Tag: Life

My tour report of Black Hat Europe 2017

Although I have been working for 10 years, taking part in Black Hat Europe 2017 is actually my first business trip ever.

The first 2 days (December 4th ~ 5th) were for trainings, and I attended Advanced Infrastructure Hacking – 2017 Edition. This course is comprehensive and covers a lot of hacking techniques. The primary harvest which I get includes following parts:

a) Many network related knowledge. E.g., I got a recap of basics of IPv4/IPv6, and learned the usage of command line tools: nmap,SNMP, arp-scan, etc. Since I have great interest in socket programming, and maybe I should spend time in reading the source code of these tools, and share it if possible, like what I have done with netcat: Learn socket programming tips from netcat.

b) Linux hacks. Since I mostly use Linux in my daily life, this part is really impressive and teach me some caveats which I can’t pay enough attention to: uid and euid, the sticky bit, and so on. BTW, Because I worked for a telecommunication software company before,VoIP hacks is another area which I am familiar with.

c) Some awesome websites, like https://www.rebootuser.com/ and https://www.shodan.io/.

For other parts of the training, as I don’t have much hands-on experience on them, honestly, I didn’t inhale too much knowledge.

The following 2 days (December 6th ~ 7th) is for social events: briefings, arsenal and business networking. Because of the budget, I didn’t take part in briefings which the speakers gave talks about one specific security area. My primary task is to seek potential partners who have interest in encrypting data field. Fortunately, even most attended companies concentrate on firewall, safer data access, data monitor, etc; there are still few corps have tastes on this “niche” technology. So after my back to company, we will communicate further. BTW, another Fintech event was held in the same building simultaneously, so this is truly “kill two birds with one stone”.

Besides the content aforementioned, I also knew some new friends. For example, some guy took part in both training and briefings at his own expense; that gave me a real deep impression.

In summary, I have a rich gain during this trip, and hope to take part in more events like this in the future. London, see you again~

How to harness company’s resource?

As an employee, it is no doubt that we should spare no effort to contribute to your employer since it pays us salary. But at the same time, we should also consider how to utilise the company’s resource to enrich ourselves. After all, only if we become more competent and brilliant, the company can benefit more from us, and this will be a definitely win-win situation. In this post, I will illuminate how to take advantage of company’s “hardware” and “software” resource.

(1) “Hardware resource”: The company has many equipments and devices which the single person can’t afford. During my work in Aicent, we have servers embedded with SPARC processor. X86 processor is ubiquitous whilst SPARC is not so common, so I have a very precious opportunity to learn about this RISC architecture: its instruction set, register window, etc. Another example is in HP/HPE, where I can harness the best servers in this world, this is a really amazing experience! As my manager said, the intranet has all the materials about HP/HPE server, and no one has said you can’t learn it. So whether exploit this treasure or not totally depends on yourself.

(2) “Software resource”: Without working in the same company, you may not recognize your current colleagues, so please cherish this luck. You should always try to “steal” knowledge from your partners. For example, A previous HP/HPE fellow is an expert in Linux, and we has the cooperation in a performance tuning task. During the whole work, I tried my best to learn many skills in profiling and taming Linux from him, and the gain still take effect to date. The other instance is many companies may provide training or online courses. So grab these chances!

Hope everyone can fulfil his own work and improve yourself at the same time! Good luck!

My 101st English post

How time flies! I have finished 100 English blog posts!

Back to 3 years ago, although I am a non-native English speaker, I decided to open English blogs. Since writing articles using my mother tongue can only let people who understand Chinese to read, while use English can benefit guys all over the world.

During the 100 posts, 95 percents are related to software technology, in other words, they are actually some experience and lessons which I have studied from daily work. I am very glad that these small essays can help other people on the earth. For example, I once received an email from a student who read my SAP HANA related posts and wanted to discuss some problems about using SAP HANA in container environment. Another sample is a trick of using Go: Fix “unsupported protocol scheme” issue in golang. This tip not only helps a lot of people and becomes the first item in google search, but also is translated into Chinese!

Besides gaining satisfactions, writing blog also enhances my English writing skills. Although there are still grammar and using words errors. Compared to the beginning, it is a really giant improvement!

I will continue to blogging, and look forward the next 100 posts!

How to organize a successful technical party?

Since last year, I began to take part in some technical parties. Some are held very successful, while some seem not. In this article, I will share ideas about how to organize a successful technical party and use Golang programming language as an example.

To hold a party, there must have been a stable user group first. According to the number of user, there may need a committee or a president, and the job of the organizer is searching for the sponsors, selecting the topics, etc. Although there have been so many social platforms now, there must be a mailing list for the group. Because as long as the internet exists, the email will not die, while the selected social platform may not.

The period of holding a party may be six weeks or two months. Too long or too short of the interval may not be appropriate. Before holding a party, the organizer could collect topics from the user group. If there are too many topics, the organizer should decide which will be used. Personally, I think four presentations are enough for one party. In the first topic, the speaker could share the latest news or some stories of Golang. The second and third must be Golang orientated, the speakers can share programming skills, debugging tricks, source code analysis, etc. The final topic can be technical related, but may not Golang, and the speaker can share *NIX internals, script programming knowledge, etc.

If possible, recording the videos and uploading them into the internet is better, because this will enhance the influence of the group, and attract more people and sponsors. During or after the party, it is reasonable to do advertising for sponsors since they have provided support, and this behaviour may encourage them to do more support in the future!

Hope this post can help some people! Enjoying a successful technical party!

Why do I need a root privilege?

Last week, the support engineer told me that a strange issue had occurred on commercial system, and gave me an account to let me check. I used this account to log in the system, but when I wanted to use some commands, the system prompted me “Permission denied”. I also wanted to use DTrace, but it also requires root privilege. So the following dialogue came out between I and administrator:

I: I need the root privilege, because I want to write some scrips and do some test.
Administrator: This is the commercial system, only operation team members have root privilege. You can send commands to them and let them execute the commands and send results back to you.
I: I need to do further investigation according to the previous results, and this may last a long time. So I think it is convenient for me to operate the system myself.
Administrator: No, it is not allowed for you to operate the commercial system. You can only send your scripts and commands to operation members, and they can send results back.
I:……

Per my understanding, debugging is a tough progress which may last several days even months, and the engineer need to dig and analyse from previous output then decide what to do next. Sometimes, maybe a digit can spark engineer. So I need a root privilege and do debugging myself, and don’t want to send mails back and forth. This disrupts me!

No root privilege, it really sucks!