From b6d74f42cdc93b56d5c2496ce50905950de3328d Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Fri, 7 May 2021 15:35:46 +0200
Subject: [PATCH] Things.

---
 content/blog/reverse-d8.md   | 173 +++++++++++++++++++++
 content/pages/bookmarks.md   | 294 +++++++++++++++++++++++++++++++++++
 content/pages/gpg.md         |  33 ++++
 content/pages/index.md       |   4 +-
 content/pages/talks.md       |  10 +-
 theme/templates/article.html |   6 -
 theme/templates/index.html   |   1 -
 7 files changed, 511 insertions(+), 10 deletions(-)
 create mode 100644 content/blog/reverse-d8.md
 create mode 100644 content/pages/bookmarks.md
 create mode 100644 content/pages/gpg.md

diff --git a/content/blog/reverse-d8.md b/content/blog/reverse-d8.md
new file mode 100644
index 0000000..680e19a
--- /dev/null
+++ b/content/blog/reverse-d8.md
@@ -0,0 +1,173 @@
+---
+Title: Reversing coffee machine key
+Date: 2021-05-07 12:12:55
+---
+
+
+At $DAYJOB, a long time ago, we had big a coffee machine allowing us
+to store money in NFC keys. NFC keys were Mifare 1K ones, so they had
+a security hole (Search mfoc), so I tried reverse engineering them,
+you know, free coffee…
+
+Before starting you can [download key
+dumps](https://mdk.fr/x/keys.tar.bz2) to follow along with me.
+
+I will not paste all dumps in this page, (1k dumps are big in hexadecimal on a
+blog post) but I dumped a few keys with a few different values, and
+I'll post the diffs between dumps.
+
+I got two keys, and two dumps per key. First key from 9.2€ to
+8.35€. Second key from 0€ to 0.10€
+
+Diff of the first key (Between a dump of 9.2€ and a dump of 8.35€):
+
+```diff
+< 2 060  b491 7e19 0000 0000 0000 0000 1801 003f  100 R:AB W:-B I:-- DTR:-- r/w block
+---
+> 2 060  82bb 261a 0000 0000 0000 0000 1c01 0020  100 R:AB W:-B I:-- DTR:-- r/w block
+26,27c26,27
+< 0 080  9803 0000 67fc ffff 9803 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+< 1 090  c503 0000 3afc ffff c503 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+---
+> 0 080  4303 0000 bcfc ffff 4303 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+> 1 090  7003 0000 8ffc ffff 7003 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+```
+
+Diff of the second key (Between a dump of 0€ and a dump of 0.10€):
+
+```diff
+< 2 060  daa0 9019 0000 0000 0000 0000 2200 0098  100 R:AB W:-B I:-- DTR:-- r/w block
+---
+> 2 060  2eaf 261a 0000 0000 0000 0000 2300 00d2  100 R:AB W:-B I:-- DTR:-- r/w block
+26,27c26,27
+< 0 080  0000 0000 ffff ffff 0000 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+< 1 090  2d00 0000 d2ff ffff 2d00 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+---
+> 0 080  0a00 0000 f5ff ffff 0a00 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+> 1 090  0000 0000 ffff ffff 0000 0000 09f6 09f6  110 R:AB W:-B I:-B DTR:AB r/w block
+```
+
+To start let's focus on the two-lines diff, at adresses `0x080` and `0x090`.
+
+When I reverse engineer I like to loop between "presentation" (put an
+effort to make the data readable) and "understanding" (get an
+information from the data), so my first step, is to render this in a
+clean way. I had an intuition for a one's complement (as I spotted
+`ffff` / `0000`, what an intuition...), so I wanted to see binary
+data. I also dropped columns of data that were identical between two
+dumps:
+
+```text
+9.2 : 9803 0000 67fc  c503 0000 3afc | 10011000.00000011 ... 01100111.11111100  11000101.00000011 ... 00111010.11111100
+8.3 : 4303 0000 bcfc  7003 0000 8ffc | 01000011.00000011 ... 10111100.11111100  01110000.00000011 ... 10001111.11111100
+0.1 : 0a00 0000 f5ff  0000 0000 ffff | 00001010.00000000 ... 11110101.11111111  00000000.00000000 ... 11111111.11111111
+0.0 : 0000 0000 ffff  2d00 0000 d2ff | 00000000.00000000 ... 11111111.11111111  00101101.00000000 ... 11010010.11111111
+```
+
+So, my first intuition was true: the data is stored twice, the 2nd one
+is the one's complement of the first. So half of the data is useless
+for me, I can drop it from my representation.
