Archive for the ‘linux’ Category

On the road again…

Monday, June 2nd, 2014

Heading home. Travel day. In the meantime:

1. Go read this post by Tam. There are echos in it of something some less smart person wrote a couple of years ago.

2. I didn’t realize until the middle of last week that this year is the 50th anniversary of the .41 Magnum. (Ask me about my Model 57.)

3. I took a fair number of photos yesterday while running around with my aunt and uncle (who graciously drove the two hours each way from Cleveland to spend part of the day with me; thanks again, guys!). I’m waiting until I get back to do the post-processing and uploading, but I thought I’d throw one up here that I played with last night.

DSC_0005

I took this with the D40X and the 18-55 kit zoom. It was cropped and the exposure adjusted slightly using Shotwell on Project e. I’m actually pretty happy with the end product, though I may make a second pass over it once I’m in front of iPhoto.

Ubuntu blues.

Saturday, August 17th, 2013

Documenting this here for the record.

I think I have finally resolved the “the system is running in low graphics mode” error I’ve been getting on Project e (which, I will remind you, is an Asus 1005HA with an integrated Intel 950 graphics adapter) since upgrading to Ubuntu 13.04.

This particular document is comprehensive and ultimately useless. I tried every suggestion in it, with no success at all.

What finally seems to have resolved the problem was a suggestion in this thread. Specifically, brucey99’s suggestion to edit /etc/init/lightdm.conf and add

sleep 10

above

exec lightdm

seems to have done the trick. (I used “sleep 20″ instead of “sleep 10″. What’s the harm, 10 seconds more boot time? I can always change it later.)

It also seems like the

sudo service lightdm restart

command from a terminal window works to get things back to normal if the machine does start in low graphics mode.

And I’m not sure it made any difference, but just to document: I also created a xorg.conf file (from xorg.conf.failsafe) and edited the “Device” section:


Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "UXA"
EndSection

After restarting about a half-dozen times, it hasn’t come up in low graphics mode yet. I’ll see how it goes.

As David Brin once said, “Let the next guy know what killed you.” And thanks, brucey99.

Bookity bookity bookity.

Tuesday, August 6th, 2013

Two more things that I wanted to bookmark:

Peteris Krumins’ “A Unix Utility You Should Know About: Netcat“. Actually, I want to bookmark his entire site, as there’s a lot of good stuff there, including “Low Level Bit Hacks You Absolutely Must Know“.

Also: Michael Ossmann’s HackRF Kickstarter, which is fully funded and has 29 days to go. This is a project I’m really excited about and will probably end up backing. Short version: HackRF is a project to build a software defined radio that is about the size of a USB hard drive, runs off of USB bus power…and if you back the project (and if it ships, this being Kickstarter and all), the cost is around $300, which puts it into “Shut up and take my money” territory.

Teaser.

Monday, July 8th, 2013

I’m waiting until I get back to edit and post photos. (As a side note, geotagging photos is a PITA on Ubuntu, compared to Apple’s iPhoto.)

We (that is, my mother, aunt, uncle, and I) were trying to get a good view of the tall ships at the Port of Cleveland. Which we couldn’t do yesterday, because the good views required $10 a car for parking plus $14 a person. However, my mother and I went back downtown today and took some photos.

I’ve been thinking a lot about firefighters recently. There was the West incident, and then the Houston Fire Department lost four people fighting a fire in a crack motel. Then there was Arizona. And it isn’t clear to me if any firefighters were lost in Quebec.

We stumbled across this yesterday while we were out, and I wanted to go back and photograph it. I’m happy with the way this photo came out.

memorial

Cleveland Fallen Firefighters Memorial, Cleveland, Ohio.

Interesting thing about this memorial: it was designed by Luis Jiménez, who also started building the sculpture. Mr. Jiménez was a popular and well-regarded sculptor. While he was working on the Firefighters Memorial, he was also working on the “Blue Mustang” sculpture for the Denver International Airport. In the process of building that sculpture, part of it fell and fatally injured Mr. Jiménez, and the memorial was completed by other people.

Stuff and things.

Sunday, June 2nd, 2013

Last week was not a good week. This coming week is shaping up to be pretty hectic (though I am hoping not as personally unpleasant), so there may be a blogging slowdown.

