Archive for the ‘Geek’ Category

Late night thoughts.

Wednesday, August 16th, 2017

I was talking with a friend a couple of weeks ago, and she said something that triggered a mental connection. And then some other stuff happened that triggered some more connections. This is another one of these posts where I was thinking out loud when I wrote this, please forgive me if it goes astray.

I didn’t live back in the old days – 30s – 60s – but my impression (based on what I’ve read) is that, as a child, you were valued somewhat based on physical skills. That is, you were expected to be able to run, hit, and catch reasonably well. (Ruark talks about this a little in The Old Man and the Boy.) If you couldn’t, you were looked down upon by your peers. If you were actually physically incapable (lost a leg or an arm) you may have been looked upon with some pity rather than condescension, but there was still a feeling that the non-physically skilled were somehow inferior. It seems like that lasted well into the 1970s and possibly even into the late 80s.

(Question: what were the expectations for girls? I don’t have a good answer, not ever having been a girl.)

At some point, this changed. Physical skill, while still valued, began to be supplanted by other skills, specifically video games. If you couldn’t run, hit, or field well, being good at rescuing the princess from another castle or whatever the frack Sonic did could still gain you some level of respect. I don’t know exactly when this change started: I feel like it was after I went off to college, but before things changed again.

I still see parents getting their kids into sports, but soccer seems to be the thing now. And that seems to me to be less about the sport – there’s not that much talent required, just run and kick ball – and more about tiring the little s–ts out for a while so Mommy and Daddy can get stuff done. (There are other exceptions, such as Little League and youth football, but I have the impression that those sports are driven by parental nostalgia. “I loved Little League when I was a kid! Surely my kid will love it, too!”)

The third change was the growth of the Internet. Once that became commonplace and everywhere, it didn’t matter if you could run, hit, field, or what you were good at. If you had some kind of specific area of interest – something you were good at, something you were obsessed with – the Internet enabled you to find people just like you. Nobody knew you were a dog, or an awkward teenage boy. We accept you, one of us, one of us.

I used to think that was a good thing. I still do: I think it’s great that those awkward teenagers can find people who are just like them. I think the Internet has done a wonderful job helping people who are shut-in or disabled or just socially awkward interact with others. I think it’s incredibly empowering, and a good antidote to bullying and ostracism.

But recent events have me wondering: have we also built a bunch of individual echo chambers? Now that everyone can find people just like them, have we devalued social interaction and the ability to get along with other, different people? Are we raising generations of otaku?

I don’t want to seem like a cranky old man longing for a return to the good old days. There were bullies and thugs and cheaters and generally not nice people back then, there are now, and there always will be. “There were no formerly heroic times, and there was no formerly pure generation.”

But could this be part of the reason why we have LARP Nazis?

Obit watch: August 14, 2017.

Monday, August 14th, 2017

Dr. Cathleen Morawetz passed away a week ago Tuesday. She wasn’t someone I had ever met or heard of before the Times published her obit, but she sounds like an incredibly neat person that I wish I had known.

Much of Dr. Morawetz’s research centered on equations that describe the motion of fluids and waves — in water, sound, light and vibrating solids. One of her first notable papers helped explain the flow of air around airplanes flying close to the speed of sound.

Wings can be designed so that transonic airflow remains smooth at certain speeds without generating shock waves. But Dr. Morawetz’s work demonstrated that such shock-free wings do not work in the real world. The slightest perturbation — an imperfection in the shape, a tilt in the angle of the wing, a gust of wind — disrupts the smooth flow.

I wonder if there’s a relationship between this and chaos theory, but this is way outside anything I’ve ever studied.

In later work Dr. Morawetz studied the scattering of waves off objects. She invented a method to prove what is known as the Morawetz inequality, which describes the maximum amount of wave energy near an object at a given time. It proves that wave energy scatters rather than lingering near the object indefinitely.

She was 94.

In addition to her husband, Dr. Morawetz is survived by three daughters, Pegeen Rubinstein, Lida Jeck and Nancy Morawetz; a son, John; a sister, Isabel Seddon; six grandchildren; three great-grandchildren; and four step-grandchildren.

