Archive for the ‘Geek’ Category

« Older Entries

Do Androids dream of electric apps?

Thursday, September 9th, 2010

As noted previously, I finally resolved the phone issue. (And AT&T can still die in a fire.)

The number one question I’ve been getting (replacing “Where did you get that shirt?” at the top of the charts) is: “How do you like your new phone?”

Answer: I like it just fine, but…below are some preliminary thoughts on Android (at least, as implemented on the EVO 4G; I do realize that some of these may be issues with the built-in apps, rather than the Android OS itself):

  • It is disappointing to me that the alarm built into the EVO’s clock app can’t be set to play arbitrary sound files as alarms. (I fall into Ihnatko’s 2% who haven’t seen the movie yet, but I love the story behind “Non, Je Ne Regrette Rien“.)
  • Ditto that I can’t set an arbitrary sound file for text message notifications.
  • It is also disappointing to me that there’s no basic Notepad type app provided with the EVO. I’m sure there’s probably 300+ on the Android marketplace, but I needed to make a shopping list this morning and didn’t have time to sort through all of them. Any tips?
  • Integration between the built-in music player and the built-in navigation app is also a disappointment; the navigation app will pause the player to make route announcements, but you have to manually start the player up again, rather than it automatically resuming play.
  • On the plus side, the sound is great; I can listen to podcasts in the car without having to hook into my (currently non-functional) stereo system.
  • The on-screen keyboard is vastly better than using the keypad (even with T9) was on the T616, and somewhat better than the on-screen keyboard on the N800. However, I still have a lot of trouble hitting the correct key with my large-ish fingers.
  • One of the drawbacks of purchasing an Android phone is synchronization with the MacBook. If I had purchased an iPhone, everything would be simple (or at least, simpler). But, no, I had to be different and resist peer pressure… At some point, I suspect I will end up ordering this. (Right now – and I do realize this is a phone controlled setting – the MacBook sees the phone as a USB disk drive with photos on it, and automatically opens iPhoto. I can browse the Android file system and copy files to or from it without problems.)
  • Speaking of iPhoto, I’ve done almost nothing with the built-in camera yet.  I need to work on that.
  • The EVO’s calendar app has a noticeable lag; it takes a couple of seconds to switch to the current date when I bring it up.
  • If there’s a way to sync the EVO’s calendar app with Google Calender, I haven’t found it, and there doesn’t seem to be a separate Google Calender app (like there is for Maps, Voice, Earth, etc.). Do I need to grab some other calender app off the Android Market?
  • The EVO also seems to lag behind in changing screen orientation when I rotate the phone.
  • I managed to get the Android SDK and the ADT plugin installed without problems on the MacBook, but the ADT plugin won’t install into Eclipse on Project e. It looks like there are some dependencies that Eclipse can’t resolve, but I can’t figure out what those are. I may have to blow away and reinstall Eclipse (which isn’t a major issue; I don’t have a bunch invested in Eclipse on Project e).
  • I either need to dig out my old Java textbook, or see if I can find an updated edition cheap online.
  • Speaking of textbooks, and having nothing to do with Android in particular, I just paid $180+ for a damn textbook. This makes me mildly cranky.
  • My old T616 in the case fit neatly into the magazine phone pocket of my 5.11 tactical pants. The EVO? Doesn’t fit. Dear 5.11 folks: maybe we could think about redesigning that pocket to fit smartphones? (I wear 5.11 tactical pants (or, as some people call them, “Kaiser blade Internet pants“), not because I’m a mall ninja, but because they are the most comfortable and toughest pants I’ve found. Plus they make it really easy to carry all my stuff.)
  • Battery life is…well, middling. I haven’t really tried optimizing power consumption, though, except for turning off WiFi and Bluetooth. (Hurrah for the EVO’s control panel that allows easy access to those settings.)
  • There’s a few applications I’m looking for and would welcome advice on finding in the Android market. The first one is a good WiFi scanning utility; ideally, it would have the ability to log access points with GPS coordinates, note if the points are A, B, G, or N, note if they’re open or closed (and if they’re WEP, WPA, WPA2, etc.), and write all this data to a XML or KML file. It looks like there are several apps in the market that meet these criteria, but I’m not sure which ones are good.
    The second app I’m looking for is a good vehicle management application. At a minimum, I’d like to be able to enter an odometer reading and number of gallons, and get a miles-per-gallon figure for that tank, as well as an average MPG for all tanks to date. It’d be spiffy if I could also enter a price per gallon, as well as other expenses (insurance, repairs, maintenance) and get a cost-per-mile figure as well.
  • I love the GPS Status app.
  • I’ve played a little with the Amazon Kindle app; so far, I’m more impressed with it than I am with the refurbished Kindle I purchased earlier this year.
  • The EVO’s screen is impressive. Much better than the N800’s. I haven’t done a side-by-side with an iPhone 4 yet, but I’m willing to bet it gives the iPhone a run for its money.
  • The EVO’s video player can decode H.264 video! (I haven’t done anything with the camcorder app, so I don’t know what format it encodes video in.)
  • Waiting for a sale on those 32GB microSD cards…
  • Edited to add: There’s also no general file browser app on the EVO.

