monday, september 2nd, 2024

I took a loooong walk through a nearby park this morning, which was very nice. I'd like to get outside more now that the weather is cooling down a bit.

after that, I spent most of the day going through Practical Malware Analysis. I finished reading chapter 7 and did the first two labs. if I keep up a rate of one chapter per week, I'll be able to finish this book by the end of the year! I think that's a good goal to aim for. once I get the basics down from this book, I can go looking for some new material to dig through (and maybe celebrate by buying myself another book lol)

decided to give myself a treat and installed arch linux again

Ublock Origin

Youtube: SponsorBlock (skips ads within videos), DeArrow (replaces clickbait thumbnails & titles), Blocktube (block channels), Enhancer (Quality of Life features), Youtube-Shorts Block

Youtube Mobile: Youtube Vanced/Revanced Manager

Twitter: Minimal Theme extension

Tumblr: xKit/xKit Rewritten, Dashboard Unfucker, Stylus with "Old Tumblr Dashboard" userstyle

Spotify: xManager (desktop & mobile)

Firefox: High chance you'll love it and curse holding out for so long.

Linux: No whiney search box trying to Edge you, no ads in the start menu, no trending searches reminding you about celebrity gossip & politics.

i would move heaven and earth to avoid hearing one single advertisement

I've made some progress with my issue on Linux, but I do wonder why am I still trying to make this program work instead of touching grass. Am I a masochist and I didn't know until now?

When I'm reccing linux to non-linux users, part of the reason that I say "install it on an old computer" is that one of the things that people worry about when experimenting with new operating systems is that they'll break the computer beyond repair. Which isn't *likely*, but which is a non-issue when you're talking about a computer that was otherwise just going to be discarded.

I'm leery of recommending dual-booting or booting from a thumb drive to absolute newbies because they're hesitant to experiment on their daily-use computers (with good reason! They've been told not to click on things they don't understand and not to get out of their depth their whole lives so it's very difficult to try to suppress those instincts on the computer you use for school, even if it isn't the operating system you use for school).

So putting it on an old computer is like a free pass to computer class. You can't break what was already broken, so they feel more free to try different stuff.

And, like, I totally get where people are coming from when they say to run a VM, but I'm largely talking about users who aren't aware that they can have multiple profiles on their computer, or who have trouble switching between profiles on a shared computer.

I also see people saying "installing linux isn't any harder than installing windows" and A) that's going to depend on a LOT of variables and B) I don't know if you know this but the reason that most people don't buy bare metal PCs is because they don't actually know how to install an operating system. There are a ton of people in the world who I'd trust to assemble a gaming rig physically but who I think would really struggle with getting it to go from a mass of connected parts in a case to a computer that is running software.

here's something I've been working on recently. I plan to list this particular one in the shop as a one-off prototype when the braided trim comes in, and I'm working on making it appropriate for a larger scale release! I'd like to fix it so it has a side zip rather than a back zip, since I'm not a big fan of the "VM style middle of the shirring panel zipper" situation. however, since I'm not used to doing zippers yet, this was the best way to hide the amateur mistakes I made so the garment would still be wearable quality. It's also my first time doing corset lacing, and I, uh. Bluntly, it's kind of a mess. I think next time I'll install grommets instead of relying on my machine to produce neat buttonholes (on a similar note, i'm not a fan of how the strap button holes turned out, either). Maybe on a future release I'll add some kind of waist ribbon, too-- originally I tried to make one from scratch, but I didn't love how it came out, and eventually, i decided it was better to be Done and imperfect than to spend another 5 months trying to fix it. The lacing is some random lacing I found from an old dress i no longer own, and i think i would probably use a mint coloured ribbon on the final version (i may swap it out when I list it for sale)

this is made of the same rose fabric as my My Dear Rose Pintuck skirt, but I could probably make it out of other printed lawn type fabrics, or possibly burberry. I chose the fabric I did because I had a lot of it on hand.

I'd also like to add skirt lining, since I skipped out on that this time (the bodice is lined and hand-finished, but I was so tired of jacking with the zipper by this point I didn't want to even think about the logistics of adding skirt lining).

The sizing is on par with my usual work-- 100cm max bust, 88cm max waist-- but I'd like to find someone to commission to grade the bodice pattern for me. I imagine I could add to the shirring panel to some extent, but I don't know if that would be suitable for increasing the size more than, say, 10cm or so, and I'd like to make a plus size friendly version eventually. I DID make the straps extra long, though, so the button can be moved down for a taller figure.

The planned braid trim will go over the seams on the gathered skirt panel-- maybe some on the bodice as well? I'll do a mock up and decide. I'm thinking of mint braid for a little contrast. The bows are also hand-finished and detachable, but I just used whatever safety pins I had on hand, which wasn't ideal. It IS machine washable, aside from the bows, because I sealed up any raw edges with bias tape.

Flaws aside, though, I'm quite proud of this one, and it's a head and shoulders above my previous work in terms of construction quality.

What do you guys think?

AngelEgg EGL

also does anyone know why a (brand new, otherwise functional) HDD could fail to properly run any operating system i throw at it, and fail checksums on the partition table no matter how many tines i rewrite it?

like i can still read and write files to it just fine after formatting and partitioning (as proven by its use when recovering from the Arch incident that it caused), but any partitions i make are clearly fucked because it fails the checksum in gdisk every time (and the KDE partition manager is just as useless, it can't even find the partition table at all, let alone verify it)

and i've tried 3 different operating systems:

openSUSE (failed to properly install to the HDD, works fine in a VM with storage from my SSD)

Arch (fucked up my entire PC, even making my fedora install on my SSD unbootable, even though i followed the ArchWiki install guide to the letter and triple-checked everything)

Windows 11, specifically Nano11, which i confirmed runs fine off my SSD (ran extremely slowly on the HDD, with multi-second delays for even basic stuff like the start menu and the right-click menu, alongside constant issues with the OOBE)

Having digested the Bell's Hells finale I think I want to make some observations that, FULL DISCLOSURE, will veer into gentle criticism, but that's fine because we're all incredibly normal and mature and we'll just be cool about it.

I know that these last few episodes had to close out not just campaign 3 but presumably also this version of the show. I know the cast likes to revisit their old, iconic characters and that the constant references and connections to previous campaigns are really fun for them. But, fun as it was, I feel it came at the expense of crowding Bells Hells out of their own campaign.

I believe we have reached MCU Phase 4 (?) levels of callbacks and references to previous campaigns, which, in my opinion, M9 handled with much more restraint. Easier for the cast to do back then, you might say, with only one previous campaign and no supplemental series like EXU to weave in, but I would respond by reminding you that no one made them ratchet up the shared universe storytelling. To continue with the Marvel analogy, sometimes a Spider-Man story has pretty high stakes that might justify the X-Men or FF or Avengers showing up to help. If they're going to, fine, but you have to keep the focus on Spider-Man or you've failed to tell a Spider-Man story and you shouldn't have involved so many other heroes if they're just going to take away opportunities for his character development.

Also, with so many EXU installments and the main series only running 3 weeks a month, I thought campaign 3 really dragged compared to the others. Maybe that's because it was a lot less...vignette-y, I guess, than VM or M9? I'm guesstimating here but it felt like Bells Hells had identified the bad guys (and more or less what their plan was) about one-third into the campaign and the other two-thirds was pretty much exclusively about stopping it. Just not my preference for the pacing of a multi-year campaign.

As far as revisiting VM and M9 to give them updated endings, I found this...emotionally satisfying in the moment, let's say, but kind of narratively weak and cloyingly sentimental when considered after the fact. It reminds me (I am old) of the finale of Lost, which ends on an uplifting and feelgood scene. This emotional satisfaction lingers for a moment and then you (if you are me) realize that you will have to make your peace with the fact that the show has been promising answers to its many mysteries and will not be delivering on any of them. It's not a waste of time because you have enjoyed yourself, but you wish the show had delivered more relative to what it had promised. That's how I feel about Bells Hells.

Now I do want to note that if I had played Bells Hells as a home campaign I would have loved it! Would never have shut up about it. Would have been completely on board with the meta-references and the constant in-character arguing and planning and ethical debates that kept going in circles. Would have appreciated the players all taking big swings with their characters even if some of them weren't as successful as others. Would definitely have supported a final session that wrapped everything up a little too neatly, because it might have been the last time our crew could play after years together and the real world had gotten so unpleasant that maybe the fantasy world could lighten up just a bit. And while it's unfair to hold Critical Role to the same standards as a scripted show when it's not, we have to acknowledge that it's also not just some friends playing DnD at home with only themselves to satisfy.

Still love the program, still love the chemistry of the cast, still can't wait to see what they do next with this last EXU and then Daggerheart. The worst day fishin' is better than the best day workin' after all, but I hope some bigger fish will be biting next time.

are any of you not using Linux? you should be using Linux*.

"oh isn't it only for nerds?" no. can you use a computer well enough to read this post? then you can use it well enough to use Linux. if you use a popular distro like Mint you can fix most problems by googling. (or just pop into IRC. seriously. there's a whole community of volunteer experts just waiting to give you help.)

"oh nobody supports Linux" yeah because nobody uses it. use it. and this isn't even really a valid argument, because basically everything has Linux equivalents anyway. need a browser that won't spy on you or ban adblockers (you know who I'm talking about)? firefox. Need a program to edit Word documents? LibreOffice. Want to play games? Steam has excellent support for Windows-only titles through Proton and Lutris works for every other platform.

and if you are techy you can customise literally anything. I have been using Arch as my primary operating system for the past year and it works like a dream and I have everything set up exactly the way I want it.

oh yeah, and also it's 100% free and respects your privacy and doesn't shove AI Copilot down your throat. seriously stop reading this and try Linux Mint on a VM or LiveUSB or something. you don't even need to touch your windows install.

*(except Ubuntu. fuck Ubuntu. Canonical really looked at this amazing potential and thought "wow, but how can we make it shittier and more corporate so it makes us more money?" don't use Ubuntu.)

@arch-official, im installing arch in a vm to learn how to install it, but i am still gonna use @debian-official based distros

Tools of the Trade for Learning Cybersecurity

I created this post for the Studyblr Masterpost Jam, check out the tag for more cool masterposts from folks in the studyblr community!

Cybersecurity professionals use a lot of different tools to get the job done. There are plenty of fancy and expensive tools that enterprise security teams use, but luckily there are also lots of brilliant people writing free and open-source software. In this post, I'm going to list some popular free tools that you can download right now to practice and learn with.

In my opinion, one of the most important tools you can learn how to use is a virtual machine. If you're not already familiar with Linux, this is a great way to learn. VMs are helpful for separating all your security tools from your everyday OS, isolating potentially malicious files, and just generally experimenting. You'll need to use something like VirtualBox or VMWare Workstation (Workstation Pro is now free for personal use, but they make you jump through hoops to download it).

Below is a list of some popular cybersecurity-focused Linux distributions that come with lots of tools pre-installed:

Kali is a popular distro that comes loaded with tools for penetration testing

REMnux is a distro built for malware analysis

honorable mention for FLARE-VM, which is not a VM on its own, but a set of scripts for setting up a malware analysis workstation & installing tools on a Windows VM.

SANS maintains several different distros that are used in their courses. You'll need to create an account to download them, but they're all free:

Slingshot is built for penetration testing

SIFT Workstation is a distro that comes with lots of tools for digital forensics

These distros can be kind of overwhelming if you don't know how to use most of the pre-installed software yet, so just starting with a regular Linux distribution and installing tools as you want to learn them is another good choice for learning.

Free Software

Wireshark: sniff packets and explore network protocols

Ghidra and the free version of IDA Pro are the top picks for reverse engineering

for digital forensics, check out Eric Zimmerman's tools - there are many different ones for exploring & analyzing different forensic artifacts

pwntools is a super useful Python library for solving binary exploitation CTF challenges

CyberChef is a tool that makes it easy to manipulate data - encryption & decryption, encoding & decoding, formatting, conversions… CyberChef gives you a lot to work with (and there's a web version - no installation required!).

Burp Suite is a handy tool for web security testing that has a free community edition

Metasploit is a popular penetration testing framework, check out Metasploitable if you want a target to practice with

SANS also has a list of free tools that's worth checking out.

Programming Languages

Knowing how to write code isn't a hard requirement for learning cybersecurity, but it's incredibly useful. Any programming language will do, especially since learning one will make it easy to pick up others, but these are some common ones that security folks use:

Python is quick to write, easy to learn, and since it's so popular, there are lots of helpful libraries out there.

PowerShell is useful for automating things in the Windows world. It's built on .NET, so you can practically dip into writing C# if you need a bit more power.

Go is a relatively new language, but it's popular and there are some security tools written in it.

Rust is another new-ish language that's designed for memory safety and it has a wonderful community. There's a bit of a steep learning curve, but learning Rust makes you understand how memory bugs work and I think that's neat.

If you want to get into reverse engineering or malware analysis, you'll want to have a good grasp of C and C++.

Other Tools for Cybersecurity

There are lots of things you'll need that aren't specific to cybersecurity, like:

a good system for taking notes, whether that's pen & paper or software-based. I recommend using something that lets you work in plain text or close to it.

general command line familiarity + basic knowledge of CLI text editors (nano is great, but what if you have to work with a system that only has vi?)

familiarity with git and docker will be helpful

There are countless scripts and programs out there, but the most important thing is understanding what your tools do and how they work. There is no magic "hack this system" or "solve this forensics case" button. Tools are great for speeding up the process, but you have to know what the process is. Definitely take some time to learn how to use them, but don't base your entire understanding of security on code that someone else wrote. That's how you end up as a "script kiddie", and your skills and knowledge will be limited.

Feel free to send me an ask if you have questions about any specific tool or something you found that I haven't listed. I have approximate knowledge of many things, and if I don't have an answer I can at least help point you in the right direction.

just realised how weird it is to use my kinda old work laptop instead of my more modern and powerful desktop to work on everything on (ive been ssh-ing in for years now). so i'm installing arch linux in a vm and will report back on how well it goes

Tried to install arch on a vm, went okay until i got hit with a issue i just do for know how to solve. I swear i spent like an hour trying to figure out what i could do to fix it. I got the bootloader working

Solaris first try

So I thought that since I use this domain now I might as well try out the last available version of Solaris.

I have to say that it's better than I thought. I mean, the software is still from 2018 and I don't know how to update the software / install new one since there is no software store and I don't think it is compatible with any packages found online (No .deb / .rpm and I think it is to old for things like Flatpaks) but even in a VM it runs pretty smoothly.

It runs a modern looking GNOME Desktop but still has the old and detailed 2018 Icons which do look nice. It has an ancient version of Firefox (the old look definitely brought back some memories) that can't properly load modern websites anymore (tested on [tumblr] and nothing else).

Firefox failing to load [tumblr]

Even though I can't really use this version for anything I might try out its open source continuation (I think it's called OpenIndiana?) in the future.

SQL Server 2022 Edition and License instructions

SQL Server 2022 Editions:

• Enterprise Edition is ideal for applications requiring mission critical in-memory performance, security, and high availability

• Standard Edition delivers fully featured database capabilities for mid-tier applications and data marts

SQL Server 2022 is also available in free Developer and Express editions. Web Edition is offered in the Services Provider License Agreement (SPLA) program only.

And the Online Store Keyingo Provides the SQL Server 2017/2019/2022 Standard Edition.

SQL Server 2022 licensing models 

SQL Server 2022 offers customers a variety of licensing options aligned with how customers typically purchase specific workloads. There are two main licensing models that apply to SQL Server:  PER CORE: Gives customers a more precise measure of computing power and a more consistent licensing metric, regardless of whether solutions are deployed on physical servers on-premises, or in virtual or cloud environments. 

• Core based licensing is appropriate when customers are unable to count users/devices, have Internet/Extranet workloads or systems that integrate with external facing workloads.

• Under the Per Core model, customers license either by physical server (based on the full physical core count) or by virtual machine (based on virtual cores allocated), as further explained below.

SERVER + CAL: Provides the option to license users and/or devices, with low-cost access to incremental SQL Server deployments.   

• Each server running SQL Server software requires a server license.

• Each user and/or device accessing a licensed SQL Server requires a SQL Server CAL that is the same version or newer – for example, to access a SQL Server 2019 Standard Edition server, a user would need a SQL Server 2019 or 2022 CAL.

Each SQL Server CAL allows access to multiple licensed SQL Servers, including Standard Edition and legacy Business Intelligence and Enterprise Edition Servers.SQL Server 2022 Editions availability by licensing model:  

Physical core licensing – Enterprise Edition 

• Customers can deploy an unlimited number of VMs or containers on the server and utilize the full capacity of the licensed hardware, by fully licensing the server (or server farm) with Enterprise Edition core subscription licenses or licenses with SA coverage based on the total number of physical cores on the servers.

• Subscription licenses or SA provide(s) the option to run an unlimited number of virtual machines or containers to handle dynamic workloads and fully utilize the hardware’s computing power.

Virtual core licensing – Standard/Enterprise Edition 

When licensing by virtual core on a virtual OSE with subscription licenses or SA coverage on all virtual cores (including hyperthreaded cores) on the virtual OSE, customers may run any number of containers in that virtual OSE. This benefit applies both to Standard and Enterprise Edition.

Licensing for non-production use 

SQL Server 2022 Developer Edition provides a fully featured version of SQL Server software—including all the features and capabilities of Enterprise Edition—licensed for  development, test and demonstration purposes only.  Customers may install and run the SQL Server Developer Edition software on any number of devices. This is  significant because it allows customers to run the software  on multiple devices (for testing purposes, for example)  without having to license each non-production server  system for SQL Server.  

A production environment is defined as an environment  that is accessed by end-users of an application (such as an  Internet website) and that is used for more than gathering  feedback or acceptance testing of that application.   

SQL Server 2022 Developer Edition is a free product !

i’ve spent literally all day troubleshooting and trying to figure out how to install and run this stupid abandonware game on a vm