Obit watch: August 8, 2017.

Tuesday, August 8th, 2017

For the historical record: NYT obit for Mark White.

Ernst Zündel, scummy Nazi Holocaust denier and the center of two criminal trials in Canada.

Richard Dudman passed away at the age of 99, surprisingly. I say “surprisingly” because, as a journalist for the St. Louis Post-Dispatch he led an interesting and dangerous life:

Mr. Dudman’s career in journalism lasted more than three quarters of a century. He was in Dallas when President John F. Kennedy was assassinated and, after oversleeping and missing a flight back to Washington, dropped by the police station where Lee Harvey Oswald was being held and watched as he was gunned down by Jack Ruby.

He covered other wars all over the world, including Vietman. He was responsible for the P-D publishing part of the Pentagon Papers. In 1970, he and two other journalists were taken hostage by the Vietcong and spent 40 days as prisoners before being released.

In 1978, he and two other journalists got an “interview” with Pol Pot (though the “interview” was more like Pol Pot haranguing them through translators for several hours). Then someone tried to kill the three journalists.

He had a motto: “Reporter who sits on hot story gets ass burned.”

David E. H. Jones passed away a few weeks ago. That name may ring a small bell for some of you: he was a chemist and professor, as well as a professional writer.

Dr. Jones, who died at 79 on July 19 in Newcastle upon Tyne in northeastern England, wrote hundreds of irreverent columns about Daedalus for two sacrosanct journals: New Scientist, in a column named for Ariadne, the mistress of the labyrinth, and Nature, in a column called Daedalus.

Back in the old days, I used to spend time in the university library reading New Scientist, and Dr. Jones’s column was always the first thing I flipped to.

DEFCON 25/Black Hat updates: July 28, 2017.

Friday, July 28th, 2017

Round 2:

  • The white paper for “Free-Fall: Hacking Tesla from Wireless to CAN Bus” (Ling Liu, Sen Nie, Yuefeng Du) is here. Slides here.
  • Slides for “Exploiting Network Printers” (Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk) are here.
  • Found slides for “Breaking Electronic Door Locks Like You’re on CSI: Cyber” here. (I called this one wrong: no Bluetooth. Not a complaint, just an observation.)
  • This is one that I saw, overlooked, and now am intrigued by: “All Your SMS & Contacts Belong to ADUPS & Others“. “Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers in China – without disclosure or the users’ consent.” Slides. White paper.
  • Slides for Vlad Gostomelsky’s “Hunting GPS Jammers”. I think this is one that really needs video, too.
  • “Intercepting iCloud Keychain” (Alex Radocea) slides.
  • And “The Future of ApplePwn – How to Save Your Money” (Timur Yunusov) slides.
  • And (hattip to Mr. Yunusov) “Jailbreaking Apple Watch” (Max Bazaliy). I haven’t compared these slides to the onea on the presentations server, just FYI.

Okay, lunch time is almost over, and I feel like I’ve done enough damage to the security community today. I’ll try to have more updates later today or tonight.

DEFCON 25/Black Hat updates: July 27, 2017.

Thursday, July 27th, 2017

Round 1:

Edited to add more:

  • Karla Burnett’s “Ichthyology: Phishing as a Science” is actually relevant to my professional life. White paper.
  • Slides and the white paper for “Hacking Hardware with a $10 SD Card Reader” (Amir Etemadieh, CJ Heres, and Khoa Hoang) are here.

DEFCON 25: 0 day notes.

Tuesday, July 25th, 2017

I’m not going again this year. Maybe next year, if things hold together. But if I were going, what on the schedule excites me? What would I go to if I were there?

Thursday: neither of the 10:00 panels really grab me. At 11:00, maybe “From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices” but I’m at best 50/50 on that. At 12:00, I feel like I have to hit the “Jailbreaking Apple Watch” talk. “Amateur Digital Archeology” at 13:00 sounds mildly interesting.