Again, I generally like the phone; most of these are just minor quibbles that I can probably solve one way or another.

Posted in Android, Books, Geek, Kindleing, Movies, Nokia, Pants, Photography, School, asus_eee, linux, netbook, project_e | No Comments »

Promoted from the comments.

Saturday, September 4th, 2010

Hello, I am a Customer Care rep for AT&T and I would like to say that I really do understand how this was aggravating for you from the very beginning, and I apoligize that you had so much difficulty upgrading your equipment. Honestly, you should have went to an AT&T Company Owned Retail store from the beginning. Best buy is a “National Retailer” and they do not have as much training or access to your account as the internal sales channels do. It is possible the the Best Buy reps either 1. Did not know what to do. Or, 2. did not even have access to the information they needed to figure out what was wrong.

This issue that you experienced was due to network and billing system conversion that has been going on for years. In the billing system, it requires all “Blue” customers to convert to the “Orange” network before they can do an equipment upgrade. We call this the “Migration Process.” AT&T has put blocks in the billing system that requires customers to eventually Migrate to the Orange network. This entails getting a new SIM card, a compatible phone and often changing rate plans also, since the “blue” rate plans are normally very old and are sales expired.

This is a very rare issue that impacts customer’s that have been with us for many many years and still have fairly old equipment. It is not a common issue, which may be why you had so much difficulty, and once again I apologize, on a lighter note I hope your enjoying your new phone!

As always, thank you for choosing AT&T, we really appreciate your business and have a pleasant day… :)

Dear anonymous AT&T rep:

Yes, as  a matter of fact, I am enjoying my new phone very much.

By the way, that phone is a HTC EVO 4G, on the Sprint network. I’ve terminated my service with AT&T after six years.

Have a nice day.

Posted in Android, Geek | 5 Comments »

Speaking of Armadillocon…

Tuesday, August 31st, 2010

Here’s a little linky love for Lawrence’s series of photos from the convention:

Part 1.

Part 2.

Posted in Geek, SF | No Comments »

50 words for General Tso’s Chicken.

Tuesday, August 31st, 2010

Patrick over at Popehat links to a NYT article I noted late last week, but didn’t have time to read until yesterday.

Guy Deutscher’s article is basically (as I see it) a call for reconsideration of the Sapir-Whorf hypothesis, that our language determines how we think. I encountered Sapir-Whorf for the first time many, many years ago, in the pages of the late lamented Dr. Dobb’s Journal, and it blew me away at the time. I figured, “Well, if language influences how we think, then I need to learn FORTH. And C. And LISP. And…” Later on, of course, I read the various arguments against Sapir-Whorf, and don’t completely buy into the strong version of it any more, but I still retain some affection for Sapir-Whorf.

The Deutscher article is an excerpt from his (forthcoming? It looks like it comes out today) book Through the Language Glass: Why the World Looks Different in Other Languages, which I’ve already added to my Amazon wish list.

In other notes, sorry about the blogging slowdown; I spent the weekend at ArmadilloCon, and am now somewhat tanned, rested, and relaxed. I spent some time yesterday bumming around various Half-Price Books in a futile search for A Short History of the French Revolution, but I did run across a handful of other interesting books:

Posted in Books, Clippings, Food, Geek, Linguistics | No Comments »

Random hysterical notes.

