Categories
Hardware Process Tampa Bay What I’m Up To

Scenes from Days 4 and 5 of the “UC Baseline” cybersecurity program at The Undercroft

Day 4 of the Hardware 101 component of the UC Baseline cybersecurity program was all about security for the enterprise, which naturally included topics such as servers. Not everyone in the class has had the opportunity to tour a server room or data center, and this was their chance to see these machines up close.

Unlike the previous days, we did not attempt to dismantle and then reassemble the servers — this was a “look, but don’t touch” sort of lesson.

We also had a guest lecturer who gave us a pretty thorough walkthrough of the sorts of things involved in an enterprise server/data center setup, some of which went way over my head. I don’t see a sysadmin/system architect role in my future, but it might not hurt for me to do some supplementary reading on this topic.

Day 5 was the final day of Hardware 101 and started with something that I’ve always been terrible at: Making networking cables.

Arrrrgh.

We also spent some time looking over all sorts of intrusion devices, such as the incredibly cute “Pwnagotchi”, a Raspberry Pi Zero-based device that “listens” to wifi chatter to feed its machine learning program in order to figure out wifi passwords.

It uses an e-paper screen, which is quite legible and consumes little power.

It’s incredibly small:

Here’s a Pwnagotchi beside a U.S. quarter for size reference:

A great way to steal information to gain access to people’s accounts and systems is to set up a fake wifi hotspot at a place that offers free wifi, such as Starbucks. That’s what the Wifi Pineapple is for — people connect to it, thinking they’re connecting to Starbucks wifi. You route their signals through to the real Starbucks wifi, but you’re the go-between, and can “see” everything that your marks are sending on the internet: the data they’re passing back and forth, including stuff like user IDs and passwords:

Here’s the actual unit:

Here’s a wrist-mounted device for performing wifi de-authentication attacks:

It sends out a signal that causes devices currently connected to wifi to disconnect. You could use it in tandem with a Wifi Pineapple to force people to disconnect from the real wifi and then connect to the Pineapple instead, enabling you to read their internet communications.

If you really want to “sniff” all the wifi traffic in the room, you’ll want one of these — a high-gain antenna system hooked to a network interface controller (NIC) that reads signals in “promiscuous mode”, a capability that’s disabled in most NICs. In promiscuous mode, you can capture all wifi traffic instead of the bits of data that you’re authorized to receive. It’s a good network diagnostics tool — and it’s also useful for getting up to no good:

And finally, the Shark Jack. Plug it into someone’s network, either via the ethernet jack or USB, and it will execute scripts to get a map of the network or even deliver a payload somewhere onto the system:

It’s basically a real-world version of the device that Tony Stark slipped onto the command console of the SHIELD helicarrier in the first Avengers movie (it’s at the 0:44 mark):

I may have to invest in one of those bad boys. For research purposes, you understand.

We also had a guest lecturer who delivered a very thorough and informative presentation on getting started in cybersecurity. I’ll have to post notes on it later:

And at the end of the day, we were each issued our very own Raspberry Pi 4 Model B’s!

These were the Labists versions, and I have to say, I prefer their offering over Canakit’s.

Here’s what the board looks like:

It has some pretty impressive specs, especially when you consider that it retails for under $100:

  • Processor: Quad core Cortex-A72 (ARM v8) 64-bit SoC, running at 1.5GHz
  • RAM: 4 GB
  • “Hard drive”: Micro-SD card slot. This model comes with a 32 GB card
  • Networking:
    • 2.4 GHz and 5.0 GHz IEEE 802.11ac wifi
    • Bluetooth and Bluetooth LE (low energy)
    • Gigabit ethernet
  • USB ports: 2 USB 2 ports, 2 USB 3 ports
  • Video: 2 micro-HDMI ports, with support for 4Kp60 video
  • Other ports:
    • Raspberry Pi 40-pin GPIO (general purpose input/output)
    • 2-lane MIPI DSI display port
    • 2-lane MIPI CSI camera port
    • 4-pole stereo audio/composite video port

It also comes with a pretty nice case…

…a power supply with an actual on/off switch on the cord, and not one, but two micro-HDMI to full-size HDMI cables…

…heatsinks and a fan, plus a screwdriver…

…and a micro-SD card and USB adapter so that you can use your standard computer to download an OS…

I spent some time over the weekend noodling with it, and wow, is it a fun computer to play with!

We’re expected to use it for this week’s classes, which make up the “Networking 101” portion of the UC Baseline program. I’m looking forward to it!

Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, July 27, 2020)

Banner: Tampa Bay ONLINE tech, entrepreneur, and nerd events - Monday, July 27 - Sunday, August 2, 2020 - GlobalNerdy.com

Hello, Tampa Bay techies, entrepreneurs, and nerds! Welcome to the weekly list of online-only events for techies, entrepreneurs, and nerds based in an around the Tampa Bay area.

Keep an eye on this post; I update it when I hear about new events, it’s always changing. Stay safe, stay connected, and #MakeItTampaBay!

Saturday: The Suncoast Developers Conference

Suncoast Developers Guild aren’t just a coding school — they’re a pillar of the Tampa Bay tech scene, and this place is all the better for their being around. Here’s one reason: they hold events like the upcoming Suncoast Developers Conference, which will happen online on Discord this Saturday, August 1, 2020.

At this free event, you’ll see Tampa Bay’s developers showcase and share their knowledge with others. They’ll cover all sorts of topics in bite-size (10 – 15 minute) presentations.

The conference will also feature some of Suncoast Developers Guild’s recent code school grads and their capstone projects. Get to know them, and if you like what you see and need more people in your organization, hire them!

I will be delivering a presentation at the conference, where I’ll talk about Ren’Py, the Python-powered visual novel authoring system that you can use to write visual novels, adventure games, turn-based role-playing videogames, and yes, dating simulation games. It’ll be your anime/programming dream mashup come true!

Once again, this conference is free-as-in-beer (and not free-as-in-mattress) and it happens Saturday, August 1st. To RSVP and find out more about the conference, visit the website at suncoast.io/conference!

This week’s events

Monday, July 27

Tuesday, July 28

Wednesday, July 29

Thursday, July 30

Friday, July 31

Saturday, August 1

Sunday, August 2

Do you have an upcoming event that you’d like to see on this list?

If you know of an upcoming event that you think should appear on this list, please let me know!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!


Categories
Hardware Process Tampa Bay What I’m Up To

Scenes from Day 3 of the “UC Baseline” cybersecurity program at The Undercroft

Wednesday: Day 3 continued the heavy hands-on portion of Hardware 101, the first segment of my five weeks at UC Baseline, the cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft.

After taking apart and reassembling a desktop, it was time to up the ante and do the same with at least one laptop. I started with a Dell Latitude E5500, a bulky beast by today’s laptop standards, but one that’s more user-serviceable — and more easily taken apart — than most.

First step: Removing the battery.

The bottom panel was easy to pop open. It was held in place by nothing fancier than standard Phillips screws, which provided easy access to the RAM.

Next on the removal list: The optical drive. Once again, pretty straightforward — remove some anchoring screws, and then use a flathead screwdriver tip to push the the drive casing out.

The fan was quite easy to remove, as was the CPU heat sink.

Unlike the previous day’s desktop machines’ CPUs, which were in ZIF (zero insertion force) slots, laptop CPUs aren’t typically swappable, as they’re generally soldered onto the motherboard. This machine had a notebook-grade Core 2 Duo, which was typical for a mid-level laptop in the Windows 7 era.

It was also pretty easy to remove the keyboard…

…and once that was done, detaching the screen was a simple process.

With the disassembly complete, I laid out and labeled the parts that I’d extracted:

“All right, next challenge,” said Tremere, our instructor for the Hardware 101 portion of the course. “Disassemble, then reassemble the small one…”

I flipped it over, pleasantly surprised to see standard Phillips screws that were easy to access:

At this size, a laptop’s battery-to-actual-computer ratio jumps significantly:

This machine was still intended to be somewhat user-serviceable, so the battery and RAM were still easy to remove:

The drive didn’t take much effort to liberate, either:

The fan/heat sink combo didn’t put up much of a fight:

This is a machine made specifically for writing TPS reports and not much else, judging from its CPU. Still, I’m sure it could still do a serviceable job running a modern lightweight Linux — assuming it survives my disassembly and subsequent attempt to put it back together again.

Here are both patients, spread out across the operating table…

Re-assembly took a little longer, and I didn’t bother with photos of that process. I did manage to get it back together again, and with no extra parts!

I even the screen reattached! Later, I found a power adapter, and the machine managed start and get up to the BIOS screen, although the screen looked a little dim. Since I’m not trying out for a CompTIA hardware certificate, I’ll simply declare the procedure a success and not get too bogged down with fussy minutae such as “functioning” and “usable”.

