Skip navigation

This post is a direct follow-up to my previous blog entry, wherein I discussed parallels between the hacker community (of which I am a part) and the sex work community (where I have many friends).  I offered the notion that both worlds consist mainly of people who are often misunderstood (and thus feared) by “mainstream” society… and this leads to everything from bad journalism to bad legislation.

While that previous entry was inspired by something that was said by the erudite firebrand Maggie McNeill, this post is inspired by commentary by the illustrious Mistress Matisse.  Matisse and some of her other colleagues were discussing a topic that had gained a surprising bit of momentary traction in the press: whether laws prohibiting sex work could be found to be unconstitutional.  “Given the inherent privacy and self-determination rights (specifically, sexual freedoms) codified by the Supreme Court in Lawrence v. Texas and other related landmark decisions, wouldn’t the right to engage in paid sexual acts extend to the full spectrum of sex work?” was the argument being made by scholars and lawyers.  “Even now,” people were commenting, “we allow actors to work in the adult film industry.  We allow in-person exotic performances, even ones involving lascivious bodily contact… isn’t the argument all just a matter of degree?”

Matisse and others (Maggie weighed in on the topic as well, of course, on Twitter and elsewhere) spoke enthusiastically in support of such level-headed interpretations of the law, and many in the trade talked aloud of how decriminalization has been a long-term goal of the sex work industry for ages now.  This, naturally, sparked pointed criticism of some of the media reporting… specifically, where pundits were speaking out in favor of “legalizing” sex work.

I won’t allow us to get bogged down in debating whether the following words are the best choices to represent the concepts being approached, but for quite some time now, when speaking about marginalized or underground economies, two similar-sounding terms have been earmarked as a means of discussing two very distinct and divergent concepts or proposals…

Decriminalization – Often thought of as “getting the police and the government out of the picture” with the aim to reduce harm, “decriminalization” is imagined by most as a system where criminal penalties are removed from specific statutes and people are free to conduct themselves as they wish… in this case, the buying or selling of sexual services could be conducted openly, without fear of prosecution and jail time.

Legalization – This is often contrasted with the above by calling it “getting the police out of the picture, but inviting government in.”  Consider what has happened to the cannabis trade in places like Colorado and my current home state of Washington.  Legalization has indeed removed most penalties previously associated with marijuana, but now this industry, its workers, and even its customers are faced with a litany of new rules and regulations to be followed.  Failure to adhere to them can still result in hefty fines or even jail time.

Many articles, especially on blogs and sites focused on the sex work industry, have discussed these two differing terms at length.

The general public often will either (a) not care all that much about the distinction being made in this entire argument or (b) will — for a variety of pearl-clutchy reasons — come down on the side of “legalization” as the best solution when a previously-underground market is being brought into the light.

I am not without sympathy for the viewpoints expressed by such citizens.  If we get past much of the useless “think of the children!” hysteria, we can uncover a variety of valid concerns.  People are curious how society can serve the very valid interest of protecting workers and customers in a field that has historically relied on secrecy and clandestine behavior.  “With all this being brought into the light,” people will ask in genuine desire to help others, “don’t we want to be extra certain that everything is on the up-and-up now?”  Similarly, another valid discussion point (which applies equally well to both the drug trade and the world of sex work) focuses on the fact that when relegated to the underground, clients and providers would take extra steps to validate one another for reasons of safety.  Without the police or the formal system of law to shield them from harm, those who transact with one another would use additional caution if they wanted to avoid bad consequences.  If a trade such as this is decriminalized, the pressure to know and verify details about the other party will diminish.  Lowering the barrier to interaction can make sellers or buyers less inclined to develop close relationships based on routine and ongoing commerce… potentially leading to fraud or unsafe product/services/etc.  I will not state that these arguments are wholly without merit.

However, I will push back against the notion that heaps of new government regulations and pages of new bills from lawmakers are the only appropriate answer to such concerns.

My previous post drew parallels between sex workers and a community to which I am tied: hackers.  This post will draw a different connecting thread, comparing sex work to another trade where I have experience and deep connections: locksmithing.

Hear me out.

Locksmiths have a wide range of knowledge that can be used for good or for ill.  They possess and carry tools which concern others.  “We don’t want just anybody claiming to be a locksmith!” some people may shout.  “There must be regulation of this industry!”  Anyone familiar with (or who has actually started) small businesses will know that over-regulation is a manifold problem, and it manifests itself possibly nowhere more powerfully than in the realm of occupational licensing.

