Hacker Public Radio

HPR3915: Why the hell is my audio clipping?

mrxathpr.nospam@nospam.googlemail.com (MrX) — Fri, 04 Aug 2023 00:00:00 +0000

This is an emergency show as we are short of shows. I was going to do +this show anyway as I noticed my audio was clipping on the last few +shows I sent in yet I didn't notice it on the files I sent to HPR.

In this episode I waffle a bit and read out some of the stuff on the +HPR site about giving shows. During the recording I introduce increasing +amounts of attenuation each decrease in volume signified by a gong. I +hope this will allow me to stop the clipping from my audio.

+]]> +

HPR3914: how to deal with blisters

dnt.nospam@nospam.revolto.net (dnt) — Thu, 03 Aug 2023 00:00:00 +0000

Many years ago, my father taught me how to deal with blisters using a +needle and thread.

+]]> +

HPR3913: Lurking Prion Q and A

LurkingPrion.nospam@nospam.gmail.com (Lurking Prion) — Wed, 02 Aug 2023 00:00:00 +0000

Add to reserve queue

Lurking Prion answers questions about his name, former career field as an Machinist's mate, and breaks down a short bio of his security path thus far.

+ +]]> +

HPR3912: Emergency Show: Biltong and Rooibos

shaneshennan.nospam@nospam.gmail.com (Shane Shennan) — Tue, 01 Aug 2023 00:00:00 +0000

Biltong
+From Wikipedia, the free encyclopedia

+ +

Biltong is a form of dried, cured meat which originated in Southern African countries (South Africa, Zimbabwe, Malawi, Namibia, Botswana, Eswatini and Zambia). Various types of meat are used to produce it, ranging from beef to game meats such as ostrich or kudu. The cut may also vary being either fillets of meat cut into strips following the grain of the muscle, or flat pieces sliced across the grain. It is related to beef jerky; both are spiced, dried meats; however the typical ingredients, taste, and production processes may differ.

The word "biltong" is from the Dutch bil ("buttock") and tong ("strip" or "tongue").

+ +

Rooibos
+From Wikipedia, the free encyclopedia

+ +

+Rooibos, meaning "red bush"), or Aspalathus linearis, is a +broom +-like member of the plant family +Fabaceae + that grows in +South Africa +'s +fynbos + biome. + +

The leaves are used to make a +herbal tea + that is called +rooibos + (especially in Southern Africa), +bush tea +, +red tea +, or +redbush tea + (predominantly in Great Britain). + +

The tea has been popular in +Southern Africa + for generations, and since the 2000s has gained popularity internationally. +The tea has an earthy flavour that is similar to +yerba mate + or +tobacco +. +

Rooibos was formerly classified as + +Psoralea + + but is now thought to be part of + +Aspalathus + + following +Dahlgren + (1980). +The +specific name + of +linearis + was given by +Burman + (1759) +for the plant's linear growing structure and needle-like leaves. + +

+ + + +

+ +]]> +

HPR3911: An overview of the 'ack' command

perloid.nospam@nospam.autistici.org (Dave Morriss) — Mon, 31 Jul 2023 00:00:00 +0000

Introduction

I have occasionally been using a tool called ack for a +few years now. It’s billed as “an alternative to grep for +programmers”.

There are several features I find particularly useful:

It can restrict text searches to files of a particular +type
It uses Perl regular expressions which may be the most powerful +and feature rich types of RE’s available at present
You can limit the search area within a file if desired

It is a very comprehensive and useful tool, though maybe quite +complex to use. Personally I use it in special cases where I need its +power, and otherwise use the usual grep.

In this episode I will give you the flavour of its capabilities and +otherwise leave you to research more if it sounds interesting.

Installing `ack`

The tool can be found in repositories. I use Debian, and +ack is in the Debian repo and can be installed with:

sudo apt install ack

Installing it this way the version I have (and am describing here) is +3.6.0. There is a new version, 3.7.0 available from the website.

The documentation on the website suggests installing it as a Perl +module using CPAN, which is something I will do soon I +think.

