Calea zacatechichi

Recently I learned about a whole class of herbs used for lucid dreaming, or to cause more vivid dreams. They are smoked, taken as tinctures, or brewed in tea. One of them is called calea zacatechichi, aka dream herb. Extremely bitter, but also available elsewhere in a non-bitter version, this herb is supposed to be great for lucid dreaming.

I experimented with tea, being unwilling to smoke it. The effects weren't noticeable until I started using about 5 grams at a time, steeping it in hot water for 20 minutes. The effects were as follows:

I did not dream until the fourth night of taking the tea in increasingly large doses. One night had memorable dreams about alligators, chasing them and people being eaten by them. Not frightening, more of a friendly "How doth the little Crocodile" alligator or perhaps the alligator in Chukovsky's "Barmaley".

Other sources have noted that if the tea or an extract/tincture is taken after 4-6 hours of sleep, the effects can be increased, which I have noticed. On nights when I have taken calea tea or tincture, if I wake up early in the morning to quiet the alarm clock and go back to sleep, it is much more likely that a dream will occur. It will last longer (despite the sleep duration being less than 2 hours) and will be more memorable.

A few nights ago, I let myself sleep a little longer in the morning, after taking 30 drops (larger dose) of a Calea tincture in water.

The dream I experienced was roughly as follows: I was in a large hall, like an airport terminal. The lighting was dim, and I understood that this was the waiting terminal after death. I was dead, all the multitudes of people around me were dead, and we were all hurrying to some sort of departure gates, where planes were waiting to take us somewhere. I had lost something, perhaps a backpack, and wandered the upper levels looking for it. Then later, I went down to the lower level. It had been teeming earlier, but now was empty save for a man mopping the floor. I went all the way to the end, looking for my bag, but could not find it.

No lucid dreaming yet, but I must not be in the proper mindset.

Interesting Comment about OpenWRT

From here: https://news.ycombinator.com/item?id=13164263

User Ibenes (emphasis mine):

That's a terrible analogy. I use both cyanogenmod/XDA images on my phone and custom firmware on my routers. There is no comparison. The XDA images lack drivers, feature, and have strange bugs. While the DD-WRT is rock solid, years of uptime.
I flashed my parents classic WRT-54G with DD-WRT and 6 years later it was still running without a single reboot(networking equip on UPS). I also have another linksys that's sold as a router that I turned into a wireless bridge for the corner of my house. This also has never had to be rebooted. Finally my ASUS AC1900 has been running merlin for years now and also rock solid.
As long as you use stable branches, Merlin, DD-WRT, and OpenWrt are a huge upgrade in stability over factory firmware. Of course, you need to run them on decent quality hardware like classic Linksys or Asus.
TP-LINK is cheap chinese crap. It gets poor reviews for a reason. Even the best OS/firmware can't make up for hardware bugs.

Piratebox troubleshooting

In an attempt to learn more about OpenWrt, I tried to install bash instead of ash on my MR3020 with piratebox on it. Except I did it the stupid way and edited some conf file (shell preferences maybe) to use bash directly, even though it didn't exist on the device. Well that was that. Couldn't really get off that.

So I bought another MR3020, and bungled the install of that one. I filled with it for many hours trying to fix it, but gave up and got a MR3040, then carefully followed the instructions for LibraryBox, a project based off Piratebox, and got that one to work.

You have to keep the switch on the side to WISP.

Problem is, the LibraryBox looks awful on a smartphone (I guess because the webserver it has doesn't react properly to mobile user agents.). So I decided to retry the install of the second MR3020.

Note: I had installed the OpenWRT firmware provided on either LibraryBox or Piratebox, so had to go back.

1. I tried to reinstall the default device firmware .bin file without taking off the bootloader bit, and got an error "failed to erase block".

2. On this page I learned that I should not reboot or shutdown the router as that might brick it. Instead, I served up the OpenWRT from Piratebox, renamed as generic.bin, via netcat.

On the serving machine, I used this in Command Line in the folder containing netcat on Windows 7.
nc.exe -l -p 3333 < generic.bin

On the receiving machine I used something like nc 192.168.x.x 3333 > /tmp/generic.bin (see here at the bottom for guidance).

Then I committed the generic.bin file with mtd write /tmp/generic.bin firmware (no -r for reboot).

Now I had the "base"-line OpenWRT image that is used in the installation guide on Piratebox.cc website, on the router.

Then, I followed Step 2 of this guide. It worked fine. I was able to ping DNS from my router.

Next, knowing that version 0.3-2 of piratebox was definitely old, I decided to use a command similar to the instructions but with a newer ipk version. I went to the website http://piratebox.aod-rpg.de which turned out to be yet another website hosting Piratebox scripts. Turns out the old ipk didn't exist there at all.

