Monday, July 16, 2018

Back to basics

For some time I've felt the need to review my information gathering and discovery skills. With many IT shops now doing regular vulnerability scanning, it's a lot harder to use Nessus as a jumping off point for a (glorified) pentest. Instead I'd prefer to use other things, surreptitious port scans, network-related vulnerabilities, even printer exploitation. The latter is an area I'd long avoided as hitting printers could cause DoS conditions, but am learning more about as of late.

One good thing might be to finally go through the list of Kali Linux tools and try each one out during a pentest. This would be hands-on-keyboard experience and would be very useful. Sometimes I browse a bit and quickly discovery items that could be handy.

Sunday, July 08, 2018

Raga time-of-day player - long term project

SqueezeLite/SqueezePlay

https://discourse.mopidy.com/t/playing-schedule-for-pi-muscbox/1107

https://docs.mopidy.com/en/latest/ext/local/

http://www.gerrelt.nl/RaspberryPi/wordpress/tutorial-installing-squeezelite-player-on-raspbian/


http://www.parrikar.org/

http://raspberry-at-home.com/logitech-media-server/



I compiled these links back in November of 2017. Since approximately a year ago I'd had the idea of creating a raga time-of-day player with a Raspberry Pi Zero.

The original idea was to have some sort of set-up, similar to Plex Media Server, where if you visit a URL music will be playing automatically (like a radio station) with a selection of Hindustani ragas appropriate for the specific time of day.

After spending a couple of days struggling with the software implementation, using Mopidy or Squeezelite or Icecast, I realized that it's a lot harder than it looks. With time, the idea evolved to a focus on actually learning basic theory for Hindustani Classical Music. That's a good starting point and one I'm currently slowly pursuing.

Here's the project broken down into parts:

1. Hardware - Raspberry Pi Zero with youtube-dl to download music, and a 128 GB micro-SD Card.
2. Software - Pi MusicBox, mopidy, Icecast, Plex, SqueezeLite, all are options.
3. Scripts. Either:

  • Create a script to generate playlists with an approximate run-time of 24 hours, by selecting mp3 files from appropriate directories and creating m3u playlists from these
    • can be shorter than 24 hours as I'm unlikely to be listening to raga music in the 4th prahar of the night (3 AM to 6 AM)
  • Set up an actual radio station
  • Import filenames into a SQLlite database to help with song selection?
  • Find software that can recognize length in time of tracks
4. Play music according to the right time. One system for classifying ragas (other two are scales and raga/ragini) involves playing them at the right time of day/night/season.
5. Collect music tracks from youtube and categorize them appropriately, or create a script that searches the filename and categorizes them automatically according to some rules, or adds id3 tags accordingly...
6. Learn the theory so you can actually know what's going on. This is actually rather difficult, as there's a lot of terminology and lots of variation between schools of playing. In fact, even the time classification underpinning this project is subject to differences of opinion. For instance, Raga Shree is classified as either an evening raga or a raga of the 4th section of the day (prahar - 3 PM to 6 PM), but is traditionally played at sunset, which is either in the 4th prahar or the late part of the 5th prahar depending on the time of year and DST.


So you see there's a lot of moving parts. 

Toorcamp reflections

Leaving Toorcamp, I felt conflicting emotions. These developed further after some thoughts and while compiling the Toorcamp presentations.

1. I could have spent more time getting to know the people at my campsite (Camp for Misfit Toys). It was a last-minute campsite for people who didn't know anyone else, who most frequently were at their first Toorcamp. And they were all interesting and unique people. However, in my rush to see everything at Toorcamp I didn't get to know them well.

2. Last Toorcamp I focused on talking to many people (without personal projects to work on). I remembered only a few after the camp was over. This time I focused on personal projects, like soldering a TV-B-Gone, and trying some other things, and less on talking to people. While these are different approaches, what's left with me after Toorcamp is mostly what I learned from talking to other people, such as what projects they were working on (related notes and keywords of which I saved on my phone for later). This is probably the most useful.

3. I spent too much time more drunk than preferred. Several of my phone notes are from times I don't remember from some sort of combination of cider (cider lovers rejoiced at the grocery in Eastsound due to its flabbergasting collection of the stuff) and other beers (but I can't deny that Pike Monk's Uncle Tripel Ale (purple can) was fantastic and enhanced the experience). I feel like I lost the chance to connect with people more deeply due to being forgetful while tipsy.

On the plus side the lighting effects the Toorcamp team placed to light up the night sky and dark trees were gorgeous and once brought me vividly back to the pine trees of Rome.

Courtesy of @macklikeaduck

As in the resolutions in the 2016 presentation, here are some new ones for the next two years (and my phone notes):

1. Really start soldering. I'll get a desk, a soldering iron, a fume extractor, and a workspace to hold components, and finally start soldering kits and learn how to use a breadboard and wires.
2. Actually take the radio ham exam. Tried the week after Toorcamp but the contact was not amenable so I'll set up to take it elsewhere. June 2018 was the last month before a different version of the exam comes into use, so I'll study that guide instead.
3. Hardware hacking?
4. Cyberchef
5. DeviantOllam's CarolinaCon talk about Liquor
6. DJ lobsterdust
7. Jim's famous hackerbourbon list
8. Johann Sebastian Joust (kinda stupid though)
9. Milky Tracker, protracker for amiga (tried but failed, now to get a VM of an amiga)
10. NodeMCU esp-12e module
11. Security+
12. Quantize playing (?)
13. Script to automate getting a ticket on Orcas Island Ferry website. Check for tickets not open for reservation vs yes (this one came to me while pretty high).
14. Strapbook
15. Trash-grass
16. Play with WS2812B LED individually-addressable strips.

Resolutions for Toorcamp 2020 (if I wind up going):

1. This time, actually take a car, by ferry, to the island. It makes life a lot more convenient. For instance, with a rental car I won't need to waste most of an afternoon hitchhiking to the grocery to pick up victuals.
2. Come with a girlfriend or wife? Anything can happen in 2 years... :)

Mount a remote directory using sshfs

How did I not know about this all this time???

https://debmintux.wordpress.com/2010/04/25/mount-a-remote-directory-with-sshfs/

Now I can do music file management via a graphical interface versus cp / mv in command line.

Monday, July 02, 2018

Post-Toorcamp Presentation (2018)

As in 2016, I've created a presentation that makes an attempt at capturing the magic of Toorcamp with slides and pictures of everything I saw (and missed) at Toorcamp. Although this powerpoint was originally created with embedded videos, these ballooned the size to nearly half a GB, so there will be two presentations - one with videos, and one without 'em.

Unlike in 2016, this one will not be on Slideshare as pictures were used mostly without attribution.

If attribution is requested, attribution will be added.

Slides here without video

Update: Slides with video, as presented at HAHA