Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, August 10, 2020)

Hello, Tampa Bay techies, entrepreneurs, and nerds! Welcome to the weekly list of online-only events for techies, entrepreneurs, and nerds based in an around the Tampa Bay area.

Keep an eye on this post; I update it when I hear about new events, it’s always changing. Stay safe, stay connected, and #MakeItTampaBay!

Monday, August 10

Tuesday, August 11

Wednesday, August 12

Thursday, August 13

Friday, August 14

Saturday, August 15

Sunday, August 16

Do you have an upcoming event that you’d like to see on this list?

If you know of an upcoming event that you think should appear on this list, please let me know!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!


Categories
Tampa Bay What I’m Up To

Scenes from “Operating systems” week at The Undercroft’s “UC Baseline” cybersecurity course, part one: Linux 101

Tap to view the photo at full size.

It’s the end of Week 3 of the inaugural class of UC Baseline, the cybersecurity program offered by Tampa Bay’s security guild/coworking space/clubhouse for merry tech pranksters The Undercroft. This week has been all about operating systems, with Monday to Wednesday devoted to Linux, and Thursday and Friday set aside for that contradiction in terms known as Windows security.

Not everyone in the program is a techie, and not everyone in the program has had much experience with the operating system, so the Linux portion of the week was largely an introduction.

Here are some photos from the Linux days…

Tap to view the photo at full size.
Tap to view the photo at full size.

A lot of the sessions were hands-on. To ensure that we were all seeing the same thing for each exercise, we all ran a GUI-free Ubuntu from a USB key:

Tap to view the photo at full size.

This is me setting my hostname. The denotation of the name is the French word for “host”, but the connotation in Quebec French is a little more…colloquial:

Tap to view the photo at full size.

The Undercroft has a nice little enclosed courtyard, and I love having lunch there. I’m going to miss it when the course ends:

Tap to view the photo at full size.

I took advantage of a little downtime during the day to whip up a simple port scanner in Python, complete with 1337 H4X0R 5P34K:

Tap to view the photo at full size.

I don’t write shell scripts often, but when I do, 75% of the script’s purpose is to share an inside joke with myself:

Tap to view the photo at full size.

Even though I spend my time on the command line on POSIX-based systems like Linux and macOS, I do it in a GUI-based terminal program, where I can control/command-N a new window or control/command-T a new tab. Instead of that nice, cozy world, we were deep in 80-by-24 land, which meant we were splitting screens with good ol’ tmux, which I haven’t used in a dog’s age.

In the top pane below, I was working on a quick Python script to call from .bashrc for kick, and in the bottom pane, I thought I’d run Gopher for old times’ sake:

Tap to view the photo at full size.

No OS administration class is complete without covering the process of adding and managing users:

Tap to view the photo at full size.

 

Categories
Process Tampa Bay What I’m Up To

UC Baseline: Windows security

We’re on the back half of Week 3 of UC Baseline, the cybersecurity training program being given by The Undercroft, Tampa Bay’s cybersecurity guild and security-focused coworking space. We just finished three days of Linux 101, which was mostly an intro to command-line Linux, and now it’s time for two days of Windows from a security point of view.

Scenes from UC Baseline’s “Linux 101” class. Tap to see at full size.

I’m the lucky recipient of a UC Baseline scholarship (I wrote about the scholarship opportunity and then landing it a few weeks back), and I figured that I might as well use my COVID-19 downtime productively by spending five-ish weeks participating in the program.

Tap the photo to see my article from 2009 associated with this photo.