But I found the link: https://wiki.openwrt.org/doc/howto/piratebox.librarybox.openwrt.routers

And followed the guide located there, and discovered that the OpenWRT box didn't have enough space for the installation. Turns out that rewriting firmwares may not remove the old stuff, which still takes up space. Searching Google turned up suggestions to repackage the firmware myself, definitely not an evening's work.

(I suspect that the automatic installation process of the PirateBox, with the separate install folder on a USB key, gets around the insufficient space issue by loading an external storage device and then creating the filesystem, with the proper directory structure, on it directly.)

Then I considered removing the /tmp directory, but it has a bunch of files that do not get deleted between reboots, so they must be important. At my wits' end, I placed the router into failsafe mode and ran the mount_root command to clear everything, served the generic.bin file via netcat again, installed it, got access to the internet, tried to install just the piratebox package from here and found I was still out of memory.

Side Note about USBs: Piratebox can only use FAT32-formatted USB keys. I tried formatting these things using Windows formatting and Linux tools, and nothing seems to work right. Kingston DataTraveler USB keys, in the 64GB size that I prefer, come pre-formatted in FAT32. The key is not to format them again, but instead just delete files as needed. When upgrading the Piratebox, your USB key should not contain anything other than the "install" folder. Piratebox, during the automatic installation,  will create the proper directory structure. 64GB is quite enough for enough movies to last you, and the people around you, a number of flights. Additionally, USB 2.0 is supposed to work better, even though the copy speeds are abysmal.

Then I used a pre-existing FAT32-formatted 64GB USB disk, put the install folder from the piratebox_install zip file, and followed the instructions on the Piratebox.cc DIY page, from the upgrade PirateBox section, waited 45 minutes, and voila the PirateBox worked again.

Another note. When I installed the generic.bin file I ran passwd, which in OpenWRT disables telnet and enables ssh, and set the root password. Now, after the Piratebox install completed successfully, this root password plus SSH was what I used to access the box. No need to disable telnet, it's already been done.

Now I will just leave OpenWRT on this little thing completely alone.

Paris!

I am going to Paris for the last week of December. A close friend is teaching English to French high-school students for eight months, in Paris, and invited me to visit. The visit will be to see him and also to see Paris. I leave on Christmas Day, to arrive early the next day, and return on January 3. The splendid factor is that Chanukkah overlaps both Christmas and New Years' and I shall make the opportunity to celebrate the holiday in Paris, with a travel menorah.

Just like Darth Vader in this little video, I'm going around trying to slip Paris into the conversations. While getting a haircut the barber said to not have any expectations of Paris. Go with an open mind.

Edit: I don't like entering an email just to download a free language lesson, so here's the Pimmsleur free French lesson to download: Link

Long-overdue updates

My my. It's been nearly three months since I last posted! Since then, my engagement in Chicago presented three intense weeks of network testing, and a network architecture review in Seattle followed, which will wrap up in a couple of weeks.

 I write this in the last week of actually being in Seattle proper, a great city in which I would actually consider living were it not much more expensive than Houston (per NerdWallet). This is the first city in which I saw that trees ripen with fall color from the top down rather than all over. The eventual full colors are breathtaking:

 The "bipolar" weather, with clouds in the morning changing to a few hours of afternoon sunshine, is appealing, and the brisk temperature fills the sweet spot I've always lacked in Houston. The few days a year in Houston when leaden clouds hang about all day, and the temperature stays around 50F all day, are my favorite, and Seattle has plenty of them. There are evidently few snow days, if ever, since most of the precipitation is substituted with rain instead.

In recent tech-related news, the latest issues of 2600 had an article about the PirateBox, an open file sharing router software that can be installed on portable routers to let you share files, post on a forum, and chat anonymously on a wifi network generated by the router. It is great fun, as now I can carry with me an open wifi network on the long airplane flights to Seattle.

Above is my setup. The portable router is on the right. There is a 64GB USB 2.0 memory stick, which is plenty for quite a few movies, books, and collections of music. The router is plugged into an Anker PowerCore 21000 power bank, which, though it takes ages to recharge, might power this little router for a full day. I keep it on the entire time on the airplane. The actual software is a repackaged version of OpenWRT, and the default shell is ash which so far has prevented me from doing much on the actual device. However, I will shortly install bash and other tools onto the device at least to see whether anyone actually connects to it.

I also recently purchased a large ADS-B antenna for the piaware setup and placed it in the attic. This drastically increased the reception by several hundred percent, such that my station jumped from ~4000 to 1500 in the Flightaware rankings. It now receives an average of 500,000 reports from roughly two thousand aircraft, each day. Installing the Pro Stick Plus only improved reception slightly, by about five to ten thousand extra reports each day, because this version of the Pro Stick has an integrated bandpass filter. Here's the past setup, before the Pro Stick Plus:

I'm also planning a home network upgrade, to install a DMZ based on this guide and then place a Tor relay on the DMZ to avoid any compromises of the home network. This is especially important as recently my next-door neighborhood began using the network and reliability became much more necessary. As part of that I upgraded to a Netgear AC 1900 Router+Wifi AP, and plan to install a remote power cycling device to reboot the router automatically whenever the Internet stops working. The draft plan is below:

Definitely some room for improvement.

