NMRC button

Simple Nomad's Blog

sep 2005 | oct 2005 | nov 2005 | dec 2005 | jan 2006 | feb 2006 | mar 2006 | apr 2006

27Jan2006 - SJC Trip

A wonderful trip to San Jose is coming to an end, as I type this at (per the pilot) 37,000 feet. For those of you wondering, no ad-hoc networks were found on this flight. Of course not -- I connected through LAX and that second leg was late at night. Not a lot of ad-hoc inflight action on late night flights (nor the red eyes, nor overseas flights that go on overnight, for that matter).

I had a pretty decent time, considering I was away from home, and it was a work-related thing. My boss/co-worker Madhat was there and we got to eat some really decent Indian food. On Wednesday night I picked up Jennifer from her work. We drove to downtown San Francisco, as Jennifer was speaking at a Dorkbot meeting. The first speaker was Mark Powell, who gave a fantastic talk on food hacking. I actually got a slight amount of freezer burn from eating rasberries frozen in liquid nitrogen. Jennifer's talk was excellent as usual -- an updated version of her ShmooCon talk which she called "Securing Civil Liberties, or Why Geeks and Hackers Should Run the Government", since we are creative and privacy nuts, and "get it". Cool talk. Her husband Brad was there whom I hadn't seen in a while, so it was good talking with him. After the talk we went to dinner (thanks for buying my food, Jen) and I got to see Brad and Jen's house. And work was actually fun. Decent trip.

I am really looking forward to getting home though, since I am getting ready to wrap up the kitchen and start on the next big project -- THE LITTER ROOM!! Oh, wait I mean THE SERVER ROOM!!

Yes the last finishing touches are going into the kitchen, such as trim, the blinds are in, and the various knick-knacks are going up on shelves and the walls. Finally coming to a close. Originally the cat food and water as well as the cat litter were in the kitchen, but we really didn't want to put that back in the new kitchen. So we cleaned out the garage, walled off about 25% of it making it into a part of the house, and we are moving the cat litter and cat food out there. Now as you can imagine, providing real estate for those items really only takes up a small amount of the bottom of a room (even with three litter boxes, as we have seven cats). So I thought I could take over the upper half of the litter room with computer gear, and make it into a server room. A couple of things make it perfect -- for one, I could easily run new electrical circuits for geek gear as the breaker box is in there, and there is a window-unit air conditioner in the room as well. So the plan (when I get back) is to get the circuits in, get the floor in there tiled, and start moving the gear. This will free up room in the office for me to get all my tech books out of the closet, and we have more closet space as well. Win, win, win. Kim is even in favor of the litter room serving double duty as a server room as well. Unfortunately we've been refering to the litter room as The Litter Room enough that the name has already stuck, so it will probably always be refered to as The Litter Room.

The project is a lot of fun, as I plan on rewiring the phone lines, and will probably put in Cat 6 everywhere. I can run the phone lines in very easily, and plan on installing punchdown blocks to make things easier. For the office phone line, I may set up an Asterisk box, since having my own PBX is in order, being the old skool hacker who also did phreaking. There will be some challenges, since I've started collecting old phones (on the lookout for a working Western Electric Model 320 and possibly an old Bell payphone) and these all do pulse instead of regular DTMF. But this is going to rock. And being right off of the kitchen I can probably do a MythTV setup in there and run the output into the LG refrigerator, since it has a cable-ready TV built into the door. Score! More as this project moves along.

25Jan2006 - Spying

As many people who know me know, I am something of a privacy advocate. A lot of my "straight" friends (straight as in non-hacker, non-security, non-intel friends) wanted my opinion on this whole Bush-authorized NSA spying thing that the NY Times reported. I guess they expected me to rant and rave. Instead I've been saying "I told you so". I've been saying this for years -- pre-911 actually. They *all* spy on us -- Nixon, Ford, Carter, Reagan, Bush I, but certainly Clinton and the current King George. This is why they have armies of lawyers, so they can figure out how to make the illegal "legal".

