Hardware Process Tampa Bay What I’m Up To

Scenes from Day 2 of the “UC Baseline” cybersecurity program at The Undercroft

Photo: A red brick building with a wrought iron balcony in a neighborhood of early 1900s brick buildings.
The Undercroft’s building, as seen from its parking lot. Tap to see at full size.

Tuesday was Day 2 of the UC Baseline cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft. I lucked out and got into the inaugural cohort, which means that I’ll spend 8 hours each business day in the classroom (masked and distanced, of course) for the next four weeks.

UC Baseline is made up of a number of separate units, which The Undercroft also provides individually. Week 1 is taken up by the Hardware 101 course, which is all about hardware and providing the class — some of whom have a deep technical background, while others don’t — a baseline knowledge of how the machines that make up the systems that we’re trying to secure.

I suspect that there’s an additional goal of removing any fear of tinkering.

Day 1 of Hardware 101 was mostly lectures about hardware, starting with logic gates and working all the way up to CPUs and SOCs, and Days 2 and 3 were the “tear down/rebuild” days. Day 2 focused on taking apart and then rebuilding desktops, and Day 3 took it up a notch by doing the same thing with laptops.

One of the goodies that we got (and get to keep) is the toolkit pictured below:

The first exercise was a teardown-only one. We could choose from a selection of old computers at the back of the room to tear apart, and I thought it might be fun to try and take apart this old Power Mac G5 from the mid-2000s. These machines are notoriously opaque, and I thought it might be fun to try to dig through its guts:

The Power Mac G5 was aimed at Apple’s “power use” customer — typically creatives who need serious computing horsepower. This particular machine was used by an advertising agency to do 3D rendering. As such, it’s one of the few Macs that’s easy to open, at least superficially. Take a look at this beautiful Jony Ive-designed latch:

Opening the latch reveals the machine’s aesthetically-pleasing innards, which were covered by a plastic shield. I popped off the shield and got to work.

By the way, that yellow clip in the photo above is connected to my anti-static wrist harness (another goodie we got as part of the course fee). Nobody expected these machines to survive the teardown process, but it never hurts to consistently follow standard safe electronics practices!

The fans slid out surprisingly easily. I was surprised that the machine had a reasonable number of fans, given Steve Jobs’ famous dislike of fan noise, but this computer’s twin G5 processors gave off ridiculous amounts of heat. There’s a reason that Apple switched to Intel processors.

I then removed the cards from the two expansion slots. One was a high-speed network card; the other was pretty nice 2005-era graphics card:

Next up: The RAM!

After that came the Airport Extreme wireless NIC, freeing it from both the PCIe slot and its antenna wire:

That took care of the easy part. Time for a photo op:

Here’s what I yanked out so far. Note my screw management technique!

And now the hard part: getting to the processors. They’re encased in a pretty anodized aluminum box, and it turned out that the only way into it was to break the “warranty pin” — a plastic pin that acts as proof that a non-Apple-authorized person took a peek inside:

Behind the G5 door were the twin processors and their twin heat sinks:

I finished the teardown by identifying the components I’d extracted.

It was then time to move onto the next patient, a “TPS Reports”-writing desktop computer that we would have to disassemble and reassemble:

These are machines whose innards would need to be accessed by a mid-size office IT department, so it opens easily:

Modern computers largely fit together like Lego pieces. Even so, I kept notes on which cables went where.

Here, I’ve relieved the machine of its power supply and optical drive. It was missing a hard drive, so I retrieved one of the spare from the back of the room:

The final part of the assignment: Identify and retrieve the processor. It’s fairly obvious:

Here’s the processor, without the heat sink obscuring it. It’s an AMD Athlon II, which dates from around 2009 / 2010, when Windows 7 was a new thing:

The processor sat in a ZIF (zero insertion force) socket, which makes it easy to remove and then re-seat:

Look at all those pins. We’re a long way from my first processor, the 6502, which had only 40 pins.

Rebuild time! The machine had no RAM, so I grabbed two sticks from the back of the room and inserted into the primary slots, then put the rest of the machine back together again:

The final test — does it power up?

Success! A quick attachment to a monitor and keyboard showed an old Windows screen. Not bad for my first teardown/reassembly.

