HeartLeech - OpenSSL Private Key Extraction Toon

From: William Roush 
------------------------------------------------------
https://github.com/robertdavidgraham/heartleech/blob/master/heartleech.c#L369

I'd been asking around how you'd find the private key and it seeming 
like a difficult task... after seeing the code I feel bad about how 
obvious it is  (I have most of what I need from the public key, go find 
primes in memory, plug and check remainder!).

I thought it was cool.

-- 
William Roush
william.roush@roushtech.net
423-463-0592

http://www.roushtech.net/blog/


Spiraling Cost Of The Gig

From: Rod 
------------------------------------------------------
A recent letter to the editor by Mark West of the local tea party.
The local tea party has been hostile toward the smart grid concept and the  
gig.

http://www.chattanoogan.com/2014/4/14/274274/Spiraling-Cost-Of-The-Gig.aspx



-- 

Using Opera's mail client: http://www.opera.com/mail/

Micro Computers / Displays - No fooling!

From: Chad Smith 
------------------------------------------------------
I found a couple of projects on Kickstarter that might interest some people
on here.

See what your Arduino is thinking

https://www.kickstarter.com/projects/1516846343/microview-chip-sized-arduino-with-built-in-oled-di?ref=popular

The MicroView is the first chip-sized Arduino compatible that lets you see
what your Arduino is thinking using a built-in OLED display.

A Touchscreen for your Raspberry Pi

https://www.kickstarter.com/projects/2135028730/piscreen-a-35-tft-with-touchscreen-for-the-raspber?ref=popular

PiScreen: A 3.5" TFT with touchscreen for the Raspberry Pi - All the
hardware needed to add a 3.5" TFT (480x320) with touchscreen control to
your Raspberry Pi, never need a monitor again!

And a bonus - wearable computing

https://www.kickstarter.com/projects/guardyen/metawear-production-ready-wearables-in-30-minutes?ref=popular

MetaWear: Production Ready Wearables in 30 Minutes or Less!

A tiny ARM+Bluetooth LE Platform for developing Wearable products (and
more) that are certified and ready to ship to customers.

I haven't backed any of these yet, but I am seriously considering the first
one.

*- Chad W. Smith*

penetrate me!

From: William Roush 
------------------------------------------------------
I've dealt with pentesters before, it's kind of aggravating when I have 
working exploits they don't find and we're forking over tons of money 
for them to go on some tangent that results in nothing... :\

Though I as I understand it the market is going the way of SEO and the 
like, once valid, now full of a lot of people that barely know how to do 
it and will just run the same tools you found and charge you insane 
amounts of money for it.

Your client will probably want someone that can rubber stamp a pen test 
on you, so sadly it'll take more than someone that just /knows/ security 
but can give you the paperwork to back it up and a company name.

William Roush
william.roush@roushtech.net
423-463-0592

http://www.roushtech.net/blog/


On 3/27/2014 12:58 AM, Ed King wrote:
> Our "network administrator" at the main office quit over a year ago 
> and a replacement was never hired.
> http://www.linkedin.com/pub/christopher-silver/7/6a8/341
>
> Our "network administrator" at our "NOC" quit over a year ago and 
> never got replaced.
> www.linkedin.com/in/mlaman
>
> Our "phone system guy" quit a year ago, a replacement was hired, but 
> I've seen him, like, once.  When the phone/fax systems goes down, they 
> call ME.
> http://www.linkedin.com/profile/view?id=49461976
>
> So guess what?  I and one of the other programmers on my team 
> inherited all these extra support duties (without a single f'ing penny 
> of a pay raise, mind you).
>
> We inherited hardware and software that hasn't been updated in years 
> (insert career-damaging-but-painfully-true 
> my-boss-is-a-cheap-bastard-and-doesn't-spend-money-on-upgrades comment 
> here)
>
> We know basic firewall, iptables, am mindful of sql injection, can 
> install/run/monitor virus scanners etc, but we are not security 
> experts nor do we play one on t.v.
>
> If this situation wasn't stressful enough, it has now come to a boil 
> as a potential (big!) client "demands" proof of pen testing before 
> they will let us host their data.    At this point I'm spread way to 
> thin and told my boss today that he needs to crack open that wallet 
> and hire an outside pen tester.    Anyone on the list "qualified" to 
> do it?    Willing to work for peanuts?
>
> What defines a qualified pen tester?  I see what appears to be "free" 
> software I could download and run myself, if I was inclined to take on 
> more responsibility w/o pay.    I suppose this free software would be 
> a "good start" but is a pen test done by an "internal" employee good 
> enough for the client, I doubt it.
>
>
>
>
>
> 

