Every project accumulates a collection of commands: build the thing, run the tests, deploy to staging, convert images, lint the code. These commands live in README files, shell history, or the developer’s memory. Make has been the traditional solution for decades, but its tab-sensitivity and arcane syntax make it frustrating for simple task running. Taskfile offers a modern alternative.

Taskfile uses a simple YAML format that feels immediately familiar. Tasks have names, descriptions, and commands. Running task serve executes the serve task. Running task --list shows all available tasks with their descriptions. No tabs-versus-spaces gotchas, no implicit rules to remember, no wrestling with pattern matching when you just want to run a shell command.

I recently took and passed the ISC2 CISSP . The certification covered a broad range of topics, most of which I was already familiar with from experience as a software engineer. Those areas I was less familiar with included legal and procedural requirements around risk assessment, physical security, and the theory behind encryption and permissions management.

What I’ve been working on for a while now: Cisco Remote Scripts

With the introduction of Remote Scripts powered by Orbital, a search and response feature of Cisco Secure Endpoint in either the Advantage or the Premier tier, incident responders can respond to sophisticated threats with minimal business disruption, and administrators can provide an overall safer and better user experience. Remote scripts harness the power of Orbital Advanced Search capabilities, which provides hundreds of prepared queries curated by Cisco’s Talos threat intelligence group, allowing you to quickly run complex queries on any endpoint.

One very useful command for locating files and performing operations on them is find with the -exec option.

find [path] [arguments] -exec [command] {} \;

The part that’s tricky to remember is the escaped semicolon at the end.

Per-file vs batch mode

The \; terminator runs the command once per file found:

find . -name "*.log" -exec rm {} \;
# Equivalent to: rm file1.log; rm file2.log; rm file3.log

The + terminator batches files into fewer command invocations, which is faster:

In the early days of the internet, and even before that, there was a distinct difference in the terminology used for the people who obtained unauthorized access to computer systems. The term hacker meant someone who created an interesting hack, usually something interesting that used a system – not necessarily even a computer system – to do something outside its design intent. A Rube Goldberg machine is a good example of a hack. So is playing music with printers . Conversely, cracker was applied to people who broke into computer systems for nefarious purposes. There was often some overlap between the two, as people making interesting hacks often didn’t have authorized access to the systems they were using.

I recently took and passed the GCIH Certification . It’s primarily focused on understanding how attackers behave, the tools they use, and why those tools do the things they do.

Last weekend, I took the certification exam to become a GIAC certified incident handler . Both the exam and the course material leading up to it were interesting enough to deserve a few comments.

One thing I was moderately surprised by in the SANS course was the initial focus on Linux shell tools and Windows Powershell. I’ve been using Linux for a long time, so there weren’t any surprises there. The Powershell material was new to me.

Daredevil’s Season 3 on Netflix has a lot to offer, despite some early warning signs suggesting it might be overly political. The overall plotline involves the return of Wilson Fisk (now openly known as the Kingpin), and Daredevil’s attempts to keep him from regaining control of the city’s criminal underworld. We have an excellent guest villain from Daredevil’s rogues’ gallery, and there are many well-done and subtle callbacks to that character’s earlier appearances in all formats. We get a bit more backstory for Karen Page, which is interesting but awkwardly inserted. We get some significant revelations for Matt Murdock himself.

Season 2 represents a clear improvement over Season 1 of this show in every respect. The dynamic between Danny Rand and Christine (his girlfriend and sidekick) changes significantly for the better, with Christine’s (or rather, the actresses’) noticeably superior martial arts skills getting recognition. Danny’s own moral failings are pointed to and wrestled with. Some problems are recognized as unsolvable, at least by vigilante superheros. Like Season 2 of Luke Cage , there’s some significant moral ambiguity present, but it’s somewhat less drastic.

I don’t have much to say about this one. It was better than the first season, but had too much focus on the criminals. There was significant moral ambiguity, particularly towards the end, which could either be a bad thing or a deliberate storytelling choice that will be redeemed next season. This season, it left a bad taste in my mouth. The cameo appearance by Iron Fist was good, but did not mesh well with Iron Fist Season 2 as a whole. (I’m not sure of the chronology). An improvement over the first season, not least because it was shorter and thus had less time to waste. If they had cut it down to 6 episodes instead of ten, it might have worked.