Anyone else working on the SANS Holiday Hack Challenge? (link below) I've gotten through 4 of the objectives so far and a handful of terminal challenges but it'd be fun to group up and meet some other people.

Also thanks again to @gangrif for pointing it out to me! I appreciate it!

I'm a developer looking to get into pentesting. I've played around on a bit but is this worth my time or are there better resources?

Any iPhone users with a Pi-hole running at home interested in helping me test my unofficial companion app for it?

If so, you can join the beta here:

Also, here's some info on the app (screenshots in the post are for the Android version though, sorry):

I'm absolutely stupid when it comes to PowerShell, but I just ran through the Century challenges on and they seem pretty good! Very helpful if you like the CTF-style way of learning by banging your head against the wall and searching for things until you figure it out. If anyone decides to try it out, free to ping me if you get stuck with one of the challenges. I took some quick notes for each stage to review for future reference.

Billy boosted

So I was recently asked why I prefer to use free and open source software over more conventional and popular proprietary software and services.

A few years ago I was an avid Google user. I was deeply embedded in the Google ecosystem and used their products everywhere. I used Gmail for email, Google Calendar and Contacts for PIM, YouTube for entertainment, Google Newsstand for news, Android for mobile, and Chrome as my web browser.

I would upload all of my family photos to Google Photos and all of my personal documents to Google Drive (which were all in Google Docs format). I used Google Domains to register my domain names for websites where I would keep track of my users using Google Analytics and monetize them using Google AdSense.

I used Google Hangouts (one of Google’s previous messaging plays) to communicate with friends and family and Google Wallet (with debit card) to buy things online and in-store.

My home is covered with Google Homes (1 in my office, 1 in my bedroom, 1 in the main living area) which I would use to play music on my Google Play Music subscription and podcasts from Google Podcasts.

I have easily invested thousands of dollars into my Google account to buy movies, TV shows, apps, and Google hardware devices. This was truly the Google life.

Then one day, I received an email from Google that changed everything.

“Your account has been suspended”

Just the thing you want to wake up to in the morning. An email from Google saying that your account has been suspended due to a perceived Terms of Use violation. No prior warning. No appeals process. No number to call. Trying to sign in to your Google account yields an error and all of your connected devices are signed out. All of your Google data, your photos, emails, contacts, calendars, purchased movies and TV shows. All gone.

I nearly had a heart attack, until I saw that the Google account that had been suspended was in fact not my main personal Google account, but a throwaway Gmail account that I created years prior for a project. I hadn’t touched the other account since creation and forgot it existed. Apparently my personal Gmail was listed as the recovery address for the throwaway account and that’s why I received the termination email.

Although I was able to breathe a sigh of relief this time, the email was wake up call. I was forced to critically reevaluate my dependence on a single company for all the tech products and services in my life.

I found myself to be a frog in a heating pot of water and I made the decision that I was going to jump out.

Leaving Google

Today there are plenty of lists on the internet providing alternatives to Google services such as this and this. Although the “DeGoogle” movement was still in its infancy when I was making the move.

The first Google service I decided to drop was Gmail, the heart of my online identity. I migrated to Fastmail with my own domain in case I needed to move again (hint: glad I did, now I self host my email). Fastmail also provided calendar and contacts solutions so that took care of leaving Google Calendar and Contacts.

Here are some other alternatives that I moved to:

Gmail → Fastmail → Self-hosted (via Cloudron)
Google Contacts → FastmailNextcloud Contacts
Google Calendar → FastmailNextcloud Calendar
Google Search → BingDuckDuckGo
Google Maps → Bing MapsOpenStreetMaps and OsmAnd
Google Analytics → Matomo Analytics
Google Drive → Nextcloud Files
Google Photos → Nextcloud Files/Gallery
Google Docs → Collabora Office (Nextcloud integration) and LibreOffice
Google Play Music → Spotify / PlexSpotify / Jellyfin
Google Play Movies/TV → PlexJellyfin
Google Play Audiobooks/Books → Audible/Kindle
Google Play Store (apps) → F-Droid / Aurora Store
Google Android → Lineage OSUbuntu Touch on PinePhone (coming soon?)
Google’s Android Apps → Simple Mobile Tools
Google Chrome → Mozilla Firefox
Google Domains → Hover
Google Hangouts → Matrix and Nextcloud Talk
Google Allo → Signal
Google Podcasts → PocketCastsAntennaPod
Google Newsstand → RSS
Google Wallet → PayPal and Cash App
Google Voice →Ting Mobile

