This isn’t strictly a reading list, because it’s about books I’ve already read, but it’s a list of reading! As part of my effort to more regularly blog this year I’ve found myself straying from purely techy topics into the realms of the more personal, and as part of that I’ve been covering one of my most favourite things in the world. Music. This was originally a back-burner topic, but then when I wrote my 2015 Roundup I enjoyed it, so I’ve decided to make it regular.
In February 2015 I discovered a cross-site scripting vulnerability in Ubiquiti’s EdgeRouter Administrative interface. These are powerful and cheap devices which are also pretty fun to use and configure, so I’d definitely recommend them even though I found this issue. After a couple of false-starts and emails getting lost I was invited to submit details of the vulnerability via HackerOne, and they fairly quickly decided to pay me a $500 US bounty.
February was a quiet month in music, so I decided to skip it and bundle it with March, which has been much more noisy. This post has a few new releases from the last couple of months, and I’ve tried to include links to youtube videos and Apple Music where I can. This post contains some high quality metal, so read on for the details, and feel free to feed me suggestions!
Every now and then I run port scans of the VPS running this site to check there’s nothing untoward and that I can see everything I expect to see. Recently, one thing that gave me pause was the fact that when I do this from home there are extra open ports in nmap’s output. After convincing myself that my server hadn’t actually been owned, I decided to look into it.
At work, we’ve recently had problems with one of our SANS, and as a result we ended up with some filesystem corruption and a little data loss. As part of our clean-up effort, we rebooted and checked each server, mainly by running the classic shutdown -F -r now, to force a reboot and fsck. On systems where there’s little or no damage, this does exactly what you’d expect, and you end up with the system coming back up happy, but on some CentOS 7 systems where there was corruption this is where the fun began.