Lucas Nicodemus

Maker @ Pryaxis

Read this first

Pryaxis Jump

Over the last few years, I’ve been back and forth with ideas on how to improve training cyber defense best practices. No real world simulation platform is accurate1 or robust enough23 for more than basic use. As the popularity of competitions like CyberPatriot4 and National CCDC5 increases, tooling for simulating these environments has stagnated. I needed a way6 to build and train using advanced cyber defense scenarios, so I got a friend or two7, and together, we built Pryaxis Jump.

Jump allows someone with knowledge8 about information security, like a CyberPatriot coach or mentor, to marry training with real-time evaluation and results. For the longest time, competitors were trained prior to competitions with tutorials and given dense copies of benchmarks to memorize. Many times, they were “thrown off the deep end,” having been told to somehow secure systems with no guidance on what...

Continue reading →

Just Ephemeral Enough

From GOODROOT, via Medium, on the permanent nature of social networks:

Things are different now. In our over-connected existence we have lost the ability to create a blank slate. When, previously, you could separate yourself from past lives and — through reflection and distance — achieve emotional growth and maturity, you are now inhibited by the confines of socially networked relationships. It has been ten years since I graduated the dregs of High School cliques and hierarchies, yet returning from socially ambiguous anonymity to the sun-exposed magnifying glass of social networks has sent me spiralling into strange old thoughts, beliefs, and desires.

I stopped using “Facebook proper” a fairly long time ago1. I rarely check News Feed, and while I occasionally post things to Timeline, I use Facebook as a record more than I do anything else – a permanent log of notable life events...

Continue reading →

What I Use


I love the idea behind The Setup. Peeking into what other people use influences how I develop my own workflow, but I’ve never shared the results. My favorites, coincidentally, are Zach Holman’s and Jeff Atwood’s, though both are now very dated. My setup might not be entirely unique, but I love it nonetheless.

I use OS X on a 2013 Macbook Air. I don’t really suggest non-Apple laptops these days because I admire the usability of OS X and Apple’s build quality. If I picked, I would’ve gone with the non-existent Retina Air. The Air has enough power to run VMware Fusion and a colossal amount of tasks with relative ease, but it’s also light I love the battery life on it. I click with the Vortex Poker 3, a Cherry MX Blue 60% keyboard. Mechanical keyboard explanations can cause eyes to gloss over, so I’ll skip that. It’s great (buy one today).

For web browsing, I use Chrome with uBlock,...

Continue reading →

Inside Out

Inside Out is a Pixar film. I don’t just mean that it was made by Pixar Animation Studios in Emeryville California, as the credits dutifully remind us, but that it is a Pixar film in the same way that Toy Story and Up were Pixar films. Inside Out joins the Pixar ranks as a non-derivative, non-sequel, new IP film that creates its own expectations and drives itself. If Inside Out’s success measures up to its hype, it will not be because a previous Inside Out came before it, nor because it has princesses (it doesn’t), musical numbers (it doesn’t), or any otherwise common stereotypes depicted in modern filmmaking. Inside Out, breaks the mold, just as Toy Story and Up did before it.

Inside Out stars Riley Anderson’s emotions. While the trailers seem to indicate that more on-screen time might be devoted to Mr. and Mrs. Anderson’s emotions, the trailer cuts are essentially all the time they...

Continue reading →

TShock User Survey

In Terraria 4.2.10, I snuck in an update that added a link to a Typeform survey. The survey is now closed, and after 325 responses, it’s finally time to discuss the results.

This survey is, of course, not entirely a complete sampling of server owners or plugin developers. Many of the 1,200+ online servers are running older versions of TShock, and many server owners do not update immediately to new versions. With that being said, however, the data is still interesting to look at.

How would you rate TShock?

The first two questions in the survey were directed at the overall quality of TShock, and its user submitted plugin catalog.

The average rating for TShock was 4.65/5. However, 94% of responses were either 4 or 5 on the scale. 5% of responses were in the lower half, rating TShock 2 or 3, and 0% of responses (only one person) rated TShock as a single star.