Categories
Hardware Process Tampa Bay What I’m Up To

Scenes from Day 2 of the “UC Baseline” cybersecurity program at The Undercroft

Photo: A red brick building with a wrought iron balcony in a neighborhood of early 1900s brick buildings.
The Undercroft’s building, as seen from its parking lot. Tap to see at full size.

Tuesday was Day 2 of the UC Baseline cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft. I lucked out and got into the inaugural cohort, which means that I’ll spend 8 hours each business day in the classroom (masked and distanced, of course) for the next four weeks.

UC Baseline is made up of a number of separate units, which The Undercroft also provides individually. Week 1 is taken up by the Hardware 101 course, which is all about hardware and providing the class — some of whom have a deep technical background, while others don’t — a baseline knowledge of how the machines that make up the systems that we’re trying to secure.

I suspect that there’s an additional goal of removing any fear of tinkering.

Day 1 of Hardware 101 was mostly lectures about hardware, starting with logic gates and working all the way up to CPUs and SOCs, and Days 2 and 3 were the “tear down/rebuild” days. Day 2 focused on taking apart and then rebuilding desktops, and Day 3 took it up a notch by doing the same thing with laptops.

One of the goodies that we got (and get to keep) is the toolkit pictured below:

The first exercise was a teardown-only one. We could choose from a selection of old computers at the back of the room to tear apart, and I thought it might be fun to try and take apart this old Power Mac G5 from the mid-2000s. These machines are notoriously opaque, and I thought it might be fun to try to dig through its guts:

The Power Mac G5 was aimed at Apple’s “power use” customer — typically creatives who need serious computing horsepower. This particular machine was used by an advertising agency to do 3D rendering. As such, it’s one of the few Macs that’s easy to open, at least superficially. Take a look at this beautiful Jony Ive-designed latch:

Opening the latch reveals the machine’s aesthetically-pleasing innards, which were covered by a plastic shield. I popped off the shield and got to work.

By the way, that yellow clip in the photo above is connected to my anti-static wrist harness (another goodie we got as part of the course fee). Nobody expected these machines to survive the teardown process, but it never hurts to consistently follow standard safe electronics practices!

The fans slid out surprisingly easily. I was surprised that the machine had a reasonable number of fans, given Steve Jobs’ famous dislike of fan noise, but this computer’s twin G5 processors gave off ridiculous amounts of heat. There’s a reason that Apple switched to Intel processors.

I then removed the cards from the two expansion slots. One was a high-speed network card; the other was pretty nice 2005-era graphics card:

Next up: The RAM!

After that came the Airport Extreme wireless NIC, freeing it from both the PCIe slot and its antenna wire:

That took care of the easy part. Time for a photo op:

Here’s what I yanked out so far. Note my screw management technique!

And now the hard part: getting to the processors. They’re encased in a pretty anodized aluminum box, and it turned out that the only way into it was to break the “warranty pin” — a plastic pin that acts as proof that a non-Apple-authorized person took a peek inside:

Behind the G5 door were the twin processors and their twin heat sinks:

I finished the teardown by identifying the components I’d extracted.

It was then time to move onto the next patient, a “TPS Reports”-writing desktop computer that we would have to disassemble and reassemble:

These are machines whose innards would need to be accessed by a mid-size office IT department, so it opens easily:

Modern computers largely fit together like Lego pieces. Even so, I kept notes on which cables went where.

Here, I’ve relieved the machine of its power supply and optical drive. It was missing a hard drive, so I retrieved one of the spare from the back of the room:

The final part of the assignment: Identify and retrieve the processor. It’s fairly obvious:

Here’s the processor, without the heat sink obscuring it. It’s an AMD Athlon II, which dates from around 2009 / 2010, when Windows 7 was a new thing:

The processor sat in a ZIF (zero insertion force) socket, which makes it easy to remove and then re-seat:

Look at all those pins. We’re a long way from my first processor, the 6502, which had only 40 pins.

Rebuild time! The machine had no RAM, so I grabbed two sticks from the back of the room and inserted into the primary slots, then put the rest of the machine back together again:

The final test — does it power up?

Success! A quick attachment to a monitor and keyboard showed an old Windows screen. Not bad for my first teardown/reassembly.

Categories
Process Tampa Bay What I’m Up To

Scenes from Day 1 of the “UC Baseline” cybersecurity program at The Undercroft

Photo: The Undercroft building, as seen from the corner of 9th Avenue and 14th Street.
Photo by The Undercroft. Tap to see at full size.

Here’s the first in a regular series of entries covering my time at the UC Baseline cybersecurity course, which I’m taking at The Undercroft, Tampa Bay’s security guild/coworking space.

