• Content count

  • Joined

  • Last visited

  • Days Won


BINREV SPYD3R last won the day on October 24

BINREV SPYD3R had the most liked content!

Community Reputation

-39 Troll


  • Rank
    I could have written a book with all of these posts

Profile Information

  • Gender
  • Country
  1. We previously looked at the NIST Security Framework, which lays out how organizations should manage their network security. That may have seemed a bit dry, so let’s look at this case study to put some flesh on those dry bones. Failing to manage your security risks properly can have significant consequences. Links: View the full article
  2. NEW 'Off The Hook' ONLINE Posted 21 Nov, 2019 5:48:58 UTC The new edition of Off The Hook from 20/11/2019 has been archived and is now available online. "Off The Hook" - 20/11/2019 Download the torrent here!!!! View the full article
  3. Last time we reviewed the mimblewimble protocol for blockchain networks. This is an innovative protocol focused on privacy and scalability. In this episode we take a closer look at the two major implementations of mimblewimble, called Grin and Beam. They are both interesting projects that take very different approaches, yet both have managed to launch working blockchains that preserve the core strengths of the protocol. View the full article
  4. NEW 'Off The Wall' ONLINE Posted 20 Nov, 2019 1:20:39 UTC The new edition of Off The Wall from 19/11/2019 has been archived and is now available online. "Off The Wall" - 19/11/2019 Download the torrent here!!!! View the full article
  5. Intro I have liked writing automated tests for a long time, so it’s not a surprise that I end up writing them in Haskell too. This is very broad topic, so this episode only scratches the surface. HSpec HSpec is testing framework that automatically detects tests, like most of the modern systems. It supports hierarchies, so one can organize tests by feature for example. spec :: Spec spec = do describe "Very important feature" $ do it "Execution should be error free" $ do ... it "Flux capacitors can be charged" $ do ... describe "Somewhat less important feature" $ do ... Unit test Unit test tests a single case with fixed set of inputs. With pure functions these are a pleasure to write as they’re really just data in, data out, verify results. Below is two examples: spec :: Spec spec = do describe "Markov chain configuration" $ do it "Adding new starting element to empty configuration creates item with frequency of 1" $ do let config = addStart ("AA" :: DT.Text) emptyConfig config ^? (configStartsL . _head . itemFreqL) `shouldBe` Just 1 config ^? (configStartsL . _head . itemItemL . _Just) `shouldBe` Just "AA" it "Adding same element twice to empty configuration creates item with frequency of 2" $ do let config = addStart "AA" $ addStart ("AA" :: DT.Text) emptyConfig config ^? (configStartsL . _head . itemFreqL) `shouldBe` Just 2 config ^? (configStartsL . _head . itemItemL . _Just) `shouldBe` Just "AA" Both are for testing configuring markov chains. First one checks that adding a starting element in empty configuration results correct item with correct weight being added. Second checks that adding same starting element twice results weight of 2. Both tests use lenses for reading nested data structure. Episode doesn’t cover them much at all, as it’s enough to know that (configStartsL . _head . itemFreqL) focuses on starting elements of configuration, selects first item of the list and then selects frequency of that item. Lenses can also be used for modifying data and they don’t have to focus on only one element. Unit tests are easy enough to write, they verify single thing about the unit being tested and are usually super fast to run and not error prone. Property based test Property based tests are used to check that a certain property holds with randomly generated input parameters. I’m using HSpec as testing framework and QuickCheck as tool for generating test data: spec :: Spec spec = do describe "planets" $ do describe "food" $ do it "food requirement for positive amount of population is more than zero" $ do forAll positivePopulation $ \x -> foodRequirement x > RawResource 0 it "food base production for farms is equal or greater than their amount" $ do forAll someFarms $ \x -> (sum (fmap foodBaseProduction x)) > (RawResource $ length x) Above we have to tests. First one checks that with any non-zero population, foodRequirement is greater than 0. Second one check that with any positive amount of farm, foodBaseProduction is greater than amount of the farms. positivePopulation is Generator, that is used by QuickCheck to generate random data