I spent all day yesterday at the 2013 edition of the Texas LINUX Fest. I haven’t been since 2010, but that had less to do with my frustrations with the 2010 organization and more to do with personal issues. (In 2011, that just turned out to be a bad weekend, with having to get my car inspected and deal with other things. Last year, it was in San Antonio; while that may be a welcome change of pace, the schedule wasn’t compelling enough to make me drive 150 miles round trip.)

I thought about doing detailed summaries of each session I attended, but frankly I’m a little worn out and a little lazy. I’d rather mention a handful of panels I did like. (There were some others that I went to, but don’t feel I can fairly evaluate because they weren’t what I was expecting, or I was distracted by other issues (see below), or, in one case, I just think it’d be a jerk move to badmouth the presenter.)

I really enjoyed Theo Schlossnagle’s “Scaling: Lessons Learned and Their Applications to Apache Culture” keynote speech, which covered a lot of good points about complex systems. He sees commonalities between building scalable systems and building communities to support them. Many of the points he made may not be hot news flashes but are worth repeating. Among those:

  • People get so caught up in how awesome it it to build stuff that they forget what the real world looks like.
  • Code is just a tool. It isn’t a child or a family member. You don’t have loyalty to it.
  • Engineers have a tendency to focus on the technology they love instead of the actual problems they face.
  • At the core of things, your job is to tell the computer what to do.
  • Unbalanced hyperspecialization leads to poorly constructed solutions.
  • The biggest challenge is that increasing scale and increasing performance demands lead to increased complexity.
  • Technological complexity is an emergent property of complex and changing business problems. This complexity has to be understood and managed, which is difficult for specialists.
  • If you don’t provide value, your [stuff] doesn’t matter.
  • In order to survive, we need generalists. Schlossnagle didn’t quote Heinlein, but he might as well have.

David Stokes from Oracle did what I thought was an excellent talk on “The Proper Care and Feeding of a MySQL Database”. I’ve mentioned before that I’ve been dabbling in MySQL, so I got a lot out of this. Some of it may have been obvious (more RAM, more disks, good things. Use decent hardware, not something you scavenged from the admin assistant because it was too slow to run the latest Office), but the two things we learn from history are that too many people don’t learn from history, and that the obvious often isn’t.

Philip Ballew’s “Ubuntu; Where We Were, and Where We Are” presentation was…amusing, shall we say, mostly for the level of skepticism directed at Ballew from the audience, many of whom seem to be skeptical about recent Ubuntu decisions like the replacement of X. I’m becoming increasingly skeptical of Ubuntu myself; I just upgraded to 13.04, and now I’m running into the “The system is running in low-graphics mode” error, which I haven’t had time to fully debug. The worst part is that I’m getting this only intermittently; I think it may be a timing issue, possibly with some Virtual Box kernel extensions.

Owen Delong’s “IPv6 – It’s Easy on LINUX” presentation was also very good. I haven’t even started to configure my systems for IPv6 (and I’m not sure everything supports it: I’m sure about the Mac and Project e, but less sure about some older gear), so I found Delong’s talk useful. I was surprised, though, that there was even more hostility and skepticism from the crowd than there was at the Ubuntu panel. Why is IPv6 an issue in 2013? And many of the questions from the crowd seemed to boil down to “How do I emulate this particular thing I do in IPv4 using IPv6, even though the reason this is needed in IPv4 is because we have a limited number of IPv4 addresses available, where in IPv6 we could give every single atom in the universe a unique address and not run out?”

Okay, that was a long question, but you get the point.

Brad Richardson’s “GPU based password recovery on LINUX” lightning talk is worth checking out. He was able to do the talk in about five minutes, instead of the allotted ten, and the subject is interesting; using reasonably priced GPUs, you can rapidly break MD5 hashes, orders of magnitude faster than throwing a general purpose CPU at the problem. (Richardson’s slides give specific performance figures: try 16 hours 46 minutes to brute-force a “8 character password with lowercase, uppercase, and numbers”, versus an estimated 36 days for a CPU based attack.)

