Log in

No account? Create an account
entries friends calendar profile adric.net Previous Previous
nil.enroll(aetheric_username, quantum_class_id)
yljatlhQo'! QIch lo'laltbebej!
Please *do* glorify some great hackers and not crime Re: "Stop Glorifying Hackers"(sic) from the M. McWhorter, I'm sorry you had trouble safely sharing data with yourself online using free and inexpensive services. How much extra would you be willing to pay for safe versions of your online services? Equally I am sorry you did not value the free (to you) advice of the professional at Earthlink who advised your to secure private data offline as it was good advice given in good faith. You could pay a great deal to get worse advice. The majority of your editorial seems to be aimed at journalists, whom you chastise for glorifying the exploits of online criminals. That's a valid complaint, though hardly specific to online crime. Many of the problems with modern journalism are related to the economics of publishing, including the dominance of "if it bleeds it leads" editorial decisions. Instead I would caution your target audience and yourself about words: diction, connotation, and meaning. The words that you choose to use have meanings and even political significance that you would do well to pay more attention to. Decrying the criminal activities of "hackers" in one sentence and then asking where all the "white hat hackers" are demonstrates your ignorance and does nothing to help anyone. The hackers are the good guys and your rhetoric isn't going motivate them (us) to help you much. Regards, Adric Net BBST, CISSP, GSEC, GCIH, GCIA, LPIC-1, ITILF, AS CS, AS Psy. http://www.nytimes.com/2014/03/09/opinion/sunday/stop-glorifying-hackers.html Originally on G+ here: https://plus.google.com/102299631906745519234/posts/9du7rqrSY81

Current Mood: annoyed annoyed

Leave a comment

The Keanu movie about the ronin was not as bad as the trailer led us to believe it would be. I saw it in a theatre with an aikido afficianado and she was also somewhat shocked by its overall quality, some aspects of the plot, and the treatment of the end of the story.

The second Hobbit movie is very good though I don't really enjoy the roller coaster sequences, as impressive as they are. I don't think the old don would know what to make of them... still it is nice to have more screen time and more of the concurrant stories. Oh and the synthetic elf captain is an interesting character and quite fetching.

American Hustle was really good. Some tremendously sexy bits and a lovely twirling plot. If you at all enjoyed any of their previous work, you should not miss this. And if you aren't already slightly obsessed with, say, Jennifer Lawrence you should watch Silver Linings Playbook. and The Hunger Games movies. But not Winter's Bone.

I quite recommend the Divergent trilogy of post-apocalyptic juvenile novels. In fact I like them more than The Hunger Games overall. This is entirely due to Katniss and Tris, in that I didn't like Katniss anymore after part way through book two but I was with Tris all the way through to the end.

Speaking politically about the characters and stories for a moment: Katniss starts off with some agency and sheds most of it through the course of the story. Tris starts off with only a little and takes more and more onto herself. Katniss sacrifices others, often unintentionally. Tris sacrifices herself throughout her story (while sometimes putting others at risk).

Leaving the soapbox I am apprehensive about the Divergent movie coming out soon. I got bad vibes from the trailer .. like The Golden Compass bad.. *shiver*.

The Wolverine and the X-Men show (Netflix) from earlier this century was pretty entertaining, once you give up any thoughts of canon (Since any fan (past or present) of X-Men or superhero comics know canon and continuity only as cruel jokes this should be easy). I actually liked the story they told and mostly buy how the stitched the various characters into it (except Erik who [spoilers redacted]). The only really bad spot is the Japanese visit ... instead see The Wolverine movie which is more fun, and slightly less insulting to intelligence (generally) and Japan's culture.

We haven't finished Hobo With A Shotgun (Rutger Hauer) but it is truly a remarkable thing. I rewatched Four Rooms and even skipping a lot of bits regretted the time overall. Farscape is back on Netflix and so I put it on as background sometimes. Hikaru hasn't come back s no progress there but Trigun is available with real audio and subtitles, fond memories (fan subs were better).

I tried Hulu. It has commercials and the video quality was worse than expected. No sale.

Thanks to an Amazon card (from vendor's Christmas guilt) I've been indulging in Kindle purchases and catching up on my Stross.
I finally read Neptune's Brood  and am two-thirds through the re-issue of the first part of The Merchant Princes. In both cases Stross is not only a thrilling and sneaky writer but a terribly educational one .. especially about economics and finance, though certainly political science, history, technology, nuclear physics, and of course the complexities and contradictions of the human condition. Oh and I read Rule 34 the follow-on Liz novel to Halting State which trilogy will not be completed as intended. that one teaches you about depravity and Scots slang, along with the rest.

