mdk
/
mdk.fr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Things.

This commit is contained in:
Julien Palard 2021-05-07 15:35:46 +02:00
parent a86a3b2a43
commit b6d74f42cd
7 changed files with 511 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
content/blog/reverse-d8.md Normal file
View File

@ -0,0 +1,173 @@
---
Title: Reversing coffee machine key
Date: 2021-05-07 12:12:55
---
At $DAYJOB, a long time ago, we had big a coffee machine allowing us
to store money in NFC keys. NFC keys were Mifare 1K ones, so they had
a security hole (Search mfoc), so I tried reverse engineering them,
you know, free coffee…
Before starting you can [download key
dumps](https://mdk.fr/x/keys.tar.bz2) to follow along with me.
I will not paste all dumps in this page, (1k dumps are big in hexadecimal on a
blog post) but I dumped a few keys with a few different values, and
I'll post the diffs between dumps.
I got two keys, and two dumps per key. First key from 9.2€ to
8.35€. Second key from 0€ to 0.10€
Diff of the first key (Between a dump of 9.2€ and a dump of 8.35€):
```diff
< 2 060 b491 7e19 0000 0000 0000 0000 1801 003f 100 R:AB W:-B I:-- DTR:-- r/w block
---
> 2 060 82bb 261a 0000 0000 0000 0000 1c01 0020 100 R:AB W:-B I:-- DTR:-- r/w block
26,27c26,27
< 0 080 9803 0000 67fc ffff 9803 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
< 1 090 c503 0000 3afc ffff c503 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
---
> 0 080 4303 0000 bcfc ffff 4303 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
> 1 090 7003 0000 8ffc ffff 7003 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
```
Diff of the second key (Between a dump of 0€ and a dump of 0.10€):
```diff
< 2 060 daa0 9019 0000 0000 0000 0000 2200 0098 100 R:AB W:-B I:-- DTR:-- r/w block
---
> 2 060 2eaf 261a 0000 0000 0000 0000 2300 00d2 100 R:AB W:-B I:-- DTR:-- r/w block
26,27c26,27
< 0 080 0000 0000 ffff ffff 0000 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
< 1 090 2d00 0000 d2ff ffff 2d00 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
---
> 0 080 0a00 0000 f5ff ffff 0a00 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
> 1 090 0000 0000 ffff ffff 0000 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
```
To start let's focus on the two-lines diff, at adresses `0x080` and `0x090`.
When I reverse engineer I like to loop between "presentation" (put an
effort to make the data readable) and "understanding" (get an
information from the data), so my first step, is to render this in a
clean way. I had an intuition for a one's complement (as I spotted
`ffff` / `0000`, what an intuition...), so I wanted to see binary
data. I also dropped columns of data that were identical between two
dumps:
```text
9.2 : 9803 0000 67fc c503 0000 3afc | 10011000.00000011 ... 01100111.11111100 11000101.00000011 ... 00111010.11111100
8.3 : 4303 0000 bcfc 7003 0000 8ffc | 01000011.00000011 ... 10111100.11111100 01110000.00000011 ... 10001111.11111100
0.1 : 0a00 0000 f5ff 0000 0000 ffff | 00001010.00000000 ... 11110101.11111111 00000000.00000000 ... 11111111.11111111
0.0 : 0000 0000 ffff 2d00 0000 d2ff | 00000000.00000000 ... 11111111.11111111 00101101.00000000 ... 11010010.11111111
```
So, my first intuition was true: the data is stored twice, the 2nd one
is the one's complement of the first. So half of the data is useless
for me, I can drop it from my representation.
Follow a simplified presentation witout duplicate (complemented) data:
```text
9.2 : 9803 c503 10011000.00000011 11000101.00000011 0398 -> 920 | 03c5 -> 965
8.3 : 4303 7003 01000011.00000011 01110000.00000011 0343 -> 835 | 0370 -> 880
0.1 : 0a00 0000 00001010.00000000 00000000.00000000 000A -> 10 | 0000 -> 0
0.0 : 0000 2d00 00000000.00000000 00101101.00000000 0000 -> 0 | 002d -> 45
```
At this point I see `0a00` on the `0.10€` key, as `0a(16)` is
`10(10)`, `0a00` is `10` in big endian... money may be stored here…
in big endian in 1/100 of euros. Let's test with `9803(16be)`, gives
`920(10)` that give `9.20€`, yes!! Free coffee not far away!
