Added on 01 Jan 2014

There are several ways to embed data into ELF binaries, but none were suitable for my needs. So I created elfdataembed, a small library that embeds files into 32/64bit ELF sections, and provides a simple C interface for the runtime to extract them.

Added on 12 Dec 2013

Just spent 4 hours trying to get pretty fonts working in Debian, so they look like they do in Ubuntu. After reading through endless threads/discussions, and wasting 4 hours with font config, it turns out that Ubuntu have patched a few libraries (at least libcario, libxlt) to make their font rendering look pretty, patches which sadly are not included in Debian at this stage.

Added on 05 Nov 2013

I have been using LXCs since early 2009 and have long argued this application containers should be adopted. Separating application run time is critical not just for security, but for sanity as well. Under most conditions, excluding any event which results in host contamination, for example kernel exploits, you can assume the host machine will still be clean even after running a guest container.

Added on 24 Oct 2013

On Wednesday 23rd October 2013, I released a security disclosure highlighting vulnerabilities in several vendors/providers relating to APS/RPS (Automated/Redirection Provision System). These flaws puts hundreds of thousands of users at risk of toll fraud, and most vendors/providers chose to ignore the problem when I reported it to them a year ago (it was discovered in mid 2012).

Added on 11 Jul 2013

GlusterFS is a lovely piece of technology, but it is bitchy as hell. If you stumbled across this thread, it's because GlusterFS is giving you problems, no one seems to explain why and the CLI is about as useful as a third leg. Please note, this post relates to GlusterFS 3.2.7, and most of these problems are fixed in 3.3.

Added on 28 May 2013

Building our own VoIP platform has been an interesting journey, and there are many scenarios you need to test to ensure the call flow is handled correctly. Attempting to test this logic with desk phones can quickly become overwhelming, and makes the development process dependent on hardware. Although you should always do a hardware compatibility test on every release, virtualizing this system is a great way of speeding up development. This approach has saved me countless hours in unnecessary overheads during testing.

Added on 10 May 2013

I'm personally a huge fan of the Cisco phones, ever since I was a little kid I'd always wanted one.. I'd see them on TV shows, they were in the offices at school, and it made me insanely jealous that I couldn't have one. Now I'm all grown up, and about a year ago I purchased my very first [Cisco 7940][1] phone.. It was an exciting day, trying to re-flash a 10 year old phone with nothing but a monochrome LCD with no backlight, and a few buttons. Eventually after 2-3 days of messing around, I managed to get it hooked up to a TFTP, [reflashed with the SIP firmware][2], and connected to my provider.

Added on 17 Feb 2013

During one of our builds, we came up against a requirement of having to store UUIDs in MySQL. Not knowing which was the best way, we tried all of them. We ran these benchmarks on commodity hardware with no modifications on Percona MySQL 5.5 with no stock my.cnf changes. Our benchmarks showed that BINARY(16) was the fastest option. However, with some tuning to my.cnf you may see different results.

Added on 03 Feb 2013

On a lazy Sunday afternoon, I was watching a presentation by [Sai Zai][1] on [Cognitive Psychology for Hackers from 27C3][2]. At around 13 minutes in, he showed an example of betting against a dice roll on the following slide (as seen in the article picture above).Immediately, the most obvious choice to me was B, but was quickly told I was wrong. Despite this being explained I still didn't understand why this was happening, and found it difficult to believe. So I wrote a little Python script to reproduce this, which proved me wrong :)

Added on 16 Jan 2013

For photos of this build on imgur, [click here][1].

Added on 28 Dec 2012

This code is alpha as fuck, and you will almost certainly have to either modify or make your own depending on your own circumstances. This article is just to show you how we did it and give some food for thought. My apologies for the heavily obfuscated text, you can view these yourself by logging into your own portal. For those of you that use Natwest credit cards, you are probably all too familiar with the "4 month restriction" on downloading transactions, after which they only provide PDF statements.

Added on 04 Dec 2012

Today we were building a queuing system that generated job IDs using an MD5 of random.random(), but noticed we were getting collisions every few seconds. However, after much investigation, this was failing because str() automatically rounds depending on what Python version you are on.

Added on 30 Oct 2012

So today, we broke our hosting companies record.. 1.1 billion rows in a Percona MySQL InnoDB table! Sounds impressive, but reality soon kicks in when you can't run SELECT() queries against it for fear of saturating our poor SAS disks and locking up the web application. And even harder when you're working against the clock on deadlines. With a total datadir size of around 160GB, 1,159,945,113 rows in a single table and no long term NoSQL plans on the horizon, our immediate options were limited.

Added on 26 Oct 2012

After picking up a used 2824 switch on eBay for only £25, we soon realised the noise was too much for our small office. These switches are "enterprise grade", they have a 24gbit/sec switching fabric (that's full line speed on all ports), and a quiet/desktop version of this sort of product would have easily cost £100+. So, we bought a Rasurbo 40mm x 10mm Quiet Cooling fan replacement for £6 - and got ourselves a bargin at around £40 in total (switch+fan+delivery).

Added on 26 Oct 2012

Had a couple of people asking what sort of home office set up I have, so here you go (taken in early 2012). I'm a firm believer in spending as little money as possible, and most of the above I either got heavily discounted or second hand from eBay. I'm hoping to make a few improvements in here soon, given that I'm now spending nearly 14 hours a day in here!

Added on 26 Oct 2012

After several times of looking around on eBay for an Access Virus TI, and each time deciding that I didn't really have £800 to blow on a unit, I went in search of a firmware emulator. This drew a blank, so I decided to have a shot at poking into the firmware. I'd done this a few times before (mostly with phones and routers), but never with this. I didn't have an actual unit to look inside, so first I had to find some pictures and/or a hardware spec.

Pythonic data freak with a startup mentality to move fast and break things. Commit privileges are a privilege not a right, and I work hard to keep them.

Little collection of posts made over the years, from programming to reverse engineering to real life build projects.