Mark Stanislav

Working on a little Ruby on Rails side project for the first time in a long time, I learned about Avo Admin , which is a super-quick way to provide administrative management of your model data sets. If you had previously used (like me) Active Admin or similar, you'll be shocked at how good Avo looks & works. Avo leverages ActiveStorage  for file uploads and does not natively support third-party solutions like Shrine . However, I did see a  closed Github issue  that touches on this topic and the reccomendation was to use a custom field to approach this integration. A bit leery of going down a rabbit hole, I took a peek at the documentation for custom fields  and figured I could fail pretty fast at least. Well the good news is, I didn't fail! In fact, it was super fast to do this integration with Avo and Shrine, so much so I figured a blog post for the Internet searchers among us may be of merit. Caveat emptor that this may be an ugly approach - I have no idea - bu...

If you're a Home Assistant  user and control your lights, it's possible you've added one (or a few) Philips Hue Dimmer remotes, models RWL020 (US) or RWL021 (EU). Over the past few years I've controlled my Hue bulbs (after a factory reset thanks to hue-thief ) directly with my  HUSBZB-1  USB Zigbee/Z-Wave radio, foregoing any extra Hue hub hardware/integrations. One issue I've had for years, however, is that my Hue remotes had single button-press functionality for the On, Dim Up, Dim Down, and Off buttons. This is great for simple setups, but not having a 'Hold' event for each button means that I am missing out on effectively doubling my remote's functionality, including repurposing each button for a different set of lights. That was, until today :) If you're like me, you may have been running HA for years now and have paired Zigbee devices long ago. It was only after reviewing a recent HA Blueprint submission  that it occurred to me that there was ...

Having spent entirely too much of my time in the last week contacting IT security vendors for pricing estimates, I've certainly seen the best—and worst—of technology sales. I've been on the other side of sales before, from sitting with BDRs and giving feedback on cold calls, to handling pre-sales engineering efforts for various technology services. It's not easy, and sometimes, it's completely terrible. Being in sales isn't necessarily fun, but if you get it wrong for your company, you can burn some big bridges, very quickly. Today, I had the misfortune of having someone respond to my contact form where I was asking for a price estimate with a phone call that began with little introduction and a few hostility-ridden questions. It took me a few minutes to figure out what the problem was, but once I did, I was infuriated. This company, a teeny-tiny niche IT firm, called to interrogate me with an accusatory tone that I was going to somehow—intentionally or otherwise—le...

With the release of MS15–002 on January 13th, the unfortunate tradition of rote guidance to patch—rather than to mitigate risk—continued. While it's still a struggle to get organizations to take patch management seriously, the "fix the symptom, not the cause" approach to information security once again reared its ugly head. Sure, patch your systems for all applicable updates that you're sure won't blow up your environment. That's good. What's better, however, is that you've built an environment where you're not patching antiquated services for critical vulnerabilities to even need to worry. It's of course possible any other number of protocols that are still sane to use could have issues and patching is likely one of the only mitigations, but when a service like Telnet needs to be patched we've already lost the war. Considering the limited exposure of default installations for modern versions of Win...

For the last year or so, one thing I seem to just end up saying during presentations about the "Internet of Things" is that anyone with a 3D printer, a SoC, and a cloud server can basically make an IoT device. This just got a lot more true. Voxel8 , combined with Autodesk's " Project Wire ", allows for 3D printing with conductive ink inside of the layers of the device for circuitry. Further, other components can be sandwiched into the shell as printing occurs. This means that a final result could be a cocoon of hardened plastic around the guts of the device with no real way to "open" it gracefully. While hardware hacking isn't without a few broken devices in the process, typically you can take off a hard plastic shell and expose circuitry without going insane—at least in IoT devices. In this case, however, just trying to access circuits may ruin them and components inside may face trauma trying to pry them out. I have full confidence that some peo...

While I realize a few hundred people have done a post like this at one time or another — I don't care, I need to do this for cathartic satisfaction and my mental health. Here are just a few of the exhausting personality traits and actions that I observe on most of my flights that make me want to smash my face into a food cart. No Spatial-Awareness Person You know how you're sitting in your seat, arms dutifully contained within your few inches of seat space, and someone still manages to flail wildly and smash your elbow or put their entire bag into your face? Yeah, those people need to be stopped. Now. It's an airplane, and except for a few very unique cases, every turn you make is putting someone's drink or laptop at risk from your inability to be aware of your surroundings before deciding you're going to fling your two-too-many bags around in an effort to hide the fact you can't follow even the most basic aspects of flight ...

If you are actually shocked that the JP Morgan Chase breach involved a failure to enforce two-factor authentication everywhere, then you haven't been paying attention to the information security incidents of late. How did the Target breach start? Stolen credentials . How did the Home Depot breach start? Stolen credentials . How many breaches did Mandiant say involved stolen credentials? 100% . No matter how many terrible adages we have about, "attackers will always go after the weakest link in the chain", organizations continue to miss a server when rolling out a security control and sorrow ensues. If an attacker has 100 servers to target, and a set of credentials, they've got pretty solid odds that someone goofed on configuration of two-factor authentication or on configuring another compensating security control. Comprehensive implementation has to mean 100%. Anything less than 100% and you're going to get breached. Even with 100%, you still may get breached, b...

If you're reading this post, I hope you found it before wanting to throw your Mac across the room for not previously working. Further, I hope your results with this "trick" are as good as mine! If you've been trying to put Linux or Windows on Mac hardware but receiving, "Select CD-ROM Boot Type," and then subsequently your keyboard becomes unresponsive to actually input any value, try this: After you select to boot your CD/DVD, begin to hold down the 1 key. The screen will eventually turn black once; press enter. The screen likely then changes to a subtly different black screen. press enter. Be sure to hold down the 1 key the entire time until your OS boots. In my testing, I had 100% success following this trick. Note, you may need to unplug and replug your USB keyboard after your OS bootloader starts due to the computer thinking you have a stuck key and deactivating the hardware. My testing was d...

Back in March of this year I was presented with an opportunity I've always wanted — being able to write a book. I'm your generic case of someone who wants all of the non-existent fame of writing a technology book made for a niche market of readers. Rockstar status, indeed! Like so many, the narcissistic side of having your name as the author of a dead tree is still just so cool. Further, I've always considered myself a decent writer and thought, "yeah, I could totally knock out writing a book in a few hours!" — dumb ass. The only equivalence I can give you is the process of building curriculum for teaching a class. I've had the opportunity to build a couple of collegiate courses and was struck at just how arduous of a process it really is, especially when involving a technical context. The pedanticism that is involved to make sure you not only understand your own material fully but also can explain it in a way that's palata...

I don't think I can read another story or tweet about the Sony Pictures breach without flipping a table when it comes to people losing their mind over the alleged 100TB of data that was exfiltrated during said breach. We still don't know if 100TB of data is even accurate. If that number is accurate, it could be that there was 90TB of cruft, or full-quality video, or applications off hundreds of workstations—anything is literally possible. 100TB of data can be a lot of worthless data, not just treasure troves of passwords in spreadsheets and awkward e-mails. "100TB is too big not to notice!" 100TB is too big? This is Sony Pictures. Do you really think they don't do large file transfers within their network, over fiber point-to-point, or to third-party vendors over the Internet? Maybe, just maybe, a company that gets owned this badly doesn't have the best egress data monitoring alerts or network analysts at the ready. After Ta...