Anyway. Tomorrow is the start (for me) of Yet Another Perl Conference 2013. (I registered for the conference itself, but couldn’t afford any of the training going on over the weekend or after the conference. Plus the training conflicted with the LINUX Fest.) I expect to be pretty tied up Monday through Wednesday, though I will try to blog from YAPC as downtime and network connectivity permits. I may even try to blog YAPC 2013 itself, but I can’t promise that.

Edited to add: Why did I not have a “Perl” category on this blog, but did have a “Python” category, given that I use Perl more often than Python? Fixed.

Edited to add 2: Thinking some more about it, it made sense to have a “Programming Languages” category and make Perl, Python, and others sub-categories below that. I’m still thinking about whether it makes sense to put the languages category under “CompSci”, but that way lies TJIC madness.

Edited to add 3: I realized there were two other points I wanted to make.

  1. I was much more favorably impressed with the organization of TXLF this year than I was in 2010. Of course, they’ve had four of these, so you would expect them to have the bugs fixed. Still, I was impressed at how smoothly almost everything from registration onwards ran. The only problem I saw was an unexplained 20 minute delay in the start of the lightning talks, but I didn’t feel that was a major issue.
  2. The quantity of tchotchkes available at TXLF? Very high. The quality of tchotchkes available? Still evaluating that, but I’m decently impressed. Favorites: the microfiber cleaning cloths from OrangeFS, and the SavvisDirect USB/12V adapters. Special mention goes to Hostgator, who were giving away a much wider variety of tchotchkes than any other single vendor.

Ring ring ring, open phone.

Monday, April 29th, 2013

Great and good friend of sportsfirings.com and valued commenter lelnet left a long comment on last night’s cellphone post. Because his comment represents a lot of work and thought (and I believe in rewarding hard work) and because I’m afraid it will get lost in the shuffle, I’m promoting it to a blog post (with his permission).

You can already buy, off the shelf at Fry’s, a “phone” that does essentially what you’re talking about, using available wi-fi networks to connect with Skype and make calls through that, without any involvement of the cell providers. (Yes, I know…Skype is a proprietary protocol and would be unacceptable to Stallman. The firmware is also closed. But since it’s provably _possible_, one could do it with open standards if one saw a market.)

The problem is that it doesn’t scale well. Getting a reliable wi-fi signal is pretty easy…in the sorts of places one is likely to have access to a _wired_ phone whenever one wants one. Building a wi-fi network that covers the places one actually needs mobile connectivity from is a massively harder problem, due to the range limitations of unlicensed spectrum.

It _might_ be possible to do it using amateur frequencies, _if_ you could get regulatory approval to open those up to use by the general public. Which, of course, would involve fighting off both the whole telco industry and at least 80% of the amateur radio community. Considering that the latter group is where you’d be trying to recruit most of your network engineers from, it seems like it’d be a bad idea to begin your plan by irrevocably pissing them off, even if you magically assume that you’ll be able to out-muscle the telcos in Washington.

The last mile is a hard problem on several different dimensions, some of them physical and some of them political. But there is something you _could_ do…

Build an Android (or, if you like, Replicant) phone, pre-configured to send all its traffic through an encrypted VPN to an anonymizing end-point. Purchase connectivity for it on an existing cell carrier’s prepaid plan. Disable the cellular voice service, and have it send and receive calls exclusively through VoIP connectivity to an Asterisk or FreeSwitch server, either run by the same entity that does your anonymizer, or run yourself on a cheap colo server stuck in a rack in some country you doubt is ever going to care enough to spy on you.

Your cell provider can easily determine that Charles Udall Farley (or whatever name you gave them when you signed up…it’s prepaid, so it’s not like the name you give has to pass a credit check) pushes a lot of data around, but they’d have no way of inspecting the content. They’d have a record of Mr. Farley’s movements around their network, but no way to associate that with you, or even with the phone number you make and receive calls on. An Open Source OS on the phone addresses the “remote bugging” fears. It doesn’t depend on you personally running any software that RMS would find objectionable. And since you can make and receive calls from anywhere that you’re able to get a data signal off a cell tower, it’s still useful if your car breaks down by the side of the road, instead of just in your home and office, like a wi-fi-only device would be.

(I came up with this plan for a team of spies in a novel my wife is writing. But although to my knowledge no such phone exists today, there’s absolutely no barrier to someone building one tomorrow. And both the technologies and the services required to support the back-end of it are already available for purchase in the real world right now, at prices comparable to or better than what people who already had cell phones in the mid-90s were paying for service then.)