This is the big part of the dump, the remaining part (top one) seems
to store metadata but is not reversed yet.
Follow two tables, for the two keys, showing old_value -> new_value,
with, for each value, its binay representation and its base 10
representation as if value is stored in big endian.
In the following table, 16be mean "From base 16 big endian to
decimal", 16le for little endian.
```text
9.2 -> 8.35
Value: As binary 16be 16le Value: As binary 16be 16le
DAA0 : 11011010.10100000 41178 55968 -> 2EAF : 00101110.10101111 44846 11951 date ?
9019 : 10010000.00011001 6544 36889 -> 261A : 00100110.00011010 6694 9754
2200 : 00100010.00000000 34 8704 -> 2300 : 00100011.00000000 35 8960 count ?
0098 : 00000000.10011000 38912 152 -> 00D2 : 00000000.11010010 53760 210
```
```text
0.0 -> 0.1
Value: As binary 16be 16le Value: As binary 16be 16le
B491 : 10110100.10010001 37300 46225 -> 82BB : 10000010.10111011 48002 d33467 date ?
7E19 : 01111110.00011001 6526 32281 -> 261A : 00100110.00011010 6694 9754
1801 : 00011000.00000001 280 6145 -> 1C01 : 00011100.00000001 284 7169 count ?
003F : 00000000.00111111 16128 63 -> 0020 : 00000000.00100000 8192 32
```
Non reversed data:
```text
mandark@blanc$ grep 00000060 *.dmp.hex | column -t
step1-0.dmp.hex:00000060 da a0 90 19 00 00 00 00 00 00 00 00 22 00 00 98 |............"...|
step2-0.1.dmp.hex:00000060 2e af 26 1a 00 00 00 00 00 00 00 00 23 00 00 d2 |..&.........#...|
step3-0.2.dmp.hex:00000060 53 1a 51 1a 00 00 00 00 00 00 00 00 24 00 00 98 |S.Q.........$...|
```
```text
mandark@blanc$ grep 00000060 *.dmp.hex | column -t
step1-9.2.dmp.hex:00000060 b4 91 7e 19 00 00 00 00 00 00 00 00 18 01 00 3f |..~............?|
step2-8.35.dmp.hex:00000060 82 bb 26 1a 00 00 00 00 00 00 00 00 1c 01 00 20 |..&............ |
step3-3.9.dmp.hex:00000060 c7 9a 59 1a 00 00 00 00 00 00 00 00 2a 01 00 91 |..Y.........*...|
```
Clearly `0022 0023 0024`, and `0118 011C 012A` are juste counters. I only
add 10 cents on the key1 between each dumps, but I drink some coffee
between each dumps on key2, so it's normal values. I now know I drank
18 coffees between first and last dump!