Monday, August 16th, 2010

Interestingly, today is both:

The second link is by way of FARK. I was not aware until fairly recently that Kittinger not only held the record for highest parachute jump, he was also shot down over Vietnam and spent 11 months as a prisoner of war.

Ordinarily, I would suggest that someone needs to write a biography of Colonel Kittinger (he was a captain at the time of the jump, but retired from the Air Force as a colonel). But wait! Somebody has! (I have that book, but have not had a chance to read it yet. Craig Ryan’s The Pre-Astronauts: Manned Ballooning on the Threshold of Space is a pretty spiffy book, though, so I expect his work on Kittinger’s autobiography to be just as good.)

Posted in Books, Geek, Planes | No Comments »

DEFCON 18 notes: Day 3.

Wednesday, August 4th, 2010

“The Search for Perfect Handcuffs… and the Perfect Handcuff Key“: It seems that Sunday morning at DEFCON has become the default time for the lock picking and other physical security panels. Sometimes this bugs me a little; I can only sit through so many panels on compromising high security locks with common household objects before my eyes glaze over and I leave for the dealers room. It isn’t that these panels aren’t interesting, but three in a row…

Anyway, I say all that to say that this presentation from TOOOL was one of the better Sunday morning lock bypass presentations I’ve seen at DEFCON. Deviant Ollam and his crew gave a comprehensive overview of handcuffs, how they work, and how they can be defeated. Some key points:

  • A group of Dutch hackers managed to defeat the high security Dutch handcuffs by taking a photo of the key (hanging off someone’s belt) and using a 3D printer to duplicate it. The key can be found here.
  • You can shim many handcuffs with paper, believe it or not. Paper money (especially European paper money, which in many cases is more like plastic or Tyvek than paper) works especially well for this, as currency is generally designed to be tear resistant.
  • Handcuffs are generally a pretty simple mechanism. If they aren’t double-locked, it’s really easy to “shim” them (force a flat piece of metal, or something like that, down between the pivoting ratchet arm and the cuff itself), or pick the lock with something like a paper clip. (You know what really works well for a cuff pick? The sort of U-shaped metal arm that comes on those steel binder clips you can buy at Office Depot.)
  • If the cuffs are double-locked, it makes shimming and picking attacks harder. One way to defeat double-locking is the “whack attack”; slam the cuffs against a hard surface, and inertia will pop the double-lock locking bar back into the unlocked position.
  • It doesn’t take a lot of strength to break handcuffs. Breaking them is just a matter of binding the chains up. Once you’ve done that, it’s just leverage and simple physics to break the chain.
  • You can also rough up the chain with a small easily concealed diamond saw blade to make it easier to break. The folks at SEREPick sell such a thing; you can hide it in the seams of your clothes, in a belt, in the top of a shoe…
  • There’s a lot of design variation in handcuffs, which can cause problems, especially if you’re trying to find a universal handcuff key. Keyway sizes, size and number of pawls…lots of things can cause problems.
  • The TOOOL folks have collected a bunch of cuffs, so they got as many as possible together, took very precise measurements of the keys, and came up with a single “universal” handcuff key that opened all the cuffs they were able to try. No, they don’t sell it, but diagrams and measurements for the key were part of the presentation. The easiest thing to do, according to the presenters, is to start with a Smith and Wesson handcuff key, as that’s closest to the final dimensions of the universal key. After that, all you need is some minor cutting and filing which can be done with a Dremel tool.

(I suspect there are some people who are going to ask “Why would you want to break out of handcuffs? And don’t you feel bad about sharing this information with criminals?” In the first place, the criminals have already learned all these tricks at one of our many institutes of higher education. In the second place, the bad guys are starting to use things like handcuffs and zip ties to restrain their victims; you might as well learn how to defend yourself.)

“Electronic Weaponry or How to Rule the World While Shopping at Radio Shack“: I’ll cut some slack for this guy being a first time presenter, but this was a “Meh” panel for me. It was heavy on the theory of things like RF jamming and EMP attacks, but short on practice. Most of the theory I already knew, so there wasn’t a whole lot there for me. At the end, he did demonstrate a “sound cannon”, which was interesting. It did not, however, even approach the “annoying” level for me, much less the “weapon” one, though the presenter was running it without amplification.

