my own path in life and in paranormality. Make a clean break with my past, and concentrate on my present and my future. Forgive myself my past dishonors, resolve not to make them again, and press on.

So, what's in my present: I put in an application for web coord at OWbN; I'm workin' my fingers off at my job (and loving every minute of it!); I have an apartment, and I've paid my bills and will be paying them again once I get my paycheck on either Friday or Monday; I have a renewed affinity, logic and passion for technology (poets gotta write, artists gotta sketch and paint, I've gotta code and maintain computers) that's deeper than I've ever felt it, admittedly possibly bordering on addiction; I have food and water and will continue to have such for a long time to come; and I'm generally, on a daily basis, really happy, except of course for the times when I'm not.

As for my future? Hopefully "more of the same" and whatever else I can find to keep things interesting.

But I would not be here if not for my friends -- thank you all so much. And for the first time in my life, I feel like I don't need a romantic relationship to be happy. It's kind of a strange and new feeling for me; I'm used to being all lonely. Glad to finally be clearing my system of that crap.

I look forward to tomorrow, and seeing you all there.

( Cut for image size. )

I'm... I'm kinda having one of those days. Not nearly as bad, but....

It breaks your ability to use QuickPwn, PwnageTool, and iPhone Tunneling Suite (ssh over usb). We don’t think this is a deliberate breakage of these tools. It’s just that Apple has updated a low-level USB protocol that normally only Apple cares about (but jailbreakers care about).

WAIT WHAT THE HELL!? Did USBMux/MuxTCP (the over-the-wire USB protocol used to communicate with the iPhone) get modified or something!? Am I going to have to rewrite that part of libiphone!?!?!? AAAAAARGH

Several sheets of paperwork, a few nights of sleep in a motel room and an $800 money order later, I have an apartment.

It's such a relief just to have gotten to this point.

Literally, the weeks preceding this last have been hell. The weekdays themselves have been fine, mostly consumed by work. The weekends, however, have gotten progressively worse.

I wasn't able to go back to Sac on weekend #1, and made myself sleep in a shelter, which was a terribly bad idea and one I do not plan on repeating ever again. Weekend #2, an unforeseen circumstance presented itself, and I wouldn't be going to Sac on that weekend either. I didn't know for sure until Saturday afternoon/evening and I didn't want to go back and forth in text messages, so I waited it out. As it turns out, I massively stood up and hurt... well, you know... after she'd cancelled all plans for me.

Weekend #3, I was finally able to get out there, if only for Sunday night. And I got what was coming to me.

Weekend #4, I was forced to abandon the arrangement that had been set up for me to stay in Stockton and working. I was also to quickly find another place to live. Which I managed to do, thankfully, but it was very, very close.

From the near halfway point of weekend #4 to just past half of week #5, I stayed in a Motel 6, waiting for paperwork to go through and for my chance to move in to the apartment. I made one of the biggest gambles of my life here. The stakes were having a place to live; the outcome determined where that place would be. If I got the apartment, I would continue to live and work in Stockton for as long as I can possibly maintain this life, hoping that I would be able to do so for a fairly long time. If I did not, I'd tip my hat and say goodbye to everyone I ever knew out here as I'd move back to Pittsburgh.

... As luck would have it, I won. I'm now leasing a two-bedroom apartment in Stockton that's walking distance to my job and the grocery store. I have a bed, a couch, a computer, and not much else besides groceries and other necessities. I'm getting some time alone out of the bargain... maybe I can use it to improve myself.

I had lots of help. I'm not going to sugarcoat that, or hide it, at all. One of my best friends has been one of the greatest helps I've ever had. I know it wasn't easy, and I owe her damn near my life. One of these days I hellsa have to find a way to pay her back. She deserves the world, no joke. I'm always going to have my door open for her. In fact, thanks to everyone to helped out during all this... you've all been wonderful, and I'm forever grateful for it. Let me know if you need anything yourselves, and I'll gladly help if I can. :)

Anyway. Got stuff to do. :) Later

( ... that nun had a moustache. )

Another fateful week it is.

