Random Thoughts

There is a big difference between “Being Secure” and “Feeling Secure”. Far too often even security professionals (financial, physical, computer, or any other) lean towards “feeling secure” rather than actually “being secure” because “being secure” is very very hard, if not impossible. Feeling Secure is a feeling in your gut that you’ve done all you can think of and covered every base (that you know about). You have used every little trick you know about, even if you don’t know how or why it works.

I do not wear a face mask because it’s the law, because it’s not a law it’s an executive order… I do not wear a face mask because it keeps me or you safe from this virus, because it does not and there is quite a bit of scientific discussion about the efficacy of the various types of face masks… I do not wear a face mask because someone on TV said so, I don’t care what supposed celebrity X says about anything really…

Lately several people have been going over how they have their GO projects laid out, so I thought I’d join the group. I even went as far as created a powershell script to create the basic structure and initial files for a service/daemon based golang website. It ends up with the root folder where you store your shared objects, logging, and config, and then subfolders for different aspects of your project.

So far this year we’ve had a wild ride with all kinds of crazy. I’m often thinking about how “we” are going to get out of this mess. I’ve never hidden my religious beliefs, but I tend to keep quiet about everything. But I’m trying to speak up about ‘stuff’ more…but you might not like it. So here’s what I think about the events of today…There is only one solution to our problems, its not a politician, its not a political party, its not a school of thought, its not a movement, its not an organization.

For the 102421984th (rough guess) time, I’m changing blogging platforms. Any posts that I still have are ported over, but I know there’s some of my very older posts that are permanantly lost (for better or worse)…like the rant I did on getting repeatedly shocked (static electricty) everytime I went to Walmart. As I’ve been reading over some of these, I decided to keep them all in their orginial text..even if I’ve changed my mind or would word things differently.

So I was working on a side project that I use as a landing page for a placeholder website. I was orginially using just div’s with javascript moving the div’s around the screen and it worked fine…but I really like SVG…so I rewrote the page to use SVG instead. Old Page New Page Now its not taking advantage of any SVG Animations, or any specific animation framework…because as of this writing there isn’t a standardized support across all browsers and platforms: see here

So I was setting up my GOGS internally so my sons could have a place to push code (and so I could host my many never-completed projects) and I ran across an issue with git not liking my certificate on the HTTPS server. Its not self-signed, but it is from my internal CA. This is windows-land so its already trusted (AD CS) by the OS, but apparently not by the default git install.

So I’ve recently had a few automation random ideas. The problem was that it was such a small automation and I wanted it to be useable anywhere, so I wrote it in a single HTML page and the code is in Javascript. SVG Path Cleaner - changes all the numbers in a SVG path to be decimal (i.e. rounds the number) Random SVG Page - creates a small random SVG path

So back when I first started writing code, I was had this obsession with screen savers. I don’t really know why but I loved screen savers that were not repetitive, ones that changed over time and did something. Like any of the following: Johnny Castaway by Sierra Online - best writeup, wikipedia the After Dark series by Berkeley Systems - wikipedia SETI@home World Community Grid Various Santa Clause antic’s screen savers Various Fish Tank screen savers …and my personal favorite:

DOC 01 DOC 02 DOC 03 DOC 04 DOC 05 <- You are here Again the fifth challenge is a zip file: 01E1B7BCFB39B4A666475991AF11C5762A489F9395C48B4E156526E1C6E4573F But I have to first admit that I solved this one third, not fifth…in fact I got a message when I tried to submit the fifth challenge solution early that I had to do them in order. How did I do them out of order you ask?

DOC 01 DOC 02 DOC 03 DOC 04 <- You are here DOC 05 Ok, so the fourth challenge is again a zip file (hash: 1A2570D5CC6E2C3A185E939DC49CB4B908B867E02AC84BF7ABB532B3395FB01A) and it contains a file fun.docm (hash: 4AE794A701D2F28BA7E6292F0463444F6A567CB7C26188A518270544252877FB). Now the first thing you need to know about the newer office file formats is that they are all zip files. So yes a DOCM and a XLSX and a PPTX, etc are all ZIP files with various contents pieces inside (see here for other zip based documents)

DOC 01 DOC 02 DOC 03 <- You are here DOC 04 DOC 05 So we get the third zip file which contains file named “gooby.pdf” (hash:3FB332A27A28AF95187F45D79EC8A08ADEF1A4AAD0D4DDD26B832A15CE9DB91A). Well now we need to turn to PDF tools. I admit that I’m not as well versed with the internal structures of PDF’s as I am with Office Documents, but their structure is also simplier. So I first tried PDFStreamDumper by David Zimmer, but it didn’t see the javascript intially.

