Friday, April 28, 2006

No, I'm not hitting the nitrous oxide today...

the maniacal laughing is merely a by-product of amusement overload. Three unbelievably funny things have presented themselves to me today.

1. Elphie iz tha most K-to-tha-izzick ass brotha playa evah.
plug in your favorite website and join the hyena club. Seriously, me n tha homeys be bout to vomit we be laughin so H-to-tha-izzard.

2. Chain email run amok.
I got a chain email from a friend today. Normally I'd just delete it without reading it, but this one was too damn funny. I swear to god, it is an underwear pyramid scheme. That's right. If I send person #1 a pair of new panties, add my name to the list, and send out six new copies, I should (in theory) receive 36 pairs of new panties in return. I'm sorry, but this is just funny. I might open a PO Box under a pseudonym and play along just for the social experiment angle. If I do, I'll let you know if I actually get any undies or just more junk mail from Val-u-pak.

3. Your thoughts are your password.
Am I the only one envisioning Monty Python here?
Bridgekeeper: Stop. What... is your name?
Galahad: Sir Galahad of Camelot.
Bridgekeeper: What... is your quest?
Galahad: I seek the Grail.
Bridgekeeper: What... is your favourite colour?
Galahad: Blue. No, yel...
[he is also thrown over the edge]

And if that isn't tickling your funny bone, try this.

oh man, if I don't stop laughing I'm going to get hiccups...



Wednesday, April 19, 2006

Confessions of an OCD blogger...

I've been blogging for two months now, and figure it is time for an admission (the first step to recovery?) My name is Elphaba and I'm addicted to blogging. I've got probably 5 topics saved up to blog about in the future. And I find myself thinking in blog. Things I read and experience get translated into potential future blog entries in my head. I have to exercise tremendous self-discipline to not make multiple posts in a day sometimes when I find several really interesting things to yammer on about. So even if no one was reading the Hideaway but me, I don't think I'd be able to give it up at this point.

This shouldn't be a surprise to me or anyone who knows me - I'm fairly obsessive about all my other hobbies. But I tried blogging about 2 years ago and it didn't stick. I was irregular about posting and did it primarily as an obligation to family and friends. A painful chore at best. But this blog is totally different. I'm really enjoying writing it, because I'm writing what I want. And I'm enjoying how writing it is changing me. I'm writing more now in my everyday life as a result, and feel like I'm thinking about things in a different light.

So thanks for reading here at the Hideaway so I don't have to feel like the crazy cat lady who talks to herself all the time. Hope you enjoy reading it at least half as much as I enjoy writing it.



Tuesday, April 18, 2006

I hate girl clubs... but not this one.

I've never been a fan of women's career networking groups, women's conferences, sororities, etc. I espoused a 'suck it up and play with the boys' attitude for the vast majority of my life. Most of my friends in life are/have been guys, and its been that way for as long as I can remember. I firmly believe that by creating a special group, you make yourself more different, not more equal. Besides, girls can be bitchy and irrational. How can you be friends with people like that?

That said, I've learned in the last year that not all girl groups are bad. I think this comes from the fact that I've seen crappy things happen in the workplace to insanely smart, hardworking female engineers that were just not fair - and without a network of women to ask the advice of and share experience with, these women would have been totally isolated in dealing with the situation.

QUICK DISCLAIMER: So you'll see on the con calendar that I've listed the Executive Women's Forum in Information Security - which might make no sense now that I've broadly bashed women's conferences/organizations. Here is why I think EWF is cool: having been to a ton of conferences, EWF is different because everyone is trying to build each other up (and I don't mean self esteem but skills, business opptys, etc). I've never seen so much positive group energy and trust. I've only been to EWF once because the typical attendee base and content really isn't an applicable fit for my role in 'the industry' but it was still a good experience overall, and a conference I've recommended to a few colleagues. And if you are wondering if an all women's conference is boring in the evenings after the malls close, let me just say that unlike men, women don't need members of the opposite sex around to party their asses off until all hours of the night.

The reason this post started to begin with is that this weekend I found another all-girl group that not only merits a 'not bad' rating from me, but is getting added to my fave sites list.

