Knowing Null: fraq - A Bug's Best Friend, and Worst Nightmare!

interview

#1

Heya everybody!

Today, I bring you another Knowing Null Interview with the man you all voted for: fraq!
Be sure to stick around after the interview to vote for the next subject. If there’s a question you’d like to see asked in future features, go ahead and leave a comment or ping me on IRC.

Here. We. Go.

Aret tho ready’st for thine interrogation?

Yeah dude let’s do it

okay. so first off, can you give a short little blurb about you, your skills, and maybe some info about what you do at your job?

Sure. So, the easiest way to describe myself and my background is that I’ve been screwing around with computers and infosec stuff since 6th grade or so
grew up in the deep south in a time when it was definitely NOT cool to be a nerd, so I was pretty isolated
Discovered IRC, found a set of people like me online
When i graduated high school, I joined the air force where I really began to sharpen my skills and picked up the nick that I have now
So from network admin -> data center stuff -> “devops”
Now my formal title is “Director of Infrastructure and Information Security”
that answer the question?

Yes, great. And for those unaware, can you give a surface level description of what “devops” is?

Sure. So picture a sysadmin
Maybe a lone guy, been managing a bunch of linux systems since the dawn of time
or maybe like 2-3 people
The “traditional” way of writing code and shipping it has been to write loads and loads and loads of changes, then ship them all at once
Release day is terrifying
If there’s a bug, it takes a quarter or more to fix unless you rush out a hotfix
there’s a wall between developers and sysadmins
Devops isn’t a job, it’s a cultural movement
Some of the main points of focus are improving communication between teams, reducing time to ship new features and fixes by employing continuous integration and deployment, improving ownership and visibility of infra by monitoring better
automate, measure, communicate, empathize

I remember you mentioned in IRC one day that it really synergizes with Agile development

Yeah, it really does. Basically if you take agile practices and apply them to infra, you get a lot of devops stuff right out of the box.
But it takes an experienced sysadmin to understand what that might mean for your infrastructure
devops != docker, right?
But there are tools whose workflows blend perfectly with the philosophy of devops.
If you’re automating config management, things like puppet and chef and docker are a blessing. Docker makes it super easy to ship software. Jenkins and CircleCI and Travis make is super easy to test
So all these tools work really well in an environment where you’re trying to do things like define your infra as code, help developers own the entire lifecycle of their application, test infra changes before they land in prod, measure impact of changes, look at config drift, etc.
Part of the “measure” side of devops

How did you find your way to 0x00sec?

Well, right when 0x00sec started (I don’t remember if the forum was even up yet) a friend invited me to join the IRC on freenode
Joined, lurked, talked for a bit, left, came back, and just generally orbited the 0x00sec folks a while
So yeah, IRC on freenode back when we first got going

So you’ve more or less been here from the start. What’s it been like watching the community grow?

Oh man it’s been incredible!
When I showed up there were less than 2 dozen people
And maybe this is just me being a salty old bastard, but I was really sceptical that we’d survive
But pry and io and oak really leaned into it and hustled to grow the community, curate content, all that
They did a ton of work early on to grow the place and it’s paid off
There wasn’t really a “community” per se when I showed up
like, it was a clustering of people that pretty quickly coalesced into a really tight community with great contributors
And a mission

And that mission has certainly lead to a lot of success! okay, are you ready for some rapid fire questions?

Yeah

Okay, first. Windows, Mac or Linux? What do you run at home?

I run all three, but I’m in the middle of a pilot program to give our engineers at work linux on the desktop.
I really prefer linux, but macos is a hard OS to beat for engineering work.

Favorite/Current distro?

I’m doing this from Manjaro w/ Gnome, but probably going to switch to a Ubuntu derivative later today to make work life a little easier. everyone ships a deb/rpm, nobody supports Arch
Sad-panda.gif

“But there’s always the AUR!”

Sadly the AUR isn’t the solution for most of these problems. For example, Slack in the AUR has a bug with glibc that breaks the crap out some people’s machines. Not suitable for the level of reliability I need from an OS to use it at work

Do you use a mechanical keyboard?

Yeah, I use a mech. love my mech
Coolermaster, but I forget which model. cherry blues.

I’ve got a smaller keyboard on my desktop with reds, but those feel too slick for me.
gotta have that tactile feedback

Ortholinear or standard layout?

Standard layout
Ortholinear people are weird. aliens.

Nice. Any other fun gadgets or hardware?

I mean, as far as hardware goes I love to play with little PLC boards from time to time. stuff like arduinos and whatever.
I embarked on my first project to do a badge a while back but it’s been stalled lately because of some work stuff

Alright, back into the tech side, what’s the most helpful thing you’ve learned in your time in tech?

