art, audit, dinosaur, philosophy, security, tech, work

<3 Policy

December 8, 2014

Security Policies Let us praise, slay, and bury security policies together. A security policy is perhaps the best way to deal with the security monster. It concerns itself with business and...

dinosaur, tech

getting tcpdump to write to pcap format

November 3, 2014

I wouldn’t think I’d be writing something like this, but….. Apple changed the default of tcpdump to writeout pcap-ng format, which wireshark doens’t understand by default. Wasn’t sure what was...

code, dinosaurs, embedded, ipmi, python, security, tech

Get Device ID (moar IPMI… yawn….)

October 12, 2014

I’d had this sitting around for awhile and thought I’d take another look at it; in this I simply toss out an IPMI Get Device ID command and see what happens....

code, embedded, ipmi, security, tech

mega mega mega… chan chan chan….

September 4, 2014

Or… Notes on the IPMI Protocol Security Model. I wrote in Sold Down the River about the curious aspects of channels and authentication and users and all that stuff. Here’s...

crypto, philosophy, security, tech, web

certificates and security

August 5, 2014

npm is the defacto package manager for the node.js javascript network programming environment thingee. The folks who make npm have taken a security leap: npm no longer supports its self-signed certificates...

audit, data, philosophy, security, tech

The Dynamic and Depreciating Value of Computers

July 6, 2014

I wrote this while I was at my company Elemental, and was meant for engineers to implement, so despite some of the very specific language for implementation purposes it was never meant to...