Perl regular expressions

These are very sophisticated.

A project to convert the Perl regular expression capabilities into a +portable library form was undertaken by Philip Hazel of Cambridge +University in 1997, and was called Perl Compatible Regular +Expressions or PCRE.

Philip Hazel was the originator of the exim mail +transfer agent (MTA, or mail server), and wanted to use PCRE within +it.

Since then PCRE (and later PCRE2) is the way regular expressions are +implemented in a lot of other software, which shows how widespread use +of the Perl RE has become.

The ack documentation refers to the Perl manual for +details of this type of regular expression, and to a tutorial, if you +wish to gain a deeper understanding.

It should be noted that GNU grep can use Perl compatible +regular expressions when matching lines in files, but this feature is +marked as experimental.

File types

The ack command has rules for recognising file types. It +does this by looking at the name extensions ('.html' or +'.py' for example), and in some cases by examining their +contents. The complete list of types can be found by running:

ack --help-types

… or, for a more detailed but less readable list:

ack --dump

Some examples are:

cc for C files
haskell for Haskell files
lua for Lua files
python for Python files
shell for Bash, and other shell command files

These names can be used with the options -t TYPE and +--type=TYPE and also by simply preceding them with two +dashes (--TYPE). There are also ways of requesting files +not of a given type: -T TYPE, --type=noTYPE +and --noTYPE.

To check files in the current directory of type shell an +ack command like the following might be used and the +following type of output produced:

$ ack --shell declare
+Bash_snippet__using_coproc_with_SQLite/examples/coproc_test.sh
+11:declare -a com=('date +%F' 'whoami' 'id' 'echo "$BASH_VERSION"'

Note that ack reports the file path and numbered lines +within it that match.

You can add your own file types to ack. There is a +configuration file called .ackrc in which new types can be +declared. See below for more information.

The file type feature is one that makes me use ack again +and again.

The `.ackrc` file

This file contains “command-line options that are prepended to +the command line before processing”.

It’s a useful way to add new types (or even modify existing +ones).

It can be located in a number of places. Mine is +~/.ackrc with other configuration files in my home +directory.

It’s possible to generate a new .ackrc with the option +--create-ackrc. This saves all the default settings in the +file which makes it simple to adjust anything you need to change.

As an example of a change, I have Markdown files with the extension +.mkd. However, by default ack only recognises +.md, and .markdown. To add .mkd +to the list I can add one of the following to the +.ackrc:

# Either add `.mkd` to the list
+--type-add=markdown:ext:mkd
+# or replace the list with a new one
+--type-set=markdown:ext:md,mkd,markdown

Note that lines beginning with # are comments. Note also +that --type-add and --type-set have to be +followed by an = sign, not a space in this file.

If you examine the settings with ack --dump you will see +the default command and the one you have added. If you use +ack --help-types you will see the new extension added to +the default list.

markdown     .md .markdown; .mkd

If I use this to search files in the directory where I keep my HPR +episodes I see:

$ ack --markdown 'inner ear'
+Hacking_my_inner_ear/hpr2109_full_shownotes.mkd
+24:became fascinated by the structure of the human [inner ear][2], and studied it
+28:The human inner ear performs two major functions:
+.
+.
+.

Quick review of selected +`ack` options

Usage

The ack command is designed to be similar in as many +respects as possible to grep. The command is used in +general as follows:

ack [OPTION]... PATTERN [FILES OR DIRECTORIES]

The [OPTION] part denotes any options (some discussed +below) and PATTERN is the PCRE search pattern. There are +some cases where this must be omitted - such as when files of a +particular type are being listed. See example 1 below for such a +case.

In some cases a particular file is being searched, or all files in +certain directories, and that is what +[FILES OR DIRECTORIES] denotes.

The full documentation for ack can be seen with the +usual man ack command, and also using +ack --man. There is also an option --help +which gives a summary of all of the available options.