Migrating away from Google was not a fast or easy process. It took years to get where I am now and there are still several Google services that I depend on: YouTube and Google Home.

Eventually, my Google Home’s will grow old and become unsupported at which point hopefully the Mycroft devices have matured and become available for purchase. YouTube may never be replaced (although I do hope for projects like PeerTube to succeed) but I find the compromise of using only one or two Google services to be acceptable.

At this point losing my Google account due to a mistake in their machine learning would largely be inconsequential and my focus has shifted to leaving Amazon which I use for most of my shopping and cloud services.

The reason that I moved to mostly FOSS applications is that it seems to be the only software ecosystem where everything works seamlessly together and I don’t have to cede control to any single company. Alternatively I could have simply split my service usage up evenly across Google, Microsoft, Amazon, and Apple but I don’t feel that they would have worked as nicely together.

Overall I’m very happy with the open source ecosystem. I use Ubuntu with KDE on all of my computers and Android (no GApps) on my mobile phone. I’ve ordered the PinePhone “Brave Heart” and hope to one day be able to use it or one of its successors as a daily driver with Ubuntu Touch or Plasma Mobile.

I don’t want to give the impression that I exclusively use open source software either, I do use a number of proprietary apps including: Sublime Text, Typora, and Cloudron.

First PR for 2020:

I'm thinking of making a resolution for opening x number of pull requests this year to other people's FOSS projects. Not sure what to replace x for yet though.

My Pixel 3a's camera seriously let me down yesterday. I've kinda lost faith in computational photography, at least for right now. I may need to just go buy a DSLR and learn how to do real photography

Last year Apple announced their Apple Sign In which allows you to hide your email address from the service you’re signing up with: I love the idea behind this but hate that it’s so tied to their ecosystem. Is there anything like this for non Apple users? I’ve been thinking about building an open source version of this but I’d rather contribute to an existing project if one exists.

Billy boosted

Attention new #PinebookPro owners: if you have not already, we heavily recommend flashing the updated keyboard/trackpad firmware.

False alarm on the , turns out I just got the email for the twice 😅I’m not excited at all in case you couldn’t tell

Show thread

Today I woke up to a couple of emails saying my and orders are complete! Now I get to impatiently check the tracking info every day 😬

Anyways, like I said the code needs a lot of work and it's the first time I've ever seriously undertaken writing something in C by myself so if anyone out there would like to critique my work and let me know how it could be better (I know there are a lot of errors that need to be checked for example), or even submit a patch, I'd greatly appreciate it!

Show thread

I've finally gotten libpihelper to a state where it's (mostly) free of memory leaks and the code is slightly better organized than having all of it in a single file. It still needs a lot of work but I went ahead and pushed it to my personal git server:

Once I'm finally happy with the code, I'll start reworking the Android & iOS apps I've written to make use of this instead of their own platform-specific implementations. I also really need to get that blog post finished…

Billy boosted

End-of-the-month (and year!) Pine64 update over on our forum. It's not as long-form or polished as the normal 5th-of-the-month blog posts, but there's still lot of info here!

Does anyone know of a good alternative to Nest thermostats that don't require a connection to the internet? I like the idea of being able to change the temperature from bed but don't want my thermostat being able to access anything outside my lan. I think Homekit certification requires devices work without an internet connection but I also would prefer something FOSS that has an API I can interact with myself. Could I build one with like a

It took a little bit of work but I finally got around to moving my personal site away from WordPress and onto Pelican:

Billy boosted

For those using Medium to write blog posts: STOP

Here is a free and open alternative:

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.