The plugin catalog rating...

Continue reading →


On May 8th, 2015, I posted the following post to an experimental blog on technology.

With iOS 8, iOS and Android users have the capability to install non-standard keyboards. A key difference in the implementation Android has over iOS is the ability to set a default keyboard.

In Android’s settings, “Language & Input -> Current Keyboard” identifies the default keyboard that will be presented at all text input boxes.

In iOS’ settings, “General -> Keyboards,” all keyboards that are installed are certainly listed, but pressing the edit button and reordering them does nothing to change which keyboard is the default. Moreover, for input fields that deal with passwords, as well as text entry fields in non-app environments (Springboard, and Settings), iOS will present the standard keyboard and prevent switching to an alternative.

Apple’s distinction is that an alternative keyboard...

Continue reading → mood tracking in Day One

About a year ago, I signed up for Exist, a service that correlates passive data from things like Fitbits and Twitter to determine a variety of different data analytical statements about a user. The hidden gem in Exist is its mood recording feature. Each day, it sends an email asking how the day went, with a one sentence summary of why it went that way.

For one reason or another, it might be conceivable that one might stop using Exist, or at least to store moods in a more permanent location. I had no idea the amount of value I’d place on the mood rating system until I had been using it for some time. Having already expressed my love of Day One with ETD, it only made sense to build a similar tool for Exist’s mood data.

There are some caveats. This script assumes that you want to import all moods with moods and assumes you will only run the script exactly once. Unlike ETD, it will not...

Continue reading →

Slack & TShock

I started putting a large amount of time into TShock again. In the midst of attempting to solve the dilemma of whether or not we should use IRC or a site wide shoutbox, Guillermo Rauch of Socket.IO fame published a blog post called “Slackin,” detailing how Slack, the team messaging service, improved the Socket.IO community greatly within the first week of its introduction. Slack is not a service that offers open invitation URLs, so the more useful part of his post was the simple NodeJS app that he provides for delivering invitations to new users – effectively creating an open-signup Slack instance. I set up the invitation server a few days later, and at this time of writing, we have 36 members (and 4 bots) registered with Slack. Previously, IRC was dead as far as usage goes, and the shoutbox had, at maximum, around 20 posts a day.

Rather than type a detailed report about how Slack is...

Continue reading →

Hosting a grief-free gameserver

Terraria and Minecraft share a lot of similarities, but the unfortunate similarity shared between the two is the prolific variety of hacks and cheats that allow individuals to use clientside modding to their advantage. Unlike cheats in competitive games, however, these cheats often focus on world destruction or rampant grief that ruins hours of work. Leaving the server as a player to avoid the attack won’t do any good if the world is irreversibly damaged.

Most of the time, the cat and mouse game between the cheating and the anti-cheat communities reduces the threat potential to a spectrum, somewhere between undetectably low levels of cheating (exploiting TShock’s range checks, for instance) to demonstrably higher levels of exploiting (such as fuzzing TShock itself for vulnerabilities). Even if this weren’t the case, cheat authors would still constantly work-around ways to break in and...

Continue reading →

Upgrading XenForo from 1.1.4 to 1.4.5

The TShock for Terraria forums have been running XenForo, an excellent forum installation that mixes modern discussion with things like AJAX and a refreshed design. XenForo is great, but I had no idea how things would go upgrading from 1.1.4 to 1.4.5 – four years worth of upgrades, in one go. The task was daunting, to say the least.

Performing the upgrade

Upgrading turned out to be dead simple. I renewed our license for a year of support, downloaded the latest upgrade package, and uploaded it. The upgrade looked to be performing well, but at the end it hit four database errors because [bd] Forum Watch conflicted with a newly added XenForo feature. This caused the upgrade to fail.

Fixing the upgrade

The solution to this broken upgrade was to login to the admin panel, disable, and then uninstall the Forum Watch add-on. After doing this, I went back to the upgrade url and hit “rebuild...

Continue reading →