Process Tampa Bay What I’m Up To

Why I’m excited about learning cybersecurity at The Undercroft

Another life in 2002

Paul Baranowski, me, and John “Captain Crunch” Draper at a liquor store/bar near the DNA Lounge in San Francisco, February 2002. Photo by The Register’s Andrew Orlowski.

From 2000 to 2001, I lived in San Francisco, where I took advantage of opportunities to hang out at Def Con, and I got to know a lot of the dot-com-bubble/bust-era cybersecurity/hacktivism community. I kept those connections and as a result, ended up working on a project that the Cult of the Dead Cow originated: a little hacktivism project called Peekabooty.

Peekabooty was a peer-to-peer proto-VPN (remember, Napster was still in its original P2P file-sharing form back then, and at the time BitTorrent was just a concept that Bram Cohen was working on and telling us about) that was meant to circumvent the Great Firewall of China and provide Chinese dissidents with access to sites banned in their location. Paul Baranowski did the real back-end work, I was the front-end developer as well as the technical evangelist, and because it was a Windows desktop app, we did it in Visual C++, as one did back in those heady days of the early 2000s.

Here’s a couple of snapshots of the user interface, which acted like a screensaver — it used cutesy bears (which I illustrated) to show nodes in your particular P2P network:

This screen shows that you’re running a VPN node, and no one’s connected to you. Tap to see at full size.
This screen shows that you’ve got 3 different kinds of nodes connected to you: one in the free world, a censored one, and one behind a NAT. Tap to see at full size.

We presented Peekabooty at CodeCon 2002 (you can listen to our presentation here). It’s still one of the proudest moments of my career, and we got to hang out with friends from our P2P days at OpenCola, as well as with new people:

And, of course, I learned so much!

I miss doing that sort of thing, and I think participating in The Undercroft’s UC Baseline program is an important step towards getting back to that kind of work.

Current life in 2020

Here I am in 2020 — laid off, but with a couple of side gigs to make a little extra money and prove that I haven’t been idle. Then last Thursday, I heard about the UC Baseline program and a scholarship. I decided to apply on a lark, figuring that they’d never pick me.

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.They did pick me, and between the greatly reduced cost of attending and my not living paycheck-to-paycheck, I’m able to attend. I’m willing to play the gambit of not taking a full-time job for the next five weeks while ramping up some dormant security skills, because I think it’s a worthwhile one.

At the same time, I think that I can also be useful to The Undercroft by writing about my UC Baseline experiences and promoting them.

I’m looking forward to the experience. It’s an exciting course being taught in an amazing space by interesting people.

Further reading

Here are some articles about Peekabooty:

Process Tampa Bay What I’m Up To

Joey’s Bizarre Adventure (or: I’m in The Undercroft’s “UC Baseline” cybersecurity education program!)

Remember that scholarship to the “UC Baseline” cybersecurity program that I wrote about last week? In that post, I also wrote:

(I’ll admit it: Although I’m not likely to qualify, I applied.)

Well, I applied, and I qualified. The combination of a promotional bonus and an I-got-laid-off scholarship gave me a deep discount on the standard $6,500 price tag for the inaugural cohort of the UC Baseline course, which starts tomorrow and runs until Wednesday, August 19th. Class starts at 8:00 a.m. tomorrow.

Based in a gorgeous building in Tampa’s historic Ybor City neighborhood, The Undercroft could be described as a security startup incubator and coworking space, but they prefer to be described as a security guild and guild hall.

Here’s what Undercroft CEO Adam Sheffield has to say:

What we offer here is secure workspace for startups and medium-sized businesses in the security field that either want to start their businesses here in Tampa or make Tampa their home.

They’re also the home of a lot of interesting presentations, as this gallery of graphics for previous ones shows:

This isn’t my first exposure to information security culture, but it’s been a while, and I’m overdue for a refresher.

The first week of the program is Hardware 101, where we’ll spend five days covering the background and basics of the components that comprise modern systems. This should be fun.

To be continued!

For the next five weeks, I’ll be at The Undercroft (masked up, in a small cohort), learning. I’ll write about my experiences as I progress through the program.