Monday, July 20th, 7:40 a.m.: The drive from home in Seminole Heights to The Undercroft in Ybor City is a quick one — with little traffic, my travel time in the car was just a little over ten minutes. I may have to bike here sometime.

There are almost a thousand historic buildings in Ybor City, and The Undercroft is located in one of them — the one on 9th Avenue, between 13th and 14th Streets. It’s a gorgeous red brick building with arches galore — an arched walkway, with arched windows and doorways:

Photo: A long shot of the sidewalk in front of The Undercroft. The Undercroft is a red brick building with white windows, and the walkway is a covered one with brick arches.
Photo by Joey deVilla. Tap to see at full size.
Photo: The front entrance of The Undercroft. On the left is a white wooden double door in an arched doorway with large glass windows. To the right is a large glass window featuring The Undercroft’s mascot (a stag standing like a human leaning against an umbrella) and the number 1320 (the address).
Photo by Joey deVilla. Tap to see at full size.
Photo: The front door of The Undercroft. Two white wooden double doors in an arched doorway. The Windows on the doors bear the logos of The Undercroft, til, Black Horse, UC, Abacode, and Vartai.
Photo by Joey deVilla. Tap to see at full size.

I’ve been in The Undercroft offices once before, for a planning meeting for Ignite Tampa Bay, before the coronavirus canceled that event. It’s a nice space, and if I didn’t know any better, I’d swear that I was in a startup space in Toronto, Cambridge (Massachusetts), or San Francisco’s SOMA.

Photo: The Undercroft lobby.
Photo by The Undercroft.
Photo: The swag table in The Undercroft’s lobby, which has a number of printed circuit boards embedded in it. The table has an assortment of Undercroft and security stickers on it, and at the back in a sign bearing The Undercroft’s name and mascot.
Photo by Joey deVilla. Tap to see at full size.
Photo: An assortment of Undercroft-branded stickers.
Photo by Joey deVilla. Tap to see at full size.

The classroom is large enough to allow for social distancing, and it’s a pretty nice place to spend seven hours a day, five days a week for the next five weeks:

Photo: The Undercroft’s classroom. A room with an exposed brick wall on one side, many large table-sized wooden desks, red, white and blue spotlights and a large projection screen at the front. A Spider-Man mannequin sits atop one of the ceiling lights. A MacBook Pro is in the foreground.
Photo by Joey deVilla. Tap to see at full size.

When I first posted the picture above to LinkedIn, Tential’s Brandee Backus noticed that Spider-Man was perched atop one of the ceiling lights. Here’s a close-up:

Photo: Close-up shot of the ceiling light in the center of The Undercroft’s classroom, which has a Spider-Man mannequin perched atop it. The mannequin is wearing a Guy Fawkes mask.
Photo by Joey deVilla. Tap to see at full size.

Every student in the UC Baseline program gets a lot of goodies, starting with this three-ring binder, which contains all the exercises for the program. I’ll write more about it in a future post:

Photo: A three-ring binder labeled “Undercroft Baseline Student Guide”.
Photo by Joey deVilla. Tap to see at full size.

Everyone also got one of these plastic tubs, which contained:

  • A small bottle of hand sanitizer
  • A pack of masks
  • An assortment of security-related and Undercroft-branded stickers
  • An 8 GB USB key containing all the course material
Photo: A shoebox-sized clear plastic tub holding a small bottle of hand sanitizer, a package of surgical masks, assorted stickers, and an Undercroft-branded USB key.
Photo by Joey deVilla. Tap to see at full size.

Here are all those goodies, minus the tub:

Photo: An assortment of Undercroft and security-related stickers, a packet of surgical masks, a small bottle of hand sanitizer, and an Undercroft-branded USB key.
Photo by Joey deVilla. Tap to see at full size.

There were other goodies waiting for us in the kitchenette area along with a carton of cafe con leche, courtesy of La Segunda Bakery:

Photo: An assortment of apple and cherry danish pastries.
Photo by Joey deVilla. Tap to see at full size.

