CouchCon

Headed out early after another fitful night of sleep. I’m not going to disparage the hotel; it’s something else that got really f’d with the pandemic.

I know, I know. If I had my mask on, I wouldn’t notice the loud HVAC, or malfunctioning shower. That I expect those things is another example of my privilege. I would tell you to go check BlueSkeet for confirmation. No, I shouldn’t say that, but it’s really sad that a small fragment of smart people are retreating into their own little world. Was Reddit not enough?

So, onto the talk. I wanted to watch the one on hot dogs, but two of the three channels are cricktets. The one about MLOps is the only one with sound, so that it is. Some information about how AI models are thrown off by stuff from botnet upvotes. (And I’m thinking of the days way back when when some folks were showing off driftnet, which was a program that just displayed images from HTTP sessions. Someone, and I shan’t mention who, wrote a curl script so that it looked like people were looking at some really sick stuff. See the popular section here.)

And the video dropped on that one. Try Build It again. And there’s sound. discussion of embedded device something or the other. They destroyed a printer earlier.

Listening to the stuff about powering over USB-C, using Arduino is interesting. The collection of various RaspberryPIs kind of shows how short my attention level is lately.

I do think kids today are missing out on the elation that comes from making the magic smoke come out of hardware with software you wrote.

And that stream fell down. But now the others are back with audio. Juggle around until next ones start…


And I ended up watching the presentation by the guy from The EFF. I appreciate most of his bits about treaties, and authoritarian governments that are to those treaties.

Lots of back-and-forth with the language of the treaty that allows the signatories do actually do whatever they want despite being parties to the treaty.

Why worry about it at all, then?

That’s kind of what leads me to thinking that every law, every treaty, should have a mandatory end date. If everyone thinks that the principles are good, it shouldn’t be a big deal to pass something similar again.

Do the Russians, Norks, and Mullahs adhere to treaties ratified by previous governments?

I worry, too, about things that end up being backdoors through previously-ratified treaties. I admit that my thinking about that is heavily-influenced by what happened with the pandemic.

No. I won’t carry a vaxport. If you wanna throw me in prison because of that’s what it is. Do it. Do it publicly. Have no shame about it.


I will watch the rest, and give final thoughts as I consider things. I will miss ShmooCon, but some of the things I saw this weekend are reminiscent of some of the things I saw in about 2012/13.

I am happy that there seems to be some pushback against it, but I worry that the pushes after Trump’s election, and with the pandemic, people are getting pushed more into small walled gardens where they don’t see or hear things that they don’t like. I admit I’m kind of guilty in this sometimes, but I really would like to sample lots of different sources, and make up my own mind.

The things discussed places like The Fifth Column, Blocked and Reported, and The Free Press give me a lot of things to consider that are different than the near-uniformity in major corporate press.

*shrug*

So, off to listen to the last bits of this.

Chunking

No, I’m not feeling that lousy, but my legs really aren’t working well. Switching out heavier laptop bag for smaller Shmoo bag helped, but I was still pretty exhausted with just what I did tonight.

Trying to decide if I want to come back for the final bits of Shmoocon tomorrow.

*checks schedule*

Yeah, I’m gonna go home. There’s not anything I think I’d miss if I wasn’t here in person. Nobody needs to see the staggering guy in an NPC mask. Hardly anybody recognized me, anyway. I don’t think there’d be anything I can really get.

So, in-person chapter closed. I’m happy I’ve done this so many times. A little bit of regret that I lost the inspiration to give a talk, but I’ll probably just sneak off by myself again. I don’t know that I actually attended many of the early ones; I had to get back to Norfolk for my Sunday Night airshaft.

Alcohol was largely eschewed early on, too.

I don’t know that I’ve seen anything very exciting, however. As my health has failed, and my work has gotten farther and farther away from the nuts and bolt, I’ve lost familiarity with the awesome haxxor tools.

I actually was describing something to a INFORMATION SECURITY PROFESSIONAL about reading raw wire data on something that’s going to generate a bunch of network traffic.

Go watch the stuff in … and I stopped myself from saying Ethereal in favor of Wireshark. You’ve done that, right? Uh, yeah, but not in a long time.

Yeah, me either. But it shouldn’t be anything very foreign. You make a suggestion that you know is going to cause a ton of network traffic…turn on Wireshark and watch for a few minutes when you do it to see if things blow up.

Not rocket surgery.

*distacted for a bit with a problem*

Yeah, I’m going home in the morning.

I will miss Shmoocon. Maybe somebody could do something in, say, Ashland near Kings Dominion when the park is closed?

I think I’ve figured out what I need to do to pay Redacted‘s protection racket.

Whether that matters is another question altogether.

Will tune in some things at home tomorrow morning.

ShmooCon Day 2 Part 2

Bring-It-On. This. Analysis of logs to see what happens when security researchers hit known bad hosts.

They seem to be looking at clients accessing known C2 hosts, then looking to see if they can access those clients. I’m trying to be shocked that these, largely, are coming from places like Iran and China.

