This Side of Paradise

As I was writing out the post for the 2025 playlist, I realized that it was much easier to start the post at the beginning of the year and continue to update it as and when there’s a new update. So, here are the songs that I captured my imagination in 2026. Good For Me by Above & Beyond - Originally released in 2006 as an ethereal track, without any percussion, Above & Beyond made a beautiful, acoustic version. Impeccable arrangement, Zoe Johnston’s magical voice and lush strings. A treat to listen to on great headphones. Name by Goo Goo Dolls - Released in 1995, I discovered this on a random Youtube short talking about the history of the song. This song has the group’s classic pop / acoustic signature and a very catchy chorus. Ishq Jalakar - Karvaan from Dhurandhar soundtrack - well, we’ve all heard this one, the drum and bass line set a rocking tone, that just ceases to slow down. Fantastic track to get you into a focus mode. If I Had a Heart (Mixed) by Fever Ray - found this on the soundtrack of the TV Show - ‘The Lost Frontier’. Bleak, minimal and has a nasty hook. I’ve probably had this on repeat for the longest. Voices Carry by ’Till Tuesday - When Rick Beato says “Remember this song?”, it ought to be awesome. Found this when listening to his review of a spotify top 10 list. This exact recommendation comes in at around 13:15 and I can’t just get enough of the song.

A small post announcing the start of two series of posts! The topics are divergent as can be, and I am thrilled to write in detail about both of these topics. playlist of the year For the last 4 years, I have been maintaining a ‘playlist of the year’ - a song gets in to this playlist when I’ve enjoyed the song for a few days straight. At the end of the year, the whole playlist becomes a throw back to the entire year - this is a good memory to remember the year by. I’ll be writing a post for every year, with the songs that made it, and a short note on why I liked it. I use apple music primarily, with the occasional few coming up on youtube.

Although intended to be a once-a-year post about the gear I use, this one is a massive 3.5 years late. I wanted to write this out originally before the start of 2026, but a few realizations (explained further below) and lack of equipment prevented me from doing it. This should be a regular, year end post here on. For reference, the older post is here Let’s dive right in. The 12.9’ M2 iPad Pro The all in one, primary workhorse. All my general purpose computing happens on this device. I used to have a 10.5’ iPad Pro earlier, that died and no one would replace the battery - which led me to recycling it and going all in with the 12.9, 1 TB model, along with the magic keyboard and the apple pencil.

I have previously written many times about my stint with Goldman Sachs, albeit as a contractor. To this day, I wonder how it would have been to have converted over to a perm - my career would have gone in a completely different trajectory. I found this paper when I was clearing out my shelf last week - I found this put up at my desk when I first travelled on site, way back in 2003. And for every working day in that stint, I used read this before starting my day’s work.

So, after more than 6 years, I finally retired my research laptop - ‘Arena’. This was literally an arena for me as a test lab and was the start of a long and frustrating road to learn many things. Over the last 1.5 years, I started thinking of replacing this with something that matched my current requirements: something with thunderbolt - the one cable connectivity to a monitor is just too awesome. traditional laptop form factor - A good amount of usage currently is without the use of a table/chair, and with me sitting on the ground sometimes. The surface was impossible to use when not seated on a table. a better display - the surface display was smaller, reflective, and (OMG) the bezels! better computing horsepower - needed a much better CPU than a ‘U’ series processor and a lot more than 16 GB RAM. Repairability - I tend to keep these devices for a long time (definitely more than 6 years), so the ability to perform repairs and upgrades is very important. Impossible to do on the Surface. With that said, the choices boiled down to a few contenders:

Of late, I have been working on immersive labs for quite some time, and I’ve managed to complete around 60 odd challenges (With a few more in progress). Since the challenges are not retired, I cannot publish solutions to the challenges on the public internet - hence, I’m creating this index page to list down the interesting challenges I’ve completed. Each of the entry below has a corresponding blog post that has not been published. I’ll publish it when the challenge gets retired.

Flare-on is a premier windows based reverse engineering CTF that has been running for 10 years now. I’ve attempted the challenge every year and I’ve not been able to go past the first challenge (which is usually a warm-up that takes about 15-20 min to solve). However, that changed this year, when I solved two (yes TWO! 😁) challenges. By the time I reached the third challenge, I had read enough about it from people who had solved it that it was way above my skill levels at this point of time. So, I’m officially throwing the towel for this year. Hopefully, I will be able to get beyond the second challenge next year.

So, LastPass posted a blog post last night with further details on the breach that occurred in Aug 2022. It’s a lot worse than what was thought. To summarise: “Some source code and technical information” was stolen from a development environment. We should assume at this point that the threat actor has access to the entire code base. The above information was used to social engineer a developer to obtain credentials and keys to access their cloud based backup storage (presumably an S3 bucket?) The threat actor was able to use this information to obtain basic customer information and unencrypted metadata. This includes names, billing addresses, mobile numbers and the IP addresses that were used to access the LastPass service. The entire customer data was copied as well - this included unencrypted data like website names and encrypted data (thankfully) like user names and passwords. The blog later on goes on to talk about the encryption used etc, which is probably of no consequence to the end user - rather it gives you a false sense of security that everything might not be as bad as it seems. But I disagree. lets recap the information the attacker has for all customers of LastPass

I finally went and did it - I got my custom domain (www.three10.io) to host my personal website. I was in two minds, but there were a few reasons that pushed me towards hosting myself on a custom domain. I own my content - I learnt this the hard way when the site hosting my first blog (somewhere in 2003 / 2004 I think) shuttered down. I had absolutely no backups, and everything I wrote was pretty much gone. I re-started the blog in 2007 on Google Blogs (a.k.a Blogger), but the fear of losing content was always looming. So, a few years back, I jumped on to GitLab pages and static site generation. Now, All of my pages / content reside on my device, synced to GitLab via Git (what else :D). I don’t have any fear of losing content now. Building out my brand - I’ve had the “310” moniker for a while now, across the web, so it made sense to build out a custom site name for myself that was an extension of my presence online. I could have gone for a more pedestrian “.net” TLD, but the “.io” TLD was too cool (and I paid a premium). I’m hoping this becomes more useful going forward. A more professional online presence - Right now, the top level URL points directly to the blog, but I will be pushing out updates frequently to build this out into a proper website. I have also nailed down the workflows to post content from pretty much all devices I own (including my phone), so updates to the blog should be regular. If you’ve stopped by to read (now, or anytime in the past), thank you for the support - please spread the content if you find it useful.

Nullcon is probably the oldest security conference happening in India - The first memories I have of it are writing a paper / presentation for the 2014 CFP, way back in late 2013. However, its another story that I didn’t send it out. When I joined my current company in early 2014, I saw that they were sending people to the training sessions - I got kicked out of the list in the first year as I was the “new joiner”. The subsequent year, I had a team and I sent people from my team for the next 3-4 years.