Skip navigation

This is a post to all of my family in the hacker community.  But it is not about hackers nor is it about hacking.

Rather, this post is inspired by the illustrious and erudite Maggie McNeill, who on Friday the 13th made her customary statement regarding allies & the need to speak out for those whose voices deserve amplification.  She describes this day, whenever it falls on the calendar, as “the day I ask people who aren’t themselves sex workers to stand up for us.”

You may find it remarkable that someone in the industry would make such a statement.  Perhaps you are even surprised that this woman would publicly identify as a courtesan, as opposed to “shamefully” keeping this part of her life cloaked in mystery and secrecy.  Allow me to (hopefully) open a few minds.  The hacker community should not feel significant surprise were I to reveal to you that — shocker — an often-misunderstood subculture existing “outside” of many of society’s norms is frequently the subject of unnecessary and undeserved scorn and criticism.

 

“A hacker convention?!?” the old fellow gasped, ostensibly to his elderly wife but also loud enough so that everyone else in the elevator could hear him. “What’s next?  Will this hotel hold an ax-murderer convention soon??”  This is a story related by Thorn, an old friend of mine who attended the earliest ShmooCon conferences with us.  In the elevator of the Wardman Park Marriott in Washington, DC, he was answering a little old couple’s query as to why so many individuals with unconventional attire and particularly strident-colored hair were present in one of our the most posh and upstanding hotels within our nation’s capital.  Upon his frank and uncompromising answer, “we’re all here for the hacker convention,” the two looked appalled.  Their comment, delivered perhaps somewhat in jest but clearly rooted in skepticism and fear, made it clear that they had been fed a steady diet of fear and contempt by the mass media when it came to hackers.  Naturally, one would presume that they had never (knowingly) befriended or even spoken to one.

I do not know what transpired after that, but presumably the old couple made haste to their room and possibly searched for diversion (or even alternate accommodation) elsewhere in the city… which is a shame, given that they would have had the perfect opportunity to speak with and even start to understand some real, non-scary hackers if they had just sat in the hotel bar and met others from the conference.

 

Sex workers face many of the same stigmas that hackers do.  In addition to being misunderstood by the general public so often that they may choose to not even self-identify publicly unless they are in “safe” environments and surrounded by their own kind, the mainstream portrayal of such groups of people is riddled with the most ostentatious and over-blown stereotypes.  Don’t believe me?  Point your internet tube at just a few google image searches.

If we search for the word “hacker” what are we going to see for the results?

That’s right.  Black hoodies and balaclavas everywhere.  The stock image sites are among the worst offenders, as always.  But that’s what editors (and, by extension, their readership) sees in their mind when they hear the word “hacker.”  By and large, we are seen as scary, malicious, and out to cause mayhem.

Let’s try a google image search for “prostitute” now (forgive the use of a vulgar and deprecated term… but you’ll see where I’m going with this in a moment.)

Is it much of a surprise to anyone that the trope of the “at-risk street walker” is far-and-away the most returned image?  (Again, most notably, by the stock image photo sites.)

I put it to you that the “prostitutes” in these photos are no more representative of the sex work population than the “hackers” in the earlier images are of our own community.  For a taste of balance and a bit more realism, what happens if we were to put our thumb on the scale and tilt Google’s results more in the realm of actual human beings?

For instance, how about a search for “hacker space”…

In addition to showing some cool project workbenches, this search query actually shows what real hackers look like.  That is to say, they are just typical people (although often with above-average intelligence, which many times manifests itself as a lack of desire to play by the rules or be bound into systems that are artificially limiting or oppressive.)

Instead of a loaded term like “prostitute” or “hooker” let’s look at the google image results for “sex worker”…

And now yet again, we see a much more realistic representation of this population.  While we still sometimes see the “red light district” style of imagery, many of these results are much more human in their representation.  These aren’t caricatures or two-dimensional abstracts… these are real, genuine people.  They are concerned with the happiness and safety of others, as well as of themselves.

 

And that is where the real parallel in this narrative lives, my friends.

How many hackers bemoan the news when a legislator (who has no literacy in technology) proposes legislation to weaken encryption or allow censorship on the internet?  How many times do we pull our hair out while discussing the latest scare tactics used by police or Congress as they demonize our community and push for tighter regulation and stiffer penalties?  The CFAA, the DMCA, the Wassenaar controls… all of these were written by outsiders who feared our community but don’t know the first thing about our community.

Sex workers face the exact same uphill battle.

How many of you have heard about new technologies (or even new groups of cyber-experts in our own industry) designed to fight the “growing scourge of human trafficking” or something similar?  There are no shortage of politicians lining up to get in front of news cameras as they decry a vaguely-defined problem, offer no hard evidence, and then propose silver-bullet solutions that will deeply impact an entire community without ever actually speaking to that community.

 

Hackers and sex workers are equally and simultaneously victims of respectability politics on the part of our legislators.  It’s a tired but reliable formula that delivers votes at the ballot box and tax dollars to law enforcement efforts…

  1. Choose a marginalized group of “outsiders” who already have a stigma in the minds of the general public (see our google searches earlier)
  2. Whip up public panic using sensationalist headlines and pearl-clutching testimony by well-dressed politicos
  3. Exclaim loudly that “if only people cared enough about the future we’re building for our children” things could be different
  4. Propose new laws.  NOTE – new legislation will always tighten a noose, it is never acceptable to reduce government power or regulation
  5. Decry and shout-down any detractors as criminals and a “bad influence”
  6. If detractors are well-read, highly-published academics who are part of the very group being targeted by new laws, smear them as no better than their worst hardened criminal peers with no redeeming qualities.  If they still do not remain silent, target them for arrest or harassment within the corridors of any “legitimate” vocation they may have
  7. Pass new laws that make the broader public nod their heads in silent (and mildly disinterested) assent
  8. No matter what the new laws were ostensibly supposed to accomplish… crack down on the young, on the poor, and on minorities… like always
  9. Trot out the occasional “major victory” by law enforcement.  The actual community of experts will decry among themselves how such “victories” accomplish nothing (and often are smoke-and-mirror cases with no merit or factual basis at all) but the general public will remark in a vague sort of way “oh yeah, i saw something on the evening news about that major bust the cops did a few months back” when the topic comes up at Thanksgiving.

 

The next time someone tells you that they have “heard about a new project to help curb human trafficking” I would like you to imagine that, instead, they have just told you about a “new government encryption key escrow that will help us fight terrorism.”  Our response should always be to ask the following questions…

  1. How many actual experts in the industry have you consulted with when developing this new framework or policy (yes, that means talking to actual, real, live hackers or sex workers!)
  2. What did these experts say?  (Seek out broad community opinion, as opposed to cherry-picked, press-ready statements by individual lapdogs.  What are their Twitter or Facebook groups saying and posting and re-tweeting?  What does an account like @EFF or @DEFCON or @mattblaze… or @SWOPUSA or @belledejour_uk or @whoresofyore have to say about it?)
  3. What specific, measurable result is such a proposal allegedly trying to achieve?  If it can be proven that this result will not be attained or if is later demonstrated that new laws or policies are not achieving the goal, will the proponents rescind their support?  If not, why not?

 

Respectability politics is what undermines the safety and indeed even the legitimacy of marginalized groups.  Mitch McConnell may be comfortable wearing little nerd glasses and likes to portray himself as a policy wonk, but he would never speak in the Senate quoting facts from “known hackers.”  Kamala Harris wants to be seen as a voice for women in leadership, but she would never deign to sully her pearl necklace and pants suit by appearing in a photograph next to a “known sex worker” offering up testimony about harm reduction.

And every one of us who plays into the mainstream narrative when the topic turns to “underground” communities gives these people their power.  Scoffing at the new hire at your firm who “dresses like a goth” even though your network has never been safer or running more smoothly… or telling friends and relatives that you loved your recent trip to Amsterdam “but assuredly we didn’t hang out in the red light district” to keep up appearances at the dinner table… all of these and so many other little stabs are harmful in myriad ways.  And often they are some of the worst examples of punching down that you can do.

