Hacker Public Radio

Talking Points main.rs Like main.cpp in C++ or main.c in C Tells the compiler which file to start with Can link to other "crates" and "modules" Cargo.toml Keeps track of application metadata This includes dependencies! Functions Strictly typed, like everything in Rust Declared by fn Argument typed with argument: Type Return typed with -> Type otherwise assumed to return nothing The Main Function Like the main functions in C and C++ Where the program starts within the main.rs file CLI arguments handled by std::env, rather than argv and argc in C Can return nothing or a Result<()> Macros Metafunctions or functions for functions More general than functions, having flexibility in the number of arguments, etc, but harder to write The println! Macro Can take any number of arguments that implement the display trait Usually things like strings or character literals Will format them into a string and display it on the terminal Similar to printf in C The Hello World program Can be automagically generated with cargo new and then the name of your application Located in Name-Of-Application/src/main.rs fn main() {   println!("Hello, world!"); } Show Notes Important Links: Git repo for this miniseries The Rust Standard Library The format! macro The println! macro Wikipedia Articles: The Rust Programming Language Contact Me Email: izzyleibowitz at pm dot me Mastodon: at blackernel at nixnet dot social

Introduction On today's show I test whether the battery replacement for my Neuton mower is a success. This is a follow up to episode 3443. After some audio recording difficulties with the blue tooth headset I used with my phone, we hear if the replacement was successful. Before I could test the battery, I needed to replace the mower key. I think it would have been simple to just jump the terminals with a wire and maybe some alligator clips to hold the wire to the key terminals, but I was worried this would not guarantee the wire shaking loose as I moved. I looked on EBay and found a replacement key for about fifteen dollars US, and decided it was worth the cost and the wait before trying out the mower. Testing the mower After putting the key in the mower, pulling and holding the safety levers, and then pressing the start button. The mower wouldn't start. I checked the key was set properly, and saw the green LED on the handle lit and indicating that power was available. I pulled the key and battery out, and then reseated both of them, checking once again that the power indicator was lit. After some fooling around with the safety levers and start button, I realized you had to push the start button and then pull and hold the safety levers for the mower to start. The mower runs well, and the cost of the batteries and key will even out over time from the savings on not paying for a lawn service. References DR Neuton Cordless Walk Behind 14" Lawn Mower CE2 CE3 CE5 Reset Security Key - EBay item Attribution The transition sound used between audio clips is found on freesound.org: Name: Harp Transition Music Cue Author: DanJFilms License: Creative Commons Zero

beware shipping prices always use Instant Checkout be sure to check USA 2-3x the cost of lego.com set paying 3-5 people via paypal .... no way to easy share wanted list ... LOST :( https://rmccurdy.com/.scripts/downloaded/CL4P-TP%20Claptrap%20Borderlands%20Bricklink.xml 7 missing out of 216 on one shipment Photo Click the thumbnail to see the full-sized image

This tutorial looks at DOS Internal Commands, which in some sense are analogous to shell commands in Linux. That means that the command interpreter already has these loaded and ready to go when you boot. Links: http://webopedia.internet.com/TERM/c/command.html https://www.ahuka.com/dos-lessons-for-self-study-purposes/dos-lesson-3-internal-commands/

Here are links to all the search engines and related stuff discussed during this podcast, Searx: https://www.searx.me/ Searx public instances: https://searx.space/ Whoogle: https://github.com/benbusby/whoogle-search Whoogle public instances: https://github.com/benbusby/whoogle-search#public-instances MetaGer: https://metager.org/ MetaGer browser extensions: https://metager.org/plugin MetaGer mobile apps: https://metager.org/app MetaGer privacy policy: https://metager.org/datenschutz Gigablast: https://gigablast.com/ Gigablast privacy policy: https://gigablast.com/privacy.html Private.sh: https://private.sh/ Private.sh privacy policy: https://private.sh/extension.html Ecosia: https://www.ecosia.org/ Ecosia mobile apps: https://info.ecosia.org/mobile Ecosia privacy policy: https://info.ecosia.org/privacy Startpage: https://www.startpage.com/ Startpage privacy policy: https://www.startpage.com/en/search/privacy-policy.html Qwant: https://www.qwant.com/ Qwant Junior: https://www.qwantjunior.com/ Qwant browser extensions: https://help.qwant.com/help/qwant-search/add-qwant-on-desktop/ Qwant privacy policy: https://about.qwant.com/en/legal/confidentialite/ Brave Search: https://search.brave.com/ Brave Search privacy policy: https://search.brave.com/help/privacy-policy DuckDuckGo: https://duckduckgo.com/ DuckDuckGo browser extensions & apps: https://duckduckgo.com/app DuckDuckGo privacy policy: https://duckduckgo.com/privacy hpr0773 :: Interview with Gabriel Weinberg of DuckDuckGo

