overwraith

Do you think that perhaps simply changing your vocabulary could get more advertisers on board with you? For instance, perhaps don't use the phrase "hacking", and instead use phrases such as "information security", perhaps "penetration testing", and of course emphasize the fact that your site is for reaching "information security professionals", and hobbyists? I don't know, perhaps it is simply putting the best face on a site who'se main terminology has a stigma associated with it? Not saying it's right.

So what your're saying is that if you buy from a big customer, like IBM, Microsoft, or perhaps the main Raspberry PI manufacturer, they may in fact keep some kind of data, with it being more likely that IBM/Microsoft would record more information/attributes about you. Not necessarily MAC addresses, but definable attributes. Now however since Raspberry PI's are more or less open source, you could buy one from anybody, and it wouldn't really be tracable. So it would be better to buy a PI from another, lesser known retailer, but it would'nt not be strictly necessary?

Barry, I'm sure there are some, I am sure people do do it, but based on what happened in my microwave, it is not a good idea.

Now a question I have is do hardware manufacturers record specific information, for instance about the Raspberry PI's they sell to customers? For instance would a hardware manufacturer record MAC addresses before selling the hardware to a customer? Would it be a good practice to pay for the Raspberry PI with cash, or a pre paid card also? Perhaps that's a little too paranoid. What about that alfa usb wifi dongle that supports injection that I just bought? Has anybody recorded the MAC addresses on that and stored it in a DB table, or CSV file somewhere? What about electronics chips, do those have tracable metadata/serial numbers? Again, these questions are probably just paranoid on my part I am just curious how far manufacturers/government agencies go to keeping tabs on their customers. Then again, hard disks are cheap these days. These pre paid cards, do they work on internet transactions?

I wouldn't trust that info on the microwave ovens being able to handle metal well, I had a microwave oven recently give out because somebody stuck a fork in it. It was also one of the new microwaves.

If there are already scripts for all rainbow table generation, I would be interested in some too (I am getting some pretty good hardware in the next few days). Even with my hardware though wouldn't it require cloud time to get the rainbow tables compiled in a timely manner? But Digininja is correct, those raspberry pi's are really only suited for light computing and sensor observations. For instance if I got a dozen, and outfitted them with a bluetooth sniffer, wifi radio, sdr, etc (this would still be really expensive cuz of the bluetooth radio cost) and spread them over an area like the size of a city and sniffed mac address for perhaps tracking people. Cracking in general is a computationally intensive process. Even if you had like 64 or more of these pi's you would probably still run into issues. I am kind of not interested in buying rainbow tables for 900 + dollars from some sites. Subscription services are also not ideal. One of my observations about these Pi's is that if you could turn one into a thin client, and give it a 3g connection to base or something you could do computationally intensive stuff on the server computer, and reconnissance stuff like gathering handshakes, and other things on the raspberry pi's.

That was very informative, thanks guys. I have to say though, TOR has been hacked by the NSA for quite a while now, wouldn't there be a better way of anonymizing your connection? Actually I think there was a discussion of this on one of the forums a while back. I will go look around.

Tractosaurus rex, I get it tracking lol.

I am also interested in this question. I do often wonder how penetration testers set up servers/hosting when odds are the people hosting the server would probably have a few bones to pick with the usage of the server. -I have read in some articles that when an actual black hat sets something up they typically try to find a provider with a bad security record, and who doesn't generally care what you host on their servers. -Black hats also use surrepicious methods, like having fake credentials when signing up for the service, but how this stands up to scrutiny I have no idea. -Black hats also only connect to servers through an indirect route, perhaps a VPN, or perhaps a connection through somebody else's wifi. I would assume that pen testers would have to resort to some of the same techniques, however with the server provider actually being cognizent of what the pen tester is actually doing, so they cannot get reamed by the law/terms of service. Is there reading material/walkthroughs/tutorials on this particular topic?

Bullets also work .

You guys know that adafruit sells touch screens specifically built for the Pi right? I got myself a resistive touch screen the other day.