for testing. Its definition is shown below: singlePopulation :: Gen PlanetPopulation singlePopulation = do let aPlanetId = toSqlKey 0 let aRaceId = toSqlKey 0 aPopulation <- arbitrary `suchThat` \x -> x > 0 return $ PlanetPopulation aPlanetId aRaceId aPopulation positivePopulation :: Gen [PlanetPopulation] positivePopulation = do k <- arbitrary `suchThat` \x -> x > 0 vectorOf k singlePopulation Generated data can be really simple or very complex. Generating complex data is often convenient to break into smaller steps and write generators for them. Property based tests are somewhat harder to write than unit tests, but they can potentially cover edge cases that might otherwise not been discovered. Working with database All tests shown so far have been testing pure code, that is, code that is data in, data out. When database is introduced, things get more complicated. Suddenly there’s much more possibilities for errors. Below is an example of such a test: spec :: Spec spec = withApp $ do describe "Status handling" $ do describe "Planet statuses" $ do it "Expired planet statuses are removed and news created" $ do sId <- runDB $ insert $ StarSystem { starSystemName = "Aldebaraan" , starSystemCoordX = 10 , starSystemCoordY = 20 , starSystemRulerId = Nothing } fId <- runDB $ insert $ Faction { factionName = "Star lords" , factionHomeSystem = sId , factionBiologicals = 10 , factionMechanicals = 10 , factionChemicals = 10 } pId1 <- runDB $ insert $ Planet { planetName = "New Earth" , planetPosition = 3 , planetStarSystemId = sId , planetOwnerId = Just fId , planetGravity = 1.0 , planetRulerId = Nothing } _ <- runDB $ insert $ PlanetStatus { planetStatusPlanetId = pId1 , planetStatusStatus = GoodHarvest , planetStatusExpiration = Just 20201 } let status = Simulation 20201 _ <- runDB $ insert status news <- runDB $ removeExpiredStatuses (simulationCurrentTime status) statuses <- runDB $ selectList [ PlanetStatusPlanetId ==. pId1 ] [] loadedNews <- runDB $ selectList [] [ Asc NewsDate ] liftIO $ statuses `shouldSatisfy` (\x -> length x == 0) liftIO $ news `shouldSatisfy` (\x -> length x == 1) liftIO $ loadedNews `shouldSatisfy` (\x -> length x == 1) There’s a lot more code that had to be written for this test and majority of it is for setting up database state. The test if for ensuring that when good harvest boost expires, it is removed from database and respective news article is created. These kinds of tests have a lot more code and are much more slower to run because of the communication with a database. There’s also more cases where something can go wrong. But in the end, these kinds of tests are needed if one wants to verify that interaction with database is working as planned. Testing API Last example is about testing REST API. There are two tests, where the first one is checking that proper access control is in place and second one checks that pending messages are correctly retrieved. spec :: Spec spec = withApp $ do describe "Message handling" $ do it "unauthenticated user can't access messages" $ do _ <- get ApiMessageR statusIs 401 it "pending messages are loaded" $ do (pId, fId) <- setupPerson _ <- runDB $ insert $ researchCompleted 25250 fId HighSensitivitySensors user <- createUser "Pete" (Just pId) authenticateAs user _ <- get ApiMessageR resp <- getResponse let jsonM = join (decode <$> simpleBody <$> resp) :: Maybe Value assertEq "message tag" (jsonM ^? (_Just . _Array . _head . key "tag" . _String)) (Just "ResearchCompleted") assertEq "star date" (jsonM ^? (_Just . _Array . _head . key "starDate" . _Integer)) (Just 25250) assertEq "technology" (jsonM ^? (_Just . _Array . _head . key "contents" . key "Technology" . _String)) (Just "HighSensitivitySensors") statusIs 200 Here extra complication is created by the fact that many features of the system are behind authentication and authorization. Luckily Yesod comes with helper function authenticateAs, that allows code to authenticate when system is running in development mode. These test are even slower than any of the previous ones, but on the other hand, they test whole chain from user interaction to database and back. In closing There’s lots of things that I couldn’t cover in such a short time, like various types of tests: UI testing, performance testing, security testing, long running testing…, the list goes on and on. But hopefully this episode gave you ideas what kinds of tests one can write and how to get started doing so using Haskell. Best way to reach me is email or at fediverse, where I’m View the full article
