0x41's recent activity
-
Comment on <deleted topic> in ~games
-
Comment on <deleted topic> in ~games
0x41 Link ParentAre you looking to play some CTFs to learn security, or just as something to do? If the former, then something like PicoCTF from previous years along with challenge writeups should provide some...Are you looking to play some CTFs to learn security, or just as something to do?
If the former, then something like PicoCTF from previous years along with challenge writeups should provide some good practice. One year (2014? not sure) the PicoCTF folks teamed up with one of the entertainment-related departments and put together a small game plus visuals for the challenges which might be a bit easier to get into than just reading a challenge description and connecting to a socket.
Another option is the various challenge sites like pwnable.tw or hackthebox. They are similar to CTF challenges in that they are usually intentionally contrived, but not to the degree of esoteric puzzle box you see from some of the more competitive CTFs.
If the latter, then CTFs are a great option for self-contained puzzles with fun little twists. I would recommend doing chals from previous years with writeups so you don't get too frustrated if you get stuck. The scene is still quite active, so if you ever get the point you want to do something like then check out ctftime.org for upcoming competitions and the teams which tackle them.
-
Comment on Microsoft wants to move Windows fully to the cloud in ~tech
0x41 LinkCloud/remote workstations function well when you have the infrastructure and control over the environment to support them well. My work environment is pretty much just a thin client to remote dev...Cloud/remote workstations function well when you have the infrastructure and control over the environment to support them well. My work environment is pretty much just a thin client to remote dev boxes in shared infra, no noticeable latency via Chrome Remote Desktop even when working from home.
If we didn't own the infrastructure or didn't have such deep control over the stack it certainly wouldn't work as well though, nevermind what a consumer vs. enterprise experience would feel like.
-
Comment on Purchase a Chromebook or "regular" laptop? in ~tech
0x41 Link ParentEven on the most budget of CrOS laptops I have lying around, I haven't noticed any particular issues with sluggish UI or responsiveness in browsing and CRD/ssh tasks. If you get something above...Even on the most budget of CrOS laptops I have lying around, I haven't noticed any particular issues with sluggish UI or responsiveness in browsing and CRD/ssh tasks. If you get something above the absolute bottom of the barrel then you shouldn't have any problems with your desired use cases. The super budget options usually use eMMC and old Mediatek SoCs, which is fine for something like pure thin-client usage, but might not cut it for more performance-sensitive work.
One nice thing about these devices is they take very little work to set up, so if you want to give it a shot then order a device from a retailer with a good return policy and try it out for a week. I occasionally do powerwash (factory reset) cycles on my devices and getting them back to where I need them is usually only takes me 15m or less. If you aren't averse to keeping settings and such synced with a Google account, you can pretty much plug and play onboard a new device just logging into it.
-
Comment on Purchase a Chromebook or "regular" laptop? in ~tech
0x41 LinkWill this be your primary device, and do you have secondary machines for more intensive purposes? Chromebooks work very well for cases where you do most of your work in a browser, or as a thin-ish...Will this be your primary device, and do you have secondary machines for more intensive purposes?
Chromebooks work very well for cases where you do most of your work in a browser, or as a thin-ish client. For all the use cases you listed, any decent chromebook should work. I have a few chromebooks around the house for thin-client use (Chrome Remote Desktop to lab machines), and use an enterprise device for work (HP Dragonfly), and have been happy with them.
In my experience, ChromeOS is relatively low-touch to maintain a decent security posture (outside of the Google-links), and have pretty clearly defined support windows. This makes them a good low maintenance option if you don't need heavy customizability and can work within the confines of ChromeOS. I would consider if your note taking and other programs would work well as either Android or Chrome extension options though. If you need to run the desktop programs from a Linux container that is possible too, though might be a little higher friction.
As mentioned, there is a built-in way to run Linux containers within ChromeOS, as well as (I believe) ways to run Linux natively if you want. I have not tried the native option, so I can't comment on the compatibility and experience though.
You are not off base at all! The great thing about security is that knowledge is secondary and what really matter is having the curiousity and adversarial mindset to approach a system from the hacker perspective. When I interview security engineer candidates a lot of what I look for is how they approach a problem and if they have an instinct for where problems may lie. Being able to give me a textbook definition of the OWASP top 10 or in-depth knowledge of how something like the slab allocator works is nice, but not a requirement by any means (although having the depth+breadth is more important for L5+).
All of that to say, if you're doing it for fun then just enjoy it and see where your curiousity takes you. Don't feel like you need to have some formal background or years of experience to give it a shot. You'll do great!