Compliance and auditing has been the main driver for "securing" computer systems for about a decade now. There's basically rules in place, be they legal regulations, or conditions which need to be met before a contract is signed, and these rules need to be followed or else these are consequences. The consequences typically just result in a fine and maybe a lost contract and a little bad press.
The basic problem with the compliance and audits is that it gets people into the mindset that if they follow all of the steps laid out so they are compliant and they do nothing more. This doesn't make them much more secure, since the attackers are just as familiar with the regulations as the auditors and system administrators who implement the rules. However, it does give them two important things. First, it gives them the false sense of security. More importantly, however, they don't really care if they're compromised because it gives them legal and political protection. The legal protection is that they were compliant, and therefor the compromise clearly wasn't their fault and thus the liability is severely limited. The political protection is the same argument but used in the event that the story makes it to the media. This doesn't save the company any money, but it helps make them look good.
So if we don't give companies guidelines on what they need to be secure, how will they know what to do to make sure the information is secure? Well, I'd say that's up to them. We don't have laws requiring them to do their accounting, but they seem to manage to make that work and still inter-operate with the IRS, the state government, and other businesses. Another argument for having these compliance standards is if we didn't have them they wouldn't take any initiative to secure their information. This purely depends on the economics of the situation, it's merely a matter of the cost to secure their system and the cost if they don't. If they spend hundreds of thousands of dollars buying equipment and hiring quality people, that may make they a very difficult target and tremendously lower the risk of data theft. On the other hand if they spend little to no money on security, they might not get compromised anyway.
If information security is important to the population at large, then the punishment needs to be stricter. If a company can't secure the information they've been entrusted with, be it due to neglegence or incompentence, they should be held accountable. To say "Well we did everything on the checklist. We spent a lot of money on security and tried really hard" is a fine explanation, but that does not excuse them from what they allowed to happen. Whatever they did obviously wasn't enough.
There are some outstanding disclosure laws which do a good job at accomplishing this. It makes it less common for companies to just sweep things under the rug when something bad happens. Instead, they must report it to the government who is going to make sure the incident is publicly known. The limitation of this is that a slick public relations person can mitigate the damage very well. In addition to making it known, they should be required to pay damages to the people. As long as there's such a little cost to allowing your company to have a data breach, we can expect to see more and more of these problems.
Now, some are quick to point out papers like that of Romanosky which indicate that we can't find any "statistically significant effect that laws reduce identity theft." Of course, I could refute that with other papers which indicat there is some correlation, but go one step further in looking at other benefits of these disclosure laws. My point is just that it's a step in the right direction; I certainly wouldn't claim that it's enough to motivate industries to take their obligation to secure the information they possess.
Of course, when companies don't even know they've been compromised, it's a difficult problem to solve. There are some interesting products that look at "normal" traffic over one specific protocol and will detect anomalies which would indicate there's a problem (attack occurring, something compromised and data outbound, etc). The problem is that this is an incredibly difficult thing to do, just from a technical standpoint. With research now being done so that plain text which looks like it's English being used to launch shellcode attacks, it's really difficult to tell the good data from the bad. Filters which look for "things that look like social security numbers" are inaccurate on both ends (miss things, and flag things which are not actually SSNs) plue they're often limited to a specific protocol (typically HTTP).
The moral of the story is that, just like any complex problem, there's no magic bullet. There are things which will help in different aspects, but it really takes a person who is knowledgeable and spends time thinking about the technical limitations of something.
Tuesday, December 8, 2009
Thursday, December 3, 2009
Interesting patterns
I just looked at the clock and saw it was 12:36, which seemed like an interesting series. I came to determine that this was inherently interesting because 12 * 3 = 36 and three is not only the third digit in the series, but also the lowest factor of 12 (excluding 1, of course). Beyond that three is also the largest common denominator between 12 and 36 as well as the smallest odd prime. The square root of 36 is six, which also happens to be the last digit. If just looking at the digits by themselves, I noticed that 1 + 2 = 3 and 2 * 3 = 6. If there was another number in the series, it'd probably be 729 (3^6).
