Pinned toot

Reminder: I offer free mentoring and mock interviews. Embed sys, C++, perf analysis, at-scale monitoring, and more. Grab a spot on my calendar at calendly.com/kc8apf.

Feeling all the anxiety to get slides for OSFC.io done today...

I thought everyone agreed nuclear rocket engines were too risky. Apparently Russia disagrees.

I spent all day looking for vulns in a IoT clothes dryer. What did I find?

* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door

Best I could do was get the DHCP server to serve the same IP to every request.

Well done GE.

Someday I'll stop being amazed when I run across RC4 in a modern app.

45 minutes of sorting out Minecraft mod version conflicts was totally worth it. I've never heard my kids work well together as well as they are on a shared Minecraft server.

OpenBIOS - open source Forth firmware 

telnet mapscii.me # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.

Even after working at Apple and Google, I identify as a 1x engineer: 1x.engineer/

I did a podcast interview: unnamedre.com/episode/24

I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.

"Never underestimate the power of proving someone wrong with hard data." - @jessfraz

πŸ’―

First security-focused talk submission accepted! Looking forward to sharing β€œCommon BMC vulnerabilities and how to avoid repeating them” at osfc.io in September.

Francine underwent a radiator replacement recently. With an aluminum radiator, electric fan, and her heater core reconnected, she's keeping cool even in stopped traffic on a hot California day.

Show more
mastodon.cloud

Generalistic and moderated instance.