Klaatu asked us what document format we like and why, so this is a response to his podcast. In this podcast I talk about HTML and the importance of good document structure.

table td.shrink { white-space:nowrap } New hosts Welcome to our new hosts: CoGo, BlacKernel. Last Month's Shows Id Day Date Title Host 3413 Wed 2021-09-01 Bash snippet - using coproc with SQLite Dave Morriss 3414 Thu 2021-09-02 Critical Thinking may make You Critical of the Covid Crisis CoGo 3415 Fri 2021-09-03 Hacking Stories with Reacted: part 3 operat0r 3416 Mon 2021-09-06 HPR Community News for August 2021 HPR Volunteers 3417 Tue 2021-09-07 Ceph cluster hardware Daniel Persson 3418 Wed 2021-09-08 My gEeeky Experiment - Part 2 Claudio Miranda 3419 Thu 2021-09-09 Linux Inlaws S01E38: Tiny kernels monochromec 3420 Fri 2021-09-10 Normal Layer Modes: Erase, Merge, and Split Ahuka 3421 Mon 2021-09-13 BlacKernel's Journey Into Technology: Episode 1

I talk about some old old old pentesting stories from days old!

Install CentOS or Debian on a Raspberry Pi. I'm using CentOS, but I'll admit that Debian is the easier option by far. Do this on 3 separate Pi units, each with the same specs. Set hostnames You must have unique hostnames for each Pi. Without unique hostnames, your cluster cannot function. There are several "kinds" of hostnames, so to avoid confusion I change all of them. I use a simple naming scheme: k for "kubernetes" + an integer, starting at 100 + c for "cluster": $ sudo hostname k100c $ sudo sysctl kernel.hostname=k100c $ sudo hostnamectl set-hostname k100c $ sudo reboot Do this for each Pi. At a minimum, you end up with Pi computers named k100c, k101c, and k102c. Set verbose prompts When working with many different hosts, it's helpful to have a very verbose prompt as a constant reminder of which host you're connected to. Add this to the ~/.bashrc of each Pi: export PS1='[\033[1;32m]! d t h:w n% [\033[00m]' Install a Pi finder script Install an LED blinker so you can find a specific Pi when you need one. This brilliant script is by Chris Collins for his article Use this script to find a Raspberry Pi on your network, which explains how to run it. #!/bin/bash set -o errexit set -o nounset trap quit INT TERM COUNT=0 LED="/sys/class/leds/led0" if ! [ $(id -u) = 0 ]; then echo "Must be run as root." exit 1 fi if [[ ! -d $LED ]] then echo "Could not find an LED at ${LED}" echo "Perhaps try '/sys/class/leds/ACT'?" exit 1 fi function quit() { echo mmc0 >"${LED}/trigger" } echo -n "Blinking Raspberry Pi's LED - press CTRL-C to quit" echo none >"${LED}/trigger" while true do let "COUNT=COUNT+1" if [[ $COUNT -lt 30 ]] then echo 1 >"${LED}/brightness" sleep 1 echo 0 >"${LED}/brightness" sleep 1 else quit break fi done Install K3s on your control plane K3s is Kubernetes for IoT and Edge computing. It's the easiest, cleanest, and most serious method of getting Kubernetes on an ARM device. You can try other solutions (Microk8s, Minikube, OXD, and so on), but the best support comes from k3s. First, you must install k3s on one Pi. You can use any of your Pi units for this, but I use host k100c because it's the first in the sequence, so it feels logical. [k100c]$ curl -sfL https://get.k3s.io -o install_k3s.sh [k100c]$ chmod 700 install_k3s.sh Read the script to ensure that it seems to do what you expect, and then: [k100c]$ ./install_k3s.sh After installation, you're prompted to add some arguments to your bootloader. Open /boot/cmdline.txt in a text editor and add cgroup_memory=1 cgroup_enable=memory to the end of it. console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p3 rootfstype=ext4 elevator=deadline rootwait cgroup_memory=1 cgroup_enable=memory Reboot: [k100c]$ sudo reboot Once the Pi is back up, verify that your node is ready: [k100c]$ k3s kubectl get node NAME STATUS ROLES AGE k100c Ready control-plane,master 42s This Pi is the "control plane", meaning it's the Pi

This podcast was provided by Zen_Floater2 in his personal capacity. The opinions expressed in this podcast are the author's own and do not reflect the view of Hacker Public Radio. Shownotes Edited by Ken on 2021-09-11T14:35:19Z to include disclaimer. A Squirrels thoughts about freedom and RMS. I also cover guns on aircraft. I cover smoking on aircraft. And I cover drinking beer on aircraft. And COBOL as well.