Not really exited by anything at 14:00. At 15:00, I suspect I would end up at “Real-time RFID Cloning in the Field” and “Exploiting 0ld Mag-stripe information with New technology“. And 16:00 is probably when I’d check out the dealer’s room again, or start getting ready for an earlyish dinner.

Friday: 10:00 is sort of a toss-up. THE Garry Kasparov is giving a talk on
The Brain’s Last Stand” and as you know, Bob, chess is one of my interests. On the other hand, there’s also two Mac specific talks, and Kasparov’s talk is probably going to be packed: I suspect I’d hit “macOS/iOS Kernel Debugging and Heap Feng Shui” followed by “Hacking travel routers like it’s 1999” (because I’m all about router hacking, babe). Nothing grabs me at 11:00, but I do want to see “Open Source Safe Cracking Robots – Combinations Under 1 Hour!” at 12:00:

By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, ‘set testing’ is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe.

13:00: “Controlling IoT devices with crafted radio signals“, and “Using GPS Spoofing to control time” at 14:00. (I do want to give a shout-out to the Elie Bursztein talk, “How we created the first SHA-1 collision and what it means for hash security“, though.)

Do I want to go to “Phone system testing and other fun tricks” at 15:00? Or do I want to take a break before “Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods“:

As we introduce each new attack, we will draw parallels to similar wired network exploits, and highlight attack primitives that are unique to RF. To illustrate these concepts, we will show each attack in practice with a series of live demos built on software-defined and hardware radios.

And then at 17:00, “Cisco Catalyst Exploitation” is relevant to my interests. However, I don’t want to dismiss “The Internet Already Knows I’m Pregnant“:

…EFF and Journalist Kashmir Hill have taken a look at some of the privacy and security properties of over a dozen different fertility and pregnancy tracking apps. Through our research we have uncovered several privacy issues in many of the applications as well as some notable security flaws as well as a couple of interesting security features.

Saturday: Nothing at 10:00. At 10:30, maybe “Breaking Wind: Adventures in Hacking Wind Farm Control Networks” because why not?

I have to give another shout-out to “If You Give a Mouse a Microchip… It will execute a payload and cheat at your high-stakes video game tournament” but I’m personally more interested in “Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices” at 11:00. (“All Your Things Are Belong To Us” sounds pretty cool, too, but I’d probably wait for the notes/repos/etc. to be released rather than attending in person.)

Oddly, there’s really nothing that grabs me between 12:00 and 15:00. At 15:00, “Tracking Spies in the Skies” mildly intrigues me (mostly for the ADS-B aspect), while at 16:00 I’m really excited by “CableTap: Wirelessly Tapping Your Home Network” (more home router hacking! Hurrah!)

At 17:00:

In this talk, we explore the security of one of the only smart guns available for sale in the world. Three vulnerabilities will be demonstrated. First, we will show how to make the weapon fire even when separated from its owner by a considerable distance. Second, we will show how to prevent the weapon from firing even when authorized by its owner. Third, we will show how to fire the weapon even when not authorized by its owner, with no prior contact with the specific weapon, and with no modifications to the weapon.

You have my attention.

(Related article from Wired. Presenter’s Twitter feed.)

Sunday: “I Know What You Are by the Smell of Your Wifi“, followed a little later by “Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years“.

Weirdly, after that, there’s nothing that interests me until the closing ceremonies at 16:00. (Though I might go to “Man in the NFC” if I was there.)

This seems like a very low-key year, and I’m not sure why. I don’t see any Bluetooth related stuff, and very little lock related. Perhaps I should be glad I’m skipping this year.

Anyway, you guys know the drill: if you see a talk you’re interested in, leave a comment and I’ll try to run it down. If you’re a presenter who wants to promote your talk, leave a comment and I’ll try to give you some love.


Tuesday, July 4th, 2017

Blood for the blood god! Skulls for the skull throne! Milk for the Khorne flakes!

And this one’s for Andrew:

Two thousand years ago, Roman builders constructed vast sea walls and harbor piers. The concrete they used outlasted the empire — and still holds lessons for modern engineers, scientists say.

I miss Hognose.