```text
-----------------------------------------------------------------------------------
|money | counter | Last byte ? | First long, kind of timestamp |
|---------------------------------------------------------------------------------|
|euro | hex dec | hex dec bin | hex little endian dec |
|---------------------------------------------------------------------------------|
|0 | 22 00 34 | 98 152 10011000 | da a0 90 19 19 90 a0 da 428908762 |
|0.1 | 23 00 35 | D2 210 11010010 | 2e af 26 1a 1a 26 af 2e 438742830 |
|0.2 | 24 00 36 | 98 152 10011000 | 53 1a 51 1a 1a 51 1a 53 441522771 |
|---------------------------------------------------------------------------------|
|9.2 | 18 01 280 | 3F 63 00111111 | b4 91 7e 19 19 7e 91 b4 427725236 |
|8.35 | 1C 01 284 | 20 32 00100000 | 82 bb 26 1a 1a 26 bb 82 438745986 |
|3.9 | 2A 01 298 | 91 145 10010001 | c7 9a 59 1a 1a 59 9a c7 442079943 |
-----------------------------------------------------------------------------------
```
First long seems to be a kind of timestamp, but it's not a unix
timestamp. It seems to count seconds, but I don't know the start
point. Start point may be random ^-^
About last byte, I tried some crc's (namely crc-8, crc-8-darc,
crc-8-i-code, crc-8-itu, crc-8-maxim, crc-8-rohc, crc-8-wcdma, crc-16,
crc-16-buypass, crc-16-dds-110, crc-16-dect, crc-16-dnp,
crc-16-en-13757, crc-16-genibus, crc-16-maxim, crc-16-mcrf4xx,
crc-16-riello, crc-16-t10-dif, crc-16-teledisk, crc-16-usb, x-25,
xmodem, modbus, kermit, crc-ccitt-false, crc-aug-ccitt, crc-24,
crc-24-flexray-a, crc-24-flexray-b, crc-32, crc-32-bzip2, crc-32c,
crc-32d, crc-32-mpeg, posix, crc-32q, jamcrc, xfer, crc-64, crc-64-we,
crc-64-jones)
I tried with last byte set to any possible value and I '% 255'ed
results, also tried without last byte, so I got a lot of false
positive matches, for example, for step1-0.dmp.hex:00000060, I have 39
possibilities yielding to 98, but I found NO possibility working with
the same params for two different dumps.
We may try to compute more value in CRC's, for example whole block, I
just tried to CRC a single line (16 bytes), but I stopped my research
here and get back to work.

294
content/pages/bookmarks.md Normal file
View File

@ -0,0 +1,294 @@
Title: Bookmarks
Date: 2021-05-05 15:21:00
# HTTP
- 📊 [Proxy networks and data collection tools](https://brightdata.com/)
- 📑 [Cours HTTP au CNAM de Stephane Bortzmeyer](https://www.bortzmeyer.org/cours-http-cnam.html)
- 📑 [RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content](https://tools.ietf.org/html/rfc7231)
## Microservice
- 📑 [Twelve Patterns for Hypermedia Microservices](https://www.infoq.com/presentations/12-patterns-api-microservices/)
- 📑 [Microservices in a Post-Kubernetes Era](https://www.infoq.com/articles/microservices-post-kubernetes)
- 📑 [How to choose a database for your microservices](https://www.infoworld.com/article/3236291/database/how-to-choose-a-database-for-your-microservices.amp.html)
## APIs
- 📊 [Public APIs: A Collection of Public and Free APIs for Development](https://public-apis.xyz/)
- 📚 [Mike Amoundsen blog](http://amundsen.com/blog/)
- 🔧 [Agnostic Github client API — An EDSL for connecting to REST servers](https://github.com/mozilla/agithub)
- 📑 [APIs You Won't Hate — A community that cares about API design and development](https://apisyouwonthate.com/)
- 📑 [A Web API ecosystem through feature-based reuse](https://ruben.verborgh.org/articles/web-api-ecosystem/)
- 📑 [The Structure of Information Networks — Computer Science 685 — Cornell University — Fall 2007](https://www.cs.cornell.edu/courses/cs685/2007fa/)
