_do – jozefmares.com
Home top_menu _do
Category:

_do

Life_do

Living in the Ivory Tower

by Jozef Mares
written by Jozef Mares

Maintaining a clear headspace is crucial for me to be productive and avoid additional stress. To achieve this, I adopt an ivory tower mentality, which I refer to as my “shields-up procedure” or “harsh editor protocol.” The latter name comes from my language teacher, who was a pro at cutting unintentional content from my school works and had a significant impact on the way I think and write.

In terms of my online and computing habits, I practice strict ad-blocking for both my sanity and security reasons. I use Safari as my browser and have several extensions installed, including Hush, Super Agent, Vinegar, and Wipr. Additionally, I use a self-hosted VPN with Wireguard and deploy it with a network-based ad-blocker. For this, I use PiHole in the LXC container.

I have a self-hosted music library, but I also use Spotify for discovery. I pay for the ad-free version as the ads can be very obtrusive and listening to the same ad repeatedly drives me crazy. I rarely watch TV but have noticed that the bombardment of ads makes it an unpleasant experience. I choose to cut out the ads by paying for the ad-free version and avoid TV when possible. Last few years I in general do not watch too much of movies and shows so TV is really obsolete for me.

To avoid mindless browsing on social media and news platforms, I focus on the tasks at hand and make a conscious effort to engage in activities I enjoy, such as snowboarding, skateboarding, reading, going for walks, visiting coffee shops, cooking, gardening, and simply looking at the wall.

For news consumption, I use RSS feeds, and Twitter’s RSS feature through Nitter (https://nitter.net/$USERNAME/rss). I also prefer to consume curated news rather than focus on developing situations that don’t directly affect me. For example, I use the Current Events portal on Wikipedia instead of local “infotainment news.” If you struggle with muscle memory typing (e.g. typing news portal automatically I suggest blocking domain on PiHole or via /etc/hosts). It worked for me.

I try not to pick up my phone as soon as I wake up in the morning. Instead, I take a few minutes to make coffee, go to the bathroom, and think about what’s ahead of me. I also focus on doing more of what works and less of what doesn’t, which can be surprisingly difficult.

While it is challenging to avoid ads in real life, such as billboards and posters, I choose to ignore them. Growing up in Eastern Europe in the 90s exposed me to numerous billboards, making me effectively blind to on-street ads.

Regarding society, I’m not particularly interested in other people’s work lives unless they are passionate about it or work on something interesting. I prefer to ask about their hobbies and pastimes instead of their job.

Toxic environments like Facebook conspiracies and crazy people, Instagram i know I am not supermodel, and TikTok hell no can be draining, so I avoid them. Instead, I use curated Twitter, Mastodon, and specific subreddits related to my interests in Dev/IT/security. Over time, I’ve joined various group chats and left as many. I have at least few cybersecurity-related group chats, some for development, few with close friends, and a some related to skateboarding. I find this approach more beneficial than hunting for information on social media and being at the mercy of random algorithms designed to feed me more ads.

When it comes to personal relationships, I edit my friends and family ruthlessly. People come and go, and our lives take different paths. If a relationship exhausts me, I take the time to re-evaluate and consider moving on. I am getting to forties and my time is limited. I have circa 25 active years and with some luck another forty years on this rock.

Lastly, I periodically evaluate my surroundings to determine if I’m content. I have a simple note where I actively write about my location, the activities I’m doing, the people I’m meeting, and other aspects of my life. I grab coffee or tea and evaluate what’s happening around me. If I am unhappy with work I am doing for longer time I improve situation or move on. Also it is interesting to observe how perception changes over the time.

Finally, I try not to get caught up in the hype around side hustles, FIRE, cryptocurrency, and other trending topics. I give zero fucks about the opinions of “thread-bois” and “crypto-bros” who are just trying to sell their dreams and make money off subscriptions. Instead, I stay focused on what matters to me and help people I care about. That is living in Ivory Tower for me.