Tomorrow I go sign paperwork, en masse, in preparation for the transferring of rentership from a couple on hard times to a me on hard times, and hope and pray -- hard -- that my credit check passes, which I'm about 50% certain it should. Everything else should come out squeaky clean and good, and I have justifications for other things.

And not a moment too soon, it seems....

So say a little prayer for me, I know I will, and hopefully it will all turn out good in the end. :)

That after the begging, scraping, and time, after the things I've made it through (some of them my own fault), and soon, after the dust settles, the prize will be mine for the taking?

I may make productive use of this mess I'm in yet!!!!

Welcome to Catharsis, the sign read.

The faux-golden letters on the tall, old-looking dark brown wood sign standing before him were free of tarnish, looking brand new. He shifted to push the weight of the bag on his back up, easing the weight on his shoulders if only for half a second. Then he sighed and said "guess I'm here," before following the dirt road cut roughly into the grass the rest of the way.

-----

He pulled open the glass door and walked to the counter, where a woman with brown hair kept in a bun behind her head turned around to greet him. "Well, hello there," she began, a friendly-professional tone in her voice. "Welcome to Catharsis! How long do you plan on staying?" she asked, pulling out a pen and a clipboard.

"Well... really, I don't know yet," he answered, shifting on his feet.

"Mmhmm... and what happens to bring you here today?"

"I just... I need to get away, and I need to work."

She nodded, filling out the piece of paper on the clipboard and making notes here and there. She cleanly tore the bottom of the form off and handed it to him, directing him down the hallway to the right. He thanked her and moved on.

-----

The entire place had the look of a cabin with sturdy, oak-colored walls and floors cobbled together from various stones. Yet nearly everywhere he looked, there was something modern and somehow out of place: glass front doors, computers, cords, television sets. He'd wander aimlessly when he couldn't sleep at night through near-complete darkness, listening to the occasional rumbling of some sort of machine or ventilation system if one was running or absolutely nothing if nothing was. He usually took one walk around the place where he stayed and then went straight back into his room -- something about the place made him uncomfortable, even as he would otherwise find comfort in it.

-----

Catharsis was a multi-purpose place designed for nearly every need possible. They were open for those who needed them, but the journey would not be easy. Catharsis promised work for those looking for it, a place to stay, to sleep, to eat, and to strengthen. They found a job for him right off the bat, and he worked to the bone at it -- no small feat, but not something he balked at either, as the job they found had always been a favorite of his.

For now, he would stay here. For now, he had a place to live, a place to sleep, and a place to eat. What more could he want?

-----

(End Chapter 1)

Notes: don't get too comfortable with the geography or anything. I assure you, it's going to change and become very weird quite often. In fact, the story itself may not even make much sense when it's all over... oh well.

Seems my random rambling on LiveJournal has given me an idea for a setting that I can only really describe as "modern medieval" -- but really, it's probably more like cyberpunk with lots of blatantly ripped off borrowed MMO content.

The setting is sometime between the present and the future. Gas and oil reserves have been depleted, and America (if not the world) hasn't really caught onto the whole green/renewable energy thing; the total loss of energy has also crashed the economy, leaving America's/the world's currency basically worthless and sending everyone back to, essentially, gold and/or barter and trade. Scraps of technology remain; most of it is scrapped, some of it is kept as souvenirs and sentimental value; a CD/casette player, a radio, a computer. Batteries, especially those with charge, have become a commodity, especially to those techno-junkies who need at least something electronic in their lives.

Celebrities are no longer the most famous people around; nationwide tours for musicians are unheard of. However, a side effect of this is that more musicians pop up in local areas; they are the modern-day minstrels, singing, writing, telling stories, entertaining for a bit of food or a place to stay (who said it was glorious?). This is the part that stood out most of this setting idea: the idea that many of the old medieval professions would come back, and everyone goes back to those roots where electricity wasn't even a glimmer in the eye of any living soul, giving the earth a chance to recover its energy to be discovered and used again. You would have knights, soldiers, you would have merchants, cooks, smiths, tailors, shoemakers, writers, farmers, anything that doesn't require a machine of some sort.

