Category: Tampa Bay

Categories
Current Events Tampa Bay

Drop off your old laptop or iPad and help a Tampa Bay kid remotely go to school!

One of the side effects of COVID-19 is that it’s shown how wide the digital divide can be. While today’s tech makes distance learning possible (can you imagine what it would be like if the pandemic happened during the era of flip phones, 56K modems and Windows 98?), not every family can afford a personal computer, tablet, or even decent home broadband service. There’s a way for Tampa Bay techies to help, thanks to Tampa Bay WaVE, Think Big for Kids,  Boys & Girls Club of Tampa Bay and ECycle.

They’re holding a Drop Off event this week at the lobby of Tampa Bay WaVE’s office building, located at 500 East Kennedy Blvd. They’ll take your old laptop or iPad and get it to a local school-age child who otherwise wouldn’t be able to e-learn.

Right now, I have one laptop for each limb. That’s more than I can possibly use at any given time, so I’m taking the one pictured above (it’s the one I installed Peppermint Linux on, a few weeks back) to the Drop Off on Thursday. To me, it’s a spare Linux server that I can spin up for experimentation, but to a student, it could be a whole lot more.

If you’ve got a laptop or iPad to spare, please consider dropping it off at the WaVE tomorrow or Thursday, and help show the Tampa Bay tech spirit!

For more information about this program, contact Heather McMillian, Senior Operations Manager at  hmcmillan@tampabaywave.org.

Recommended reading

Categories
Current Events Tampa Bay

August episodes from Tampa Bay’s tech podcasts

I thought I’d try a new feature for the end of each month: A listing of the month’s episodes from Tampa Bay tech podcasts! Here are the ones I know about, listed from newest podcast on the block, to one that’s been around for years.

Friends That Code

Friends that Code is the newest podcast on this list, and it’s hosted by Mike Traverso, whom locals may know from the Tampa Bay Google Developers Group meetup and other Google-y events. In this podcast, he showcases…

…some amazing people I know that just happen to write code for a living. Whether they started off intending to code or just happened into it, we get to hear about the types of people you’ll meet, things you’ll get to do, jobs you’ll have along the way, and advice from some awesome coders along the way!

Here are the episodes from August:

The Mike Dominick Show

The Mike Dominick Show is the second-newest of the podcasts in this list, and it has an open source focus.

Here are the episodes from August:

The 6 Figure Developer

At the time I’m writing this, The 6 Figure Developer — hosted by John Callway, Clayton Hunt, and Jon Ash — has posted 158 episodes. It’s…

…a show dedicated to helping developers to grow their career. Topics include Test Driven Development, Clean Code, Professionalism, Entrepreneurship, as well as the latest and greatest programming languages and concepts.

Here are the episodes from August:

  • Episode 158 – Project Tye with Glenn Condron
    Glenn is a Program Manager on the Application Platform team at Microsoft, where he spends most of his time working on the ASP.NET 5 core runtime. Before joining Microsoft Glenn was a developer in Australia where he worked on software for various government departments.
  • Episode 157 – BlazorCMS & SpeakerMeet
    This week we’re going to talk about some of our personal projects. I have been working on a CMS in Blazor and John has a site for Technology Speakers.
  • Episode 156 – Data Engineer Role with Dwight Goins
    Dwight is an industry luminary focused on Artificial Intelligence, Computer Vision, Machine Learning, Augmented and Mixed Reality, IOT, and Emerging User Experiences. He is the Chief Algorithm Officer of Thoth Speed Engineers, Senior Adviser to NEDD Tech Inc. as well as an Application Delivery Manager at JM Family Enterprises.
  • Episode 155 – Burnout & Change Mgmt with Rob Bogue
    Rob is a speaker, author, and consultant. As owner of Thor Projects, a premiere consulting organization in Indianapolis (Indiana), he helps clients make the complicated simple.

Thunder Nerds

Of the podcasts in this roundup, Thunder Nerds — “A conversation with the people behind the technology, that love what they do… and do tech good” — has been around the longest, with 271 episodes over five seasons to date. You’ve probably seen the hosts at local meetups and conferences; they’re Sarrah Vesselov, Frederick Philip Von Weiss, and Brian Hinton.