Yes, thats right, FragDolls. Girl gamers don't have to be dumpy nerds or ecclectic comic book addicts who start gaming to hang with the geek boys. Girl gamers can be hot. Some might say that they are objectifying themselves, using their bodies to get ahead/noticed... well DUH. But 'so what' I say! Being hot, knowing you're hot, and *appropriately* leveraging that advantage is not a crime and doesn't make you a bad person. I'm sure professional women in uncomfortable business suits and sensible shoes are likely horrified by this statement... :)

But here is why I think FragDolls is a great thing for the feminist movement (whatever the hell that means): if hot, smart girls are gaming - and maybe even beating the pants off the boys - it starts becoming socially acceptable for girls to get into gaming and technology. If this catches on, maybe someday it will be cool for chicks to have badass code-fu instead of being varsity cheerleaders, and go to college not for psychology or social work or english lit but for computer science or electrical engineering degrees.

That and I don't have to feel like quite so much of a dork for being a hard core PC gamer. My last job I'd come in to work on Monday and co-workers would ask about my weekend - when I'd tell them (with great enthusiasm) about how we played Age of Empires at a LAN party until 3am every night they'd look at me like I was a freak of nature. One of them asked once "you know you're a girl, right?". Damn right I'm a girl. I'm a FragDoll.


Labels: , , ,

Thursday, April 13, 2006

Layer1 this weekend

The third of the badass con trifecta in the lower 48, Layer1 is in Pasadena CA this weekend. A solid quality (and reasonably priced, thanks Noid & crew) con like ToorCon and ShmooCon, Layer1 has some great speakers lined up for attendees. The talks by Billy Hoffman, David 'H1kari' Hulton & Johnny Cache, Strom Carlson, and Luiz Eduardo Dos Santos top my list of stuff to see...


Labels: ,

Wednesday, April 12, 2006

are you kidding me? part deux

wow, the post on computer sex games generated a lot of comments. Only one here on the blog, but quite a few more via email or IM. Apparently I'm not the only geek that finds human nature and the intersection of technology and sexuality to be interesting, though that is no surprise really. For decades people have been fascinated by this topic, though typically in a more sex-cyborg to human equation (see Cherry 2000 - Pamela Gidley, Blade Runner - Darryl Hannah's Pris, or AI - Jude Law's Gigolo Joe) than the current technology-facilitating-human-to-human sexual interaction trend.

One reader sent me this link, which is a fascinating article about virtual prostitutes in Second Life (SL), an oft-cited MMO used for college-level coursework in the design of digital spaces, in art and architecture, and in media studies and sociology. SL has over 148,000 citizens.

In the article there is a quote from a guy who has paid real money for online tricks in SL which I think reflects my confusion from my prior post:
"Walking around in a virtual world matters. The girl you meet might take you to a sleazy motel or a scary dungeon, or maybe she'll show you someplace you haven't been before--stuff you won't get on the phone. Nonetheless, language is cardinal; complex computer interfaces often become obstacles to satisfying cybersex."

This last statement makes total sense to me. Netsex has a long text based tradition that started in bbs chat sessions in the early 90's - I know because I was on ISCA bbs a lot and eventually had to put "NO NETSEX" in my profile to keep the creeps away. but interaction was all txt based. Unless you were a killer ascii artist there were no graphics to go along with the conversation besides old school emoticons.

In many ways this is the book vs. movie argument. Some people prefer books to tv/movies because there is a lot left up to the reader's imagination - in movies you have to live within someone else's reality and run the risk of disappointment in their interpretation of the authors work. Ever see a movie after reading a book and think "that was *so* the wrong actor for that character"?

So its the GUI component (yeah, I prefer books) and the fact that people are plunking down $$$ for the games discussed in my prior post that I don't understand. The idea that you would buy a game purely for anonymous online sex (not even a complex virtual world like Second Life) and that would be a worthwhile investment over a free technology like IM or chat rooms just doesn't compute. But Second Life is created to be a robust virtual reality, where people can mingle and share ideas, exchange goods, etc. As such, it has a thriving economy. And like any society the world over, the oldest-profession has a place in this virtual world with brothels, pimps, and prostitutes running businesses that derive real life profit from their services - some SL brothels are estimated to earn $47K (in REAL money) a month. Ah, capitalism. This seems like a viable business model based on proven sociological models of cross-cultural human interaction.


Labels: , , ,

Monday, April 10, 2006

are you kidding me?