I made a bit more  progress on the Kate Daniels novels by Illona Andrews. They are so much fun and quite clever. Some near-Jim Butcher levels of sneaky seeding of the major plot has been going on ... (I refer to the Dresden Files. Read 'em. Next book is out in May so you have a few months to catchup.) and Kate has ended up with a family whether she wanted one or not.

Courtesy of a silly promotion in October I found out that Audible has some of the The Great Courses series from The Learning Company (as advertised in expensive magazine) and I've been slowly working my way through their mythology lectures: first a relatively quick survey of classical myths and now I'm getting towards the end of a longer, more in-depth course called "Myth in Human History". It's really interesting stuff not only with the individual myths and goddesses but the themes he draws from are wonderful. This course contains units on creation myths, gods and goddesses, heroic mono-myths, and tricksters (so far). Really excellent and thought-provoking. The discussion of the effects of nomads on agricultural societies, and their gods and myths are wonderful and all but forgive the time wasted on Freudian and Jungian 19C gender politics.

Telly? The third American Horror Story is really fun. They seem to have no shame and are taking full advantage of their setting (New Orleans). Lost Girl continues to be more amusing than expected (Netflix through season 3). The Witches of East End
was better than expected and Devious Maids was pretty fun with a few rough spots. We really liked Continuum and are looking forward to more turning up on Netflix. The cop mystery show Life only has two seasons but it is brilliant and ends well .. really well. You should watch it all. Fringe ended up rather well, though it is pretty hard to get through parts of season 4 and5 (She couldn't stay awake to get the intro to the future storyline).

We see almost every episode of the Stewart and Colbert news hour (if not quite on time) and @midnight is actually pretty fun. It's a bit too lively for bedtime, really.

Who? I really enjoyed the 50th anniversary "Day of the Doctor" show and all the little homages and touches. I liked the Christmas special well enough and am curious to see what the new chap will be like and where the writing is going after all of the build-up and , well, timey-whimey plots of the last few companions... We'll see how they do.

How about you lot? What have you enjoyed reading, watching, browsing, or falling asleep to of late?

Tags: ,

2 comments or Leave a comment
Or sign # 875,675 that I should have gone to university at age 12 or not at all: further punishment for taking AP courses
I took AP courses and exams in high school in the twentieth century (1993-1995 CE) before your web site existed. Despite that universities continue to insist on AP score transcripts and I am trying to get some sent. I have registered a username on the College Board site but am unable to complete account verification because I do not know my student ID nor was there (as far as I recall) an email address entry on my score sheets.
I appreciate any help you can provide.
Very respectfully,

Tags: , ,

Leave a comment

Do you want to know more?

Want to learn more about memory analysis?

  • Install Volatility or grab SIFT VM
  • Get memory image samples from:
    • Volatility wiki: https://code.google.com/p/volatility/wiki/PublicMemoryImages
    • HoneyNet: http://honeynet.org/challenges/2010_3_banking_troubles
    • Book:
  • Practice, practice, practice
    • Image your own hosts and analyze them
  • Write about what you find out!
Want to learn more about (web) application security?
  • Install proxy tools and browser plugins or get Samurai WTF
  • Get sample vulnerable web apps :
    • Samurai includes WebGoat, Mutilidae, and others
    • Google Gruyere: http://google-gruyere.appspot.com/
    • BodgeIt Store : http://code.google.com/p/bodgeit/
    • Book: The Tangled Web : http://lcamtuf.coredump.cx/tangled/
    • Read, participate: OWASP:  https://www.owasp.org/index.php/Main_Page
  • Practice, practice, practice
    • Test your own apps in the lab
  • Write about what you find out!
What to learn more about host forensics?
  • Get SIFT and FTK Imager (etc)
  • Get sample images and challenges:
    • HoneyNet Challenges: http://honeynet.org/challenges
    • EH Net Challenges: https://www.ethicalhacker.net/category/features/skillz
    • Advanced Digital Corpora: http://digitalcorpora.org/corpora/scenarios
    • Book: File System Forensics Analysis: http://www.digital-evidence.org/
  • Practice, practice, practice
    • Image your own hosts and analyze them
  • Write about what you find out!
Want to learn more about network monitoring, network forensics?
  • Get Security Onion and SIFT
  • Get some sample captures and logs:
    • /opt/samples in SecurityOnion
    • Wireshark's samples wiki :http://wiki.wireshark.org/SampleCaptures
    • (Network) Forensics Contest . com : http://forensicscontest.com/
    • Advanced: Johannes packet challenges:  http://johannes.homepc.org/packet.txt
    • Book: Practice of NSM and samples : http://nostarch.com/nsm
  • Practice, practice, practice
    • Record, monitor, analyze your own networks
  • Write about what you find out!
Want to learn more about artifact analysis and reverse engineering malware?
  • Get REMnux and demos of IDA, Hopper. Download OllyDbg
  • Get some sample files:
    • Contagio : http://contagiodump.blogspot.com/
    • VirusShare : https://virusshare.com/
    • your inbox
    •  Book: Practical Malware Analysis and exercises: http://practicalmalwareanalysis.com/
  • Practice, practice, practice
    • Dissect and analyze the files around you
  • Write about what you find out!