That makes me wonder about a lot of things. Like do other people see numbers and start picking out patterns? Do certain series of numbers look interesting to others, even if they can't explain why? Would I (and perhaps others) pick up on these interesting numbers if looking at an analog clock?
That makes me wonder about a lot of things. Like do other people see numbers and start picking out patterns? Do certain series of numbers look interesting to others, even if they can't explain why? Would I (and perhaps others) pick up on these interesting numbers if looking at an analog clock?
Monday, November 30, 2009
Police raid Swedish hackerspace
If you haven't already heard, the police raided the social center where Forskningsavdelningen is housed. Here's the full article.
http://forskningsavd.se/2009/11/29/i-can-haz-moar-bout-teh-reid/
I understand that the police are expected to uphold the law. Perhaps the best use of their time really was to raid a concert where there may be alcohol being sold to underage people. It's fine that they raided the place.
Now, did they have to come in riot gear and ski masks for an underage drinking accusation? No, they did not. We'll give them the benefit of the doubt and say that maybe they had reason to believe some patrons had weapons and planned to use them against police if it came down to it. If that's the case, and I'm not saying it is, then that would explain, and perhaps excust their actions.
Next, they started seizing stuff. This is understandable if they are alleging a crime has taken place. If they got there and found there was no underage drinking then there's no reason to take anything.
Finally, there's the three biggest issues. The police took things which did not belong to any suspects, they took things unrelated to the case they were investigating, and they seemingly didn't give anyone a list of things taken. The last item can be easily rectified, but it should have been done before the police cleared out. However, I can't think of any legitimate reason for taking items unrelated to the crime and not owned by the alleged criminals. The only logical reason I can come up with would be to cause harm to anyone affiliated with that venue.
I'm not familiar with Swedish law, so perhaps they have the authority to take anything they please without even as much providing any indication as to what they took. But even if they do have that power, it doesn't make sense as to why they would do so in this case unless they have some kind of vendetta against Forskningsavdelningen. If that's the case, then they should just get a warrant and raid them properly. This was of seemingly circumventing the law is unjust and likely illegal.
Hopefully the hackerspace will get their gear back in a timely manner, however that doesn't sound likely. The appropriate response by the police at this point would be to return the property of anyone who is not a suspect, apologize for the confusion, and provide a list of everything which is not being returned. What is done, is done, but it's not at all difficult for them to start doing the right thing. While most people aren't going to be happy about the whole situation, I think we can all find it acceptable. The longer the authorities fail to take this action, the more unacceptable their actions become.
http://forskningsavd.se/2009/11/29/i-can-haz-moar-bout-teh-reid/
I understand that the police are expected to uphold the law. Perhaps the best use of their time really was to raid a concert where there may be alcohol being sold to underage people. It's fine that they raided the place.
Now, did they have to come in riot gear and ski masks for an underage drinking accusation? No, they did not. We'll give them the benefit of the doubt and say that maybe they had reason to believe some patrons had weapons and planned to use them against police if it came down to it. If that's the case, and I'm not saying it is, then that would explain, and perhaps excust their actions.
Next, they started seizing stuff. This is understandable if they are alleging a crime has taken place. If they got there and found there was no underage drinking then there's no reason to take anything.
Finally, there's the three biggest issues. The police took things which did not belong to any suspects, they took things unrelated to the case they were investigating, and they seemingly didn't give anyone a list of things taken. The last item can be easily rectified, but it should have been done before the police cleared out. However, I can't think of any legitimate reason for taking items unrelated to the crime and not owned by the alleged criminals. The only logical reason I can come up with would be to cause harm to anyone affiliated with that venue.
I'm not familiar with Swedish law, so perhaps they have the authority to take anything they please without even as much providing any indication as to what they took. But even if they do have that power, it doesn't make sense as to why they would do so in this case unless they have some kind of vendetta against Forskningsavdelningen. If that's the case, then they should just get a warrant and raid them properly. This was of seemingly circumventing the law is unjust and likely illegal.