- 📑 [Mechanisms for obtaining information about the meaning of a given URI](https://www.w3.org/2001/tag/group/track/issues/57)
- 📑 [Python API Checklist](http://python.apichecklist.com/)
- 📑 [Open Data Protocol (OData)](https://fr.wikipedia.org/wiki/Open_Data_Protocol)
- 📑 [API Evangelist is about making sense of the world of application programming interfaces](https://apievangelist.com/)
### REST
- 📚 [Roy T. Fielding's blog](https://roy.gbiv.com/untangled/)
- 📑 [It is okay to use POST — Roy T. Fielding](https://roy.gbiv.com/untangled/2009/it-is-okay-to-use-post)
- 📑 [Misunderstanding REST](https://hanselminutes.com/236/misunderstanding-rest-with-mike-amundsen)
- 📑 [Using Web Sequence Diagrams with your APIs](http://amundsen.com/talks/2018-09-restfest/index.html)
- 📑 [Twelve Patterns for Evolvable APIs Revisited](http://amundsen.com/talks/2017-12-yow/index.html)
- 📑 [Some thoughts on resources, information resources and representations](https://www.w3.org/2001/tag/2008/02/RepresentationResources.html)
- 📑 [REST without the hypertext constraint is like pipe-and-filter without the pipes](http://roy.gbiv.com/untangled/2008/on-software-architecture#more-10)
- 📑 [resources are just consistent mappings from an identifier to some set of views on server-side state.](http://roy.gbiv.com/untangled/2008/paper-tigers-and-hidden-dragons)
- 📑 [A REST API must not define fixed resource names or hierarchies](http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven)
- 📑 [principled design of the modern web architecture — Roy T. Fielding](http://dl.acm.org/citation.cfm?doid=3106237.3121282)
### GraphQL
- 🔧 [GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)](https://github.com/graphql/graphql-playground)
- 🔧 [django-restql: Turn your API made with Django REST Framework(DRF) into a GraphQL like API.](https://github.com/yezyilomo/django-restql)
- 🔧 [GraphQL Doctor: Prevent Breaking Changes in a GraphQL API with GitHub Checks](https://github.com/cap-collectif/graphql-doctor)
- 📑 [GitHub GraphQL API](https://docs.github.com/en/graphql)
- 🔧 [Graphene: GraphQL in Python Made Easy](https://graphene-python.org/)
- 📑 [Representing State in REST and GraphQL](https://philsturgeon.uk/api/2017/06/19/representing-state-in-rest-and-graphql/)
# Traduction
- 📑 [Entretiens autour de la traduction collaborative](https://bzg.fr/entretiens-autour-de-la-traduction-collaborative.html/)
- 📑 [Orthotypographie, de Jean-Pierre Lacroux (Lexique des règles typographiques françaises)](http://www.orthotypographie.fr/volume-I/academie-accentuation.html)
- 📑 [L'association Traduc.org](https://traduc.org)
- 📑 [Recommandations pour la traduction de documents techniques Red Hat de en_US -> fr_FR](https://fedoraproject.org/w/uploads/c/c1/Guide_stylistique_de_traduction_EN-FR_24NOV14.pdf)
- 📘 [Petites leçons de typographie — Jacques André](http://jacques-andre.fr/faqtypo/lessons.pdf)
- 🔧 [Deepl](https://www.deepl.com)
- 🔧 [Gramalecte](https://fr.m.wikipedia.org/wiki/Grammalecte)
# Cybersecurity
- 🔧 [Temporary email address redirection](jetable.org)
- 🔧 [fsociety — A Modular Penetration Testing Framework](https://github.com/fsociety-team/fsociety)
- 📚 [hackingthe.cloud — Knowledge about cloud, enumeration, exploitation, avoid detection, AWS, azure, GCP...](https://hackingthe.cloud/aws/)
## Cryptography
- 🔧 [Detect and decode encoded strings, recursively.](https://github.com/UltimateHackers/Decodify)
- 🔧 [Quipqiup: A fast and automated cryptogram solver](https://quipqiup.com/)
- 🔧 [lantern — Cryptanalysis library for breaking classical ciphers](https://github.com/CameronLonsdale/lantern)