Here are the episodes from August:

  • 271: Getting Into Tech & Being a Developer Advocate with Sam Julien
    In this episode, we get to talk with Sam Julien, Sr. Developer Advocate Engineer at Auth0. We discuss what it’s like to get into the technology industry and dive into Sam’s personal journey. We also explore what it’s like being a developer advocate in today’s remote world.
  • 270: A Conversation About Design with Pablo Stanley
    In this episode, we get to speak with Design Leader, YouTuber, and Co-founder & CEO at Blush Pablo Stanley. We discuss the fundamentals of design thinking, and how to improve your craft. We also talk about Blush, and how it allows you to customize every piece of an illustration to create your own compositions.

 

Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, August 31, 2020)

Once again, here’s the weekly list of events for events for Tampa Bay techies, entrepreneurs, and nerds. Every week, on GlobalNerdy.com and on the mailing list, I scour the announcements for events that are interesting to or useful for those of you who are building the future here in “The Other Bay Area, on The Other West Coast”.

This list covers events from Monday, August 31 through Sunday, September 6, 2020.

I’ve opted to list only those events that I can confirm are happening online. I’m not yet listing in-person events, as we’re still in the middle of a pandemic in one of the hardest-hit states in one of the hardest-hit countries in the world. We’re also seeing the mandated return of students to schools, which will likely  exacerbate the situation.

Events — especially virtual, online ones — can pop up at the last minute. I add them to the list as I find out about them. Come back and check this article from time to time, as you might find a new listing that wasn’t there before!

This week’s events

Monday, August 31

Tuesday, September 1

Wednesday, September 2

Thursday, September 3

Friday, September 4

Saturday, September 5

No tech, entrepreneur, or nerd online events have been posted…yet!

Sunday, September 6

No tech, entrepreneur, or nerd online events have been posted…yet!

Do you have any events or announcements that you’d like to see on this list?

Let me know at joey@joeydevilla.com!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!


Categories
Tampa Bay What I’m Up To

My time at The Undercroft’s Capture the Flag

Photo credit: The Undercroft.

The final event of UC Baseline, The Undercroft’s cybersecurity training program, was the Capture the Flag competition, which took place last Friday morning.

In computing “Capture the Flag” events, the flag isn’t a physical one, but some kind of challenge. Sometimes, it’s something you need to retrieve from a program, website, or even a piece of hardware with an intentionally built-in vulnerability that you must exploit. Sometimes it’s a problem or puzzle you must solve. It may also be a trivia challenge.

Solving each challenge earns you a specified number of points, with the tougher challenges being worth more points. The player with the most points wins.

Since it wasn’t scheduled as a day of actual class — the last day of class was on Wednesday — I’d booked a doctor’s appointment for that morning. A plumbing problem also required me to be at home for a little bit.

By the bye, if you’re looking for a great plumber in Tampa, I highly recommend Joshua Tree Plumbing.

The challenges

Still, since most of the challenges were posted online and since I’d never participated in a CTF before, I decided to try anyway. I decided to treat my schedule as if it was a golfer’s handicap. Since some of the challenges were just questions where you’d either select an answer or type one in, I did them on my phone while waiting for the doctor.

In between a couple of car trips, I managed to eke out a little over an hour and a half of time in the CTF, so I think I placed rather well, all things considered:

Here’s a sampling of some of the challenges:

  • Who’s on 80? (300 points):
    Scan the host at (IP=10.10.1.1) and enumerate the service running on open port, 80.Use the following syntax for your answer: nmap [scan type] [ options] [target]
  • The Big Kahuna, part 1 (1200 points):
    Using the Linux OS and boot method of your choice (VM or live boot):Add the “Kali Linux Headless” Repository to your repository list. Download and install the Kali Tools Headless package to your Linux operating system. Get the Metasploit Framework running. Show one of the staff when you’re finished.
  • Don’t cross the streams! (500 points):
    An attacker got onto a machine and created a rogue user. Dig through the attached PCAP file and identify the rogue user.The flag is the user name. This flag IS case sensitive.
  • Execution is everything! (400 points):
    What are the four different execution policies for Powershell?

    • Restricted, Unrestricted, AllSigned, RemoteSigned
    • Unrestricted, Restricted, AllSigned, PartiallySigned
    • Restricted, Unrestricted, PartiallySigned, RemoteSigned
    • Unrestricted, Restricted, PartiallySigned, UnSigned
  • Pick these locks (a buttload of points):

A couple of Python solutions

I solved a couple of the challenges with Python, and I’m sharing them here (with the permission of the instructors, of course):

Are you sure? (200 points)

Your answer lies in the 1’s and 0’s…

0010111 00001111 00010111, 00011001 00001111 10101 00000001 00010010 00000101 00010010 00001001 00000111 00001000 00010100