+
+Follow a simplified presentation witout duplicate (complemented) data:
+
+```text
+9.2 : 9803 c503 10011000.00000011 11000101.00000011 0398 -> 920 | 03c5 -> 965
+8.3 : 4303 7003 01000011.00000011 01110000.00000011 0343 -> 835 | 0370 -> 880
+0.1 : 0a00 0000 00001010.00000000 00000000.00000000 000A ->  10 | 0000 ->   0
+0.0 : 0000 2d00 00000000.00000000 00101101.00000000 0000 ->   0 | 002d ->  45
+```
+
+At this point I see `0a00` on the `0.10€` key, as `0a(16)` is
+`10(10)`, `0a00` is `10` in big endian... money may be stored here…
+in big endian in 1/100 of euros. Let's test with `9803(16be)`, gives
+`920(10)` that give `9.20€`, yes!! Free coffee not far away!
+
+This is the big part of the dump, the remaining part (top one) seems
+to store metadata but is not reversed yet.
+
+Follow two tables, for the two keys, showing old_value -> new_value,
+with, for each value, its binay representation and its base 10
+representation as if value is stored in big endian.
+
+In the following table, 16be mean "From base 16 big endian to
+decimal", 16le for little endian.
+
+```text
+9.2 -> 8.35
+Value: As binary          16be  16le    Value: As binary          16be  16le
+DAA0 : 11011010.10100000 41178 55968 -> 2EAF : 00101110.10101111 44846 11951 date ?
+9019 : 10010000.00011001  6544 36889 -> 261A : 00100110.00011010  6694  9754
+2200 : 00100010.00000000    34  8704 -> 2300 : 00100011.00000000    35  8960 count ?
+0098 : 00000000.10011000 38912   152 -> 00D2 : 00000000.11010010 53760   210
+```
+
+```text
+0.0 -> 0.1
+Value: As binary          16be  16le    Value: As binary          16be  16le
+B491 : 10110100.10010001 37300 46225 -> 82BB : 10000010.10111011 48002 d33467 date ?
+7E19 : 01111110.00011001  6526 32281 -> 261A : 00100110.00011010  6694   9754
+1801 : 00011000.00000001   280  6145 -> 1C01 : 00011100.00000001   284   7169 count ?
+003F : 00000000.00111111 16128    63 -> 0020 : 00000000.00100000  8192     32
+```
+
+Non reversed data:
+
+```text
+mandark@blanc$ grep 00000060 *.dmp.hex | column -t
+step1-0.dmp.hex:00000060    da  a0  90  19  00  00  00  00  00  00  00  00  22  00  00  98  |............"...|
+step2-0.1.dmp.hex:00000060  2e  af  26  1a  00  00  00  00  00  00  00  00  23  00  00  d2  |..&.........#...|
+step3-0.2.dmp.hex:00000060  53  1a  51  1a  00  00  00  00  00  00  00  00  24  00  00  98  |S.Q.........$...|
+```
+
+```text
+mandark@blanc$ grep 00000060 *.dmp.hex | column -t
+step1-9.2.dmp.hex:00000060   b4  91  7e  19  00  00  00  00  00  00  00  00  18  01  00  3f  |..~............?|
+step2-8.35.dmp.hex:00000060  82  bb  26  1a  00  00  00  00  00  00  00  00  1c  01  00  20  |..&............ |
+step3-3.9.dmp.hex:00000060   c7  9a  59  1a  00  00  00  00  00  00  00  00  2a  01  00  91  |..Y.........*...|
+```
+
+Clearly `0022 0023 0024`, and `0118 011C 012A` are juste counters. I only
+add 10 cents on the key1 between each dumps, but I drink some coffee
+between each dumps on key2, so it's normal values. I now know I drank
+18 coffees between first and last dump!