To fellow Hams: inexpensive 10m rigs

From: Rod 
------------------------------------------------------
Until I can fab that circuit board and make my USB linux driven SDR, I'll  
need an inexpensive 10m rig.
Unfortunately the same Software Define Radio revolution has killed off the  
the single band HF and 6m rigs in the Ham market.
If you want 10 meters, or 6M with AM and SSB, you need to by an expensive  
multi band HF rig.
While I am interested in the rest of HF, I don't see the need to buy a  
radio with capabilities I can't use at the moment.

That has led me to the murky world of import CB's. While it is definitely  
illegal to use these as CB's in the US, it is legal to use them on 10 and  
12 meters if you have privileges to do so.
I had been looking at the Anytone Apollo 1, sold in this country as the  
Stryker SR 89MC, for $150.

https://www.bellscb.com/products/tenmeter/Stryker/Stryker

Fwd: Great Ruby on Rails Architect Opportunity in Nashville, TN

From: David White 
------------------------------------------------------
If you apply, make sure to drop my name so I can get that iPad!!!

Still don't have one of them toys!
---------- Forwarded message ----------
From: "Kevin Witthuhn" 
Date: Mar 20, 2014 11:34 PM
Subject: Great Ruby on Rails Architect Opportunity in Nashville, TN
To: "DavidWhite" 
Cc:

Hi David!

I am a recruiter here at CyberCoders who specializes in placing Ruby on
Rails Architect candidates as well as similar positions in Nashville, TN
and other locations nationwide.

I am emailing you in case you think you would be a great fit for the
position listed below.  Please check out the link and apply if you are
interested in hearing more about the job.  :)

Also - If you refer a friend I end up placing at any of my open jobs, I
will give you an iPad for the referral!

This position is for a Ruby on Rails Architect in Nashville, TN.

*For more details on this job or to apply simply visit CyberCoders:*

*http://www.CyberCoders.com/qc.aspx?posId=KW-hlthyROR&ad=CSNPCBKevin.Witthuhn
*

*Not a fit for this job?  Search all of our open jobs:*

*http://www.CyberCoders.com/qa.aspx?ad=CSNPCBKevin.Witthuhn&sterm=
*

You can use the link below at any time if you would like us to hold off on
emails to you about new opportunities.



 Thank you,
Kevin

Kevin Witthuhn  | Executive Recruiter |
CyberCoders
949.988.7560 | Follow Us: 

 | View My Bio and Open
Jobs

Fwd: Modis.NET

From: Dan Lyke 
------------------------------------------------------
This may actually have come across here already, I haven't been watching
the Chattanooga job postings too closely, but I know some of y'all can get
through notYET code...

---------- Forwarded message ----------
From: Standifer, Joshua 
Date: Tue, Mar 4, 2014 at 8:16 AM
Subject: Modis.NET
To: "danlyke@flutterby.com" 


Dan,



Thanks for taking my call and offering to pass this info along. Below
you'll find the positions that I currently have open. Thanks again!



*CHOICE DATA: Contract to Hire *

Advanced ASP .Net MVC developer, must at least worked on  ASP .Net MVC
projects 3 years and above.

Excellent knowledge and skills with web development tools in C#,
Javascript, HTML, CSS, JSON, AJAX

Excellent knowledge and skills in LINQ ,  .Net 2.0/3.5/4.0/4.5

Excellent knowledge and skills in SQL Server 2005/2008

Good knowledge and experience in C, C++.

Good knowledge and experience in Java is a plus.

