That’s All, Folks

I watched the final bits of Shmoocon.

Lots of the typical stuff I’d expect.

There’s been lots of lessons that have been learned amongst the staff and participants.

You build on others’ previous successes, and end up creating something better.

The assembly of the community, however, is something you really can’t replicate.

I’ve had bits of seemingly-unusual connections. It probably started with my brother marrying one of the Hack-of-Halo staff’s sister. (I don’t know that he’s been around the past few years….he’s actually been b/uilding more humans…)

So, the charge from The Potters was to go find or build something else (using what you’ve learned at Shmoo…).

The personal connections, however, are something I didn’t really create many of.

Do people know me because of my attendance at Shmoocon? Um. Probably not very many.

I am very introverted. When I started attending, I was doing IT work amidst my regular overnight radio duties. There’s a lot of things you can do in the IT world in the middle of the night. When you’re the only person working, so long as the stations are on the air, you can do whatever you need to do.

As things have progressed, however, I’ve had moments where the NoVA groupthink really bothered me. That’s probably a lot of the reason I didn’t want to spend my very-limited funds on coming to DC to participate.

I did enjoy socializing more when I was younger, but that’s kind of worn off as I’ve gotten older.

This year, with my body really betraying me, I spent very little time down on in the rooms.

Could someone do something similar that’s all done with the advances that have come with advances in network technology? We’re doing seminars these hours, then drinking for a few hours afterwards.

At the same time, I wonder how many of the people who were so amped about Net Neutrality in, say, 2011, would have ever been okay with Ajit Pai at the FCC.

I am absolutely amazed at the speed increases. This was supposed to be impossible, so it was terribly important to constrain things into what seemed possible not very long ago.

If you’d asked me in 2014 if I’d ever see Gigabit speeds almost everywhere, I’d have said you were nuts.

I’ll look around, but I’d really like something virtual. I do like drinking my own liquor, showering in my own shower, and sleeping in my own bed.

I can get fascinating food. Maybe thee’s something that can be done to urge people to try things they never have before. Still channeling this.

The trip to DC tended to help me get out of my comfort zone, and try things I wouldn’t have.

So, will I miss Shmoocon? Yeah. But I think there’s ways to find replacement absent staying in a decaying hotel.

And if there’s interesting to watch/listen to, I can write about them.

CouchCon

Headed out early after another fitful night of sleep. I’m not going to disparage the hotel; it’s something else that got really f’d with the pandemic.

I know, I know. If I had my mask on, I wouldn’t notice the loud HVAC, or malfunctioning shower. That I expect those things is another example of my privilege. I would tell you to go check BlueSkeet for confirmation. No, I shouldn’t say that, but it’s really sad that a small fragment of smart people are retreating into their own little world. Was Reddit not enough?

So, onto the talk. I wanted to watch the one on hot dogs, but two of the three channels are cricktets. The one about MLOps is the only one with sound, so that it is. Some information about how AI models are thrown off by stuff from botnet upvotes. (And I’m thinking of the days way back when when some folks were showing off driftnet, which was a program that just displayed images from HTTP sessions. Someone, and I shan’t mention who, wrote a curl script so that it looked like people were looking at some really sick stuff. See the popular section here.)

And the video dropped on that one. Try Build It again. And there’s sound. discussion of embedded device something or the other. They destroyed a printer earlier.

Listening to the stuff about powering over USB-C, using Arduino is interesting. The collection of various RaspberryPIs kind of shows how short my attention level is lately.

I do think kids today are missing out on the elation that comes from making the magic smoke come out of hardware with software you wrote.

And that stream fell down. But now the others are back with audio. Juggle around until next ones start…

And I ended up watching the presentation by the guy from The EFF. I appreciate most of his bits about treaties, and authoritarian governments that are to those treaties.

Lots of back-and-forth with the language of the treaty that allows the signatories do actually do whatever they want despite being parties to the treaty.

Why worry about it at all, then?

That’s kind of what leads me to thinking that every law, every treaty, should have a mandatory end date. If everyone thinks that the principles are good, it shouldn’t be a big deal to pass something similar again.

Do the Russians, Norks, and Mullahs adhere to treaties ratified by previous governments?

I worry, too, about things that end up being backdoors through previously-ratified treaties. I admit that my thinking about that is heavily-influenced by what happened with the pandemic.

No. I won’t carry a vaxport. If you wanna throw me in prison because of that’s what it is. Do it. Do it publicly. Have no shame about it.

I will watch the rest, and give final thoughts as I consider things. I will miss ShmooCon, but some of the things I saw this weekend are reminiscent of some of the things I saw in about 2012/13.

I am happy that there seems to be some pushback against it, but I worry that the pushes after Trump’s election, and with the pandemic, people are getting pushed more into small walled gardens where they don’t see or hear things that they don’t like. I admit I’m kind of guilty in this sometimes, but I really would like to sample lots of different sources, and make up my own mind.

The things discussed places like The Fifth Column, Blocked and Reported, and The Free Press give me a lot of things to consider that are different than the near-uniformity in major corporate press.