On the gardening front, I've decided that 2016 will never freeze and therefore that it is time to buy some basil plants online and plant them in soil on the balcony. Additionally, given that fruiting vegetables, even in soil, require more attention than the weekly-traveling worker can apply, I will switch to growing flowers, perhaps bee- and butterfly-friendly. The numerous honey bees enjoying the blooms of the one large basil bush on the balcony filled me with joy to the extent that I harvested the leaves just once and didn't bother with them for the rest of the season. What better way to continue with the bees than to plant a pollinator garden?

I love the sound of classical music in the evening

There's something so calming, yet stressful and disorienting, about listening to unfamiliar classical music after-hours at work. When most of your coworkers, or the people who work at the client location, have left for the day, and the rooms and halls no longer bustle with foot traffic. The silence presses in on all sides, perhaps causing some tinitus. Time to check your YouTube playlist for lesser-known pieces of music, or violin pieces, turn the music on and wonder what unusual sounds are filtering to your ears.

Written to the first movement of George Antheil's Symphony No. 1.

Fixing SD Card issues

Recently I purchased two SD cards preloaded with Raspbian from Adafruit. Each card is 4 GB in size, and is class 4 in speed. However, they both came write-protected, preventing formatting in both Windows and Ubuntu. In Ubuntu the card appeared as two or three partitions, and in Windows it appeared as if the card only had 55 MB of total space. It seems it occurs when certain software with write-protection is used to create the contents of the card, and so the protections can only be removed with that software (but not really).

The solution was to follow this guide (and also possibly to put tape around the write-protection slider on the side of the SD Card):

And now the whole card is visible.

Now it's time to use Win32DiskImager to write Raspbian Jessie Lite to the card...

and move on to solving why the HDMI to VGA cable connection isn't working properly.

News and Olds

A project in Chicago for eight weeks has turned into me sitting at home instead and catching up on my RSS Security Feed. In which I learned about KeySweeper, KeySniffer, Patchwork, and more. I've also begun to watch Blackhat and Defcon videos. Yesterday I saw an interesting presentation from last year about Abusing XLST. This will be a good way to keep up to date on industry happenings.

P.S. I really want to try this out: http://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/

Toorcamp Slides

http://www.slideshare.net/markkerzner/toorcamp-2016

The presentation at the Hadoop and Apache Spark Meetup went well. Unfortunately I do have to work on presentation skills, specifically determining how technical an audience is by asking questions or a show of hands, then tailoring background details based on the responses. Later, I realized that the audience was heavily based towards database admins, systems analysts, SQL people, to my uneducated eye. They might not have known what a CTF was, when I discussed Vito Genovese' presentation on running the Defcon CTF.

Edit: Unrelated - What a great write up, hadn't seen it before: here

Toorcamp presentation

I'm presenting a slide deck to the local Houston Hadoop and Apache Spark Meetup - Special Guest Presentation. The slides should be up on slideshare later on.

July 4 fireworks and reviews

I finally got to use the whole stash from last year, freeing up a bunch of space under the bed. Here's a review:

Nightmare Fountain - As always, amazing display and great value for $25:

1000 roll of BC firecrackers - gee whiz, this is too long. 500 is better, especially when left in rolled up form for maximum effect.

Bug Eyed 200 gram fan cake - nice, but I'm realizing fan cakes really aren't suitable for lighting in a neighborhood street without distance to appreciate the effect.

Motormouth - Misfired and something like 70 shots went off simultaneously. Otherwise, nice, but I still prefer Fireworks Fiesta.

Brothers 'Box of Bombs' - Got this instead of a second case of the 'Brothers Anniversary Combo' because they didn't have enough - Except for 'Cobalt Bomb', I wasn't impressed. The colors are similar across all cakes and the breaks aren't all that high.

'Brothers Anniversary Combo' - Firefly was amazing, with heart-thumping breaks and launches. Ditto for Baby Boomers with its amazing willows thrown in. Saturday Night Special was fun because of the special effects but just a bit underwhelming.

Proud 500 gram fan - not impressed. Too short. 

BP Firecrackers - very good, but commercial 500gram cake breaks are even louder.

Rockets - sugar rockets all were too powerful or failed spectacularly. Firecracker launched on D12-7 was just fine. The thrust was plenty enough to compensate for the seven-second delay.

My Artillery shells - Last two remaining. Two were launched, on a D12-0 plus E9-4 combo, each. Stabilization wasn't perfect, as each rose at an angle. Each broke a good thousand feet up and the effect lasted for almost a minute as the wind carried the firefly stars slowly back towards us. Video will be posted later. Here's an example, which turned out vertical on Youtube. I'll fix it later.

