Computer Journal

Dec 1, 2008 - March 17, 2009
Released (GPLv2): July 6, 2009
Updated: Dec 29, 2012

Rockband 2 Drum version 0.2 [sig]
Rockband 2 Drum version 0.1a [sig]

The Rockband 2 Drum controller is a wireless velocity sensitive percussive instrument that is cheaper than its competitors (~$90 retail) and arguably as good as many medium quality drum controllers. With this software and a Linux computer, you can use the controller to compose your own music in real time.

Oct 10, 2010 10:43 am

No files officially released yet. See below.

Firmware hacking is an impressively difficult yet rewarding task. Most people are afraid of it because it depends on reversing binaries for embedded architectures that do not have good tools. Many tools that do exist are expensive and have a high learning curve even for experts in the field. Firmware hacking is actually a fun and simple process if you know what you're looking for. Projects for cell phones, video game consoles, and calculators are often out of the league of amateurs until the initial work is done. After the system has been successfully hacked, the code (if made available as open source) can be modified by anyone to improve the software.

Aug 10, 2010

Sudo and Su Bruteforce 0.1 [sig]

Two years ago I noticed that su and sudo both contain a fatal flaw: administrator passwords. Administrator passwords have found themselves at the core of our security. OpenSSH does not allow root to login by default because on rare occasion administrator passwords can be bruteforced. Nearly all Linux and BSD systems recognize this. Some system administrators still don't recognize this due to business constraints. Users that have insecure passwords can be bruteforced if an attacker knows their name. The common system of first letter and last name or handle as the username gives an attacker a good list of users to bruteforce. How many administrators use the username jsmith? How many administrators use the username admin? Su and sudo may be considered harmful if we consider that usernames can be learned and that passwords can be bruteforced.

Removing the password component, we can compare sudo and su to the Windows Vista and Windows 7 administrator access security model: give a user administrator access when they ask for it. This person must be designated as an administrator by the original owner of the system. This seems obvious and tautological but we have yet to introduce an attacker with two different methods of attack.

Original Analysis: Sept 25, 2008
Updated Analysis: Aug 9 - Sept 8, 2009, Feb 15, 2010
Published: Feb 15, 2010

Japanese AI version 0.3 [sig]
Japanese AI version 0.1 [sig]

Over a year ago I released the concept and initial analysis of the Japanese AI project here. Since then I have been using the results off and on for translation, learning, and other projects. Not long after, I wrote a generic version of this project, AltSci Language AI using Twitter as the data source. It also utilized the Google Translate Language API to translate the conversations on the fly. It became obvious that the benefits of this type of language software would be quite useful, so I made a few quick user interface improvements to Japanese AI, so that I could release the full results.