 

Instead of that, I invite you all to extend a hand to those whom you do not understand.  If you’re going to swing a punch, aim up and rattle those in the corridors of power who want your fear and your applause when they grandstand and moralize.  Most of all, offer plenty of social and political cover to your peers and your friends… if they tell you that they attended a “hacker con” over the weekend, don’t shush them in front of the boss or try to characterize it as an “information security conference” instead.  Ask how they found this event; ask what they learned.  If a relative tells you they are friends with a sex worker (or, hell, even if they discuss having hired a sex worker) do not look away awkwardly or change the subject… ask them about their new friend.  Ask how they met; ask what they’re like.  Beneath all the hyperbole and stereotyping, people are all people… genuine, human people.

 

“Well our company would never hire a hacker,” says a clueless tech executive… unaware that they likely already have.  Think of that ignorant statement the next time you hear someone say, “well, I would never sleep with a hooker.”  Heh, chances are — if they have a typical, healthy sex life — they already have at some point and just didn’t know it.

Of course if people want to parse words they will explain that what they really are trying to signal is that they’ve “never paid for sex” and therefore they are morally superior.  Spoiler alert: everybody pays for sex.  Sometimes folk simply choose to know exactly how much they’re paying, and opt to do so up front.

You think no employee your SOC has ever developed exploit code or utilized a rootkit when testing the security of your network to make you safer? Heh, whatever helps you sleep at night.

I am friends with many sex workers, just as I am friends with many hackers.  Many have broken laws.  Virtually none of them would ever wish harm upon others.  All of them want to simply live their lives.  Help them.  Help by listening, by sticking up for them, hell… by hiring them!

Most of all, the next time someone has a very unhealthy and wrong-headed notion of what is means to be a hacker or to be a sex worker, push back against that.  Ride the elevator a few extra floors, don’t change the dinner table subject to the NFL right away… politely but firmly, ask if the speaker actually personally knows any of these individuals about whom they have formed such opinions.

If they don’t, encourage them to change that.  And if you yourself don’t, let changing that be your first step.

A twitter discussion the other day sprang up when I started asking folk about wallets.  Specifically, I didn’t like how every wallet I’ve ever owned has stacked ALL of my cards and other personal effects on top of one another.  My current wallet — which contains a credit card, a Costco card, a transit card, my license, my safe technician ID, my medical insurance card, and some other small effects — had become uncomfortable and it was time for a change.

I took out my little aprox-o-meters and actually measured it.  It comes to just over 28mm (over 1″) in thickness.  That’s a lot of displacement for one ass cheek.

Hence the discussion online, wherein I asked, “why isn’t there a wallet out there which will arrange card slots in a 2×2 formation when it’s open, so that ultimately when you close it and have it in your pocket, it’s considerably thinner!?

I wanted to find a wallet something like this, which I quickly photoshopped to make my point…

 

Well, lo and behold, the good lord internet doth provide.  A number of people suggested some offerings (and once I started my amazon searches, other similar products began appearing as suggested results, as well.)  I ordered basically all of them, with an eye to checking them out, seeing what I liked, and returning all the others.

Here are the results…

 

The Big Skinny Leather Hipster Wallet

Despite having the word “hipster” in the name, I gave this one a shot.  I like that the card configuration is just as I was expecting.  It also features a divided back pouch (the bill area) so that I can continue to organize multiple currencies like I usually do.  (I’m OCONUS so often and it really helps to keep my USD separated from whatever local currency I’m carrying.)  In addition to the four visible pockets (which are just four pockets… no extra slots or organizing dividers there) there is a little more room beneath the “right” side card pockets which I can use for photos or other items slightly larger than a credit card.

This wallet is 4.5mm thick when empty.

 

The SlimFold Softshell Wallet

This one isn’t leather, but I was willing to check it out.  It also has a rather unique “long” layout of the cards in a 4×1 pattern when the wallet is open. That can help accommodate some larger pieces of paper like airline and train boarding passes.  Ultimately, while I did think the material was cool (and awesomely breathable!) this wallet shot itself in the foot VERY badly by including thick, solid, clear plastic inside of its construction.  Not just for the “viewing window” but throughout the ENTIRE back of the wallet.  I suppose this was to give it some kind of structure and rigidity… but you know what ELSE does that for a wallet?  All of the stuff you put into it.  I can’t imagine someone honestly thought, “hey, without a big hunk of plastic running through this whole thing, the entire wallet might just crumple up and blow away like dried leaves!” The double-slot organizers were nice, but ultimately because of the ridiculously unnecessary plastic in the back, the wallet was effectively no thinner than the Big Skinny.

This wallet is 4.49mm thick when empty.

 

The Slim Original by Allet

This wallet also has construction using modern synthetic fabrics, but it has a leather exterior.  By using two materials, you’d think it would have the best of both worlds… but somehow this model manages to be thicker than the ones preceding.  I do like the construction very much, but its features were a little bit lacking to me.  The internal pockets felt very “slippery” and I could imagine losing cards or photos easily when flipping this open.  No pocket has a viewing window… not a deal breaking feature for me (I don’t keep my license visible anyway.  I use the viewing style windows for a photo of Tarah and I) but it might matter to some folk.  This wallet does have the divided bill area (part of what makes it thicker up top) but it lacks the large “extra” pocket in the main area that the Big Skinny has.  For all those reasons, it comes up a little short for me.

This wallet was, surprisingly, 7.32mm thick when empty.

 

The Marhsal Large Hipster Bifold Credit Card ID Men’s Wallet

Phew.  The only thing larger than this monster’s name is the thickness of the wallet itself.  I am not entirely sure why I added this one to my order beyond the fact that Amazon Prime has free returns on basically anything under the sun.  This wallet is a beast.  I shouldn’t really bag on it too much, honestly.  If you really like displaying many cards in a way that they are all individually visible, then the Marhsal maybe for you.  It has all of the other features I wanted, like a divided bill area and an extra “more versatile” pocket on the right side when it’s open.  The construction is nice enough (frankly, the leather and construction quality on ALL of the wallets here were rather nice… but the Big Skinny and the Allet really were a cut above) and it featured a built-in viewing pocket for a photo.  Still, at just a blond hair shy of 13½mm, this wasn’t what I was seeking.

This wallet was 13.48mm thick when empty.

 

In the end, I opted to try out the Big Skinny.  I took all my cards, IDs, cash, and utilities (I have a small custom insert that houses a spare key, a tiny USB drive, some locks tools, a Husky Head, and more) and put them in.  Everything found its place.  Even the tiny pocket floss packets and small set of Forever Stamps which are always with me could tuck in.  Some cut but unfolded padlock shims were added.  The photo of Tarah and I on our first real date was affixed on the inside with adhesive (no pocket needed).

After all that, the Big Skinny wallet was only 12.52mm thick.

That’s a reduction to under half of my original wallet’s size.  Hell, this wallet while fully loaded is even thinner than at least one of the others I was considering while that one was emtpy.  I still have one candidate on the way from amazon, as it turns out.  The Ultra Slim Original Wallet is due to arrive tomorrow, but I think I will likely just send it back.  The Big Skinny appears at first glance to be a real winner.

While I still can’t quite stomach owning a product with the word “hipster” in the name, the results appear to be satisfying enough that I’ll learn to live with it.  But I’m not going to start eating avocado toast.

Oklahoma Has Passed A Bill That Requires Women To Get Written Permission From A Man To Get An Abortion” read the headline.

As reported in various news media last week, The House Public Health Committee voted 5-2 in favor of a bill by Rep. Justin Humphrey that would require women to get written permission from the father of the child before a pregnancy could be terminated, despite objections from opponents that the measure is patently unconstitutional.