(Make sure to use the comma, and spaces correctly)

My first instinct was to copy these numbers, into a text editor, stick 0b in front of each one, and then turn the sequence into a Python list:

numbers = [0b0010111, 0b00001111, 0b00010111, 0b00011001, 0b00001111, 0b10101, 0b00000001, 0b00010010, 0b00000101, 0b00010010, 0b00001001, 0b00000111, 0b00001000, 0b00010100]

I pasted the list into a Python REPL and then displayed its contents, to see the numbers in decimal:

>>> numbers
[23, 15, 23, 25, 15, 21, 1, 18, 5, 18, 9, 7, 8, 20]

All the numbers were between 1 and 26 inclusive, suggesting letters of the alphabet.

The ASCII/Unicode value for “A” is 65. If you offset the numbers by adding 64 to each, and then convert each number to a character, you should get the message:

>>> characters = map(lambda number: chr(number + 64), numbers)
>>> list(characters)
['W', 'O', 'W', 'Y', 'O', 'U', 'A', 'R', 'E', 'R', 'I', 'G', 'H', 'T']

Remembering the instructions to “use the comma, and spaces correctly,” the answer is:

WOW, YOU ARE RIGHT

The big kahuna part 2 (700 points)

Using the Linux OS and boot method of your choice (VM or live boot):

Create a folder. In that folder, create 100 directories that are uniquely named incrementally (ergo directory1, directory2, etc.). Inside each of those 100 directories, create 100 directories that are uniquely named incrementally. Inside each of those 100 directories, create 100 files named incrementally (file1, file2, file3, etc.). The contents of each file should include the lyrics to the “Battle Hymn of the Republic” by Julia Ward Howe.

When complete, show a staff member.

Cochise (artist’s conception).

This challenge is phrased in such a way that it could only have been written by our Linux instructor Cochise (pictured to the right).

Creating those 100 directories in Linux is a one-liner:

mkdir directory{1..100}

The rest of the task calls for some scripting.

I’m terrible at shell scripting. I’m perfectly comfortable with using the shell interactively, in that classic enter-a-line/get-a-response fashion. However, once I have to deal with those half-baked control structures, I tend to walk away and say “Forget this — I’m doing it in Python.”

Here’s a cleaned-up, easier to read version of my solution to the challenge. It assumes that there’s a file called battle.txt in the same directory, and that the file contains the lyrics to the Battle Hymn of the Republic:

import os
import shutil
import sys

for directory_number in range (1, 101):

  # Create the directory.
  directory_name = f"directory{directory_number}"
  try:
    os.mkdir(directory_name)
  except:
    error = sys.exc_info()[0]
    print(f"Failed to create directory {directory_name}.\n{error}")
    quit()

  # Go into the newly-created directory.
  os.chdir(directory_name)

  # Create the files within the directory
  # by copying battle.txt from the directory above
  # 100 times, naming them file1...file100.
  for file_number in range(1, 101):
    filename = f"file{file_number}"
    try:
      shutil.copy("../battle.txt", f"file{file_number}")
    except:
      error = sys.exc_info()[0]
      print(f"Failed to create file {filename}.\n{error}")
      quit()
  
  # Let’s go back up one directory level,
  # so that we can create the next directory.
  os.chdir("..")

I had a lot of fun on my first CTF, even if I got to take part in a fraction of it. I’ll have to join The Undercroft’s next one!

Categories
Reading Material Security Tampa Bay

My list of links from class discussions during UC Baseline’s InfoSec week

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.During the Information Security week of the UC Baseline cybersecurity program, the instructors asked us a lot of questions whose answers we had to look up. As a way to maximize participation, we were encouraged to share lots of links of the class’ Slack channel, which also functioned as a backchannel, as well as a way to chat with the students who were taking the course online.

The links that we shared in class were valuable material that I thought would be worth keeping for later reference. I’ve been spending an hour here and there, gathering them up and even organizing them a little. The end result is the list below.

Since these are all publicly-available links and don’t link to any super-secret UC Baseline instructional material, I’m posting them here on Global Nerdy. Think of this list as a useful set of security-related links, something to read if you’re bored, or a peek into what gets discussed during the InfoSec week of the UC Baseline course!

The links

  • U.S. Department of Health & Human Services: Cyber Security Guidance Material
    A collection of “educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.”
  • DFIR — Digital Forensics and Incident Response
    “Digital forensics and incident response is an important part of business and law enforcement operations. It is a philosophy supported by today’s advanced technology to offer a comprehensive solution for IT security professionals who seek to provide fully secure coverage of a corporation’s internal systems.”
  • Understanding RPO and RTO
    “Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important parameters of a disaster recovery or data protection plan. These are objectives which can guide enterprises to choose an optimal data backup plan.”