+
+```text
+-----------------------------------------------------------------------------------
+|money |  counter     |    Last byte ?    | First long, kind of timestamp         |
+|---------------------------------------------------------------------------------|
+|euro  |  hex     dec | hex  dec      bin |         hex  little endian        dec |
+|---------------------------------------------------------------------------------|
+|0     |  22 00    34 |  98  152 10011000 | da a0 90 19    19 90 a0 da  428908762 |
+|0.1   |  23 00    35 |  D2  210 11010010 | 2e af 26 1a    1a 26 af 2e  438742830 |
+|0.2   |  24 00    36 |  98  152 10011000 | 53 1a 51 1a    1a 51 1a 53  441522771 |
+|---------------------------------------------------------------------------------|
+|9.2   |  18 01   280 |  3F   63 00111111 | b4 91 7e 19    19 7e 91 b4  427725236 |
+|8.35  |  1C 01   284 |  20   32 00100000 | 82 bb 26 1a    1a 26 bb 82  438745986 |
+|3.9   |  2A 01   298 |  91  145 10010001 | c7 9a 59 1a    1a 59 9a c7  442079943 |
+-----------------------------------------------------------------------------------
+```
+
+First long seems to be a kind of timestamp, but it's not a unix
+timestamp. It seems to count seconds, but I don't know the start
+point. Start point may be random ^-^
+
+
+About last byte, I tried some crc's (namely crc-8, crc-8-darc,
+crc-8-i-code, crc-8-itu, crc-8-maxim, crc-8-rohc, crc-8-wcdma, crc-16,
+crc-16-buypass, crc-16-dds-110, crc-16-dect, crc-16-dnp,
+crc-16-en-13757, crc-16-genibus, crc-16-maxim, crc-16-mcrf4xx,
+crc-16-riello, crc-16-t10-dif, crc-16-teledisk, crc-16-usb, x-25,
+xmodem, modbus, kermit, crc-ccitt-false, crc-aug-ccitt, crc-24,
+crc-24-flexray-a, crc-24-flexray-b, crc-32, crc-32-bzip2, crc-32c,
+crc-32d, crc-32-mpeg, posix, crc-32q, jamcrc, xfer, crc-64, crc-64-we,
+crc-64-jones)
+
+I tried with last byte set to any possible value and I '% 255'ed
+results, also tried without last byte, so I got a lot of false
+positive matches, for example, for step1-0.dmp.hex:00000060, I have 39
+possibilities yielding to 98, but I found NO possibility working with
+the same params for two different dumps.
+
+We may try to compute more value in CRC's, for example whole block, I
+just tried to CRC a single line (16 bytes), but I stopped my research
+here and get back to work.
diff --git a/content/pages/bookmarks.md b/content/pages/bookmarks.md
new file mode 100644
index 0000000..be6664f
--- /dev/null
+++ b/content/pages/bookmarks.md
@@ -0,0 +1,294 @@
+Title: Bookmarks
+Date: 2021-05-05 15:21:00
+
+
+# HTTP
+
+- 📊 [Proxy networks and data collection tools](https://brightdata.com/)
+- 📑 [Cours HTTP au CNAM de Stephane Bortzmeyer](https://www.bortzmeyer.org/cours-http-cnam.html)
+- 📑 [RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content](https://tools.ietf.org/html/rfc7231)
+
+
+## Microservice
+
+- 📑 [Twelve Patterns for Hypermedia Microservices](https://www.infoq.com/presentations/12-patterns-api-microservices/)
+- 📑 [Microservices in a Post-Kubernetes Era](https://www.infoq.com/articles/microservices-post-kubernetes)
+- 📑 [How to choose a database for your microservices](https://www.infoworld.com/article/3236291/database/how-to-choose-a-database-for-your-microservices.amp.html)
+
+
+## APIs
+
+- 📊 [Public APIs: A Collection of Public and Free APIs for Development](https://public-apis.xyz/)
+- 📚 [Mike Amoundsen blog](http://amundsen.com/blog/)
+- 🔧 [Agnostic Github client API — An EDSL for connecting to REST servers](https://github.com/mozilla/agithub)
+- 📑 [APIs You Won't Hate — A community that cares about API design and development](https://apisyouwonthate.com/)
+- 📑 [A Web API ecosystem through feature-based reuse](https://ruben.verborgh.org/articles/web-api-ecosystem/)