Hopefully the hackerspace will get their gear back in a timely manner, however that doesn't sound likely. The appropriate response by the police at this point would be to return the property of anyone who is not a suspect, apologize for the confusion, and provide a list of everything which is not being returned. What is done, is done, but it's not at all difficult for them to start doing the right thing. While most people aren't going to be happy about the whole situation, I think we can all find it acceptable. The longer the authorities fail to take this action, the more unacceptable their actions become.
Monday, November 23, 2009
Just found Another survey showing that insider threats are very real and that it's actually getting easier for insiders to steal information. From the article: "Pilfering data has become endemic in our culture as 85% of people admit they know it's illegal to download corporate information from their employer but almost half couldn't stop themselves taking it with them..."
http://www.net-security.org/secworld.php?id=8534
The moral of the story is that if you care about things like your customer list, product information and business plans, take serious action to protect it! If you are unsure if it's safe or not, hire someone to do an audit and advise on how to address the issues which are found.
http://www.net-security.org/secworld.php?id=8534
The moral of the story is that if you care about things like your customer list, product information and business plans, take serious action to protect it! If you are unsure if it's safe or not, hire someone to do an audit and advise on how to address the issues which are found.
The economy is getting better, kinda
So I noticed some interesting market trends which started shortly after the new political leaders took office.
Mar 09, 2009 Dow Jones 5647.05
Nov 10, 2009 Dow Jones 10,226.19
So that's a 54.31% gain. I know what some of you are thinking... but Dr. Nichols, the media tells me that things are bad and how scared I should be. They even cite hard numbers like unemployment rates and relate that to the failed Obama plan. How on Earth can you explain these stock prices?
Actually, the same thing that explains the stock prices also indicates that things are bad. If we take a look at the unemployment rates we see a huge jump from April 2008 through June 2009. Companies are cutting jobs, saving money and becoming more profitable. So businesses are getting more profitable, by putting people out of work. So the question becomes: Will the companies be able to keep their gross income up when there are less people employed and thus less people willing and able to buy their products and services? I'd say they're selling things which are necessities, like food, the answer is yes. Likewise, if their markets are in countries that can still afford and desire the products they'll do okay. On the other hand, if they are selling items which are not required and expect the domestic sales to keep coming in, they may be disappointed.
So, although the market turn-around happened only a couple months after Obama took office, I'd say the recovery began (for the businesses) when they started killing jobs. The fact that some of their competition went the way of the dodo is also a factor, because the customers will now come to them.
If the government decides to do something to help people instead of corporations, but given the opposition from the right (Republicans, Joe Lieberman and some others) any attempt to help "Main Street" will surely be shot down for being "big government", a "waste of money", and "fiscally irresponsible" by many. By the extremest, it'll either be hailed as exactly what we need, or socialism and thus a complete government takeover of our lives and freedoms... depending on which extreme you're listening to.
The problem isn't just the politicians, who practically accept bribes* from lobbyist in turn for passing favorable legislation. It's also the self-serving media, which reports on whatever is profitable for them. The more products they can sell for their sponsors, the more money they'll ultimately make. While there were the multi-national monopolies of the late 1800s and into the early 1900s such as standard oil, Carnegie Steel, Bell telephone, and J.P. Morgan's railroad, they didn't do so because people preferred them to their competitors. For the most part, this was before the radio was even invented, let alone a common thing to find in the home. TV, the Internet, the science of psychoanalysis, were all completely non-existent. So I'd argue that even though the companies today might not be as large (in terms of market share) as the ones yore, they're more powerful, both in terms of influencing (or manipulating?) the common people, as well as getting laws passed which will make them more profitable.
