home tags events about login

benjojo rss

Hope you never notice the outages I cause. Knows where the RFC2616 bodies are buried. recurse.com SP'2 18

Follow me using: @benjojo@benjojo.co.uk in your client

benjojo posted 22 Nov 2024 01:05 +0000

sigh I see, I mean, at least I know what is coming when I fill this out

A drop down box with a title "I want a solutions expert to contact me?" and the only option on the drop down is "Yes!"

benjojo posted 21 Nov 2024 20:20 +0000

Grafana stop randomly logging me out challenge (impossible)

benjojo replied 21 Nov 2024 17:43 +0000
in reply to: https://tilde.zone/users/dashdsrdash/statuses/113522156197365865

@dashdsrdash Yes but this board is not useful for that. Poor PCIe bandwidth to each slot, and poor CPU (it's DDR3!)

It would be terrible for training (where most of the GPUs are in use, and where all of the PCIe bandwidth possible is used), and it would be terrible for inference (where CPUs are far more power efficient etc, and if you are in the market running it with GPUs you would be PCIe bandwidth blocked, plus, DDR3)

benjojo posted 21 Nov 2024 16:31 +0000

Doing a bit of aliexpress safari again, and while this motherboard looks incredibly silly if you added a load of PLX PCIe switch/failover chips you would basically have a motherboard+CPU that is functionally the same as most big carrier routers

A 8 x16 PCIE slot long brown motherboard, the specs say: Mainboard model:B75 direct 8-card multi-graphics board Motherboard plate type: E-ATX pro Board size: 600 * 180mm M ain chip model:B75 chip Layer number of PCB:4 layer Power supply module:8* 6PIN video card power supply port Integrated graphics:Integration Integrated sound card:No CPU slot type:LGA1155 Memory slot: DDR3 notebook, 1 *slot 1 *channel Peak memory capacity: 8 G^ * 1 1600 notebooks Memory speed:1866/1600/1333/1066 SATA interface: SATA 3 ^ * MSATA*1 USB interface: USB2*2 cup S B3^ * 2( Contains extended) M.2 interface:No

benjojo posted 21 Nov 2024 15:33 +0000

Mildly interesting, got a alert of a box going mental on the load avg

 Tasks: 155, 243 thr; 2 running
 Load average: 5922.82 4616.68 2131.84
 Uptime: 151 days(!), 22:30:04

dmesg said

[12507760.522357] INFO: task kcompactd0:32 blocked for more than 1208 seconds.
[12507760.522411]       Not tainted 5.10.[redacted]
[12507760.522446] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12507760.522491] task:kcompactd0      state:D stack:    0 pid:   32 ppid:     2 flags:0x00004000

It turned out that one sshfs PID had decided to become a slow moving fork bomb..? Sure I guess, that's a new one

benjojo reposted 20 Nov 2024 08:43 +0000
original: chort@infosec.exchange

LMAO, does OkCupid run on Excel now???

This just happened recently. I bet this was a botched database migration. Maybe that explains why chat messages are showing out of order too.

LOL, what a dumpster fire.

How many children would you ideally like to have? - person A: 2-Jan - person B: 4-Mar (the answers were originally 1-2 and 3-4, respectively)

benjojo posted 19 Nov 2024 20:58 +0000

When stuff says "doing x 100% of the time", like surely that's not very efficient doing something for only 1 amount of time per thread/time

Over in bgptools land, im doing BGP and BGP related processing approximately 24000% of the time

benjojo posted 19 Nov 2024 19:22 +0000

Did you bgp.tools sessions go down ~1 hour ago? Here is the RFO:

It turns out the locking mechanism on one of the uplink ports on a satellite PoP doesn't work, and the RJ45 can move about ~5mm, enough to drop a link when you are fiddling doing something else

benjojo posted 19 Nov 2024 18:00 +0000

Google Earth now has a good web client! And the historical imagery feature is now easily hyperlinkable, I have already wasted a unreasonable amount of time playing with this.

And look! One of the days sat/aerial photos were taken was during Bristol Pride!

Link: https://earth.google.com/web/search/52%c2%b013%2747.4%22N+0%c2%b028%2715.4%22W/@51.45072737,-2.59511422,10.26995062a,367.21371602d,35y,0h,0t,0r/data=Cj4iJgokCYZBTcAdKUpAEVCfPOB9zklAGSzxY6OX8eU_IYzngvU-6fi_KhAIARIKMjAxMy0wNy0xMxgBQgIIAToDCgEwQgIIAEoNCP___________wEQAA

A screenshot of google earth showing Queens park in Bristol, with a large pride flag in it and many people, there is another window in view showing the date of bristol pride and it matches with when the photo was taken

benjojo posted 19 Nov 2024 15:10 +0000

Super weird that for the past year+ you just can't transit TCP connections for port 646 (IE: ldp) towards AS6939/Hurricane Electric

Are they patching over some horrible bug in their stack? I mean I don't think anyone is doing multihop LDP, but it's still _weird_ for a carrier to ACL off a TCP/UDP port

Reminds me of the days (maybe still) of Virgin Media dropping all SMB connections at the edge

benjojo posted 19 Nov 2024 00:02 +0000

Even after the bombs hit and there are no humans left, there will be two things that live on:

1) Some perl scripts on running crontab

2) Updates to the Google Cloud Third-Party Subprocessors list

benjojo posted 17 Nov 2024 21:22 +0000

Friend sent this to me earlier,

Yell not into the abyss, lest you become recognised as an abyss domain expert, and they expect you keep yelling into the damn thing

(The old tweet)

A whatsapp message that says "was just wondering if you could scream into the abyss for a moment for me"

benjojo posted 17 Nov 2024 17:13 +0000

In the continuing tradition of "everything is AI", Apparently DDoS attacks smarter than a cURL in a while(true){} loop is now AI according to this Nokia slide deck

The idea that botnets are a 2020 thing is a insane assertion to put on a slide deck that is trying to sell people who have DDoS problems mitigation appliances.