+- 📑 [The Structure of Information Networks — Computer Science 685 — Cornell University — Fall 2007](https://www.cs.cornell.edu/courses/cs685/2007fa/)
+- 📑 [Mechanisms for obtaining information about the meaning of a given URI](https://www.w3.org/2001/tag/group/track/issues/57)
+- 📑 [Python API Checklist](http://python.apichecklist.com/)
+- 📑 [Open Data Protocol (OData)](https://fr.wikipedia.org/wiki/Open_Data_Protocol)
+- 📑 [API Evangelist is about making sense of the world of application programming interfaces](https://apievangelist.com/)
+
+
+### REST
+
+- 📚 [Roy T. Fielding's blog](https://roy.gbiv.com/untangled/)
+- 📑 [It is okay to use POST — Roy T. Fielding](https://roy.gbiv.com/untangled/2009/it-is-okay-to-use-post)
+- 📑 [Misunderstanding REST](https://hanselminutes.com/236/misunderstanding-rest-with-mike-amundsen)
+- 📑 [Using Web Sequence Diagrams with your APIs](http://amundsen.com/talks/2018-09-restfest/index.html)
+- 📑 [Twelve Patterns for Evolvable APIs Revisited](http://amundsen.com/talks/2017-12-yow/index.html)
+- 📑 [Some thoughts on resources, information resources and representations](https://www.w3.org/2001/tag/2008/02/RepresentationResources.html)
+- 📑 [REST without the hypertext constraint is like pipe-and-filter without the pipes](http://roy.gbiv.com/untangled/2008/on-software-architecture#more-10)
+- 📑 [resources are just consistent mappings from an identifier to some set of views on server-side state.](http://roy.gbiv.com/untangled/2008/paper-tigers-and-hidden-dragons)
+- 📑 [A REST API must not define fixed resource names or hierarchies](http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven)
+- 📑 [principled design of the modern web architecture — Roy T. Fielding](http://dl.acm.org/citation.cfm?doid=3106237.3121282)
+
+
+### GraphQL
+
+- 🔧 [GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)](https://github.com/graphql/graphql-playground)
+- 🔧 [django-restql: Turn your API made with Django REST Framework(DRF) into a GraphQL like API.](https://github.com/yezyilomo/django-restql)
+- 🔧 [GraphQL Doctor: Prevent Breaking Changes in a GraphQL API with GitHub Checks](https://github.com/cap-collectif/graphql-doctor)
+- 📑 [GitHub GraphQL API](https://docs.github.com/en/graphql)
+- 🔧 [Graphene: GraphQL in Python Made Easy](https://graphene-python.org/)
+- 📑 [Representing State in REST and GraphQL](https://philsturgeon.uk/api/2017/06/19/representing-state-in-rest-and-graphql/)
+
+
+
+# Traduction
+
+- 📑 [Entretiens autour de la traduction collaborative](https://bzg.fr/entretiens-autour-de-la-traduction-collaborative.html/)
+- 📑 [Orthotypographie, de Jean-Pierre Lacroux (Lexique des règles typographiques françaises)](http://www.orthotypographie.fr/volume-I/academie-accentuation.html)
+- 📑 [L'association Traduc.org](https://traduc.org)
+- 📑 [Recommandations pour la traduction de documents techniques Red Hat de en_US -> fr_FR](https://fedoraproject.org/w/uploads/c/c1/Guide_stylistique_de_traduction_EN-FR_24NOV14.pdf)
+- 📘 [Petites leçons de typographie — Jacques André](http://jacques-andre.fr/faqtypo/lessons.pdf)
+- 🔧 [Deepl](https://www.deepl.com)
+- 🔧 [Gramalecte](https://fr.m.wikipedia.org/wiki/Grammalecte)
+
+
+# Cybersecurity
+
+- 🔧 [Temporary email address redirection](jetable.org)
+- 🔧 [fsociety — A Modular Penetration Testing Framework](https://github.com/fsociety-team/fsociety)
+- 📚 [hackingthe.cloud — Knowledge about cloud, enumeration, exploitation, avoid detection, AWS, azure, GCP...](https://hackingthe.cloud/aws/)
+
+
+## Cryptography
+
+- 🔧 [Detect and decode encoded strings, recursively.](https://github.com/UltimateHackers/Decodify)
+- 🔧 [Quipqiup: A fast and automated cryptogram solver](https://quipqiup.com/)
