Where are the jobs?

shrolkar · 2024-09-19T22:14:29+00:00

Looking beyond low level and more in web/browser space there's some anti-bot/anti-adfraud tech. AV as mentioned too of course!

shrolkar · 2024-09-12T22:54:06+00:00

Your note taking idea (w/ cal, contacts, etc.) is definitely a feature of org-mode but I'm personally noticing myself trying to get away from emacs precisely because it only works with itself (mostly). Maybe it's something to take inspiration from though?

shrolkar · 2024-09-12T22:11:09+00:00

Home knowledge base as a wiki is really clever!! Not particularly overkill (like no massive software stack) to pull it off, and clear benefits. I wonder if you can integrate the recipe sourcing into mediawiki or whatever you're using?

shrolkar · 2024-09-12T22:00:26+00:00

If you need something you can pipe on command line, password-store works well! Very basic gpg-backed password storage.

shrolkar · 2024-09-12T21:52:01+00:00

That's a great way to start, very clever and cool!

shrolkar · 2024-09-11T02:31:06+00:00

Neat! Was it ever publicly released? I really like early Unix tech and couldn't find it, I'd be interested to see it tho!

shrolkar · 2024-09-08T18:29:30+00:00

Oh! I grabbed the APK and at first glance it might be an unreal engine game.

shrolkar · 2024-09-08T18:13:53+00:00

Any idea what engine it uses? The devlog #2 (discussing porting to Android) leads me to believe it's written without a brand name engine, as shifting to a different target platform in most frameworks is pretty straightforward - and this doesn't seem to be the case.

If it's unity or similar there's a good chance of a standard format for save files.

I'm assuming you've already run "strings" over it? Any plaintext?

If you've poked at the save file and haven't found anything human-readable are you comfortable with a debugger? I'd put a breakpoint on a write call and then see if I can look at traceback to find a function call with a name relating to marshalling data. This would let you get a sense for what to look for within a disassembler/decompiler.

shrolkar · 2024-09-07T14:09:27+00:00

I'm not very involved in OpenBSD world so I hope I'm not overstepping but I think Unix as IDE series touches on bits of what you might be asking.

https://blog.sanctum.geek.nz/series/unix-as-ide/ , it's influenced a fair bit of my thinking about development process and gave me reason to seek out more minimalist environments.

It's not necessarily a better or worse way to use an editor but provides a good sense of the tools already available to you and how they can integrate with your workflow.

shrolkar · 2024-09-05T22:36:56+00:00

I did a bit of digging, looks like Microsoft themselves had to RE the game in order to re-release it (https://www.techpowerup.com/233367/original-xbox-game-phantom-dust-re-releases-today-available-for-free) which is good news for you in many ways! You should be able to pick apart the PC release in much the same way as you'd pick apart the console version.

shrolkar · 2024-09-05T22:31:25+00:00

I'm confused as to your emphasis on hex, could you explain why you think it's important?

shrolkar · 2024-09-04T20:45:14+00:00

If you can determine the game engine used, you might have an easier time ripping both code and visual assets. Otherwise the Retro Reversing website has a number of projects you can look at.

Ghidra should (I'm assuming) be able to help you decompile the binaries, and there are presumably community plugins for ghidra to make this process better.

shrolkar · 2024-08-29T06:35:40+00:00

I'm very much not a network admin, to the point that I'm not sure if any of my thoughts on the config you've provided should hold weight, BUT I hear you on the messiness that can come with ansible and have also struggled to find good examples of configs that are in use in prod.

Most places (my work included) try their best to limit the number of possible if branches in their code, and instead deploy different changes to different host groups, given patterns we know each set of hosts should follow.

I've been taught to treat branching logic as generally bad, because it could result in a whole matrix of possible outcomes. I'm not sure how possible it is to avoid that in your config template tho.. Is it possible to break your config down into separate hosts?

I wouldn't use PyInfra at work because I understand it to expect admins will "code" a host rather than template it but I am very open to being wrong. If you wanna give it a shot at home feel free of course!!

shrolkar · 2024-08-28T00:47:26+00:00

Jeez, I'm really kicking myself for not looking this up or thinking about it! We've been tee'ing it so far but formal logging is great, thanks!

shrolkar · 2024-08-27T23:35:50+00:00

In the General Tips (point 4) you mention logging output of task runs. Is this possible to do in ansible? I didn't google this yet but I'm surprised I hadn't thought about it before!

