Hi, I'm Kevin. I'm a generalist senior software engineer and consultant with over a decade of experience with a broad range of technologies, roles, and industries. I graduated magna cum laude with a B.S. in C.S. from Cornell, co-founded Digital Engine Software in 2009, joined early-stage fintech startup Quantpost in 2013, and have been developing and consulting independently since 2016 for a variety of clients, particularly in home health care and construction. Recently I've worked on many backend web sites and services (ASP.NET+MSSQL and MEAN Stack), automation, integration, and synchronization (Selenium+C#, Python, PowerShell), and Linux DevOps (Docker, Ansible, Bash) projects, but I particularly enjoy lower-level embedded and systems programming. I'm a free and open-source software proponent and contributor. I'm looking forward to joining a team doing meaningful work, particularly toward a social good, contributing my expertise, and learning and collaborating with other professionals.
-f / --force : "Force immediate halt, power-off, or reboot. When specified once, this results in an immediate but clean shutdown by the system manager. When specified twice, this results in an immediate shutdown without contacting the system manager."
"...all processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a drastic but relatively safe option to request an immediate reboot. If --force is specified twice for these operations, they will be executed immediately without terminating any processes or unmounting any file systems. Warning: specifying --force twice with any of these operations might result in data loss."
It sounds like you may be remembering VBE display modes.[1] I think you can still play with these modes by adding `nomodeset vga=ask` to the kernel parameters[2] if you are booting with BIOS (or UEFI with CSM).
According to the comment, the rest of the script "uses IFEO to attach to Virtual Disk Service Loader process running during setup, then erases appraiserres.dll [...] it must also do some ping-pong renaming of vdsldr in system32\11" Could anyone explain this in more detail?
The Image File Execution Options's "Debugger" key works in an extremely simple way - it literally intercepts process creation, takes whatever's in the "Debuggers" key, and prepends it to the command-line to run. If that thing is not a Debugger, it means you effectively get to hook whenever a process is created and Do Something.
This is a great way to nerf a program You Don't Like (i.e. corporate antivirus), because you can write `Please Die` (or literally anything really) in the Debuggers line, and because the resulting command-line is invalid, the CreateProcess call simply fails, yet every integrity check for verifying the file still exists and its ACLs are set still pass.
To clarify, gcc -Wall only produces the warning with -std=c89/gnu89 (or GCC < 5 without -std=c99/gnu99). As with clang, it implements the implicit `return 0;` for C99 and later. Example: https://godbolt.org/z/Y7Wx5Y89q
I've been running with ssh-rsa disabled for a while (with a config based on https://infosec.mozilla.org/guidelines/openssh#modern-openss... ) and it's been pretty smooth. Support for better algorithms is widespread, with a few exceptions (like bazaar.launchpad.net).
One gotcha: OpenWrt does not enable ECDSA by default[1] and only recently enabled support for ed25519 by default.[2][3] It's available in release candidates for 21.02, but not in current stable releases. So if you're running a stable release you'll need to either add `PubkeyAcceptedKeyTypes +ssh-rsa` to your client ssh_config or use a custom build of OpenWrt with DROPBEAR_ECC or DROPBEAR_ECC_FULL enabled.
OpenSSH that ships with macOS doesn't support ECC keys loaded via PKCS#11, only RSA keys. This is the case even on Big Sur because though it ships OpenSSH 8.1p1 its linked against LibreSSL 2.7.3, which lacks support for delegating non-RSA signing operations. This is annoying if you're using an HSM or secure enclave via PKCS#11; for example the T2, which only supports ECDSA P-256.
There's nothing wrong with RSA keys. What's being disabled is the use of SHA-1 for signature hashing. SHA-2 works just fine and the same RSA keys continue working.
Agreed. I should have made my post clearer. OpenWrt does not suppport SHA-2 signature hashing or any of the newer key algorithms I mentioned, so you are stuck with RSA+SHA1.
Great suggestions! One caveat: -fsanitize=pointer-compare and -fsanitize=pointer-subtract have some sharp edges and (last I knew) are not considered production ready by the sanitizers team. For example: https://github.com/google/sanitizers/issues/1324
Remote: Yes
Willing to relocate: No
Technologies: C#, Python, Node.js, MSSQL, ASP.NET WebForms, ASP.NET Core, JavaScript, OpenAPI, Selenium, REST, XML, XSLT, Git, Docker, Ansible, Debian, Bash, POSIX Shell, and many others.
Résumé/CV: https://kevinlocke.name/resume
Email: kevin@kevinlocke.name
Hi, I'm Kevin. I'm a generalist senior software engineer and consultant with over a decade of experience with a broad range of technologies, roles, and industries. I graduated magna cum laude with a B.S. in C.S. from Cornell, co-founded Digital Engine Software in 2009, joined early-stage fintech startup Quantpost in 2013, and have been developing and consulting independently since 2016 for a variety of clients, particularly in home health care and construction. Recently I've worked on many backend web sites and services (ASP.NET+MSSQL and MEAN Stack), automation, integration, and synchronization (Selenium+C#, Python, PowerShell), and Linux DevOps (Docker, Ansible, Bash) projects, but I particularly enjoy lower-level embedded and systems programming. I'm a free and open-source software proponent and contributor. I'm looking forward to joining a team doing meaningful work, particularly toward a social good, contributing my expertise, and learning and collaborating with other professionals.