Known Plaintext

nsrlquery has been split off into two subprojects, nsrlsvr and nsrllookup. I finally realized that putting both applications in the same tarball made about as much sense as bundling a web browser with every download of a web server — which is to say, none at all.

The project website hasn’t changed: it’s just that there are now two different tarballs you can download. Both are currently at version 1.0.6, and some substantial improvements have been made since 1.0.

One question I’ve had from a few people is, “so how much will this affect my workflow?” I hate to sound snarky, but I don’t know what your workflow is and I’m unable to answer that question. Likewise, “How fast is it compared to md5deep?” isn’t a fair question: the two of them are so vastly different that all comparisons are suspect. We’re not talking apples and oranges, we’re talking salt and single-malt Scotch.

md5deep reads a lot of data. As such, it’s primarily limited by the speed of your disk I/O. Given the I/O differences between slow hard drives and lightning-fast SSDs, md5deep’s performance can easily vary by more than an order of magnitude.

By comparison, nsrllookup reads only a very small amount of data, but it has to push it across a network connection that’s probably considerably slower than a hard drive. If you’re querying a server on your local subnet that’s connected by gigabit Ethernet you’ll have much different performance than if you’re in Kandahar querying a server in Japan over a network connection where the packets at one point have to be carried through the Khyber Pass by a Tajik courier called Anxious Jack.

The lesson to draw here is that there are lies, damn lies, and performance benchmarks. All results are suspect, and none of them should be considered to apply to your system. Yours will quite likely be a lot different.

All this being said, here’s a hint for how fast nsrllookup acts. On an Asus U56E laptop, running md5deep 4.0.0 over my 3Gb home directory spanning 6,146 files took just over four minutes. Piping that output through nsrllookup over a consumer-grade cable connection to a remote server off my local network but still nearby took three seconds.

So, if you’re wondering, “can I integrate nsrllookup into my forensics toolchain without introducing delays,” the best advice I can give you is to try it for yourself. I think you’ll be pleasantly surprised by how it performs.

Twelve years ago this evening — more or less: twelve years ago December 31, 1999 was a Friday night, and the corresponding Friday this year is December 30, 2011 — I was in Bettendorf, Iowa with Doug getting ready to celebrate Y2K. It’s a little weird to remember how concerned so many people were about the Imminent Collapse of Civilization, but yes, lots of intelligent, well-reasoned people had those concerns. Doug’s mother had about thirty gallons of drinking water set aside in case a serious crisis ensued.

He and I spent that day enjoying cigars with his father, solving all the world’s problems from our comfortable chairs in the basement. We went out to a shooting range, where I rented a Glock for the first — and only — time in my life. It was a well-used range weapon. The sear broke like a soda cracker on the second round of the magazine, and the next thing I knew my Glock 19 became a Glock 18 firing at twelve hundred rounds per minute. Doug can affirm just how white my face was: that was, is, the greatest moment of stark terror I’ve ever experienced on a shooting range. Of course, it was all over in under a second and a half: by the time I fully recognized what had happened it was all over save for the sound of a fountain of brass falling down around me like a rain of pennies.

We left the range after finishing our ammunition, then returned to his parents’ place. We rang in the Year 2000 by watching Strange Days on DVD, a movie set on December 31, 1999, and ending right at the year 2000.

I look back on that now and it seems so new to me, as if it was only a year or so ago. And yet, look at all that’s gone on since then. We each moved to California, enjoyed the boom and were damned by the bust, returned to the Midwest. I went to graduate school and he got married, he moved to Colorado and I headed out East. There have been jobs taken with optimism and left with the wreckage of cynicism, there have been failed relationships, triumphs, tragedies, all of that.

The more I think about what matters in life, the more I realize there is nothing more precious than a friendship which has aged well. Nothing.

May we all be so blessed as to have well-aged friendships. May those of us who are married be so fortunate as to say we’re married to a friend of many years. May those of us with children be so lucky as to say our children are not just our children but also our friends.

And may we all have a prosperous and joyful year ahead.

Thanks much, y’all. :)

Feel free to share this with whomever you feel might benefit from it.

nsrlquery-1.0

I've just released nsrlquery-1.0.

If that’s the then-and-now of beauty, then all I have to say is this: I’ll take the then. Happily. Cheerfully.

My friend Adrian Preston will be missing the next two weeks of work due to some life-saving emergency surgery. Between having no health insurance and missing that much work, well — it’s fair to say he’s currently in a state of financial emergency.

His partner Andrea is running a fundraiser over at her LiveJournal page. Anything you can to to help them will be appreciated, not just by them but by me. Everything helps. Thanks a lot, guys.

As most of you know, I’ve been following the alleged barbarities of Kermit Gosnell with horrified interest. The allegations against him are truly stomach-churning. I’m pleased to report two people have already plead guilty to murder charges in connection with Gosnell’s “clinic,” and a trial for Gosnell himself will soon commence.

[Edit:] Here are my previous remarks on Gosnell.

A hat tip to fireba11 for his help with this list. Any major brainos are mine, not his.

Now that I have trunk space worth talking about, I'm in the process of putting together an automotive emergency kit worth talking about.

So, what are y'all's thoughts? Have you put together your own automotive emergency kits? Are they similar to this, different?