Online games replace monsters with sex
Explicit virtual playgrounds give new meaning to 'multiplayer'

This strikes me as strangely funny, in a bizarro-world sort of way. If life has got you down, if you aren't scoring with the ladies (or men) in reality, you can practice your technique and boost your ego with a virtual pick-up scenario. There have to be npc's in it to make up for the gender imbalance in the playspace - because I have a sneaking suspicion there will be more guys playing than girls. If so, I wonder just how 'easy' this game is. Are the npc's programmed with emotional baggage like the real players? Are there npc's who will turn your avatar down if you aren't in their preferred ethnic/age/etc group? If your name is Dan, will that infuriate the rebound npc girl who was just dumped by her cheating bf Dan and will she throw her virtual cosmo in your virtual face?

While certainly a creative marriage of technology and entertainment, I'm not convinced there is a viable (or at least successful) business here. There are a few obvious stumbling blocks to this new 'adults only' gaming becoming a successful entertainment medium. For starters, what woman is going to play this? Sure, there is the excitement of the flirting with someone over the network, the hookup, etc, but women aren't generally known for being avid porn viewers. And I can't really imagine the point of a point-and-click game where you've just taken off your shirt not because you are upgrading your armor, but because you are making out with some other character. Does the shirt disappear into your inventory or get thrown on the floor in a crumpled heap? How much is graphical versus text based? Do you control character climax? if so, how weird is that? Is there a big O button to click? Are the game controls simple enough for one hand operation? (oh come on, we all know you would have thought of that on your own eventually.)

I suppose if you are involved in a lot of chat-room sex this could take things to the next level by adding a visual component - some of these games are already available as text-only offerings. You'll now have a little idealized character you can pretend is you, hooking up with people who are pretending to be their little idealized characters, and the whole world is thin athletic and pretty and there are no repurcussions for visiting the make-your-own porn room with a guy you just met at the virtual bar this evening. I'm just guessing, but I'm pretty sure they won't have virtual gonorrhea or virtual pregnancies in this game, any more than they would have virtual premature ejaculation or virtual erectile dysfunction. Because the beauty of virtual reality in a computer game is that it isn't reality at all - it is an ideal state of being you can project. It is, for all intents and purposes, the Matrix. It is getting to be whoever you want people to see you as. So what if you are home in a dirty sweatshirt and old track pants eating ice cream straight from the carton? The people on the other end of the game think you're a badass hot chick in a vinyl catsuit and long coat.


Labels: , ,

Friday, April 07, 2006

I'd like to buy an 0, HOPE6, BSOD, Captain Obvious and media whoring...

Let's start with CanSecWest, and the vulnerability commercialization panel they had on Wednesday. There was much spirited debate but no end agreement between the parties... takes me back to ShmooCon and the BOF panel on training... but I digress.

In the press, Michael Sutton is quoted as saying that vendors need to pay for vulns, and later in the article a customer states he expects vendors to pay for vulns as well.
"The only economic model that does not make sense to me is the vendor's," Sutton said. "They get to know about a vulnerabilities ahead of time, but they are unwilling to pay for them."
Let's blithely assume for a moment that vendors and researchers could agree on the dollar value of a vulnerability (ROTFLMAO). There is still a big problem with the 'buying vulnerabilities protects customers' argument: if Oracle buys a vuln from David Litchfield, Oracle now owns the vuln. That means that they don't EVER have to fix it if they don't want to. I'm not just picking on Oracle - this is true of ANY vendor. They wouldn't be buying vulns, they'd be buying silence. And that would just piss everyone off - hell, that's why full disclosure practices started to begin with - the only way to get a vendor to fix a security bug was to publicly shame them with it. So I wholeheartedly disagree that vendors buying bugs would make me as a computer user any safer.

I have no problem with reputable third parties buying vulnerabilities and working with vendors to protect customers. I'll admit I think Tipping Point's ZDI program does a better job of that than iDefense's VCP program simply because iDefense's customers leak their confidential advisories all the time before patches are available. But these programs do play an important role in the security ecosystem that benefit customers, researchers, and vendors.

Other stuff:

Dates for HOPE number 6 have been announced - July 21-23, just a week or so before Black Hat Vegas. Of course I've added HOPE to the upcoming cons list...

Check this out - I've heard most people aren't having much trouble with Apple's Boot Camp beta, but this guy managed to get the legendary Blue Screen of Death. I haven't seen that on one of my boxes in over five years. Wow. Comments on the blog suggest that this was a known bug in the beta relating to iSight... doh!