*shrug*

So, off to listen to the last bits of this.

Chunking

No, I’m not feeling that lousy, but my legs really aren’t working well. Switching out heavier laptop bag for smaller Shmoo bag helped, but I was still pretty exhausted with just what I did tonight.

Trying to decide if I want to come back for the final bits of Shmoocon tomorrow.

*checks schedule*

Yeah, I’m gonna go home. There’s not anything I think I’d miss if I wasn’t here in person. Nobody needs to see the staggering guy in an NPC mask. Hardly anybody recognized me, anyway. I don’t think there’d be anything I can really get.

So, in-person chapter closed. I’m happy I’ve done this so many times. A little bit of regret that I lost the inspiration to give a talk, but I’ll probably just sneak off by myself again. I don’t know that I actually attended many of the early ones; I had to get back to Norfolk for my Sunday Night airshaft.

Alcohol was largely eschewed early on, too.

I don’t know that I’ve seen anything very exciting, however. As my health has failed, and my work has gotten farther and farther away from the nuts and bolt, I’ve lost familiarity with the awesome haxxor tools.

I actually was describing something to a INFORMATION SECURITY PROFESSIONAL about reading raw wire data on something that’s going to generate a bunch of network traffic.

Go watch the stuff in … and I stopped myself from saying Ethereal in favor of Wireshark. You’ve done that, right? Uh, yeah, but not in a long time.

Yeah, me either. But it shouldn’t be anything very foreign. You make a suggestion that you know is going to cause a ton of network traffic…turn on Wireshark and watch for a few minutes when you do it to see if things blow up.

Not rocket surgery.

*distacted for a bit with a problem*

Yeah, I’m going home in the morning.

I will miss Shmoocon. Maybe somebody could do something in, say, Ashland near Kings Dominion when the park is closed?

I think I’ve figured out what I need to do to pay Redacted‘s protection racket.

Whether that matters is another question altogether.

Will tune in some things at home tomorrow morning.

ShmooCon Day 2 Part 2

Bring-It-On. This. Analysis of logs to see what happens when security researchers hit known bad hosts.

They seem to be looking at clients accessing known C2 hosts, then looking to see if they can access those clients. I’m trying to be shocked that these, largely, are coming from places like Iran and China.

Curiosity made me look at IPv6 adoption in Iran. Hmm. Interesting. While I really do think that there should not be government efforts to block traffic, I wholeheartedly support individuals/companies blocking traffic to/from that part of the Intertubes.

Next up is this on deception operations. Interesting, but really not a lot that I have any insight into.

Was kind of in and out on this; mislaid something and was looking for it. Anyway, I understand what they were trying to do and assume abandoned domains. It’s good information to have, but I’m not exactly sure what he’s really trying to do. Okay, it’s abandoned. If you’re worried about things like a dominate, there’s always something you can do with a wildcard, then narrow down from the bucket once you see something you want.

Did see all of this one. I understand, and sympathize with, her motivations and concerns. Yes, you should be able to make it harder to get your personal information. Yes, it should be protected by whomever collects it.

If CFPB is the answer, you asked the wrong question. There are very few things government does well; protecting consumers isn’t one of them. Hell, if you look at what’s going on in LA this week, you could easily extend that to delivering water, and providing fire protection, How about that TSA?

This one is interesting when it comes to things like cheap network cameras. Ubiquity for the hardware is a problem with so many of them sending foreign places, but I think probably a lot of it can be solved by just paying attention to what you purchase. I’m just wondering if you don’t need to do better with blocking outbound traffic. They talk about measures put into the firmwares that are there to circumvent protections, but I have to admit my skepticism. If you have a halfway-decent Layer-3 device, you can shut down traffic. If it’s this type of traffic coming from this device, it’s blocked.

As someone who is plugging through all of the Beavis & Butthead , “Silent Push” sounds flatulent.

But this is about FUNNULL, something I’ve never heard about.

Interesting that this is all because of gambling run offshore. These work for money laundering.

People like to gamble. People like to drink, smoke, do other drugs. It’s almost as if these are innately human behaviors.

And the last one. I’m thinking it’s stuff where I’ve completely lost the bubble. Intersting things at the site.

It’s absolutely interesting, but I really don’t have the stuff, or th time.

ShmooCon Day 2 Morning Belay It

Really not feeling great this morning, but I was able to get back up to the room to watch.

First one was about tracking Kubernetes. I’ve not done anything, really, with Kubernetes, so this is kind new for me.

Lots of discussion about thing with /dev/bpf in Linux. I didn’t realize that it was still there?

Transitioned in to discussion of risk analysis and prioritization. Too much effort is being spent

This is very applicable to some of what I’m doing for work, but it’s something a lot of the sekurity mastars don’t understand. I’m thinking of one IAC I was working. Yes, it’s a Medium vulnerability. Yes, that finding negatively-affects the overall system score.

But I’m pretty sure the number of users with privileges to exploit it can be counted on one hand, and implementing the system change would take weeks, and, use all system resources during the implementation.

