Learning Standard ML

I have been learning Standard ML in the past few weeks. My main resource has been the excellent book ML for the Working Programmer (2nd Edition) by Paulson. So far I’ve gotten through Chapter 9. Paulson really did an excellent job with this book, and I’ve had the a-ha! moment in my head quite a few times so far. SML seems to change the way that you think about programming and problem solving in general.

SHIM Security Improvements

The other day I noticed that SHIM was vulnerable to CSRF attacks, so I decided to fix that. To do this I used nosurf. It ended up being pretty simple: just plug in nosurf as middleware for your requests, and then plug the token values in a hidden <input> element somewhere inside your <form>. While implementing this, I also saw that SHIM’s Delete Post page had a security vulnerability: it didn’t follow the HTTP specification.

Magnetic Stripe Reader Teardown

In April, I started reverse engineering the MSR605X magnetic stripe reader. Progress has basically paused at this point as I handle other affairs, but I figured that I may as well document what I have learned so far. My code for this little project is on Gitlab. This post won’t describe how magstripe readers work. If you’re interested, Major Malfunction gave an excellent in-depth talk on the subject. For this post, we only need to know that chip on the magstripe reader measures some stuff and sends us some bytes via USB.

A Blog... with Comments!

As Jeff Atwood says, a blog without comments is not a blog. That means that today is the day that my blog becomes an actual blog! Comments have always been an issue on this site, since I run it using a static site generator with a pretty UI on top. Thus, my site has been just plain files - and it’s been pretty darn fast. But how can a static website have dynamic comments?

Identity Hijacking: A Social Engineer's Tool

In today’s age, your identity is one of the most precious things you have. An identity has a reputation, which impacts what resources it may access. For example, your identity (John Doe) has a FICO score, which directly affects the capital you may raise in a loan. Your identity can also affect your ability to obtain a security clearance or pass a background check. But what happens when your identity isn’t yours?

An Update on SHIM & My Other Projects

I’ve started working on my open source stuff again, and it’s exactly as fun as I remembered it! I’m now developing code on Gitlab instead of Github, because of the recent acquisition of the latter. Despite Microsoft’s recent efforts to be more friendly to the libre software community, their actions are still detrimental. Patents, DRM, and vendor lock-in are terrible for the end-user’s freedom. Thus, I am taking a principled stance and moving my personal projects to Gitlab.

Rice, Rice, Baby

I promised an update on my (Thinkpad X200) laptop upgrade, so here it is. Hardware I swapped out the old miniscule 120 GB (!!!) hard drive with a new and shiny 1 TB drive. Moreover, I went and upgraded the ram in the laptop from a single PC3-10600 4GB board to two 4 GB PC-8500 boards. I also went ahead and replaced my delapidated keyboard (where the Super and / keys were broken) with a new keyboard.

A Brief Update

Woah? A blog post? There hasn’t been one of these in nearly two years! What does it mean? It means I’m back to writing. I’ve simply got too much on my mind to be quiet. Expect some content to come out in the next few weeks (and months). Reverse Engineering Over the past two years I’ve done of a lot of stuff. But I’ll post whatever I legally can on the internet.

Snaps vs Flatpaks in 2016

In case you didn’t know, Snaps and Flatpaks are touted as the new universal application packaging formats for Linux. This post is a simple overview of my thoughts on each. Snap Currently, Canonical is pushing Snaps as the new packaging format. Snappy, the package manager is written in Python and Go. Currently, the package manager is licensed GPLv3. For snaps, interfaces look good. It reminds me of OSGi and Android’s old sandboxing system.

I Told You So, Lefties

Last Tuesday was Election Day in the United States, and after the dust settled quite a few people were shocked. Liberals and lefties, this is what happens when you get trapped inside your safe space echo chambers. When you ignore things that upset you, you ignore the truth. You leftists got cocky, and now you’ve lost. Congratulations, the right is in control now. We have the Senate, we have the House, we have the SCOTUS appointments, and we have the Presidency.