Great new tools to try out

Yesterday I was invited to meet my friend Matt, who was recently fired by an overbearing manager, at some bar near a local university, and fell to talking with his roommate. Said roommate I think is a network admin, based on what follows. I told him about the incredibly challenging pentest from several weeks back, when me and my colleague encountered what is basically the "doomsday" scenario: Several FireEye devices, plus some much more advanced hardware or software solution, blocked every exploit we tried to throw against the multitude of open ports and vulnerabilities we found. There were even two hosts with MS08-067! But nada. Even when we used Veil-Evasion to obfuscate the payloads, still didn't work.

So Roommate suggested overlapping packets, with something such as Scapy, i.e. taking the payload and running it through Scapy to obfuscate it, then relying on the application layer of the receiving end to properly reassemble the packets, to the receiving end's detriment. Google shows a few results about dropping malformed packets in security recommendations.

Certainly interesting. Roomate then discussed some stuff he was thinking about to obfuscate payloads or exploits from VirusTotal.

Another cool tip he offered was to always examine the TTL values of packets, because you can identify operating systems and even versions based off the TTL values. Roommate said that he's the type of person who will change X-Proxy-By responses to pretend a Linux server is a Windows server, etc, but TTL values don't lie. So if Wireshark says it's one thing, but something's fishy, look at the TTL values. Wireshark actually has a TTL-breakdown in the Statistics dropdown, to group all packets by TTL (0-5, 5-20, whatever).

Some more recommendations Roommate had: Use bettercap instead of ettercap, and look into reading the Open Source Security Testing Methodology Manual. We also discussed what it's like at Toorcamp, which I hope to attend this year, even though it overlaps with both days of Shavuot.

I'm back

Someone said I need to blog, for otherwise I am invisible to the world. These days though people tweet too.

So I'll start posting nice links for safekeeping or other use - such as this interesting new portal for SCADA (long a) sharing.

Also, an April Fool's RFC from last year.

Etrog (Citron) cultivation

There isn't much information about cucuzza growing, but there is even less about citron propagation. There are plenty of pictures, and even some videos, but not much about planting information and characteristics of the etrog (citron) tree itself. It just so happens that I have an etrog tree in the backyard of my familial house, and am well-placed to provide some details.

But first, some relevant background on the etrog. We can leave general information to the Wikipedia entry. The fruit, when sold with the ritual leaves used for the festival of Sukkot, comprises a majority of the cost of the total set, which goes for $50-$60. Most of the world's production comes from Northern African countries and Israel. There are many requirements for the fruit to be kosher for use: it has to be free of blemishes, have a pitom (blossom end) still attached (as applicable), and must not have cross-bred with other citruses, among other things.

This brings us to its cultivation, in this case in Houston, Texas, in a humid subtropical climate. Humidity is high and rainfall abundant, with basically no winter and very hot summers. As the etrog hails from dryer environments (Israel, Greece, Italy, Spain, Yemen), this can be a challenge.

I received this etrog tree as a nine-inch seedling ten to twelve years ago, started from seed of a holiday fruit by the parent of a close friend. It was kept in a pot for three to four years, and the rootball was trimmed back once or twice to keep it manageable. This did have the effect of stunting the plant. About five years ago it was repotted twice into soil mediums that were not a good fit for it. It spent one summer in a non-water retentive potting mix and dropped many leaves.

One neighbor who had successfully grown etrogs in his backyard recommended to fill the bottom of the planting hole with sand, perhaps to mimic the natural environment of the etrog. I did this and also added some well-rotted leaf matter. The shrub rapidly became a tree, especially when watered copiously in dry periods. Last year it flowered and fruited unnoticeably, such that we did not see the fruit until they were quite large and nearly ripe, and used one for Sukkot. This year's flowering produced between 12 and 20 fruit, a number which can't be pinpointed because it's so hard to distinguish the fruit from the leaves.

Current Look (had to prune left side because branches were chafing)

Now for cultivation tidbits (details?):

Large thorns are produced along all the stems. These are one to two inches long and don't fall off, making staking or pruning the tree a painful affair. They make very deep splinters, so wear thick gloves.

My tree has unfortunately produced two thick suckers from the base that by now make up more than half of the total size and volume, which grow straight up and barely produce fruit. They can be seen on the left and right of the main trunk above. All of the fruit were produced on the main trunk, off to the right.

Leaf drop and yellowing often occurs in the summer and especially in the winter. Late this winter the tree looked like it was in real danger, but once spring came new leaves and branches grew in to replace everything that had dropped.

Flowering occurs in early spring, and is beautiful - clusters of pink and white blossoms:

If the fruits set, then soon you'll be faced with trying to figure out where the fruit is (spot the fruits - there are at least three in each picture):

Not all the fruits are perfect. Some will be misshapen, while others may form too close to the ground for comfort, and others will simply shrivel and fall off (I see you, pesky white bugs and junk!). The fruit will turn yellow when ripe. Some literature says that the fruit can remain on trees for up to two years, slowly growing larger the whole time. We use the extras for vodka.

Above is a picture of a basil plant staked with a branch from the tree. Unexpectedly, the branch took root and formed leaves, implying that making cuttings of the citron is surprisingly easy. So now we have another tree. Another stake for a second basil plant also took root, if a bit slower.

The etrog is full of surprises, and it's a great pleasure to watch it flower. Just remember to water it during dry spells!