Next talk was about how exploitation works. Some interesting information about how to exploit things like Totes-Didn’t-Used-To-Do-Evil KDE Browser extensions.

“John The Ripper” can crack things like the Apple Passwords utility, which is actually pretty good unless you get the Apple account password.

PowerShell script available for testing Windows hosts for common accounts.

Recommendation of auditing accounts that might cause a problem if they’re compromised.

Went into this one with great skepticism.

There was a talk, and it probably would have been like 2018, that really focused on Russian influence in the 2016 election.

This isn’t taking that tack. The speaker didn’t do a good job disguising his political bias, unfortunately.

Nothing with the sort of things that I think might repair the Presidential system, at least.

  • Expand the House. Take a state’s population, divide by the smallest state’s population, and round UP to the next whole number. The 435 limit in the House isn’t set anywhere other than by legislation from the Wilson administration.
  • Do electoral vote allocation the way Maine and Nebraska does. Winner-take-all goes away, unless a candidate actually gets a majority of the vote in a state.
  • Repeal the Seventeenth Amendment

Bits on foreign interference. No evidence of it actually provided, just as it wasn’t with the 2016 election. When a Republican wins, it’s foreign interference. When a Democrat wins, you can’t even question it.

In the Presidential elections where I’ve been old enough to vote, I’ve mostly voted for the Libertarian candidate.

Not impressed with that one.

Time to rest a bit, see if my body will allow me to go back downstairs to watch more in person. Ugh.

Shmoo One

I really wasn’t feeling well after trying to breathe through a face diaper again. Oops.

I did have things on in the background. Right now, I’m listening to KRenner talk about finding gigs from an HR perspective.

It’s interesting, but I’m inclined to think that much of this is now OBE. Despite the robust economic latching on with a big company and advancing there is a thing of the past.

Really sour on most things HR after the past few weeks. I saw something on X about Lowe’s killing of its DEI programs. That was right on the heels of the news about FacH^H^HMeta doing the same.

A lot of that stuff is from HR staffs. Will they ever get the message? I

I’m not holding my breath.

There’s still a certitude about where the future is headed.

But they’re wrong. And it becomes quickly apparent that there’s just nothing there at all. Going on in may different places.

End Of The Moose

Settling in to my hotel room for the final Shmoocon. Early check-in? Sure, why not?

Perusing the schedule for what I might want to see.

Kinda tempted to bounce out early on Sunday. I can watch closing remarks from home. While I’d like to do some schmoozing after closing remarks, there’s a tiny dog who needs my attention at home.

Looks like mostly Belay It, with a smattering of Bring It On.

Shows just how little building I’m doing these days, I guess.

So, here we go.

Shivering Saturday

Preparing for first significant snow in the Beltway Swamp really since our first winter here.

Even if the electricity goes out, we should be okay. They keep lowering the snow totals in the forecast runs. I’m guessing four inches.

But it’s going to be cold. That’s not good for someone with balance issues; even less so for a tiny dog.

Catching up on email, paying the slightest amount of attention possible to football until the playoffs are well underway. The Lions-Vikings game tomorrow night should be good.

Monday is January 6th, where President Trump will be returned. Generally indifferent, though mildly interested to see what happens.

Did see this pop across my browser welcome screen this morning. If anything ever required a “yeas, and…” response, it’s this. I appreciate the author’s frame of reference from time in Bulgaria. What the Soviets did there was bad. So, yes, and…. did you miss what happened in Romania on Christmas Day in 1989?

Trump isn’t ideal, but is any of the stuff he might do as bad as what the Chinese have done in Hong Kong, or Tim Walz did in Minnesota?

The cops were shooting people with paintballs to keep people off their porches during a public health crisis.

Biden tried to make it so you couldn’t work or travel if you didn’t take a shot.

How about what the Marxist did/is doing in Brazil?

Bad things happened all over the world in 1989, but it’s better to only highlight the things that help make your point.

Thinking back to college and an early-Boomer professor who would liberally-quote Simon & Garfunkel–a man hears what he wants to hear, and disregards the rest.

Saying Trump is a Nazi didn’t work, so what do we do now?

Disjointed

I was distracted yesterday with the thoughts that wrought that memory.

Last two days of the year are workout days. My legs are sore.

Fantasy football resulted in two disasters yesterday. So, second place in my league, and seventh in the other Yahoo league.

Obviously, most of the pods are on holiday break, but there’s been a few things I’ve filled back in.

I need to get to the doc to get this weird finger thing I’ve got going on checked.

More later, maybe.

Weather Digging Up Memories

As I was procrastinating about going to work out today, I was looking for something to listen to on Apple Music.

The first summer after my dad died, my wife and I were holed up at my mom’s house riding out a hurricane. I noticed that it was my mom’s first anniversary day as a widow. Both of the dogs had died, so she was living in this huge house by herself.

Knowing how flaky the electricity could be at that house during storms, we were cooking up a lot of the things in the fridge that’d probably go bad if the power was out for a few days.

I hadn’t brought up the date, but I could tell that my mom was a bit down. Finally there was a moment where I noticed she was crying.

“It rained that day, too.”