+- 🔧 [lantern —  Cryptanalysis library for breaking classical ciphers](https://github.com/CameronLonsdale/lantern)
+- 🔧 [hashID — Hash Identifier](http://psypanda.github.io/hashID/)
+- 🔧 [Ciphey — Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes](https://github.com/Ciphey/Ciphey)
+
+
+## Writeups
+
+- 📚 [CTF solutions from p4 team](https://github.com/p4-team/ctf)
+- 📚 [TeamRocketIST CTF Team](https://teamrocketist.github.io/)
+- 📚 [sigterm.ch](https://sigterm.ch/2018/01/01/hackvent-2017-write-up/)
+
+
+## Podcasts
+
+- [Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans)
+- [Tiger Team 24K Heist](https://www.youtube.com/watch?v=pJIlcd6-E70)
+- [Darknet Diaries](https://darknetdiaries.com/)
+- [Malicious Life](https://malicious.life/)
+- [NoLimitSecu](https://www.nolimitsecu.fr/)
+
+
+## OSINT
+
+- 🧰 [OSINT4ALL](https://start.me/p/L1rEYQ/osint4all)
+- 🔧 [FinalRecon — An automatic web reconnaissance tool written in Python](https://github.com/thewhiteh4t/FinalRecon/)
+- 📊 [shodan](www.shodan.io), [censys](censys.io), [netcraft](sitereport.netcraft.com)
+
+
+### Certificate transparency search engines
+
+- [crt.sh](https://crt.sh/)
+- [censys.io](https://censys.io/)
+- [Facebook CT](https://developers.facebook.com/tools/ct/)
+- [Google CT](https://google.com/transparencyreport/https/ct/)
+
+Or from command line with a postgresql client:
+
+    psql -h crt.sh -p 5432 -U guest certwatch
+
+
+## SDR
+
+- 🔧 [Spectrum analyzer for multiple SDR platforms, capable de balayer et d'aggréger des fréquence](https://github.com/xmikos/qspectrumanalyzer/)
+
+
+## Pentesting
+
+- [Exploit DB](https://www.exploit-db.com/search/)
+- [CVE Details](https://cvedetails.com)
+- [OpenCVE](https://www.opencve.io/)
+- 🧰 [Pentesting tools](https://prune2000.github.io/tools/pentest/)
+- 🧰 [Citadel —  Collection of pentesting scripts](https://github.com/wintrmvte/Citadel)
+- 📑 [Web Application Penetration Testing Notes](https://techvomit.net/web-application-penetration-testing-notes/)
+- [PentesterLab exercises](https://www.pentesterlab.com/)
+- 🔧 [nmap NSE script based on Vulners.com API](https://github.com/vulnersCom/nmap-vulners)
+- 🔧 [sqlmap](https://pypi.python.org/pypi/sqlmap)
+- 🔧 [nosqlmap](https://github.com/codingo/nosqlmap)
+- 📑 [nmap modules](https://twitter.com/bonsaiviking/status/950772687655309313?s=09)
+- 📑 [OWASP Testing Guide](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20testing%20guide%20v2.pdf)
+- [Vulners — Vulnerability Assessment Platform](https://vulners.com/landing)
+- [Awesome-Hacking — A collection of awesome lists for hackers, pentesters & security researchers](https://github.com/misterch0c/Awesome-Hacking)
+- 🎮 [root-me.org](https://www.root-me.org)
+- 🎮 [ringzer0team challenges](https://ringzer0team.com/challenges)
+- 🎮 [pentesterlab](https://pentesterlab.com/exercises)
+- 🎮 [zenk-security](https://www.zenk-security.com/)
+- 🎮 [France Cybersecurity Challenge](https://www.france-cybersecurity-challenge.fr/challenges)
+
+
+## Misc
+
+- 🔧 [PDF Tools](https://blog.didierstevens.com/programs/pdf-tools/)
+- 📘 [Security books](https://opsecx.com/index.php/security-books/)
+- 📚 [Linux Security Tools](https://linuxsecurity.expert/tools/)
+- 📚 [Reddit hacking Wiki (podcasts, osint, scanning, cracking, sqli, awesome, red team, phishing)](https://old.reddit.com/r/hacking/wiki/index)
+- 📚 [PortSwigger blog](https://portswigger.net/research)
+- 📑 [Hacking Tools Cheat Sheet](https://i.redd.it/fviaw8s43q851.jpg)
+- 🔧 [ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.](https://github.com/michelin/ChopChop)
+- 📑 [The history of Lets'Encrypt](https://blog.acolyer.org/2020/02/12/lets-encrypt-an-automated-certificate-authority-to-encrypt-the-entire-web/)