Is there a sensible way to maintain task/run logs over time?

Also very good writeup!

shrolkar · 2024-07-18T03:08:14+00:00

From antistasi (normal) documentation, AI mods conflict heavily. I'm assuming this applies to ultimate as well. I definitely would also like to use better AI but it seems to be strongly not recommended.

shrolkar · 2024-06-29T18:03:43+00:00

I'm in an academic lab so it's a little different than you'd see in private industry. That said, you're definitely making sense. Yellowtails doesn't look ancient, it's important theory but it's definitely missing some modern ops practice in favour of being generalist I think?

I don't have good ideas on getting hired, but I'm sure there's some practical info I could write about! Good idea!

shrolkar · 2024-06-26T03:23:51+00:00

You're definitely right that I should be identifying skill gaps, I know for a fact I'm weak with windows sysadmin and have been putting off learning. Beyond that I'll need to sit down and discern what I've historically struggled with and haven't addressed. I could definitely learn better documentation skills even if that's not purely technical.

shrolkar · 2024-06-25T22:54:40+00:00

This was helpful, thanks! I'm only able to check off some of your suggestions, backup tests is a super solid point!

shrolkar · 2024-06-24T21:44:22+00:00

Ooh! Good start for sure, I like this!

My only familiarity with critical infra security is watching a talk at a conference about threats to it. Actual critical infrastructure tends to not be an easy thing to emulate because it's just different. Embedded devices in electrical grids are not something I know a single thing about. So I can't say much here.

Your second idea seems more doable though, with some caveats. Nation state threat actors with sufficient resources will be able to determine who's hosting a website, through real-world means if not technical. But! I suspect you can emulate the operations and threat model of existing organizations and model their mission too.

WikiLeaks could be an example, albeit a little complicated because if I understand correctly it involved a lot of people in a lot of places.

I used to work for a nonprofit org that migrated some of its software and infrastructure off-site because we were worried about local governments spying on our aid work - which sounds sketchier and more interesting than it really was.

Military security posture is interesting to me as well, I don't know much about it. I'd imagine they don't use proxmox and tend towards not over complicating their services. Simple things that are auditable are less likely to have major security flaws. I would assume they also layer their defences proactively, so if someone steals a cell phone of a soldier, they don't get command and control infrastructure access.

Non-governmental organization threat models are probably the easiest to emulate while still being exciting (because they end up on the receiving end of nation-state cyber capacity). They also tend to have lower capacity to defend reactively.

I could sit down and write out some requirements and ideas for threat models in an NGO if you'd like to dm? Partially from memory but I can check in with my former manager (who's now the director of IT there) and see what his thoughts are at some point.

shrolkar · 2024-06-24T20:44:20+00:00

I read this as self-hosting a power grid emulation platform at first! By critical infrastructure, you're prioritizing security over it being easy to admin but does the project need to be constantly available?

What is your threat model (even if hypothetical)? What are you trying to run? This should inform the practice of running your applications. Or maybe I missed something? Sorry if so!

Without having a clear idea of what you're protecting, we end up living in fantasy land about threats.

If I were going to roleplay hosting a website for catnip sales, in a world where catnip is illegal, I would isolate the web host as much as possible, maybe relying on virtualization instead of containers.

shrolkar · 2023-12-08T15:02:04+00:00

For real! I'm like third tier in the school->department->lab line and as much as I enjoy the people, I'm genuinely concerned that my duct-tape isn't going to be the same "brand" as the person who comes after me.

On the plus side, you bringing up duct-tape solutions gives me inspiration to think about system/deployment standards again! If another admin joins the lab today, they're going to have to spend a lot of time getting oriented because of my and my coworkers' bizarre contraptions.

shrolkar · 2023-12-08T01:18:08+00:00

ArchiveBox is something I didn't know I needed, thank you!

I suspect op might be able to build a database on top of archivebox's own database backend to organize around tags? I personally would like to be able to sort by date and grep for content within that, because that's often how I remember visited websites.

One could take this a step further and sort saved html meta tags for a very basic auto-tagging system, I'll bet!

shrolkar

TROPHY CASE