Curiosity made me look at IPv6 adoption in Iran. Hmm. Interesting. While I really do think that there should not be government efforts to block traffic, I wholeheartedly support individuals/companies blocking traffic to/from that part of the Intertubes.


Next up is this on deception operations. Interesting, but really not a lot that I have any insight into.


Was kind of in and out on this; mislaid something and was looking for it. Anyway, I understand what they were trying to do and assume abandoned domains. It’s good information to have, but I’m not exactly sure what he’s really trying to do. Okay, it’s abandoned. If you’re worried about things like a dominate, there’s always something you can do with a wildcard, then narrow down from the bucket once you see something you want.


Did see all of this one. I understand, and sympathize with, her motivations and concerns. Yes, you should be able to make it harder to get your personal information. Yes, it should be protected by whomever collects it.

If CFPB is the answer, you asked the wrong question. There are very few things government does well; protecting consumers isn’t one of them. Hell, if you look at what’s going on in LA this week, you could easily extend that to delivering water, and providing fire protection, How about that TSA?


This one is interesting when it comes to things like cheap network cameras. Ubiquity for the hardware is a problem with so many of them sending foreign places, but I think probably a lot of it can be solved by just paying attention to what you purchase. I’m just wondering if you don’t need to do better with blocking outbound traffic. They talk about measures put into the firmwares that are there to circumvent protections, but I have to admit my skepticism. If you have a halfway-decent Layer-3 device, you can shut down traffic. If it’s this type of traffic coming from this device, it’s blocked.


As someone who is plugging through all of the Beavis & Butthead , “Silent Push” sounds flatulent.

But this is about FUNNULL, something I’ve never heard about.

Interesting that this is all because of gambling run offshore. These work for money laundering.

People like to gamble. People like to drink, smoke, do other drugs. It’s almost as if these are innately human behaviors.


And the last one. I’m thinking it’s stuff where I’ve completely lost the bubble. Intersting things at the site.

It’s absolutely interesting, but I really don’t have the stuff, or th time.

ShmooCon Day 2 Morning Belay It

Really not feeling great this morning, but I was able to get back up to the room to watch.

First one was about tracking Kubernetes. I’ve not done anything, really, with Kubernetes, so this is kind new for me.

Lots of discussion about thing with /dev/bpf in Linux. I didn’t realize that it was still there?

Transitioned in to discussion of risk analysis and prioritization. Too much effort is being spent

This is very applicable to some of what I’m doing for work, but it’s something a lot of the sekurity mastars don’t understand. I’m thinking of one IAC I was working. Yes, it’s a Medium vulnerability. Yes, that finding negatively-affects the overall system score.

But I’m pretty sure the number of users with privileges to exploit it can be counted on one hand, and implementing the system change would take weeks, and, use all system resources during the implementation.


Next talk was about how exploitation works. Some interesting information about how to exploit things like Totes-Didn’t-Used-To-Do-Evil KDE Browser extensions.

“John The Ripper” can crack things like the Apple Passwords utility, which is actually pretty good unless you get the Apple account password.

PowerShell script available for testing Windows hosts for common accounts.

Recommendation of auditing accounts that might cause a problem if they’re compromised.


Went into this one with great skepticism.

There was a talk, and it probably would have been like 2018, that really focused on Russian influence in the 2016 election.

This isn’t taking that tack. The speaker didn’t do a good job disguising his political bias, unfortunately.

Nothing with the sort of things that I think might repair the Presidential system, at least.

  • Expand the House. Take a state’s population, divide by the smallest state’s population, and round UP to the next whole number. The 435 limit in the House isn’t set anywhere other than by legislation from the Wilson administration.
  • Do electoral vote allocation the way Maine and Nebraska does. Winner-take-all goes away, unless a candidate actually gets a majority of the vote in a state.
  • Repeal the Seventeenth Amendment

Bits on foreign interference. No evidence of it actually provided, just as it wasn’t with the 2016 election. When a Republican wins, it’s foreign interference. When a Democrat wins, you can’t even question it.

In the Presidential elections where I’ve been old enough to vote, I’ve mostly voted for the Libertarian candidate.

Not impressed with that one.


Time to rest a bit, see if my body will allow me to go back downstairs to watch more in person. Ugh.

Shmoo One

I really wasn’t feeling well after trying to breathe through a face diaper again. Oops.

I did have things on in the background. Right now, I’m listening to KRenner talk about finding gigs from an HR perspective.

It’s interesting, but I’m inclined to think that much of this is now OBE. Despite the robust economic latching on with a big company and advancing there is a thing of the past.

Really sour on most things HR after the past few weeks. I saw something on X about Lowe’s killing of its DEI programs. That was right on the heels of the news about FacH^H^HMeta doing the same.

A lot of that stuff is from HR staffs. Will they ever get the message? I

I’m not holding my breath.

There’s still a certitude about where the future is headed.

But they’re wrong. And it becomes quickly apparent that there’s just nothing there at all. Going on in may different places.