In reaction to this, on Twitter I remarked

Everyone who claims to fear “Sharia law” in the US but who supports this is an asinine hypocritical bastard.

The comment got some likes and RTs, and resulted in some conversation with like-minded associates.  But one fellow, Ian Hayes, took a more measured approach and wanted to tease out some of the subtlety of the matter.  He asked

Not a fan of anti-abortion law, but prior to this what voice did the father have in whether to abort or not?

When others explained that prior to this, no one else was ever required for consultation on such matters, he then followed up asking

So a more accurate version of this pearl-clutchy headline would change “a man” to “the father”, yes?

I will grant that the article’s wording in the headline could be construed as slightly sensationalist.  (I do not believe that Ian’s attempt to point this out was in the service of any views he might hold that put him greatly at odds with women’s rights supporters.  I’ll let him speak for himself, but by all initial appearances, Ian is one who appreciates measured discussion and wanted to unpack an idea, even on a firey topic.)  However, even if the headline was worded to be attention-grabbing, I thought that there was an important point to make here about whose place it is to have a say in these matters.  I responded

Most of us on this side of the debate do not make a distinction. Actually, going to write a quick blog post.

So here we are.  🙂

 

Allow me to open up with a rather unequivocal and direct statement summarizing my personal views on the matter, as far as the law is concerned:

I believe that in matters of reproductive health, as with all other matters pertaining to women’s health, the only party with whom ultimate authority should rest for all decisions is the woman herself.  In consult with her doctor(s) preferably (to which I hope she has adequate, affordable access) and with informed input from other close associates and sources of factual medical advice… but, ultimately, it is my belief that anyone’s personal life decisions should be theirs and theirs alone under the law.  Others with a vested stake or strong connection to her life may have a voice (in healthy interpersonal relationships, considering the feelings and thoughts and advice of others close to you is certainly not a bad thing) but that voice shouldn’t carry any legally-binding weight.  I believe that each one of us — and this goes for people of any gender, not just women — is the ultimate and final authority over what happens to our bodies.

Let’s examine a quote that has circulated quite a bit in the coverage of this law…

And you know when you enter into a relationship you’re going to be that host and so, you know … take all precautions and don’t get pregnant. … After you’re irresponsible then don’t claim, “well, I can just go and do this with another body,” when you’re the host and you invited that in.

This statement comes from Oklahoma State Rep. Justin Humphrey (who few folk will be surprised to learn was a career corrections officer before this, served as head of the FoP, is a drug prohibition crusader, and wears a bolo tie and ten-gallon hat when conducting business at the State Capitol) and it’s as repugnant on its face as your initial gut reaction tells you it is.  Women are not “hosts” and it’s infantilizing to finger-wag and scold them with language laden with terms like “irresponsible” etc etc.  However, even if we were to afford SR Humphrey a measure of charity to which he is barely entitled here and sanitize his language to something more professional and less blundering, I would still claim that this quote exposes a strong double-standard tilted squarely against women…

You know when you enter into an intimate relationship that the possibility exists that you may become pregnant.. … Whether by not practicing safer sex or by failure of birth control, let’s say you get pregnant… I don’t feel you can then just claim, “I want to make my own reproductive choices now [without consulting anyone else, such as the biological father],” when you’re the one who knew this was a possibility at the onset.

Again, for the more low-IQ readers out there or those who are determined to twist the words of other people, let me state that the above is nowhere close to my own views on the matter.  (See well above where I outlined those, and they haven’t changed in the past few paragraphs.)  I am merely adding a more professional polish to the original turd that was Humphrey’s argument.

Let’s take that argument, however, and flip it around.  SR Humphrey wants men to be consulted before any reproductive health care measures can be selected by pregnant women.  He views the matter as not entirely under the women’s field of authority because “they should have known that this might happen” when they first entered the relationship (or whatever form the sexual encounter was).

Pray tell me, then, Mr. Representative, how you would feel about men who knock people up and then demand standing in the subsequent decision-making process being lectured as follows…

You knew when you chose to engage in sex that there was a possibility of one of your little swimmers finding an egg at the end of the day. … Whether or not you were trying to make a baby, it sometimes will happen… I don’t feel you can then just claim, “I want a child!” (or, conversely, “I don’t want to be a father!”) and expect the partner whom you impregnated to go along with that decision.  You knew this was a possibility at the onset and still you chose to shoot between wind and water before you had known what the decisions of your partner might be should a pregnancy arise.

Ultimately, I think this argument makes far greater sense.  At least to me.  It is the man who is intruding into someone else’s life and space and field of existence, both in matters of intercourse as well as (more particularly) in matters of pregnancy.  And while pregnancies can take couples by surprise, the mechanism by which fetuses develop and are born is not a mystery.  Whether or not you were planning on a pregnancy, it’s no shock who is going to bare said pregnancy.  With that bit of information already well-established before anyone orders their third bourbon or exchanges hotel room keys, it should come as no surprise (in my view) that any unforseen baby is going to be on the lady’s turf.

It is the fellow who must accept the fact that he chose to get involved in someone else’s body.  Flipping Humphrey’s words around, I claim that no man can come around later and say, “Wait, wait, wait, this isn’t what I signed up for!”  No, it’s exactly what you signed up for:  to engage in some activities that would have uncertain outcomes for which you may or may not have to bear indeterminate future responsibility depending upon a set of decisions that are going to be made by someone wholly other than yourself.  If ceding all this authority to a woman sounds too risky for you, then for fuck’s sake keep your meat log out of the honey jar.

 

I have had a lot of sex in my life.  Much of it has been relatively safe sex.  And some of it has not been.  However, in all instances, I went in with eyes open (OK, sometimes slightly blearily open) to the following absolute truths…

  1. The person I was with knew I didn’t want to get them pregnant
  2. The person I was knew that she did not want to get pregnant
  3. Should something unforeseen occur, we had already discussed that we were had no intention of seeing a pregnancy come to term
  4. Ultimately, if we had to cross that bridge, despite having talked about it beforehand, the ultimate authority would rest with her

… that’s my personal definition of responsible sexual practices.

In my ideal world, no sexual decision is one-sided (unless you’re talking about sex with yourself, which is the safest of all.)  In my ideal world, both (or “all” depending on circumstance) individuals directly involved would know each others’ intentions well in advance of any deeply intimate encounters and would not have resorted to any deception or ruse in an effort to advance the course of intimacy.  In my ideal world, unforeseen pregnancies may be momentarily distressing but their outcomes shouldn’t come as a shock to the parties involved because they would have already been discussed and an understanding shared long before they arose.  And, yes, in my ideal world, despite often having a voice in the process, men would have absolutely zero authority over reproductive health decisions.

That goes for the men in the bedroom and the men in the statehouse.

There are a number of wonderful guides for getting the most out of attending the RSA security conference.  SpaceRogue and Violet Blue have written two that come to mind.  Here’s my take on the event thus far…

 

1. In keeping with all of my previous tradition, I am religiously avoiding the Moscone center with all of my might.  I haven’t been within 4 blocks of it this year.  That’s nothing in comparison to previous years, where I would travel to other cities or even other countries so as to celebrate being as far from the RSA conference as possible.  I’m not doing quite as well this year, having flown into the San Francisco for BSides, but I’m still earning my gold star and free pencil.

 

2. I started my morning walking around town, checking out the quaint trolleys and enjoying the city.  I don’t think I could ever live here (or anywhere in California, your nutty politics are a bridge too far) but it’s wonderful to have an excuse to visit.

 

3. I basked in the lovely weather.  I sat in a city park and got stoned.  Then I bought far too many hot dogs from a local vendor.  Even while elevated, I managed to remain as low-carb as possible… enjoying only one of these bread-borne encased meat logs.  The rest went to local transients who always have the best stories and are interesting conversationalists.

 

4. I wandered back to the hotel, then prepared some steaks for in-room sous vide cooking.  With the meat and veg coming to temperature in the hot pot, I soaked in the hot tub.