- 🔧 [hashID — Hash Identifier](http://psypanda.github.io/hashID/)
- 🔧 [Ciphey — Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes](https://github.com/Ciphey/Ciphey)
## Writeups
- 📚 [CTF solutions from p4 team](https://github.com/p4-team/ctf)
- 📚 [TeamRocketIST CTF Team](https://teamrocketist.github.io/)
- 📚 [sigterm.ch](https://sigterm.ch/2018/01/01/hackvent-2017-write-up/)
## Podcasts
- [Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans)
- [Tiger Team 24K Heist](https://www.youtube.com/watch?v=pJIlcd6-E70)
- [Darknet Diaries](https://darknetdiaries.com/)
- [Malicious Life](https://malicious.life/)
- [NoLimitSecu](https://www.nolimitsecu.fr/)
## OSINT
- 🧰 [OSINT4ALL](https://start.me/p/L1rEYQ/osint4all)
- 🔧 [FinalRecon — An automatic web reconnaissance tool written in Python](https://github.com/thewhiteh4t/FinalRecon/)
- 📊 [shodan](www.shodan.io), [censys](censys.io), [netcraft](sitereport.netcraft.com)
### Certificate transparency search engines
- [crt.sh](https://crt.sh/)
- [censys.io](https://censys.io/)
- [Facebook CT](https://developers.facebook.com/tools/ct/)
- [Google CT](https://google.com/transparencyreport/https/ct/)
Or from command line with a postgresql client:
psql -h crt.sh -p 5432 -U guest certwatch
## SDR
- 🔧 [Spectrum analyzer for multiple SDR platforms, capable de balayer et d'aggréger des fréquence](https://github.com/xmikos/qspectrumanalyzer/)
## Pentesting
- [Exploit DB](https://www.exploit-db.com/search/)
- [CVE Details](https://cvedetails.com)
- [OpenCVE](https://www.opencve.io/)
- 🧰 [Pentesting tools](https://prune2000.github.io/tools/pentest/)
- 🧰 [Citadel — Collection of pentesting scripts](https://github.com/wintrmvte/Citadel)
- 📑 [Web Application Penetration Testing Notes](https://techvomit.net/web-application-penetration-testing-notes/)
- [PentesterLab exercises](https://www.pentesterlab.com/)
- 🔧 [nmap NSE script based on Vulners.com API](https://github.com/vulnersCom/nmap-vulners)
- 🔧 [sqlmap](https://pypi.python.org/pypi/sqlmap)
- 🔧 [nosqlmap](https://github.com/codingo/nosqlmap)
- 📑 [nmap modules](https://twitter.com/bonsaiviking/status/950772687655309313?s=09)
- 📑 [OWASP Testing Guide](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20testing%20guide%20v2.pdf)
- [Vulners — Vulnerability Assessment Platform](https://vulners.com/landing)
- [Awesome-Hacking — A collection of awesome lists for hackers, pentesters & security researchers](https://github.com/misterch0c/Awesome-Hacking)
- 🎮 [root-me.org](https://www.root-me.org)
- 🎮 [ringzer0team challenges](https://ringzer0team.com/challenges)
- 🎮 [pentesterlab](https://pentesterlab.com/exercises)
- 🎮 [zenk-security](https://www.zenk-security.com/)
- 🎮 [France Cybersecurity Challenge](https://www.france-cybersecurity-challenge.fr/challenges)
## Misc
- 🔧 [PDF Tools](https://blog.didierstevens.com/programs/pdf-tools/)
- 📘 [Security books](https://opsecx.com/index.php/security-books/)
- 📚 [Linux Security Tools](https://linuxsecurity.expert/tools/)
- 📚 [Reddit hacking Wiki (podcasts, osint, scanning, cracking, sqli, awesome, red team, phishing)](https://old.reddit.com/r/hacking/wiki/index)
- 📚 [PortSwigger blog](https://portswigger.net/research)
- 📑 [Hacking Tools Cheat Sheet](https://i.redd.it/fviaw8s43q851.jpg)
- 🔧 [ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.](https://github.com/michelin/ChopChop)
- 📑 [The history of Lets'Encrypt](https://blog.acolyer.org/2020/02/12/lets-encrypt-an-automated-certificate-authority-to-encrypt-the-entire-web/)
- 📼 [Root KSK ceremony](https://www.youtube.com/watch?v=erfsFJsapAs)