Dependable, team oriented, can take on project/task independently



Primary focus: Web services and SQL Server. Experience with security issues
and database maintenance tasks/plans a huge plus. Experience with
encryption routines and replication required. General Definition
Web/Software Developer requires technically strong candidate with expertise
in enterprise-wide application architectures. Candidate should be well
versed in web applications and Microsoft technologies. This position
additionally requires a wide variety of programming bkground, and a strong
programming discipline and database programming knowledge. This job
requires a team player that will be able to work with or lead other
developers and be involved with new application development and
enhancements to existing applications and also assist with maintenance and
support of issues and bug fixes. This position also requires
adherence/familiarity to project delivery lifecycle steps - requirements,
functional design, coding, unit and system testing, user acceptance and
implementation. Responsibilities * Develop technical designs, using text,
use cases, component, sequence, and class diagrams * Build stable,
flexible, enterprise applications that are maintainable * Demonstrate
knowledge of transaction processing and implementation of object-oriented
environment * Define, design and implement enterprise architectures,
technology standards, good coding practices, and quality standards *
Demonstrate expertise in administration and maintenance of IIS Web sites *
Demonstrate ability to create prototypes * Development of specifications
and estimates for intranet applications * Work with team members and users
to analyze and document business requirements * Foster teamwork and a
spirit of collaboration Skills * Exposure to developing Active Server Pages
and ASP.NET, VB.NET, C#, VB/JavaScript, XML and HTML applications *
exposure to developing web-based, n-tier applications using Microsoft
Transaction Server (MTS), Component Server, SQL Server, and Internet
Information Server (IIS) * Knowledge of database architectures, T-SQL and
stored procedures in MS SQL Server 2000 * Experience in ASP with an
in-depth knowledge of .NET framework * Experience working in data modeling
and ERD tools * Experience in XML Web based services and COM/COM+ *
Experience with Active Reports and SQL Reporting Services * Proven ability
to carry a large development task from concept to completion * A BS in
computer science or equivalent experience * Excellent written and oral
communication skills * Works well in a team environment
------------------------------

   1.
*TVA: C# ASP.Net Developer Chattanooga, TN *I year contract with the
   possibility of extension *(REMOTE WORK WITH IN OFFICE VISITS POSSIBLE
   OPTION) *

 The contracts could last between 6-18 months and there is the potential
for converting to a full time employee. TVA is a well-respected employer
within our market!  *The right fit is key!*

-          .NET experience - Specifically, ASP.Net
-          Web page development experience

o        JavaScript
o        JQuery
o        CSS
o        HTML

-          SQL Server knowledge, 200/2005/2008

-          We are also looking for someone with the right attitude to come
in and be excited to solve problems.  We want people who are eager and able
to troubleshoot and look for ways to improve existing systems

Analyzes business or scientific system delivery specifications or purchased
software and develops the technical design. Develops and tests the
application software and implements it for use in a configuration managed
environment. Acts as a source of direction, training, and guidance for less
experienced Analysts. Position leads development efforts for complex and
technical systems. Requires advanced knowledge of Information Technology
and someone who serves as a technical expert. Must be able and willing to
assume on-call rotational assignments which may include 24 hour on 7-day
per week availability. Additionally must be willing and able to travel to
carry out project work.

Development of the technical design includes:
* Establish and design technical framework for system
* Design System components including user interfaces
* Design data conversion requirements
* Define operational requirements including scheduling, capacity planning
and resource requirements
* Define test environment including development of test cases

Responsible for the development and testing which includes:
* Generation of executable code based on accepted programming standards
* Unit testing of executable code
* Integration testing of executable code
* Develop operational procedures
* Follows change control procedures and quality assurance standards
* Verification that system meets all business requirements, including
reliability and process volumes
* Receive approval from user that system is ready for production and
prepares associated documents for production release

Job Modifier
Utilizes client-based or web development tools to develop solutions for a
variety of complex and difficult problems or systems.
List of additional technologies in their environment NOT REQUIRED
The technologies and techniques that we use here are:

-          WCF
o   SOAP
o   REST

-          ASP.NET
-          LINQ
-          C#
-          Entity Framework
-          ASP.NET MVC3
-          SQL Server 2008

o   SSIS
o   SSRS
o   SSAS

-          Business Intelligence

o   We're trying to get into this more... .we want to build some cubes and
change the way we store data, but we need people!
o   Star Schemas
o   Data Cubes

-          Windows Services
-          High Availability Clustering
-          Telerik third-party control sets for Silverlight and ASP.NET
-          Silverlight
-          Tibco Enterprise Service Bus and web services


*------------------------------*

*2. TVA Programmer Analyst Chattanooga, *

I year contract with the possibility of extension *(REMOTE WORK WITH IN
OFFICE VISITS A POSSIBLE OPTION)*