From the fall of 2008 to the spring of 2011, I ate, slept, and breathed Windows — that’s when I was a developer evangelist for Microsoft Canada. I like to think that I was pretty good at it — good enough that the looney-tunes site TechRights.org saw me as enough of a threat to run a hit piece containing this image:

Since leaving Microsoft, I’ve stayed pretty much outside the Windows world. I call it “time off for good behavior”. I took it to the point that immediately after handing in my blue badge, I drove straight to the store and bought my first iPhone — and remember, I was a designated Windows Phone champ:

This part of the program is being taught by Michael “Turtle” Dorsey, and it’s a great refresher for a lot of material that I haven’t covered in a good long time, since none of my machines runs Windows at the moment (for the class, I’m running Windows 10 in VMWare on my primary Linux laptop).

The class opened with this slide, which I think bodes very well:

Categories
Hardware What I’m Up To

Unboxing the Motorola One Hyper

Yeah, yeah, I know the plastic screen covering for shipping is still on. Tap to view at full size.

In my opinion, when it comes to getting the best bang and build quality for the buck on an Android phone, check out Motorola’s phones. Lenovo — the same company who took Right now, they’ve got discounts on many of their mobiles, including $100 off any of the Motorola One family — the Action, the Zoom, and the one I got: the Hyper.

With the discount, the unlocked Hyper goes for US$299 when purchased directly from Motorola. That’s a pretty good price for an Android phone with mid-level specs.

Released on January 22, 2020, the Hyper features the Qualcomm Snapdragon 675 chipset, which was released in October 2018. This chipset features 8 cores:

  • 2 high-performance 2 GHz Kryo 460 Gold cores
  • 6 high-efficiency 1.8 GHz Kryo 460 Silver cores

Its GPU is the Adreno 612, and it has an X12 LTE modem with category 13 uplink and category 15 downlink.

Here’s a quick video review of this chipset from Android Authority’s Gary Sims:

As a point of reference, this chipset is also used in Samsung’s Galaxy A70, A60, and M40, and LG’s Q70.

This chipset puts the Moto One Hyper firmly in the middle of the road of current Android offerings, making it a reasonably representative device for an indie Android developer/article author like Yours Truly.

The phone’s “Hyper” name is a reference to its “hyper charging” — high-speed charging thanks to its ability to take a higher level of power during the charging process. It comes with an 18 watt charger (the same level of power provided by the current iPad Pro and iPhone 11 chargers), but if you have a 45 watt charger handy, the phone’s 4,000 mAh battery will charge in just over 10 minutes.

The phone also comes with the usual literature and SIM extraction pin:

There is one additional goodie that I didn’t expect: a clear, flexible, rubber-like plastic case. It’s nothing fancy, but it was still a nice surprise.

I’ll post more details about the phone as I use it and start doing development work (native stuff in Kotlin, as well as some cross-platform work in Flutter, and maybe even Kivy).

Categories
Current Events Tampa Bay

The “Tampa Teen” behind the “Twitter Hack”

The good news: Tampa Bay is the location of one of the biggest high-tech stories of the year!

The bad news: It’s because the breach that everyone calls the “Twitter Hack,” in which several verified accounts were used to scam people out of an estimated $100,000 in a single day, has been traced to a 17 year-old Tampa resident named Graham Ivan Clark. His story has been published in the New York Times article, From Minecraft Tricks to Twitter Hack: A Florida Teen’s Troubled Online Path.

The scam

The scam involved hijacking the Twitter accounts of celebrities, politicians, businesspeople, and other “blue check” people and using them to post tweets like the one below:

It didn’t matter that offers to “double your money” from Jeff Bezos, Barack Obama, Kanye West, and Kim Kardashian were simply too good to be true, even with the appeal of “giving back” to help ameliorate the suffering caused by COVID-19. Enough people with enough disposable income to invest in cryptocurrency were fooled.

The exploit

In order to pull off the scam, he would need access to these “blue check” accounts. There are a handful of ways to do it:

  1. With Twitter, you can log in with your username (which is publicly known) and a password. A weak password — that is, one that’s easily guessed, or one of those lazy passwords that too many people use — makes for an easy target. This might work for accessing one or two accounts, but not for a lot of them.
  2. Exploiting some weakness in Twitter’s software or infrastructure to gain access to their system. In spite of the stories you hear about hackers, this is a high-effort, low probability-of-success scenario.
  3. Social engineering: Fooling or intimidating the people who run, administer, or maintain a system in order to get them to let you into that system, or provide enough useful information to do so.

