Everything Passes

Some bring relief, others grief.

So, number one — my “job” at the four-letter. I went to Shmoocon after being told that things were okay through September. When I got back to work Tuesday, I was given my layoff notice. Winning!!1! Charlie Sheen-style! I’ve been digging hard looking for a new job all week, seemingly without success. Have I learned some lessons from my time there? Absolutely. Have I made some friends? Yes. Have I met several others I’ll never respect? That, too; I’ll try to avoid working with those folks ever again.

Number two, speaking of job-hunting, someone for whom I’d done a considerable amount of work without charge isn’t answering my E-mails these days. Noted with somewhat bittersweet interest. (I guess I pissed him off by pressing an issue a few months ago. I admit I was a bit jumpy, but there’s no words to express how much I didn’t like my situation at the four-letter company…. I’m not 25 anymore. I’m married. I have a chronic illness. The stakes are higher.)

Number three is on an unrelated topic. I’m very sad to see Shady Grove Marketplace closing up shop. It’s a tough time to be a resounding success in business for a variety of reasons, but I will miss Luke and Emily very much. I wish them the best of luck in their future endeavors.

Number four: I’ve talked a bit with Dana about writing. Why do I do it? What purpose does it serve? My anonymous writing outlet for nearly fifteen years is shutting down permanently any day now after several months of serious malfunction. I’m sad to see it go, but it did kick me into writing again*, and everything gets deleted, eventually. I’d fallen away from writing a bit after I met my wife. I got back into it, seriously, after I found out that I was sick. There’s something cathartic about writing for me. I haven’t quite figured out what it is So now, I’m going to have to use different tools, but I was dedicated to doing that before I knew I’d be forced to.

*I’d been a pretty ardent journal-writer in junior high and high school. That all changed after one of my English teachers offered keeping a journal as an extra credit assignment. Two entries per week through the grading period, and an extra letter grade. I wrote nearly every day, largely about girls, being forcibly removed from my friends (I’d moved from Germany to Pennsylvania, didn’t have any romantic prospects, was sick with some unknown affliction, and was too slight to play football anymore), etc.. I was the only one in the class who took her up on the offer, so she read what I’d written with great interest. I’ll just say that she was worried about me. Seeing as how this was only a few months removed from Kurt Cobain’s suicide, the education establishment was really worried about dour dudes in flannel. My Godfather sent me an envelope full of floppy disks with this new thing called Linux, we moved to Virginia, and things improved for awhile.

On Process

One of the things that’s kind of been driven home to me, even more forcefully this week, is that following process is important.

While I agree with Mark Herring’s new stance, (as opposed to Larry Craig’s wide one….) he is violating the Virginia constitution he swore to defend.

Yes, in Federal court, Virginia would lose, but it’s up to the General Assembly to do the cooking by the book, and ask the voters to fix the Virginia Constitution. There is no shortcut. The General Assembly also needs to fix its Crimes Against Nature statute, which it cannot enforce. That’d actually be easier than the same-sex marriage ban.

If Herring is going to refuse to do the job he was elected to do, impeachment and removal are the only options open to the General Assembly. (And I’ll spare the lecture on how Virginia’s government functions more like the UK parliament than the US Federal governmetn does….)

What’s lost in all this? As I’ve said many times, Congress could have spared everybody this debate, simply by amending the Civil Rights Acts to incude sexual orientation as a protected class under them. They chose not to in 2009. Why, Ms. Pelosi? Couldn’t be because you have bigots in your own caucus, now could it? Unpossible.

Similarly, some of the nonsense I’ve dealt with work-wise the past year has been because people willfully ignore published procedures. Don’t like them? Change them. Oh, but that’s difficult, too. Just “hand jivejam” it!

Elections do have consequences, sure. But laws, rules, and regulations simply don’t evaporate just because there’s new folks executing them.

But I’m “pushing back.” I need to learn to quit doing that.

Free Agent

I’ve gotten a couple of questions about it, so I’ll make the response concise — after Monday, I am unemployed. For the second January in a row, I’ve been laid off.

My resume.

Due to my health issues, I’d like to find something with significant telecommuting options. Relocation is not really an option until after my wife finishes her studies at Old Dominion.

And the end

I’m home. I wrote this on the train, but the Amtrak WiFi wasn’t working when I went to post. Later, I saw that someone had had pretty much the same take I had about the lack of IPv6….