Wax-based Smoke Bombs - 100 gram size makes too little smoke for taste, and for 3 straight minutes. The 300-gram size is much more effective, both in the burn and the actual smoke.

R-candy equivalent smoke bomb - Actually flew up 30 feet and burned up in just a few heart-pounding seconds. Perhaps adding a wide-throated nozzle was a bad idea.

All In cake - great as usual. New this year was Evil, with amazingly wide breaks for such a small, cheap ($4.50) cake.

Life updates and new things learned

After Toorcamp I went to company training, held in Orlando. There were 1800 people here, all associates, senior associates, and managers. I met many cool people, went on my first rollercoaster at Seaworld (and then six times more the next day on different rollercoasters at a different theme park), discovered that Moshiach has come in the form of kosher food, and did a bunch of networking. All in all, a useful exercise. Oh, there were also daily courses that had a nice bit of useful information.

New things learned: May 1, MSFT released a tool called LAPS which mitigates the effect of Pass-the-Hash attacks against Active Directory - based networks. Read about it here. However, there's an interesting attack I need to read about for privilege escalation on Windows boxen, which could help as an alternate attack.

Note-taking tools: Google Keep and Toodledo. Keep sounds nice, and Toodledo is useful too.

Updates on Toorcamp slides and Kali Linux Persistence

I didn't work on the slides today, on account of a lovely long bike ride. I'll work on them this week after each day's training (in Orlando) is over.

Just now I set up persistence on a live kali USB for the first time. It's the Kali Rolling distribution of Kali Light, which by default installs virtually nothing. The USB key is 32GB capacity, which can be had for 10 bucks or so on Amazon. You can get the top 10 tools, which cover the majority of good stuff, with kali-linux-top10, which is 1.5 GB when installed. Then I spent way too much time messing with pulseaudio and alsa to get the sound working. Turns out that for some reason the sound on this specific release of Kali comes muted. Here are the steps I followed:

1. Install alsa-mixer with: apt-get install alsa-mixer -y
2. Run the following and create it as a launcher (for now): amixer sset Master unmute
3. Open the Pulseaudio Volume Control. In my case there are two options in the Playback tab for the playback - "Built-in Audio Digital Stereo (HMDI)" which does not work, and "Built-In Audio Analog Stereo" which does work. I selected the second option and finally things worked.
4 (optional). Right-click on the panel, wherever it's placed, and add a "PulseAudio Plugin" plugin to control the audio.

Voila. And now it works after restarting. Eventually I'll figure out how to maybe just unmute on login or boot.

The bike ride was a new one, which I'd planned out using Google Maps. However, I neglected to allot enough time for the ride in light of it being new, and also did not notice that the route included one underpass and four overpasses. And of course I got lost, going well past the road that turns west and on to a rather seedy area with no bike path whatsoever. The road that I took as an alternative, going west, had several uncovered sewer drains which meant that occasionally the bike lane included holes at least nine feet deep. The ride took till 45 minutes after sunset, with a total of about 36 miles.

Toorcamp - Friday through Monday

The rest of Toorcamp was extremely busy. By mid-day Thursday I was loosing track of the people I'd met. Fortunately, the impressions are still fresh, and I went to several talks on Saturday, the last official full day. I've been asked to create a slide deck for a special Toorcamp presentation at the local Hadoop and Apache Spark meetup, so will work on that through Sunday and post it here via Slideshare or Prezi hopefully on Sunday.

Toorcamp - Third day - Thursday - Part 1

After the last post, I walked over to the volleyball court to the wood-gas generation project, which connected two trashcans with air ducting to extract wood gas from burning wood chips to power a generator to power a heater. Again, interesting implementation with a somewhat pointless end result. After that, I walked over to the Pop-up cafe to get some club mate, which is concentrated sweetened mate syrup mixed with seltzer water. It's pretty good, and I got another before the introduction to the talks occurred. I sat next to a group from Las Vegas, the Psychoholics, who run a hacker/makerspace called Syn Shop. Great people, and I spoke for a while during the keynote presentation with a quilter and model house maker about gardening. She is in the middle of building a 1:12 scale model of a house, complete with working plumbing, bricks, and wooden jousts all the way down to the details. It's fiddly work.

After that, I walked over to the Lower Camp and met someone from RCCGroup which is sponsoring toorcamp and also supplying free beer. We talked about hacking webcams and other embedded devices. I also got a "stamp" on the information passport all the attendees have been given from 98.3 "the lol", which I'll have to check out with an actual radio, or when they start streaming online. Afterwards I was encouraged to find a kosher solution to cooking at Milliways, which is the cafe/restaurant at the end of the universe (from Hitchhiker's Guide to the Galaxy, a hacker manifesto among others).

Afterwards  I hung out with J, who showed me his large hacking box with various Arduino equipment and moisture and temperature sensors, as a side project to possibly integrate that into gardening applications. Shortly after the hard-drive launcher was put into action, and the quadcopter that came with my bag was also used to see if it could be destroyed by a flying hard-drive platter.