We don’t have to look far to see the litany of jobs that require a stamp of approval from the state, and which are hampered by demands of compliance with scores of bureaucratic red tape.  Beauticians, food vendors, electricians, plumbers, even performance artists… you needn’t look far to find examples of over-regulation many fields.  Would it surprise you, then, to learn that locksmithing is markedly not subject to licensing and other such business red tape in many jurisdictions?  Oh, don’t get me wrong, plenty of cities require locksmiths to be certified, licensed, bonded, etc… but this is not the norm everywhere.

How, then, do customers know they are dealing with a reputable person?  How are the streets not utterly filled with unscrupulous individuals who are trading as locksmiths without the knowledge and intention to do right by others?  Well, these are actually problems that exist.  But the solution is not primarily found at the hands of government.  Instead, the industry has for over half a century now taken up the task of regulating themselves.

The Associated Locksmiths of America (ALOA) has existed since 1955, and does a very admirable job of safeguarding the public by establishing recognized, mutually-agreed, and well-researched policies that its members must follow.  Numerous other skilled trades have similar professional societies.  While many in the locksmithing industry do support some forms of protectionism and are in favor of government licenses, most are perfectly happy to run their own enterprise and maintain their ALOA number by means of professional education, adherence to industry best practices, and keeping their customers satisfied.

If you are in need of the services of a locksmith, it’s not difficult to ensure you’re hiring someone reputable.  You needn’t look in their shop for a frilly-edged piece of paper printed out at town hall.  Simply ask them their name and business designation, then verify their information on the ALOA web site.

I am curious if such a solution could be applied just as easily to the world of sex work, once the time of decriminalization finally arrives.

I feel that such a system could overcome many hurdles that result in debates reaching an impasse when decrim vs legalize is on the table for discussion.  Take, for example, the “health and safety” concerns voiced by so many.  “We must have a system of regulation and licensing,” say many in the pro-legalization camp, “otherwise what is to stop the spread of sexually transmitted infection and other attendant risks that come with multiple sexual partners?”  Ask people actually in the field of sex work, however, and you will hear them routinely speak out against mandatory medical obligations and record-sharing with the government.

A professional trade organization might be able to address this, no?

If a sex worker complies with a series of best practices — as defined by the industry itself, not a list of regulations concocted on the desk of a government functionary far-removed from this world — then they could conceivably be issued a stamp of approval (and associated member number) in that professional society.  Potential customers researching amorous encounters could look for this seal of approval much in the same way that persons locked out of their home would for years check for the ALOA insignia in the yellow pages.  Customer complaints and concerns would be managed by the industry itself… with the aim of increasing everyone’s safety in order to ensure satisfaction and repeat business.  (Insert your own “Better Blowjob Bureau” joke here if you wish)

And those who might opt to not pursue membership and accreditation in such a professional society?  They wouldn’t have to face penalties and fines, in my view… they would only have to bear any market consequences that might come with possible loss of customers or business reputation.  And that’s entirely their choice.

I am not saying that this is the right solution.  I am sure there are plenty of variables in this equation of which I’m unaware.  I plan to ask many people I know who are sex workers about this topic and I hope to learn more.

Regardless of whether or not this would be accepted by all parties, I hope we can keep this conversation going.  I would hope that we all might remain open to the notion that society doesn’t have to immediately involve city hall every time a previously-outlawed commodity becomes available for sale to the general public.

That applies to pot as much as to pleasure.

This is a post to all of my family in the hacker community.  But it is not about hackers nor is it about hacking.

Rather, this post is inspired by the illustrious and erudite Maggie McNeill, who on Friday the 13th made her customary statement regarding allies & the need to speak out for those whose voices deserve amplification.  She describes this day, whenever it falls on the calendar, as “the day I ask people who aren’t themselves sex workers to stand up for us.”

You may find it remarkable that someone in the industry would make such a statement.  Perhaps you are even surprised that this woman would publicly identify as a courtesan, as opposed to “shamefully” keeping this part of her life cloaked in mystery and secrecy.  Allow me to (hopefully) open a few minds.  The hacker community should not feel significant surprise were I to reveal to you that — shocker — an often-misunderstood subculture existing “outside” of many of society’s norms is frequently the subject of unnecessary and undeserved scorn and criticism.