  6. Financial privacy is critical for adoption of cryptocurrency as a means of exchange. Individuals worry about employers monitoring their spending details, insurers increasing rates based on purchases and landlords raising rents when they get a promotion. Businesses can only operate using cryptocurrency if they can prevent disclosure of vendor payments, rates paid to suppliers, payroll details, and so on. At the same time, they need to selectively disclose financial data to governments and might need to demonstrate compliance in some industries. Mimblewimble is a new protocol that uses cryptography to achieve striking reductions in blockchain size, so users can run a full node on low powered devices like phones. It offers the strongest privacy protection assurances around, through a variety of clever tricks. For one thing, transaction history is not recorded, which also results in a smaller blockchain. There are no addresses and no transaction amounts are recorded. We’re not going to focus on the cryptography, although it’s a fascinating example of just how much progress is being made in recent years. We’ll focus instead on what makes this mysterious network protocol unique among cryptocurrencies. View the full article
  7. beni, Andrew Conway/mcnalu, Timttmy, and Dave at the HPR booth. Michael from Electric Flap Jack Custom Built Guitars, and author of Fretboard Template Generator available on GitHub Perspex template for carving the body and neck. A work in progress. Tools for making guitar, including the tool to round the frets. And of course you need a guitar stand. Fretboard Template Generator available on GitHub Tai Kedzierski hanging out with "Grumpy" Mike Cook. Mike produces electronic musical instruments for people with accessibility issues. He also has a book called Arduino Music and Audio Projects to help you do this yourself. At Drake Music we are leaders in music, disability and technology. We are innovators, educators, curators and advocates. We believe everyone has the right to express themselves creatively through music. We use new technologies and ideas to open up access to music for all. Our vision is a world where disabled and non-disabled musicians work together as equals. The bat base. The Cattle Caster. The Arduino Caster The Open Rights Group. Open Rights Group protects the digital rights of people in the UK including privacy and free speech online. We are funded by over 3,000 people like you. Manchester Grey Hats Manchester Grey Hats is a place for all those interested in hacking and cyber security to learn and share. We run capture the flags, workshops and perform/present security research. We encourage all skill levels and those from all backgrounds. Are you an aspiring hacker or a developer thinking about security? Come along and learn. Presenting is open to all members, so if you have something you’d like to present but aren’t ready for the big conferences, get in touch. Said best by The Mentor – “This is our world now… the world of the electron and the switch, the beauty of the baud” Although we meet face to face once a month, MGH is mostly an online community. We encourage people to join us in person for workshops and events but if you can't, join us on Slack and our live stream. An example of the of the locks that needed to be picked for the FlawCon Capture the Flag event. How to hold the lock while you are picking it. View the full article
  8. OggCamp is an unconference celebrating Free Culture, Free and Open Source Software, hardware hacking, digital rights, and all manner of collaborative cultural activities and is committed to creating a conference that is as inclusive as possible. This year a team of HPR volunteers hit the show. Ken's recording kit and some of the stickers. Dave, Andrew Conway/mcnalu and Timttmy getting the booth ready. Only HPR hosts can sign the booth. Yannick signs the booth. Timttmy's script to turn an Android phone into a webcam. Two versions of the script to take a screenshot and post it to the web. Surveillance state ? Our latest host Nihilazo signs the booth. An Interview with Ban Parsons from the Matrix An open network for secure, decentralized communication An Interview with makers of the open FPGA. An FPGA chip is a re-programmable piece of silicon hardware, it can be reconfigured or programmed to a logic circuit of your own design. In 2016 we decided to setup up the myStorm project in order to build OpenSource FPGA hardware. Several years later we are building the 5th generation of BlackIce Development boards. BlackIce Mx the latest generation of our hardware has been built using BlackEdge open hardware standard which enable the 'Core' Board IceCore to be separated from its carrier board which provides MixMod and Pmod hardware add-ons. Please take a look at the myStorm forum to ask questions and participate in our community. An Interview with Erik Grun of the Free Software Foundation Europe about their campaign for Public Money? Public Code! View the full article
