Dated fairly regularly.
As of July 22, 2022, this is what I’m doing:
Current Focused Activities
- Custom high-performance timers
- Modulo address jumping
Finished the private cloud; has the following:
Private Root PKI CA
- Private DNS Root Servers w/ DNSSEC support
Secondary focus is DNSSEC and writing a Python libary module to perform intensive security check against DNSSEC for any weakness or failure points.
I’ve completed my Bind9 parser as my large exercise in using PEG (parser expression grammer). This guide on Parsing: Algorithms and Terminology is a great start for anyone. This allows Python to read complex ISC Bind9 named configuration file into a Pythonized nested array.
I’ve finished a tiny bash shell front-end to OpenSSL to provide appropriate TLS/SSL certificates in many setup modes. It’s called Multi-level Certificate Authority Management tool, front-end tool to OpenSSL, written in bash shell. and helps us to reduce OpenSSL option conflict errors between options by providing actual workable pairups of CLI options toward OpenSSL. Useful if running your own Internet DNS infrastructure.
Also expanding stock Vim highlight for ISC Bind named configuration file from version 9.4 to 9.20. My current work-in-progress is called vim-syntax-bind-named.
- I run my main web server on a InterServer VPS.
- I normally access my remote files through a custom-made bastion SSH server as well as a SSH jump server.
- I use Let’s Encrypt for all my public PKI needs for TLS/SSL.
- I post the latest HTTP CSP here.
- I use Debian to install OS for all my gateway, desktop, and laptop needs.
- QubeOS is now the primary desktop.
- Proxmox is the cloud server in my white lab having many VMs running.
- I use Homebrew to install Unix-y programs on Macbooks.
- I’m partial to both Hack and Consolas for my monospaced fonts. Otherwise I use IBM Plex fonts.
- Gentoo Linux for all my embedded host needs, of which my gateway is using
libmusl(not libc6) because
LD_PRELOADis hardcoded into libc and it is way too easy for non-root user to hijack any process this way. Also use OpenRC (instead of
systemdbecause systemd opens network sockets at PID1 thus it is way too easy for a trojan to be slipped into; OpenRC PID 1 uses no network socket).
- My secret for avoiding the siren call of the internet is my personal home gateway. I have two blocklists: (1) antisocial, which blocks Facebook and Twitter, and (2) nuclear, which blocks everything. I have the antisocial blocklist enabled on my laptop and phone from 8:00 AM–6:00 PM and 8:30 PM–11:30 PM. Since I accidentally discovered that it’s relatively easy to circumvent the blocking on the Mac, I also use Focus with the same schedule.
- I also have another Internet in which I exclusively work within without distraction.
- I was an early convert to Todo.txt and used it for years until my tasks and projects got too unwieldy. I switched to Taskpaper for a while before recently settling on 2Do (due to incredibly positive reviews), and I’m in love.
- Fantastical 2‘s natural language input is a glorious thing.
- I keep a log of what I work on (and occasionally do more traditional diary-like entries) with Day One 2 on both iOS and macOS.
- I use TextExpander to replace and expand a ton of snippets, and I use Keyboard Maestro to run dozens of little scripts that help control my computer with the keyboard.
- I use Übersicht to show weather, iTunes track information, and my todo lists on my desktop.
- I no longer use Dropbox nor NextCloud. OwnCloud is a end-to-end encryption file server and provides all my Internet file serving needs without any privacy loss.
- I run a transparent proxy server between my ISP and my gateway router. That is the jewel of my past cybersecurity research minuate. It runs Zeek (used to be called Bro-IDS), Suricata, and Snort on an undisclosed but hand-built platform. Packet analysis remains my forte.
- Also this transparent proxy server runs Squid Proxy along with many custom-made ICAP modules of mine.
- has HTTPS/ICAP server (to block DNS-over-HTTP)
- has TLS/ICAP server (to block DNS-over-TLS)
- I use ISC Bind9 to support this website’s DNSSEC and to maintain a hidden master with quad secondary nameservers as well as a hidden bastion nameserver. I run my own private Root Servers with DNSSEC within my WhiteLab.
- Things that I publically post are on GitHub.
- Found microcode vulnerabilty bug in QEMU TLB cache reload failure during my Unicorn that emulates just about any file-less malware.