“A hacker convention?!?” the old fellow gasped, ostensibly to his elderly wife but also loud enough so that everyone else in the elevator could hear him. “What’s next?  Will this hotel hold an ax-murderer convention soon??”  This is a story related by Thorn, an old friend of mine who attended the earliest ShmooCon conferences with us.  In the elevator of the Wardman Park Marriott in Washington, DC, he was answering a little old couple’s query as to why so many individuals with unconventional attire and particularly strident-colored hair were present in one of our the most posh and upstanding hotels within our nation’s capital.  Upon his frank and uncompromising answer, “we’re all here for the hacker convention,” the two looked appalled.  Their comment, delivered perhaps somewhat in jest but clearly rooted in skepticism and fear, made it clear that they had been fed a steady diet of fear and contempt by the mass media when it came to hackers.  Naturally, one would presume that they had never (knowingly) befriended or even spoken to one.

I do not know what transpired after that, but presumably the old couple made haste to their room and possibly searched for diversion (or even alternate accommodation) elsewhere in the city… which is a shame, given that they would have had the perfect opportunity to speak with and even start to understand some real, non-scary hackers if they had just sat in the hotel bar and met others from the conference.


Sex workers face many of the same stigmas that hackers do.  In addition to being misunderstood by the general public so often that they may choose to not even self-identify publicly unless they are in “safe” environments and surrounded by their own kind, the mainstream portrayal of such groups of people is riddled with the most ostentatious and over-blown stereotypes.  Don’t believe me?  Point your internet tube at just a few google image searches.

If we search for the word “hacker” what are we going to see for the results?

That’s right.  Black hoodies and balaclavas everywhere.  The stock image sites are among the worst offenders, as always.  But that’s what editors (and, by extension, their readership) sees in their mind when they hear the word “hacker.”  By and large, we are seen as scary, malicious, and out to cause mayhem.

Let’s try a google image search for “prostitute” now (forgive the use of a vulgar and deprecated term… but you’ll see where I’m going with this in a moment.)

Is it much of a surprise to anyone that the trope of the “at-risk street walker” is far-and-away the most returned image?  (Again, most notably, by the stock image photo sites.)

I put it to you that the “prostitutes” in these photos are no more representative of the sex work population than the “hackers” in the earlier images are of our own community.  For a taste of balance and a bit more realism, what happens if we were to put our thumb on the scale and tilt Google’s results more in the realm of actual human beings?

For instance, how about a search for “hacker space”…

In addition to showing some cool project workbenches, this search query actually shows what real hackers look like.  That is to say, they are just typical people (although often with above-average intelligence, which many times manifests itself as a lack of desire to play by the rules or be bound into systems that are artificially limiting or oppressive.)

Instead of a loaded term like “prostitute” or “hooker” let’s look at the google image results for “sex worker”…

And now yet again, we see a much more realistic representation of this population.  While we still sometimes see the “red light district” style of imagery, many of these results are much more human in their representation.  These aren’t caricatures or two-dimensional abstracts… these are real, genuine people.  They are concerned with the happiness and safety of others, as well as of themselves.


And that is where the real parallel in this narrative lives, my friends.

How many hackers bemoan the news when a legislator (who has no literacy in technology) proposes legislation to weaken encryption or allow censorship on the internet?  How many times do we pull our hair out while discussing the latest scare tactics used by police or Congress as they demonize our community and push for tighter regulation and stiffer penalties?  The CFAA, the DMCA, the Wassenaar controls… all of these were written by outsiders who feared our community but don’t know the first thing about our community.

Sex workers face the exact same uphill battle.

How many of you have heard about new technologies (or even new groups of cyber-experts in our own industry) designed to fight the “growing scourge of human trafficking” or something similar?  There are no shortage of politicians lining up to get in front of news cameras as they decry a vaguely-defined problem, offer no hard evidence, and then propose silver-bullet solutions that will deeply impact an entire community without ever actually speaking to that community.


Hackers and sex workers are equally and simultaneously victims of respectability politics on the part of our legislators.  It’s a tired but reliable formula that delivers votes at the ballot box and tax dollars to law enforcement efforts…

  1. Choose a marginalized group of “outsiders” who already have a stigma in the minds of the general public (see our google searches earlier)
  2. Whip up public panic using sensationalist headlines and pearl-clutching testimony by well-dressed politicos
  3. Exclaim loudly that “if only people cared enough about the future we’re building for our children” things could be different
  4. Propose new laws.  NOTE – new legislation will always tighten a noose, it is never acceptable to reduce government power or regulation
  5. Decry and shout-down any detractors as criminals and a “bad influence”
  6. If detractors are well-read, highly-published academics who are part of the very group being targeted by new laws, smear them as no better than their worst hardened criminal peers with no redeeming qualities.  If they still do not remain silent, target them for arrest or harassment within the corridors of any “legitimate” vocation they may have
  7. Pass new laws that make the broader public nod their heads in silent (and mildly disinterested) assent
  8. No matter what the new laws were ostensibly supposed to accomplish… crack down on the young, on the poor, and on minorities… like always
  9. Trot out the occasional “major victory” by law enforcement.  The actual community of experts will decry among themselves how such “victories” accomplish nothing (and often are smoke-and-mirror cases with no merit or factual basis at all) but the general public will remark in a vague sort of way “oh yeah, i saw something on the evening news about that major bust the cops did a few months back” when the topic comes up at Thanksgiving.