So all of this leads to a few questions. How do we fix this? Can we do so or is this just the natural order of things and is ultimately inevitable? Of course there's no one answer. Some things that would help is if America went back to producing things (other than military equipment), as shipping jobs overseas may help other people, but it doesn't help the American economy. We've already seen what happens when the American stock market stumbles and falls, so it's arguably better for more than just Americans. People could buy locally from sustainable businesses. The problem with that is that it's more costly to do, so even in good times many people won't think it's worth that extra money, and justify this rationale by convincing themselves that one person won't make a difference. To them, I say "Be the change you wish to see in the world." If you don't understand that, listen to "Man in the mirror." I'm not sure what "the answer" is, but I think with the technology we have right now, we should be doing much better than we are. We need some incentive for companies to make products that last, rather than cheap junk which sells. If you have better solutions for societies woes, please share them. Even better yet, take the next step and start making them happen!
* Bribery, as defined by the courts, must be more specific than "we like guns... do you like guns? You do? Oh, well here's a bunch of money for your campaign." It need to be more like "Here's a bunch of money for your campaign in return for you promising to pass a law which forces people to buy health insurance whether they can afford it or not."
Some of the sources for the economic data:
http://www.google.com/publicdata?ds=usunemployment&met=unemployment_rate&tdim=true&q=unemployment+statistics
http://finance.google.com/
Update:
Here's a map which illustrates the unemployment stats quite well:
http://cohort11.americanobserver.net/latoyaegwuekwe/multimediafinal.html
Mar 09, 2009 Dow Jones 5647.05
Nov 10, 2009 Dow Jones 10,226.19
So that's a 54.31% gain. I know what some of you are thinking... but Dr. Nichols, the media tells me that things are bad and how scared I should be. They even cite hard numbers like unemployment rates and relate that to the failed Obama plan. How on Earth can you explain these stock prices?
Actually, the same thing that explains the stock prices also indicates that things are bad. If we take a look at the unemployment rates we see a huge jump from April 2008 through June 2009. Companies are cutting jobs, saving money and becoming more profitable. So businesses are getting more profitable, by putting people out of work. So the question becomes: Will the companies be able to keep their gross income up when there are less people employed and thus less people willing and able to buy their products and services? I'd say they're selling things which are necessities, like food, the answer is yes. Likewise, if their markets are in countries that can still afford and desire the products they'll do okay. On the other hand, if they are selling items which are not required and expect the domestic sales to keep coming in, they may be disappointed.
So, although the market turn-around happened only a couple months after Obama took office, I'd say the recovery began (for the businesses) when they started killing jobs. The fact that some of their competition went the way of the dodo is also a factor, because the customers will now come to them.
If the government decides to do something to help people instead of corporations, but given the opposition from the right (Republicans, Joe Lieberman and some others) any attempt to help "Main Street" will surely be shot down for being "big government", a "waste of money", and "fiscally irresponsible" by many. By the extremest, it'll either be hailed as exactly what we need, or socialism and thus a complete government takeover of our lives and freedoms... depending on which extreme you're listening to.
The problem isn't just the politicians, who practically accept bribes* from lobbyist in turn for passing favorable legislation. It's also the self-serving media, which reports on whatever is profitable for them. The more products they can sell for their sponsors, the more money they'll ultimately make. While there were the multi-national monopolies of the late 1800s and into the early 1900s such as standard oil, Carnegie Steel, Bell telephone, and J.P. Morgan's railroad, they didn't do so because people preferred them to their competitors. For the most part, this was before the radio was even invented, let alone a common thing to find in the home. TV, the Internet, the science of psychoanalysis, were all completely non-existent. So I'd argue that even though the companies today might not be as large (in terms of market share) as the ones yore, they're more powerful, both in terms of influencing (or manipulating?) the common people, as well as getting laws passed which will make them more profitable.