Comments appreciated. Live wiki doc is at http://f.adric.net/index.cgi/wiki?name=LearnMoreSecurity

Tags: , , ,

Leave a comment
There were some interesting opinions expressed about recent news events at the meeting Saturday but when I asked if anyone had done the reading I got a lot of blank stares. This distresses me quite a bit since hackers and security "people" should be more educated and informed on these issues than the general public -- not less. This is our history, frankly, even if you don't work for a government and you should know it.

I'm carefully not taking any sides in the debate about surveillance and oversight here. I do encourage anyone interested in these topics, and especially those outraged by events or revelations to study the history of intelligence and cryptography to hone their opinions. The nation should debate these issues publicly and informed debate is the only way to try and find a balanced answer to such a complex problem

In the meeting I asked how many people had read "The American Black Chamber" and no one said they had. That's unfortunate because that book and the results of its publication represent one of the previous times there was a national debate on this very topic. The Secretary of War at the time , one Stimson, was heard to famously declare: "Gentlemen do not read other gentlemen's mail." The results of his attitude and actions are worth noting. https://en.wikipedia.org/wiki/Black_Chamber

To understand more broadly the questions about government, secrecy, intelligence, and so on and the previous answers you should certainly read David Kahn's tome "The Codebreakers" which is arguably the most thorough publicly available account of the history of secret writing. He starts with the ancient civilizations and moves forward through to the late 20C. At the time of writing he wasn't able to include much information about Bletchley or computers, from which all modern computer science as well as most modern cryptanalysis stems along with the outcome of WWII and thereby the history of the second half of the 20C and most of the current geopolitical mess.**

An easier read , and perhaps a bit more fun, is Simon Singh's "The Code Book". https://en.wikipedia.org/wiki/The_Code_Book. Wiki says:
"The Code Book covers a diverse set of historical topics including the Man in the Iron Mask, Arabic cryptography, Charles Babbage, the mechanisation of cryptography, the Enigma Machine, and the decipherment of Linear B and other ancient writing systems. Later sections cover the development of public key cryptography and some of this material is based on interviews with the participants, including those who worked in secret at GCHQ. The book concludes with a discussion of PGP, quantum computing, and quantum cryptography. "

Oh and you should know about the "equity debate" inside NSA, referred to recently by Schneier in his blog by back reference to one of his old posts:
"America's Dilemma: Close Security Holes, or Exploit Them Ourselves" By Bruce Schneier Wired News May 01, 2008

If you want more food for thought or have other remarks, please share.

Hope this helps,
Adric Net
adric at adric.net

PS Hey let's all sign our emails and see how that goes?

** If you believe this statement to be hyperbolic or exaggerated then you likely have a lot of history to catch up on. Also, Bletchley is a very cool place to visit. Do go out there some time if you have the chance

Current Location: home office
Current Music: ef

2 comments or Leave a comment
I got through a bunch of comics and some audio on the little mini-vacation we took around Memorial Day weekend. I'll add these to http://f.adric.net/index.cgi/wiki?name=Fun+Reads too later. Comics, from Comixology
  • finished up Death of the Family a much hyped Batman and Joker story arc / crossover
  • The Walking Dead collections Vol 9-13
  • Bandette #1 and #2, from Monkeybrains
  • Girls (2005) complete collection by the Luna brothers
  • Eisner award nominee The Mire
  • and the free teaser of Wizzywig
Audio from Audible
  • started Cloud Atlas
  • a bit of The Lost Symbol before she chickened out
Leave a comment

I try to take advantage of the malware samples in my inbox every day to practice analysis and learn cool news tools. A previous post covers some of the basics.

