Archives

TE23: BSides Security Conferences and Capture the Flag (CTF)

In this episode, we interview the RedStoneCTF (Capture the Flag) team and discuss their recent experiences attending the BSides Asheville NC Security event. BSides are held around the world, and there is often one every Saturday somewhere on the planet. First, we learn about the team which is composed of:

  • R3dC0m3t – Cyptanalyst, professionally an agile scrum-master.
  • Ph03n1x – Focused on coding challenges and reverse engineering.
  • W3bMind5s – Networking and older computer science class problems.

The team discusses the following issues:

  • What do you expect to learn from Capture the Flag competitions at these local BSides events?
  • What did you find the most challenging about your first BSides Capture the Flag?
  • Discussed our failures in preparing for our first in-person challenge. We are not yet disclosing our plan for BSides RDU this fall (2019).
  • What did you like most about BSides Asheville, for example, the Lockpick village? R3dC0m3t borrowed W3bMind5 pick set and discusses his practicing at home.
  • Discussed Foxpick’s unique jailbreak Lockpick village challenge.
  • We discussed the value of BSides being a local event. Also how much of BSides Asheville was really more like a BSides Charlotte. 
  • If you have any interest in Security, from forensics to social engineering and lock picking you should consider stopping by a BSides event near you. 
  • What’s next.

TE22: Talking FPGAs with Dr. Ray Hoare

Here are some of the topics we touched on while talking FPGAs with Dr. Ray Hoare President, and CEO of Concurrent EDA:

  • How are FPGAs differ from normal chips?
  • It’s all about bringing new applications to FPGA.
  • The advantages of FPGAs over generic CPUs.
  • FPGAs have more repeatable performance because they are dedicated, and don’t get interrupted with system tasks.
  • Aligning processing performance between a 22-core Xeon and a current FPGA using a factory analogy.
  • How do we see FPGAs attacking everyday problems like encryption?
  • What’s up with this system-on-a-chip (SoC) FPGA approach?
  • Huge amounts of bandwidth coming into the chip, demand more compute to offload the host CPU.
  • How is programming an FPGA different from a generic CPU?
  • Today programming FPGAs is still more art than science, while compilers are fantastic, the tools for FPGAs are not yet at that level.
  • When you have a gigabit or more of raw data per second coming in you’re better off pushing that through an FPGA.
  • To move your application or algorithm into an FPGA it needs to be mature, and well understood, ex. electronic trading, encryption, or data deduplication.
  • Why are cloud environments so excited about moving to FPGAs?
  • Are FPGAs going to be how we jump forward into artificial intelligence?

TE21: 3D Modeling and Printing with Chris Schweitzer

We talked with Chris Schweitzer who has been working with 3D printers as a hobby for the better part of the last five years. Our discussion covered the following questions:

  • How is 3D Modeling today different from mechanical drawing where we use to do isometric and oblique drawings?
  • What tools do you use to design something in 3D today?
  • What is a slicer, and what is it used for?
  • What other tools do you use beyond a 3D design program and a slicer?
  • With a “back of the napkin” sketch, what problems do you run into?
  • What other types of materials, beyond plastic, have you printed?
  • Which 3D printer do you purchase?
  • Where is the future of 3D printing going?
  • Can a 3D modeling file be used for more than just printing?
  • Do you think we’ll ever have an Amazon 3D printer where we buy something from Amazon, and then they print it out in my house using this printer?
  • Approaches to building a model from scratch, say for example a mask.
  • What should you take into account when designing for printing?

Here is a quick video of a 3D helmet design that was done from scratch in under two minutes: 

3DHelmetDownload

TE20: The West Chicago Radio Tower Mystery, Bob Van Valzah

While Bob is in his gardening period he discovered two pairs of very well
connected positioned shortwave antennas, clearly a ham radio guys wet dream. Here is an outline of our discussion:

    • Size matters, cell phone antennas compared to shortwave station antennas
    • In comparison what does a microwave dish looks like
    • Bob’s discovery of a cell tower with no cell antennas, only shortwave, and microwave
    • Power meters tell no lies, only one entity is using this tower
    • Bob doing some dumpster diving and discovers something interesting
    • A box from a research company, not production parts used by the typical commercial enterprise, out comes the cell phone camera
    • Discovers the FCC registration number for some post discovery research as to who owns this tower
    • Although the power meter says US Cellular they abandoned the tower in 2012
    • A tower management company picked it up in 2014, and the current leaseholder didn’t bother to label meter with their corporate entity
    • Since there is a microwave dish, the FCC database coughed up who owned it and where it was pointed
    • The other link for the microwave transmission was the Aurora
    • Someone has a link from CME to this Microwave dish on this tower with shortwave radio antennas
    • So what was in the research cardboard box from FS Research?
    • We talked software defined radios
    • Wow someone is linking the CME to two locations somewhere on the other side of an ocean
    • So where were the antennas pointed?
    • One pair was set for London while the other was Frankfurt
    • So the intent was to connect CME to markets in London and Frankfurt
    • Bob found out who owns it, and he may end up working for them someday, so he decided not to reveal the specifics
    • Photons verses electrons in the race for speed
    • Photons through fiber travel about 2/3 the speed of light
    • Radio waves do move at the speed of light
    • Radio is the lowest latency between CME and London.
    • We dove into the three different types of radio, a line of sight (microwave), ground wave, and sky wave.
    • Microwaves bound by the height of the tower, the curvature of the earth, so 50 miles is the furthest you can go, over a large body of water.
    • AM radio is a ground wave, it follows the curvature of the earth as the radio waves follow the curve. Several hundred miles during the day, at night, potentially 1,000 of miles.
    • Skywave is what bounces off the ionosphere, also known as skip, and you can easily go around the globe
    • We talk about how these technologies can improve returns for the actual market makers trading on these different exchanges
    • Benefits of shortwave versus the disadvantages. A fiber was the first thing used for trading with distant markets
    • Shortwave is horribly unreliable, with very low bandwidth
    • Fiber is totally reliable, but 2/3 the speed of shortwave.
  • The two gun analogy, using a fiber gun and a shortwave gun to gain the greatest advantage.
  • Fiber can be millions of packets per second while the radio is thousands of times per second
  • Shooters remorse, newer price right after sending a price
  • Two gun analogy is the best way to move prices
  • What about satellite
  • Geostationary satellites, horrible latency as a result of the great distance they were from earth.
  • Low Earth Orbit (LEO) satellites, much closer, but moving so you need to know where to look for them
  • Also discussed Google and Elon Musk’s efforts to deploy balloons and new LEO efforts
  • Shortwave is the lowest latency solution, but as discussed its horribly unreliable
  • There will always be a business incentive for pushing the technology boundaries
  • Surveys and bucket trucks, and Bob on his bike

