TLDR

Use --immediate-mode* **, e.g.

tcpdump --immediate-mode -w out.pcap

And then use Ctrl+C to stop tcpdump whenever you feel like it, without fear of data loss.

* --packet_buffered should do the trick but is not present in older versions of tcpdump; see below.

** But if you’re just printing to the console (that is, not using -w to save to a file), then the non-lossy behavior will be enabled by default, so no need to use these options.

Today I learned about SYSVOL, Groups.xml, and how it can contain admin passwords (in an insecure configuration). Long story short, if you gain access to a SYSVOL share, poke around and check for Groups.xml and its cpassword field (or any file with cpassword).

Decrypting the password is easy with gpp-decrypt (see also a more modern and slick gpp-decrypt in Python).

And my favorite tidbit was finding xq, “jq for XML” — a slick tool for grabbing values out of an XML file. I used a fork with a --raw option: https://github.com/boyska/xq

In an effort to achieve platform independence, I am reposting popular blog posts from years ago. Adjust accordingly, and enjoy!

Originally posted on Medium, 2016-02-10.

A few months ago, I started looking at fuzzing tools. Finding a decent open source tool to use was more trouble than I expected, so I decided to write about it here.

tl;dr

I went with Sulley because it is open source and much more usable than Peach. However, it is less mature, bugs and all, so much so that I needed to fork the project to keep using it. The new project is called boofuzz.

🌈

As you know, tcpdump is a handy command line version of Wireshark. Among its use cases is running from a headless server, from within tmux, or just feeling more l33t by running everything from the command line.

While using tcpdump recently for some in-depth monitoring and debugging, my soul pined for colored output to highlight IP addresses, ports, MAC addresses, etc. There is an old feature request for this very option, not yet implemented. tshark has a --color option which adds handy Wireshark-themed coloring to your packet summary — cool, but not what I was looking for.

Man, Machine, and the Myth of Godhood AI 2027: Pass The Plate For Policy

A popular writeup was published yesterday: AI 2027. It’s a fun sci-fi take on the coming AI apocalypse. The end is near. There’s even an altar call at the end: Continueu with your capitalist ways and face robot destruction, or invite the government into your heart to experience utopian paradise. The choice is yours.

As always, one should be wary about that kool-aid they’re passing around.

A Higher Bar for Engineers

This doesn’t mean your cushy software job is secure. The landscape for software engineers is changing.

AI makes productive engineers vastly more efficient— it also makes inefficiency more glaring. In a world where one skilled engineer can accomplish what used to take 20, there’s less room for mediocrity. Lazy, incompetent, or stagnant engineers will find it increasingly difficult to hide in large organizations or justify their roles.

Will SAAS companies die due to software?

No.

Why not?

Jevon’s Paradox.

When prices go down on certain types of resources, people spend more money, not less. Why? Because the lower price enables more use cases, so people expand their usage.

This happens with power.

It happened with Nvidi GPUs twitter link here

It has happened with software and is still happening.

AI makes software cheaper to produce, so the use cases will expand.

Marc was right. Software was eating the world. And year after year, it continues. Software has two daughters, Give and Give. Like the eye, not satisified with seeing, or the ear, not satisfied with hearing. Like the fire that never says “Enough.” Like the eyes of man and Sheol and Abaddon, software remains. Its maw is not closed, its appetite not satisfied.

comparing AI to a slave. Humans are not truly fit to be slaves. But robots are.

AI does some things well, but some things poorly. And it aboslutely needs a master over it.

And AI won’t be discouraged if you have it write hundreds of lines of code then say, “you know on second thought, let’s just try something else.”

The best AI success

Duolingo argument from Acquired podcast.

I’m still convicted: The more useful your tool is, the easier it is for AI to make it more useful. If your tool is a pain and you use AI to fix it, that’s a recipe for disaster.

This happens in programming! Easy languages are easy for AI. Painful languages are made better with AI, but they’re still painful in proportion to their pre-AI painfulness.