This week I got an "eFAX" message with a zip file attachment that was quite suspicious so I dug right into it. It's defintiely a Win32 PE file (exe) inside the zip despite the Adobe-esque PDF icon it's using and although ClamAV didn't find anything VirusTotal confirms that most of the planet thinks it is bad news indeed. Here's the VT and Annubis reports for the binary.

From there I tried to apply some of the techniques I am reading about in Practical Malware Analysis1 an awesome book that walks through the proceedures and tools needed to disect and analyze files. I'm just starting the book and have been reading about the Windows Portable executable format, so PE header analysis, I chose you!

PE Header analysis, I chose you to battle the mysterious eFAX DIGIT 30!Collapse )

Tags: ,

Leave a comment
Bruce Schneier's 19 March 2013 blog on DarkReading "On Security Awareness Training: The focus on training obscures the failures of security design" is making headlines with his bold assertion that "training users in security is generally a waste of time and that the money can be spent better elsewhere". The piece argues by examples from other fields of health and safety education that complex decision making can't be easily taught to a large population in an effective way and that if security awareness training as enacted in the past 20 years was effective we would see commensurate change in the behaviour of the population. Schneier’s standing as a cryptographer and esteemed author gives tremendous weight to this controversial argument.
Although Schneier's editorial is more persuasively written and less overtly provocative he is essentially arguing a similar point as Immunity's Dave Aitel did in his 18 July 2012 editorial on CISO Magazine "Why you shouldn't train employees for security awareness: Dave Aitel argues that money spent on awareness training is money wasted". Aitel’s recommendation is to eliminate awareness training and instead fund secure development and software testing to harden systems so that user behaviour isn’t so dangerous to the organization: “It's a much better corporate IT philosophy that employees should be able to click on any link, open any attachment, without risk of harming the organization”.
Aitel's piece provoked  much discussion and many online rebuttals1 and Schneier's post has already generated some well-reasoned responses. Benjamin Mauch commented to link to his spirited rebuttal "Security Awareness Education". He is quite passionate about security awareness and has given talks on security education including one recently at Derby Con. Mauch argues that the mechanisms of training in common use, such as computer based training and quizzes, perform poorly but that engagement and education of users to develop a User Defense "layer" is effective and vital to defense.
Mauch's colleague Dave Kennedy, Founder and Principal Security Consultant at TrustedSec, posted his own response to Schneier's post titled "The Debate on Security Education and Awareness". Kennedy outlines his concerns with the general ideas in Schneier's post and then examines a handful of the arguments quote by quote from the DarkReading post. He on expands a few of the metaphors (eg driver education) and shows how a broader interpretation of them supports a different view.
1 Rebuttals to Aitel include:


Leave a comment
In deference to the Universe's inimitable ability to make better idiots I've disabled anonymous comments on this journal.

If you have something to say, login to LJ or some OpenID provider or send me an email.


Current Music: Mai Yamane - See You Space Cowboy... | Powered by Last.fm

Leave a comment
This was us:
DC3 Challenge 2012 - Final Team Scores - Peachtree

See all the results for the 2012 competition at http://www.dc3.mil/challenge/2012/stats/leaderboard.php

Registration for the 2013 challenge opens on the 17th, so get ready!

Tags: , ,

Leave a comment
A review of Liars and Outliers by Bruce Schneier

Bruce Schneier is an accomplished author and security expert. In my line of work, information security, I've studied his books before and I read his writing almost daily as his opinion is of great value and often quite interesting. If you've already read one of his books or if you already know what security is(something about keeping DAD away from your CIA) you should have already read Liars and Outliers (if not go buy a copy) and may not get as much out of this review.

As a much lauded and often quoted security expert, accomplished cryptographer, and prolific writer about security technology and politics Bruce Schneier has well established standing to ask questions like: "What is security? What is trust? How do they work? Where did they come from?". He, like many of us, has been searching for good answers to these questions for many years and many people already use his previous answers to these questions in the work and life. From his standing at the top of the field and his success in influencing how everyone thinks about security and trust issues in society (he coined the term "security theater") he not only gets to seriously consider these questions but is likely to come up with new well thought out answers that will influence the world.

This is not a book on how security technology works internally. Instead the author explores how morals, social and societal pressures, security, and others factors influence and shape who and what we trust, for what, and even a bit of why.