The only thing I’d add to this is that I, personally, have no interest in pissing off the amateur radio operators out there; both because it is not good strategy, as lelnet notes, and because I happen to be one myself. (KF5BFL, in case anyone was wondering, but don’t look for me; I don’t have any transmitting equipment at the moment.)

We’ve got computers, we’re tapping phone lines, I know that ain’t allowed…

Sunday, April 28th, 2013

Two things collided in my head last week. After I picked up the wreckage, I thought there might be a worthy blog post in the aftermath.

(Picking up the wreckage took a while, because the week was so busy. At least nobody took part of a locomotive through the eye. Anyway, I apologize if this is old news.)

Thing one: Andrew Huang’s post on the $12 Gongkai phone (by way of LWN). It doesn’t come as any great shock to me that cellphone hardware has become cheap: at last year’s DEFCON, the Ninja Networks party invitations were fully functional cellphones. (I do not know what the Ninja Networks cost per phone was: as I recall, the Ninjas stated they got substantial financial and technical support from Qualcomm. However, the fact that the phones were cheap enough to pass out as party invites is significant in and of itself, in my ever so humble opinion.)

Thing two: Dr. Richard Stallman and his position on cell phones. I don’t want to reopen the whole debate on whether Stallman is a hypocrite for not having a cell phone but being willing to use other people’s phones. Rather, I want to ask a not-so-simple simple question: is it possible to build a phone that overcomes Stallman’s objections?

…most of them are computers with nonfree software installed. Even if they don’t allow the user to replace the software, someone else can replace it remotely. Since the software can be changed, we cannot regard it as equivalent to a circuit. A machine that allows installation of software is a computer, and computers should run free software.

Well, it looks like we can put together a cellphone computer for about $12. Maybe less. I don’t see any reason to think that someone   (more likely, a small group of someones) could put together a reference hardware spec for an open cellphone, complete with schematics, PCB layouts, and a parts list. I know I don’t have the skills or equipment to do SMD soldering, and I wouldn’t ask, say, my mother to build a phone from a kit either. But it is just as easy for me to visualize a scenario where some organization (say, the FSF) contracts with a manufacturer to build phones from the reference design, with an organizational seal of approval. They could sell the phones outright, or offer them as a premium for donations: I think I’d give at least $50 to FSF for a phone like the one Huang describes. Add WiFi, GPS, a color screen and a camera and I’d go up to $100, possibly more depending on my mood, the phase of the moon, and other factors.

But we need an operating system for our cellphone computer, right? Right. Android is open source. Note well, however, that there is a difference between “free software” and “open source software”, and that these are not equivalent concepts. But it seems pretty easy to imagine (as long as were are imagining) a fork of Android that is truly “free” by the FSF definition. As a matter of fact, we don’t even have to imagine; while I was researching this post, I stumbled across Replicant, which is exactly that.

…tracking and surveillance devices. They all enable the phone system to record where the user goes, and many (perhaps all) can be remotely converted into listening devices.

I’ll deal with the second objection first. With a truly open source and free OS, I think you can pretty much eliminate the capacity for remote bugging. As to the first objection, I don’t see a way around that. It seems pretty clear that the phone system has to know where your phone is for you to make calls and get calls. But: if the system only stores that information for the minimum necessary length of time, and discards it after the call is completed, is that good enough for Stallman?

(Even if you’re not actively engaged in a call, I think the network still has to know what cell you’re in. But could the network only store your current cell, and not the history of cells you’ve been through?)

(From this point forward, I’m going to refer to this idea as the “open” network. Calling it the “free” network carries with it the connotation that people aren’t paying for it. I’ll come back to that.)

Okay. So we expect AT&T and Sprint and Verizon and T-Mobile and the Grace L. Ferguson Cell Phone and Storm Door Company not to store this information. Right. I’ll wait for you to finish laughing.