Toorcamp - Wednesday - Day 2

Dawn comes early here, at about 5:30 as the cock crows. The cock in the garden next door, that is. I would like to have strangled the cock but since this one has its spurs it might be a tossup who would cry last. At 6:30 I showered and washed, then prayed, taking care to avoid the scat from the numerous deer that browse this open field, usually (when there aren't tents there). Afterwards, I walked around a bit more and examined a different beach with interesting algae that has flotation bladders, making it look like the dread spawn of Chtulhu in the unborn state. The driftwood was also oddly feminine.

The office opened at last and I registered a spot to move the tent on Friday afternoon, to avoid having to pick up on Sunday. Unfortunately extra payment had to be made. I also signed in to the event, officially, and got a bag with a shirt, an inkable circuit pen (more about that later), a wristband, and a little quadcopter. The field set-aside just for drone racing just got a lot more interesting, especially since I'm pretty close to it.

After walking around, I went into the garden to examine it in greater detail and met a man who is the CTO of the company that makes the printable pen circuit thingy distributed in all the bags. He is a dedicated chemist, biologist, molecular biologist, and gardener, i.e. a maker in the biblical sense, which is amusing since he is also Jewish, and opened our conversation by telling of his great-grandfather's kippah, made of leather and died like a beachball, and now over a hundred years. He participates in the ArduCopter project, a project that after 10 years of effort and many shoulders of design has crafted a quadcopter seven feet in diameter that he and a friend plan to pilot to the island. It will rise in hover mode to a certain height, then convert to a flying wing almost and glide the rest of the way. It's being piloted from Seattle. The goal is to deliver a warm, non-burrito vegetarian taco to the man for his Thursday lunch.

The place continues to get more crowded, even as a steady drizzle has begun. More will be posted later, maybe when the wifi connection is finally made.

Part Two - this is being written Thursday morning. Wednesday for the most part passed quickly, and was all about registration and arrival. The field filled up with tents and people. In need of a grocery run, a welcoming couple allowed me a spot in their van, with their dog Lola who had her own Toorcamp shirt. We went into the town of Eastsound, which heavily caters to tourists. I bought a bunch of fruits, veggies, cereal, and a 12-pack of beer to share with people. The store had the largest (and best) selection I'd ever seen of 12-pack beer samplers, and I couldn't resist.

It also appears that everyone walks around either drinking beer or smoking weed, which is legal in Washington. I queried the couple who gave me a lift (T&A), who live in Seattle, and they felt that weed had a semi-taboo status on account of still being federerally forbidden. However, people say things like "I can't wait to eat, get a little bit stoned, it'll be just right" and the ability to say that without fear of retribution (even if there wouldn't have been retribution earlier in the privacy of your own home) is curiously enlightening. And T&A might be right, as even my friend L was oddly surreptitious when mentioning how much he had the night before.

You'll notice the lack of names. For whatever reason, whether to preserve anonymity, or because of the heavy use of IRC among some people, where nicknames are common, between half and all of the people here have nicknames or prefer to be called only by their nicknames. Hex (more about him later), _pronto (haven't seen him yet), the aforementioned L, etc. T&A have names, but I think it's nice to leave out the details.

After getting groceries, I continued walking around and while going with L to get a beer we came across a curious contraption, clearly, even to the uneducated eye, for some powerful force. It had 10 giant capacitors, connected to various coils and other things, and on top of the thick plexiglass in which all the electrical stuff was contained was a coil, like a stovetop heating element. After guessing and giving up, the pleased man standing next to it revealed that it is a device with no use whatsoever beyond Toorcamp. It shoots hard drive platters into the sky, via 2000 volts of energy and 3000 joules of power, by inducing a magnetic field in whatever metal part is placed on top of the coil and launching it on the big step for hard-drive kind (beep/beep-beep/krkrkrk) via opposing magnetic fields. The field is powerful enough to create a slightly concave shape in the hard-drive platter.

L had to shuttle people from the remote car lot, and I went over to the "Lower Field", the other assemblage, besides the "Upper Field" where I'm encamped, where makers and breakers are sitting. The Lower Field also hosts the in-camp phone network, ShadyTel, hopefully ShadyTelTV, the radio station 98.3 "the lol", a german group of CCCamp enthusiasts, and groups of cabins with tents pitched right up against them to give the illusion of inclusiveness in the wild. You can sign up with ShadyTel, via a form with carbon copy of course, to have a line run out to your tent anywhere on the camp. Every part of the form is real, thus my discovery of BORSCHT, without which some crucial element would not work. ShadyTel also satirizes the greedy excesses of telcos, right up to the banter of the techs (who do this as a hobby) and the voicemail.