As such the audience is much broader than some of his earlier works. This book will provide valuable insight and entertainment to the general science layman who has enjoyed works by Gleick, Singh, Gladwell, or other popular science authors and it should not be missed. It provides and provokes questions and answers key to human existence and help you understand why you do what you do personally, socially, and politically.

Read more...Collapse )

wiki: http://f.adric.net/index.cgi/wiki?name=LandO

Tags: , ,

Leave a comment

Having all but wrapped up my studies of SEC 503 and stealing a few hours from SEC 401 (teaching it Tuesday nights) and Liar and Outliers (reading a review copy) this afternoon I made good progress with Security Onion 12.04 beta which I've been fooling around with on the lab network at home.

I've got SO beta running monitoring two network interfaces, with Snorby, Squert, squil, and even ELSA all working in their most basic forms. This is all credit to the Onion but I've fussed with previous betas for quite a while off and on trying to get it all up and running so that was pleasant to finally achieve.

I finally found and applied the patch that let's sguil pivot to Wireshark on Windows. This makes sguil even more awesome, though it's age is starting to show. It requires an older version of Tcl/Tk to run and has no IPv6 support :(

I've added some trivial rules to local.rules. All of the tools are seeing them and alerts fire, are categorized, hit the database , show up in reports, as expected. Sguil even gets the rule definitions and pcaps, though snorby doesn't like to find my rule definitions. As above this is exactly what is supposed to happen, but it's cool to be able to add rules, reload the rule configs, reload web pages and see the alerts register. I should be able to make more sophisticated rules using what I learned in SEC 503 when I bring the books home.

So, what did you do on Saturday?

Tags: , ,

1 comment or Leave a comment
Mac Installs post-Mountain Goat upgrade

These are some things you (I) need to install on a new Mac these days to get any work done. Mostly these used to be installed, in the installer, or available on the install disc but now you have to fetch them all yourself.


You probably want the XCode developer applications suite even if you aren't a Mac or iOS developer. You definitely need it if you use macports, fink, homebrew or the like to get your compilers.

XCode is available in the app store, no charge once you login. It now live in one big bundle /Applications/XCode.app and /Developer is entirely depreciated, wow.

To get the llvm compilers and build tools, need to update compiled software or build anything from source you need the "command line tools for XCode. You can get these in XCode Preferences on the Downloads Tab or by downloading them straight from Apple's developer site (login required) where they will be named something like "Command Line Tools (OS X Mountain Lion) for Xcode - October 2012" Once XCode preferences finishes you will have the tools you need without any ceremony. It's worth poking around in the XCode preferences Downloads tab for other things you might want such as back-version development tools, documentation, simulators.

X Window

The X Window system used by most Unix systems works great on OS X but Apple no longer ships or develops it. Get it from its home at XQuartz: [http://xquartz.macosforge.org/landing/]. You'll need this to run common awesome Linux apps on your Mac like GIMP, Scribus, and Inkscape as well as for most any UNIX programming.


My Mac demanded A Java 6 runtime on startup to run one of my startup item programs in a little modal popup dialog. That seems to have worked and got me java and javac 1.60._35 but didn't get Java 1.7.x. which is the current version and needed for some apps ... ETA Oracle distributes Java  7 for Mac and has a information page here: [http://docs.oracle.com/javase/7/docs/webnotes/install/mac/mac-install-faq.html]


Apple charges $30 for the server admin tools to activate / configure the UNIX server software that is built into the OS. They traditionally had pretty good server admin GUIs but that was when OS X Server was its own product and they sold server hardware. I paid my tax to the App Store for the privilege of re-enabling the one public file share I had on this machine before its unfortunate upgrade. My files had been moved by the OS X installer to '/Library/Server/Previous/Shared Items/Public/' and the old shortcuts no longer worked. I'll be following this guide if Server.app ever stops spinning: [http://krypted.com/mac-os-x/setting-up-file-services-in-os-x-10-8-mountain-lion-server/]

Apparently it's deleting those files now, if I'm reading the log right. I'll be miffed if I have to restore them from backup again...This log named ServerSetup.log hasn't updated in 20 minutes and you can see it in Console.app:

16:06:33.711 Starting extras with arguments: --sourceRoot /Library/Server/Previous --targetRoot / --purge 0 --language en --sourceVersion 10.7.4 --sourceType System

some ports

To get the UNIX applications you are used to having or want to hack on you will want one of the ports systems .. unless you enjoy compiling everything by hand in which case, have fun, go nuts.