And people would thrive. Of course, it'd be hard, and you'd see it in the landscape: decrepit and abandoned office buildings, streets and street lights falling into disrepair, many people in the streets or having taken command over someone else's household.

But I think the interesting part of this is that while the major communication-oriented parts of our culture would go away (i.e. no more twitter, Myspace, anything like that), some of the things commonly taken for granted -- music, theatre, the written word -- would persevere even in the face of the entire obliteration of technology. Unfortunately, so would politics, but somehow I think that already-volatile field would have to reform greatly in order to adapt.

This all stemmed from me worrying that computer talents won't be worth that much if and when all the energy goes away. That post is blocked off because there's probably some sort of sensitive information in it. It's probably sort of a valid concern, but at the same time, I also don't see all of this going away anytime soon. It would take something extreme, worldwide, for it to happen all at once. Maybe it won't happen all at once, but it would come out before long that something strange is happening.

I worry too much. :)

I might actually go to bed now, but I felt I should share all that. Later all.

I actually added a feature or two to it today: an option that makes the third column (the IP of the hostname acquired by the reverse lookup of a given IP or one of the IPs in the given range) simply read out "match" if it matches the IP in the reverse lookup. Plus, the way I implemented it sets it up so that I can easily add more command-line options later.

Nicked from takhisis -- the Auto-Meme is a script that randomly puts together a bunch of memes for often hilarious combinations.

Here are some of the excerpts I have:

- IPOD IS THE BOX OF RAPE OF THE PENGUINS
- CEILING TORRENT IS WATCHING YOU GET LAID
- THESE ARE NOT THE WHALES YOU'RE LOOKING FOR
- BLOGGER'S CLOSED DUE TO STEVE BALLMER
- I'M A BUTTON! I'M A BUTTON! SUCK MY DIIIIIICK! I'M A BUTTON!
- JESUS CHRIST IT'S A TROLL GET IN THE TRAP (that's terrible)
- MAXIMUM TECHCRUNCH RUMOURS YIELDS MAXIMUM LAWYERS
- PROTIP: TO DEFEAT THE MORON, SHOOT AT IT UNTIL IT DIES.
- I REALLY DO HOPE YOU'RE GETTING LAID AND NOT ACTUALLY THAT FUCKING ILLEGAL.
- NOOOO THEY BE GOOGLING MY DONG
- I AM ELVIS, HEAR ME GET LOW
- I WILL NOT TEABAG THIS PIG — IT IS DIZZY.
- I REALLY DO HOPE YOU'RE SHOOPIN AND NOT ACTUALLY THAT FUCKING RETARDED.
- THIS IS BUTTHURT. I CAN TELL BY THE DICTIONARIES, AND FROM HAVING SEEN A LOT OF GUYS IN MY DAY.
- 2GIRLS1CUP? IN MY ICE CREAM? (anyone who has actually seen this will understand; anyone who has not -- don't)

I can't seem to get it to output any gold like others, though.

WARNING: Technobabble! You may not understand a lot of this! (If you do, though, so much the better)

Recently I had need of a script or tool that would reverse DNS a bunch of IPs, and then do a forward lookup on the results of the rDNS to ensure that the hostnames given would, indeed, point back to the IPs originally looked up to begin with. Something like this would, of course, be done to verify proper DNS operation of a host; essentially to make sure everything is pointing to the right place.

Take a look at the output and capabilities of it thus far: ( double-lookup output behind the cut )

I use a chunk of the Googlebot subnet as it's publicly available and I don't think Google would mind me hammering their rDNS too much in the name of getting things working. They probably deal with worse on a daily basis. I don't get into changing the second octet, because I don't really have forever to wait for my script to go through 65,535+ hosts, and that would almost certainly get me into trouble -- but the capability is there (or so I hope) in case someone really wants to play with it.