Options

There are many options specific to ack and some in +common with grep, and we’ll look at just a few here:

-i - like grep this makes the matched +pattern case insensitive.
-f - Only print the files that would be searched, +without actually doing any searching. See example 1 below.
-g - Same as -f, but only select files whose names +match PATTERN. This interacts with file type searches like +--html, so beware.
-l - reports the file names which contain matches +for a given pattern
-L - reports the file names which do not +contain matches for a given pattern
-c - reports file names and the number of matches; +used on its own it reports all files, those that match and +those that do not. If used with -l then you only see the +names of file that have matches, as well as a count of matches. See +example 2 below.
-w - forces the search pattern to match only whole +words. See example 3 below. (Note: there is an equivalent in GNU grep, +which I had not checked when I recorded the audio).

Examples

1. Find all Markdown +files in a directory

Using the -f option:

$ ack --markdown -f Nitecore_Tube_torch/
+Nitecore_Tube_torch/README.mkd
+Nitecore_Tube_torch/container.mkd
+Nitecore_Tube_torch/index.mkd
+Nitecore_Tube_torch/shownotes.mkd

Using the -g option:

$ ack -g '\.mkd$' Nitecore_Tube_torch/
+Nitecore_Tube_torch/README.mkd
+Nitecore_Tube_torch/container.mkd
+Nitecore_Tube_torch/index.mkd
+Nitecore_Tube_torch/shownotes.mkd

2. Names +of files that contain a match, with a match count

Using the -l and -c options:

$ ack --markdown -lci '\bear\b'
+Hacking_my_inner_ear/hpr2109_full_shownotes.mkd:11
+Hacking_my_inner_ear/shownotes.mkd:3
+An_overview_of_the_ack_command/shownotes.mkd:6

The sequence '\b' in Perl regular expressions is a +boundary such as a word boundary. So the pattern is looking for the word +'ear' as opposed to the characters 'ear' (as +in 'pearl' for example).

Note how the single-letter options -l, -c +and -i can be concatenated.

3. Searching for words in +a simpler way

In example 2 the \b boundaries ensured the pattern +matched words rather than letter sequences. This can be simplified by +using the -w option:

$ ack --markdown -lci -w 'ear'
+Hacking_my_inner_ear/hpr2109_full_shownotes.mkd:11
+Hacking_my_inner_ear/shownotes.mkd:3
+An_overview_of_the_ack_command/shownotes.mkd:6

HPR3910: Playing Civilization II

zwilnik.nospam@nospam.zwilnik.com (Ahuka) — Fri, 28 Jul 2023 00:00:00 +0000

As I did for the original Civilization, I want to give a few hints on +playing this marvelous upgrade. This is obviously not a complete manual +or strategy guide, which would take a lot longer, but if you +happened to run across a copy and wanted to check it out these are a +some hints on what you might want to do. I do give you links to other +resources if you want to go into more depth.

HPR3909: Permission tickets.

hpr.nospam@nospam.spoons.one (one_of_spoons) — Thu, 27 Jul 2023 00:00:00 +0000

No special knowledge nor resources.
+This is a preview show for some future, self referential tangle of +cryptographic distraction.

So far, I see money as some social credit by proxy.
+I recognise the utility of keeping track of resource recipes.
+I also see dangers in over abstracting relations beyond robustly +provable outcomes.

+]]> +

HPR3908: Emacs package curation, part 2

dnt.nospam@nospam.revolto.net (dnt) — Wed, 26 Jul 2023 00:00:00 +0000

We discuss the packages installed in the second of three files that +make up my emacs config.