I seem to mostly be using macports these days, though fink is fine and many people swear by homebrew and stranger things still.

Get MacPorts from their main site: [http://www.macports.org/install.php] or fink is over here: [http://www.finkproject.org/]

Permalink for article: http://f.adric.net/index.cgi/wiki?name=Mac+Installs

Tags: , ,

Leave a comment

Movies: Loopers was excellent, on par with Inception and On Time for good entertaining movies with actual plots and thought provocation. In a completely different way the new Dredd and Resident Evil movies were quite entertaining and all the more so because they almost entirely lacked a plot or any provocation to thinking -- in fact the blessedly brief moments when they relaxed on the fan service to attempt such things were the low points of either film.

The fan service was particularly strong with the new RE movie. Lovely lovely ridiculous costumes ... including one in my new favourite shade of purple. Almost worth her character being blonde this movie rather than the much better dirty brunette hairstyle of other films. Another positive note is that Ms. Jovovich has put on a little weight and looks much better for it.

Gaming: The new Batman film was disappointing but Arkham City looks to be as good as hyped. Guild Wars 2 launched well and is every bit as excellent as one would expect from the team at ArenaNet. I look forward to playing alot morw GW2 in the future but for now most of my game time is being spent trying to finish the story of my primary toon in The Old Republic while my attention holds / before the game dies. Steam brings many goodies, such as a new X-COM game from Firaxis (!) and the indie "spaceship simulation roguelike-like" FTL and I keep buying the Humble Bundles (and you should too) and hardly playing any of them.</p>

Books: Reamde was excellent. It's an easy recommendation for anyone who has read Stephenson before and hearkens back to Cryptonomicon in many ways (all good) with a more mature and skilled writer (and only one time setting, with some mild flashbacks). It's quite the thriller and as might be expected quite educational about all sorts of things. Also read recently of his are Some Remarks, a collection of letters and essays (not quite a pre-death Grumbles but very interesting) and some bits from the Foreworld.

Stephenson and several notable co-conspirators have channeled their interest in historical science fiction and martial arts into a ambitious project. It's one I knew of and did not subscribe to but I am enjoying the output. I'm reading volume two of The Mongoliad and quite enjoying it, though it seems a great deal slimmer than the first volume. Among other pleasant surprises is how compelling the character of the Khagan (Khan of Khans) has been.

I've also recently read, in novels, the latest Rachel Morgan book. It was fine overall, though I must say I am looking forward to the series winding up soon. The author is having trouble balancing 10 books worth of powerlevelling of the heroine (now actually a goddess of sorts) and her allies versus making a compelling antagonist and a readable plot.

Manga:ナナとカオル gets a new character in book 16 and that's really adding to the fun of what was already a great read and good kana practice (from the sound effects and signs).

Comics: I've been enjoying reading comics on my Kindle Fire from Amazon and Comixology both. In addition to more than $20 of tasty classic Witchblade collections (Origins V1-3), a Dr Who, Star Trek crossover (?!), I've dipped my toe into Batman books as well. The Arkham City collection of all the game tie-in comics was brilliant, not only setting up the characters and story, bridging the two games, but beautifully drawn. I got it from Amazon: Batman: Arkham City. Further if you have ever enjoyed a Batman comic then Hush is not to be missed.

Alas, all of the complaints about the Comixology Kindle Fire Comics app are true. Most damning is how few of the comics available online show up in the Kindle app for reading even after purchase.

Telly:Revolution continues to teeter on the edge between watchable schlock and terrible drama. Grimm is still good as the second season rolls along. The new American Holmes show Elementary is showing hopeful signs two episodes in, but they have a heavy burden with the Great Detective. I teared up a bit at the end of the Dr. Who season finale.

With October some of the best shows are coming back on the air both top-notch and delicious schlock alike ... and almost all on the BBC. The new American Horror Story show looks to be even better than the first show and the new Bedlam isn't too bad. One of my all-time favourite guilty pleasures shows Hex is being replayed Saturdays and there's more yet to come. The not-a-real-Tivo is getting a good workout.

I manage to watch a Rachel Maddow about twice a week but she watches all of them. She has a stronger stomach I guess. Please on't misunderstand I adore and strongly respect Ms Maddow as one of the few journalists standing, but I have to limit my exposure to political news. The last dosage had me ruminating about the constitutional definition of treason and foaming a bit.