- 📚 [Network Cheat Sheets (BGP, EIGRP, IPsec, ...)](https://packetlife.net/library/cheat-sheets/)
- 📑 [nmap cheat sheet](https://docs.google.com/document/d/1ekOUND30jr4RmD-QzL5XQUPPoZkbQwJgvuZ7BwlicIE/mobilebasic)
- 📑 [BeEF - The Browser Exploitation Framework Project](https://beefproject.com/)
- 📚 [Password lists](https://github.com/lavalamp-/password-lists.git)
- 📑 [List of the most common french passwords](https://github.com/tarraschk/richelieu)
- 📚 [SecLists — List of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.](https://github.com/danielmiessler/SecLists.git)
- 📼 [MOOC de l'ANSSI](https://secnumacademie.gouv.fr/)
- 📘 [This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering](http://dfir.org/?q=node/8)
- 📑 [Five Minute Guide to Software Security](https://oneupsecurity.com/research/five-minute-guide-to-software-security)
- 🔧 [Search numbers in a database of 290,695,246 primes and 2,050,312,768 known compisite numbers with known factors](http://factordb.com/)
- 📚 [Collection of articles](http://rafale.org/)
- 📚 [Collection of links](http://www.wawaseb.com/lutile/wsl212.php)
- 🎮 [learn about common mistakes and gotchas when using Amazon Web Services](http://flaws.cloud/)
- [Yes We Hack — bug bounty](https://www.yeswehack.com)
- 🎮 [IRC Puzzles](https://blog.ircpuzzles.org/)
- 📑 [Référentiel général de sécurité](https://www.ssi.gouv.fr/entreprise/reglementation/confiance-numerique/le-referentiel-general-de-securite-rgs/)
- 📑 [Livre Blanc sur la Défense et la Sécurité Nationale](http://www.defense.gouv.fr/content/download/206186/2286591/Livre-blanc-sur-la-Defense-et-la-Securite-nationale%202013.pdf)
- 📑 [haveibeenpwned.com pwned our helpdesk!](https://fyr.io/2020/05/30/haveibeenpwned-com-pwned-our-helpdesk-glpi-9-4-5-sql-injection/)
- 🔧 [JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript.](http://www.jsfuck.com/)
- 🔧 [Inject javascript into a PDF file](https://github.com/cornerpirate/JS2PDFInjector)
- 📑 [ANSSI](https://www.ssi.gouv.fr/)
- 📑 [Zero trust security model](https://en.wikipedia.org/wiki/Zero_Trust_Networks)
- 📑 [Auditing Algorithms](https://auditingalgorithms.science/)
# Misc
- 📑 [Degoogling my phone](https://piware.de/post/2018-05-01-android-degoogle/)
- 🔧 [diagram flowchart slides tree graphviz neato dot](https://mermaidjs.github.io/)
- 📑 [Carte du Métro Parisien](http://carto.metro.free.fr/cartes/metro-paris/)
- 📑 [GDPR](https://techblog.bozho.net/gdpr-practical-guide-developers/)
- 📼 [PyData 2015](http://2015.pydata.fr/slides-videos.html)
- 📼 [PyData Paris 2016](https://www.youtube.com/playlist?list=PLzjFI0G5nSsorlRk51ARRRCY5K2HiATuS)
- 📑 [Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks](https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf)
- 📑 [The Web began dying in 2014, here's how](https://staltz.com/the-web-began-dying-in-2014-heres-how.html)
- 📑 [pi-top — Raspberry Pi made simple, robust and modular](https://pi-top.com/)
# Math
- 📘 [No Bullshit Linear Algebra](https://minireference.com/blog/no-bullshit-linear-algebra-v2-release)
- 📑 [Coffin problems](https://galileofeynman.blogspot.com/2012/11/the-jewish-coffin-problems-of-moscow.html?m=1)
# Unix
- 📑 [30 interesting commands for the Linux shell](https://www.lopezferrando.com/30-interesting-shell-commands/)
- 📑 [Things Every Hacker Once Knew](http://www.catb.org/esr/faqs/things-every-hacker-once-knew/)
- 📑 [Linux Perf writer blog](http://www.brendangregg.com/perf.html)
# Programming
- 📘 [What are reddit's favorite books to learn about programming?](https://redditfavorites.com/books/programming/)