So all of this leads to a few questions. How do we fix this? Can we do so or is this just the natural order of things and is ultimately inevitable? Of course there's no one answer. Some things that would help is if America went back to producing things (other than military equipment), as shipping jobs overseas may help other people, but it doesn't help the American economy. We've already seen what happens when the American stock market stumbles and falls, so it's arguably better for more than just Americans. People could buy locally from sustainable businesses. The problem with that is that it's more costly to do, so even in good times many people won't think it's worth that extra money, and justify this rationale by convincing themselves that one person won't make a difference. To them, I say "Be the change you wish to see in the world." If you don't understand that, listen to "Man in the mirror." I'm not sure what "the answer" is, but I think with the technology we have right now, we should be doing much better than we are. We need some incentive for companies to make products that last, rather than cheap junk which sells. If you have better solutions for societies woes, please share them. Even better yet, take the next step and start making them happen!
* Bribery, as defined by the courts, must be more specific than "we like guns... do you like guns? You do? Oh, well here's a bunch of money for your campaign." It need to be more like "Here's a bunch of money for your campaign in return for you promising to pass a law which forces people to buy health insurance whether they can afford it or not."
Some of the sources for the economic data:
http://www.google.com/
http://finance.google.com/
Update:
Here's a map which illustrates the unemployment stats quite well:
http://cohort11.americanobserver.net/latoyaegwuekwe/multimediafinal.html
Sunday, October 11, 2009
Hardware hacking
At the last DC949 meeting, I was inspired to look into hardware hacking some more. The GNU radio talk was what really got me started on how awesome I find hardware hacking. I'd buy a GNU radio if I thought I'd put it to good use, but it's expensive and there's no point in buying it if I'm not going to use it for something. But Brad mentioned he was using the Arduino with an XBee (transmitter which supports AES encryption) and that just kicked up my motivation another notch. I need to figure out what I can do with my Arduino which would be fun and educational.
The next day I got to play with my Arduino and a GPS receiver and we pulled our location, the current time, and some other interesting stuff. We also spent some time playing with the accelerometers in a Wii numchuck. When he showed me some hardware which would bridge XBees to computer networks, I felt like I just had to put my Arduino to some good use. I started thinking of the number of inputs I'd need to run the vending machine and quickly determined that I couldn't do it with my model, but the Arduino Mega would be able to handle it with its 54 digital I/O ports.
So I started working on the basic stuff with my Arduino just handling 2 buttons and 2 chutes, inserting dollars/quarters/dimes/nickels, and the change release. I'm up to the point where I can keep track of how much money has been inserted and can calculate how many of each coin to give back in change. I can detect when a chute is sold out, and it would print a message on the LCD (if I had an LCD here). The code to print a message on the LCD when they need to put in more money is also done.
Things to do:
1.) Make each button map to one or more chutes. Currently, it's a 1 to 1 mapping.
2.) Dig into the vending machine and see how each part interfaces with one another. Mainly how dollar bill acceptor sends out messages, what signals need to be sent to get the servos/motors which do the vending to vend, how the coin release detects which coins are inserted (serial, just a switch which is momentarially pressed when the coin drops, or something else), how it knows what change it has to give out.
3.) Detect when it doesn't have enough coins to give back change. When this happens it should require that exact change is used and reject any attempt to put in dollar bills.
4.) Get an LCD (or take the one out of the machine) and use it while testing.
Once I get the vending basics down, it'll be on to the fun stuff... wireless communication, RFID fun, digital camera, LED lighting with different patterns, games like "Simon" for people to play (complete with high scores which last until the machine loses power), maybe insert a computer and have a digital jukebox / video player, and whatever other shenanigans we can think up.
The next day I got to play with my Arduino and a GPS receiver and we pulled our location, the current time, and some other interesting stuff. We also spent some time playing with the accelerometers in a Wii numchuck. When he showed me some hardware which would bridge XBees to computer networks, I felt like I just had to put my Arduino to some good use. I started thinking of the number of inputs I'd need to run the vending machine and quickly determined that I couldn't do it with my model, but the Arduino Mega would be able to handle it with its 54 digital I/O ports.