Previous episode: https://hackerpublicradio.org/eps.php?id=3412hpr3412 :: Reading a license: Creative Commons Attribution ShareAlike 3.0 Unported Timeline 2007-02-23 https://creativecommons.org/2007/02/23/version-30-launched/ 2007-09-26 https://www.gnu.org/licenses/gpl-3.0.html 2011-11-03 https://creativecommons.org/2011/11/03/copyright-experts-discuss-cc-license-version-4-0-at-the-global-summit/ Internationalization Interoperability Long-lasting Data/PSI (Public Sector Information?)/Science/Education Supporting Existing Adoption Models and Frameworks 2013-11-25 https://creativecommons.org/2013/11/25/ccs-next-generation-licenses-welcome-version-4-0/ 30-day violation grace periodhttps://creativecommons.org/faq/#how-can-i-lose-my-rights-under-a-creative-commons-license-if-that-happens-how-do-i-get-them-back 2013-12-06 16Z--18Z CC site moves to 4.0 -- last snapshot with 3.0 is https://web.archive.org/web/20131206155520/http://creativecommons.org/ 2014-10-21 CC-by-SA 4.0 and Free Art License 1.3 defined as two-way compatible licenseshttps://creativecommons.org/2014/10/21/big-win-for-an-interoperable-commons-by-sa-and-fal-now-compatible/ 2015-10-08 GPLv3 defined as a one-way compatible license for CC-by-SA 4.0https://creativecommons.org/2015/10/08/cc-by-sa-4-0-now-one-way-compatible-with-gplv3/ Links to license and deed and links from within the texts https://creativecommons.org/licenses/by-sa/4.0/ https://creativecommons.org/licenses/by-sa/4.0/legalcode The text of the Creative Commons public licenses is dedicated to the public domain under the CC0 Public Domain Dedication. https://freedomdefined.org/Definition of Free Cultural Works https://wiki.creativecommons.org/License_Versions#Detailed_attribution_comparison_chartHow to give credit https://wiki.creativecommons.org/License_Versions#Modifications_and_adaptations_must_be_marked_as_suchHow to mark a work as modified https://wiki.creativecommons.org/FAQ#If_I_derive_or_adapt_material_offered_under_a_Creative_Commons_license.2C_which_CC_license.28s.29_can_I_use.3FHow and when you can relicense a work h

Talking Points Rational Sometimes, X.org just doesn't want to work Esspecially if you are a dumb n00b running Arch The terminal will always be there for you. Applications: My .bashrc: Environment Variables: export EDITOR=nvim export PAGER=most export BROWSER=lynx export XDG_DATA_HOME="$HOME/.local/share" export XDG_CONFIG_HOME="$HOME/.config" PS1: user@hostname:~ (git_branch) $ if [[ $EUID == 0 ]]; then export PS1="[e[1;31m]u[e[m]@[e[0;32m]h[e[m]:w$(__git_ps1) # " else export PS1="[e[1;34m]u[e[m]@[e[0;32m]h[e[m]:w$(__git_ps1) $ " fi Aliases: alias vim=nvim alias play=mpv Productivity ("Window Manager"): tmux Provides an easy way of splitting a tty into various panes Get multiple workspaces for free with CTL+ALT+F{1,2,3,4,5,6,7} All of the tiling window manager, none of the X-it Can set up if [ -t 0 ] && [[ -z $TMUX ]] && [[ $- = *i* ]]; then exec tmux; fi in .bashrc in order to have tmux start/stop with your terminal sessiion. Music: cmus Easy library and playlist management Dead simple to use (with cmus-tutorial) y to yank songs onto a playlist SPA to select a playlist RET to play a song/playlist TAB to switch between panes Pictures: fim Requires user be in the video group for permission to use the Linux framebuffer Radio/Video/single audio files: mpv Can display video in terminal (badly with libcaca) Can actually display video in linux framebuffer (with drm) Can handle all of your somafm files/web-video links Requires youtube-dl for video Podcasts/RSS: newsboat/podboat Orginizes all of your podcasts and RSS feeds into an easy-to-use ncurses interface Can be set up with player "mpv --save-position-on-quit" to save positions on podcasts Very convinent for articles, less so for podcasts Really needs better integration with something like cmus Runner Up: podfox Can be configured with JSON Has better directory structure than podboat, imo Tree based structure vs shove everything in ~ by default Text Editing/Word Processing: neovim/GitX Flavored Markdown/pandoc Clean modal editing Can export to whatever with pandoc Probably not as good as OrgMode if emacs wasn't the HFS+ of text editors Audio Recording/Post-Processing: ffmpeg One alias and three scripts in my .bashrc record: alias record="ffmpeg -f alsa -channels 1 -i hw:1" atrim, top-tail, and anorm: Allows me to quickly spin up a recording and run post processing functi

