Adam Buran aburan28

... my first disclosure. Man, it feels weird doing this.

update 6/6/16 I would like to stress something: I'm not saying "Don't buy an ASUS device" -- I see a lot of people who want to lambaste ASUS for this and boycott their hardware. This isn't what I want people to be doing by any stretch. Stupidly, I like the ASUS hardware I have (it's nice for the price) and I would rather see a pressure on ASUS as an OEM to stop shipping "value added software" to consumers; If you want to help Microsoft in pushing this mentality, go buy a signature machine from them. Microsoft provides support, but also only ships windows and a few select utilities that are essential to the functioning of the system (think: Radeon/Optimus and nVidia control panels) and fall heavily on the hardware makers (ATI, nVidia, Intel) to provide support for the harware.

Consider an ASUS device all you want. Start putting pressure on Microsoft that consumers want bloat-free devices and start voting with your money. Microsoft's store

System Design Cheatsheet

Picking the right architecture = Picking the right battles + Managing trade-offs

Basic Steps

Clarify and agree on the scope of the system

User cases (description of sequences of events that, taken together, lead to a system doing something useful)
- Who is going to use it?
- How are they going to use it?

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

A Russian translation of this article can be found here, contributed by Timur Demin.
A Turkish translation can be found here, contributed by agyild.
There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Hello software developers,

Please check your code to ensure you're not making one of the following mistakes related to cryptography.

I. General Mistakes

Writing your own home-grown cryptography primitives (For example: Mifare Classic)
- Exception: For the sake of learning, but don't deploy it in production.
Using a fast hash function (e.g. MD5, SHA256) for storing passwords. Use bcrypt instead.
Not using a cryptographically secure random number generator

📂 Persistent "pipes" in Linux

In a project I'm working on I ran into the requirement of having some sort of persistent FIFO buffer or pipe in Linux, i.e. something file-like that could accept writes from a process and persist it to disk until a second process reads (and acknowledges) it. The persistence should be both across process restarts as well as OS restarts.

AFAICT unfortunately in the Linux world such a primitive does not exist (named pipes/FIFOs do not persist

	{
	"AWSEBDockerrunVersion": "1",
	"Image": {
	"Name": "<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<NAME>:<TAG>",
	"Update": "true"
	},
	"Ports": [
	{
	"ContainerPort": "443"
	}

	From fc07e715ec5c20b461f4fda4014f755a53a39d5a Mon Sep 17 00:00:00 2001
	From: Djalal Harouni <[email protected]>
	Date: Thu, 21 Jan 2016 12:49:41 +0100
	Subject: [PATCH] nspawn: just a quick patch to test overlayfs uid shift

	Signed-off-by: Djalal Harouni <[email protected]>
	---
	src/nspawn/nspawn-mount.c \| 25 ++++++++++++++++++-------
	src/nspawn/nspawn-mount.h \| 1 +
	src/nspawn/nspawn.c \| 1 +

	# Signatures to detect successful abuse of the Juniper backdoor password over telnet.
	# Additionally a signature for detecting world reachable ScreenOS devices over SSH.

	alert tcp $HOME_NET 23 -> any any (msg:"FOX-SRT - Flowbit - Juniper ScreenOS telnet (noalert)"; flow:established,to_client; content:"Remote Management Console\|0d0a\|"; offset:0; depth:27; flowbits:set,fox.juniper.screenos; flowbits:noalert; reference:cve,2015-7755; reference:url,http://kb.juniper.net/JSA10713; classtype:policy-violation; sid:21001729; rev:2;)
	alert tcp any any -> $HOME_NET 23 (msg:"FOX-SRT - Backdoor - Juniper ScreenOS telnet backdoor password attempt"; flow:established,to_server; flowbits:isset,fox.juniper.screenos; flowbits:set,fox.juniper.screenos.password; content:"\|3c3c3c20257328756e3d2725732729203d202575\|"; offset:0; fast_pattern; classtype:attempted-admin; reference:cve,2015-7755; reference:url,http://kb.juniper.net/JSA10713; sid:21001730; rev:2;)
	alert tcp $HOME_NET 23 -> any any (msg:"FOX-SRT - Backdoor - Juniper Scr

	import _json as j
	import array
	import struct
	import sys

	ver = sys.version_info[0]

	eip = 0x11223344
	eip_control = struct.pack("@I", 0) + \
	struct.pack("@I", eip) + \

	# Add postgresql repo and update apt listing
	echo "deb http://apt.postgresql.org/pub/repos/apt/ squeeze-pgdg main" > /etc/apt/sources.list.d/pgdg.
	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc \| sudo apt-key add -
	sudo apt-get update
	sudo apt-get upgrade

	# Stop all running postgresql servers -- needed for migration of 9.3 data to 9.4 (pg_upgrade execution)
	sudo /etc/init.d/postgresql stop

	# Must link conf file into data directory since it's expected there by pg_upgrade.