Studies: I'm making minimal progress on my year-long NSM studies themselves because I'm studying packet analysis (and soon Snort) for my 503 class and preparing lessons, labs, and teaching another class (401) in weekly chunks. I'm elated to be teaching but I'm still struggling to juggle it all around work and home. Oh and I got my CISSP, finally.

Moved: Still unpacking in rare fits and spurts. We're starting into a new phase of arranging and putting away of things that will likely run the month but may result in some books finally getting shelved. I have discovered three items (so far) borrowed/misplaced by others and need to conspire to drawn their attention to this fact...

How about any of you lot? Any good reads of late?

Tags: , ,

Leave a comment
ETA: He responded, though I won't paste it in here without some less-simple edits, and it developed into a pretty interesting thread. It remains to be seen if we will be able to relate.

Hi [first],

Do you seriously not have anything better to do with your time than write formal ,stilted, and aggravating 500 word email about the trash cans?

I'll check on the trash when I get home and let the cat sitter know as well.

If email was warranted on this, a simple "Hey, did you forget to pull your trashcan back this week?" would have sufficed. Since I did forget, I appreciate the reminder, if not the format or tone.

Since we're discussing such matters please be more careful sticking your business cards on windshields. They stick to windshields when damped by dew or rain. If you really must I am sure you can get a pad of thin paper designed for just that.

Your notion of welcome is sorely lacking, but thanks for the intent.

[first name]

On 09/19/2012 10:51 AM, [some guy] wrote:
> Dear Neighbor:
> You or your renter have violated the trash standards. Cans must be brought in as of Monday evening and can be put out as early as Thursday morning. Trash day here as you recall is Friday.
> Any other schedule you or they have in mind is a security risk to the rest of us.
> If you or your renter didn’t orient the can the right way (hinge facing back), the trash robot arm can’t pick it up, and will therefore be skipped; one can of three problems were this issue this week. This is just an attention to detail item. If you are in units 4166 or 4168, your cans were loaded with loose trash (not completely bagged), another violation. Many times Advanced Disposal will take them, but it is still an HOA violation. Dirty cans attract insects, rodents, and other animals that can introduce health risks.
> The trash hauler comes twice on Friday, once early (7:00a on average) for the recycling, and anywhere from 1030a to 2pm for the regular trash. If you put it out after these times it will not be collected, and leaving the can out for a week is NOT an option. The next issue of the HOA newsletter will reiterate some of these rules. As a member, you’re responsible to know and adhere to the rules and make sure your renters if you have any adhere to them, too. They’ve signed something in the lease that says they will. If they haven’t, then you’re liable for not doing so, and that’s potentially a HUGE fine.
> We can only enforce the rules with YOU the owner, and it’s up to you to maintain a solid relationship with your tenants if you have them.
> If you are out during the trash period (out of town on business, etc), you can coordinate with your neighbor (left, right, across) to take out your cans (empty or not) and bring them in for you. Then you reciprocate. It builds relationships in the neighborhood, and is free. I do this regularly for my neighbors, even when they’re here.
> I urge you to follow the trash rules, otherwise an escalating fine will be assessed to your unit’s HOA account as a sanction against further violations.
> Please contact me if you have questions, this will be your only warning before direct action is taken.
> [fist last]
> President, [street] HOA
> [phone]
> PS: Welcome to the neighborhood! Since you’re new, you probably don’t have a grasp of things just yet. I can send you a complete list of the “rules” if you’d like, and the newsletter will detail them, it comes out every quarter or so. [initials]

Current Mood: aggravated aggravated

3 comments or Leave a comment
All decks report smooth sailing so far. This ship is really fast. The Ubuntu 12 seems fine and I'm starting to get used to Unity, such that I haven't replaced it. There's a bit of a rant about how much nicer this all is that recent Apple kit that I can't argue with much over on O'Reilly Radar. Once you get used to Unity1 (or replace it with something that suits you, the OS is just out of the way and you can hack, write, read (Kindle Cloud works well on here, finished Reamde that way last night) or whatever you want.

Engineering is still working on some little glitches. Wifi is too slow to reconnect after boot and lots of us are still having a little trouble with the touchpad capturing touches and shifting focus around. All tracked on Launchpad for the interested.

Beyond the slick hardware and the Ubuntu drivers (both quite nice) the project is working on chef recipes for common development and testing environments to make it easy to get into and out of them and set up "microclouds" on the ultrabook. I'm poking at this and I'll let you know how it goes.

valentina here has so far been quite nice for my Chrome, Thunderbird, and Virtual Box needs as I study how to read packets in this year's SANS course.

