Pinned toot

Reminder: I offer free mentoring and mock interviews. Embed sys, C++, perf analysis, at-scale monitoring, and more. Grab a spot on my calendar at

USBAnywhere finally has CVEs assigned: CVE-2019-16649 and CVE-2019-16650

Do microservices orchestrators not realize they are just BPM engines without the "ask a human" tasks?

I've spent most of my day reading up on business process management software and BPMN 2.0. Must contain excitement.

Just re-upping this offer: because being comfortable with git is a barrier to entry to many FS/OSS projects, and because I care deeply about lowering those barriers, I will tutor anyone who asks for help with git, and/or connect them with any mentor(s) they might prefer.

I'll do this while I put energy and work into making the tool more approachable, and into making better tools and learning paths.

Boosts gratefully appreciated.


CMake is an excellent tool once you understand it.

Narrator: no one understands it.

Me: I'm fed up with terrible code bases
Partner: Show me where the software hurt you.
Me: *points to head*
Partner: *points to ❀️* maybe here too?
Me: *nods head yes*

Really wish this OLED display's datasheet just said it is a mode 3 SPI device in addition to a timing diagram. Of course, it also claims it has a 255 byte receive buffer but corrupts any transfers over 8 bytes. 😱

Today including removing an engine and transmission from a classic mustang with my partner. It was a good day.

Messy workbench as I assemble another batch of Mx. Shift USB-M8

This has been a week of big ups and equally big downs

My latest research is out today. USBAnywhere let's you plug in any USB device to Supermicro servers over IP. More over at Eclypsium's blog:

My son noticed our unlocked ZTE Trek 2 HD tablet showed LTE on Google Fi but Firefox claimed it was offline. Best I can gather, AT&T/ZTE stopped shipping updates after Android 7.1. Guessing Fi won't let such an old patch level on the network. Trying to update to LineageOS has been 2 hours of frustration due to bootloader nonsense. Tablets aren't supposed to be disposable.

Finished slides for my talk at OSFC next week. Nearly a whole week before. Must be some kind of record.

RDAP is so much better than classic whois. I can programmatically do things with the data now.

Feeling all the anxiety to get slides for done today...

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

Show more

Generalistic and moderated instance.