Bob first presented his investigations at the Chicago STAC Summit in May 2018, and he will be again on June 13th at the STAC Summit in NYC. This podcast is for the benefit of those not able to see Bob in person.

TE19: Talking Networks and NICs with Nick Apuzzo

Nick Apuzzo is one of my oldest friends, and we had some time to sit down and talk about networking and servers. This podcast is the result of that discussion:

  • How we met in 1985 at IBM Research in NY when Nick picked up his pre-product IBM RTPC
  • Why I joined Nick at IBM Storage Systems Division in 1994, hint Adstar
  • How Scott ended up in performance networking by way of NEC, Myricom and now Solarflare
  • What a server is, and types of servers by purpose, CRM, ERP, Dropbox, etc..
  • Servers that are pre-built called appliances
  • What types of connections do these typically have?
  • How computing and servers have changed over the years.
  • Types of networking available to servers, gigabit Ethernet versus 10Gb Ethernet and beyond
  • What about 25 GbE and 40GbE?
  • Copper cables versus fiber optic, and limitations.
  • Connectors, SFP+ and SFP28.
  • Networking in versus networking out of a server, and when it’s asymmetrical
  • Software load balancing and networking
  • The balance between network bandwidth into an organization versus bandwidth required across the organization
  • Run up to 25GbE and possibly even 50GbE in the near future and how we get to 400GbE
  • The role of PCI Express, speeds, and how we need PCIe Generation 4 to move beyond 25GbE to dual 50GbE cards
  • How 25GbE can use the same cables as 10GbE so the hardware costs to move are easier, but the underlying technology becomes more challenging for the companies supplying it.
  • New features found in NICs, like Solarflare’s X2 series, that includes security and high-performance packet filtering
  • Solarflare ServerLock and how it contrasts to IPTables
  • The difference between a hardware firewall appliance in-front of a server, and doing hardware filtering in the NIC
  • How people can find Nick and his role at CC Integration, and what a technology integrator does

We then wrap up our chat with how this discussion ended up as a podcast.

TE6: Network Performance Monitoring

On August 8th, 2017 Luca Deri the founder of ntop was kind enough to call in and discuss Network Performance Monitoring (NPM). Luca is a well-recognized leader in the field of NPM having started at IBM Research back in 1993. He then went on to launch ntop in 1997 and has never looked back. In this specific market PF_Ring, n2Disk and several other tools by Luca and his team have become the de facto standard by which all others are compared. Today we discussed NPM then and now, touching on the abuse of port 80 for a wide range of wrapped traffic. We then moved on to packet capture, and the need for smart NICs moving forward if we wish to keep pace with faster networks like 50 and 100GbE.

TE2: NVMe Storage

On June 9th, 2017 Mark Zeller from XIO Technologies was our guest, and we discussed NVMe Storage. Mark is the Senior Vice President of US Sales for X-IO Technology, with over three decades in storage sales he has really seen and done it all. We talked about Flash storage, performance, wear-out, price versus performance, NVMe_oF and closed with the secret ingredient that makes XIO Technologies secret sauce so special.

TE4: Performance Packet Capture

On June 20th, 2017 I had the chance to catch up with Ramzi Zabaneh who has nearly a decade of experience marketing high-performance network packet capture devices. We talked about the current and future challenges facing network packet capture, what is lossless capture, and where the industry is headed.

TE0: The Teaser

June 1, 2017 – For over three decades Scott has been focused on explaining computing in terms non-engineers can grasp. From convincing his parent in 1983 why he should spend $750 on TRS-80 Model III while still in college to how ultra-low latency networking plays a significant role in electronic stock trading.

The goal of this Podcast is to bring technology leaders to the mic to explain the latest innovations, sometimes in terms, everyone can understand. I can’t guarantee we won’t nerd out every now and then, it’s in our nature, but we will cover leading-edge technologies, and products often not discussed in more consumer focused forums.