Post

A couple months ago, I identified a (likely) bug in Intel versions of macOS Sequoia. How's that been going? Though it's faked me out a couple times...the bug is still here, and still just as bad.

You've got a big logfile, and something weird is happening, but you don't know what. There's lots of data there, and you're sure there are patterns. How can you make sense of the chaos, quickly, when you really don't even know where to begin? Sometimes, you just need The Old Tools.

After a lot of exploration and experimentation, I'm finally closing in on a strategy that, if it won't SOLVE the problems Ive been having, should at least mitigate them.

My Mac's disk has been filling up. I think I figured out where the problem was, but spent a week collecting data to be sure. Now I'm more confident, but also more confused.

My Mac Mini's disk kept filling up. A lot. Even after I got rid of crap, it filled up again. Multiple gigs in just a day. What the hell is going on?

My decade-old NAS finally conked out. Just how easy is it, really, to move the drives to a newer unit? Let's find out.

Still poking around the Noise Storm rabbit hole. I think I've figured out the four main packet types in this storm.

GreyNoise has been seeing crazy noise storms full of pings for years. I may have figured out what some of them are.

A year ago, I got laid off. It's been a weird ride since then...

Writing the firmware for a NeoTrellis keypad to allow it to send and receive MQTT controls, and dealing with keypad library read/write conflicts.

Introduction to a series about a 16-key remote-control MQTT keypad

Building a board generator for Codenames as a fun diversion

Pulling the whole series together to demonstrate the 1Password vault system from unlock to item decryption

Finishing the Inside 1Password series with some miscellaneous topics

Looking at how Local Vaults are encrypted, and how that affects unlocking 1Password clients

How 1Password's shared vaults work

How the Encrypted Master Key works to unlock the Windows 1Password client

The Master Unlock Key and unlocking 1Pass on macOS

Beginning of a deep dive into how 1password works

How to properly encrypt EICES-format messages to be decrypted by the iOS and macOS Secure Enclave system

I had way too many conference badges hanging from a stuffed moose head. So I built a nice display for my office.

My 3D Blu-Ray stopped working. It took an hour to figure out the stupid simple cause.

I've been waiting for this eclipse for nearly 40 years. Here's how I got to see it firsthand.

The key to decrypt the firmware for the Secure Enclave Processor (SEP) on the iPhone 5S has been disclosed. It's actually potentially a good thing.

I decided the site needed a visual overhaul, and didn't want to keep hacking the old engine, so found a new one.

Adding a Fully Jarvis J3 standing desk frame to my IKEA desk

ShmooCon 13 Badge contest, scoring, solutions to the puzzles.

A rough introduction to how poem codes work and how they may have been used in practice by SOE agents in WWII.

A high-level summary of what we know, what we think we know, and what we know we don't know, as well as some words of caution.

A first, rough look at a new mobile app authentication service from Trail of Bits

A quick, simple rig to film a time-lapse video of snow piling up on my desk in a blizzard.

Yet another uninformed, unrealistically idealistic rant about how things *ought* to be. Most readers will probably strongly disagree.

A discussion of ideas I've been kicking around about security research in general, and how current CyberUL speculation fits in.

A new service called Blind Hashing, that incorporates salts taken from petabyte-sized cloud databases, hopes to make password cracking obsolete.

The Lenovo-installed SuperFish man-in-the-middle malware has me thinking again about how the CA system is still broken.

A bug in iOS (fixed in 8.1.1) allows a well-timed reboot to bypass the forced lockout timeout, allowing for multiple PIN attempts.

The parties have made voting even more of a hassle, and more infuriating, than the months of attack ads we endure.

Videos of people breaking into cars, and reports of hijacked dealer equipment. Real-world example of why backdoors are bad?

If you've enabled SMS forwarding on your iPhone, you might want to ensure that messages don't get displayed on your Mac when it's locked.

A response from Apple downplays security concerns raised over how Spotlight search works on Yosemite.

The "Apple can't decrypt devices for law enforcement" conversation continues to spawn excellent posts and explanations.

Making sense of how iOS encryption works, especially what's changed in iOS 8 and how Apple made it harder for law enforcement, can be difficult. I'll try to help.

My HVAC system is constantly failing. I'm building a system to closely monitor temps so I can catch failures earlier. After only a couple days with rough prototypes I'm already learning something useful.

A badge puzzle / mini CTF at BSidesLV 2014. Created by Zack Fasel, sponsered by Urbane Security, won (somewhat soundly) by Darth Null.

Quick review of BSidesLV Talk, in which they describe problems with the Mersenne Twister and other similer pseudo-random number generators.

Lots of press recently about a potentially serious malware called Svpeng. A nice case study in the use of FUD in mainstream tech press.

Last year, Apple introduced advanced power saving techniques. Can they do the same for memory? There’s never enough to smoothly switch between apps. If they can fix that, a world of opportunities opens.

VPNs which require 2-Factor Google Authenticator codes are a pain to start up in Tunnelblick on OS X. Here's a script to make it easier.

Mail.app's protection against loading images on suspected SPAM messages is broken when forwarding the email to a spam-reporting service.

How we set up multiple personal iCloud accounts for the family, and a couple of shared accounts for parents and kids.