Show more

REing a TCP sever. Successful auth is cached with time-based expiration. I suspect the intent was to a resume a session if the underlying TCP connection died due to an IP change.

So, the cache is keyed on a unique session id, right? No.
Username/password? Nope

Entries are keyed on the socket fd and aren't expired on a connection close. If a new client happens to get the same fd before the cache entry expires, they bypass auth. If they attempt to provide new creds, they are ignored!


Figured out how to write a Wireshark dissector in Lua that does TCP steam reassembly. That deserves a medal or at least a plaque.

Unexpected evening activity: reviewing security camera footage. Most of it is trees blowing in the wind. A tiny bit is someone carrying my neighbor's TV.

My Pixel catastrophically failed yesterday. While I wait for a Pixel 3a to arrive, I'm reliving the good old days with an iPhone 5c that was returned to my partner last year after its many years in police evidence.

To whomever designed the wiring harness for the 1966 Ford Econoline: who hurt you?

Started scanning a single port across the entire Internet at 100k hosts/sec. Took 30m to get an abuse report.

Tried to take this pup on a walk. Less than 5 minutes in, I was being informed of the greatness of Christianity, especially of one specific church just down the street. Then a phone call that required me to return home. Today is not ending well.

I studied carefully so I'd know if I needed a right-handed or left-handed door. I bought a RH door. The instructions with the door confirm I need a RH. The receipt says I bought a RH. The door is LH. 😭

Changed out a light switch. Only tripped the circuit breaker once! πŸ€”

I always forget to take photos when I take things apart. Today was an Evoluent Vertical Mouse that had a squeaky scroll wheel. Pretty elegant mechanical design but no lubricant on a plastic-on-plastic rotary joint 😭 Dab of lithium grease is all it took for silent scrolling.

Sharing failures helps remind people that projects often don't go according to plan and not to get discouraged when things don't work right on the first (or fifth) try.

101F in San Jose is unpleasant. It requires extra tongue during walks.

I've become one of those people who runs a separate Instagram account for their dog.

With unbuffered ECC DDR3 in hand, my cursed workstation build has progressed to booting. Then I noticed that the BlackMagic SDI capture card's fan wasn't turning; bad bearings. The hits just don't stop on this machine.

My workout routine is home maintenance. Today was all upper body with sanding a ceiling before paint.

Ugh. Started assembling another computer today. Couldn't find thermal paste. Drove to Fry's to get some. Finish assembling everything. Won't boot.

Hour of futzing around. Discovered BMC shows POST codes and Supermicro publishes a list if them for this board. Wrong RAM! Seriously?!?

Building computers isn't nearly as fun as used to be.

Authentication bypass on and inauthentic firmware updates accepted by self-encrypting SSDs. That's as bad as it can be for storage device security.

Home from vacation. Corgi on my lap. Just as it should be.

Show more

Recently, the handling of online defamation has become a hot topic on many mass media as well as social media channels. News Article for Reference: In response to these reports, it is expected that lawsuits and disclosure requests will become more publicly known; and government agencies will order stricter enforcement in addition to tightening regulations. However, under the current state of Japan, we will not be able to handle the increase of such administrative burdens and will have trouble dealing with it appropriately. Thus, we have decided to stop providing our service on and starting June 30, 2020. We are very sorry for the inconvenience and appreciate your understanding on the matter.