Later I discovered that someone was brewing mate. Turns out that CCCamp in Germany has a favorite drink, which is basically mate with lemon or lime juice added, then carbonated. This is club mate, and is very popular among German hackers. It was brought to the HOPE conferences, by people such as Emmanuel Goldstein, and is now extending its reach to Defcon, Shmoocon, and at last to here. The brewing is done in large batches, then placed into some sort of kegs with knobs on top to cool, then carbonated. These kegs will be carbonated today and placed on tap for anyone. Hex pointed me to an Argentinian man, who turned out to be the wodrously knowledgable guru Martin, for more details about mate brewing. Martin being the being he is, the discussion swiftly turned to the divine properties of his mate cup, a small porcelain vessel glazed with Japanese Maple wood ash. Due to the absurd chemical and physical elements of the wood ash, the color of the vessel changes based on climate or what it holds, and due to body waarmth. Smoking fish turned it ochre, while holding it for merely a few hours turns it darker.

Shortly after, while discussing the certificates needed to join one of the wireless networks, I met E and offered him the certs on a USB key with the certs for wifi access. He showed me the yurt he's using, and we walked back to my side of the camp. He does DevOps and wondered at the composition of the attendees, as I had earlier. We sat around and talked a little longer, and he also offered me the best canned cider I've ever had. It had an extra taste almost of pretzels, and was absolutely amazing.

Later I tested the drone batteries in the main dome and talked to a former worker at the Doe Bay resort and some woman who was "being weird" in her own words, as she tried to direct a headlamp beam into the disco ball at the top of the dome to get it to reflect in people's eyes. At last sleep approached, and I fell asleep swiftly. Earplugs are indeed wondrous.

Today, Thursday, the talks begin at 9. Also, at last I have internet access, although it is recommended even on this one to use a VPN. So I will mostly type in vi and post when possible.

Pictures will come after the trip, or possibly later this week.

Update 6-15-16 - Some grammar edits

Toorcamp - Tuesday (first day)

At last the writing can begin, currently using the vi editor on a little netbook purchased off Amazon for about 90 bucks. Vi is to save battery space.

Yesterday the journey to Toorcamp began with a trip from Houston to SeaTac, sitting next to a chatty lady who held my hand tightly during the takeoff.

After Seattle, I took an Uber to King County International Airport and checked in for a flight much later. The airport is used by the military as well and I was priviledged to see a Boeing AWACS surveillance plane landing. There are only about 30 or so in use by the USA, so this was an unexpected surprise. The terminal is much smaller than regular, and is used by just one airline. The little cafe inside played a lot of classical piano music and a strangely-abbreviated version of Rachmaninov's 2nd piano concerto. There I sat as little Caravan airplanes came and went, as well as larger military and UPS jets. At last we boarded the plane, which seats 10, and flew for 40 minutes to an airstrip on Eastsound Island. Where it was 78 and beautiful in Seattle, it was breezy and in the 60s on the island for a possibly even nicer atmosphere.

I'd reserved a taxi ahead, and the driver told me all about his gifted daughter, the history of the island, the sharp divide between the 80% of rich millionaires who make the laws, own most of the land, and forbid the chopping down of any trees, and the 20% of everyone else who cater to the tourists by driving taxis, raising hundreds of thousands of salmon, or other things. The road winds through a state park with glorious views, though unfortunately with no method of transport and insufficient clothing for the rain drizzzzling outside right now, it's unlikely I shall be able to visit it.

At last I arrived. No one was there. A very helpful employee of the Doe Bay Resort where Toorcamp is being held, as well as a helpful Toorcamp staff member, revealed to me that actually everyone is supposed to arrive on Wednesday. Eventually, they showed me to an empty field where time and space would be tortured into twisted shapes, as in the biblical temple courtyard that miraculously held six hundred thousand Jews at once, to be filled with tents of attendees. Having practiced erecting the tent beforehand, it was easier to set it up, and with sunset only at 9:30 PM there was plenty of light to finish and setup the solar lighting, and realize that my organization strategies do not extend beyond carry-on baggage.

It got surprisingly chilly at night and the windbreaker/rain jacket proved handy. After exploring some of the resort area with a headlamp at last it was time to sleep. At once I discovered what it's like to sleep outdoors in 50 degree weather, and spent some time tussling with the sleeping bag like Pooh with his honey jar during the Great Flood when the water came almost to Piglet's window. Additionally, the staff members do not sleep, and much merry-making was made through the late hours of the night.

T-1 to Toorcamp

One day 'till the traveling to Toorcamp. In a classic occurrence, I did not pack as planned yesterday, and instead procrastinated and went to an Indian Music concert:

Padamashri Ustad Shahid Parvez

(Sitar)

Vidwan Lalgudi Krishnan

(Violin)

Vidwan Trichy Sankaran

(Mridangam)

Pandit Gourishankar Karmakar

(Tabla)

My parents, who are special donors to the Asia Music Society this year and automatically have front-seat tickets to every concert, went to the 3:00 performance and said it was unlike anything ever. This convinced me to go at a repeat performance at 7:00. My last name was recognized and in an unexpected present my seat was upgraded from row M in the back to the penultimate row B, which provided an excellent view of the performers.