Granted I've never seen such disregard and blatant abuse as with this current administration. I mean to come out and say "hell yeah, we're doing it" is actually rather shocking. But I was not surprised. But anyway I digress. I bring it up due to an act of civil disobedience that happened in Georgetown yesterday. I got chills reading it. Rock on. The students' protest even made the New York Times.

Tonight I'm going to hear Jennifer talk at rxGallery where she will be fighting the good fight and bringing it up. Her point is that geeks and hackers should run the government, since we would make it fair and safe due to our ability to design secure systems that protect privacy. Amen sister, amen.

On a different topic, since several of you asked, Torin's tattoos were IMO tasteful. On one wrist it says Mercy and on the other wrist it says Wrath. Not bad for a young punk kid.

20Jan2006 - A Million Monkeys on a Million Computers

A million monkeys on a million computers. What am I talking about? Why the press of course.

See, here is the sad thing about all this. I brought it on myself. I found a flaw and released it to the public last Saturday during ShmooCon. This is not a great bug -- in fact there were a lot of other more technical talks that covered more. My talk had about 20% content and 80% geeky nerd hack jokes. I mean I was at a hacker convention, in front of a few hundred strangers who *knew* it was lame yet interesting. See the blog entry below for the good and bad that is ShmooCon (basically all good). But apparently the press is really looking to write about Microsoft, or WiFi is hot, or whatever. So the story of the DANGEROUS WIFI FLAW was spread far and wide.

The funny thing is that the bulk of the articles were researched by simply reading other articles. I hate to even address these articles as being written by reporters, although if one "reporter" made a mistake, another one repeated it, and you eventually end up looking like a fool. Most of them missed the point, although a few got it right. Of course Vernier was thrilled with the attention, being my employer and being that they got more press mention from my byline than in the last 6 months, including some more mainstream press.

I stopped counting at around 20 articles, including some blog mentions. If you are that curious, read the advisory first, read a decent article like this one by Eric Griffith, and then read one where someone completely fucks up like this one by Tom Espiner that got enough of the facts wrong that when he asked questions to other "experts", they give wrong answers. I had some goofy blogger guy talking about what an idiot I was, and he was basing it all on this article. Fuck them all. At least Eric read my stupid advisory and formed his own opinion. I think it is called "research". Wake up, The Press. Overall, you suck.

If you care, I was interviewed on Cyberspeak, which is a security podcast show. So you can listen to me drone on about that stupid bug. Bret and Ovie were pretty cool about it all, and for a couple of bit heads they did all right. And the podcast in general is pretty decent, I've started downloading a few of the older shows and listening to them.

On a completely different note, I'd like to recommend a book I read recently. It is an autobiographical memoir by Bigfoot called Me Write This: It Bigfoot Memoir. Now you should buy it, it is very entertaining, but if you are a bit reluctant go to Barnes and Noble and just sit down and read it in one of those big chairs. I think half their customers treat that place like a library anyway.

17Jan2006 - Hack Talk

So I gave the same talk in two places this past week. The talk was called "Hacking the Friendly Skies", and I gave a G-rated version to the joint North Texas ISACA/IIA luncheon in Dallas on January 12, and a R-rated version at ShmooCon. I say R-rated for strong adult language and mild violence against an operating system.

The ISACA/IIA talk was fun -- partially because it was the first time for the talk, and partially for the crowd. It is a weird crowd for me to speak in front of, since I am pretty sure they are used to more straight-laced speakers who dress nice and talk about some fairly conservative and safe topic. Nothing against that, but for someone like myself that is so boring. I basically took my ShmooCon slides and removed all of fucks, shits, and other pearls of the English language I normally pepper my sentences with. It seemed to go over pretty well -- there was a crowd of about 325 there for the talk. This marked the 3rd year in a row I'd done the luncheon, and while I felt like some type of freak on display, it was a great experience. And being a freak on display isn't a bad thing anyway. You look at the positives. They seemed entertained, they might have learned something, and when I drove home I did NOT drive home in the universal symbol of someone who has given up -- a minivan.