Done? Okay. So we not only need consumer hardware, we need an entire “open” cell phone network. Is that something that could be reasonably built? Well, we need radio spectrum. It is unlikely that the carriers will give up spectrum for an “open” network. So what do we do? Could we use amateur radio frequencies, like the 2390-2450 MHz band? Is it even possible that local amateur radio groups could set up and maintain cells in their local areas? (I don’t imagine the equipment to set up a cell is cheap, but I also don’t imagine it is beyond the reach of a group of talented amateur radio operators with a GNU software radio. And if the equipment becomes widespread, the prices should go down. I hope.)

Could you even do away completely with the cell network, and just run all the communications over IP? You’d need to be associated with an access point, but aren’t most folks near one at home or at work most of the day? Would it be possible for amateur radio operators to set up networks of access points along major urban corridors? WiFi hardware is even more of a commodity item than cell hardware, and there are protocols for linking access points together or doing mesh networks.

Someone has to pay for this, right? Right. We don’t want movements and activity tracked, but I don’t see any philosophical problem with a simple lookup based on each phone’s unique identifier. All you need is one bit to indicate the customer is paid up and entitled to use the network. As for the actual cost and billing, it seems to me that can be handled by systems outside the network. If you’re giving unlimited everything for one flat fee, you don’t need to track anything except paid or unpaid. If you want to start getting into per voice minute or per KB data charges, it seems to me that you can still track usage (minutes, KB, or texts) without tracking activity and bill based on usage. The money from service fees could, in turn, be routed to the cell providers. I’m sure we could come up with a fair way of doing this; for example, X cents per call routed through an individual cell. Busier cells get more money, which they can invest in upgrading service; more remote cells probably have lower demand, and don’t need the same capacity.

(One big problem if you’re using amateur radio frequencies: FCC regulations prohibit “communications in which the operator has a pecuniary interest, including communications on behalf of an employer“. There’s a strong tradition, in addition to the FCC regulations, against using the amateur radio bands for business purposes. One could argue that this kind of network wouldn’t be a business, though; rather, it would be a maintained as a public service, and the money that comes in would go back out to local amateur organizations to cover their cost of maintaining cells. I sort of see this in the same way as I do the repeaters maintained by some amateur radio clubs for the use of their members.)

So I said this was a not-so-simple simple question. Basically, what I don’t know about cell phones and cell technology could fill books. (Indeed, it has filled books, which are located in places called “bookstores” and “libraries”. But I digress.) I think I’ve outlined a possible path to an “open” network, but I acknowledge the limits of what I know. I would welcome criticism from people who know more than I do: those who work in the industry, computer security experts, and heck, even cyberpunk writers.

I mention cyberpunk writers for a reason. Maybe I am over-romanticizing this a bit, but I have this mental image of guys in the Sprawl with “open” cellphones spread out on blankets in the street, and gangs like the Panther Moderns using those phones. A guy can dream, can’t he?

(Subject line hattip: the greatest rock song ever, by the greatest band ever. Like you needed it anyway.)

Edited to add: I knew there was something I was forgetting. How reliable would this network be? After all, AT&T spends hundreds of millions of dollars a year on their network, where what I’m talking about here is something that is, at best, a fringe network primarily used by people highly concerned with privacy, and possibly maintained by amateurs on a spare time basis. On the other hand, AT&T spends hundreds of millions of dollars a year on their network. Enough said.

My inclination is to say that you could probably build something that’s “good enough”. You might not be able to get to the same level of service as, say, Verizon, but you could probably get to a level of service where people are willing to make the tradeoff between guaranteed privacy and a small amount of inconvenience. I think this is one place where my plan is weak.

Edited to add 2: 1500 words? I haven’t written like this since I was in college. In other words, last year.

Lessons learned.

Monday, August 6th, 2012

So…somebody I know was having problems with their netbook running Ubuntu.

The somebody in question decided (for good and sufficient reasons) that part of the problem might be due to them having done several upgrade installs of recent Ubuntu versions which left cruft on the system. This somebody thought the best thing to do was to make a backup of /home, reformat the box, and reinstall Ubuntu 12.04 from scratch, blowing away all the existing data and partitions.

Which they did.

The somebody in question had a MySQL database on the box that had somewhere around ~2,500 records in it. It was a fairly simple database, probably overkill for MySQL: one table, a few columns.

