Thank you, Josh

Soon after I delivered his order, Josh wrote a post on his blog about my USB to UART adapter line and the SHONEv1 LSOF project. I am so stoked!

Thank you Josh for praising my product and service, and I am going to roll a few SHONEv2 boards (and some testing gear DIY too) very, very soon. Sit tight and wait for it 🙂

Teardown & Reverse Engineering: Smart Card Reader (Images)

Recently a (quite wasteful) tax metering system upgrade generated loads of e-waste and a good source of dumpster diving. I scored a set of such tax metering hardware for PCs. I got the disused boards and peripherals, but not the computer itself.

I decided to check how much of the disused system I can repurpose and reuse in my own designs.

Insides of the card reader.

Continue reading “Teardown & Reverse Engineering: Smart Card Reader (Images)”

Warning: SSH root password hacking

I am pretty surprised to find out this is happening when I was debugging my L2TP/IPSec tunnel: someone is trying very hard to guess my root password over SSH. A quick check proved to me that my private cloud is under attack too.

Continue reading “Warning: SSH root password hacking”

Enforcing SSL

Somehow destiny brought me to StartSSL, a company that provides free SSL certificates. This prompted me to replace all existing CACert certificates and enforcing SSL on all publicly available entry points: blogs, bug tracker and git code repository.

If you have previously added the CACert root certificate to access my website, please remove them now as public entry points no longer requires that, and new entry points will be added with similar StartSSL (or other free services’) certificates.

Build Debian Almquist Shell (dash) for OS X (GNU bash ShellShock part 2)

Even after pushing bash to 4.3.26, the aftershock of ShellShock (pun intended) is still there, as a developer commented that even the bash43-026 patch is still a “whack-a-mole” job.

Since my other main operating system is Ubuntu and the 3rd most common used is Debian jessie/sid, I am replacing /bin/sh with dash, Debian Almquist Shell, at least for now.

Continue reading “Build Debian Almquist Shell (dash) for OS X (GNU bash ShellShock part 2)”

GNU bash ShellShock bug and how to fix it on OS X

Update: A new bash patch is released as bash-4.3.26. This article is updated to include the new patch.

Recently another UNIX bug broke out: ShellShock bug in GNU bash, the most commonly-used UNIX shell. It allowed arbitrary code execution. which is bad.

Test code, if you want to check:

env "() { ;:}; echo gah" bash -c "echo test"

If you see both gah and test, your system is vulnerable! Read on!

Continue reading “GNU bash ShellShock bug and how to fix it on OS X”

Cross-platform Apps

I have finalized the negotiation with the professor I preferred to cooperate with and she agreed to green-light my proposal as my graduation thesis project, Subtitler Pro, the computer assisted translation software based on an old project of mine called DST which was built for the translation community I still am part of, and my pending patent CN 201410215960.X, with an optional special request that I can make the final product an app that she can use. This special request made my life a little bit more difficult.

Long sentences and crazy brackets ahead. Read with care and maybe a piece of paper to assist parsing and understanding.

Continue reading “Cross-platform Apps”

VyRT Hacking (Part II): How Hackers Finds out Your Password, Quickly.

Before I say anything on this post, I hereby urge you to change your VyRT password immediately, as well as any services that shares a same password with it, NOW! Read on to see why.

This is going to be the most disturbing part of this series on VyRT hacking. Brace yourself when reading.

After the hacker dumped the database of VyRT, they can start dwelling in their lair of evil and start figuring out your passwords. If you are technologically savvy you may start to think that it would take them forever to figure out those securely hashed passwords one by one. No, think again before proceeding.

Continue reading “VyRT Hacking (Part II): How Hackers Finds out Your Password, Quickly.”

VyRT Hacking (Part I): How a website accidentally give out your information

Recently news came that the official community website of the band 30 Seconds to Mars was hacked and information leaked. No public information is available yet, but I think I have a theory how this hacking worked, and how you Echelons can minimize damage.

This post is going to be a little bit hard on tech bits, so proceed with care. If you are greeted with some strange concept, Wikipedia will be your friend.

Continue reading “VyRT Hacking (Part I): How a website accidentally give out your information”

SSD caching for Linux: bcache

So after all the mucking and messing I finally set up bcache on my desktop, running Ubuntu 14.04. I followed a modified procedure by my friend John and his article here (in Chinese) so I am rounding it up here, starting from a computer without an OS.

Continue reading “SSD caching for Linux: bcache”