ETA: Seems I need to learn some Chef first. I'll start here once I get done with my packet mangling for the day.

1: Unity has keyboard shortcuts and they are shockingly good overall. Although there are pages online that explain the Unity keyboard shortcuts and i started there I found by accident that these are in Unity: hold down Super to see the help screen!

Current Location: home office
Current Music: Ministry of Sound

Leave a comment
I've volunteered for #ProjectSputnik, an effort to make a developer-friendly build available on a Dell laptop. The Project has done quite well from surveys and inital software forays and a product will be released later this year, we are told, on the lovely new Dell XPS 13 Ultrabook.

So given the opportunity to help out I bought one, am running their current Ubuntu Precise build on it, and so far it's pretty slick. They have made great strides on getting the drivers working and it's quite a nice piece of hardware as well.

Here are my intial notes, taken on Evernote on another box while I fussed with boot media:

Hmmm ... my USB stick was no good, had to make another one.

Installing from the Sputnik image stick seems smooth and quick.
I decided to put Ubuntu on sda3 (the large NTFS Windows was on) and leave the rest be for now, no swap.
No support for some special keys in installer (live) image but that's not a big deal.

brightness work up and down
battery button brings up power status app, rather than overlays
nothing for kb lights, video. didn't try wifi or audio during install

Reboot. login .. really fast reboot and login, nice!

audio on login and volume controls work well
wifi button works, dropped me right offline ;)
play controls don't work in VLC
let's see if I can post all this from tina...

Box design is cool!

Lid is hinged, nice presentation!

Windows sticker came off easily enough but this may have to fixed in manufacturing:

Windows logo etching

Tags: , ,
Current Location: home office
Current Music: conference bridge

Leave a comment
Serious work going on here: http://etherpad.openstack.org/defconbadge
Win/Lin/Mac software/driver for badge board: http://www.parallaxsemiconductor.com/software#Downloads

115200 bps:
 unicode binary?

19200 bps:
unicode binary

57600 bps
D E F C O N 2 0 1 2

Human............ Yes
Artist.......... No
Press.......... No
Speaker....... No
Vendor....... No
Contest..... No
Goon....... No
Uber...... No

Status........... Wallflower

Happy 20th Defcon


Current Location: defcon

Leave a comment
 Hi everyone,
I have always been a tinker or tester (as my parents would no doubt agree) and favour a scientific outlook (experiments, hypothesis, proof) on most things. It may be only little surprising then that I have always been interested in and now work in information security. Which could be characterized as showing people how to break their most precious things ... to make them stronger.
I have been advancing the idea in various venues that the skills and knowledge of a good tester are key to effectiveness as a security professional (or a good hacker) and that's part of why I've been involved with BBST almost from the beginning and I'm back taking Foundations again. I'm an advocate of BBST for testers and for security people of all sorts ... if not everyone in any technical field ... and I hope to be an instructor in the future.
I can barely keep up with my own rotating hobbies though they seems to oscillate around hacking, languages, and video games. Non-fiction reading these days is either on network intrusion detection or technical review of other courses still... which is not to say there isn't a pile, or that I haven't bought new books this week. 
The last fiction I finished that didn't have pictures was the Hunger Games trilogy and in graphic novels I'm working my way through Fables and The Walking Dead. I don't get much time to play Star Wars online with all of this homework and the demands of woman and cat.
I take lousy photos with my mobile phone, often of my cooking experiments. You'll find some of those online, as well as various rambles, including my experiences in other BBST courses, starting from my site http://f.adric.net/index.cgi/home , which is run out of a DVCS because I am just that much of a nerd :D
Hajimemashite! Nice to meet y'all!

Tags: , ,
Current Music: Adele - being sad about something

Leave a comment
An email to my alleged representative, Congressman John Lewis, (D)
What were you thinking in not speaking out against this bill which many are concerned is designed to specifically outlaw lawful and important protests in cities and near conventions? How did this sail through without notice and make its way to the president for signature?
Your historic work in the civil rights movement would not have been possible under laws such as this. Protestors are already subject to arrest by local authorities at their whim and are already being jailed for their decisions to speak up and protest. These arrests are slowly working they way through the courts for recent protests and many are being overturned. 
Why would we need or want a Federal law and prison terms for peaceful protestors, any where, ever?
I am deeply disappointed in you and you honored peers and I'd not thought that possible after some of the unconstitutional authoritarian garbage you have recently passed without reading. This is a new low.


Leave a comment