“Breaking Bluetooth By Being Bored”: Dunning (who also built Vera-NG, a Bluetooth and WiFi sniping rifle) presented a series of tools for banging on Bluetooth. These tools included:

  • SpoofTooph, a utility for cloning and spoofing Bluetooth devices. SpoofTooph can also be run in a logging mode, where it will collect data on devices it encounters.
  • The Bluetooth Profiling Project, which uses programs like SpoofTooph to collect Bluetooth device profiles for analysis. (For example, which device addresses correspond to which manufacturer?)
  • vCardBlaster, a utility for running a denial of service attack against a Bluetooth device by flooding it with vCards.
  • Blueper, which sends a stream of files over Bluetooth. You can send files to multiple devices in range, or target a single device and flood it with files. This is interesting because many devices cache received files before asking the user to accept them; if you push a continuous stream of files to one of those devices, you can fill up internal storage and possibly crash the device.
  • pwntooth, a suite of automated Bluetooth testing tools.

As a side note, after some banging around (mostly to resolve dependencies) I managed to compile and install SpoofTooph on Project e. So far, I’ve only tested it in my lab environment, but it seems to work as designed. This is one of the reasons I love going to DEFCON, as there’s nothing like that moment when you say “Holy f—ing s–t, that f—ing f—er actually f—ing works! S–t!”

There was no final attendance figure announced at the closing ceremonies. According to Joe Grand’s badge documentation, there were 7,000 electronic badges made, and those went fast. I would not be shocked if there were 15,000 people at DEFCON this year, and from what I saw in the closing ceremonies, a lot of those folks were attending for the first time.

The big piece of news from the closing ceremonies is that, after four years at the Riveria, DEFCON is moving to the Rio next year. My hope is that the move will make it easier to get into the more popular panels (DEFCON apparently will be using the Penn & Teller Theater at the Rio), and provide more room to move around. (And maybe even more room for vendors.)

Coming up later on: the final after action report and thank-yous.

Posted in DEFCON 18, Geek, Locks, asus_eee, linux, project_e | No Comments »

DEFCON 18 notes: Day 2.

Sunday, August 1st, 2010

Saturday was kind of a rough day at DEFCON 18. But then, Saturday is always a rough day at DEFCON.

I don’t feel it’d be fair to review or summarize the “Extreme-range RFID Tracking” panel; I came in about 20 minutes late. (We lingered a bit over a very good breakfast at Blueberry Hill.) What I was able to gather is that Padget’s set a new record for long distance RFID reading, and that upping the radio power works for increasing RFID reading range up to a point. (Edited to add 8/10/2010: added link to Black Hat 2010 version of paper. Here’s a link to Paget’s blog entry about the session.)

I was not able to get into “Jackpotting Automated Teller Machines Redux” due to extreme overcrowding. (Edited to add 8/9/2010: The Black Hat website has what purports to be MP4 video of Jack’s version of the presentation at Black Hat 2010. I have not sat down and watched it yet.)

I did attend the “This is not the droid you’re looking for…” panel, mostly because I was camping out for the next talk. This panel turned out to be more interesting than I expected; the presenters demonstrated a proof-of-concept rootkit for Android phones that allows you to do all sorts of fun stuff; grab contact information, grab SMS messages, grab location information (all three of these are stored in SQLite databases on the Android), and even make phone calls from the phone. The presenters haven’t weaponized the attack yet, but claim it should be easy to do so.

Practical Cellphone Spying“: Another nifty panel. Padget discussed the concepts behind IMSI catching, and gave a live demo of cellphone interception on the AT&T network. The key takeaway here for me was that the same technology used by law enforcement to intercept calls is now coming down to the point where it will be wrapped in a turnkey package and sold to people with more questionable motivations. (Edited to add 8/10/2010: added link to Paget’s blog entry which includes slides.)

How to Hack Millions of Routers“: I went to this because Lawrence put in a special request. The short version is that a large number of commercially available routers (such as those used by Verizon FIOS) are vulnerable to a clever attack using DNS rebinding and load balancing. Heffner has also released a tool that automates this attack. (This is another Black Hat talk that got a lot of attention in the press; the link above includes a copy of Heffner’s white paper which details the attack vector.)