There is a conundrum with these kinds of talks, because they are almost always conference sponsor talks. I feel a weird obligation to not call out the insane stuff in their slides, but also. This is such a warped reality being presented. gah.

A nokia side that says the following DDoS also has evolved over time (Spoofed) Small number of compromised machines generating spoofed traffic to victim or via misconfigured DNS, NTP, Memcache servers Blocked on scrubber using SYN-cookie, port / protocol / packet size access control lists (ACLs) or policers Mostly amateur/script-based and commercial booter web sites 2020-2024 (Botnet) Thousands of compromised loT botnet devices generating traffic floods or sending realistic HTTP/DNS/VoIP requests to servers. GigE symmetric rollouts. Difficult to mitigate using traditional DDoS mitigation appliances Criminal gangs / state-affiliated actors 2024+ (AI) Millions or hundreds of thousands of residential proxies, compromised loT sending realistic HTTP/DNS/VoIP requests to servers High automation and attack variability. Both microburst and long-lived. Criminal gangs / state-affiliated actors

benjojo posted 17 Nov 2024 13:08 +0000

CCC / #38C3 goers, Help the schedule team figure out what talks should not clash with each other by tagging (and pressing submit) the talks you would go to if you could: https://halfnarp.events.ccc.de/

(boots ok etc)

benjojo posted 17 Nov 2024 13:01 +0000

At some point I do feel a little sorry for the Iridium Satellite Network, it seems to be the punching bag of security research.

On the other hand, it is the most accessible and... vintage/accessible tech

benjojo replied 15 Nov 2024 22:00 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/3248t37vFqbPxyk682

Ok, giving up with this thing, My remaining discovery is that you can ask for NV12 pixel format from the UVC device and get a automatically processed 0-255 greyscale output (See video for what the missile sees just before it blows me up).

However this output doesnt have the extra 4 magic lines that tell you the needed info on how to know how hot each pixel is.

All of the smartphone apps send a magic UVC zoom command (0x8004) to put it into a 16 bit integer value mode (i've not found a easy way to do this so I dont know what the output looks like), that is different to the "YUV"/green output, that I have previously posted.

All of the processing code in both the reverse engineering stuff and actual app uses this 16 bit int mode, so /shrug.

I don't want to write libuvc bindings, and this thing isnt even mine forever, so I'm calling it quits here, if I ever needed to make some cheap garden wildlife/aircraft targeting system then I would probs pick one of these up tbh, but for now. Meh.

benjojo posted 14 Nov 2024 12:28 +0000

I have a better thermal camera for a few days, one of the infiray sensors that does not have the 9hz ITAR limits!

Little USB-C thing, and only requires a little bit of messing with to give some kind of output in Linux.

sudo rmmod uvcvideo
sudo modprobe uvcvideo quirks=0x02

Is needed, and then the UVC interface "works" (obviously without any of the post processing that is offered by the smart phone apps)

near 30FPS thermal performance is soooo nice, the extra resolution also is welcome

benjojo replied 12 Nov 2024 12:08 +0000
in reply to: https://mstdn.io/users/wolf480pl/statuses/113469850790002043

@wolf480pl

would this also work if you explicitly specified a broadcast MAC?

Probably not, I don't really want to test that

Also, did these peers forward it because 9.9.9.9 was their customer, or did they forward it through their peers or even upstreams?

no they just forwarded it because the ASIC/Software/Whatever treats any unicast packet coming into their port as for them

If you were to send all DNS queries like that, would they send you a bill at the end of the month?

That would require the router/vendor/operator to have tooling in existence or enabled for such things

benjojo posted 12 Nov 2024 11:31 +0000

Hmmmm. "cool" feature of some IX's combined with some IX participants.

First, find a IX address that is not in use:

root@linx-ns:~# ping 195.66.231.230
PING 195.66.231.230 (195.66.231.230) 56(84) bytes of data.
^C
--- 195.66.231.230 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Then hard set it's neighbour mac address to something that is not on the IXP

root@linx-ns:~# ip neigh replace 195.66.231.230 lladdr de:ad:ad:dd:dd:dd dev enp129s0f0.700

Then set a destination route to go via the mac-address-that-does-not-exist

root@linx-ns:~# ip route add 9.9.9.9/32 via 195.66.231.230

and then ping it

root@linx-ns:~# ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
From 195.66.226.119: icmp_seq=1 Redirect Host(New nexthop: 195.66.225.238)
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=0.720 ms
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=0.756 ms (DUP!)
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=1.47 ms (DUP!)
^C
--- 9.9.9.9 ping statistics ---
1 packets transmitted, 1 received, +2 duplicates, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.720/0.981/1.468/0.344 ms

Cool right??

What is happening here is nuts on many different levels. To start, the non existent MAC address forces this IX (LINX) to treat any packets send to as "BUM" traffic, LINX could have prevented this by using static MAC like quite a lot of the other big ones do.

That however does not explain why we got ping responses... It turns out some routers on the peering LAN don't check if the destination MAC address for a packet is their own before forwarding the traffic! in this case 3 different LINX member routers saw my unknown unicast packet and was like "sure, why not, I'll route that!", and the packet routed all the way through to 9.9.9.9, and a response came back to me.

Mental!