 

5. The steaks and the such are close to ready.  While the rest of you are up to your eyeballs in bright colors, badly-suited hairdos fluent in douche-speak, and Cyber Cyber Cyber, i’m in a heavenly bed staying still enough to not tip over my wine glass while watching a downloaded episode of Murder She Wrote.

 

I think I’ve got this whole RSA thing on fucking lock.

 

I’ll see all of you over drinks and such in the evenings.  Friends and camaraderie… that’s what this event (or any big-dollar con, frankly) should be about.  If you can master that part, you’ll do just fine.

 

 

I was invited some time ago to dine at “churrascaria” by an associate.  I put the term in quotes because it is often mis-applied, or at the very least misunderstood.  So let me begin with a clarification for those who have heard two related, but distinct, restaurant terms muddled in the past…

Churrascaria – a “churrasqueira” is a style of BBQ grill used in the preparation of food (typically meats and other proteins) in South America… particularly in southern Brazil, which has a vibrant and venerable ranching culture.  A churrascaria is an eatery that caters to serving this style of meat.  In high-tone establishments of this nature, such as Fogo de Chão, the service is often performed by wait staff who dress in an homage to the “gaucho” rancher folk of southern Brasil.  That service, in an of itself however, is not requiste for an eatery to be a churrascaria.  See below…

Rodízio – when “gaucho” waiters proceed about an establishment offering meat (typically presented and served by means of swords) this is “rodízio” style dining.  Typically offered in an all-you-can eat fashion (many rodízio establishments utilize small cards with red and green opposing sides so that diners can indicate if they are ready for an additional helping) this is often what most consumers are thinking about when someone suggests dining at a “churrascaria.”

So, in a nutshell… churrascaria is a style of food preparation, rodízio is a style of food service.

And, of course, some establishments (particularly outside of South America) are often both.  In the United States in particular, it’s sometimes difficult to find a “Brazilian grill” (a.k.a. churrascaria) that is not a sit-down affair serviced by gauchos.  It is possible, however.  For a more economical evening, many patrons like to enjoy churrascaria food prepared and offered up cafeteria-style.  The Picanha Brazilian Grill in Philadelphia is such an establishment… where patrons order and are served at a walk-up counter and they pay by the pound.  (A philly.com article by a food reviewer still managed to confuse the terms there, with the author referencing the smell of “rodízio” meat being prepared on skewers.  If said meat were not merely cooked on but were also served on those same skewers, table-side, then that would be a rodízio.  But that’s not the case at the Picanha Grill in the northeast region of the City of Brotherly Love.)

Fogo de Chão is both.  They cook Brazilian BBQ-grilled meats over a traditional field setup as would have been common in the pastures down south (“fogo de chão” literally means “fire on the floor”) … making them a churrascaria.  And then they serve this food by means of gaucho-style waiters who zip about offering said meat via the very same swords … making them also a rodízio establishment.

Fogo is not the only place out there that serves churrascaria meat in rodízio style.  But, I submit, they happen to be the best.  Thus we return to the above anecdote… wherein I was invited to a “churrascaria” by an associate.  I presumed (since we were in a big city) that it might have been Fogo de Chão, but I didn’t get my hopes 100% up.  I was right to be cautious.  We were slated to dine at Chima.

Chima is a fine enough place, but it is also an exemplar of the very typical problem in the restaurant world wherein establishments attempting to compete with Fogo de Chão miss the mark, often badly.  Pretenders to the crown, as it were, make the incorrect assumption that all Fogo patrons are seeking is south american meat served on swords.  After all, isn’t that what I was going on and on about above?  Well, yes and no.

Fogo de Chão is a churrascaria.  Fogo de Chão brings the food around rodízio-style.  But, and here’s the real kicker, Fogo de Chão is also a high-tone establishment with super stellar service.  You literally get a 4 or higher Zagat-rated experience across the board.  It is fine dining, not just a gimmick.

Allow me to relate some notes about our experience at Chima…

  • We were not handed enough menus when they first sat us.  Not like many folk are ordering odd one-off items at a rodízio, but come on… you know how many of us are present when you prepare to walk us to the table.
  • The servers were constantly interrupting us.  They would approach, see us in conversation, and immediately ask a question or prompt us for something.  If you’re a waiter at a fine-dining establishment, let me clue you in:  If you approach a table and no patrons look up at you, wait silently for a few seconds for them to stop talking.  Even if the conversation doesn’t cease, often the person nearest to you will lean aside to see what you need.  If no one acknowledges you after 5 to 10 seconds… walk away silently and return in a minute or two.  It’s not hard.
  • Almost every dish or side or salad choice was presented with an overly-complicated discussion that no one could possibly follow.  If an establishment can’t convey what a dish or option is in one or two sentences, it doesn’t belong on a menu.
  • We actually didn’t opt for all-you-can eat service.  It was lunch so we each ordered a basic dish.  Our protiens were, we found out later, still going to be served on swords.  A nice touch, but… after we had finished our salads, a pseduo-gaucho waiter brought one person’s entree meat (on a sword) and discovered there was nowhere to plate it.  No clean dish was on the table.  The waiter stood there frozen for a while (I can only hope he didn’t expect one of us to go back to the salad bar to get a clean plate) until something like a minute later he wandered off and found someone who could bring a plate.
  • The table and chairs were wobbly.  If you think a restaurant manager at a high-tone place doesn’t know exactly how comfortable the seating is, you’re mad.  No care was taken here.
  • There was a large “screen” in the middle of the restaurant, projecting various video clips.  I am aghast that anyone felt that a bit of decor suited to a sports bar belonged in a sit-down white-tablecloth eatery.
  • Waiters were constantly plating and clearing dishes from the wrong side of patrons.  No rhyme or reason.
  • One server tried to clear my friend’s espresso mug when he had left the table.  The server looked at me quizzically when I stopped him, asking, “oh, are you not done with that?”  I think he didn’t even understand the coffee wasn’t mine.
  • Ordering additional coffee was an ordeal, with repeated requests necessary to convey that someone who already had enjoyed a coffee would somehow still want an additional coffee.
  • In the end, because of various expense accounts across the whole assembled group, we asked to split the bill.  Now, some very high-tone places do not like this… but here at Chima it was an ordeal just to explain to the waitstaff what we wanted to do.
In the end, everyone’s food was decent.  We enjoyed one another’s company.  But it surely solidified in my mind that Fogo de Chão is in a league of their own when it comes to high-tone churrascaria food served in rodízio style.
Eat well, my friends.  🙂

A recent Twitter spree with noise, Heidi, and many others (most prominently, Rob Jorgensen, Shawnfish, and Jack Gavigan) has me wanting to share a few thoughts (and lots of photos) about preparation of delicious food.  Specifically, steak.

Now, Jack has already made this fine, famous video available and it covers some of the basics perfectly well.  In short: if you get a proper-quality meat, it doesn’t need much (if any) adulteration.  The first rule of cooking any fine food (especially good fish or good meat) is “do no harm” and that predominantly comes down to…

  • don’t over-season
  • don’t over-fire

 

For this reason, many of us in the above list now opt to sous-vide our steaks (and other protein) since it’s much harder (some would say, near-impossible… unless you’re a colossal assbutt) to over-cook and thus ruin great meat if you’re using a water immersion bath.  If you are not familiar with sous-vide cooking, this video conveys the key details pretty quickly.