It’s gotta be that tech is less about tech and more about people. that’s been the hardest and most valuable lesson.
Like, you can skill someone up in a job, but it’s harder to fix a jerk. don’t hire jerks.

Okay, that sorta ties into the follow up question: what’s been your biggest challenge?

It’s that the organization of people and the tech it produces are hopelessly intertwined (Conway’s law)
so the biggest challenge?
disconnecting. Being a human.
I really struggle with that. I wanna sit on IRC all day and learn from really smart people. I wanna debug things. I wanna build.
But at some point it becomes an unhealthy escapism
Work is always gonna be there, but my kid won’t be a kid for long.
So my biggest challenge hasn’t been learning the tech or fitting in with a company or a really hard problem to solve

Is your kid old enough to start digging into tech like Dad?

She’s allllmost there
We do some fun puzzles and math and stuff.
Last night she laid the smack-down on her uncle by proving that a person can indeed be zero years old
So she’ll do great when I put her behind a keyboard soon

Oof. Sounds like you’re gonna have your hands full.

Yeah, she’s a clever kid. I’m kind of worried about what i’m up against when she gets into those teen years
Household blue teaming, you know?
lol

Alright. let’s get a few personal questions in before we wrap this up. Do you have any hobbies outside of tech/your career?

Oh definitely! two things I really love doing:
I’m really into exotic animals, specifically reptiles and invertebrates
I’ve got a few snakes, a chameleon, and a whole bunch of tarantulas.
Also, I love brewing beer. It’s relaxing, challenging, and the reward for your labor is pretty nice :slight_smile:
And the whole family does the animal thing together.
It’s really fun to see my daughter get all excited over a snake or nerd out over a new beetle or something that she found

What’s a surprising animal detail many might not know?

I was homeless from 10th-12th grade
almost didn’t graduate high school
and I’m terrible at math
lol
And in spite of those things, I think I did okay.

“I meant like insect facts, but that works too!”

Oh bug facts, you got it
So there are two main groups of tarantulas: old and new world
There are a lot of different families in both old and new world
Nut one thing all olds have in common
Same with news
Is that new world Ts have “urticating hairs” that they kick off of their abdomen as a Defence mechanism
And their venom is usually way weaker, so the bite isn’t as bad
In contrast, olds never developed that adaptation, so they make up for it by having a VERY nasty bite
They also typically have much brighter coloration as a warning to other animals

“Aposematism”

Generally speakings, Ts are pretty shy and reluctant to bite. Nothing to be worried about at all
There are a few exceptions. some are notoriously bad tempered lol
Like the Orange Baboon Tarantula and the Hatian Brown

“Interesting stuff”

But we’ve got a specimen of the 2nd largest T on earth
And she’s a sweetie

Okay. Two final questions: What advice do you have for up-and-coming infosec hackers? And, is there anything you’d like to say to the 0x00sec community?

So, advice for up-and-comers
the mantra “try harder” doesn’t come from nowhere. You really own the knowledge that you struggled for, and having someone hand you the answers robs you of the struggle
And you will be the average of the people you hang around, so if you want to be better, find better people who challenge you.
If you want to be a criminal, hang around criminals. Find the people doing what you want to do and hang around them.

And for the 0x00sec community in general: We are more than a forum and more than an IRC channel. We are a community. We have a culture and history. We have people with a variety of skill sets, skill levels, backgrounds, faiths, and philosophies. This is one of the things that makes us so great. I want us to be a place where people can come and train and learn
I want us to be a dojo, of sorts.
Keep writing papers, keep digging and sharing what you learn, and keep encouraging others to do great work.
We’re working on some projects in the near future that are designed to help people continue learning and sharing, so stay tuned. As always, share your ideas.

“we’re certainly a big, lovely melting pot of nerds. Well thank you for your time, fraq.”

Before we part, can you give us a HEX color of your “hat”?

#B8B8B8
<3 you all

Hey Wait!

Don’t go! Vote first! Thanks!

  • sprtn
  • zSec
  • dtm
  • 0x00pf
  • Phoenix750
  • lkw

0 voters


(Root) #2

The best interview till now … Great deal of inspiration!


#3

As an electrical technician/PLC programmer, that sentence makes my eyes bleed.


#4

As a novice, that sentence inspires me to learn more.


#5

Arduino is a good learning platform no doubt, but it is not a PLC :stuck_out_tongue:.


(system) #6

This topic was automatically closed after 30 days. New replies are no longer allowed.