(Edited to add 8/9/2010: I’ve added a link to Heffner’s Black Hat version of this talk, which as far as I can tell, is pretty similar to the DEFCON 18 version.)

I didn’t attend either “Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device – URFUKED” or “Programmable HID USB Keystroke Dongle: Using the Teensy as a Pen Testing Device“. (Edited to add 8/10/2010: added a link to the Teensy project from the Irongeek website. The bottom of that page has a link to the DEFCON presentation. I’ve also added a link to HackerWarrior.com for the USB Keyboard Emulation Device; that directory appears to contain a copy of the presentation, plus code.)

Instead, I left a little early, had a very nice sake fueled dinner at Shabu-Shabu Paradise in Henderson (a restaurant I enthusiastically endorse), sidecars at the iBar in the Rio (sadly, we did not get to play with the Microsoft Surface), and Penn & Teller.

The three of us saw Penn and Teller back in 2006, and we wondered how much the show had changed since then. Mike the Musicologist estimated that about 50% of the show was new; I think the percentage is a little higher than that, but my memory may be faulty. I was not unhappy that they ended the show with the .357 magnums; the bullet-catching illusion fascinates me, and I’m still trying to figure out how Penn and Teller do it. (Jim Steinmeyer’s The Glorious Deception: The Double Life of William Robinson, aka Chung Ling Soo is a very good history of the bullet-catching illusion, and yet another book I strongly recommend to anyone with even a casual interest in the history of magic.)

The other thing we all noticed is that Penn and Teller’s show has become a bit more explicitly political; in addition to the .357 magnum closer, which has always included 2nd Amendment references (and big kudos to P&T for reciting the Four Rules), the show also included references to flag burning, the Chinese Bill of Rights (“What Chinese Bill of Rights?” Exactly.) and the stupidity of the TSA. Penn and Teller even sell the Security Edition of the Bill of Rights in their gift shop for a lousy $5. (Quote: “We want McCarran Airport to be flooded with these.”) Not that any of us were bothered by the politics; I think all three of us lay claim to at least some form of Libertarianism. And if you’re the kind of person who would take offense at Penn and Teller’s politics, I won’t tell you “don’t go”; I’ll tell you “go, and have your world view challenged”.

(I’d also like to give Penn and Teller kudos for keeping gift shop prices low. Both Andrew and I picked up DVDs of the Teller-directed “Macbeth” for only $10. Teller, if you’re reading this, thanks for signing my copy. And for everything else you do, too.)

Posted in Books, DEFCON 18, Endorsements, Food, Geek, Guns, Magic, Radio, Travel | 1 Comment »

Computers. You know, for kids.

Sunday, August 1st, 2010

We would also like to draw your attention to the Statesman’s profile of Ken Starks and the HeliOS project.

The HeliOS people take in donated computers, refurbish them, put LINUX on them, and then get them into the hands of poor kids whose families can’t afford to buy computers.

Frequently, these families also can’t afford Internet access, which is the next big problem that the HeliOS people are trying to solve; so far, they haven’t had much luck with that.

Posted in Clippings, Geek, linux | No Comments »

DEFCON 18 notes: Day 1.

Sunday, August 1st, 2010

I’m running a little behind, between running around with Andrew and Mike the Musicologist, and some technical issues (DEFCON 18 has a secure wireless network, but it hasn’t been stable), but I’ll post updates when I can. I’ll also add links to the presentations as they go live, or as I find them. If you have questions, I’m willing to try to answer them, but I’d suggest you email the presenter first. If you are a presenter who wants to respond to my comments, I welcome that.

“Build a Lie Detector/Beat a Lie Detector”: This was the first presentation I attended; it was a pretty awful one. The presenters started 15 minutes late and opened with a crappy rap performance (differing tastes in music, fine, but when you’re running 15 minutes behind schedule, the rap should be the first thing to go). Once they actually got going, they spent too much time on a general history of justice systems and of the polygraph. When they did finally get to the technical aspects of their presentation, it amounted to “Oh, yeah, we built this lie detector based on this paper these other guys posted” (with, to be fair, some minor modifications). I walked out of this presentation before the end, which is something I rarely do at DEFCON.