First, Lalgudi Krishnan and Trichy Sankaran played Carnatic duo, two pieces. Then Shahid Parvez and Gourishankar Karmakar (sporting quite a fashionable 70s look with a 'fro and mustache) played a Northern Indian Hindustani set of two pieces. Then the string players had a duo, then all together, then each string player with their opposite drums player, then just the drums "speaking" with each other. All in one two-hour set. It was delightful, the interchange and interaction of each player. Never have I been to a concert with so much of what you would call "call and response" between Indian classical music instruments (which is common in performances as it is). Truly it was a great fusion concert.

Aside from Shahid Parvez the other star of the show was Trichy Sankaran, playing the Mridangam, which is like a tabla except unified (actually a double-headed drum). Turns out that Vidwan Sankaran is a highly-respected professor of music at various universities and one of the most accomplished percussionists alive today, and it shows. Listening to the microphone-amplified twang of his drum was heavenly, even if my heart lies with the tabla. Here is a performance by Vidwan Sankaran. I'm totally buying a CD or two right now.

In other pre-Toorcamp news, turns out there won't be a power connection to the tent. So the mini-crockpot is out. Instead I've purchased a bunch of things such as instant milk, dried potatoes, and fish in packets. The weather will be near 50 at night and low-mid 60s during the high point of the day, with a chance of showers later this week. Thus the packing will need to include warmer clothing. Hopefully everything will fit within 50 lbs and 20 lbs personal carry-on, which apparently is United's policy too.

Edit: Another thing. After some serious discussion it was decided not to build a mini-eruv, as the laws are simply too complicated. Instead, the LED lights will be draped around the tent. In a test at night it was seen that they provide quite a bit of illumination actually. The effect should be great!

Toorcamp - one week out

Toorcamp is now one week out. In a surprising development, last week I discovered that Shavuot actually starts Saturday night rather than Friday night as I'd previously surmised. Thus all the flights and arrangements had to be moved one day forward. In other news, most of the supplies have been ordered by now. On Sunday I set up the tent for practice and found out how big a four-person tent really is:

Lots of extra space inside

What remains is to do a bunch of laundry and get some more stuff, such as an outdoor extension cord, as listed on the packing list I've been following, here. There might not be continuous power all the time, which is also making me reconsider bring along the 1.5-quart crock pot purchased for this trip. Might as well save on weight and depend on campfires for hot water or food, and bring along a bunch of dried fruit, fruit leather, and packets of tuna.

Eruv lights

The LED lights came yesterday! They look very nice, though the connection to the solar panel + battery seems a bit flimsy. It does go on automatically, which is nice. Here's a picture of radiant mint:

It should look even nicer without a porch light adding illumination.

In other news, two days ago I discovered that Shavuot actually starts Saturday night. It does not overlap with Shabbat. There will be a three day chag. This is not good, as I have to change all my flights and and take an extra day off on the 13th. Additionally, I can no longer guarantee having power on the last day of Shavuot. If I'd known about this earlier then probably I wouldn't have registered for the camp. But Gam Zu LeTova, it's happening, and I've gotta work around it.

Must post pictures of garden

I was looking over some old blog posts and noticed an old post of my first hydro setup after moving into this apartment, and noticed also that I still had a pot of crazy mint then. It's a shame it is no longer with me, because that stuff could go three feet tall in the right condition.

Three feet tall, straight up, no falling over.

Garden a weak ago

Thus I realized once again the importance of being earnest...  I mean, the importance of posting garden pictures for all eternity. Here's a picture of the garden this year. Since I'm traveling sometimes for a whole week, the water expenditures need to be taken into account. Therefore I have just one container-full of sorrel (two bountiful plants), and one tomato plant, sungold again. It wasn't making it for a while, until I realized that what was causing the pH to drop drastically was the concentration of the fertilizer. Which is weird. Anyway I have not touched it for two weeks and it's alive and fruiting.

The other plants are fed by a drip irrigation system (the black tubing), which drips for ten minutes each day, fed by a surprisingly adequate pump in the blue bucket at the far end. Capacity is more than sufficient and the mints are growing really well. There's a newly-planted basil plant and an eggplant that's being kept if (or when) the tomato dies. If (when) that happens, the eggplant will be planted into soil and an extra bucket for water capacity placed next to it. Eggplant tends to be overcome by aphids when in water, so there'll be a spurt of growth and fruiting, then the fresh growth will die back or need to be pruned. Plus, soil has a pH buffer that water doesn't.

Above is a picture of the catastrophe I discovered after a trip to Pittsburgh and the first two days of Pesach. That's the pH of the water the tomato plant was in. Yet it survived. Amazing.