Final Shmoosings.

The last presentation prior to the closing was a bit hard to take. They (and Squidly1) insist they’re the good guys, and network admins shouldn’t take steps to stop their active probes.

Maybe I’d feel differently if the probes were passive, but these aren’t. (Coming from Punk Spider.) To me, you’d be a fool to let them continue to scan your network with impunity.

Yes, the Koreans they’re scanning might well be idiots. It doesn’t make the intrusion okay!

It’s things like this that make me wish iptables or pf had a –reject-with-diaf-blast flag. For some, –with-tcp-reset isn’t sufficient.

Summing up:

1. They’re treading on thin ice with their active probes. If they were using passive sniffing, it’d be one thing, trying to scan the entre Internet is another matter, altogether.
2. But they’re not scanning the entire Internet! IPv4 is a deprecated legacy protocol. If they were doing any sort of v6 scanning, things might be slightly more intriguing. Over at Users and Icecube, we’ve been getting scanned normally a couple of times a week over v6. I’m pretty certain nothing’s come of it. Obviously Cawcks doesn’t give us a native allocation, so we’re using a tunnel broker, but it’d likely be the same with a native connection.

But even with the biggest AWS node the world’s ever imagined, they wouldn’t have the horsepoer to scan the entire Internet over v6. And more and more of the backbone traffic actually is going that way. Maybe you can stay ignorant of that fact, but it doesn’t take much research to verify.

Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by users.757.org (Postfix) with ESMTPS id 7C795A9B6
for ; Thu, 2 Jan 2014 03:48:56 -0500 (EST)
Received: by mail.netbsd.org (Postfix, from userid 605)
id 0E08A14A12D; Thu, 2 Jan 2014 08:48:50 +0000 (UTC)
Delivered-To: netbsd-users@NetBSD.org
Received: from localhost (localhost [])
by mail.netbsd.org (Postfix) with ESMTP id A6E4114A12A
for ; Thu, 2 Jan 2014 08:48:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([])
by localhost (mail.NetBSD.org []) (amavisd-new, port 10025)
with ESMTP id 9RaUQzm2pzs7 for ;
Thu, 2 Jan 2014 08:48:45 +0000 (UTC)
Received: from korriban.imil.net (korriban.imil.net [IPv6:2001:470:cbba::3])

So, that was Shmoocon. More than willing to discuss over a beer if someone is interested.

You don’t have a clue

Watched this. Take-aways:I’m going to blame the speaker for being a Failcons’ fan. No, I don’t know that for sure, but he is from Georgia.

  • Rules of Evidence aren’t just a judge’s whim.
  • “Putting the air inside ping-pong balls is kind of an old school black programs inside joke.
  • Not going to hate too much, because it’s unfair.

    1. Judges don’t just make snap decisions on evdience admissibility. These things are published. Since you don’t know that, it’d be smart for lawyers on both sides to try to exclude your evience just because you might testify.
    2. The presentation focuses on admissibility of physical disks, and the data stored on them. Hashing ca work at the file level, then the machinations of what’s going on underneath aren’t important anymore. My question was: why would you ever go lower than the lowest admissible layer?

    But I’m not going to hate too much. The last presentation is going on right now.

    Going for Broke

    Went and watched about forty minutes of this. After that long of the speakers not getting to the point about how they’re making attackers’ activities expensive, I gave up and left.

    Wow, that’s an awesome app signature tool you found in your Microsoft class! I’m sure its mere existence dissuades people from trying to write malicious things. I mean, it’s totes hard to get a copy of VS!

    Yes, you have to make it difficult for malicious stuff to run. I understand that. How are you costing the attackers anything? Their shit won’t run on your network; how are you costing them money, really? Quantify it.

    For things like malicious embedded attachments, bouncing group messages indiviually would quickly fill thier mail queues. Maybe an automated method to report them to ISC, get them added to blacklists galore?


    Two More

    I did get one response on Twitter about my keynote reax. I’ve written about Eddie the Ops Guy before, and don’t have much to say about him. Many of the “revelations” should be things people have long suspected.

    From my perspective, the question isn’t so much if or whether this sort of thing is done — it’s how much of it is admissible in court. Are people losing lives or property because of it? That’s a question the detractors seem to shy away from. To put it another way, I’ll be upset when Chris Dodd starts getting geoloc data, and the Air Force starts targeting Kim Dotcom.