The initial reports indicate that Clark took the social engineering route and convinced someone at Twitter that he was a fellow employee, and as a result, got access to a customer service portal. Vice’s Motherboard posted some redacted screenshots of what this portal:

This shouldn’t be all that surprising — the human element is often the most “hackable” part of a system:

In the end, this scam is best described as “high-concept, low-skill.” In fact, the way they went about it has been described as “extremely sloppy.”

The Bitcoin addresses listed in the tweets turned out to be traceable to Coinbase accounts belonging to Clark’s accomplices, who registered them with their real driver’s licenses. One of them even did so from their home IP address, an amateur move that’s been a staple of computer heist movies and TV series since WarGames, and it was a key plot point in Hackers.

The NYT TLDR

You should read the New York Times piece on Clark, but if you want the highlights, here they are:

  • He is 17 years old, a recent high school graduate, and he lived by himself.
  • A Minecraft player since the age of 10, Clark became known as “as an adept scammer with an explosive temper who cheated people out of their money,” according to people who knew him.
  • A former Minecraft friend said this of Clark: “I knew he really wanted money and he was never in the right mind-set. He would do anything for some money.” Another friend describes him this way: “He’d get mad mad. He had a thin patience.”
  • Family life, as the NYT puts it: “Mr. Clark and his sister grew up in Tampa with their mother, Emiliya Clark, a Russian immigrant who holds certifications to work as a facialist and as a real estate broker. Reached at her home, his mother declined to comment. His father lives in Indiana, according to public documents; he did not return a request for comment. His parents divorced when he was 7.”
  • In 2016, he played in Hardcore Factions — Minecraft with PvP and all the baggage that goes along with it — and built a YouTube audience while doing so. He also scammed fellow Minecraft players: “One tactic used by Mr. Clark was appearing to sell desirable user names for Minecraft and then not actually providing the buyer with that user name. He also offered to sell capes for Minecraft characters, but sometimes vanished after other players sent him money.”
  • Under the handle “Open”, he gained a reputation for being “a scammer, a liar, a DDOSer”:

  • Of course, he eventually migrated to Fortnite.
  • Around the same time, he joined the OGUsers forum. The NYT: “His OGUsers account was registered from the same internet protocol address in Tampa that had been attached to his Minecraft accounts, according to research done for The Times by the online forensics firm Echosec.” On OGUsers, he also disappointed customers by failing to meet his end of the bargain after being paid.
  • Want to guess where in Tampa he lives? The NYT posted this photo of his apartment. Let’s see if any of you have good satellite image/map image search-fu:
Clark’s apartment. Tap to see at full size.

(My guess is Wesley Chapel, judging from the architecture, artificial lake, and the availability of “stroads” in which to open up the throttle on his BMW. What do you think?)

  • He moved from Minecraft to Bitcoin.
  • He was also into SIM swapping, again to relieve victims of their cryptocurrency. Last year, he was involved in the theft of almost $900K worth of Bitcoin, when hackers SIM swapped the phone of a Seattle tech investor. By doing so, they gained access to several of the investor’s accounts. Clark was one of them. Despite being caught by the Secret Service, he wasn’t arrested because he was a minor.
  • He made enough money to live in an apartment by himself, drive a BMW 3 series, maintain an expensive gaming setup, and own a gem-encrusted Rolex.

Local news could use some local techie help

In my old home town of Toronto, whenever a story like this broke out, the local news stations went to the tech community to get background information. I was often one of those community members consulted:

Unfortunately, there isn’t such an arrangement here in Tampa, so local news’ coverage has had me rolling my eyes. I suppose it made for some good entertainment:

Maybe we Tampa Bay techies need to get on their radar and become go-to people for information when stories like this arise.

