Lucas Nicodemus

I’m Lucas & I like to think I build some neat software.

Read this first

What happened to Pryaxis Jump?

Well, basically:

  1. It served its purpose in my life. I helped teach a lot of students a lot of information security principles.
  2. It made enough money to make supporting it a problem, but not enough to make supporting it worthwhile. It was a serious platform for a few key users, but not serious enough that I could justify continuing to offer support.
  3. It was built for a very segmented market. The cross section of high domain knowledge with high security knowledge was too small to enable a viable long term market to help #2.

I think CyberPatriot is a great operation, and I think it does a lot to encourage STEM at an early age. I think it does a reasonable job at teaching information security principles to students. I don’t think it’s accurate in the real world in a lot of ways, but it’s a great exercise. Jump served a role, but with more accessible score engines, its role is less

Continue reading →

A four hundred mile road

It’s like this: You’re driving down a four hundred mile road, cruising along at highway speeds. Everything is fine, when suddenly two engine cylinders go out.

The check engine light comes on. You know you need to stop and see if you can figure out what’s wrong. You pull over. You look under the hood, but you can’t spot anything. Confused, you try to start the engine again. Nothing. Dead. Not starting. You’re still three hundred fifty miles away from a town.

You remember passing a gas station a few miles back. You start walking. All the cars around you are flying by at highway speeds, like you were, but now you’re walking back, trying to figure out what to do.

You get to the gas station. You call a tow truck, but realize it’s going to take ages to arrive and cost $350 you don’t have. You buy an OBD-2 diagnostic tool so you can figure out what’s wrong with your car.

You walk back to

Continue reading →

A very in-depth look at Day One 2.0

I’ve been a fan of Day One for quite some time, and Day One 2.0 just came out. It’s a great update, worth every penny, but it lacks some polish that I’ve come to expect from Bloom, given how well the last version was in the last two years that I’ve used it.

The update really nails some key features. Importing from Day One Classic is a snap — the import process on iOS and Mac is fluid and fast, and it requires no extra interaction for people who are already on Day One Sync. A common pitfall that most import tools run into is duplication — running two imports generally duplicates all data that the first one did, but Day One intelligently only syncs data that is missing on the server. This means that the ideal upgrade workflow is just installing Day One and importing the entire database on all devices. Any entries that somehow weren’t synced properly will sync, and anything that already

Continue reading →

Email, screenshots, and trust

Recently, the Half-Life community has fallen victim to screenshot based email spoofing. A conversation is usually posted via screenshot, usually with something blurred out, showing a random community member exchanging words with someone important. Almost always1, these emails provide something akin to confirmation of the existence of a god.


 How to spoof email

If you want to spoof an email from Gabe Newell, you have a couple different options.

  1. You could photoshop it. Email exchanges are always posted as screenshots, so just photoshopping text is trivial. Since you’re going to blur out your email address anyway (it’s a big secret), you have plausible deniability if anyone ever questions why the screenshot has photo editing EXIF data, or why it has compression artifacts, or why it looks fake. It was just a side effect of editing out my precious email address, and/or name!

  2. You could

Continue reading →

CyberPatriot 8 Round 1 Score Analysis

For the past several years1, I’ve analyzed CyberPatriot2 competition rounds using a Pryaxis product called The Magi.

This report covers the data The Magi collected during CyberPatriot 8 Round 1, during the entirety of the competition window.

After the competition window closes, CyberPatriot modifies scores to account for penalties, alternative score dates, and extenuating circumstances that warrant score modifications. Because this round had no Cisco/Networking scores, the scores compared here are free reveal how the CyberPatriot operations center alters scores from images after the competition closes.

 Removed Scores

CPOC’s3 released official score PDFs tell an interesting story about five teams.