  9. NEW 'Off The Hook' ONLINE Posted 14 Nov, 2019 4:46:14 UTC The new edition of Off The Hook from 13/11/2019 has been archived and is now available online. "Off The Hook" - 13/11/2019 Download the torrent here!!!! View the full article
  10. Terminology connection - a bi-directional communication channel between two programs over a network client - the initiator of a connection server - the receiver of the connection port - a common term for the address of a program or service on a given machine 5-tuple - the combination of protocol, client machine network address, client port, server machine network address, server port that uniquely identifies a connection flow - a grouping of packets to be treated in a common way microflow - a flow with a fine level of granularity such as the packets from one direction of traffic in a connection The Script #!/bin/sh # Start a capture in the background that drops the packets # and just reports the flow events pktin $1 | nftrk -d -f /tmp/flows.txt & PID=$! # On CTRL-C clean kill the capture and clean up trap "kill $PID ; rm -f /tmp/flows.txt /tmp/topflows.txt /tmp/namecache.txt ; exit 0" INT TERM # Once per second do # look at the last 100 flows # sort them by 5-tuple # remove duplicates # convert ports, protocols and addresses to names # sort by data usage per flow in reverse order (highest first) # a little more pretty printing # only take the top 20 lines # clear the screen and print the result while [ 1 ] ; do tail -100 /tmp/flows.txt | sort -s -t '|' -k 3,3 | awk -f uniqflows.awk | awk -f prflow.awk | sort -s -t ',' -k 3 -r | awk -f columns.awk | head -20 > /tmp/topflows.txt clear cat /tmp/topflows.txt sleep 1 done You can find the complete code at: View the full article
  11. NEW 'Off The Wall' ONLINE Posted 13 Nov, 2019 1:51:43 UTC The new edition of Off The Wall from 12/11/2019 has been archived and is now available online. "Off The Wall" - 12/11/2019 Download the torrent here!!!! View the full article
  12. Thomas Orr Anderson Find the audio that I listened to here Background sounds provided by some road noise, and a train. View the full article
  13. Syntax example (define (fib-rec n) (if (< n 2) n (+ (fib-rec (- n 1)) (fib-rec (- n 2))))) Structured Editing Parinfer: Paredit: Clojure libraries core.match (adds pattern matching): core.logic (prolog-like stuff): overtone: Other stuff Clojure macro explanation: Books The little schemer: Clojure for the brave and true: View the full article
  14. Our 13th conference is taking place next summer in a brand new location as you've probably heard. We expect it to be bigger and better than ever with lots more activities and space - all without leaving New York City! Since this is #13, we figured we'd make an initial batch of tickets available on November 13th at precisely 13:13 Eastern Time (that's 1:13 pm for those who don't do 24 hour clocks). We'll be offering them for only $10 more than what the last conference cost. We expect these to sell out in around one second (no kidding), so be prepared to do some fast typing. You may be able to jump ahead in line if you already have your info saved in our store. The link will be . You will get a "not found" error before the appointed time - this is normal. You can buy up to four tickets at a time. If you somehow manage to buy more or figure out a way to get to our page before 13:13 on Wednesday, you will earn our hearty congratulations, but no tickets. Sorry, those are the rules. HOPE 2020 will be held from July 31st to August 2nd at St. John's University in Queens. We will have on campus housing, as well as special deals with hotels in the area. All of that info will be posted at in the weeks and months ahead. As this is a major expansion of what we've done in the past, we'll need more volunteers than ever to make it all possible. There is much organization already underway and we are determined to make this our best conference yet, fix the problems we've encountered in previous years, and have the support and enthusiasm of our entire community. You will be seeing much more specific info on all of this, as well as ways you can get involved and make hacker history. If you're one of the many who don't get tickets on Wednesday, please don't fret. There will be more opportunities. Best of luck! View the full article
  15. Learn "the OS of the cloud" with minishift or minikube View the full article