- 🔧 [Find interesting unanswered question on stackoverflow](https://data.stackexchange.com/stackoverflow/query/4038/find-interesting-unanswered-questions)
- 🔧 [AdminLTE — Bootstrap admin dashboard template](https://adminlte.io/) used by PiHole and [hermes](https://github.com/Ousret/hermes)
- 📑 [Floating point arithmetic rounding errors in various languages](https://0.30000000000000004.com/)
- 📚 [A gallery of Voilà dashboards [jupyter][binder]](https://voila-gallery.org)
- 📑 [Learning git: Locations, Remotes, and GitHub](https://www.willingconsulting.com/post/2019-07-01-locations-and-git/)
- 📚 [Learn X in Y minutes](https://learnxinyminutes.com/)
- 📼 [Video Lectures — MIT](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-001-structure-and-interpretation-of-computer-programs-spring-2005/video-lectures/)
- 📚 [600 free courses](https://qz.com/1120344/200-universities-just-launched-600-free-online-courses-heres-the-full-list/)
## Make
- 📑 [Your Makefiles are wrong](https://tech.davis-hansson.com/p/make/)
## Python
- 🔧 [Unit testing Jupyter Notebooks](https://github.com/nteract/testbook)
- 📑 [Why do numbering should start at 0](https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD831.html )
- 📑 [Instructor notes for COMP 3321](https://nsa.sfo2.digitaloceanspaces.com/comp3321.pdf)
- 🔧 [Scalene — Python profiling: memory and CPU](https://github.com/emeryberger/scalene)
- 🔧 [Sampling profiler for Python programs](https://github.com/benfred/py-spy)
- 📑 [WTF Python](https://github.com/satwikkansal/wtfpython)
- 📚 [All Algorithms implemented in Python](https://github.com/TheAlgorithms/Python)
- 📑 [Your Guide to the CPython Source Code](https://realpython.com/cpython-source-code-guide/)
- 📑 [Scipy Workshop](https://github.com/Andrewnetwork/WorkshopScipy)
- 📚 [comp.lang.python](https://groups.google.com/forum/#!forum/comp.lang.python)
- 🔧 [FastAPI framework, high performance, easy to learn, fast to code, ready for production](https://github.com/tiangolo/fastapi)
- 🔧 [Nuitka is a Python compiler written in Python](https://nuitka.net/)
- 🔧 [Pex — Python EXecutable](https://pex.readthedocs.io/)
### Data Science
- 📚 [Data Science Cheat Sheets](https://www.datacamp.com/community/data-science-cheatsheets)
- 📚 [Top 28 Cheat Sheets for Machine Learning, Data Science, Probability, SQL & Big Data](https://www.analyticsvidhya.com/blog/2017/02/top-28-cheat-sheets-for-machine-learning-data-science-probability-sql-big-data/)
- 📚 [Collecting Data Science Cheat Sheets](https://towardsdatascience.com/collecting-data-science-cheat-sheets-d2cdff092855)
- 🔧 [A Flexible And Efficient Library For Deep Learning](https://mxnet.apache.org)
- 🔧 [Keras: the Python deep learning API](https://keras.io)
## GIT
- [The history of git](https://www.welcometothejungle.com/en/articles/btc-history-git)
- [Git tips and tricks](https://about.gitlab.com/2016/12/08/git-tips-and-tricks/)
## Infra
- https://root-servers.org/
- https://www.ansible.com/ansible-best-practices-2017
- https://opensourceinfra.org/
- [SDF Public Access UNIX System .. Est. 1987](https://sdf.org)
# Music
- [Chopin free recordings](https://musopen.org/music/108-nocturnes-op-9/#recordings)
# My Google Dorks
- "tous les livres" "ajouts récents" "index alphabétique"
- "bibliothèque gérée par calibre"
- https://zestedesavoir.com/articles/1079/les-secrets-dun-code-pythonique/
- Kubernetes slides https://gitlab.com/PyBootCamp/k8s-101-python-developers
- Meta linter : prospector
- check-manifest : valide que tous les fichiers définis dans git sont soit explicitement inclus soit explicitement exclus du Manifest.
