In February 2015 I discovered a cross-site scripting vulnerability in Ubiquiti’s EdgeRouter Administrative interface. These are powerful and cheap devices which are also pretty fun to use and configure, so I’d definitely recommend them even though I found this issue. After a couple of false-starts and emails getting lost I was invited to submit details of the vulnerability via HackerOne, and they fairly quickly decided to pay me a $500 US bounty.
February was a quiet month in music, so I decided to skip it and bundle it with March, which has been much more noisy. This post has a few new releases from the last couple of months, and I’ve tried to include links to youtube videos and Apple Music where I can. This post contains some high quality metal, so read on for the details, and feel free to feed me suggestions!
Every now and then I run port scans of the VPS running this site to check there’s nothing untoward and that I can see everything I expect to see. Recently, one thing that gave me pause was the fact that when I do this from home there are extra open ports in nmap’s output. After convincing myself that my server hadn’t actually been owned, I decided to look into it.
At work, we’ve recently had problems with one of our SANS, and as a result we ended up with some filesystem corruption and a little data loss. As part of our clean-up effort, we rebooted and checked each server, mainly by running the classic shutdown -F -r now, to force a reboot and fsck. On systems where there’s little or no damage, this does exactly what you’d expect, and you end up with the system coming back up happy, but on some CentOS 7 systems where there was corruption this is where the fun began.
EventScripts is a fairly advanced Mac OS X utility with a bit of a learning curve. Its job is to run scripts in response to certain events, from things like your external IP address or location changing, to bluetooth devices being seen, or screenshots being taken. You can also talk to it using mobile devices using EventScripts Mobile. It’s a little like Hazel, for system events. The interface is a bit austere, so to start with it can be a bit overwhelming.