;;; init-base.el ---  The basics
+;;; Commentary:
+;;; Packages for my personal and work laptop, but not termux.
+
+;;; Code:
+
+;;;;;;;;;;;;;;;
+;;; Writing ;;;
+;;;;;;;;;;;;;;;
+
+;; Focused writing mode
+(use-package olivetti
+  :hook (olivetti-mode . typewriter-mode-toggle)
+  :bind ("C-x C-w" . olivetti-mode)
+  :custom (olivetti-body-width 64)
+  :config
+      (defvar-local typewriter-mode nil
+      "Typewriter mode, automatically scroll down to keep cursor in
+      the middle of the screen. Setting this variable explicitly will
+      not do anything, use typewriter-mode-on, typewriter-mode-off
+      and typewriter-mode-toggle instead.")
+      (defun typewriter-mode-on()
+      "Automatically scroll down to keep cursor in the middle of screen."
+        (interactive)
+        (setq-local typewriter-mode t)
+        (centered-cursor-mode +1))
+      (defun typewriter-mode-off()
+      "Automatically scroll down to keep cursor in the middle of screen."
+        (interactive)
+        (kill-local-variable 'typewriter-mode)
+        (centered-cursor-mode -1))
+      (defun typewriter-mode-toggle()
+        "Toggle typewriter scrolling mode on and off."
+        (interactive)
+        (if typewriter-mode (typewriter-mode-off) (typewriter-mode-on))))
+
+(use-package centered-cursor-mode)
+
+;; Check for weasel words and some other simple rules
+(use-package writegood-mode
+  :bind ("C-c g" . writegood-mode))
+
+;; spellchecking
+(use-package flyspell-correct
+  :after flyspell
+  :bind (:map flyspell-mode-map
+              ("C-;" . flyspell-correct-wrapper)))
+
+;; show correction options in a popup instead of the minibuffer
+(use-package flyspell-correct-popup
+  :after (flyspell-correct))
+
+;online thesaurus service from powerthesaurus.org
+(use-package powerthesaurus)
+
+;; WordNet Thesaurus replacement
+(use-package synosaurus
+  :custom (synosaurus-choose-method 'default)
+  :config (when window-system
+            (if (string= (x-server-vendor) "Microsoft Corp.")
+              (setq synosaurus-wordnet--command "C:\\Program Files (x86)\\WordNet\\2.1\\bin\\wn.exe"))))
+
+;; WordNet search and view
+(use-package wordnut
+  :bind ("C-c s" . wordnut-search)
+  :config (when window-system
+            (if (string= (x-server-vendor) "Microsoft Corp.")
+                (setq wordnut-cmd "C:\\Program Files (x86)\\WordNet\\2.1\\bin\\wn.exe"))))
+
+;; fill and unfill with the same key
+(use-package unfill
+  :bind ("M-q" . unfill-toggle))
+
+;; Markdown...
+(use-package markdown-mode)
+
+;;;;;;;;;;;;;;
+;;; Coding ;;;
+;;;;;;;;;;;;;;
+
+;; Syntax checking
+(use-package flycheck
+  :diminish
+  :init (global-flycheck-mode))
+
+(use-package flycheck-popup-tip
+  :after (flycheck)
+  :hook (flycheck-mode-hook . flycheck-popup-tip-mode))
+
+;; Web design
+(use-package emmet-mode
+  :hook (sgml-mode . emmet-mode) ;; Auto-start on any markup modes
+        (css-mode . emmet-mode)) ;; enable Emmet's css abbreviation.
+
+(use-package sass-mode)
+
+(use-package web-mode)
+
+;; Python
+(use-package python
+  :mode ("\\.py\\'" . python-mode)
+  :interpreter ("python" . python-mode))
+
+;; highlight todo items everywhere
+(use-package hl-todo
+  :straight (:host github :repo "tarsius/hl-todo")
+  :custom (hl-todo-keyword-faces
+             `(("FIXME" error bold)
+             ("STUB" error bold)
+             ("REPLACETHIS" error bold)
+             ("REVISIT" error bold)))
+          (hl-todo-exclude-modes nil)
+  :config (add-to-list 'hl-todo-include-modes 'org-mode)
+  :init (global-hl-todo-mode))
+
+;; git
+(use-package magit)
+
+(use-package git-timemachine)
+
+;; rest APIs via org source block
+(use-package ob-restclient)
+
+;;; END ;;;
+
+(provide 'init-base)
+;;; init-base.el ends here

+]]> +

HPR3907: My introduction show

reto007.nospam@nospam.yahoo.com (Reto) — Tue, 25 Jul 2023 00:00:00 +0000

The show notes

Episode 3496: How I record HPR Episodes http://hackerpublicradio.org/eps.php?id=3496
Source: https://gitlab.com/norrist/solocast
XFree86 http://en.wikipedia.org/wiki/XFree86
Quickemu, Quickly create and run optimised Windows, macOS and Linux +desktop virtual machines. http://github.com/quickemu-project/quickemu

+]]> +

HPR3906: The Oh No! News.

