Skip to main content

Posts

This is a PPTP VPN intervention.

Six years ago (sigh), I wrote but never published this blog post begging users to find an alternative to the PPTP VPN protocol. They were already years out of date at that time. Even today, however, well-known companies like ExpressVPN are still providing PPTP to clients despite the fundamentally insecure nature of these types of tunnels. Consider this an intervention. For years, the Virtual Private Network (VPN) has been a mainstay of those trying to keep snoopers away from their online activities. Its important to keep in mind that a VPN is one part of a secure and private online presence - without complementing the use of a VPN with additional tools and habits, the security offered is more narrow than many users believe. There are two main reasons to use a VPN.  First and foremost, a VPN is a means of encapsulating your network traffic within an encrypted "tunnel". This makes it extremely difficult to see or manipulate that network traffic. This is typically the type of ...

Electromagnetic eavesdropping is cheap & easy - so why doesn't anyone believe it exists?

Below, I've included what would have been the first post in a series of posts I wrote about the  badBIOS  controversy in October 2013. I found the evidence in support of badBIOS to be unconvincing and I was concerned by how popular badBIOS became despite those obvious shortcomings. This wasn't a situation where an overexcitable press ran with a story that turned out to be inaccurate; the most early and adamant believers in  badBIOS  weren't reporters, they were ITSEC professionals. How were so many of us publicly duped by what was essentially a conspiracy theory? This post doesn't address badBIOS directly. However, badBIOS was presumed to somehow involve the manipulation of computers using acoustic transmissions. This post provides some historical context behind a strain of computer science research in this field and shows how commonly held beliefs about the feasibility of these attacks were generally inaccurate at the time of writing. In future posts I would ha...

PHP empty() and the trouble of passing new zero values in forms

Lets say we have a form. The form is straight-forward: HTML radio buttons that posts to a PHP processing script that saves the results to a database. The radio buttons correspond to bindary responses to questions - Yes/No, True/False. These truth values are mapped to the integers '1' and '0', which are then stored in the database. When such a form is creating new records, this is about as brainless as web-development gets. But things get more complicated when the form is used to update existing records. A useful update form will typically have a few basic features; among them, the option to update all of the data in the form or just some of the data. To do this, we have to check whether a variable is being updated or not. One approach to checking on variable updates is to create an array with all of the variables to be considered, like this:  $stuff = array( 'fee' => $_POST['fee'], 'fi' => $_POST['fi'], ...

KMS client activation keys - Windows Server 2022, 2019 and 2016

This is the latest update of the list of windows license keys for key management service activation I publish every few years. Reference the KMS activation post I wrote for Windows 2012 for help installing one of the keys (` slmgr /ipk yourkeyhere` from a command prompt as an administrator)   Windows Server Semi-Annual Channel versions Windows Server, version 1909, version 1903, and version 1809 Windows Server, version 1909, version 1903, and version 1809 Operating system edition KMS Client Setup Key Windows Server Datacenter 6NMRW-2C8FM-D24W7-TQWMY-CWH2D Windows Server Standard N2KJX-J94YW-TQVFB-DG9YT-724CC Windows Server LTSC/LTSB versions Windows Server 2022 Windows Server 2022 Operating system edition KMS Client Setup Key Windows Server 2022 Datacenter WX4NM-KYWYW-QJJR4-XV3QB-6VM33 Windows Server 2022 Standard VDYBN-27WPP-V4HQT-9VMD4-VMK7H Windows Server 2019 Windows Server 2019 Operating system edition KMS Client Setup Key W...

If E.T. phones home, he won't use entagled qubits

I can recall listening to a radio program some 10-15 years ago. The host of the show believed that it would soon be possible to build a faster-than-light communications system using quantum entangled particles, and interviewed several people from a company who were seeking funding to somehow make that happen. But why not?  There would be tremendous value in some sort of "quantum phone" of entangled particles that allowed for transferring messages faster than the speed of light.  Quantum computers are a real thing now. Quantum key distribution could very well revolutionize public key cryptography. Yet if anything, quantum computing is a misnomer because it understates how fundamental quantum mechanics has been on recent technological innovation. Quantum mechanics has been around for a century now and all modern computers rely to some extent on the principles of quantum mechanics to function. But there will be no quantum phone. Let's start by explaining how the quantum ph...

Your spreadsheet is probably wrong

I watched  Rob Eastaway's 2019 for the Royal Institute today. Everything from RI is great and worth checking out, but Eastaway delivered a statistic I hadn't come across before: 90% of all spreadsheets contain errors. Mr Eastaway himself had only come across the statistic from another source, the European Spreadsheet Risks Interest Group (or EuSpRIG for short). This is not a trivial issue. EuSpRIG's website has a "horror stories" section that demonstrates the gravity of errors in the wrong type of spreadsheet. Even if we discard the few stories involving malware embedded in spreadsheets like  the BlackEnergy power plant shutdown  - for many reasons it makes sense to count and study malware separately from unintentional human and formulaic errors - the EuSpRIG lists dozens of separate incidents that involve massive financial losses . Taxes, criminal and medical records are all stored on spreadsheets. Single digit error rates have major repercussions. Claims put...

Annoying Error in Cassandra Quickstart using Docker for Windows

I needed to setup a quick Cassandra environment in Windows today, but I ran into a problem when executing the quick start guide from Cassandra's (excellent) website . The quick start assumes a working Docker environment. Because this is in Windows, WSL 2 has been configured, and the Docker for Windows binary has been properly installed: docker pull cassandra:latest  docker network create cassandra docker run --rm -d --name cassandra --hostname cassandra --network cassandra cassandra From here you can either load data into Cassandra from a file or start a prompt. A prompt is supposed to be opened like this per the documentation: docker run --rm -it --network cassandra nuvo/docker-cqlsh cqlsh cassandra 9042 --cqlversion='3.4.4' This produces an error:   Error messages like this can be a little intimidating. There's a hint, though, in the last line. ValueError and 'invalid literal for int()...