- Linter de paquets Python : pyroma
- https://github.com/falconry/falcon Web, Framework
- Jupyter dashboard: dash (https://dash.plot.ly/) and voila (pypi.org/p/voila)
- https://www.teachingpython.fm/
- GEF - GDB Enhanced Features for exploit devs & reversers https://github.com/hugsy/gef/blob/dev/README.md
- https://tutorial.octomachinery.dev/en/latest/
- https://linuxfr.org/users/omc/journaux/document-de-cours-python-for-science
- https://www.roguelynn.com/words/asyncio-we-did-it-wrong/
- Django Classy Class Based Views http://ccbv.co.uk/, et pour DRF : http://www.cdrf.co/
- https://igordavydenko.com/talks/de-pycon-2018/
- watchghost: Projet de Arthur de l'Afpy
- testinfra: Pour tester Ansible
- [setup.py vs requirements.txt](https://caremad.io/posts/2013/07/setup-vs-requirement/)

33
content/pages/gpg.md Normal file
View File

@ -0,0 +1,33 @@
Title: GPG
Date: 2021-04-27 21:26:00
# My GPG keys
## Current key
My GPG key fingerprint, since 2021-04-22 is `8AFAA8C574C3E9804BB4337546EBCD72F08E6717`:
- on [keys.openpgp.org](https://keys.openpgp.org/search?q=8AFAA8C574C3E9804BB4337546EBCD72F08E6717)
- on [mdk.fr](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
It can be imported using:
gpg --keyserver hkps://keys.openpgp.org --recv-keys 8AFAA8C574C3E9804BB4337546EBCD72F08E6717
Or with signatures (as keys.openpgp.org don't store them) using:
curl https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub | gpg --import -
## Previous key
My previous, revoked, GPG key was `4FA496041B0B1983E504CE30B4696EEC921B800C`:
- on [keys.openpgp.org](https://keys.openpgp.org/search?q=4FA496041B0B1983E504CE30B4696EEC921B800C)
- on [mdk.fr](https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub)
It can be imported using:
curl https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub | gpg --import -
(Just so you can check the revocation message give the new key fingerprint).

4
content/pages/index.md
View File

@ -12,8 +12,8 @@ CPython core developer, PSF fellow, independent Python trainer.
- Building an online Python exercises platform: [Hackinscience](https://hackinscience.org/).
- 99 other projects on [my github](https://github.com/JulienPalard).
- [My CV](https://mdk.fr/Julien-Palard.pdf)
- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/gpg.pub)
- I'm `mdk` on [freenode](https://webchat.freenode.net)
- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
- I'm `mdk` on [freenode](https://webchat.freenode.net) and <a rel="me" href="https://mamot.fr/@mdk">Mastodon</a>.
> "Walking on water and developing software from a specification are easy if both are frozen." - Edward V. Berard -

10
content/pages/talks.md
View File

@ -4,6 +4,14 @@ status: hidden
## Past
- 2021-01-13:
[AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
[Conférence Packaging sans setup.py](https://julienpalard.frama.io/atelier-packaging/)
- 2020-12-09:
[AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
[Atelier Performances en Python](https://julienpalard.frama.io/atelier-perf/perf.html)
- 2019-06-13:
[Write The Docs Paris](https://www.meetup.com/Write-the-Docs-Paris/): La traduction de la
documentation de Python.
@ -37,4 +45,4 @@ status: hidden
- 2016-10-16:
[PyCon FR 2016](https://www.pycon.fr/2016/pages/programme.html#Traduction%20de%20la%20doc%20de%20Python%20et%20l'internationalisation):
La traduction de la documentation de Python et l'internationalisation.
[video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)
[video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)

6
theme/templates/article.html
View File

@ -1,7 +1,6 @@
{% extends "base.html" %}
{% block title %}{{ article.title|striptags }}{% endblock %}
{% block content %}
{% set ads = True %}
<section id="content" class="body">
<article>
<header>
@ -13,11 +12,6 @@
<div class="entry-content">
{{ article.content }}
</div>
<div class="entry-metadata">
{% if ads %}
<script src="https://sense.framasoft.org/sense3.js" data-sense3="300x250"></script>
{% endif %}
</div>
<footer class="post-info">
<abbr class="published" title="{{ article.date.isoformat() }}">
Published: {{ article.locale_date }}

1
theme/templates/index.html
View File

@ -1,7 +1,6 @@
{% extends "base.html" %}
{% block content_title %}{% endblock %}
{% block content %}
{% set ads = False %}
{% if articles %}
{% for article in articles_page.object_list %}