I am reading "Exploring Arduino: tools and techniques for engineering wizardry" by Jeremy Blum. The companion site is here: http://exploringarduino.com/ I am finding that learning it is a fairly painless experience, especially if you can program C, and or have experience programming in some language. Mr Blum has very good diagrams so you can basically just plug in what you want and have it just work. If it is hard to see exactly where something is plugged in, the companion website actually has pictures, with bright green columns where the component should actually be plugged in. I may have to pick up another book/youtube tutorial to actually figure out the voltage calculations good, but that shouldn't be a problem. There is also a parts list for the book on the companion website. The thing it does require is a little bit of money. Don't buy everything all at the same time, instead try to buy for two or three chapters ahead of where you are at in the book so firstly you don't block yourself when you do get time to work on it, and secondly so you don't purchase too much if you decide you actually don't like it all that much. I just built myself a distance sweeping sensor, the one in the book. If you can't figure out exactly what resistor that is on the diagram, you can usually puzzle it out by taking into account what is on the parts list at the beginning of each chapter. For instance if you know that there are two of this certain resistor in this particular diagram, and the last resistor you are uncertain about, then by process of elimination the left over resistor on the parts list has to be the one you need for the final resistor. I draw in all my books, it makes them better references, and it makes it so that I am actually actively learning/paying attention. I also have a new desk set up with a soldering station, and a computer station so I can persue this new hobby as well as my computer programming profession. I guess my ultimate goal in learning hardware dev is to perhaps one day build my own custom hacker device, but that goal is a long way off. My goals change almost weekly. ***short term for you*** What you could do is just use the ducky to kick off a program stored on the micro sd, a more complex program than the ducky can inject. This program can store configs etc. You could even make the program survive reboot by inserting a registry key, or placing the exe in the startup folder for your computer. After the program finishes you can have it uninstall it's self. Actual programming languages should be able to hook processes and inject keystrokes still if you absolutely need to. I think if you need that particular functionality you should go with C++ or C. If it does something more high level, then you could go with a higher level lanugage.

When you say 'this' are you referring to the DC motor or the servo motor? DC motors don't have precise control, they are either on or off, they can control speed of rotation, but that's about it.

You've got a point about not limiting one's self, but take into account that languages do take time to master. There are so many languages popping up these days that perhaps learning too many of the older ones could quickly eat up all your time to learn other newer things. Sure there are things that trancend the languages, but I have found that the API's are vastly different, the syntax is usually different, etc. Perhaps only pick a few older languages to master if you have to. One may be able to code something in C, but if it takes twice as long to code as something in C#, due to pointers (I know pointers good, but they can be a bit of a pain to learn the first time), checking your input buffers manually, etc, your time would perhaps be better spent in a higher level api. Perhaps input buffers are less of an extreme example, because C coders always know to do that (I would hope). Perhaps a better example is the win32 networking api versus what has been implemented in higher level languages the socket wrapper of the win 32 networking api. The amount of languages that one has to know for modern development is a bit daunting these days. I should note that some older languages are in fact perfectly suited for certain niches, for example, C/C++ is perfect for embedded electronics/hacking. The real benifit of higher level languages is that you might be able to instantiate a single line of code in your program, and that object perhaps represents hundreds of lines of code and decisions etc. This can cut down on development time. It is my perception that cobol is on the way out (right or wrong), and I have no need to learn an aging language that doesn't even support object oriented.

With all due respect cooper, I am not interested in career suicide. I have been told by programmers much older than me that deleberately looking for long term jobs in older languages like C/C++, ASM, and Cobol are career enders, especially for a young guy. Sure there might be some leverage for some people to negotiate pay, but there are reasons that newer languages shun the low level stuff in favor of higher abstraction. Sanity is one of them. I do occassionally enjoy jaunts into high speed old stuff, but they are just jaunts. The nature of moving forward is that we move away from the micro level into higher abstracted operations. Sure, businesses like to live in the past, and not move forward, mistake or not. I should probably ammend what I have said previously however, re-writing everything is a waste of time. There is way too much out there to re-write. Instead try to live with what has been coded previously as you move forward with new applications (until management notices that the old system is a problem). We should move forward, not backward.

I see a DC motor, wouldn't a servo motor work better as you can specify precise degrees etc?

The Rubber ducky cannot, unless you find a way to save what you are actually doing to a file on the computer. What I am discovering however is that perhaps an arduino which could be programmed, and which could be outfitted with an SD shield could do something like this? Requires hardware experience.