- Things that I do not publically post stay inside my White Lab.
- I use R and RStudio for most of my statistical computing, and I’m a dedicated devotee of the tidyverse (especially ggplot2 and dplyr). I sometimes use knitr and RMarkdown, but I generally just export figures and tables from R and reference them in my writing rather than making full-blown literate documents.
- I also use Python (3!) pretty regularly, especially for natural language processing (with nltk) and web scraping (with Requests + BeautifulSoup). Every few months I play with pandas and numpy and Jupyter, but I’m far more comfortable with R for scientific computing.
- I use RStudio for editing R files, but I use Sublime Text 3 for everything else.
Source Code Revision Controls
- Git (Github, Gitlab, sr.ht)
- Mercurial (Mozilla Firefox)
- Atlassian Confluence
- Assembly, x86, MIPS, ARM, MPB860, i960,
I keep all my autoconfiguration of many network daemons in here.
- CISecurity Level 1 and 2
- many government standards
- maintain a default deny-firewall using newer
nftables. Also maintain Vim syntax highlighter for 430 keywords used eithin
nftcommand line here.
- Wrote a protocol to connect LAN bridges together from 1,000s of miles apart and called it Bridge Relay Element; that one worked really well with remote sites like savannah Africa via X.25, Frame Relay, and shortwave radio.
- Wrote, rewrote, rewrote, ported, and re-ported PPP-over-Ethernet for many employers.
- Xeon, 24-core, with a mixture of 24TB RAID5 HD storage and 6TB RAID1 SDD storage.
- Dell Optiplex and Precison hardware for all my gateway, servers and security needs.
- 2016 13″ MacBook Pro, iPad Mini 2, and iPhone 6s. Some smattering of iPods and odd Internet thingies.
- Raspberry Pi for my Kerberos/LDAP ticketing and multiple-session/single-login SAML needs across all GUI devices above (except for iPhone).
- PinePhone (the original) is also a hobby of mine, with focus on profiling the cellular firmware API.
- often make my own toolchains from scratch (full toolchains for cross-platforms).
- wrote a bootloader for a radition-hardened CPU. Improved TCP protocol (called TCP-Westwood) with Sally Floyd of ISC for bit rot compensation.
- Xilinx ARM, Real-Time Linux, ruggedized portable test unit; full integration of U-Boot, BusyBox, USB file downloader; Yocto build.
- performed full FPGA troubleshooting and resolution for RocketIO issues within noisy EMP environment. Successful demonstration at customer site. Project approved.
- Efficient Network ENI3600 ATM PCI adapter card. Helped John Williams of US Navy to extend Linux ATM driver for this product. Also wrote PPPoE protocol for maximum theoretical throughput.
- MIPS evaluation board, a complete bootup of VxWorks Real-Time OS, enahnced Ethernet driver for maximum throughput.
- Motorola MPC850, a complete writeup of bootup sequence; wrote PPPoE from scratch, again.
- Intel i960, a complete writeup of bootup sequence and Ethernet driver for VxWorks RT-OS
- many Software-Defined Radio using many tools
- Motorola 68000, vendor OS, pure assembly programming, including floppy drive controller
- used to memorize the entire instruction set of Motorola 68000 and Intel x86-32 in hexidecimal; and programmed assembly using hexicode values, as well as mnenmonic opcode/operands.
- breadboard, I have lots, lots and lots of breadboards
- I permanently ditched Microsoft Word as a writing environment in 2004. I do all my writing in joplin Markdown (including e-mails and paper-and-pencil writing)—it’s incredibly intuitive, imminently readable, flexible, future proof, end-to-end encrypted, and lets me ignore formatting and focus on content. I like it that I can use on Linux and Apple interchangably via OwnCloud.
- The key to my writing workflow is the magical joplin, which converts Markdown files into basically anything else.
- I store all my bibliographic references, books, and articles in a BibTeX file that I edit with BibDesk.
- I read and annotate all my PDFs with Skim (and iAnnotate on iOS), since both export annotations as clean plain text.
- I’ve written, filed, and have been awarded several patents. Those awarded patents are available upon request.
- Filed patents are pending and hopefully will be awarded.
- Unfiled patents will be kept as unfiled and unreported.