The next time someone tells you that they have “heard about a new project to help curb human trafficking” I would like you to imagine that, instead, they have just told you about a “new government encryption key escrow that will help us fight terrorism.”  Our response should always be to ask the following questions…

  1. How many actual experts in the industry have you consulted with when developing this new framework or policy (yes, that means talking to actual, real, live hackers or sex workers!)
  2. What did these experts say?  (Seek out broad community opinion, as opposed to cherry-picked, press-ready statements by individual lapdogs.  What are their Twitter or Facebook groups saying and posting and re-tweeting?  What does an account like @EFF or @DEFCON or @mattblaze… or @SWOPUSA or @belledejour_uk or @whoresofyore have to say about it?)
  3. What specific, measurable result is such a proposal allegedly trying to achieve?  If it can be proven that this result will not be attained or if is later demonstrated that new laws or policies are not achieving the goal, will the proponents rescind their support?  If not, why not?


Respectability politics is what undermines the safety and indeed even the legitimacy of marginalized groups.  Mitch McConnell may be comfortable wearing little nerd glasses and likes to portray himself as a policy wonk, but he would never speak in the Senate quoting facts from “known hackers.”  Kamala Harris wants to be seen as a voice for women in leadership, but she would never deign to sully her pearl necklace and pants suit by appearing in a photograph next to a “known sex worker” offering up testimony about harm reduction.

And every one of us who plays into the mainstream narrative when the topic turns to “underground” communities gives these people their power.  Scoffing at the new hire at your firm who “dresses like a goth” even though your network has never been safer or running more smoothly… or telling friends and relatives that you loved your recent trip to Amsterdam “but assuredly we didn’t hang out in the red light district” to keep up appearances at the dinner table… all of these and so many other little stabs are harmful in myriad ways.  And often they are some of the worst examples of punching down that you can do.


Instead of that, I invite you all to extend a hand to those whom you do not understand.  If you’re going to swing a punch, aim up and rattle those in the corridors of power who want your fear and your applause when they grandstand and moralize.  Most of all, offer plenty of social and political cover to your peers and your friends… if they tell you that they attended a “hacker con” over the weekend, don’t shush them in front of the boss or try to characterize it as an “information security conference” instead.  Ask how they found this event; ask what they learned.  If a relative tells you they are friends with a sex worker (or, hell, even if they discuss having hired a sex worker) do not look away awkwardly or change the subject… ask them about their new friend.  Ask how they met; ask what they’re like.  Beneath all the hyperbole and stereotyping, people are all people… genuine, human people.


“Well our company would never hire a hacker,” says a clueless tech executive… unaware that they likely already have.  Think of that ignorant statement the next time you hear someone say, “well, I would never sleep with a hooker.”  Heh, chances are — if they have a typical, healthy sex life — they already have at some point and just didn’t know it.

Of course if people want to parse words they will explain that what they really are trying to signal is that they’ve “never paid for sex” and therefore they are morally superior.  Spoiler alert: everybody pays for sex.  Sometimes folk simply choose to know exactly how much they’re paying, and opt to do so up front.

You think no employee your SOC has ever developed exploit code or utilized a rootkit when testing the security of your network to make you safer? Heh, whatever helps you sleep at night.

I am friends with many sex workers, just as I am friends with many hackers.  Many have broken laws.  Virtually none of them would ever wish harm upon others.  All of them want to simply live their lives.  Help them.  Help by listening, by sticking up for them, hell… by hiring them!

Most of all, the next time someone has a very unhealthy and wrong-headed notion of what is means to be a hacker or to be a sex worker, push back against that.  Ride the elevator a few extra floors, don’t change the dinner table subject to the NFL right away… politely but firmly, ask if the speaker actually personally knows any of these individuals about whom they have formed such opinions.

If they don’t, encourage them to change that.  And if you yourself don’t, let changing that be your first step.

A twitter discussion the other day sprang up when I started asking folk about wallets.  Specifically, I didn’t like how every wallet I’ve ever owned has stacked ALL of my cards and other personal effects on top of one another.  My current wallet — which contains a credit card, a Costco card, a transit card, my license, my safe technician ID, my medical insurance card, and some other small effects — had become uncomfortable and it was time for a change.