I am reading through an arduino book, I don't think this project is quite feasible at this point, but I have some links which may be useful to you. I haven't tried coding the arduino in C++, but if one could it would be very convenient from a coding perspective, as object oriented does make certain things more feasible. http://stackoverflow.com/questions/18523577/how-to-program-arduino-with-c Additionally you should think about getting the right arduino for the job. As someone who has taken an introductory robotics class, you never know exactly how little RAM you have until you try to do something with your robot with a program which uses way too much memory. My experience was with a Lego NXT brick. Ended up not being able to implement the last leg of a robotic obstacle course, but the teacher let me upload the rest of my code part way through. Would have done some things in the code a bit differently if I did it again. Was a younger coder at the time. Point being, you should get an arduino with ample memory. https://store.arduino.cc/product/A000008 https://store.arduino.cc/product/A000067 The Yun looks promising, but I am still dubious on the RAM, especially since as more of an application/web developer I am used to seeing it in GB, and not KB/MB. The Yun actually has linux on board, as well as WIFI. I am presuming even if you did run into memory constraints you could literally open up a socket/network connection to another computer for the actual chess processing part of the operation. Objects would be useful especially if you had to write a chess processor on board. Additionally make sure you have enough of the input/output pins you need before buying anything. One of the Raspberry pi variants might also be useful for something like this. It's surprising something so small can run an actual OS. Just curious how big does the GNU Chess application compile to? Regaurdless, my gut tells me that the arduino can't do image processing, chess processing, and kinesthetic processing with the given RAM/CPU available. These things are microcontrollers, not full fledged PC's. You would probably be better off turning your little arduino project into a sensor/peripheral robot. The brain will probably have to be on a better PC, heck even a tablet. Am looking for a job now lol, but programmers are expensive, and there would be a retooling cost / learning buildup which would only make things worse.

Might be worth downloading a clone of the source. Cool stuff.

Sorry, when I hear Symantec I think AV automatically...

Open source AV is not as good an idea as you think it is since nobody is paid to keep it up to date. I heard once about Clam AV, or something, but it was really cheap and not a good solution. I just buy an unlimited version of AVG, and then I can install on an unlimited number of devices. I would presume it would be ok for a business setting or something. The AV I bought is a little more expensive than some alternatives, but it is about $ 75 or so, and once a year is not that bad a price to pay for a little more security.

Yes, pens work too. I remember using them before as well. honestly probably the best tool for opening them, good observation rubiks cube.

I have used a tweezers to open mine, I just use one of the corners of it, and insert it in the hole at the back of the ducky, if you insert perpendicular to the slit along the side of the duck you can cause it to open like a clam shell. Be careful with the little "columns" that attach the two sides of the case as you can easily break them off. Another thing I have used to take apart the ducky in this manner (and probably a little easier) is a pair of fingernail clippers (use the file that folds out from them). The file on my clippers has a point on it which is ideal for not damaging anything, yet still allowing you to lift the pieces away from each other.

I think you will really like C#. Here is another link that may help you out, I used it when getting excel to open two files simultaneously in an excel matching program. The program would change the cell color of cells which didn't match the corresponding cell in excel file #2. The program was used for validating data exported from test/production databases. Matched based on keys specified as a column/label. http://www.dotnetperls.com/process I think I also used the page to simultaneously open two html files in notepad++ for side by side viewing/comparison. I guess the Arguments property of ProcessInfo is just a string, so you will have to make sure you format the string correctly. https://msdn.microsoft.com/en-us/library/system.diagnostics.processstartinfo.arguments%28v=vs.110%29.aspx You should probably draw out what you want your GUI to look like first, and make sure you are using all the right controls for what you are trying to accomplish.

Unfortunately all these programs are command line batch, actually porting them to C++/C/C# might be a bit of a challenge, unless you simply wanted to run them as is from an executable GUI. I prefer C# for desktop GUI development, C# is object oriented, and the syntax is very clean. Most Winforms in C# are basically you just drag and drop a control onto a form (in the designer), change a few settings, and resize to how you want it to look. Then you can double click on elements and it will take you to the form's code implementation, and it will automatically make a click event handler for you for whatever you clicked on. There is a lightning bolt on the properties window you can select to fill in different events with their handlers. It might be worth knowing what version of Visual Studio you have, I have Visual Studio 2010, but my home PC is a little bit behind. I am reasonably sure there should be some way of implementing a command line in-between/display for your programs if you did want to keep them as batch files. I am sure the batch programs could be ported to actual C# etc, or even C/C++ calls used in a C# program, it just depends on what you want. This might be what you want, except for C#: http://techvalleyprojects.blogspot.com/2012/04/c-using-command-prompt.html When I learned C# in college I learned it from the book "Microsoft Visual C# 2012 an introduction to object-oriented programming" by Joyce Farrell. If you pick up a C# book, make sure you get current versions, and read the reviews, and be aware of the date the book was written before you buy it.