It turns out that MySQL doesn’t store databases in /home. MySQL stores databases in /var/lib/mysql by default, and the somebody in question never changed the default. (This vaguely makes sense if you think about it; after all, MySQL is intended to be a multi-user database, so why would you store databases under an individual user’s home directory by default?)

The somebody in question found this out after blowing everything away. And, of course, the somebody in question only backed up /home.

Fortunately, the database isn’t that important, and much of the data on it can be recovered from older .CSV files that were used to import the data into MySQL.

But next time, the somebody in question is going to backup every damn thing, not just /home.

The somebody in question is also going to try to get out of the habit of making assumptions about where things are stored.

Hmmmmmmmm.

Friday, August 3rd, 2012

In the DEFCON 20 day 2 notes discussing the ADS-B presentation by Renderman, I alluded to some work on using USB TV tuners to pick up ADS-B broadcasts.

I did a little more research on this earlier today, just to satisfy my own curiosity.

The RTL2832U outputs 8-bit I/Q-samples, and the highest theoretically possible sample-rate is 3.2 MS/s, however, the highest sample-rate without lost samples that has been tested so far is 2.8 MS/s. The frequency range is highly dependent of the used tuner, dongles that use the Elonics E4000 offer the widest possible range (64 – 1700 MHz with a gap from approx. 1100 – 1250 MHz). When used out-of-spec, a tuning range of approx. 50 MHz – 2.2 GHz is possible (with gap). [Emphasis in the original – DB]

Holy cow! I’ve been wanting to mess with software defined radio, but the $1,500 cost for hardware is a bit discouraging. This looks like an excellent way to get started for about $20 instead. The necessary software is linked from the rtl-sdr page, and you can even get a script that will build gnuradio with the proper components.

What has been successfully tested so far is the reception of Broadcast FM and air traffic AM radio, TETRA, GMR, GSM, ADS-B and POCSAG.

Yow!

Edited to add 8/4: We are not amused. In the past two days, we have been to Fry’s. The shelves at Fry’s were almost completely stripped bare of USB TV adapters. We have also been to three different branches of Discount Electronics; none of them had any of the listed adapters. We have checked Google, and all of the adapters listed with the E4000 tuner do not appear to be available from vendors in the United States. The only adapter on rtl-sdr’s list that we were able to find was the Ezcap EZTV645 DVB-T Digital TV USB 2.0 Dongle with FM/DAB/Remote Controller which DealExtreme sells. However:

  1. There are conflicting reports as to whether this is the one rtl-sdr is talking about, and whether this one has the E4000 tuner.
  2. There are a lot of reports that DealExtreme is slow in shipping; as in, a month or longer.

I’ve ordered the Newsky TV28T that’s listed on the sysmocom site (linked from the rtl-sdr page). With shipping, it came out to 23.30 euros, or about $28.86 in dollars. That’s still well within my price range for tinkering with SDR. I’ll update when the device gets here.

In the meantime, if anyone has any GNURadio or general SDR tips, advice, or suggestions, please feel free to leave them in comments or shoot me an email. Contact addresses are in the usual place.

(And thanks, Borepatch.)

After action report: Las Vegas, NV 2012.

Tuesday, July 31st, 2012

I don’t have much new to report as far as equipment, but I do have a couple of notes on existing stuff. DEFCON for the past few years has run a “secure” network using MSCHAPv2 authentication.

  1. This worked fine on the Kindle Fire. I was able to log in and browse whenever the network was working. However, there seems to be some sort of bug in the Kindle Fire: after a certain amount of time, the wifi setting on the Fire would either stop responding completely (on/off switch wouldn’t do anything) or would immediately crash (with an error message) as soon as I tried to open the setting.
  2. The default Network Manager on Ubuntu 12.04 would not connect to the “secure” network at all, but just constantly brought up the authentication prompt. Google turned up more than a few reports of Ubuntu issues with Network Manager and MS-CHAPv2 authenticated networks, so it seems this is a known issue. I worked around this by downloading and installing wicd, which was able to connect. However, wicd does not appear to save network settings, so every time I wanted to connect to the network, I had to re-enter the configuration.

(In general, I’m seeing more and more problems with project e and Ubuntu 12.04. I suspect some of these may be issues caused by doing several upgrade installs in succession, so I may try doing a backup of /home, reformatting project e, and doing a scratch install and restore of 12.04.)