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.At the very least, local news should have The Undercroft on speed dial to provide some much-need background info and context when the story’s about a system being compromised.

Categories
Current Events Tampa Bay

What’s happening in the Tampa Bay tech/entrepreneur/nerd scene (Week of Monday, August 3, 2020)

Hello, Tampa Bay techies, entrepreneurs, and nerds! Welcome to the weekly list of online-only events for techies, entrepreneurs, and nerds based in an around the Tampa Bay area.

Keep an eye on this post; I update it when I hear about new events, it’s always changing. Stay safe, stay connected, and #MakeItTampaBay!

Monday, August 3

Tuesday, August 4

Wednesday, August 5

Thursday, August 6

Friday, August 7

Saturday, August 8

Sunday, August 9

No tech, entrepreneur, or nerd events have been listed for this date…yet!

Do you have an upcoming event that you’d like to see on this list?

If you know of an upcoming event that you think should appear on this list, please let me know!

Join the mailing list!

If you’d like to get this list in your email inbox every week, enter your email address below. You’ll only be emailed once a week, and the email will contain this list, plus links to any interesting news, upcoming events, and tech articles.

Join the Tampa Bay Tech Events list and always be informed of what’s coming up in Tampa Bay!


Categories
What I’m Up To

Supplementary UC Baseline notes #3: Videos to prep for this week’s Linux program

Logo: UC BaselineWeek 3 of The Undercroft’s UC Baseline cybersecurity program is about to begin, and it’s all about operating systems! From Monday to Wednesday, it’s Linux from a cybersecurity point of view, and we’ll close out the week with Windows.

Not all of us are programmers, and not all of us live in the command line. I’m also not so smug that I can’t benefit from a review of T3H LUN1X!!1!!1, and unlike my normal Linux use case, where I use a desktop installation (I run Mint, Peppermint, and Raspberry Pi OS), we’ll be booting into a server setup.

For the benefit of my fellow classmates — and hey, it’d do me some good as well — here are some videos that will come in handy over the next couple of days.

Linux Terminal Introduction (ExplainingComputers, Jan. 2020)

In the Windows world, it’s called the Command Line. In the Unix world — which includes Linux and macOS — it’s the terminal, and it’s where we’ll be living for the next three days. Here’s a tour.

Beginner’s Guide to the bash Terminal (Joe Collins, Mar. 2017)

Ready for a longer intro to the Linux command line? Here’s a good one:

Linux File System/Structure Explained! (DorianDotSlash, May 2018)

You’re no longer in Windows’ C:, Program Files, and Documents folders any more! You’re in Linux, where the directories are cryptic, with names like /bin, /sbin, /etc, /dev, /usr, /var, and more! This will give you a quick intro to what they are and what they’re for.

 

Linux File System | Complete Overview (Chris Titus Tech, Sept. 2019)

Also worth checking out.

Vim Basics in 8 Minutes (tutoriaLinux, Oct. 2018)

We’re going GUIless, so all text editing will be done on some command-line editor — most likely Vim. If you’re new to Vim, you’ll find its modes maddening, as it’s a direct descendant of a program that traces its roots back to 1970s computer terminals. You’ll definitely want to watch this video.

Introduction to Linux for Cybersecurity Crash Course 2020 (Grant Collins, Jan. 2020)

Here’s a more in-depth introduction to Linux from a cybersecurity point of view.

Linux for Ethical Hackers (FreeCodeCamp, Jul. 2019)

Here’s another course on Linux as seen from a cybersecurity point of view. This one focuses on Kali Linux, a distribution specifically made for the purposes of ethical hacking, penetration testing, and general cybersecurity-related stuff.

The mind behind Linux (2016)

This won’t be covered in the course, but it doesn’t hurt to find out more about Linux’s creator, Linus Torvalds. This TED conversation from 2016 is a pretty good introduction.