So I started working on the basic stuff with my Arduino just handling 2 buttons and 2 chutes, inserting dollars/quarters/dimes/nickels, and the change release. I'm up to the point where I can keep track of how much money has been inserted and can calculate how many of each coin to give back in change. I can detect when a chute is sold out, and it would print a message on the LCD (if I had an LCD here). The code to print a message on the LCD when they need to put in more money is also done.
Things to do:
1.) Make each button map to one or more chutes. Currently, it's a 1 to 1 mapping.
2.) Dig into the vending machine and see how each part interfaces with one another. Mainly how dollar bill acceptor sends out messages, what signals need to be sent to get the servos/motors which do the vending to vend, how the coin release detects which coins are inserted (serial, just a switch which is momentarially pressed when the coin drops, or something else), how it knows what change it has to give out.
3.) Detect when it doesn't have enough coins to give back change. When this happens it should require that exact change is used and reject any attempt to put in dollar bills.
4.) Get an LCD (or take the one out of the machine) and use it while testing.
Once I get the vending basics down, it'll be on to the fun stuff... wireless communication, RFID fun, digital camera, LED lighting with different patterns, games like "Simon" for people to play (complete with high scores which last until the machine loses power), maybe insert a computer and have a digital jukebox / video player, and whatever other shenanigans we can think up.
Saturday, September 5, 2009
A few days ago I found out about Apache Thrift, which allows one to combine projects of many programming languages and make sure they interact with as little effort as possible. Information about this seems to be pretty scarce, but the example on their website shows how to create a service in C++ and then call it via Python. So it seems that this is similar to a SOAP framework, at least with this example. It seems like it could be an interesting technology. I'm not sure how I'd use it, or if I even have any use for it for that matter, but it's on my long list of cool programs that I should check out sometime. But right now watching "Clue" sounds like it'll be more fun. Ciao
Monday, August 24, 2009
Stressed out to the max
Today I got a prank call which had me frazzled all day long. I wasn't really mad at whomever called me, though I do wish they would have said "sorry wrong number" or something instead of just hanging up in my face. Even so, it shouldn't be that big of a deal, but it just bugged me all day long and disrupted my thoughts of encryption and parsing data with regular expressions. I attribute this to stress.
I have been on edge lately. Work hasn't been particularly stressful lately, but being that I work in the financial sector and the economy is in the tank, in makes me nervous. It's just been a comedy (or tragedy) of errors.
About a week ago I ran out of fuel on my motorcycle when I didn't have my cellphone with me. Of course I don't have anyone's number memorized who could pick me up, so the call box didn't help much.
I spilled fuel all over and accomplished nothing positive one day while working on it. A couple days later I replaced the fuel line, getting gasoline in my eye. Then the following day I got stranded on the way to work.
I've been paying more in rent lately, which is taxing. I get by, but getting a utility bill for $889 for one month isn't helping. I've been arguing with them and trying to get that reduced for several weeks. I almost got evicted for having some weeds in the yard. I think all these little things which have been adding up.
So it's time to take a few days to relax. In a way, I want to forget about these things of the past and move on. But that hasn't seemed to be working out for me so far. Furthermore it doesn't solve the issues afoot. Nonetheless, I still plan on doing nothing productive in my free time. I think I'll hit the beach, probably the dog beach in HB, the port for some industrial scenery and then something on the West coast. That should be relaxing since there won't be any time schedules, nothing which needs to be done, and I can just reminisce about the good ol' days. But for now, it's time to go to bed early because I'm exhausted.
I have been on edge lately. Work hasn't been particularly stressful lately, but being that I work in the financial sector and the economy is in the tank, in makes me nervous. It's just been a comedy (or tragedy) of errors.
About a week ago I ran out of fuel on my motorcycle when I didn't have my cellphone with me. Of course I don't have anyone's number memorized who could pick me up, so the call box didn't help much.
I spilled fuel all over and accomplished nothing positive one day while working on it. A couple days later I replaced the fuel line, getting gasoline in my eye. Then the following day I got stranded on the way to work.
