Monthly Archives: March 2023

Holman CLXRGB60 RGB WiFi garden light controllers and tasmota

Today I went forth to Bunnings in the rain to purchase a Holman CLXRGB60 RGB garden light controller so that I too could have fancy lighting in my garden and impress all those guests I never have over. I had been given hope by the Blakadder site that I would be able to flash tasmota onto the controller so it integrated with my Home Assistant home automation. Unfortunately, it was not to be. Despite the device being TYWE3L based, the warning on the blakaddr site was correct, and this is a next-gen Tuya device where the crypto hasn't been broken yet. Then again, I couldn't even get this device to pair in the Holman app, so it clearly hates me. This unfortunately means the excellent instructions from Jon Oxer were unforunately not helpful today. I think there is a theoretical option here to flash using the serial pins on the board, ala this guide. Also, it means my hair got wet for nothing. So as to take revenge for my wet hair I have decided to pivot. The Holman lights seem quite well made, but they're just 12 volt RGB PWM devices. So I can use their lights and build…

Continue ReadingHolman CLXRGB60 RGB WiFi garden light controllers and tasmota

Minor questions in Linux file semantics

  • Post author:
  • Post category:Linux

I’ve known for a long time that if you delete a file on Unix / Linux but that file is open somewhere, the blocks used by the file aren’t freed until that user closes the file (or is terminated), but I was left wondering about some other edge cases.

Shaken Fist has a distributed blob store. It also has a cache of images that virtual machines are using. If the blob store and the image cache are on the same filesystem, sometimes the image cache entry can be a hard link to an entry in the blob store (for example, if the entry in the blob store doesn’t need to be transcoded before use by the virtual machine). However, if they are on different file systems, I instead use a symbolic link.

This raises questions — what happens if you rename a file which is open for writing in a program? What happens if you change a symbolic link to point somewhere else while it is open? I suspect in both cases the right thing happens, but I decided I should test these theories out.

(more…)

Continue ReadingMinor questions in Linux file semantics

Malware Analyst’s Cookbook and DVD

  • Post author:
  • Post category:Book

Another technical book, this time because my employer lets me buy random technical books as long as I pinky swear to read them and this one sounded interesting and got good reviews. First off, the book is a bit dated given its from 2011 -- there are lots of references to Ubuntu 10.10 for example and they say to avoid Python 3, which has its historical charm. This is unfortunate given the first section of the book talks about setting up honeypots to collect malware to examine, but Dionaea for example had its last commit in 2021. I am left wondering if there are more modern honey pot systems that people use these days. Secondly the book is definitely a cookbook and that's on me for not noticing this about the book before buying it -- its a series of recipes / scripts that do interesting things with malware. That said, it isn't really teaching a cohesive set of skills, its more of a series of stepping stones along the path you might follow. I think that's an unintended piece of important learning -- books with "cookbook" or "recipes" in their title probably aren't very good as an overview of…

Continue ReadingMalware Analyst’s Cookbook and DVD

The BeyondCorp papers

Google’s BeyondCorp effort would probably be what we would now call Zero Trust, although I am surprised by how little name recognition BeyondCorp has when I talk to security people about Zero Trust. Perhaps there are subtle differences between the two, but if there are they aren’t obvious to me. I find myself reading the relevant Usenix papers for BeyondCorp, so I figure I’ll post a summary of what I got from each paper here.

The earliest of these papers are quite old now (2014), especially for something the rest of the industry is only starting to talk a lot about at the moment. I wonder if there is a viable business model in watching what papers megacorps like Google publish, and the implementing them as commercialized products before the rest of the market catches on?

Either way, here’s a summary of the various papers from the perspective of an interested bystander…

(more…)

Continue ReadingThe BeyondCorp papers

End of content

No more pages to load