THIS IS THE ENTRY LEVEL FOR PROGRAMMER ANALYSTS. BASED ON DEFINED
SPECIFICATIONS PROVIDES THE FOLLOWING: DEVELOPS EXECUTABLE CODE USING
ADOPTED PROGRAMMING STANDARDS PREPARES TEST DATA UNIT TESTS CODE DOCUMENTS
PROGRAMS FOLLOWS CHANGE CONTROL PROCEDURES UTILIZES CLIENT/SERVER AND/OR
WEB DEVELOPMENT TOOLS TO DEVELOP SOLUTIONS FOR A VARIETY OF MODERATE TO
WELL DEFINED BUSINESS PROBLEMS, OR SEGMENTS OF MODERATELY DEFINED, BUT
COMPLEX AND DIFFICULT PROBLEMS OR SYSTEMS. BS OR BA DEGREE IN COMPUTER
SCIENCE, BUSINESS ADMINISTRATION OR RELATED FIELD OR EQUIVALENT IS
REQUIRED. SOFT SKILL SET INCLUDES TEAM BUILDING AND LISTENING. KNOWS
FUNDAMENTAL CONCEPTS, PRACTICES AND PROCEDURES RELATED TO APPLICATION
DEVELOPMENT MUST BE KNOWLEDGEABLE OF AND HAVE EXPERIENCE WITH 1 OR MORE OF
THE LANGUAGES AND OS LISTED ABOVE. MAY REQUIRE 24-HOURS-A-DAY,
7-DAYS-A-WEEK AVAILABILITY VIA A BEEPER OR OTHER COMMUNICATION MECHANISMS.
TRAVEL MAY BE REQUIRED TO CARRY OUT PROJECT WORK.





Thanks,


*Joshua Standifer*
Talent Sourcer

*Modis*

633 Chestnut Street ST1350
Chattanooga, TN 37450

T: 423-763-4084
C:865-307-4193
joshua.standifer@modis.com
[image: Signature Logo]
Proud Sponsor of the U.S. Olympic Team.

Code with Your Kids (from the United Kingdom)

From: Phil Shapiro 
------------------------------------------------------


This looks promising, from the same land that gave us Isaac Newton and the Raspberry Pi. 
https://twitter.com/codewithkids 
phil -- 

Phil Shapiro, pshapiro@his.com 
http://www.his.com/pshapiro/briefbio.html 
http://www.twitter.com/philshapiro 
http://www.his.com/pshapiro/stories.menu.html 

"Wisdom begins with wonder." - Socrates 
"Learning happens thru gentleness." 

[OT] Just got my Oculus Rift

From: Chad Smith 
------------------------------------------------------
Man I am Luckey to have some good online friends.

https://scontent-a-iad.xx.fbcdn.net/hphotos-prn1/t31/1618363

Even Cyanide & Happiness is jumping on the band wagon

From: flushy@flushy.net
------------------------------------------------------
http://explosm.net/comics/3479/

--b


Thursday Arduino nights at the library

From: Nate Hill 
------------------------------------------------------
Hey all:

Just a heads up that we've started Thursday Arduino nights on the 4th Floor.
From 4:00 PM til 8:00 there's a nice mix of instruction on basics straight
up to hanging out and building crazy whatevers with your pals.

Tonight/this afternoon I'll run everyone through a simple project making a
theremin out of a photoresistor and a piezo.  Rad.

We also just busted a staff member for order 9, yes 9, boxes of girl scout
cookies.  I'll provide parts for any teams that want to take the challenge
of making a cookiebox alarm.  Cause as things stand right now, those
cookies are NOT safe.


-- 
Nate Hill
nathanielhill@gmail.com
http://4thfloor.chattlibrary.org/
http://www.natehill.net

Library Box 2.0 Beta

From: Mike Harrison 
------------------------------------------------------

Library Box is alive and well. :)  Kudos Jason Griffey!


http://boingboing.net/2014/02/25/librarybox-beta-goes-2-0-self.html

http://librarybox.us/

And I just happen to have a TP-Link MR3020 in my travel bag.. ;)






Podcast interview with Charlie Reisinger in Pennsylvania

From: Phil Shapiro 
------------------------------------------------------



Fascinating KernelPanic Oggcast (podcast) interview with school IT Director Charlie Reisinger who rolled out 1,700 Ubuntu laptops at his high school in Penn Manor, Pennsylvania. 


http://kernelpanicoggcast.net/Oggcasts/KernelPanic

Currency of the Apes

From: Chad Smith 
------------------------------------------------------
https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/t1/1797960

Man loses $8500 of wife's savings on Bitcoin

From: William Roush 
------------------------------------------------------
http://np.reddit.com/r/Bitcoin/comments/1yv26o/gox

Raspberried.. W. Africa Linux.