DOC 01 DOC 02 <- You are here DOC 03 DOC 04 DOC 05 So we solved the frist document and then they give us this…Document #2 (hash: ACCDF64EB1E96BE5A7C5F23DB6A74B88869E4F6C3B46D41F80B3063BF79AD05E) So again, run it through FileId tool and get the VBA code out (using the XML or JSON output options). Sub AutoOpen() ' ' crackme Macro ' ' UserForm1.Show End Sub and Private Sub button_Click() x = suchcrypto(key.Text, "General Vidal") If x = "171,184,42,184,88,26,47,154,20,219,203,130,52,19,180,214,156,94,186,74,30,248,119,235,139,130,175,141,179,197,8,204,252," Then MsgBox "Wow.

On 2016-07-15 at 5pm EST Palo Alto Networks started a Capture the Flag competition with cash prizes called PAN Labyrenth CTF. When I looked at the challenges I noticed that there was a Documents track, and since there was a cash prize to the frist person to complete a given track I thought I’d give it a go..hey $1000 for a few hours is not bad. It only took me a few hours (actually more than I intended because I got stuck overthinking one of the problems), but I don’t think I was the first one to complete the track.

so one of the things this blog is going to try to accomplish is collect all the various items that I’ve put on various places in the web. This means old school projects/papers/writings/thoughts as well as linking to & copying of content that I’ve produced that lives elsewhere on the web. We’ll see how it goes…

so i’m trying to start to blog again…not because I want to talk, but because I want one consistant place to put everything… we’ll see how it goes!

So not being a literary scholar in any way, shape, or form…not even on TV or the Inter-Webs…It has never clicked what exactly an allegory was or why it was different from a parable, so I decided to use the vast misshapen knowledge wasteland known as the internet to scavenge a bit of meaning and difference. Here’s what I found:Yahoo! Answers- parable is a subset of allegory, but its shorter and usually only conveys a single ideaThe Narnia Academy- again parables are shorter and only convey a single point; this says it well (from the article)In essence, parables simply compare one event or action or theme to another while allegory uses characters or events to illustrate the topic or theme.

“We’re going to [the grocery store] because you’re a boy and I’m a girl” Isn’t that always the case…

So i was hoping for more snow last night. Though it was cold enough, there wasn’t any precipitation. Oh well, guess I’ve got to go to schoolwork today… [edit] So now its really snowing, but I’ve already biked to the bus stop…mental note: next time wear gloves…

Text -> Music -> Text Music -> Text -> Music So #2 is pretty common and there are a few variants that work and are completely reversible (e.g. MIDI) and even more that are not very easily reversible (e.g. most Audio file formats [MP3, WAV, etc]). The primary difference is that the later are designed to be digital transforms for auditory sound (i.e. any noise), where as the former are specifically for music, or the written interpretation of music.

It was snowing when we woke up this morning! w00t! It’s not sticking but I’ll take what I can get! :)

Choices have consequences Right, Responsibility, and Results of Choice Agency = the right to choose; next to life itself, the right to direct that life is a Great gift of God; Imposed Salvation = plan of adversary…anti-agency; though suffering He became the great redeemer; men are free to choose liberty and life (and thus joy), or captivity and death (and thus misery); we cannot be neutral - there is no middle ground; guidance is available to assist in our safe return - prayer, promptings, and scriptures; we have all the tools nessesary to make correct choices; we have sufficient to know good from evil; we cannot afford the luxury of a detour; don’t be pacified; momentary/temporary results or long-term results; “if you do not know where you want to go, it doesn’t matter which path you take” - chesire cat; by choosing our path, we choose our destination; courage to say no, courage to say yes; descisions determine destiny; what is your end goal?

