Blog‎ > ‎

Python3, OpenPGP, Fisher-Yaters, iLO, iDRAC, LPD443, SDR, Onkalo

posted Jan 28, 2018, 1:38 AM by Sami Lehtinen   [ updated Jan 28, 2018, 1:38 AM ]
  • Did read very long list of What are some WTFs in Python 3. I'm happy, because I knew each of the mentioned issues without any additional lookups or wondering. Usually that's a good sign that you'll know pretty much. When posts listing something strange start looking as business as usual. Yet I have to admit that my code still contains pretty much simple syntax and I'm not always using Pythons advanced features. Especially if programming in rush. Maybe I should play more with the things I'm not always using. I know how to use those features, but it's just not a habit yet.
  • Had a really tiringly long. Discussion about GnuPG, OpenPGP keys and preferences. Phew! I thought that was a topic, which is interesting. But after about 3 hours of tight technical discussion I started to feel tired. I didn't think that would happen with that subject. But when it's get all too paranoid, technical and so on, it's even too much for me. I've found limits of my geekiness. Unfortunately I can't quote the discussions. But it was all about key lengths, different key types, cipher selection preferences, hash strength. Potential attack vectors and all the usual stuff. - Yet I guess that's the feeling people often get when I start talking about some technical details.
  • As said, proficient use of PGP is one way to grab attention. Also I haven't never ever received properly encrypted SPAM. Usually if someone bothers to send signed / encrypted message, it means that they've got something to say.
  • Reminded my self about Fisher-Yates shuffle.
  • Had to administer one HP server with Integrated Lights-Out (iLO). That's actually one of the reasons why I like virtual servers. As long as you don't have any meaningful number of dedicated servers, managing those requires it's own attention. Like updating iDRAC firmwares etc. Also broken integrated administration can be huge security risk AFAIK. Of course there's access control, but it might not be implemented in efficient way. So far, knock knock, the hardware dedicated servers have been working well and we haven't had serious breakdowns. But the question is more like when and not if. With very small number of servers, you don't have any spare parts on hand etc. Which means that the dedicated perfectly working server can turn into very extended downtime when it's getting fixed or replaced after failure. That's also one of the reasons why I like to shutdown old projects, which aren't properly supported. Ok, it runs itself in the closet and nobody needs to care about it. But if it's used for production use and something happens. Then somebody should care and know about it. Otherwise it'll be quite a nasty situation, and it's probable that the systen never recovers and it's end up being not so pleasant discussion. That's a very real risk with old legacy systems which just work.
  • Checked out LPD443 and Short Range Devices (SDR). Some sections of the 5 GHz band are reserved for SDR in Europe. 5725–5875 MHz with especially low power 25 mW only. Some of the cheap basic home automation stuff uses 433 MHz radios. Without any replay protection, it could be fun to play with this stuff, if I would get bored. Just drop smal recorder devices in places where you assume to be traffic and then analyze that traffic and replay it at will. That's IoT at it's best. Messages aren't encrypted, nor even replay protected. You can just go an record messages and playback those and most of devices will gladly follow instructions. It's just like IR remote but just using RF, even on rather low frequency which passes structures well. I wonder how much fun you could have with this, just by recording common command patterns and playing those out with bit more powerful transmitter. Why? Well, just for fun and Lulz to see if anyone notices / cares. Because that's ISM band and also Radio Amateurs use it, it isn't hard to find those bit more powerful transmitters very cheaply.
  • Watched the Onkalo Documentary. This is tough question to crack. But I'm glad, it actually won't be my problem. I'll be long gone. Also somehow stumbled to Ray Cats, that's crazy idea. Modify cats genetically to change color when encountering radioactive radiation. Lulz, what an crazy idea. But it was funny enough to make me smile.