    Schneier’s talk also focused on more encapsulation of data to prevent the government’s prying eyes. I think it’s something you can spend a bunch of time and money on without terribly concrete results.

    Would it be more effective to increase the data volume, making juicy things tougher to find? Go ahead and seed that UbuububububububnttuDebian Testing torrent. In 2GB chunks, it wouldn’t surprise me if it has the same effect as a 25M DB dump.

    Obviously, he’s got a lot of credibility in the Infosec world, so I won’t judge too harshly. I am slightly disappointed at the lack of political analysis, though. I can recall 2009, when the fresh-faced kids were all abuzz about how this new president was going to be fundamentally different. How quickly people forget.

    I also watched the talk on USB Mass Storage devices. Good talk, though I don’t have the time, money, or energy to do any of that stuff, myself, anymore. I never’d considered the information about the flash drives being downsized to meet the advertised capacities. Makes sense, but, just something I’d never thought of.

    I wonder if the same is true of SATA solid state drives; might could do some interesting things, then, if so….

    I sat in on the first part of DJB’s elliptical curves talk. Unfortunately, my body wasn’t cooperating with me, and it was reminding me of my futile attempts to help my wife with her calc homework earlier this week.

    The maths — they are not my strength.

    Hardware Crypto

    I went to see this after seeing this story a few weeks back.

    In my current gig (and I’m still more than open to something else *hint*), I’m planning to use these sorts of things for something.

    I guess what I was looking to see was whether it might still be possible to use these sorts of hardware crypto devices to augment software, even if they’re insecure. Yes, with my BSD mention, you might think that I’m a gray-bearded fat guy, but, I do remember the FDIV Bug. Even if you somehow still have one of those chips, there’s ways to work around the bug, but still use the co-processor, not turning your Pentium into a 586SX.

    I was hoping to see plans for something like that. On the lesser platforms that lack a buggy crypto device, you can still do everything in software.

    No dice; this was focused more on enterprise-grade crypto jank. Very few people ever find themselves using such hardware. Ever.

    But the presentation was still pretty good. I just think the target audience was rather limited.

    Shmoo Keynote Reax

    Disclaimer: I nodded off, and missed the first fifteen minutes of it.

    With that said, I have doubts about whether it could have been much better than what I actually did see. Maybe somebody will tell me what amazing things I could have seen there that I failed to see in the last 45.

    Major take-aways:

    • Most applications use insecure communications
    • Edward Snowden figured out that TOR isn’t sekur
    • TPM is infiltrated
    • A brower makes it harder to use a self-signed cert than it is for someone malicious to get a signed cert that the browser won’t complain about
    • Hardware manufacturers are lazy
    • Fuck you, right? Okay?

    Yes, the last one is snark pure and simple, but it is one of my pet peeves. No, actually it isn’t right, and what you said doesn’t get smart just because you asked me if it was right after you said it.

    My two major points:
    1. Not all communications need to be secure, even if many endpoint devices have the muscle to support that. There’s a reason SIP uses UDP. There’s also a reason your mother uses http:// when she watches that cute cat video for the eightieth time.
    2. It’s completely unrealistic to expect vendors to change to meet your amazing idea about the way things ought to be done.

    Early Shmoocon Thoughts

    I’m kind of hanging back in the room until the keynote, after watching the opening.

    A single thought comes to mind — maybe the thing was better last year just because the “break it” track was gone?

    One of the things that really bothered me a couple of years ago was the focus on destruction. To me, so much emphasis is placed on building these monolights that destruction becomes job number one

    Maybe in the past it was smart to worry about how to get rid of things, keep them from prying eyes. I really wonder now if that’s true.

    Thinking about my own gear I have with me. I get hacked, and…? Congratulations, you got some of my music library, and endless revisions of my resume.

    Getting the former might entice you to go see them play a show. Getting the latter might entice you to call me for an interview. And?

    The keynote appears to be about what steps you, as an individual, can take to prevent getting pwned. Guess what — you can’t completely avoid it, short of moving to a cabin somehwere in Montana. If the speaker focuses on what strategies are most effective, it’ll be a worthwhile talk.

    I’m not holding my breath, intentionally, at least. (My diaphragm does its own thing from time to time.) I’d like to see something where someone actually does the research to quantify the risks and effectiveness.

    So, your endpoint device is locked down tight? Give me a minute to find the fuck I’m not giving since nothing important is stored there these days.