End Of The Moose

Settling in to my hotel room for the final Shmoocon. Early check-in? Sure, why not?

Perusing the schedule for what I might want to see.

Kinda tempted to bounce out early on Sunday. I can watch closing remarks from home. While I’d like to do some schmoozing after closing remarks, there’s a tiny dog who needs my attention at home.

Looks like mostly Belay It, with a smattering of Bring It On.

Shows just how little building I’m doing these days, I guess.

So, here we go.

Shivering Saturday

Preparing for first significant snow in the Beltway Swamp really since our first winter here.

Even if the electricity goes out, we should be okay. They keep lowering the snow totals in the forecast runs. I’m guessing four inches.

But it’s going to be cold. That’s not good for someone with balance issues; even less so for a tiny dog.

Catching up on email, paying the slightest amount of attention possible to football until the playoffs are well underway. The Lions-Vikings game tomorrow night should be good.

Monday is January 6th, where President Trump will be returned. Generally indifferent, though mildly interested to see what happens.

Did see this pop across my browser welcome screen this morning. If anything ever required a “yeas, and…” response, it’s this. I appreciate the author’s frame of reference from time in Bulgaria. What the Soviets did there was bad. So, yes, and…. did you miss what happened in Romania on Christmas Day in 1989?

Trump isn’t ideal, but is any of the stuff he might do as bad as what the Chinese have done in Hong Kong, or Tim Walz did in Minnesota?

The cops were shooting people with paintballs to keep people off their porches during a public health crisis.

Biden tried to make it so you couldn’t work or travel if you didn’t take a shot.

How about what the Marxist did/is doing in Brazil?

Bad things happened all over the world in 1989, but it’s better to only highlight the things that help make your point.

Thinking back to college and an early-Boomer professor who would liberally-quote Simon & Garfunkel–a man hears what he wants to hear, and disregards the rest.

Saying Trump is a Nazi didn’t work, so what do we do now?

Disjointed

I was distracted yesterday with the thoughts that wrought that memory.

Last two days of the year are workout days. My legs are sore.

Fantasy football resulted in two disasters yesterday. So, second place in my league, and seventh in the other Yahoo league.

Obviously, most of the pods are on holiday break, but there’s been a few things I’ve filled back in.

I need to get to the doc to get this weird finger thing I’ve got going on checked.

More later, maybe.

Weather Digging Up Memories

As I was procrastinating about going to work out today, I was looking for something to listen to on Apple Music.

The first summer after my dad died, my wife and I were holed up at my mom’s house riding out a hurricane. I noticed that it was my mom’s first anniversary day as a widow. Both of the dogs had died, so she was living in this huge house by herself.

Knowing how flaky the electricity could be at that house during storms, we were cooking up a lot of the things in the fridge that’d probably go bad if the power was out for a few days.

I hadn’t brought up the date, but I could tell that my mom was a bit down. Finally there was a moment where I noticed she was crying.

“It rained that day, too.”

Christmas Eve

I started typing this with a bit about the frozen things falling outside, with a bit of a lament that it’d be over soon, and that what I’m hearing is the only frozen precep in the forecast for the foreseeable future.

Coffee retrieved, and th sleet has stopped.

The stockings aren’t hung by the chimney with care. We don’t have a fireplace, and such barbarism won’t be allowed long here in the Beltway Swamp. The only acceptable burning odor allowed is the strangely-legalized weed.

Keep Virginia Blue. Just like Harry Byrd intended.

Could have been his dad, too, who was also loathsome.

So, what else is up?

Bad Saints’ loss last night. I missed most of it because I was fitting in the last bits of work.

At least they’re not the Giants.

And maybe I should get past the irrational annoyance I had about them with the weird defense and boring offense gone.

But it is difficult to do when it’s the Saints on the receiving end of a drubbing.

So. What else is going on? I looked to see if I had something I wrote probably around the time my dad died (late 2010). I changed my mind about capital punishment. This is a power the state should not have. Yes, I take into account the Church’s teachings on it, but, perhaps reflexively, I think it’s just a power the state shouldn’t have.

If someone is truly awful, he can stay incarcerated forever. I don’t care. See Sirhan Sirhan. You know, the guy that the Libertarian coming into Trump’s cabinet thinks didn’t kill his father.

Do I care that he’s never going to get out of prison? Nope. Not really.

But news yesterday had two stories that really had me being okay with them being killed.

The first was these two from Georgia. That one conflicts me even more, as they didn’t kill anyone, which is the standard for all executions.

The other was the case of what happened in the NYC Subway. I selected that story because it doesn’t have some of the photos that were on Twi^H^H^HX. Yeah, he can die. I understand I shouldn’t feel that way, but I do.

There was also some stuff last few days about North Korean soldiers being killed in Ukraine. Naturally, the NeoHippie Putin apologists question the numbers, and whether it even happened.

No, it did happen.

And they’re slaves fighting for Putin. They can’t flee without being shot.

Slaves.

Keep that in mine, Auburn.

But I think I’ve poured out enough for now. Time to go enjoy some Christmas cheer.