This thing is pretty good; you can pass it a single IP or a range (x.x.x.x-y.y.y.y) and it will cycle through the IP addresses in the range given, getting their hostnames and getting the IP address attached to the hostname (not always the same as the IP given to it!). But see, here's the thing: this is where my ambition grows and threatens to take over and deny me sleep tonight.

Because I want to add more.

I want to make the IPs you can pass to it capable of being comma-delimited; that is, you can pass a range and three individual IPs, or you can pass four ranges, an individual IP, and then another range. Basically I want to make this versatile as hell, so you only have to use it once from the command line and get all the information you want with regards to what it is.

Technically, it's as simple as throwing a split() function in there and iterating through the resultant array of that; applying my regex and routines to each member of that array, which results in the ability to query for a bunch of different machines at once, rather than just one range or just one machine.

The problem, of course, is that it's 1:50 AM (again... I planned on sleeping earlier but I'm a perfectionist), and I quite honestly don't have the time to pursue this further. Besides, it's complete enough for what I need to use it for, and that's the important bit, because now it's like, ten times easier to do the task I have to do. But that comes tomorrow. :)

However, for anyone who's interested in my ugly-ass Perl code, it's all behind the cut.

( double-lookup.pl )

Caveat: the column formatting used in this script is fairly atrocious (although to be fair, the script itself ain't exactly aesthetic... or commented). The output won't be pretty, but it should be separated enough so that you can see all three columns distinctly and it won't be too hard transcribing it into something else, if need be.

Oh, it's also not commented and fairly messy. Watch your step.

So as Stan Lee might have used to say, farewell for now, true believers!

I've done this before, but what the hell.

---

I miss the weather. I'm the strange sort that loves overcast days, looking up and seeing gray. I miss not being blinded by the sun every day, but not having to walk through the rain, either. I miss walking in South Side under that cloudy sky; even if I only ever did really see the strip that is E. Carson St, and that isn't all of South Side, I still miss it. The air I breathed there had character to it; a sort of volume I can't ever seem to find out here in California, try as I might. But even the feeling I got from daytime is nothing compared to the way it comes alive at night, when all the lights are on with colors everywhere. Sure, it's mostly bars; bars I never went into, and still (probably) wouldn't even though I'm of age.

And I miss the public transit. Granted, Port Authority is becoming more and more strapped for cash and is cutting service while raising prices, but I could still get where I needed to go. And as I mentioned before, Pittsburgh at night is nothing to scoff at; put your headphones on and start listening to techno or trance, staring out the window. Surprisingly, the surroundings fit the music, even if only blandly. I used to have Aphex Twin in a CD player as I took the 51B, 51B/D, 51C, or whichever buses I needed to take home, and... well, the music matches the town, is the only way I can really describe it.

Pittsburgh -- and living there -- taught me to walk long distances and be resilient, gave me the drive to go on despite what happens, and gave me hope that there's always something better at the end. Even though all good things, also, must come to an end, the experience is still all the sweeter. Most of the heartbreak in my life comes from Pittsburgh; but most of the firsts, and the best experiences of my life, all there.

I moved to Sacramento to be with the girl I love, and I'm moving to Stockton (eventually) to give us and others a better life, but there is no other location on Earth that truly feels like home to me... not even my place of birth, Minneapolis, MN. I don't feel nearly the same familiarity there as I do to Pittsburgh.

I wonder if that will ever change, for any place and not just this one.

Things to be said for my time out here, though... I'm twice the person I was two years ago, better in nearly every way. More focused, more skilled and more knowledgeable. And I would never have found out about OWbN or learned so much by doing their web stuff if I had never moved. I wouldn't have gotten this sweet job that I enjoy more than any other job I've ever had (even though I've only had a few jobs, so it's not saying much). And, of course, I wouldn't have found the love of my life were it not for this place.

That won't stop me from reliving my memories, though, and it won't stop me from missing one of the few places I could ever truly call home.

Hmm... I seem to have rambled on long enough... time for bed.