Komand-tools

Out of my attempt to reverse engineer the Komand API (a security orchestration tool) I found myself writing some python helper to use the API. Maybe it is useful for some people, so I decided to OpenSource it.

It is hard to understand why a tool, thats main purpose it to connect APIs does not have an API documentation / client itself.

Usage should be pretty simple, clone the repository and good to go:


usage: komand-tools.py [-h] [-v] [-wm] [-j JOB]

optional arguments:
-h, --help show this help message and exit
-v, --verbose increase output verbosity
-wm, --workflow_map show workflow map
-j JOB, --job JOB show job status

Feel free to open Issues or Make Pull Requests. The repository is hosted on Github: https://github.com/deralexxx/komand-tools/

100 days on the board of directors of FIRST

There is this thing looking back after 100 days of starting a new challenge. This post is doing the share my perspective on my 100 days on the board of directors of FIRST (Forum of Incident Response and Security Teams).
On June 28th, 2018 the annual general meeting of FIRST elected five people to serve on the board of directors for a two year term and I was one of the five individuals.
Still remember the day as it was yesterday, I was very nervous going into the AGM knowing that outstanding people throwing their hat into the ring. In my diary I wrote the great relieve I felt after the results where called out.

Kuala Lumpur

Right after the election the first board meeting was called to order from the chair Thomas Schreck and we had to elect the new officers and start think about different tasks to be taken by the new elected people. Been a guest to board meetings before, I thought I am use to the structure and Robert’s rules that are used to run the meeting – but it is a different story calling out „aye“ and „nay“ to reflect your position when a decision is needed. Being new on the board means you will get an adhoc bootcamp of „duties and obligations of the board of directors by the FIRST lawyer and also some organisational topics and infrastructure to get you up to speed, such as a @first.org mail address and access to various only tools, all within hours.

San Fransisco

This first physical board meeting was a new experience, so let me share it with you.

I have never been to San Fransisco before, so that alone was mind blowing to be at the center of the digital revolution. Anyway the reason or that trip in September was to bring 8 people (two board members joined virtually) from around the globe together to meet, discuss and work on FIRST and for the community that FIRST is representing.

Let me say those meetings are intense, I am use to attend meetings – in most meetings you either need to concentrate for an hour or two and then the meeting is closed or it is a workshop setup where most of the content is already agreed / prepared in advance. For FIRST board meetings, you have to pay attention for eight hours straight, most coffee breaks are exploited with continuing the conversation and lunch is also about FIRST. As a non native speaker that is even more intense to follow. But we did get things done, we worked on topics that will enable FIRST to further grow and also using the resources we get from members and participants of our events even more targeted.

Even on the travel days, we managed to squeeze in some 1on1 meetings to brainstorm on topics on a detailed level that will sooner or later be proposed to the board of directors and the members.

That trip showed me how much enthusiasm every individual on the board has, they are truly committed which is great to see and also a prerequisite, as everyone has his tasks and duties to keep FIRST running.

Recognition of FIRST

Before joining the board, I truly believed the fact that FIRST is a key player in addressing some of the challenges global population is facing, e.g. fake news, cyber warfare and privacy. After 100 days, I can now say that it is a matter of fact that more and more organisations value FIRST by asking for our opinion, input or expertise by training policy makers and our efforts with our valued partner organisations. We are still on a long journey to prepare for that and be able to answer all that demand on a level that we feel comfortable with.

Secretary

If you read thus far and think serving on the board is a tough job, you are right, but I haven’t covered one particular aspect which is the central point of every meeting: Nora Duhig.

Every meeting has an agenda (obviously) and needs to have minutes. Imagine 10 adults who are experts in their professional area discussing and arguing on all aspects starting from finance over contracts to nifty details of infrastructure (hosting infrastructure on prem. or in the cloud, which technology to use…). For transparency reasons, every meeting has to have meetings, so someone must keep track of everything, and that is Nora. It is impressive to observe her ability to follow the discussions, writing minutes while keeping the ability to be pulled into the discussion out of the blue at any time – because she has been attending board meetings way longer then most current members combined and it is critical to get the reason a certain decision was taken in the past to make decisions for the future by either stick to that decisions or change the strategy, having that context is gold.

Conclusion

It is hard to imagine how complex an not-for-profit-organisation that „only“ enables a community is. This organisation has 30 years of history, that includes some small things that we as a board need to work on to transform things we have done in the past into a modern way to operate an organisation. FIRST is doing business with entities literally all around the globe because of the membership spreading and the events we host or co-host.

I am in no way saying I am now settled at the board as the planning phase for the FIRST conference 2019 and already 2020 and 2021 (yes not a typo!) are increasingly taking more time on board calls and the other communication channels that we use almost on a daily base. So I am looking forward to the challenges we have to tackle as a group and I am thankful for that opportunity.