  • The 3-2-1 backup rule
    “For a one-computer user, the VMware backup strategy can be as simple as copying all important files to another device – or, ideally, several devices – and keeping them in a safe place. However, for multiple computer systems, things can be (and usually are) much more complicated, especially when it comes to virtual environments containing thousands of virtual machines. To protect physical machines, you would need to perform Windows Server backup or Linux Server backup, which might be difficult without effective backup tools. In these cases, a comprehensive data protection plan should include the 3-2-1 backup rule.”

  • Evaluating Risks Using Quantitative Risk Analysis
    “Project managers should be prepared to perform different types of risk analysis. For many projects, the quicker qualitative risk assessment is all you need. But there are occasions when you will benefit from a quantitative risk analysis.Let’s take a look at this type of analysis: What is it? Why should we perform it? When should it be performed? And how do we quantify risks?”

  • Buffer/stack overflows
  • Here are six basic human tendencies that are exploited in social engineering attacks:
    1. Authority: An attacker may call you pretending to be an executive in order to exploit your tendency to comply with authority figures.
    2. Liking: An attacker may try to build rapport with you by finding common interests, and then ask you for a “favor”.
    3. Reciprocation: An attacker may try to do something for you, or convince you that he or she has, before asking you for something in return.
    4. Consistency: An attacker might first get your verbal commitment to abide by a fake security policy, knowing that once you agree to do so, you will likely follow through with his next request in order to keep your word.
    5. Social Validation: An attacker may try to convince you to participate in a fake survey by telling you that others in your department already have. He or she may have even gotten some of their names and use them to gain your trust.
    6. Scarcity: An attacker may tell you that the first 10 people to complete a survey will automatically win a prize and that since some of your co-workers have already taken the survey, you might as well too.
  • Social Studies – A Lesson in Social Engineering Basics
    As we have become more and more vigilant against clicking on malicious links in suspicious emails, some social engineers have gone back to the classic person-to-person approach. Their basic strategy is to prey on vulnerabilities in human nature.
Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, August 24, 2020)

Once again, here’s the weekly list of events for events for Tampa Bay techies, entrepreneurs, and nerds. Every week, on GlobalNerdy.com and on the mailing list, I scour the announcements for events that are interesting to or useful for those of you who are building the future here in “The Other Bay Area, on The Other West Coast”.

This list covers events from Monday, August 24 through Sunday, August 30, 2020.

I’ve opted to list only those events that I can confirm are happening online. I’m not yet listing in-person events, as we’re still in the middle of a pandemic in one of the hardest-hit states in one of the hardest-hit countries in the world. We’re also just about to see the mandated return of students to schools, which will likely  exacerbate the situation.

Events — especially virtual, online ones — can pop up at the last minute. I add them to the list as I find out about them. Come back and check this article from time to time, as you might find a new listing that wasn’t there before!

Monday, August 24

Tuesday, August 25

Wednesday, August 26

Thursday, August 27

Friday, August 28

Saturday, August 29

No tech, entrepreneur, or nerd online events have been posted…yet!

Sunday, August 30

Do you have any events or announcements that you’d like to see on this list?

Let me know at joey@joeydevilla.com!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!


Categories
Career Tampa Bay What I’m Up To

I’m at The Undercroft’s “Get a Job” career fair!

The class portion of UC Baseline — the cybersecurity training program offered by The Undercroft, Tampa Bay’s security guild — ended yesterday with the final day of Python 101, which marks the end of classes. Every weekday for the past five weeks, 8:00 a.m. to 4:00 p.m., I’ve been in a classroom (masked and socially distanced, of course), studying and furiously taking notes in the following classes:

Course Instructor
Hardware 101
(5 days)		 Tremere
Networking 101
(5 days)		 TreyCraf7
Linux 101
(3 days)		 Cochise
Windows 101
(2 days)		 Turtle
Infosec 101
(5 days)		 KobyBeefcake
TheCleverShark
Python 101
(3 days)		 KobyBeefcake

There are still two more days in the program. Today is the “Get a Job” career fair. The Undercroft have gathered a series of recruiters, security companies, and agencies to talk to us, including:

The presentations are quite good — I’m pretty impressed by the representatives I’ve seen so far.

I’m also dressed and masked for the occasion: