More talks I caught at ShmooCon last weekend:

• Extend your Code into the Real World: This was an intro to tinkering with electronics. The presenter had about enough time to explain why hardware hacking is cool, tell us some good places to buy components, demonstrate how to remove the 180-degree-limiting stop from a hobby servo, and explain how to wire four switches in an H formation to facilitate running a servo backwards or forwards. He mentioned he'd gotten his hands on a .NET CPU. What most caught the audience's attention was the parade of web-server-on-a-chip devices he pulled out, especially the tiny Lantronix XPort.
  
  
• My Company's Trade Secrets: I wasn't totally paying attention during this talk, which included a demo of Mumsie (Malicious URL Monitor and Snort Injection Engine).
  
  
• The Church of WiFi presents: A Hacker in Iraq: This was a standing-room-only talk. The presenter was an active-duty U.S. Navy officer who shared what he could about efforts to counter improvised explosive devices. Both he and the audience were really hankering to create some way for the hacker community to help this effort, but military is not eager to share information.
  
  
• Wireless (and Wired) Networks @ Security Cons: The part of the discussion that I remember from this talk was about working with venue staff to set up a conference network.
  
  
• Hacking Disposable Digital Cameras: I was already vaguely aware of what could be done with disposable digital cameras from some Make blog entries I'd skimmed. It isn't quite as straightforward as I'd imagined, though; it took considerable analysis for the presenter and his cohort to build a working interface to Pure Digital's line of disposable still and video cameras, and a low-level sort of arms race has developed between manufacturer and hackers when it comes to the interface in successive product generations. Some potential uses for a super-cheap digital camera would be taking pictures from a model rocket or kite.
  
  
• VOIP, Vonage, and Why I Hate Asterisk: I didn't catch the first part of this presentation, so I don't know what's wrong with Asterisk, but since I now use VoIP at work and at home, I have at least a user-side interest in this stuff. PSKL showed off their SIPinator software, "an automated ARP spoof and dump against SIP/RTP Devices". Any home network that carries VoIP traffic and includes an unsecure wireless network is vulnerable to eavesdropping, and the SIPinator just automates that. You can secure your wireless network so you're not vulnerable on your end, but do you trust the networks of everyone you talk to? The presenters suggest telling your VoIP provider you want Secure RTP. Also, they made a cute video ad for ShmooCon.
  
  
• RFIDiots: Adam Laurie is a thoroughly entertaining presenter. RFID isn't an inherently unsecurable technology, but you could be forgiven for assuming so given how incompetently it has been implemented. Laurie demonstrated how easy it is to clone RFID tags—not just the simple ones that transmit an identifier but also the ones that follow a challenge-response protocol and which we'd hope would be more secure, like the ones in new passports and car keys. In the keynote address on Friday evening, Avi Rubin had already showed us some work his grad students had done two years ago in breaking the ExxonMobil SpeedPass's encryption algorithm and thus demonstrating that RFID device's vulnerability to cloning by anyone who brushes past you. Now I'm interested in exploring how the SmarTrip card works.
  
  
• Assess the Security of Your Online Bank (Without Going to Jail): This was a rather disappointing talk because it was so elementary. It was solid advice, but the technical level was just too low.
  

Outside of the scheduled presentations, I visited TOOOL's lockpick village to learn a little and acquire a few (legal!) tools. Although I'd normally hope otherwise, I'm sure I've got plenty of unsophisticated locks at home to explore, a few of them not even attached to a door.

Going into the conference, I only knew thewronghands and fireba11, but by glomming onto their social networks I met some very nice, very interesting people, notably ovrclokd and granting. After dinner at Roha with a contingent that took up half the restaurant, we wandered Adams Morgan and stopped for tea and conversation at Tryst. I was so happy to have a social alternative to the con's official cramped, beer-soaked bar party. Wandering back around to DuPont Circle, we landed at Kramer's, another treasure of a place I'd never visited before, and if it wasn't already 1 a.m. I could have been sucked in for hours.

Are any of you readers going to LISA ‘06 (in Washington, D.C., December 3–8, 2006)? What caught my eye about it is that DJ Byrne from JPL will be giving an invited talk entitled “Open Source Software and Its Role in Space Exploration” there. I’d like to go hear that talk, which is scheduled for 4-5:30 p.m. on Wednesday, 6 December, but I'm not sure how I might swing that as far as conference registration goes—even a one-day tech session pass is rather expensive. Here’s the description of the talk from the conference web site:

Open source developers and NASA have a lot in common. Both are dedicated to expanding the pool of information floating freely through society. Both are focused on the cutting edge, creating new tools and capabilities. Open source software explores our solar system and observes the universe. For example, software on and around Mars today was built with gcc out of a CVS repository stored in AFS, using Kerberos authentication.

At NASA’s Jet Propulsion Laboratory, DJ is privileged to be writing flight software for the 2009 Mars rover’s landing radar. He has written ground system software for Voyager, Galileo, Magellan, and other missions. He’s been a System Administrator for several projects and sections on a variety of operating systems. He’s been JPL’s kerberos admin (10,000 principals), AFS administrator (200 users), public-domain tool builder (set of ~700 for 3 platforms), a Knowledge Management System Engineer, and postmaster (~3000 mailboxes).

I've made my first contribution to an open source software project, at long last! I've joined the team developing FeedOnFeeds-Redux, an unwieldily-named fork of the server-side feed aggregator FeedOnFeeds, which I've been using for a while. It's not kernel hacking, but it's a start. Attributes that make it a good fit for me are its relatively small codebase; plenty of opportunities for bug fixes and new features; small, active community of developers; my familiarity with how it works; the ease of testing changes on a web platform; and my familiarity with the language it's written in, PHP.

(I don't say this is my first contribution to the open source software community, as I've been involved with LinuxChix for years.)

Why should you use this aggregator instead of, say, Google Reader? ( Read more... )