_do

Detective – a modern crime, tabletop game review

by Jozef Mares
written by Jozef Mares

I am not going to lie. I was never fan of tabletop games. I mean, we played cards as kids with grandma, we played some games with parents on vacations and stuff. But I was never into tabletop gaming. I did not even liked Monopoly – always took way to long for my attention span.

So I was, naturally, very surprised when I visited gameshop with tabletop games (I was buying it as a present for significant other) and I found there are “escape games like” tabletop games. We love escape games (and if I can say, we are pretty good at it with my team).

This is how I entered rabbit hole of tabletop games. But this article is going to be only about one – and our first one – Detective. From introduction it is clear I am not an expert regarding tabletop gaming – but let’s skip to conclusion – I hella loved this game.

What is a Detective about?

We are new detective unit and we are solving five crimes. These crimes have something in common. You choose your role, each role have different set of skills. Pretty usual stuff. I am not going to spoiler here so you have to play for yourself. There are Nazis, there are murders, conspiracy, time pressure. Everything you can expect from great story.

Game that stands out

What really stands out here is this game breaks tabletop “table” boundaries. For solving a crime you have to use computer to access database, you have to google stuff, consult Wikipedia etc. We had probably more fun discussing options and making theories than playing a game. I can imagine this kind of games can be a good way to practice communication in groups. You have to give space each team member for articulating opinion, you have to listen etc.

Skills to use

If players have analytical thinking, can draw (or willing to learn) mindmaps, can follow evidence and create notes about progress – they are will enjoy this games.

This is how your table going to look probably:

Your table will look like this. This is “orderly” state.

Sometimes, database sucks and destroys pleasure from playing

I am not going to elaborate way too much here. We played before the end of the year 2018, and maybe app was under heavy load, however we were pretty annoyed with lack of response from Antares database (application where you search for clues, read interrogations, …). Just take a look on pictures, this is what we saw mostly during our play.

Results sell, even in tabletop games

It is very same as when you are hacking something. It is all the fun and jazz, until you have to write report and make presentation. Report is way how this game measure results, You have to answer few questions and if you well this is how it is gonna look.

Maybe not the best agent in the world, but we solved it.

Add-ons and conclusion

Overall, we liked game a lot. We even bought add-on which is significantly shorter, probably three hours of play if you are not rushing. For comparision, original game with five cases took us three eveninings – could be shorter, but Antares database did not worked very reliably during our gameplay. What sucks here is folder with new cards for add-on case does not fit original case – I liked design of game however this is failure.

In conclusion, thanks to authors for and awesome game. In our add-on play Antares worked very good so no reason not to buy.

I also have one thing about legacy of this game – this game relies on Antares database which is right now hosted probably by authors. Authors should put sources to Github to ensure this game will be playable in case they servers will go down or overall in 10 years.

_do

About Symantec Cyber Readiness Challenge

by Jozef Mares
written by Jozef Mares

Today, I participated on Symantec Cyber Readiness challenge. These are my thoughts about competition.

Why is it cool?

As I am not allowed to disclose any competition questions and flags (competition is organised like capture the flag game) I will say only few brief informations.

Cool thing about this competition is that someone (thanks Symantec) created real hands-on hacking environment for relative wide audience. This kind of testing was domain of security certifications like CEH or privately provided trainings.

You will learn stuff about your tools – there is always a space for improvement. And – it is always good thing, knowing where are your limits. We all should master our tools.

Where it fails

Does not matter what people thing, this is not penetration testing nor hacking simulation. Real world compares with competition same way that ocean compares with pool. Yes, you can drown in both but swimming in pool is a lot simpler than swimming in ocean. Take it as a bootcamp testing environment.

Conclusion

If you have opportunity go for this event. You will learn something new, and you will have great fun.  Do not come unprepared. I came only with MacBook Air and some old Backtrack (I did not done my homework). My recommendation: test if your tools are working (my Metasploit was broken – usual Ruby, Gem lib stuff), test if you can use your tools (fcrackzip and nmap has segfaulted few times). Make sure your clipboard is working. It is really annoying to rewrite hashes from screen.

Oh btw: I’m glad I finished first. It means I’m going to Nice for next round. I am still worth something as security person. :)Symantec Cyber readiness challenge diploma