Essentially, in conventional cooking, food is exposed to much higher temperatures (externally) than one needs.  In order to get a steak to 125°F internally, it’s over a fiery grill or on a hot stove at anywhere from 300° to 600° … if you don’t time things just right, you’re facing tragically over-cooked meat.  In sous-vide cooking, food is immersed in precision-heated water so that it reaches a target temperature without going over.  The food is placed in a sealed bag so that it’s not in direct contact with the water bath.  This allows the food to retain all its natural juices, vitamins, and flavors.  (Sous-vide prepared foods such as steak are finished in a hot pan for searing and generating a proper Maillard reaction, maximizing flavor)

Once only the domain of restaurants and high-class chefs (mostly due to the size and cost of immersion circulators) now home users can select from a number of very affordable and very easy-to-use sous-vide cookers.  Top among them are:

 

In addition to a sous-vide cooker, one wants a quality pan in which to finish (or, as you will see in a bit, sometimes prep) the meat in question.  While you can use almost any conventional large pan, it’s damn hard to beat cast iron.  Why?  This blog post summarizes it well…

Cast iron has a higher heat capacity than copper, so it takes more energy to heat a pound of cast iron to a given temperature than a pound of copper. More energy is stored in each pound of the cast iron. Aluminum has a higher heat capacity than iron (it stores more heat per pound) but is much less dense than iron. For a given volume, therefore, cast iron stores more heat than aluminum.

Because cast iron pans typically weigh much more and are thicker than the same size pan in another material, they tend to store more energy when heated. … A cast iron pan usually contains more thermal energy than other pans at the same temperature — a significant cooking advantage. Cast iron has unparalleled searing power because it has a lot of available thermal energy. …

Cast iron is slow to heat up, so it’s also slow to cool down. It is a good regulator. It retains its temperature longer than other materials and won’t produce temperature spikes.

So yeah… cast iron is hard as nails, has great volumetric heat capacity, and has utterly astonishing thermal emissivity (Stainless steel has an emissivity of around .07 while cast iron has an emissivity rating of something like .65) making it perfect for searing your meat.  One of the best (and most venerable) brands of cast iron is Lodge.  This terrific firm, located in America’s steel city of Pittsburgh, has been making cast iron for over a century and they are still the top name in the field, in my opinion.

Both sous-vide cookers and cast iron pans can all be bought on Amazon for as competitive a price as you’re likely to find anywhere.

 

A Handy Chart

Keep this in your kitchen, it will serve you well.

Meat Cooking Temps

On to the photos and stories! …

 

 

This was the scene of my very first sous-vide cooking of a steak.  

sousvide_01_1

As you can see in the above chart, a medium-rare steak should be 135°F inside.  I wanted to try things more on the rare side, so I opted for 127° on the Anova.  At the time I did not have a vacuum sealer, so heavy ziplock bags with the air drawn out (cocktail straw in the bag, lung power to vacuum it, heh) is what I used to contain things in the pot.

sousvide_01_2

The lodge cast iron was hot and I was using beef tallow from Fatworks.  A nice sear was had, but see here…

sousvide_01_3

… i left the meat in the pan for just a little too long on one side and cooking action took place beneath the surface.  Remember, you are not cooking your meat in the pan at the end.  You’ve already cooked the meat, in the sous-vide pot.  All you need is a good sear.  30 seconds, tops, on each side in the hot pan should do it.

sousvide_01_4

I still loved my dinner, as it was.  No sides, no veggies, no other courses.  Just steak and wine.  A fine first go.

Story Number Two

sousvide_02_1

Not many photos of the process here, just the results.  A much more satisfying endeavor!  (And even some greenery on the plate, too!)

sousvide_02_2

The next day, I thin-sliced the remaining steak and warmed it in the pan (with extra sear all around) and added it to breakfast…

sousvide_02_3

“steak and eggs and eggs and steak… that’s what you should eat for breakfast!”

 

 

Third Story… My Finest Hour?

sousvide_03_1

I started with a three-pound slab of bone-in ribeye.  This was about 2″ thick.  Awe, yeah.

sousvide_03_2

I got it home to my girlfriend’s place, and prepared her cast iron.  Why heat the pan at this time?  Well, i was trying something that my buddy Babak encouraged: a double sear.  Instead of simply hitting the meat to the cast iron after the cooking process, he told me that sometimes he will start the whole process with a sear against the cold meat.  Then, after an initial Maillard reaction has taken place, the sous-vide bag and water bath can begin!

sousvide_03_3

As you can see, the meat within that immersion cooker is already browned around the edges.  I’ve also dialed down the heat bath to 126°F

sousvide_03_4

After about 2½ hours, the meat was done.  With the fat gelled and tender, we were ready for the finishing sear.  I sprinkled seasoning salt and black pepper on both sides of the meat as I heated the pan.

sousvide_03_5

The pan was hot as hell and had a fine bottom layer of macadamia nut oil.  Just about any good fat will do, but any oils or fats that have a high smoke point work best simply because they don’t turn your kitchen into as much of a caliginous haze once the iron starts getting very hot.

sousvide_03_6

Compare this to the “before final sear” photo and you’ll see the very increased bark around that outer surface.  That’s one fucking hell of a good sear!

sousvide_03_8

And the inside, oh baby.  Two inches thick and pink 100% through.  The sear reaction was exclusively the outermost edge, all around.  That’s just incredible.

sousvide_03_9

This was, and yet still may be even now, the greatest steak I have ever cooked in my life.  It was shared with the family and I had my first beer in months to pair with it.

 

 

Fourth Story – A full, ideal meal

sousvide_04_00a

I started right away with a hot pan.  Double-sear was the name of the game, yet again.  This time I opted for both macadamia nut oil and some bacon renderings from breakfast for a touch of different flavor.

sousvide_04_00b

20-ish seconds per side on a bone-in ribeye that was still cool from the butcher’s case was giving it a nice brown outer surface.

sousvide_04_01

Into the water bath at 125°F with the browned edges all showing.

sousvide_04_02

Side dish #1 for the meal was steakhouse mushrooms.  Sliced cremini mushrooms went into a saucepan containing kerrygold butter, olive oil, a thwack of bacon fat, balsamic vinegar, worcestershire sauce, black pepper, and seasoned salt.  They were left to saute for a while as i prepared…

sousvide_04_03

Side dish #2, asparagus.  I chop off the bottom inch or two from the stalks to make things extra tender upon cooking.  They will be done in a skillet with olive oil, salt, and pepper.

sousvide_04_05b

With the immersion circulator going and the sides coming up to temperature, i opted to open some wine.  😉

sousvide_04_04a

The mushrooms were starting to give up their water, and more heat was applied with frequent stirring.

sousvide_04_04b

The asparagus was looking great and also (because I use a little more heat than maybe I need to) my tongs were employed liberally to stir and re-arrange them for even heating.

sousvide_04_05a

nearly two hours in, and that steak was seeming pretty done.  (it wasn’t nearly as thick as the huge cut in the previous story above.)

sousvide_04_06

The steak came out of the sous-vide bag and got a rub of salt and pepper while I got the cast iron ready.

sousvide_04_07

Macadamia nut oil up to smoking temperature…

sousvide_04_08

…slab of beef in the pan, 30 seconds per side and all edges.  See that smoke, smell that flavor!

sousvide_04_09

A magnificent finish and plating.  Perhaps the second sear was a little too long, or of not quite sufficiently a high enough temperature on the pan, since that final cooking process seemed to penetrate a little more deeply than one might require… but only slightly.  The fat was still soft and gelled and the bulk of the meat was perfectly pink.

sousvide_04_10

I put on an old noir film as I ate and drank my wine.

sousvide_04_11

I finished off the meal with a bit of fine dark chocolate.  😉

sousvide_04_12

Perhaps the best part of an evening like that?  Getting all the dishes totally done, going to bed with a full belly, sleeping like the dead… and then upon waking the next morning, returning to the kitchen at breakfast time and having it still smell like deliciousness.  The smoke was almost still hanging in the air.  😀


This one is for my pal Edison, who sold me a terrific new receiver when I moved (at the old house I owned the speakers but my buddy owned the actual head end) and much to my dismay I learned that the antique furniture piece I had planned to use as the enclosure was just a hair too narrow…

2015-12-31_12-40-15

Now that might look totally unfeasible, but as it turns out — upon closer inspection — we’re really talking about less than a quarter inch of difficulty.  Lining up one edge exactly and then inspecting the other confirms this…

2015-12-31_12-40-21

2015-12-31_12-40-25

Edison informed me that it was only out of sheer dumb luck that my old roommate’s receiver had fit in here.  Almost all modern units conform to a uniform size standard and I was going to be pretty screwed, no matter what model I selected.  I debated removing the face plate and trimming it down a bit, then hit on a better solution… it was time for me to break out the belt sander!

2015-12-31_12-42-55

2015-12-31_12-47-03

It might look ugly in the moment there, but actually once the job was done, very little of that additional craftsmanship is visible once the receiver is in place…

 

2015-12-31_13-10-37

2015-12-31_13-06-38

I have to say, overall I’m pretty pleased with how this all turned out.  One day I’ll probably get around to rubbing a bit of wood stain inside where I sanded down the inner side panel, but for now I’m just super happy that the old, wooden end table (which I found moldering in the corner of a used furniture shop back in Philly and then brought back from the dead) gets to still be with me in my living room.

Thanks for the great unit, Edison.  Got it all hooked up and I’ll be dialing in the speakers with the setup microphone this weekend, once I get a cable for the sub.

2015-12-31_14-14-28

On twitter recently, a conversation arose between myself and some other lockpickers and locksmiths regarding everyone’s favorite pick tools for everyday carry, typical entry, etc.  I promised folk that I would document my personal gear, and no disrespect to Team #RockAdvocacy, the following are the lock tools that tend to be on or near my person all of the time…

 

My Main Pick Kit

This is what most folk would expect me to show if I were asked to take out my “pick kit”… it is a case made in the style of the HPC “Superior” kit, but the leather is far softer and I like that the inside is left as a natural suede.  It was obtained from my friend Ed, a locksmith in New Jersey… and hand crafted by a friend of his.  It’s been with me many years.

01-kit

Unzipping it and looking inside, we find…

 

02-kit_open

… an assortment of various things, certainly not all of which are picks and turning tools.  But every last item in this case has been useful enough to me (more or less) over the years that I keep it in this form pretty much all of the time now.  Let’s take a closer look and I’ll list what’s in there…

03-kit_dumped

… going more or less in rows from the upper-left on down, my zippered leather case contains:

  • a Mini-Jim is at the top left, because why pick a lock if you can bypass a latch?
  • laying on the open case is a key decoder card, similar to these from Pro-Lok. useful while impressioning or just when you want to re-pin a lock or quickly learn key bittings
  • the red-tipped item is a chopped-down Grobet Swiss #2 file half round, for impressioning and other small work (like making a bump key or adjusting small parts or bitting cuts. I use it a lot actually)
  • LAB brand small-size pinning tweezers.  These were a gift from Clay, the owner of Lockmasters and S&G, when he couldn’t bear to keep watching me re-pin locks by hand with nothing but a half-diamond and my slotted wooden dowel follower.  I insist that I was doing just fine that way.  😉
  • a Peterson American Lock bypass driver is seen, with blue tape covering the spot where the plastic dipped handle has chipped away over the years.
  • the next row begins with a two-pronged Wishbone style turning tool.  Lots of folk don’t like them, and I seldom need it, but I like having it.  It doesn’t fit well next to the other turning tools, so off on the left wing it lives, next to…
  • my keyring full of wafer jigglers, warded lock tools, and the decoder for my convertible 7-pin/8-pin tubular pick (kept in my other kit, below)
  • a Traveler Hook (a.k.a. Shrum/Loiding tool) is seen with a green finish.  you won’t see that in anyone else’s kit because there are no others exactly like it (in green) but similar ones are available online.
  • starting the next row is a small wooden dowel that I use as a plug follower when servicing locks in a non-serious way.  solid core and no lip on either end, that makes it perfect for me.  i’ve carved a small notch slot in the wood (with the Grobet file) and that’s all i need most of the time.  One layer of blue painter’s tape made the surface smoother and fits it nice and snug into almost all typical plug housings
  • Bobby pins with the little balls cracked off of their tips are great for demos of improvised handcuff tools (or when you need to un-set a double lock on a handcuff)
  • Most of the time, the handcuff shims right next to those pins are all I need, however.
  • I also keep one of the tools that some outfits call an “EZ Decoder” but I simply refer to as the “Master 175 bypass blade”
  • A thin sliver of metal can be used to rear-shim a lock during disassembly, and next to that is a tiny S&G safe dial spline key… good to have when you really need one!
  • What remains in the kit photo, therefore, are my pick tools… and there aren’t a lot.  One medium-sized hook, a half-diamond, and three rakes (one classic Bogota and two long-handled faux-gota picks) are kept in there along with over a dozen turning tools… and each one is slightly different than all the others.  I find the best fitting turning tool possible in whatever scenario I’m facing and go from there.

Now, there are some times when it’s really useful to have a larger item that can’t fit in this case.  Hence, in my backpack (where this above-kit lives) I also have this auxiliary pouch…

 

Auxiilary Tool Pouch

This leather-ish velcro-flap case was probably originally for sunglasses or something like that…

04-aux

… now it contains…05-aux_dumped

… so that is an assortment of items that are sometimes useful (both for entry work as well as field-servicing tasks) but I can’t fit them (or choose not to attempt to stuff them) into my “main” pick case.  In any event, the above items (both the main pick kit and the auxiliary tools kit) live in my backpack most of the time, and aren’t typically in my coat or in my pants pockets.  However, I will in all but the most RARE circumstances, always have picks on me.  Let’s move on to…

 

Pocket Carry Kit

The following item is almost always present in the hip pocket of any pants I’m wearing…

06-pocket

… fashioned from an old leather cigar case, I use this mostly to prevent my everyday-carry flashlight (a Klarus XT2C) from flipping sideways in my pocket and being uncomfortable.  This little leather case allows me to easily manage the flashlight, a small lip balm, and also what we’ve come to call my “golf bag” pick set…

07-pocket_apart

… so-named because of how the beige tube (fashioned simply from gaffer’s tape with a tiny rare earth magnet in the bottom) looks with all the picks and turners sticking out the end.

08_pocket_dumped

 

… honestly, the “golf bag” pocket kit gets far more use from me than my “main” pick kit does.  Why reach into my backpack in order to open a lock when chances are I have all I need in my pocket?  This little kit contains…

  • one faux-gota pick (the only full-size pick in this little case)
  • a double-ended medium hook and snake rake (rarely used)
  • a chopped-down HPC half-diamond
  • a chopped-down thin stainless steel half-diamond
  • a chopped-down HPC medium rake
  • over a dozen turning tools in a wide range of thicknesses and styles (some unbent)

… yeah, 9 times out of 10, when I want to get something open, that little pocket kit is enough for me to do it.  I can always turn to the leather zippered case since my backpack is often around (especially at cons or on jobs) but I usually don’t need that.

On the off chance that I don’t have my “pocket holster” as the above-seen brown leather item is sometimes lovingly called (maybe I’m in a suit at a formal affair, let’s say) I will always have my wallet on me…

 

Wallet Carry

Underneath my licenses and credit cards and other blah blah in my wallet, there are some other tools that I always keep beneath me when I’m seated.  😉  They tuck in small extra pockets, some of which I’ve stitched into the lining, etc…

09-wallet

… these last-ditch “wallet carried” tools include a TOOOL Emergency Pick card behind my credit cards and the following items slipped below my license…

10-wallet_dumped

  • A “Husky Head” tool – once available in the 70’s and 80’s, this awesome little item is sadly discontinued now.  Check eBay or vintage sites for them.  It was a keychain that would work well with large or small screws, both phillips and flat-head.  Is it as perfect as a proper screwdriver?  Of course not.  But it’s flat as flat gets.  And that’s enough to make it worthwhile.
  • A diamond wire blade – never needed to use it, but SERE pick sells a LOT of them for a good reason!
  • titanium Bogota pick (triple hump only)
  • titanium flat metal stock converted to a simple turning tool
  • titanium cuff shim (split pawl style)
  • S&G new style cuff key (which I should really get around to converting to a TOOOL universal key)

 

… so, there you are!  Those are my various “everyday carry” lock tools.  It’s more than most folk might tote around, but less than you see in a lot of “ultimate” kits that contain way too many items, in my view.