Build your own UAV 2.0 – Wireless Mayhem from the Heavens!“: On the other hand, Renderman and his partner did an excellent job with this one And not just because they played “Thunderstruck” before the presentation started (playing music is okay, even if I don’t like your choice of music (and I like “Thunderstruck”), as long as you start on time), or because they started on time, or because they actually had video of their UAV launching rockets. (Edited to add 8/10/2010: added link to DEFCON 18 slides and video on Gremlin’s website.)

Key takeaways for me from this one:

  • You have two choices for stabilization systems. Thermopile based systems work in the infrared range and are very cheap, but have problems in certain weather conditions. Inertial based systems are more expensive, but offer all-weather capability, and are rapidly coming down in price.
  • Arduino based control systems dominate at the moment, but there’s some interest in developing systems based on the Beagle Board.
  • There’s off the shelf Zigbee based hardware that can easily be used for telemetry, and offers a 10-12 mile range.
  • You can get cheap and decent video out of board cameras, but transmitting video is a harder problem; for good range, you need to work on frequencies that require an amateur license.
  • GPS systems with a 10 Hz refresh rate are down to $80 or so. Most of the GPS systems I’ve dealt with have a 1 Hz refresh rate, which isn’t good enough for UAV use; it was news to me that faster systems are that cheap now.
  • Foam airframes are cheap and easy to repair.
  • Practical UAV applications, other than launching rockets; warflying with kismet, communications relay (imagine a UAV that could hover on station and serve as a repeater in areas of poor radio coverage), search and rescue (imagine a UAV that could survey a wide area looking for signs of a lost hiker, or recon an area where a search and rescue beacon was picked up), and post-disaster recon. I hadn’t thought much about that last one, but now that Renderman’s brought it up, I find that exciting. The theory here is: you send your UAV into areas that your disaster relief staff haven’t physically visited, and it returns good quality imaging of exactly what the damage is and how accessible the area is (have the roads collapsed? Are they under water?). From that, you can develop priorities (damage in this area doesn’t look too bad, we can hold off for a day; these people look like they need immediate help) and plans to get needed resources into the area.

“Exploiting Digital Cameras”: Another solid presentation. Basically, Isacson and Ortega did some clever banging on the firmware of the Canon Powershot series of cameras, found that these cameras have an embedded interpreter, documented that interpreter, and developed some simple exploits using it. The exploits are somewhat limited; you can’t launch malware on an attached computer, for example, but you can do things like turn on the microphone, display arbitrary images on the camera, and modify EXIF data.

“DCFluX in: Moon-bouncer”: A decent presentation on the theory and practice of radio communication using moon-bouncing, satellites, and other methods. I’m going to gloss over the details of his talk and refer you to the presentation when it goes up, as there was a great deal of technical information in it related to historical and amateur radio usage; I’m not sure the majority of my readers are that interested in ham radio, and those who are would be better served getting their information from the source.

Black Ops Of Fundamental Defense: Web Edition“: So here’s a high-level summary of Kaminsky’s talk. Now that the DNS root certificates are digitally signed, we have the ability to use DNSSEC and the Domain Keys Infrastructure (DKI) to do all kinds of cool stuff, including end-to-end email authentication (so you can be sure that the email you got from Bank of America is actually from Bank of America, and not from some random Nigerian), and to do these things in a scalable way.

Kaminsky’s new company, Recursion Ventures, is building (and plans to release shortly) a set of tools that will allow for the easy deployment of DNSSEC. Kaminsky also gave a brief overview of how DNSSEC works, and touched on a few interesting points related to his research. (For example, not only is it possible to run DNS over HTTP, but Kamisky’s figures show performance over HTTP is actually better than normal DNS.)

(Edited to add 2: The link above goes to a page on Recursion Ventures web site where you can view the slides from Kamisky’s version of this talk at Black Hat 2010. I did not see the Black Hat version of this talk; I do not believe the DEFCON 18 version was significantly different. It may have been shorter, and there is some Black Hat specific material in those slides. Also, I’m aware the actual title (“Black Ops of Fundamental Defense: Introducing the Domain Key Infrastructure”) differs from the title in the DEFCON 18 schedule; I chose to stick with the DEFCON title to make cross-referencing easier.)

Edited to add: I’m sorry if anyone is disappointed, but I did not go to the “Weaponizing Lady GaGa, Psychosonic Attacks” panel.

