• VMs and malware and Fibre Channel and MAAAAADNESSS

    02/13/2018 at 01:54 0 comments

    Happy bloody new year.

    In my last post, I mentioned that I was trying some new things. My long-gestating fan controller (Windy) finally taking physical form is exciting (if maybe a little slow), but I've got some other things on my plate that I'd like to share before they go too far out of mind.


    For a while, I've been thinking about making a professional move from embedded engineering to information security. I've been in the field as a hobbyist for a while now (1999 or so; I have a post brewing on my path that I'll post later), but it's really where my heart lies. I have a lot of related experience, but I wanted to make sure that I'm up on the skills that would actually matter for a career.

    I've been following a number of infosec folks on Twitter for the past year or so. One of them (Tony Robinson, aka @da_667) recently wrote a book on setting up a basic malware analysis lab with a variety of virtualization systems (Building Virtual Machine Labs: A Hands-On Guide) available to home users. I had some spare PC hardware and about 10 years of virtualization experience with VMware Fusion (easy) and Xen (uh... somewhat less easy). In addition, I recently set up a Fibre Channel SAN for the benefit of some of my bigger vintage machines (thanks, FreeNAS!) and figured it might be a good chance to really exercise it.

    Some specifics

    The hardware

    To start with, I had a lot of a spare PC leftover after a PC overhaul about a year ago: a Gigabyte GA-EX58-UD5 motherboard with a six-core Xeon W3690 and 24 GB of RAM. It's a little old, but the triple-channel memory on the LGA1366 machines really let it haul a lot, so I figured it would be sufficient. I threw it into a spare case and got started. I set an additional constraint for myself: any expansion cards must be low-profile so I could move to a 2U rack case later.

    I also had a bunch of additional 4Gbps Fibre Channel cards left over from the SAN build; ever since 16Gbps Fibre Channel hit the market, it looks like datacenters have been dumping 4Gbps FC gear, so PCIe and PCI-X cards are about $5 each and switches are about $20 on eBay right now. Since I was (am?) still a bit of a Fibre Channel novice, I thought it might be a good chance to see how it interacts with modern, real-world situations rather than being mass storage for a bunch of aging SPARC and Alpha machines. And, bonus, they're low-profile (and spare low-profile brackets are readily available for cheap on eBay as well).

    The big downside of the board was that there's no built-in video. It does, however, have two PCI slots that aren't likely to be used for much on the VM box, so I don't have to sacrifice a PCIe slot for video. I had a nice Matrox VGA card from 1997 (one of these), but that a) wasn't low-profile and b) seemed like a bit of a waste for something that was only ever going to provide a system console, so I got a low-profile Rage XL PCI card (a low-end adaptation of the old Rage 64 targeted at basic needs like servers). It didn't come with a low-profile bracket, but fortunately low-profile DE-socket brackets are easy to find, hopefully with the right alignment. I'll have to take care of that at some point.

    NAS hardware

    In case you're curious, my FreeNAS server was a dual Opteron 248 server (Tyan K8S motherboard, also 24 GB RAM) which served as my main server rig from about 2006 (when it was new) to about 2014. FreeNAS uses ZFS as a storage backend, even for Fibre Channel targets (the LUNs are just zvols), so a healthy chunk of RAM makes even a slower system run pretty nicely. It had 4 PCI-X slots, which let me populate it with two dual-link FC adaptors (QLA2462) and two 8-way SATA controllers (Supermicro AOC-SAT2-MV8). I used SATA controllers instead of SAS because the best SAS cards available for PCI-X (LSI1068) have a hard addressing limit for SATA disks which only allows you to use...

    Read more »

  • 2018: Ridiculous Engineering

    01/02/2018 at 01:57 0 comments

    Boring, well-trod preamble

    A new year is always a time for reflection and for planning new things. The start of 2018 is no exception. 2017 was a pretty rotten year in a lot of ways, though in a lot of others it was a major improvement over 2016.


    2016 was rough. I was working essentially two full-time jobs, both of which were making me miserable for almost fully orthogonal reasons. At the end, I left one of those jobs (a startup I'd co-founded) for the other (a company with a lot of potential but not a lot of business sense). There was a lot of personal rancor tied up in those decisions, and none of them were necessarily wrong, but the end of 2016 was a pretty stressful time. There was also the US election somewhere at the end there, and just a lot of despair.

    2017 has, in comparison, been a hectic slog. Leaving politics aside (not that they can be discounted, because they're certainly significant), I've found myself accidentally stumbling into management over my (rather loud) protests. I can feel myself drifting out of touch with current trends, especially with FPGAs and embedded development. And because I've had so much work on my plate (alongside two energetic kids), I haven't had nearly enough time for personal projects. Life as an engineer isn't much fun if you aren't building things.

    New things

    So, what to do? The obvious answer is "build some things". To that end, I'm aiming to make 2018 the year that I actually buckle down and try to finish a bunch of projects that have been piling up in my queue. I have a terrible, terrible habit of planning things out in my head (sometimes on paper) and then utterly failing to execute anything in meatspace. So this is the year to finally put soldering iron to PCB and get things done.

    Documenting the process

    I struggled for a long time to figure out the best way to document the process, since I can only get so much enjoyment out of building things for myself; I wanted to share. Beyond that, it's hard to keep myself accountable if I'm only keeping these things in my head and on notebooks. I want people to bug me to get stuff done.

    Searching for a platform

    I had a hard time finding a blogging platform, though. There are some public platforms out there that look pretty, but ownership of your content is questionable and I wasn't that confident in my eventual ability to be able to transition away if I should want to.

    I have no aversion to running my own, since I have a lot of servers on which to run them, but most of them seem based on PHP (to which I am severely allergic) or don't support PostgreSQL (and I have an entirely irrational aversion to MySQL). Ghost looked very promising (based on node.js, supported PostgreSQL), but they dropped Postgres compatibility when they moved to 1.0, so... back to square one.

    In principle, I'd be happy to roll my own in Rails or a Python web framework; I used to have a blog I rolled myself before there were semi-decent standard offerings (in PHP + MySQL, because I was young and foolish once too). But the time investment required to roll my own just to get these projects off the ground seemed like a poor choice, so I tossed that idea.

    That's when I remembered that Hackaday had a pretty decent sharing platform here. It's entirely compatible with the spirit of my project (sharing fun hobbyist hardware projects), it's pretty decent in terms of features, it's free, and it's run by decent folks. So here I am. We'll see how it goes.

    What's in the queue?

    I've had a few projects at the front of my mental queue, and those are the ones I'll be focusing on getting out first. There are plenty of others toward the back of my mind, and maybe they'll get a little space to breathe as I move forward, but for the moment, these three things will be my main focus:

    • Windy: A temperature-controlled, speed-syncing 8-way standalone...
    Read more »