Food: I had excellent meals at Lotus of Siam (the sea bass drunken noodles) and at Piero’s Italian Cuisine, which is a very old-school Italian restaurant near the convention center.

That was some swell osso bucco. And I don’t think I paid much more for it than I paid for osso bucco at Ciola’s when they were still open.

I also broke with one of my rules and went back to Shabu Shabu Paradise again. In my defense:

  1. I really like these people and want them to be enormously successful.
  2. I haven’t been there since my last trip with Andrew and Mike the Musicologist.
  3. I kind of have a tiny little crush on the waitress. Who, by the way, recognized me from my previous visits, even though I was clean-shaven last time. (I think she’s married to the chef, so nothing’s going to come of that.)

I also had a good meal at Mint Indian Bistro, and very good breakfasts at Blueberry Hill on Flamingo and The Egg and I on Sahara. (The rule doesn’t apply to breakfast, as it is very very hard to find good breakfast places that aren’t casino buffets, Denny’s, or IHOPs in Vegas. If anybody does have a recommendation for a good breakfast place in Las Vegas, please feel free to drop it into the comments.)

I’ve been driving past Hofbräuhaus Las Vegas for years now, considering giving them a try and then not going after all. This time, thanks to Tam inspiring a German food craving in me, I thought I’d give it a shot. The verdict: meh. It wasn’t a horrible meal. The service was pleasant and efficient. But it seemed like I paid a fair amount of money for pretty average food. Walburg is better and cheaper and really not that bad a drive if I go there from work. (You’d be hard-pressed to spend $50+ at Walburg without either being too full to move or too drunk to drive.)

I drove past Flavor Flav’s House of Flavor several times (it is very close to my preferred ATM in Las Vegas, which, in turn, is far enough away from DEFCON that I’m not any more paranoid than usual about using that ATM), and I regret not getting a photo.

I did get some photos (but they didn’t come out well) of “Lynyrd Skynyrd BBQ & Beer“. BBQ and beer? I can haz both?

(By the way, I was never offered a full can of soda on any of my Southwest flights. But I did get a full can of drinking water between PHX and AUS.)

Thanks to: Everyone at DEFCON 20 (staff, goons, presenters, and attendees), the folks at Shabu Shabu Paradise, Lotus of Siam, the Egg and I, Blueberry Hill, and Mint Indian Bistro, the Mob Museum, Amber Unicorn Books, Greyhound’s Books, Borepatch for linky-love, and anyone else I missed.

0-day DEFCON 20 notes.

Friday, July 27th, 2012

I got in line for my badge around 7:30 AM. Registration opened at 8 AM, according to the schedule.

I got my badge at 9:30 AM. I have no idea how many people were in line, but it was packed. We were told that folks started camping out for badges at 10:30 PM Wednesday night.

But, hey! I got mine!

After what was (in my opinion) last year’s badge fail, they went back to an electronic badge this year, still tied in to a “crypto-mystery” game, but at least the badge does something useful.

Or perhaps can do something useful, would be a better way of putting it. The designer calls it a “development platform”: there’s holes for I/O pins at the top, and we were issued VGA (1) and PS/2 connectors (2) with the badge to attach ourselves. And remember my inquiry a while back about microcontrollers? The badge CPU is a Parallax Propeller.

(I haven’t been able to get the badge and Project E talking yet. I suspect a bad or wrong USB cable.)

I hit two panels today. Worth noting is that today’s theme was “DEFCON 101″: there was only one programming track, and the theme of those items was more “introduction to” rather than “deep dive.”

DaKahuna’s “Wireless Security: Breaking Wireless Encryption Keys” wasn’t quite what I expected, in that he didn’t do a live demo. (Though he did suggest that there would be systems available for practice in the Wireless Village.) Rather, this was something of a “view from 10,000 feet” presentation, giving a basic introduction to hardware requirements and tools for attacking wireless keys, along with explanations of how WEP and WPA keys work, and where the vulnerabilities are. A lot of this stuff I already knew from my academic studies, but then again, I wasn’t the target audience here, and I did pick up a few tips.

The presenters for “Intro to Digital Forensics: Tools and Tactics” sold me in the first five minutes by pointing out that:

  • Not everyone knows everything.
  • It would behoove the community to stop acting like dicks when people ask reasonable questions, like “What switches should I use for NMap?”.