Thursday, June 29th, 2017

VA’s foray into Internet of Things faced ‘catastrophic failure’

Bookity bookity bookity bookmark!

Tuesday, June 6th, 2017

By way of @newsycombinator:

A whole big bunch of free NASA e-books in various formats, including Kindle and PDF.

A few titles that pique my interest:

  • Unlimited Horizons: Design and Development of the U-2
  • X-15: Extending the Frontiers of Flight
  • Breaking the Mishap Chain: Human Factors Lessons Learned from Aerospace Accidents and Incidents in Research, Flight Test, and Development

I’ll admit some of these are a little geeky even by my standards. It takes either a professional or a special kind of person to want to read a history of pressure suit design, or one of the Langley wind tunnel. But guess what: I am that person, and I bet some of my readers are, too.

Besides, who doesn’t love the X-15 and the U-2?

(No, really, who doesn’t? Raise your hands. No, I’m not noting your IP address…)

Recommended reading: May 7, 2017.

Sunday, May 7th, 2017

I’ve stumbled across two articles in the past couple of days that I commend to your attention. At least, if you’re as fascinated with this kind of thing as I am.

1) If you own a Patek Philippe Caliber 89 watch (I know many of my readers do: if you happen to be one of the unfortunate ones who does not, Sotheby’s is auctioning one soon), you’re going to have to get it serviced.

Why? The Caliber 89 has a unique feature (or, as high-end watch folks call it, “complication”): it will tell you what day Easter falls on each year.

It turns out that computing the date Easter falls on is simultaneously two things:

a) Relatively hard to do.

Easter is one of the “moveable feasts” of the Christian calendar; it falls on a different date every year. The reason is this: the basic rule for Easter is that it falls on the first Sunday after the first full moon of Spring (that is, the first full moon after the Spring Equinox) and because both astronomical events are variable, the Easter date changes every year. (As with any calendrical irregularity, there have been various proposals over the centuries to just pick a single date, but so far nothing has stuck). For this reason, Easter can fall anywhere between March 22 and April 25.

b) Relatively easy to do for a digital computer. I think you could probably fit a program to do this in 4K of BASIC, or even run it on a good programmable calculator.

But the Caliber 89 is a totally mechanical watch. How does it calculate the date of Easter? There’s the problem:

A method for calculating the Easter date is called a computus; is it possible to make a true mechanical computus, rather than relying on a program disk? The answer is, “sort of.” The first true mechanical computus appears to have been made not long after Gauss came up with his algorithm, and it currently resides in a place more horological enthusiasts should know about: the great astronomical clock in the cathedral at Strasbourg, in Alsace, France. There have actually been three successive astronomical clocks there since about 1354, but the most recent was completed in 1843. Designed by Jean-Baptiste Schwilgué, it has a true mechanical computus – probably the first ever constructed. It’s not the only mechanical computus, but I haven’t been able to find anything in English on other computus devices (although a reprint of a review of a book on the Strasbourg computus mentions at least two other “similar” mechanisms).

Even if you are not a high-end watch person, there’s still a lot in this article that I think is interesting: mostly the discussion of how Easter calculations work, and of the Strasbourg clock (which I’d really like to see one of these days).

(Hattip: The YCombinator Twitter.)

2) I’m a fan of Stephen Hunter’s work, and one who wishes he had time to write more non-fiction. I enjoy his novels, but I also think he’s an outstanding non-fiction essayist and writer. (Mr. Hunter, if you’re out there: I’d buy a hardback collection of your shorter works.)

The most recent American Rifleman has a Hunter article that pushes several of my buttons at once: “A Battle At Barrington: The Men & The Guns”.

You may have heard of the “Battle of Barrington”, though not under that name. It is also covered in Bryan Burrough’s Public Enemies, a book both Hunter and I like a lot. This was the famous shootout between agents of what became the FBI and Lester Gillis, aka “Baby Face” Nelson. Gillis, his wife, and his partner John Chase were being pursued by (and shooting it out with) FBI agents when their vehicle was disabled: they were cornered by agents Samuel Cowley and Herman Hollis. In the ensuing shootout, Gillis killed Cowley and Hollis, and fled in their car: however, Gillis himself was mortally wounded by the agent’s gunfire and bled to death. (Chase and Mrs. Gillis were captured later: Chase spent 33 years in prison, and Mrs. Gillis served one year.)