Now ShmooCon was basically the opposite event. At the Marriot Wardman Park hotel in Washington, DC, I had a great time, saw a lot of friends I hadn't seen for a while, and drank a decent amount of alcohol. But no minivan-driving conservative types at ShmooCon!

And NMRC was decently represented with myself, HellNBak, and Madhat all either presenting or participating on panels. Additionally Raven was there and it was great to get to see her. Friday at the con started off well, and the talks were good. In complete violation of hotel rules (and with a couple of well-placed bribes to underpaid hotel employees by yours truly), HellNBak, Madhat, Toby, and Chris Farrow led a BoF on the good and bad issues surrounding Network Access Control solutions while serving liquor. Being that I work for one now was interesting (working for Madhat, actually), but most entertaining was the fact that everyone that asked a decent question or made a decent point got a shot of vodka or crown or a crown and coke. Couple that with eEye mini beach balls being thrown around with opinions abound, it was a controlled chaos session. Having four good friends on the panel meant that my glass was only empty when I drank the last of the vodka they poured me, but I remained sober enough to deal with the hotel staff. One guy came up to me and said "they can't serve liquor in here" and I said "you're right, they AREN'T serving liquor in here" while handing him a $20. I told him if he could help I'd appreciate it, and he did. I felt dirty at first, but then I realized I was in DC so that pretty much made it not only right, but expected.

Of course that really wasn't the only trouble we caused. It seems some type of Amway goofballs (or Quixtar or whatever they call themselves now) were having a MLM convention. There were about 4000 of them compared to 800 of us. And they were all fucked up tie-wearing sheeple robots, and as we couldn't help but walk around and through them we quickly started learning what their "Dream Maker" conference was all about. As one might imagine, hacker types are all about the truth, none of this lame pyramid-sounding bullshit. So as we learned what they were doing, we decided they needed some truth and reality dosages. Unfortunately for them we were regulating the dosage levels as we saw fit.

The first interactions we had were in the elevator. My buddy Druid (cool DFW-area hacker) and I were on our way to our respective rooms -- me in all black including my trenchcoat wearing my sunglasses indoors and Druid in literally all green including his bright green hair -- and a group of clean-cut 20-something suits were on the elevator with us. One of them said, "so what kind of convention you guys having, a video game convention?" Druid and I kept our stony faces on, and with complete deadpan seriousness told them, "no, it's a hacker convention". They were laughing as Druid stepped off of the elevator on his floor, saying things like "really? no kidding?" with wide-eyed fascination. I pointed to one of the guys' laptop bags and said "I wouldn't use the hotel network with that laptop if I were you." They all were laughing over that comment as I was stepping off of the elevator, so as it started to shut I stopped it closing with a firm hand and looked at all of them, paused dramatically, and said "seriously". The laughter stopped, they looked like deer in headlights, I waited a beat, and let the door go. Fuckers. Video game conference my ass.

After a couple of talks a group of us headed out to eat. Italian food. Met Rick Forno in person for the first time, what a great guy. Obviously insane because he wanted to hang out with us. We sat outside in spite of it being winter as it wasn't too cold, so we had the patio to ourselves at this restaurant on Connecticut Avenue. Probably a good thing. At one point Madhat decided to start punching HellNBak, and HellNBak decided he should return every punch Madhat attempted to land with two landed punches, and we had to break them up once they started knocking shit over. Pedestrians were fairly shocked by our conversations -- this just looked ugly. Believe it or not the waitstaff was totally cool over our behavior. As we started collecting cash, Chris Farrow only had plastic and finally just handed the waiter his card and said put it all on here and I'll take the cash. In a heavy Indian accent, the waiter pretended he had already given Chris the cash back, making for a fairly uncomfortable moment for Chris. The waiter was even faking not knowing english very well. He eventually handed Chris the cash, causing all of use except Chris to roar with laughter, who simply looked more relieved than anything.