The presenters then proceeded to give example usages for what they considered to be the top five tools for testing and exploration:

  • The Metasploit framework, which they sadly ran out of time while discussing.
  • Ntop, the network traffic analyzer.
  • Nmap, for doing port scans and OS fingerprinting. For example:
    #nmap -v -sT -F -A -oG 10.x.x.x/24
    What does this mean?
    -v turns on verbose mode
    -sT forces NMap to do a full TCP connection to each host
    -F enables fast scan mode
    -A tells NMap to do OS fingerprinting
    -oG tells NMap to output in a format grep can work with,
    10.x.x.x/24 tells NMap the range of hosts to scan.
  • tcpdump, which captures packets on a given network interface.
    tcpdump -i eth1 -n -x
    -i specifies the interface
    -n turns off /etc/services translation, so instead of displaying the service name (ftp, telnet, etc.) it just shows the port number.
    -x dumps hex output to the screen
  • Netcat, which creates TCP sockets that can be used for communications between systems. But that’s a little misleading. Let’s say we have two systems, our localhost and a machine at 192.168.1.128. On the .128 machine, we run:
    nc -l -p 2800 -e cmd.exe
    -l tells netcat to listen for a connection
    -p tells netcat to listen for that connection on port 2800
    -e tells netcat to run a command when a connection is made on that port: in this case, netcat will run cmd.exe.
    On the local system:
    nc 192.168.1.128 2800 connect
    which establishes a connection between our system and the remote system. The remote system will run cmd.exe, which (on a Windows system) should give us a command shell on the remote system that we can use from our localhost.

I took the rest of the day off to visit a couple of bookstores (both are still there, pretty much unchanged) and the Mob Museum.

My first thought was that $18 seems a bit stiff. Then again, the Atomic Testing Museum is $14, And the Mob Museum seems to have more people on staff, and may possibly be a little larger than the ATM. (I can’t tell for sure, but the Mob Musuem bascially has that entire building: all three floors.) ($5 for parking cheesed me off a bit, though.)

Anyway, while the Atomic Testing Museum is still my favorite Vegas musuem, the Mob Museum is well worth visiting, especially if you have an interest in organized crime in the United States. (Not just in Vegas, though that is a key focus; the museum also talks about organized crime in other areas, including NYC and Cleveland.) There is a lot of emphasis on Estes Kefauver, perhaps just a little more than I thought was warranted.(I admit, I chuckled at the “Oscar Goodman” display.)

Two things that surprised me:

  1. The number of families with small children at the Mob Museum. Parents, would you take your kids to a museum devoted to organized crime? (There’s some pretty graphic stuff, but the Museum confines it all to one section, warns you before you enter the section, and gives you an option to skip past it.) (And I feel kind of hypocritical saying this: if my parents had taken me to the Mob Museum when I was, say, 10, wild horses couldn’t have dragged me out of there.)
  2. The popularity among small children of the firearms simulator. Kids were having a lot of fun pretending to be cops, running through various scenarios (like a domestic dispute) and busting caps in bad guys. (I didn’t tell any of the kids that, had they actually been out on the street, they’d be dead before they got their first shot off. Do I look like an asshole?)

Tomorrow is when things start for real. Look for an update, but probably late in the evening.

(Oh, I did want to mention Chad Everett’s death yesterday, but I was using the Kindle to blog, which was a pain, and things got kind of sideways leaving LAX and arriving in Vegas, so consider this your obit watch.)

Followup roundup.

Friday, June 1st, 2012

Looking at site stats this morning, I noticed that my ThinkPenguin endorsement seems to be getting some traffic. I thought I’d bop over to their site and check: yes, they have the new dual-band wireless N USB adapters available. And to tell the truth, I like the design of this adapter better than the one I have.

Earlier this week, I commented on the death of Mack Wolford. Lauren Pond, a photojournalist, had been working with Rev. Wolford for the past year as part of a documentary project on the Pentecostal snake-handling religion. Ms. Pond was at the service where Rev. Wolford was bitten, and sat with him and his family as he died. Some of her photos, and her thoughts about what happened and her obligations, are in the WP.