Eruv lights

The LED lights came yesterday! They look very nice, though the connection to the solar panel + battery seems a bit flimsy. It does go on automatically, which is nice. Here's a picture of radiant mint:

It should look even nicer without a porch light adding illumination.

In other news, two days ago I discovered that Shavuot actually starts Saturday night. It does not overlap with Shabbat. There will be a three day chag. This is not good, as I have to change all my flights and and take an extra day off on the 13th. Additionally, I can no longer guarantee having power on the last day of Shavuot. If I'd known about this earlier then probably I wouldn't have registered for the camp. But Gam Zu LeTova, it's happening, and I've gotta work around it.

Must post pictures of garden

I was looking over some old blog posts and noticed an old post of my first hydro setup after moving into this apartment, and noticed also that I still had a pot of crazy mint then. It's a shame it is no longer with me, because that stuff could go three feet tall in the right condition.

Three feet tall, straight up, no falling over.

Garden a weak ago

Thus I realized once again the importance of being earnest...  I mean, the importance of posting garden pictures for all eternity. Here's a picture of the garden this year. Since I'm traveling sometimes for a whole week, the water expenditures need to be taken into account. Therefore I have just one container-full of sorrel (two bountiful plants), and one tomato plant, sungold again. It wasn't making it for a while, until I realized that what was causing the pH to drop drastically was the concentration of the fertilizer. Which is weird. Anyway I have not touched it for two weeks and it's alive and fruiting.

The other plants are fed by a drip irrigation system (the black tubing), which drips for ten minutes each day, fed by a surprisingly adequate pump in the blue bucket at the far end. Capacity is more than sufficient and the mints are growing really well. There's a newly-planted basil plant and an eggplant that's being kept if (or when) the tomato dies. If (when) that happens, the eggplant will be planted into soil and an extra bucket for water capacity placed next to it. Eggplant tends to be overcome by aphids when in water, so there'll be a spurt of growth and fruiting, then the fresh growth will die back or need to be pruned. Plus, soil has a pH buffer that water doesn't.

Above is a picture of the catastrophe I discovered after a trip to Pittsburgh and the first two days of Pesach. That's the pH of the water the tomato plant was in. Yet it survived. Amazing.

To finish off, a picture of Bush Intercontinental Airport from above:

Toorcamp diary - hello world

Well, it's official. I'm going to Toorcamp, a hacker camp in the style of the Chaos Communication Camp, except in America. It's organized by Toorcon. It runs from June 8 to 12, at Doe Bay Resort on Orcas Island, which itself is in the San Juan Islands, found in the far NW area of Washington State. It will certainly be the northern-most part of the United States I've ever been.

To get there, I'll take a plane to Seatac, then some hours later, take another plane from a different airport to an airstrip on Orcas Island, an airstrip so remote the picture on Google Maps appears to come from a flight simulator rather than real life. From there I'll take a taxi to the resort. I've never been camping, so I'm having to buy a bunch of stuff, such as a tent and sleeping bag, more luggage, a cheap laptop to put Linux onto and mess around with, and more. The weight limit on the second plane is 50 pounds, so I'll buy a simple scale and make sure to pre-weigh and pre-pack everything, as near as possible. I'll probably buy some food on Orcas Island, because...

...of the most important, to me, thing about this hacker camp. I fly in June 7, a Tuesday. The camp runs through the morning of June 12, a Sunday, and then I fly out Monday. Not only will I be camping in a tent over Shabbat, but the festival of Shavuot starts Friday evening and continues through Sunday evening. First time camping, first time on Shabbat, and first time on Shavuot! How exciting! Thus I am having to plan out how to have hot food while in a hacker camp, how to set up a mini-eruv around the tent, and all the rest of the important religious elements, such as taking along sourdough challah that won't go stale too fast, taking along a cup and grape juice, probably buying a mini-crockpot for having cholent on Shabbat, and more.

The eruv has to be a metre high (British spelling just seems more right when talking metric). Thus, I'll pack along wooden dowels in 18 or 19-inch increments, tape them together with electrical tape, hammer a nail into the top of each, and run this LED wire as the eruv string (my LOR said it's fine). The LEDs are solar-powered, and thus I will have a light-up eruv for Shabbat so I can hang out outside the tent.

I wonder if I'll be the first Orthodox Jew with a glowing eruv at a hacker camp, ever. This despite eruv laws being very complicated (see Eruvin for an example).

So I'll try to update this blog regularly as the event comes closer, and maybe even blog from the campsite whenever there is an internet connection. This being a resort, that's not guaranteed.

I shall follow this list, found on the misty savannahs of the interwebz, for packing ideas.

Pentesting in Atlanta

Well here I am, doing a two-week pentest in Atlanta. Looks like this will be the first one that's heavy on the web applications, specifically internal web apps. The hotel is nice and the location is good - there are some grocery stores nearby and I have a car, an itty bitty Mitsubishi Miyata. Domestic landings in ATL are intense. You take the subway thingy to domestic baggage, from your terminal (mine was Delta). Then walk to the Sky-Train, to take a train to the rental-car area. Then rent a car, get lost as Google Maps directs unending streams of people around the same U-Turn, get lost again, and finally get to the hotel.

Great new tools to try out

Yesterday I was invited to meet my friend Matt, who was recently fired by an overbearing manager, at some bar near a local university, and fell to talking with his roommate. Said roommate I think is a network admin, based on what follows. I told him about the incredibly challenging pentest from several weeks back, when me and my colleague encountered what is basically the "doomsday" scenario: Several FireEye devices, plus some much more advanced hardware or software solution, blocked every exploit we tried to throw against the multitude of open ports and vulnerabilities we found. There were even two hosts with MS08-067! But nada. Even when we used Veil-Evasion to obfuscate the payloads, still didn't work.

So Roommate suggested overlapping packets, with something such as Scapy, i.e. taking the payload and running it through Scapy to obfuscate it, then relying on the application layer of the receiving end to properly reassemble the packets, to the receiving end's detriment. Google shows a few results about dropping malformed packets in security recommendations.

Certainly interesting. Roomate then discussed some stuff he was thinking about to obfuscate payloads or exploits from VirusTotal.

Another cool tip he offered was to always examine the TTL values of packets, because you can identify operating systems and even versions based off the TTL values. Roommate said that he's the type of person who will change X-Proxy-By responses to pretend a Linux server is a Windows server, etc, but TTL values don't lie. So if Wireshark says it's one thing, but something's fishy, look at the TTL values. Wireshark actually has a TTL-breakdown in the Statistics dropdown, to group all packets by TTL (0-5, 5-20, whatever).

Some more recommendations Roommate had: Use bettercap instead of ettercap, and look into reading the Open Source Security Testing Methodology Manual. We also discussed what it's like at Toorcamp, which I hope to attend this year, even though it overlaps with both days of Shavuot.