Posted in DEFCON 18, Geek, Music, Photography, Planes, Radio | 3 Comments »

0 Day DEFCON 18 notes.

Thursday, July 29th, 2010

This year, I got in on Wednesday, which reduced the stress level considerably. Mike the Musicologist met me here; Andrew “Swordfish Trombone” Wimsatt is flying in tonight.

Mike and I had a pretty good (and cheap!) dinner Wednesday night at Four Kegs, which some of you may recognize from “Diners,  Drive-Ins, and Dives“.

DEFCON 18 panels that I may, or may not, attend, but will point out for Lawrence’s benefit:

Weaponizing Lady Gaga, Psychosonic Attacks

I’ve already missed the “Hardware Black Magic: Designing Printed Circuit Boards” and “Go Go Gadget Python: Introduction to Hardware Hacking” panels, but I figure most of the information from those is on the DEFCON 18 CD.

Panels I want to attend:

I’m torn between the annual “Making of the Badge” panel, and the “How To Get Your FBI File (and Other Information You Want From the Federal Government)” panel. If I do get moving that early, I suspect I’ll end up at the latter one.

Build a Lie Detector/Beat a Lie Detector“. My desire to attend this is mostly based on nostalgia. When I was a young boy, my dad gave me several of the Radio Shack 50-in-1/100-in-1/250-in-1 electronic kits for Christmas. One of the projects in those was always a lie detector, and I always built that project.

Build your own UAV 2.0 – Wireless Mayhem from the Heavens!” How could anyone not go to that panel?

Exploiting Digital Cameras“. Another panel that seems designed to push multiple buttons on my user interface at once.

DCFluX in: Moon-bouncer“. Looks like it could be a fun panel on alternative methods of communication in a critical situation, like moon-bounce (something I’ve heard of from the amateur radio community).

Black Ops Of Fundamental Defense: Web Edition“. Dan Kaminsky. Again, enough said.

Extreme Range RFID Tracking“. I haven’t gotten that deep into RFID hacking yet (though I might change that this year), but I’m interested in this long-range low-power radio device stuff. Also, this is one of two Padget talks I want to see.

Jackpotting Automated Teller Machines Redux” The Black Hat version of this talk is already getting a lot of attention.

I’m having trouble deciding between “This Needs to be Fixed, and Other Jokes in Commit Statements“, which sounds like it could be very funny, and “Insecurity Engineering of Physical Security Systems: Locks, Lies, and Videotape“; I have a lot of respect for Tobias’ work.

Practical Cellphone Spying” is the other Padget talk I want to see.

We Don’t Need No Stinkin’ Badges: Hacking Electronic Door Access Controllers“: besides the title reference, this might make good background for that novel. I’m also considering “Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios” as another possibility; I’d really like to see both.

Physical Security : You’re Doing It Wrong!” Well, if he’s going to talk about how to get vendors to take you to lunch, sure!

Physical Computing, Virtual Security: Adding the Arduino Microcontroller Development Environment to Your Security Toolbox“. I’ve been thinking about getting into microcontroller hacking, and this seems like it might be a good introduction to the Arduino (which is one of the environments I’ve considered).

Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device – URFUKED” and “Programmable HID USB Keystroke Dongle: Using the Teensy as a Pen Testing Device“: it sounds like there could be a lot of overlap between these two panels.

The Search for Perfect Handcuffs… and the Perfect Handcuff Key“. You never know when you might need to get out of a pair of handcuffs…

I haven’t decided between “Attack the Key, Own the Lock“, which sounds like it may be a rehash of some panels at previous DEFCONs, and “Constricting the Web: Offensive Python for Web Hackers“, which pushes the Python button.

Electronic Weaponry or How to Rule the World While Shopping at Radio Shack“. Not a lot of information on the DEFCON site; I’ll probably go and leave if I get bored.

Breaking Bluetooth By Being Bored“. I’m fascinated by Bluetooth attacks, so this is a must-see for me.

Panels I won’t be attending:

Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are“. The usual hippie horse-pucky.

Any suggestions from anyone else who may be attending? Or presenting? Or wanted to go, but couldn’t?

Posted in DEFCON 18, Food, Geek, Photography, Python, Radio | 1 Comment »

« Older Entries