These items, carried in the way I have described, have pretty much always guaranteed that I never complain about wishing I had something but not finding it on me.  Well… every so often, I wish I had a plug spinner.  😉

 

 

 

While having a discussion with a close friend recently, the topic of bug bounties came up.  She asked me what I thought was a reasonable price range.  I learned from discussion with her as well as discussion with others that the physical security world is massively different from the IT world in this sense.

Often in our lectures and trainings, we draw a parallel between the physical and digital realms.  The same principles apply, the same kinds of errors lead to the same risks and the same lessons learned.  However — and there’s really no getting around this — the cost to repair/upgrade/patch physical systems tends to be much, much higher.

For this reason, manufacturers of locks, access controls, and other physical security technologies are much more loathe to even discuss (let alone disclose) vulnerabilities with the public.  Likewise, because of the very long persistence that physical bugs tend to have (even when they do become public), this sort of attack vector can be weaponized to much greater effect.

While bug bounties in the software world tend to float around the low four-figures (although occasional high-four-figures and five-figures do happen, and sometimes garner a bit of attention when they do… and six-figure bug bounties have existed very, very rarely) I took the position that just about anyone whom I know in the physical security world would scoff at numbers in the $1,000 to $5,000 range.  Well, perhaps not scoff, but most assuredly we would consider them almost comically low.

In the realm of physical security exploits and the development of tools that leverage such vulns (a development process that often entails far more cost and time than the writing of proof-of-concept code for software bugs) this kind of research often commands five-figures at a minimum.  Such deals also almost always entail NDAs and other very strongly-worded agreements to effectively never publicize said research.  Put plainly, if a physical security researcher finds a flaw in a high security lock, the market for that work tends to be either governments or private firms with deep and often shadowy connection to government operators.  A working tool that can be used to attack a physical security system often commands far more in the private realm than a designer would ever hope to recoup by bringing it to market publicly through retail channels.  Add that to the fact that most designers and vendors in the hardware and physical security space aren’t courting researchers with fiscal rewards, and this leads to a LOT of hardware bugs (lock flaws, access control system hacks, safe manipulation tools, etc) never being revealed to the public at large.

Let us make no mistake, the government and the law enforcement are interested in your data, too.  Their eyebrows perk up at the notion of software flaws and privilege escalation within networks or computers… but what really gets a lot of spooks and police salivating is the chance to surreptitiously enter physical relams.  Intelligence gathering, eavesdropping, sneak and peek work, etc… all of this is based greatly around physical access, and that means possessing attack vectors against supposedly high-security lock systems which the public believes to be immune from vulnerabilities.

Unless physical security vendors consider offering genuine bug bounties (something that is far from likely if they aren’t yet even interested in public disclosure of discovered flaws) the only avenues for researchers are going to be:

1. public disclosure simply for the sake of the community and for the fun of speaking at hacking and security conferences

2. private sale to governments who will undoubtedly use this knowledge for purposes of surveillance and covert entry

So, give a cheer for every hacker con which accepts a talk with a physical security angle.  The speaker may have turned down considerable funds in exchange for being able to present to you.  And the topic areas, while sometimes not-the-norm, are far better aired publicly than kept quiet.

NOTE – This post was not supposed to turn into a “let’s pat ourselves on the back here in the phys sec world” diatribe, so forgive me for that.  Still, I’m pleased to be able to report that — as of the time of this writing — The CORE Group has never accepted any offer of keeping research private in exchange for money, access, or favors.  Our works are always either portrayed publicly and/or disclosed to the original vendor so they may endeavor to correct said problems.

While road-tripping down to CarolinaCon, a few of us in the car were seeing the “hugs at hackercons” thread on Twitter.  It generated a bit of good discussion among us, but for the most part we were focused on getting to Raleigh and presenting and socializing and generally having a good time.  Of course, the hacker community’s chatter is fast-moving and mere days later, we seem to have moved on to RSA dress codes and the awful antics of BlueCoat.  So, while this blog post is hopelessly outdated now, I’m still offering my thoughts.  😉

Much of the HugGate matter seemed to come down to the following arguments (often badly-expressed and hopelessly truncated by Twitter’s 140-character limit)…

“I don’t want to be hugged at conferences”
“So then tell people to not hug you”
“I shouldn’t have to tell others, they should just not hug people”
“Hugs are awesome, you’re just silly if you don’t like them”
“Hugs vs Handshakes is a clear-cut case in most of the world (link to this article)”
“The hacker world isn’t the business world, we’re a family”
“But some people are aspy and don’t like to be touched”
“No one should ever be touched if they don’t want it”
“So no one should hug anyone?”
“That’s not what I said!”
“I’m going to hug you!!”
“I like hugs, that’s fine!”
“Fine!”
“So, are we still arguing?”

… and so on and so on.  The crux of these issues was distilled down by many into to two camps — pro-hug and anti-hug — but that’s an over-simplification.  A fairer pair of titles would be pro-hug-environment and anti-unwanted-contact and their positions could possibly be summarized thusly…

Pro-Hug-Environment: “We like to surround ourselves with friends and family in the hacker world and we value situations when the context allows for many hugs and close contact.  With much time spent in the cold and impersonal business world, it’s nice for us to create a space where people are much closer.”

Anti-Unwanted-Contact: “That’s great that you love being all friendly, but some folk take it too far… and when I’m at hacker events, I have to fend off unwanted hugs or other contact because of the environment that’s been cultivated.  The onus shouldn’t be on me to prevent what I see as harassment.”

.

Here’s the thing… both of those camps have elements to their arguments that are quite valid.  No one should ever be subject to touching or direct contact that they find unwelcome.  (Unlike speech, which I feel anyone should be able to express at just about any time, actions — such as direct contact — should never be forced on to another party.)  Alternately, if a group of people seeks to create an environment where they feel more at liberty to bond and be more casually intimate with liberal hugs, etc… that’s their right, too.  Let’s not forget that hacker cons are, by and large, private events and it’s fine for them to reflect the views and values of their creators and participants.

Sometimes, we forget that all situations are different and every “event” or “gathering” or “space” has its own unique values and atmosphere.  Trying to map the values and behaviors associated with a workplace on to a hacker con or those of a music festival on to a public park is about as logical as trying to map the norms of one country’s citizenry on to those in a foreign land.

It’s important to consider the base-rate of behavior and the commonly-accepted norms in any circumstance and allow that to dictate our mores, norms, and rules of proper conduct.

.

I propose the following when it comes to hugs… think about the situations around you on a hug spectrum …

hug spectrum - 00 - scale

… for those who can’t read this easily (you can click any of these images for larger versions) it’s essentially a scale of how intimate the greetings tend to be between both (a) people known to one another and (b) people meeting when the don’t know each other very well.  Here’s a written breakdown of the various points on the axis…

+4 Big kisses for basically anyone who comes along

+3 Hugs liberally shared all the time. Small kisses common, too, even upon introduction

+2 Hugs typical as an introduction, little reservation shown among known folk

+1 Hugs common between all friends and acquaintances, sometimes hugs even during an introduction

+0 Hugs for family and very close friends only, handshakes upon introduction to new people

-1 Folk pretty reserved, usually shake hands even if known already. Handshake almost always as introduction to new folk

-2 Hugs are outright considered odd in public, even if known. During introduction, only handshakes are used

-3 People prefer to not have any  physical contact with unknown folk

-4 No acknowledgment of strangers out in public

… so, I’ve made this pretty wide-ranging.  I think that we can safely dismiss or at least not give much consideration to the environments at the +4 and -4 ends of the specturm.  You’re unlikely to see the +4 “Kiss basically anyone who comes along” as the norm outside of hippie gatherings, raves, or the declared end of a world war.  Likewise, the -4 “No acknowledgement of strangers out in public” standard doesn’t really apply anywhere outside of the most repressed dictatorial or religiously-fundamentalist regimes.