The boot process is a very particular system for taking a dead hunk of metal and silicon and turning it into an active computer. It is kind of remarkable, and in the DOS environment you really needed to know how it worked. Links: http://webopedia.com/TERM/B/BIOS.html http://webopedia.com/TERM/R/ROM.html http://webopedia.com/TERM/C/CMOS.html http://webopedia.com/TERM/p/power_on_self_test.html http://webopedia.com/TERM/M/MBR.html http://webopedia.com/TERM/k/kernel.html http://webopedia.com/TERM/s/shell.html http://webopedia.com/TERM/i/internal_command.html http://webopedia.com/TERM/b/batch_file.html https://www.ahuka.com/dos-lessons-for-self-study-purposes/dos-lesson-2-booting/

In this episode, our two hosts host Rhys Davies, a developer advocate from Canonical. So all beans will be spilled on one of the most popular Linux distros out there. Like its past, present and future. Never mind how Canonical makes its moolah and where this goes... Plus an interesting infomercial on old big iron (IBM, if you're listening: the mail address is sponsor@linuxinlaws.eu). Links: Canonical: https://canonical.com Ubuntu: https://ubuntu.com Manjaro: https://manjaro.org WSL: https://wiki.ubuntu.com/WSL Snapcraft: https://snapcraft.io Ubuntu community reboot: https://ubuntu.com/blog/reintroducing-the-community-team Chromium as a snap: https://snapcraft.io/blog/chromium-in-ubuntu-deb-to-snap-transition Ubuntu podcast episode on this issue: https://ubuntupodcast.org/2020/06/04/s13e11-inside-out-clothes Canonical's transition from upstart to systemd: https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039465.html LinuxONE and Ubuntu: https://ubuntu.com/blog/tag/linuxone Rhys' presentation at the Linux App Summit: https://conf.linuxappsummit.org/event/3/contributions/65 Critical Role: https://critrole.com Hazy Jane: https://www.brewdog.com/eu_de/hazy-jane-440-eu

Inoffensive in every region of the world. Thank you to everyone who has listened to my previous episodes. This is the final episode in the Infosec Podcasts series. I listen to many, MANY podcasts. The vast majority of these are related to information security. Because there are so many podcasts to list, I have broken them down into 6 different episodes based on topics: Part 1 - News & Current Events - Episode 3324 Part 2 - General Information Security - Episode 3334 Part 3 - Career & Personal Development - Episode 3344 Part 4 - Social Engineering - Episode 3368 Part 5 - Episode 3387 Hacks & Attacks Technical Information & Learning Infosec Community / Social / History Part 6 - Infosec Leadership Preamble Term: CISO Pronounced SEE-so or SAI-so Chief Information Security Officer Sounds like executive leadership position, similar to Chief Executive Officer (CEO), Chief Financial Officer (CFO), etc but this is often not the case Security leadership is changing Old way: Experienced technologists (Usually old white guys) worked way up ranks Usually reported through IT (CIO/CTO) Department of "No" - Block everything bad Slows down business New way: Experienced business professionals with leadership skills and security understanding Can report through: IT (CIO/CTO) Legal (For compliance reasons) Finance (CFO) for governance or compliance reasons Financial impacts of attacks Direct costs Fines CEO - Seat at the table with other C-level execs Direct to board Empowers the business to succeed in a secure way Can still slow down the business, but only when needed Brakes on a race car Infosec Leadership Podcasts CISO Tradecraft - G Mark Hardy (Weekly) Discussion of topics related to becoming a CISO or maturing as a CISO https://www.cisotradecraft.com/ CISO Vendor Relationship Podcast - David Spark & Guests (Weekly) Weekly podcast addressing the challenges experienced by both security professionals and the vendors with whom they interact. https://cisoseries.com/subscribe-podcast/ CISO Talks (Weekly) The talk show series with discussions of current trends in the world of information security with CISOs on the front line. https://www.lepide.com/ciso-talks.html CISO Talk - James Azar (Weekly) Presents the CISO view on cybersecurity, talent development, technology, leadership and much more. https://cisotalk.podbean.com/ The Cyber Ranch Podcast - Allan Alford & Hacker Valley Studios (Weekly) Interviews with security leaders discussing relevant topics https://hackervalley.com/cyberranch/ CISO's Secrets - Currently hosted by Grant Asplund and sponsored by Checkpoint Interviews with security leaders across a wide range of industries Addresses real issues facing security professionals and businesses https://cp.buzzsprout.com/ CISO Stories - Hosted by Todd Fitzgerald and Sam Curry and part of the Security Weekly family of podcasts