"Sometimes you gotta cry, sometimes you gotta poop.

So this one is pretty obvious, but here it is: Add BMP Header

Played a game of candyland with the fam…but with real candy! Best game ever (only with candy!) :)

We need to tranform this: To This:

So here’s an encoding method that can render an encrypted message to be only encoded: Encrypt message (any valid encryption) with key “A”, _where “A” is a valid encoding method used in step 2 Encode message with encoding method A There you go, you can now render that great security by encryption completely useless :)

Today’s encoding method brought to you by…a book In Jules Verne book Journey to the Center of the Earth(wikipedia, project gutenburg) the protaganists find an ‘encrypted’ message from a finctional scientist Arne Saknussemm. The message isn’t really encrypted but encoded using the following encoding/decoding scheme: Translate message to Latin Write it backwards Apply Hardwigg transform (more on that later) Translate characters to Runic (again, more later) And there you go…

So as I have this new blog (again), I haven’t decided if I’ll port over the old posts from previous blogs…probably not, `cuz I’m lazy…

Will it be a long day Or just another hey hey Will time zip on by Or punch me squarly in the eye

Found a business logic flaw in a major online “pay-for-content” site (not p0rn), though I can verify that it has problems in their parent family of sites, I wonder how many other sites have this problem…probably most of them… Waiting for a response from the vulnerable company before I post details

So, after much ado, it’s live: http://blogs.technet.com/office2010/archive/2009/12/16/office-2010-file-validation.aspx Its what I’ve been working on for some time…

So I’ve been playing with proxy chaining recently and some have suggested just using TOR (or Freenet). I just wanted to point out that though TOR and FREENET do a decent job of making multi-hops automatic, you have to install software. So from a pure attacker’s POV its not as useful. Though it might be a good starting point, it would be more difficult to use it in an attack.

From Schiener on Security - My Reaction to Eric Schmidt: Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.

So I’ve had a need lately to convert MOV audio files to MP3. At first I searched for self contained solutions online and everything looked and worked like carp-on-a-stick. So here’s what I came up with…use VLC, then I put it in a powershell script. Here’s the commandline for VLC to do the work: vlc -I dummy <INPUTFILE> ":sout=#transcode{acodec=mp3,ab=128,channels=6}:standard{access=file,mux=asf,dst=<OUTPUTFILE>}" vlc://quit Then I just wrapped this around a “gci” on an input folder and viola!

So most “techies” know that all things have a lifespan, electronics especially. So if you’re not backing up your data, you will be soon (or loosing that data). My family recently had a 1TB USB external disk fail. Turns out that the “disk” was actually two 500GB disks RAID’ed together. After some investigation it turns out that DISK1 has hardware failures, and DISK2 is fine. But since its RAID’ed together none of the data on DISK2 is available.

Happy Thanksgiving Everyone! Things I’m thankful for (the short list): My Wife My Children Family God & all that He has done (Yea, that’s everything…) A House to live in A job (a very good one at that!) Food (you knew that was going to be in there didn’t you!) Prayer Scriptures Technology Gadgets Freedom

“You’re ugly for a pinapple” Aren’t we all?! 

So this article “Remote uses no power” makes me wonder how much power is actually generated. I mean if I replaced all my floors in my house with something like this, what would it power? Or what if every peice of exercise equipment in a gym also produced energy? How much would that be? It also reminds me of an idea that I sketched out about 10+ years ago where you would wear a suit that generated electricty from your movements (i.

I wonder if I can put my hobbies into a single project…hmmm…

Yep, I’m here….yep, nothing interesting to say this morning…

I’ve decided that I won’t port over the vast majority of my old posts, this being the 7th incarnation of my blog, mainly because there’s no value in it. The only reason I would do it would be to show that I’ve been blogging for quite some time…which isn’t a good enough reason…

Keeping Big Brother Out: A VERY Brief Guide to Privacy Online The Principles Once something is online, it is eternal! This goes for all email, tweets, blog posts, forum posts, comments, etc Encrypt everything you want private, if its not encrypted assume others read it and know it came from you! Again this goes for all email, tweets, blog posts and comments, forum posts and comments, anything everywhere. Encoding is not Encryption!