The nice thing about Hunter’s article is that he addresses the firearms and tactics used by both sides. This sort of analysis is not a strong point of Burrough’s book: Hunter and his researcher actually went back to the old FBI files and turned up some new information.

The FBI’s records are full of fascinating facts about the event. For one thing: these guys weren’t just loaded for bear, they were loaded for bears, a lot of them. Found in the abandoned Model A: three bulletproof vests, five empty magazines for .38 Super automatics; two filled machine gun magazines (presumably Thompson 20 rounders); 200 rounds of loose .45 ammunition, three empty .351 magazines, three boxes of .30-’06 Sprg. soft-nose ammunition; one box of Springfield boattailed ammunition, five boxes, .45 Colt automatic ammunition, two boxes of Springfield bronze-pointed ammunition. One tan briefcase containing one loaded 100-round drum for the Thompson submachine gun; 10 boxes .22 Long Rifle; one Colt Ace .22 Long Rifle pistol and magazine. The last is a revelation: Chase had bought the M1911 variant with a lightweight .22 slide and barrel. Perhaps he and Les used it for low-cost practice on their various travels.

And, as you know, Bob, I love me some Thompsons. My one complaint about Hunter’s article, though, is that he consistently places the Miami Dade FBI shootout in 1987: it actually took place April 11, 1986.

This quote is for Karl (wink wink nudge nudge):

[Hollis] should have used his Super .38, firing prone, two handed, as that round’s velocity and straight-line trajectory could have gotten the job done, ending up center mass in Les. But he hadn’t been trained to two-handed prone shooting. In fact he hadn’t been trained to anything! The soon-to-be Bureau’s firearm training program didn’t begin until 1935!

Obit watch: March 7, 2017.

Tuesday, March 7th, 2017

Robert Osborne, the Turner Classic Movies guy. I wish I had more to say about him, but I rarely have cable and thus rarely watch TCM.

Dr. Thomas Starzl, noted surgeon. Among other accomplishments, he did the first liver transplants and pioneered the use of anti-rejection drugs.

Dr. Starzl later described those early liver transplants as both a “test of endurance” and “a curious exercise in brutality.” It involved, he explained, “brutality as you’re taking the liver out, then sophistication as you put it back in and hook up all of these little bile ducts and other structures.”

It’s Baltimore, gentlemen.

Friday, March 3rd, 2017

The gods will not pay your overtime when you’re sitting on the beach.

A federal judge ordered Thursday that six Baltimore police officers be held in jail pending their trial on racketeering charges, saying no conditions of release were sufficient to ensure public safety.

There are actually seven officers who have been indicted.

Federal prosecutors in the office of U.S. Attorney for Maryland Rod J. Rosenstein allege that the officers, all members of an elite unit tasked with getting guns off the streets [Emphasis added – DB], robbed Baltimore residents, fabricated court documents and filed fraudulent overtime claims. Gondo also is accused in a separate case of being involved in and assisting an illegal drug organization.

According to this report, “some” of the officers were members of “the elite Gun Trace Task Force”.

As first reported by the Baltimore Sun, several of the officers were also highly praised in the October 2016 Baltimore Police newsletter in an article written by Lt. Chris O’Ree, a member of the ATF taskforce.
“I am extremely proud to showcase the work of Sergeant Wayne Jenkins and the Gun Trace Task Force,” O’Ree wrote. “Sergeant Jenkins and his team have 110 arrests for handgun violations and seized 132 illegal handguns.” He added, “I couldn’t be more proud of the strong work of this team.”

How elite were they?

In one case, four of the officers are alleged to have stolen $200,000 from a safe and bags and a watch valued at $4,000. In July 2016, three officers conspired to impersonate a federal officer in order to steal $20,000 in cash.

Also, I’m sorry, but if you are a police officer, your nickname should not be “GMoney”.