+- 📼 [Root KSK ceremony](https://www.youtube.com/watch?v=erfsFJsapAs)
+- 📚 [Network Cheat Sheets (BGP, EIGRP, IPsec, ...)](https://packetlife.net/library/cheat-sheets/)
+- 📑 [nmap cheat sheet](https://docs.google.com/document/d/1ekOUND30jr4RmD-QzL5XQUPPoZkbQwJgvuZ7BwlicIE/mobilebasic)
+- 📑 [BeEF - The Browser Exploitation Framework Project](https://beefproject.com/)
+- 📚 [Password lists](https://github.com/lavalamp-/password-lists.git)
+- 📑 [List of the most common french passwords](https://github.com/tarraschk/richelieu)
+- 📚 [SecLists — List of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.](https://github.com/danielmiessler/SecLists.git)
+- 📼 [MOOC de l'ANSSI](https://secnumacademie.gouv.fr/)
+- 📘 [This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering](http://dfir.org/?q=node/8)
+- 📑 [Five Minute Guide to Software Security](https://oneupsecurity.com/research/five-minute-guide-to-software-security)
+- 🔧 [Search numbers in a database of 290,695,246 primes and 2,050,312,768 known compisite numbers with known factors](http://factordb.com/)
+- 📚 [Collection of articles](http://rafale.org/)
+- 📚 [Collection of links](http://www.wawaseb.com/lutile/wsl212.php)
+- 🎮 [learn about common mistakes and gotchas when using Amazon Web Services](http://flaws.cloud/)
+- [Yes We Hack — bug bounty](https://www.yeswehack.com)
+- 🎮 [IRC Puzzles](https://blog.ircpuzzles.org/)
+- 📑 [Référentiel général de sécurité](https://www.ssi.gouv.fr/entreprise/reglementation/confiance-numerique/le-referentiel-general-de-securite-rgs/)
+- 📑 [Livre Blanc sur la Défense et la Sécurité Nationale](http://www.defense.gouv.fr/content/download/206186/2286591/Livre-blanc-sur-la-Defense-et-la-Securite-nationale%202013.pdf)
+- 📑 [haveibeenpwned.com pwned our helpdesk!](https://fyr.io/2020/05/30/haveibeenpwned-com-pwned-our-helpdesk-glpi-9-4-5-sql-injection/)
+- 🔧 [JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript.](http://www.jsfuck.com/)
+- 🔧 [Inject javascript into a PDF file](https://github.com/cornerpirate/JS2PDFInjector)
+- 📑 [ANSSI](https://www.ssi.gouv.fr/)
+- 📑 [Zero trust security model](https://en.wikipedia.org/wiki/Zero_Trust_Networks)
+- 📑 [Auditing Algorithms](https://auditingalgorithms.science/)
+
+
+# Misc
+
+- 📑 [Degoogling my phone](https://piware.de/post/2018-05-01-android-degoogle/)
+- 🔧 [diagram flowchart slides tree graphviz neato dot](https://mermaidjs.github.io/)
+- 📑 [Carte du Métro Parisien](http://carto.metro.free.fr/cartes/metro-paris/)
+- 📑 [GDPR](https://techblog.bozho.net/gdpr-practical-guide-developers/)
+- 📼 [PyData 2015](http://2015.pydata.fr/slides-videos.html)
+- 📼 [PyData Paris 2016](https://www.youtube.com/playlist?list=PLzjFI0G5nSsorlRk51ARRRCY5K2HiATuS)
+- 📑 [Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks](https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf)
+- 📑 [The Web began dying in 2014, here's how](https://staltz.com/the-web-began-dying-in-2014-heres-how.html)
+- 📑 [pi-top — Raspberry Pi made simple, robust and modular](https://pi-top.com/)
+
+
+# Math
+
+- 📘 [No Bullshit Linear Algebra](https://minireference.com/blog/no-bullshit-linear-algebra-v2-release)
+- 📑 [Coffin problems](https://galileofeynman.blogspot.com/2012/11/the-jewish-coffin-problems-of-moscow.html?m=1)
+
+# Unix
+
+- 📑 [30 interesting commands for the Linux shell](https://www.lopezferrando.com/30-interesting-shell-commands/)
+- 📑 [Things Every Hacker Once Knew](http://www.catb.org/esr/faqs/things-every-hacker-once-knew/)
+- 📑 [Linux Perf writer blog](http://www.brendangregg.com/perf.html)
+
+
+# Programming
+
+- 📘 [What are reddit's favorite books to learn about programming?](https://redditfavorites.com/books/programming/)