This is week 1, which is titled “Hardware 101,” which provides a basic but solid understanding of the atoms through which all our bits flow. Here’s “Tremere,” our instructor, walking the class through the hierarchy of memory, starting at the top with the registers in the processor, all the way down to what we think of as backup storage:

Photo: The instructor, Tremere, delivers a presentation. Behind him to the left as a whiteboard with “10100011”, “CPU register”, “CPU cache”, and “RAM” written on it. Behind and above him to the right is the projection screen, with a photo of the old board game “Memory” on display.
Photo by Joey deVilla. Tap to see at full size.
Photo: A stick of RAM in Joey deVilla’s hand.
Photo by Joey deVilla. Tap to see at full size.
Photo: An M.2 hard drive in Tremere’s hands.
Photo by Joey deVilla. Tap to see at full size.
Categories
Process Tampa Bay What I’m Up To

Why I’m excited about learning cybersecurity at The Undercroft

Another life in 2002

Paul Baranowski, me, and John “Captain Crunch” Draper at a liquor store/bar near the DNA Lounge in San Francisco, February 2002. Photo by The Register’s Andrew Orlowski.

From 2000 to 2001, I lived in San Francisco, where I took advantage of opportunities to hang out at Def Con, and I got to know a lot of the dot-com-bubble/bust-era cybersecurity/hacktivism community. I kept those connections and as a result, ended up working on a project that the Cult of the Dead Cow originated: a little hacktivism project called Peekabooty.

Peekabooty was a peer-to-peer proto-VPN (remember, Napster was still in its original P2P file-sharing form back then, and at the time BitTorrent was just a concept that Bram Cohen was working on and telling us about) that was meant to circumvent the Great Firewall of China and provide Chinese dissidents with access to sites banned in their location. Paul Baranowski did the real back-end work, I was the front-end developer as well as the technical evangelist, and because it was a Windows desktop app, we did it in Visual C++, as one did back in those heady days of the early 2000s.

Here’s a couple of snapshots of the user interface, which acted like a screensaver — it used cutesy bears (which I illustrated) to show nodes in your particular P2P network:

This screen shows that you’re running a VPN node, and no one’s connected to you. Tap to see at full size.
This screen shows that you’ve got 3 different kinds of nodes connected to you: one in the free world, a censored one, and one behind a NAT. Tap to see at full size.

We presented Peekabooty at CodeCon 2002 (you can listen to our presentation here). It’s still one of the proudest moments of my career, and we got to hang out with friends from our P2P days at OpenCola, as well as with new people:

And, of course, I learned so much!

I miss doing that sort of thing, and I think participating in The Undercroft’s UC Baseline program is an important step towards getting back to that kind of work.

Current life in 2020

Here I am in 2020 — laid off, but with a couple of side gigs to make a little extra money and prove that I haven’t been idle. Then last Thursday, I heard about the UC Baseline program and a scholarship. I decided to apply on a lark, figuring that they’d never pick me.

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.They did pick me, and between the greatly reduced cost of attending and my not living paycheck-to-paycheck, I’m able to attend. I’m willing to play the gambit of not taking a full-time job for the next five weeks while ramping up some dormant security skills, because I think it’s a worthwhile one.

At the same time, I think that I can also be useful to The Undercroft by writing about my UC Baseline experiences and promoting them.

I’m looking forward to the experience. It’s an exciting course being taught in an amazing space by interesting people.

Further reading

Here are some articles about Peekabooty:

Categories
Process Tampa Bay What I’m Up To

Joey’s Bizarre Adventure (or: I’m in The Undercroft’s “UC Baseline” cybersecurity education program!)

Remember that scholarship to the “UC Baseline” cybersecurity program that I wrote about last week? In that post, I also wrote:

(I’ll admit it: Although I’m not likely to qualify, I applied.)

Well, I applied, and I qualified. The combination of a promotional bonus and an I-got-laid-off scholarship gave me a deep discount on the standard $6,500 price tag for the inaugural cohort of the UC Baseline course, which starts tomorrow and runs until Wednesday, August 19th. Class starts at 8:00 a.m. tomorrow.

Based in a gorgeous building in Tampa’s historic Ybor City neighborhood, The Undercroft could be described as a security startup incubator and coworking space, but they prefer to be described as a security guild and guild hall.

Here’s what Undercroft CEO Adam Sheffield has to say:

What we offer here is secure workspace for startups and medium-sized businesses in the security field that either want to start their businesses here in Tampa or make Tampa their home.

They’re also the home of a lot of interesting presentations, as this gallery of graphics for previous ones shows:

This isn’t my first exposure to information security culture, but it’s been a while, and I’m overdue for a refresher.

The first week of the program is Hardware 101, where we’ll spend five days covering the background and basics of the components that comprise modern systems. This should be fun.

To be continued!

For the next five weeks, I’ll be at The Undercroft (masked up, in a small cohort), learning. I’ll write about my experiences as I progress through the program.