Lyunpaw.nospam@nospam.gmail.com (Some Guy On The Internet) — Mon, 24 Jul 2023 00:00:00 +0000

The Oh No! news. +

Oh No! News is Good +News.

TAGS: Oh No News, InfoSec, browser security, +session tokens, session id

InfoSec; the language +of security.

Source: Session ID.
+
Source: JSON Web +Token.
+ +
- Terms +of Use: Copyleft, free content
  +
Source: Session +vs Token Based Authentication.
+ +
- Terms +of Use: CC-BY-SA (with CC-BY-NC-SA elements).
  +
Source: Steal Application +Access Token. Adversaries can steal application access tokens as a +means of acquiring credentials to access remote systems and resources. +Application access tokens are used to make authorized API requests on +behalf of a user or service and are commonly used as a way to access +resources in cloud and container-based applications and +software-as-a-service (SaaS).
+ +
- Terms of +Use: Similar to CC-BY-SA
  +
Source: Analysis: +CircleCI attackers stole session cookie to bypass MFA.
+ +
- Terms of +Use: Section 8. CONTENT AND CONTENT LICENSES. NOT +certain
  +
Source: How to Prevent +Session Hijacking?
+ +
- Terms of +Use: Copyright, restrictive
  +

Additional Information. +
- What is a "Data +Breach"? A data breach is a security violation, in which sensitive, +protected or confidential data is copied, transmitted, viewed, stolen, +altered or used by an individual unauthorized to do so.
- What is "Malware"? +Malware (a portmanteau for +malicious software) is any software intentionally designed to cause +disruption to a computer, server, client, or computer network, leak +private information, gain unauthorized access to information or systems, +deprive access to information, or which unknowingly interferes with the +user's computer security and privacy.
- What is a "Payload"? +In the context of a computer virus or worm, the payload is the portion +of the malware which performs malicious action; deleting data, sending +spam or encrypting data. In addition to the payload, such malware also +typically has overhead code aimed at simply spreading itself, or +avoiding detection.
- What is "Phishing"? +Phishing is a form of social engineering +where attackers deceive people into revealing sensitive information or +installing malware such as ransomware. Phishing +attacks have become increasingly sophisticated and often transparently +mirror the site being targeted, allowing the attacker to observe +everything while the victim is navigating the site, and transverse any +additional security boundaries with the victim.
- Social +engineering (security) In the context of information security, +social engineering is the psychological +manipulation of people into performing actions or divulging +confidential information. A type of confidence trick for the purpose of +information gathering, fraud, or system access, it differs from a +traditional "con" in that it is often one of many steps in a more +complex fraud scheme.
  +
- What is "Information +Security" (InfoSec)? Information security, sometimes shortened to +InfoSec, is the practice of protecting information by mitigating information risks. It +is part of information risk +management. +
  - Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.). +Information Systems are composed in three main portions, hardware, +software and communications with the purpose to help identify and apply +information security industry standards, as mechanisms of protection and +prevention, at three levels or layers: physical, personal and +organizational. Essentially, procedures or policies are implemented to +tell administrators, users and operators how to use products to ensure +information security within the organizations.
- What is "Risk +management"? Risk management is the identification, evaluation, and +prioritization of risks followed by coordinated and economical +application of resources to minimize, monitor, and control the +probability or impact of unfortunate events or to maximize the +realization of opportunities.
- What is a "Vulnerability" +(computing)? Vulnerabilities are flaws in a computer system that +weaken the overall security of the device/system. Vulnerabilities can be +weaknesses in either the hardware itself, or the software that runs on +the hardware.
- What is an "Attack +Surface"? The attack surface of a software environment is the sum of +the different points (for "attack vectors") where an unauthorized user +(the "attacker") can try to enter data to or extract data from an +environment. Keeping the attack surface as small as possible is a basic +security measure.
- What is an "Attack +Vector"? In computer security, an attack vector is a specific path, +method, or scenario that can be exploited to break into an IT system, +thus compromising its security. The term was derived from the +corresponding notion of vector in biology. An attack vector may be +exploited manually, automatically, or through a combination of manual +and automatic activity.
- What is +"Standardization"? Standardization is the process of implementing +and developing technical standards based on the consensus of different +parties that include firms, users, interest groups, standards +organizations and governments. Standardization can help maximize +compatibility, interoperability, safety, repeatability, or quality. It +can also facilitate a normalization of formerly custom processes. +
  - List of computer +standards.
  - List of technical standard +organizations.
- What is a "Replay +attack"? A replay attack is a form of network attack in which valid +data transmission is maliciously or fraudulently repeated or delayed. +Another way of describing such an attack is: "an attack on a security +protocol using a replay of messages from a different context into the +intended (or original and expected) context, thereby fooling the honest +participant(s) into thinking they have successfully completed the +protocol run."
- What is a +"Man-in-the-middle attack"? In cryptography and computer security, a +man-in-the-middle, ..., attack is a cyberattack where the attacker +secretly relays and possibly alters the communications between two +parties who believe that they are directly communicating with each +other, as the attacker has inserted themselves between the two +parties.
- What is "Transport Layer +Security" (TLS)? Transport Layer Security (TLS) is a cryptographic +protocol designed to provide communications security over a computer +network. The protocol is widely used in applications such as email, +instant messaging, and voice over IP, but its use in securing HTTPS +remains the most publicly visible.
- What is a "Handshake" +(computing)?. In computing, a handshake is a signal between two +devices or programs, used to, e.g., authenticate, coordinate. An example +is the handshaking between a hypervisor and an application in a guest +virtual machine.
- What is Security +theater? The practice of taking security measures that are +considered to provide the feeling of improved security while doing +little or nothing to achieve it.
  +