Adam Shostack makes some interesting observations on recent media regarding rootkits on the Emergent Chaos blog. Yeah, he is right, this is a Captain Obvious type of situation where everyone in the security space already knew that rootkits were a big dangerous problem. But I think (or at least hope) the point of the Microsoft presentation at InfoSecWorld in FL that spurred the eweek article was to educate less security savvy customers about threats we are facing today and give guidance on how to deal with them. Adam also mentions the extremely cool work being done by John Heasman of NGS on ACPI BIOS rootkits that was presented not only at Black Hat Federal, but Black Hat Amsterdam and will again be presented in May at the Computer and Enterprise Investigations Conference. Right now it is super cutting edge stuff - so maybe if John gives the talk often enough, more people will pay attention (and by someone I don't mean the bad guys). After giving the talk at Black Hat Federal in January, Rob Lemos ran a story which quoted Greg Hoglund as saying:
"It is going to be about one month before malware comes out to take advantage of this," said Greg Hoglund, CEO of reverse engineering firm HBGary and editor of "This is so easy to do. You have widely available tools, free compilers for the ACPI language, and high-level languages to write the code in."

It would be a shame if the security industry didn't pay attention in January to John's early warning and is surprised when malicious bios rootkits emerge.

And since I've mentioned CEIC, I may as well throw a shameless plug out for Vinnie Liu's talk on Defeating Forensic Analysis (with his business partner Patrick Stach) on Thursday May 4 at the con. Vinnie is a very smart guy - if you are attending CEIC, I'd definitely attend their session. I'm such a groupie I'd go to NV just to see this talk, but I think that would violate the restraining order...


Labels: , , , , , , , , , ,

Thursday, April 06, 2006

I always feel like somebody's watching me*

Disney Phone Service For Kids Has Parents In Mind
Wall Street Journal - 4/5/2006
Disney is unveiling a mobile cellphone service that gives parents the ability to track the whereabouts of their children and control how and when they use their phone.

OK, so maybe I'm more paranoid about privacy than the average parent. But I don't really want Disney to know/have access to where kids go and tracking their habits or patterns. That seems like an insanely rich data source for planning future marketing etc of their other products. Not to mention I think is is creepy that they could have a captive audience to push sms messages to about their new theme park rides or movies or toy in their "exclusive content for both kids and parents". I'm not anti-Disney, I'd be just as weirded out if Nickelodeon or Sesame Street were doing this...

Maybe we should all get a few and start going to shooting ranges, military bases, porn shops, fetish clubs, strip bars, casinos, etc just to screw with their data... give them to truckers on trans-continential routes just for giggles...


*Rockwell, 1984


Wednesday, April 05, 2006

Mac's officially go both ways now...

This is AWESOME. If you are one of the three people who read my blog regularly, you know I'm a fan of Mac hardware already, I'm just not willing to give up my Windows OS...
Apple's Boot Camp beta installs WinXP
Apple today introduced Boot Camp, new public beta software that enables Intel-based Macs to run Windows XP. Available as a download beginning today, Boot Camp allows users with a Microsoft Windows XP installation disc to install Windows XP on an Intel-based Mac, and once installation is complete, users can restart their computer to run either Mac OS X or Windows XP.

I think it is brilliant that Mac is taking steps to enable the Windows platform to run on their hardware. My next box is sooooo going to be a Mac...


Labels: , ,

Monday, April 03, 2006

I feel so much safer...

2 air marshals plead guilty to drug smuggling
Marshals accepted $15,000 in return for carrying cocaine on Vegas flight

The marshals admitted they accepted $15,000 to use their positions as air marshals to bypass airport security and smuggle 15 pounds of cocaine.

I feel so much safer knowing I get the full body grope, er, patdown, every time I fly to make sure I don't have a shiv hidden in my underwire bra, while these guys who are paid law enforcement officials (who presumably passed background checks to get their jobs) circumvent security screening with the substance they've been told is cocaine. Because you can always trust criminals. If the drug dealers said it was cocaine, I'm sure it was. There wouldn't have been anything else hidden in that package. The only criminals that create elaborate double-cross diversions to hide a more heinous crime are on fictional TV shows, right?

And while we are talking about hiding things from people... why not put that secret passageway in your house like you've always dreamed of? Colonel Mustard won't find you with that damn lead pipe as you covertly move from the study to the kitchen! DIY kits start at just $1500, though I'm guessing that is just for a fancy bookcase with hidden space behind it, not a full room-to-room passage. Still, how cool would it be to twist a candlestick and have your fireplace rotate open to reveal a hidden room? The challenge would be to not show it off to all your geek friends and defeat the purpose of a SECRET room. Of course if all your plushophilia stuff is hidden in there, maybe you'll be extra motivated to keep it secret after all...


Labels: , , ,