Statistics last 100 days

– 2 board meetings in Kuala Lumpur
– 3 virtual board meetings
– 1 physical board meeting in San Fransisco (3 days + various side meetings).
– 2 virtual meetings with the membership committee
– 3 calls as the liaison for special interest groups (SIGs)
– was active on 16 of the last 30 days in our internal chat
– 50+ mails written to the board mailing list
– 300 mails received via board mailing list

Thanks to Serge Droz for the picture shown above.

Backfischfest Blog 2018

Backfischfest Blog

In den letzten Jahren hat sich der Backfischfest Blog oder auch Backfischfest Vlog um die Band Die Döftels zu einer Institution in Worms entwickelt.

Die witzige Art die Tradition auf die Schippe zu nehmen und hinter die Kulisse zu schauen macht Freude und ist jeden Tag auf dem Festplatz oder der Fischerwääd Gesprächsthema.

Aus dem Backfischfestblog sind auch solche Geschichten wie die „Terrence-Hill-Brücke“ entstanden.

Unterstützt wird der Backfischfest Blog von einigen Wormser Unternehmen. Schnitt und Kamera übernehmen rawk und Steven Amendt

Hier die Videos

9TageTicket 10 Jahre

Dieses Jahr zum Backfichfest Worms feiert das 9TageTicket, an dem ich mit einigen Freunden beteiligt bin das 10-jährige Jubiläum.
Was anfangs noch ein Scherz unter Freunden war um zu zeigen, wie oft man auf dem Backfischfest war, hat sich mittlerweile zu einer Institution entwickelt, die von Wormsern wie auch den Schaustellern gerne angenommen wird.

Die Arbeit an dem Ticket macht jedes Jahr wieder Spaß, es ist zu einer Tradition geworden, am Tag vor der Eröffnung gemeinsam die Tickets zu drucken und zu schneiden und dann den ersten Abend auf dem Fischfest gemeinsam an der Ausgabe zu sitzen, bekannte Gesichter sehen und einfach die Zeit genießen, die auch manchmal etwas stressig ist.

Ich freue mich auf jeden Fall wieder drauf.

Ahoi

Raspberry Pi EyeFi Server

I tried to ceate a Raspberry Pi as a standalone Photo catching device for multile EyeFi Cards.

Turns out that is not possible at the moment using EyeFi Mobi cards.

That is what I tried:

Hardware:

– Raspberry Pi

– EyeFi Mobi card

– Edimax USB Wifi Dongle

– Camera

Software:

– Raspian install
– https://github.com/dgrant/eyefiserver2/

Installation:

– git clone the eyefiserver2
– follow https://github.com/dgrant/eyefiserver2/wiki/Getting-Started

Starting

Start the script

sudo eyefiserver.py start /etc/eyefiserver.conf /var/log/eyefiserver.log

Check

[03/26/16 01:32PM][runEyeFi] - Eye-Fi server started listening on port 59278
tcp        0      0 0.0.0.0:59278           0.0.0.0:*               LISTEN      873/python  

Seems okay

Upload Key

The first issue was the upload key.
Connected two different eyefi cards with OSX and Windows 7 and was unable to find an upload key other then 00000000000000000000000000000000

On OSX:

/Users/$USERNAME/Library/Application Support/Eyefi/Eyefi Mobi/

But there is a SQL database in:

And you can do the following:

sqlite3 offline.db
SQLite version 
Enter ".help" for usage hints.
sqlite> SELECT o_mac_address, o_upload_key FROM o_devices;
00-11-11-11-11-11|12345678901234567890123456789012

Hm but still, using that upload key (was reducted) the eyefiserver2 did not work.

And I was unable to get a connection from my camera to my pi.

There is an issue reported in github:

https://github.com/dgrant/eyefiserver2/issues/9

That referenced the following Whitepaper:

https://www.os3.nl/_media/2013-2014/courses/ot/connor_stavros.pdf

So at the moment the problem has not been solved,an workaround would be using an Mac / Windows System, or to upgrade to the larger EyeFi Version:

Feel free to comment your solutions below.

Further reading:

Raspberry PI and Eye-Fi
http://support.photosmithapp.com/knowledgebase/articles/116903-why-do-i-see-multiple-eye-fi-card-upload-keys-ho
https://github.com/michaelbrandt/node-eyefimobiserver/blob/master/related_work/eyefi-mobi.py
http://www.ephototag.com/using-a-eye-fi-card/
https://launchpad.net/eyefi/+download
http://bazaar.launchpad.net/~jordens/eyefi/trunk/view/head:/README.rst
http://support.photosmithapp.com/knowledgebase/articles/152395-how-do-i-generate-an-eye-fi-card-upload-key
http://thewifibooth.com/article/eyefiuploadkey-x2pro/

Apple Mail quit unexpectedly

On Apple OSX the following issue is very bad to solve:

Crashed Thread:        23  -[DeliveryQueue _deliverQueuedMessages:]  Dispatch queue: NSOperationQueue 0x7fcf5eb248f0 :: NSOperation 0x7fcf62396ec0 (QOS: UTILITY)

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Encoding a malformed address (unbalanced quote or parenthesis), bad things may be about to happen.
"XYZ,'
abort() called
terminating with uncaught exception of type NSException

There are some articles how to potentially solve it with deleting settings of mail etc. but there is another solution:

– Turn the system to offline mode (turn of WiFi etc.)
– Open Mail
– Search for the email with malformated content
– delete the email
– close Mail
– Turn the system back to online mode
– start Mail again

–> Done

Hope that helped

SwissTrailBell Review

Introduction

How cool is that, riding several hundret kilometers every week including areas with people walking around it annoyes to ring a bell.
Found myself angry with people, dogs, kids etc not recognizing my bell.
SwissTrailBell simply solves a problem that no one ever considered to be important enough to be solved.

Unboxing

The swisstrailbell is delivered in a unlabeled brown carton.

Swisstrail bell box

Swisstrail bell box

Within that box is the swisstrailbell itself and a short howto in german only.

Swisstrailbell box 3

Swisstrailbell box 2

Swisstrailbell box 3

Swisstrailbell box 3

The swisstrailbell itself is black and nicely made.

Swisstrailbell

Swisstrailbell

Swisstrailbell

Swisstrailbell


(The bell was ordered via Fahrradklingel-shop, so other shops might change the boxing)

Installation

Very easy and straight forward.

Swisstrailbell on a Cyclocross bike

Swisstrailbell on a Cyclocross bike

Swisstrailbell on a MTB

Swisstrailbell on a MTB

Weight

Swisstrailbell weight

Swisstrailbell weight

The ordered version is exactly 51 g.

Volume / sound

HOW LOUD IS IT? Loud enough!

In regards to the sound, fahrradklingel-shop.de has recorded an mp3 which gives an good idea about the sound.

Usage

I got one a week ago, attached it to my road bike and tried it several times and it just rocks.

It is loud enough to warn people early, they do not over-react and it sounds nicely. It is made for off-roaders riding trails to keep the hands on the handlebar while still informing people.

Very easy to attach to nearly every bike, of course mountain bike but also road and time trial bike can be used with the swisstrailbell.

And last but not least – the swisstrailbell is beatiful, it is an eye-catcher on every bike and envious eyes are guaranteed.

Pro:

+ Ringing by itself
+ Signaled by constant ringing audibly convergence
+ High acceptance by pedestrians
+ Different colors / designs
+ Easily activated with one hand
+ Simple assembly / disassembly
+ one per group is enough

Contra:

– relatively expensive
– can by itself twisting or slipping
– on duration annoying tinkling
– the design is a matter of taste
– relatively high weight

The swisstrailbell is about 28 € and can be ordered via swisstrailbell.ch

Alternatives

If the design of the swisstrailbell is not your style, found some alternatives on Amazon (so called Bären Glocke, bear bell):

Conclussion

Very nice, unique gadget for bikers.

links

User manual (german only)
swisstrailbell facebook page
German online shop

So it is up to you, happy riding.

Fahrrad richtig fotografieren

Ducati-corse-factory-900xr-01-1280.jpg
Ducati-corse-factory-900xr-01-1280“ von Pölkkyposkisolisti (talk) – Eigenes Werk. Lizenziert unter GFDL 1.2 über Wikimedia Commons.

Die Fahrrad Fotographie ist Teil der Produktfotografie und kann insbesondere den Verkauf von Fahrrädern befördern. Neben einem Foto vom Fahrrad als ganzes sollten auch Details wie Kurbel, Schaltung, Bremse, Bremsflanken und weitere Besonderheiten, aber bei gebrauchten Rädern auch Schönheitsfehler wie Kratzer, Dellen oder Unschönheiten abgelichtet werden.

Wer sein Fahrrad verkaufen möchte, sollte dies mit einem bzw. mehreren ansprechenden Fotos zeigen können.
Um das Fahrrad möglich schon zu fotografieren, gibt es ein paar einfache „Fahrrad Foto Regeln„.

    – Fahrrad putzen
    – Dinge, die nicht verkauft werden sollen – demontieren
    – Fahrrad vor gleichmäßigem, ruhigen, einfarbigen Hintergrund ablichten
    – Fahrrad von rechts (Kettenseite) fotografieren
    – für das Foto auf die richtige Höhe gehen (Blickwinkel!)
    – Kurbel auf ca. 3 Uhr stellen
    – Kette rechts (größtes Kettenblatt + größtes Ritzel)

Mit diesen einfachen Hinweisen sollte dem ansehnlichen Bild nichts im Wege stehen, sei es Mountain Bike, Rennrad, Cross Fahrrad, Zeitfahrrad, Triathlon Rad, Fixie oder weitere Bauart.

Hinweise zur Ergänzung gerne per Kommentar.