+- 🔧 [Find interesting unanswered question on stackoverflow](https://data.stackexchange.com/stackoverflow/query/4038/find-interesting-unanswered-questions)
+- 🔧 [AdminLTE — Bootstrap admin dashboard template](https://adminlte.io/) used by PiHole and [hermes](https://github.com/Ousret/hermes)
+- 📑 [Floating point arithmetic rounding errors in various languages](https://0.30000000000000004.com/)
+- 📚 [A gallery of Voilà dashboards [jupyter][binder]](https://voila-gallery.org)
+- 📑 [Learning git: Locations, Remotes, and GitHub](https://www.willingconsulting.com/post/2019-07-01-locations-and-git/)
+- 📚 [Learn X in Y minutes](https://learnxinyminutes.com/)
+- 📼 [Video Lectures — MIT](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-001-structure-and-interpretation-of-computer-programs-spring-2005/video-lectures/)
+- 📚 [600 free courses](https://qz.com/1120344/200-universities-just-launched-600-free-online-courses-heres-the-full-list/)
+
+
+## Make
+
+- 📑 [Your Makefiles are wrong](https://tech.davis-hansson.com/p/make/)
+
+
+## Python
+
+- 🔧 [Unit testing Jupyter Notebooks](https://github.com/nteract/testbook)
+- 📑 [Why do numbering should start at 0](https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD831.html )
+- 📑 [Instructor notes for COMP 3321](https://nsa.sfo2.digitaloceanspaces.com/comp3321.pdf)
+- 🔧 [Scalene — Python profiling: memory and CPU](https://github.com/emeryberger/scalene)
+- 🔧 [Sampling profiler for Python programs](https://github.com/benfred/py-spy)
+- 📑 [WTF Python](https://github.com/satwikkansal/wtfpython)
+- 📚 [All Algorithms implemented in Python](https://github.com/TheAlgorithms/Python)
+- 📑 [Your Guide to the CPython Source Code](https://realpython.com/cpython-source-code-guide/)
+- 📑 [Scipy Workshop](https://github.com/Andrewnetwork/WorkshopScipy)
+- 📚 [comp.lang.python](https://groups.google.com/forum/#!forum/comp.lang.python)
+- 🔧 [FastAPI framework, high performance, easy to learn, fast to code, ready for production](https://github.com/tiangolo/fastapi)
+- 🔧 [Nuitka is a Python compiler written in Python](https://nuitka.net/)
+- 🔧 [Pex — Python EXecutable](https://pex.readthedocs.io/)
+
+
+### Data Science
+
+- 📚 [Data Science Cheat Sheets](https://www.datacamp.com/community/data-science-cheatsheets)
+- 📚 [Top 28 Cheat Sheets for Machine Learning, Data Science, Probability, SQL & Big Data](https://www.analyticsvidhya.com/blog/2017/02/top-28-cheat-sheets-for-machine-learning-data-science-probability-sql-big-data/)
+- 📚 [Collecting Data Science Cheat Sheets](https://towardsdatascience.com/collecting-data-science-cheat-sheets-d2cdff092855)
+- 🔧 [A Flexible And Efficient Library For Deep Learning](https://mxnet.apache.org)
+- 🔧 [Keras: the Python deep learning API](https://keras.io)
+
+
+## GIT
+
+- [The history of git](https://www.welcometothejungle.com/en/articles/btc-history-git)
+- [Git tips and tricks](https://about.gitlab.com/2016/12/08/git-tips-and-tricks/)
+
+
+## Infra
+
+- https://root-servers.org/
+- https://www.ansible.com/ansible-best-practices-2017
+- https://opensourceinfra.org/
+- [SDF Public Access UNIX System .. Est. 1987](https://sdf.org)
+
+
+# Music
+
+- [Chopin free recordings](https://musopen.org/music/108-nocturnes-op-9/#recordings)
+
+
+# My Google Dorks
+
+- "tous les livres" "ajouts récents" "index alphabétique"
+- "bibliothèque gérée par calibre"
+
+
+ - https://zestedesavoir.com/articles/1079/les-secrets-dun-code-pythonique/
+ - Kubernetes slides https://gitlab.com/PyBootCamp/k8s-101-python-developers
+ - Meta linter : prospector
+ - check-manifest : valide que tous les fichiers définis dans git sont soit explicitement inclus soit explicitement exclus du Manifest.