.

But almost all of the other points on this spectrum are fair game in some situations.  I think that the zero mark in the middle of the axis could be called “the United States societal standard.” We are a people who hug, but your typical American doesn’t go around embracing just anyone.  Our society’s normal method of introduction is the handshake.

hug spectrum - 01 - US society

.

On the hug spectrum, however, it’s important to consider both the base-rate for a given situation as well as the margins directly on either side of that mark.  A society or group can be thought of as supportive and inclusive if they are aware of others whose preferences and standards lay a little bit outside of the mean.  See here…

hug spectrum - 02 - US society margins

In the USA, it’s not uncommon to encounter +1 people who offer hugs as a form of introduction.  Alternately, there are plenty of  -1 people here who are reserved and don’t offer hugs often at all, even to people whom they know.  Being an accepting person means expecting to meet people like that with some regularity.  The red arrow folk should keep themselves open to social cues and indicators so that the yellow arrow folk do not have to offer a lengthy explanation of their slightly different position.  This is the kind of environment that we should aspire to have.  People on the margins should feel accepted and not like they are troubling others or in need of constantly explaining themselves to others.

.

Let’s apply this hug scale to the business world…

hug spectrum - 03 - business world

… where the norm is handshakes.  Handshakes are always the default when meeting new people, and for the most part they’re what’s shared even between people who know each other.  Of course, the rule of the margins applies…

hug spectrum - 04 - business world margins

… some people in the business world are comfortable hugging friends, even at the office.  Others in the business world consider any kinds of hugging in the office — even if family visits — to be unwarranted.  Again, these yellow arrow folk should not have to explain their position explicitly every time when meeting new people.  Most folk should just pick up on social cues and be able to tell whether someone’s preferences are slightly different and act accordingly.

.

This “rule of the margins” applies, no matter where the base-rate may be.  Consider a society that is very different from the USA, such as Brazil…

hug spectrum - 05 - brazil

While I’m sure there may be some citizens of the world’s fifth largest nation may disagree with the above chart, it’s quite definitive that they are a much more touchy-feely people than Americans are.  Embraces and even the customary Latino kiss-on-each-cheek are common for all sorts of greetings.  And, as the yellow arrows in the margins indicate: for some people there hugs are only “typical” and not absolute, or on the beaches of Rio during Carnival lots of kissing with strangers is abundant.

.

An inverse of this can be seen in many Muslim nations, where repressive religious values result in societies around -3 on my scale.  Instead of touching other people, many citizens opt for the salām… a greeting of peace which is often bestowed not with a hand outstretched, but rather simply held over one’s own chest.  Again, in such societies, one does well to be on the lookout for people on the margins… either those who do opt to shake hands or those who are strictly conservative and prefer almost no acknowledgement of strangers (this particularity usually only manifests itself when the interaction is between two people of differing genders.)

.

So where does this leave us with hacker cons?  Well, let’s turn again to the base-rate as far as hugs are concerned.

hug spectrum - 06 - hacker con

While there are many people who might disagree, I take the position that within the hacker community and at our cons, the norm tends to be the +2 mark on the hug spectrum.  While certainly not obligatory, hugs are typical when meeting new people.  So, when we apply our rule of the margins, what does that tell us?

hug spectrum - 07 - hacker con margins

Individuals whose preferences lay at the yellow arrows should not be made to feel like outsiders or oddballs at hacker cons.  The general attendee base, if they are truly interested in keeping our community a welcoming and accepting place, would interact with each other on the principle that most people are a +2 while at the same time keeping their eyes open to the possibility that a person they encounter could be a +1 or a +3 hugger… social cues and nonverbal communication should hopefully be sufficient most of the time to convey those nuances.

.

What about actual outliers, however?  At a hacker con, maybe some attendees are the type to simply only hug family and close friends.  Or, on the other end, maybe some folk are the type to be super liberal with passionate kisses for those around him or her.

hug spectrum - 08 - hacker con outlier hug spectrum - 09 - hacker con outlier

In each such case, I do not think it’s wrong for these people to be considered statistical outliers.  They are far-enough removed from the base-rate of that particular environment that it could surprise most others there.  This is not to say that there is anything wrong with someone such as this.  Again, I firmly believe that anyone may hold their own opinions and values when it comes to personal contact, and that they should be able to do so without shame or reprimand.

However, when a person is sufficiently removed from the base-rate, obligations under the social contract shift a bit.  I feel that no longer should it be considered the burden of the group to be on the lookout for and be able to subtly detect when this very different value is held.  If someone is an outlier, then the burden shifts further to them in terms of communicating their values and preferences when encountering other people.

Attire, stance, and demeanor go a long way to helping this communication, of course.  Wearing business-casual clothing and maintaining a respectable distance from others during a new introduction at a hacker con can help to signal that you’re more comfortable with the business-world standard of “handshakes are the norm” but I believe that no one should be thought of as a bad person if they fail to pick up on this.  A friendly but straightforward “hah, sorry, I’m not much of a hugger” can be communicated if someone leans in for an unexpected embrace.  No one should feel bad.  The 0 spectrum non-hugger is justified.  The +2 hug-desiring hacker shouldn’t feel dismissed or shunned.  And the con itself shouldn’t feel bad for cultivating an environment populated by predominantly +1 +2 +3 hug-spectrum folk.

.

Hug if you want to.  Shake hands if you prefer.  Kiss loads of people or ignore strangers entirely… the choice is 100% yours.  But let this hug spectrum be a guide.  Familiarize yourself with whatever the base-rate is for any environment into which you proceed (people who know me are aware that I’m a huge supporter of travel and experiencing other cultures, the rule applies there, too) and then do the following…

1. expect that most people whom you encounter will probably have values and actions in accordance with the base-rate

2. be on the lookout for people who are just at the margins of the base-rate and let social cues guide you in those interactions so that these people needn’t explain themselves.  it is the responsibility of the group to help them feel included.

3. if you are not just different from the typical base-rate but actually well outside the margins of an environment, be prepared to communicate your feelings and values to others.  in those cases, the responsibility falls to you more than to the group.

.

Just because a person who is substantially different from the group around them feels the need to communicate that in order to have healthy interactions, that doesn’t imply that they can’t have a positive experience.  I remember reading a very inspiring story which transpired at the 29th Chaos Communication Congress.  One participant was reluctant to attend, due to her Asperger syndrome.  She knew that hackers are huggers and that the CCC events are often densely-packed with people of every stripe.  But instead of letting her fear get the best of her, she chose to attend anyway.  With the support of friends, this person wore a shirt announcing prominently that she didn’t care to be touched directly.

Her blog post was one of wondrous joy and happiness.  The author explained that by and large, the other attendees which she encountered were supportive and very respectful, making the CCC event accessible to even someone who was well outside the base-rate of the Hug Spectrum for hackers.  While the wearing of a prominently-worded shirt might be quite an extreme step to take, it’s just one example of how it is very possible to communicate your differences to those around you and everyone can come out better for it.

.

I’ll let this blog post speak for me.

I’m a hugger, through and through.  If you see me, feel free to hug me.  If I know you, chances are I’ll approve.  Even if I don’t know you, chances are high that I’ll smile and be happy about it all the same.

Just do me (and everyone else around you) a favor: smell nice.  A recent shower coupled with clothes that have been laundered goes a lot further in making me comfortable during an embrace than whether or not I know whose arms are around me.  😉

.

.

.