Back at the hotel a few of us went to a private party with tons and tons of alcohol thrown by the ToorCon folk who were there supporting Shmoo and their con. It got real loud, I drank a lot of vodka, but was sober enough to know that after the third visit from hotel security over the noise with a threat of police, it was time to go. So I made my way down to the hotel bar. I also got to hang out with Visigoth, who when at DefCon is usually too busy with CTF to party, so that was fun hanging out with him.

Now at these Amway MLM conventions, there are "mentors" who try to rally the sheeple constantly, by giving them heavy doses of mind-control pep talks. And they were doing this "impromptu" throughout the lobby, including in the lobby bar. At first it was harmless prank stuff -- hackers would walk into the circle of 35 MLM zombies with video cameras filming them up close, snapping photos etc.

Now one of the things the kind ShmooCon people did was supply people with ping pong balls that ShmooCon attendees could throw at speakers doing poorly. Kind of a method of calling bullshit on someone. And a few people had managed to procure ping pong ball guns. So into this bar walks myself, Chris, HellNBak, Visigoth, and a few other people.

We spent the first few minutes there trying to break into the point-of-sale system, which consisted of me blocking the view of the bar and throwing out possible passcodes for the admin section of the PoS, with HellNBak typing away furiously. Once we finally got in, I got rather bored as HellNBak couldn't figure out a way to steal drinks and went off to talk to some friends. HellNBak also got bored. So he started his "scare the straights" scenario. He started off mild, going up and talking to Amway sheeple young women with such gems as "hey you're kind of cute, do you do anal?" and other such things designed to startle and shock more than garner him a partner for a triste. Later on people started encouraging HellNBak to do more, rewarding him with more drinks, and HellNBak starts yelling at the Amway circle jerk going on.

When I say he was yelling, I mean he was literally 10 feet away from them yelling at the top of his lungs such things as "AMWAY RULES!! IT IS SO NOT A PYRAMID SCHEME!!" Remember I mentioned the ping pong ball guns? People were shooting these at the Amway people who were trying to ignore HellNBak. Loose ammo would roll around on the floor, so they would either be quickly loaded into a gun and fired again, or thrown at high velocity aimed at Amway skulls. Now this wasn't as bad as it sounds since most ping pong ball guns are not accurate and most hackers can't throw balls or play any physical competitive sports (there is a reason we are good at computers, we are geeks, not jocks).

In all honesty, this was somewhat rude behavior on our part, but I honestly thought they'd start acting goofy back at us, and we'd end up drinking with them or something. I mean, we get along perfect with the Feds that attend out conferences, and frankly there were Feds there for ShmooCon throwing shit along with us. But nonetheless they didn't like us interfering with their "impromptu" mind control sessions. Someone said the police were called, and I made sure the guy telling everyone the police were on the way told HellNBak, and I left the lobby quickly. The hotel security and police did break up things, preventing a near riot fueled by vodka, Red Bull, and ping pong balls. The next morning HellNBak apologized profusely to the ShmooCon organizers, to which they said no big deal, and kept asking HellNBak what parts of the stories were true. HellNBak couldn't remember all of them. A few of them came up and said "I heard this bullshit about HellNBak hitting on girls for anal and yelling at the Amway dweebs, that didn't happen, did it?" Of course it had, I had witnessed it, and confirmed the stories. What fun.

Day two of ShmooCon brought its own adventures. In spite of Jennifer Granick's keynote being at 9 fucking AM, I told her I would be there. And I made it there. Great talk. Later in the morning I gave my talk to a standing-room-only crowd who seemed to really enjoy it a lot. I did a couple of press interviews as well.

At 4PM HellNBak, Chris, and Madhat had signed up to lead another BoF. No mini eEye beachballs this time, but about 5 times the liquor. And I didn't have to bribe anyone and got very lit. The discussion was over developing an Anti-SANS training program -- basically a cheap alternative to what is an extremely expensive training and certification program.