+ - Linter de paquets Python : pyroma
+ - https://github.com/falconry/falcon Web, Framework
+ - Jupyter dashboard: dash (https://dash.plot.ly/) and voila (pypi.org/p/voila)
+ - https://www.teachingpython.fm/
+ - GEF - GDB Enhanced Features for exploit devs & reversers https://github.com/hugsy/gef/blob/dev/README.md
+ - https://tutorial.octomachinery.dev/en/latest/
+ - https://linuxfr.org/users/omc/journaux/document-de-cours-python-for-science
+ - https://www.roguelynn.com/words/asyncio-we-did-it-wrong/
+ - Django Classy Class Based Views http://ccbv.co.uk/, et pour DRF : http://www.cdrf.co/
+ - https://igordavydenko.com/talks/de-pycon-2018/
+ - watchghost: Projet de Arthur de l'Afpy
+ - testinfra: Pour tester Ansible
+ - [setup.py vs requirements.txt](https://caremad.io/posts/2013/07/setup-vs-requirement/)
diff --git a/content/pages/gpg.md b/content/pages/gpg.md
new file mode 100644
index 0000000..e12fda0
--- /dev/null
+++ b/content/pages/gpg.md
@@ -0,0 +1,33 @@
+Title: GPG
+Date: 2021-04-27 21:26:00
+
+# My GPG keys
+
+## Current key
+
+My GPG key fingerprint, since 2021-04-22 is `8AFAA8C574C3E9804BB4337546EBCD72F08E6717`:
+
+- on [keys.openpgp.org](https://keys.openpgp.org/search?q=8AFAA8C574C3E9804BB4337546EBCD72F08E6717)
+- on [mdk.fr](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
+
+It can be imported using:
+
+    gpg --keyserver hkps://keys.openpgp.org --recv-keys 8AFAA8C574C3E9804BB4337546EBCD72F08E6717
+
+Or with signatures (as keys.openpgp.org don't store them) using:
+
+    curl https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub | gpg --import -
+
+
+## Previous key
+
+My previous, revoked, GPG key was `4FA496041B0B1983E504CE30B4696EEC921B800C`:
+
+- on [keys.openpgp.org](https://keys.openpgp.org/search?q=4FA496041B0B1983E504CE30B4696EEC921B800C)
+- on [mdk.fr](https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub)
+
+It can be imported using:
+
+    curl https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub | gpg --import -
+
+(Just so you can check the revocation message give the new key fingerprint).
diff --git a/content/pages/index.md b/content/pages/index.md
index 995fb87..a8a4f21 100644
--- a/content/pages/index.md
+++ b/content/pages/index.md
@@ -12,8 +12,8 @@ CPython core developer, PSF fellow, independent Python trainer.
     - Building an online Python exercises platform: [Hackinscience](https://hackinscience.org/).
     - 99 other projects on [my github](https://github.com/JulienPalard).
 - [My CV](https://mdk.fr/Julien-Palard.pdf)
-- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/gpg.pub)
-- I'm `mdk` on [freenode](https://webchat.freenode.net)
+- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
+- I'm `mdk` on [freenode](https://webchat.freenode.net) and <a rel="me" href="https://mamot.fr/@mdk">Mastodon</a>.
 
 > "Walking on water and developing software from a specification are easy if both are frozen." - Edward V. Berard -
 
diff --git a/content/pages/talks.md b/content/pages/talks.md
index d82e2ea..dfd9940 100644
--- a/content/pages/talks.md
+++ b/content/pages/talks.md
@@ -4,6 +4,14 @@ status: hidden
 
 ## Past
 
+- 2021-01-13:
+  [AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
+  [Conférence Packaging sans setup.py](https://julienpalard.frama.io/atelier-packaging/)
+
+- 2020-12-09:
+  [AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
+  [Atelier Performances en Python](https://julienpalard.frama.io/atelier-perf/perf.html)
+
 - 2019-06-13:
   [Write The Docs Paris](https://www.meetup.com/Write-the-Docs-Paris/): La traduction de la
   documentation de Python.
@@ -37,4 +45,4 @@ status: hidden
 - 2016-10-16:
   [PyCon FR 2016](https://www.pycon.fr/2016/pages/programme.html#Traduction%20de%20la%20doc%20de%20Python%20et%20l'internationalisation):
   La traduction de la documentation de Python et l'internationalisation.
-  [video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)
\ No newline at end of file
+  [video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)
diff --git a/theme/templates/article.html b/theme/templates/article.html
index bb46c28..acb0525 100644
--- a/theme/templates/article.html
+++ b/theme/templates/article.html
@@ -1,7 +1,6 @@
 {% extends "base.html" %}
 {% block title %}{{ article.title|striptags }}{% endblock %}
 {% block content %}
-{% set ads = True %}
 <section id="content" class="body">
   <article>
     <header>
@@ -13,11 +12,6 @@
     <div class="entry-content">
       {{ article.content }}
     </div>
-    <div class="entry-metadata">
-      {% if ads %}
-          <script src="https://sense.framasoft.org/sense3.js" data-sense3="300x250"></script>
-      {% endif %}
-    </div>
     <footer class="post-info">
         <abbr class="published" title="{{ article.date.isoformat() }}">
             Published: {{ article.locale_date }}
diff --git a/theme/templates/index.html b/theme/templates/index.html
index 2ad7f5d..0856766 100644
--- a/theme/templates/index.html
+++ b/theme/templates/index.html
@@ -1,7 +1,6 @@
 {% extends "base.html" %}
 {% block content_title %}{% endblock %}
 {% block content %}
-{% set ads = False %}
 {% if articles %}
     {% for article in articles_page.object_list %}