I've been paying more in rent lately, which is taxing. I get by, but getting a utility bill for $889 for one month isn't helping. I've been arguing with them and trying to get that reduced for several weeks. I almost got evicted for having some weeds in the yard. I think all these little things which have been adding up.
So it's time to take a few days to relax. In a way, I want to forget about these things of the past and move on. But that hasn't seemed to be working out for me so far. Furthermore it doesn't solve the issues afoot. Nonetheless, I still plan on doing nothing productive in my free time. I think I'll hit the beach, probably the dog beach in HB, the port for some industrial scenery and then something on the West coast. That should be relaxing since there won't be any time schedules, nothing which needs to be done, and I can just reminisce about the good ol' days. But for now, it's time to go to bed early because I'm exhausted.
Tuesday, August 18, 2009
Post-Defcon post
We all survived Defcon. In my opinion it's getting more and more tame as it grows, which is only logical. A few people might be able to get away with some shenanigans, but when there are many thousands of us... It's still fun though.
My ZX-7R is finally in a reasonable condition. Once that happened it instantly became my daily driver. The fuel line was leaking for the past couple days, but I just fixed that a little bit ago. After I tune the carbs, it should be running smoothly. Then it's just a matter of replacing the clutch lever, rebuilding the petcock, and some other little things like that. I'll be glad when all that's done so it's stop sucking down my money.
My corporation is offically underway and a flood of mail is comming in about taxes and paperwork which needs to be filed, and things of that nature. I plan on finishing up the business plan over the next week and then things should really get rolling.
My ZX-7R is finally in a reasonable condition. Once that happened it instantly became my daily driver. The fuel line was leaking for the past couple days, but I just fixed that a little bit ago. After I tune the carbs, it should be running smoothly. Then it's just a matter of replacing the clutch lever, rebuilding the petcock, and some other little things like that. I'll be glad when all that's done so it's stop sucking down my money.
My corporation is offically underway and a flood of mail is comming in about taxes and paperwork which needs to be filed, and things of that nature. I plan on finishing up the business plan over the next week and then things should really get rolling.
Saturday, July 25, 2009
Successful test vend
We just loaded up a column and dispensed it all. None of them broke in my face, jammed, or did anything else bad. We now officially win at hacking vending machines.
The Brawndinator
We now have a black front which we tagged with a very large instance of our logo. We've had successful test vends of both 12 and 16 ounce cans and we're about to put the innards back together. The front will get a clear coat for protection and because we like shiny things. Once that is done (later tonight) we'll put the front on, take some pictures and call it a night.
Wednesday, July 22, 2009
Defcon Preperations
So we now have planned out transportation of people and items; we have one of the hosts set up running 2 contest VMs, 1 shared VM and the scorekeeper. There are officially 4 services installed, working and being monitored by the scorekeeper. On top of that, we actually have teams registered to play. So I'd say we're doing much better than a week ago.
If things go to plan we'll have 3 more services installed, working and being monitored by the scorekeeper by Friday. Once I secure another hard drive which I can do whatever I want with, I can set up another host and keep cranking out and hosting VMs. The network setup is scheduled for this weekend. Even if the gear fails to show up at my house, I plan on switching subnets around and making sure that it'll just be a matter of physically plugging in the CAT6 cables. I have some unmanaged switches here which will work fine for testing.
The contest is coming together as well as I expected, but not as well as I had hoped. This is typical; at any rate, we'll make it. We always do.
If things go to plan we'll have 3 more services installed, working and being monitored by the scorekeeper by Friday. Once I secure another hard drive which I can do whatever I want with, I can set up another host and keep cranking out and hosting VMs. The network setup is scheduled for this weekend. Even if the gear fails to show up at my house, I plan on switching subnets around and making sure that it'll just be a matter of physically plugging in the CAT6 cables. I have some unmanaged switches here which will work fine for testing.
The contest is coming together as well as I expected, but not as well as I had hoped. This is typical; at any rate, we'll make it. We always do.
Subscribe to:
Posts (Atom)