Nenov or Bartok? - draft

I'm trying to argue that https://www.youtube.com/watch?v=iyMynl2_Fj8&feature=youtu.be&t=35m43s sounds just like the theme introduced in measure 35 of Bartok's Concerto for Orchestra.

Links: http://www.scribd.com/doc/34230342/Bela-Barok-s-Concerto-for-Orchestra#scribd

http://www.ijhssnet.com/journals/Vol_3_No_7_April_2013/2.pdf

Hydroponic Cucuzza

There isn't all that much information about growing cucuzza (gagootz, googotz, cacuzza, etc) online in general, and especially in hydroponics. Some useful information is available in Youtube videos, but sometimes you just want the facts without needing to watch three to eight minutes of someone discussing the plant. I'm growing two cucuzza plants on an apartment balcony, hydroponically. In this case it's DWC, which means that the roots are almost continuously immersed in water, except when it evaporates through transpiration.

Quick stats:

1. Cucuzza is an edible gourd, picked before the seeds get tough.
2. The vines will get over 20 feet.
3. Multiple side shoots will be produced at almost every node. These are called tenerumi and can be cooked like spinach.
4. Vines grow over two feet a day in total length. A single leading tip will grow six inches to a foot a day.
5. Leaves die off after about a month, starting with yellow spotting on the leaves and then wilting and browning. Old leaves die first, progressing along the vines.
6. Two months in, the root mass is sucking up over three gallons of water per plant per day.
7. In other words, this plant transpires a lot and is very thirsty.

After two months of growing my garden looks like this, with the cucuzza on the right, or see above. The picture above is a good representation of what needed to be done to manage the plants. They were raised from seed planted in soil, in February. Regular coco rooting blocks didn't work, the seeds needed soil. Seedlings were put in at two sets of true leaves, in 14-gallon totes. There was a bit of transplant shock, but then the plants took off. At two weeks in they were already growing six inches or more each day. At every leaf node a very strong, powerful tendril comes out and wraps around anything available. These need to be cut with scissors when lowering the vines.

Above you can see the pvc pipe plus tubing used in the automatic watering, as well as vinyl tubing to the air stones. You can also see some of the older leaves starting to yellow and die. When I had enough vine length, the vine was passed under the stairs next to this pot and trained over my neighbor's balcony. The same was done a little later for the second vine, except lower down the stairs.

The tenerumi can be eaten, but take care to leave some for extended growth closer to the origin of the stem. I didn't, which means that one of the plants now has fresh growth only at the end of 15 feet of vine. On a balcony like this, with limited space, you need to be very careful with where to train the vines.

The leaves are gigantic. The blossoms open at dusk, and close by morning. There is about a 4:1 ratio of male to female flowers. The males have a long stem and look like this, while the females look like this and have a noticeable unfertilized fruit attached. The females need to be pollinated by hand. I use a q-tip, first fluffing up the end a bit, then jamming it into a male and picking up lots of pollen, then rubbing it all over the stamens of the female. Do this twice for extra germination chances. If the pollen doesn't take, the fruit will stop growing and eventually turn black and fall off. If it does work, the fruit will start to get larger.

 This is about 1.5 weeks' growth. The fruit can be harvested at about 2.5 feet. It will continue to get longer and tougher over time, eventually reaching up to six feet in length. The fruit have no problems with weight, as the vine itself takes care of that.

Now for some hydroponic details. I'm using an 8 watt diaphragm pump with three connections into the container. This pump was thrice as expensive as the usual 20w hydrofarm pumps I use, but it runs much cooler and there are way more bubbles. See the comparison here. The roots are thick and suck up a lot of water:

At this point I've set up a tube to pump water from a reservoir I have in the corner of the balcony once a day, because otherwise too much the roots are exposed to too much air.

The pH is kept over 6.0. At lower than 5.8, the leaves will start to wilt. However, the cucuzza is remarkably hardy in that the pH can go lower and it will still grow without damage. I let mine get to 5.2 for at least a day without major effects. I use an unbuffered nutrient mix (15-5-15) which can be a bit high in nitrogen later in the season. Having no resources for nutrient numbers I went with 1100 ppm nutrient concentration. The plants remove ~150 ppm of that each day. This means a lot of attention needs to be given to adding nutes on a regular basis. A third of the water total is replaced each week.

I supplement the usual stuff with Bombardier sugar (4-0-0) and small dosages of Katon (0-0-26). Recently I've also started to foliar spray with the Bombardier to help the fruit get just a bit sweeter perhaps. Soon I will replace the usual stuff with a more balanced combination of Bombardier Sugar, Rhyzo, and Katon to focus less on vine growth and more on flower and fruit production.

There have been no insects or diseases yet, though some resources suggest that squash borers or aphids could be a problem later in the season.

In the picture at the beginning, the oldest leaves of one plant are dying off while the main growth is at the far end. The second plant has just produced two fruit at the left, unseen behind the foliage, and another one almost ready for harvest elsewhere on the plant.

This should be enough information for you hydroponic growers and everyone else. Happy eating!

P.S. Above is a gallon of suyo long cucumbers, soon to be sour pickles. This was just 3.5 cucumbers! I keep letting them grow for too long. (First there's a 7:1 male:female ratio with these four plants, then six giant cucumbers show up that I have to pickle to avoid spoilage. Really all over with this variety.)

Update (6-5-15): I've noticed that females will often be produced on the sideshoots that form at each leaf node on the main stem. Let the sideshoots grow to a certain length, until you see some itty-bitty females, then remove the growing tip to keep energy going to the main stem.