License: Creative +Commons Attribution-ShareAlike 4.0 International +
This +work is licensed under a +Creative +Commons Attribution-ShareAlike 4.0 International License.

+]]> +

Hacker Public Radio

HPR3915: Why the hell is my audio clipping?

HPR3914: how to deal with blisters

HPR3913: Lurking Prion Q and A

HPR3912: Emergency Show: Biltong and Rooibos

HPR3911: An overview of the 'ack' command

Introduction

Installing `ack`

Perl regular expressions

File types

The `.ackrc` file

Quick review of selected +`ack` options

Usage

Options

Examples

1. Find all Markdown +files in a directory

2. Names +of files that contain a match, with a match count

3. Searching for words in +a simpler way

Links

HPR3910: Playing Civilization II

Links:

HPR3909: Permission tickets.

HPR3908: Emacs package curation, part 2

HPR3907: My introduction show

HPR3906: The Oh No! News.

Oh No! News is Good +News.

InfoSec; the language +of security.

Hacker Public Radio

HPR3915: Why the hell is my audio clipping?

HPR3914: how to deal with blisters

HPR3913: Lurking Prion Q and A

HPR3912: Emergency Show: Biltong and Rooibos

HPR3911: An overview of the 'ack' command

Introduction

Installing ack

Perl regular expressions

File types

The .ackrc file

Quick review of selected +ack options

Usage

Options

Examples

1. Find all Markdown +files in a directory

2. Names +of files that contain a match, with a match count

3. Searching for words in +a simpler way

Links

HPR3910: Playing Civilization II

Links:

HPR3909: Permission tickets.

HPR3908: Emacs package curation, part 2

HPR3907: My introduction show

HPR3906: The Oh No! News.

Oh No! News is Good +News.

InfoSec; the language +of security.

Installing `ack`

The `.ackrc` file

Quick review of selected +`ack` options