Or… Notes on the IPMI Protocol Security Model. I wrote in Sold Down the River about the curious aspects of channels and authentication and users and all that stuff. Here’s a slimmed down model… and as a bonus a program that iterates through all the channels, users types, and authentication for a host, which is quite a bit of checking. mega_chan.py In any case I’m almost certain that I […]
npm is the defacto package manager for the node.js javascript network programming environment thingee. The folks who make npm have taken a security leap: npm no longer supports its self-signed certificates Ah, they build the bastions of light and goodness, protecting us from the sins of the masses by standing tall. So… how do you install npm, anyway? Ah, yes, you look it up on their site… let’s see… why, […]
I wrote this while I was at my company Elemental, and was meant for engineers to implement, so despite some of the very specific language for implementation purposes it was never meant to be dogmatic. I love the idea of calculating value based on… not much. I don’t know how accurate it is, but I can say that when run on systems (just before Elemental spontaneously combusted) it produced some really cool […]
I suppose this could be subtitled “why I won’t be going to Def Con again.” Last August I wrote a letter to Jeff Moss (who is the founder of Def Con) about the disturbing sexism – including a conference sponsored strip show – I personally witnessed on a short jaunt I took to Def Con along with some anecdotes from the Internet from some women who were harassed. He […]
Perhaps this should be subtitled Why I’ll Never Work at Microsoft. I don’t know, I don’t know, I don’t know where to begin, as the song goes. I started writing here on a whim. I don’t look at the traffic it may or may not get, and I haven’t accepted any comments or feedback to date; it’s simply a place for some thoughts, observations, and a tip or two, […]