From: Mike Harrison 
------------------------------------------------------

I bought two Raspberry Pi (B) ultimate kits this week..
Was impressed. now I gotta buy a third for myself just for fun.

One of them is going back to Benin W. Africa with Idriss,
whom, since I intro'd him to Linux almost two years ago
has become quite the Linux driven asset where he works.

His first Pi project is to use it to control some farm equipment 
(irrigation valves is the first step) for a family farm.

We often forget how technology can be used to address fundemental needs 
and how empowering flexible low cost open systems can be.

--Mike--




Help with blog post about encrypting email

From: "Robert A. Kelly III" 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've just written a blog post detailing how to set up and use email
encryption with Thunderbird and Enigmail, on either Windows or Linux,
and I'm looking for some feedback. I would appreciate anyone who
wouldn't mind reading over the post and sharing your feedback. If you
are familiar with these things, I would appreciate your checking for
the accuracy of the post, etc. If you are not, I would appreciate any
feedback on how clear the explanation and instructions are. Are
concepts explained clearly? Are the instructions easy to follow? In
either case, are there things you think I should change? I am planning
to follow up with a part 2 to explain key signing and trust, etc.
Thanks in advance for any feedback.

How to encrypt your email, so the NSA can't read it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTAsGBAAoJEFJIfKV7IxD6WTAP/0vJNsBpZhjw+7Qc/QlLG+/O
lr6R5yTcycKetJYqYTC4BmRMKu8EaJ7VtB6S4wyPRNDiMGgAO64ugyak7dn2usWB
q1D8zUf4abYA2tcGxm1i09Hf4xOMc1dddQe6j8JrD5Se1mHXDtxgYfbn7WklooAJ
+F0b/nnm4t/uuL5CY8vdjTtjIFxzmCyLa6NnfSoN6/qAQPxYnRLB4bNYRG3LGpgK
0U5cK/9ISd03Ay9WSIJ6sQlHz0t3qAsB3pk06F/nnb5nhenLdN1GFFdIk3YjFp+s
ZCKXTbCw9piGas27uZWUZSoPgKfcfmtYG46VMb7Vg4TI/1T3Kt9YcfXpIKCPqPRN
xvac+xUnrCMPrvLmaNvUJMAAkxXGzOpLko2ELMMS+dGzop3+H6P61GF4r4JcJLBw
PcYr4GsTMeyxx849Fbx6luvkibChqI5+4NlINdPNHfTQPBbLYezjvEgLFPpvnA6/
mlbyOeO1cyX2NVg1rvH3Cm5JuAvkR+h0kfSfH6wPH4f2krazB1shhxe/eC4DB1We
dZa5Nac80zJ9JKf+CZJNFQQbv0pyEHL0cjR865aMBYrJDjHUNSuRBm/veJW8EjIH
1+yBW5kSVQ0FrbgCZ3s+/cAbXNLytFsOxyrOLUQroddVYnMOHlIdfqEirWAkpQYr
Q00GRm+WfomXfUYQ105+
=7XiJ
-----END PGP SIGNATURE-----

Chugalunch Friday 12:30 Champy's

From: Mike Harrison 
------------------------------------------------------

On Feb 14, 2014, at 8:49 AM, Ed King  wrote:

> what would be good time for the Chugalung?   I'm totally flexible.   =
I'll throw 12:30 on the table for consideration=85.


Ya=92ll are too discussive. (new word)

Talking about it made Omar and myself hungry for Champy=92s..=20
We=92ll be there at or before 12:30=85 =20

Lets have a chugalunch!







Mesh wireless with RaspberryPi?

From: Bret McHone 
------------------------------------------------------
Has anyone tried anything like this? I'm curious how it works.

http://www.ericerfanian.com/mobile-mesh-networks-with-the-raspberry-pi-part-1/

Thanks,
Bret