To finish off, a picture of Bush Intercontinental Airport from above:

Toorcamp diary - hello world

Well, it's official. I'm going to Toorcamp, a hacker camp in the style of the Chaos Communication Camp, except in America. It's organized by Toorcon. It runs from June 8 to 12, at Doe Bay Resort on Orcas Island, which itself is in the San Juan Islands, found in the far NW area of Washington State. It will certainly be the northern-most part of the United States I've ever been.

To get there, I'll take a plane to Seatac, then some hours later, take another plane from a different airport to an airstrip on Orcas Island, an airstrip so remote the picture on Google Maps appears to come from a flight simulator rather than real life. From there I'll take a taxi to the resort. I've never been camping, so I'm having to buy a bunch of stuff, such as a tent and sleeping bag, more luggage, a cheap laptop to put Linux onto and mess around with, and more. The weight limit on the second plane is 50 pounds, so I'll buy a simple scale and make sure to pre-weigh and pre-pack everything, as near as possible. I'll probably buy some food on Orcas Island, because...

...of the most important, to me, thing about this hacker camp. I fly in June 7, a Tuesday. The camp runs through the morning of June 12, a Sunday, and then I fly out Monday. Not only will I be camping in a tent over Shabbat, but the festival of Shavuot starts Friday evening and continues through Sunday evening. First time camping, first time on Shabbat, and first time on Shavuot! How exciting! Thus I am having to plan out how to have hot food while in a hacker camp, how to set up a mini-eruv around the tent, and all the rest of the important religious elements, such as taking along sourdough challah that won't go stale too fast, taking along a cup and grape juice, probably buying a mini-crockpot for having cholent on Shabbat, and more.

The eruv has to be a metre high (British spelling just seems more right when talking metric). Thus, I'll pack along wooden dowels in 18 or 19-inch increments, tape them together with electrical tape, hammer a nail into the top of each, and run this LED wire as the eruv string (my LOR said it's fine). The LEDs are solar-powered, and thus I will have a light-up eruv for Shabbat so I can hang out outside the tent.

I wonder if I'll be the first Orthodox Jew with a glowing eruv at a hacker camp, ever. This despite eruv laws being very complicated (see Eruvin for an example).

So I'll try to update this blog regularly as the event comes closer, and maybe even blog from the campsite whenever there is an internet connection. This being a resort, that's not guaranteed.

I shall follow this list, found on the misty savannahs of the interwebz, for packing ideas.

Pentesting in Atlanta

Well here I am, doing a two-week pentest in Atlanta. Looks like this will be the first one that's heavy on the web applications, specifically internal web apps. The hotel is nice and the location is good - there are some grocery stores nearby and I have a car, an itty bitty Mitsubishi Miyata. Domestic landings in ATL are intense. You take the subway thingy to domestic baggage, from your terminal (mine was Delta). Then walk to the Sky-Train, to take a train to the rental-car area. Then rent a car, get lost as Google Maps directs unending streams of people around the same U-Turn, get lost again, and finally get to the hotel.

Great new tools to try out

Yesterday I was invited to meet my friend Matt, who was recently fired by an overbearing manager, at some bar near a local university, and fell to talking with his roommate. Said roommate I think is a network admin, based on what follows. I told him about the incredibly challenging pentest from several weeks back, when me and my colleague encountered what is basically the "doomsday" scenario: Several FireEye devices, plus some much more advanced hardware or software solution, blocked every exploit we tried to throw against the multitude of open ports and vulnerabilities we found. There were even two hosts with MS08-067! But nada. Even when we used Veil-Evasion to obfuscate the payloads, still didn't work.

So Roommate suggested overlapping packets, with something such as Scapy, i.e. taking the payload and running it through Scapy to obfuscate it, then relying on the application layer of the receiving end to properly reassemble the packets, to the receiving end's detriment. Google shows a few results about dropping malformed packets in security recommendations.

Certainly interesting. Roomate then discussed some stuff he was thinking about to obfuscate payloads or exploits from VirusTotal.

Another cool tip he offered was to always examine the TTL values of packets, because you can identify operating systems and even versions based off the TTL values. Roommate said that he's the type of person who will change X-Proxy-By responses to pretend a Linux server is a Windows server, etc, but TTL values don't lie. So if Wireshark says it's one thing, but something's fishy, look at the TTL values. Wireshark actually has a TTL-breakdown in the Statistics dropdown, to group all packets by TTL (0-5, 5-20, whatever).

Some more recommendations Roommate had: Use bettercap instead of ettercap, and look into reading the Open Source Security Testing Methodology Manual. We also discussed what it's like at Toorcamp, which I hope to attend this year, even though it overlaps with both days of Shavuot.

I'm back

Someone said I need to blog, for otherwise I am invisible to the world. These days though people tweet too.

So I'll start posting nice links for safekeeping or other use - such as this interesting new portal for SCADA (long a) sharing.

Also, an April Fool's RFC from last year.