One team, 08-2587, was listed as “Score Under Review,” and no score was provided. Their team was flagged as having multiple copies of the same image open but had a fairly “average” score of

Continue reading →

Pryaxis Jump

Over the last few years, I’ve been back and forth with ideas on how to improve training cyber defense best practices. No real world simulation platform is accurate1 or robust enough23 for more than basic use. As the popularity of competitions like CyberPatriot4 and National CCDC5 increases, tooling for simulating these environments has stagnated. I needed a way6 to build and train using advanced cyber defense scenarios, so I got a friend or two7, and together, we built Pryaxis Jump.

Jump allows someone with knowledge8 about information security, like a CyberPatriot coach or mentor, to marry training with real-time evaluation and results. For the longest time, competitors were trained prior to competitions with tutorials and given dense copies of benchmarks to memorize. Many times, they were “thrown off the deep end,” having been told to somehow secure systems with no guidance on what

Continue reading →

Just Ephemeral Enough

From GOODROOT, via Medium, on the permanent nature of social networks:

Things are different now. In our over-connected existence we have lost the ability to create a blank slate. When, previously, you could separate yourself from past lives and — through reflection and distance — achieve emotional growth and maturity, you are now inhibited by the confines of socially networked relationships. It has been ten years since I graduated the dregs of High School cliques and hierarchies, yet returning from socially ambiguous anonymity to the sun-exposed magnifying glass of social networks has sent me spiralling into strange old thoughts, beliefs, and desires.

I stopped using “Facebook proper” a fairly long time ago1. I rarely check News Feed, and while I occasionally post things to Timeline, I use Facebook as a record more than I do anything else – a permanent log of notable life events that

Continue reading →

What I Use

I love the idea behind sharing your setup. Peeking into what other people use influences how I develop my own workflow, but I’ve never shared the results. My favorites, coincidentally, are Zach Holman’s and Jeff Atwood’s, though both are now very dated. My setup might not be entirely unique, but I love it nonetheless.

I use OS X on a 2013 Macbook Air. I don’t really suggest non-Apple laptops these days because I admire the usability of OS X and Apple’s build quality. If I picked, I would’ve gone with the non-existent Retina Air. The Air has enough power to run VMware Fusion and a colossal amount of tasks with relative ease, but it’s also light I love the battery life on it. I click with the Vortex Poker 3, a Cherry MX Blue 60% keyboard. Mechanical keyboard explanations can cause eyes to gloss over, so I’ll skip that. It’s great (buy one today).

For web browsing, I use Chrome with

Continue reading →

Inside Out

Inside Out is a Pixar film. I don’t just mean that it was made by Pixar Animation Studios in Emeryville California, as the credits dutifully remind us, but that it is a Pixar film in the same way that Toy Story and Up were Pixar films. Inside Out joins the Pixar ranks as a non-derivative, non-sequel, new IP film that creates its own expectations and drives itself. If Inside Out’s success measures up to its hype, it will not be because a previous Inside Out came before it, nor because it has princesses (it doesn’t), musical numbers (it doesn’t), or any otherwise common stereotypes depicted in modern filmmaking. Inside Out, breaks the mold, just as Toy Story and Up did before it.

Inside Out stars Riley Anderson’s emotions. While the trailers seem to indicate that more on-screen time might be devoted to Mr. and Mrs. Anderson’s emotions, the trailer cuts are essentially all the time they

Continue reading →

TShock User Survey

In Terraria 4.2.10, I snuck in an update that added a link to a Typeform survey. The survey is now closed, and after 325 responses, it’s finally time to discuss the results.

This survey is, of course, not entirely a complete sampling of server owners or plugin developers. Many of the 1,200+ online servers are running older versions of TShock, and many server owners do not update immediately to new versions. With that being said, however, the data is still interesting to look at.

 How would you rate TShock?

The first two questions in the survey were directed at the overall quality of TShock, and its user submitted plugin catalog.

The average rating for TShock was 4.65/5. However, 94% of responses were either 4 or 5 on the scale. 5% of responses were in the lower half, rating TShock 2 or 3, and 0% of responses (only one person) rated TShock as a single star.

The plugin catalog rating

Continue reading →