Dinner that night was fun -- I went out with Kevin Mitnick who I hadn't seen in a while, along with a few other people, like Darcy and Brianna, Druid, a few people that simply got into the van with us, and a few old school hackers. I won't mention any names, but I had a blast talking about mutual friends from LOD and MOD, X.25 pads, gopher holes, and general abuse of telephony with some guys that were around and were on both sides of the fence (a former telco security person was there as well).

After some great Ethiopian food, it was off to the ShmooCon-sponsored private party at FUR, a trendy nightlife hangout for a bunch of young attractive people that couldn't give a shit about us. We were the creepy black-clad nerds, while they were the trendy, sophisticated, and chic nightlife of DC. In fact, that was the dress code for the place "sophisticated and chic". Honestly. Fortunately we were in a private room with our own DJ.

Due to a mixup with the management at FUR, people on the couches were being told in our private room to leave to make room for the regulars. This started at 11:30 in spite of us having the room until midnight. They also kicked DJ Keith out at around 11:45 or so, killing out west coast buzz that Keith was so good at laying down. Fuckers.

Back at the hotel, the bar was shut down. Jesus christ, was that preemptive? I went up to the room and probably got to sleep around 2am, which is impressive considering the noise from other rooms. I didn't care, I was wiped out.

The next day was mellow, and didn't start until 10am thankfully. I managed to catch a couple of talks (I had missed several the day before due to press interviews), and the con wrapped up nicely.

Oh and the talks! I saw a decent amount, but the standouts were Dan Geer and Jennifer Granick's keynotes, Bruce Potter ranting at the beginning and end of the con, Fyodor, Dam Kaminski, and several of the BoFs. Not just because two BoFs served liquor illegally, but I really seemed to gravitate to the BoFs which were very interesting even if I didn't have anything to say or add myself. BoFs rock.

All in all a great con -- saw a ton of friends and as usual came home with a bunch of ideas for hacking projects, which is great for me. I love the energy I get from these events. And ShmooCon is one of the best cons around.

03Jan2006 - (Still) Almost Done

The kitchen is (still) almost done. The tile guy came out and said there is no way that he or anyone on his crew would have agreed to grout the tile the way we asked without a serious discussion on why it would be so hard and how long it would take. Once he said that, the main contractor who subbed him out to our kitchen completely forgot the conversation about the tile he confirmed and remembered having with us on the subject, after acknowledging it on the phone the day before. Our tiles were chosen for their porous and rough hewn look, and the tile guys grouted in all the charactistic holes that looked so cool. The contractor said they could easily not fill in the holes. Anyway the tile guy will call this week and set up a time to come back and try to drill out some of the grout from the holes in the tile (not in between them) and try to make our kitchen look the way we thought it was supposed to look in the first place. A fucking mess. The bottom line is that the contractor sold us one thing and delivered another, trying to blame the subcontractor he hired who was left in the middle. We are obviously bypassing the contractor now, who is refusing to cover the additional costs, and dealing directly with the tile guy ourselves.

Torin turned 18 yesterday. Had a nice big meal at Texas de Brazil and Torin is actually threatening to get a job. Of course his birthday money went to getting some tatoos last night, which I haven't seen yet. Hopefully nothing too regretful that he will be wondering why he did it in five years.

My New Year's Resolution this year is another in a series of resolutions that are designed to be fun to obtain. Most people have painful resolutions, like to quit smoking or sticking to some horrendous asspain diet. Most are painful, and most fail anyway. So I've started coming up with New Year's Resolutions that are not only obtainable, but you want to obtain them. One year the joint resolution with Kim was to have sex 365 times over the next year. We didn't make it (that is seriously a lot of work) but we sure had fun trying. Two years ago it was to "rock hard every day all year long", followed up with last year's "rock even harder every day all year long". This year? STICK IT TO THE MAN AND ROCK LIKE FUCK ALL YEAR LONG! Can I stick it to The Man? Yes. I start with my ShmooCon speech next week. That is so doable and so going to be fun making it happen. Can I rock like fuck all year long? Yes. As most of you know, I was born to rock. So doable and so fun.

As a side note, I watched Anchorman with friends over the weekend, so I may add drinking Scotch to the list, just for (more) fun.