I took out my little aprox-o-meters and actually measured it.  It comes to just over 28mm (over 1″) in thickness.  That’s a lot of displacement for one ass cheek.

Hence the discussion online, wherein I asked, “why isn’t there a wallet out there which will arrange card slots in a 2×2 formation when it’s open, so that ultimately when you close it and have it in your pocket, it’s considerably thinner!?

I wanted to find a wallet something like this, which I quickly photoshopped to make my point…


Well, lo and behold, the good lord internet doth provide.  A number of people suggested some offerings (and once I started my amazon searches, other similar products began appearing as suggested results, as well.)  I ordered basically all of them, with an eye to checking them out, seeing what I liked, and returning all the others.

Here are the results…


The Big Skinny Leather Hipster Wallet

Despite having the word “hipster” in the name, I gave this one a shot.  I like that the card configuration is just as I was expecting.  It also features a divided back pouch (the bill area) so that I can continue to organize multiple currencies like I usually do.  (I’m OCONUS so often and it really helps to keep my USD separated from whatever local currency I’m carrying.)  In addition to the four visible pockets (which are just four pockets… no extra slots or organizing dividers there) there is a little more room beneath the “right” side card pockets which I can use for photos or other items slightly larger than a credit card.

This wallet is 4.5mm thick when empty.


The SlimFold Softshell Wallet

This one isn’t leather, but I was willing to check it out.  It also has a rather unique “long” layout of the cards in a 4×1 pattern when the wallet is open. That can help accommodate some larger pieces of paper like airline and train boarding passes.  Ultimately, while I did think the material was cool (and awesomely breathable!) this wallet shot itself in the foot VERY badly by including thick, solid, clear plastic inside of its construction.  Not just for the “viewing window” but throughout the ENTIRE back of the wallet.  I suppose this was to give it some kind of structure and rigidity… but you know what ELSE does that for a wallet?  All of the stuff you put into it.  I can’t imagine someone honestly thought, “hey, without a big hunk of plastic running through this whole thing, the entire wallet might just crumple up and blow away like dried leaves!” The double-slot organizers were nice, but ultimately because of the ridiculously unnecessary plastic in the back, the wallet was effectively no thinner than the Big Skinny.

This wallet is 4.49mm thick when empty.


The Slim Original by Allet

This wallet also has construction using modern synthetic fabrics, but it has a leather exterior.  By using two materials, you’d think it would have the best of both worlds… but somehow this model manages to be thicker than the ones preceding.  I do like the construction very much, but its features were a little bit lacking to me.  The internal pockets felt very “slippery” and I could imagine losing cards or photos easily when flipping this open.  No pocket has a viewing window… not a deal breaking feature for me (I don’t keep my license visible anyway.  I use the viewing style windows for a photo of Tarah and I) but it might matter to some folk.  This wallet does have the divided bill area (part of what makes it thicker up top) but it lacks the large “extra” pocket in the main area that the Big Skinny has.  For all those reasons, it comes up a little short for me.

This wallet was, surprisingly, 7.32mm thick when empty.


The Marhsal Large Hipster Bifold Credit Card ID Men’s Wallet

Phew.  The only thing larger than this monster’s name is the thickness of the wallet itself.  I am not entirely sure why I added this one to my order beyond the fact that Amazon Prime has free returns on basically anything under the sun.  This wallet is a beast.  I shouldn’t really bag on it too much, honestly.  If you really like displaying many cards in a way that they are all individually visible, then the Marhsal maybe for you.  It has all of the other features I wanted, like a divided bill area and an extra “more versatile” pocket on the right side when it’s open.  The construction is nice enough (frankly, the leather and construction quality on ALL of the wallets here were rather nice… but the Big Skinny and the Allet really were a cut above) and it featured a built-in viewing pocket for a photo.  Still, at just a blond hair shy of 13½mm, this wasn’t what I was seeking.

This wallet was 13.48mm thick when empty.


In the end, I opted to try out the Big Skinny.  I took all my cards, IDs, cash, and utilities (I have a small custom insert that houses a spare key, a tiny USB drive, some locks tools, a Husky Head, and more) and put them in.  Everything found its place.  Even the tiny pocket floss packets and small set of Forever Stamps which are always with me could tuck in.  Some cut but unfolded padlock shims were added.  The photo of Tarah and I on our first real date was affixed on the inside with adhesive (no pocket needed).

After all that, the Big Skinny wallet was only 12.52mm thick.

That’s a reduction to under half of my original wallet’s size.  Hell, this wallet while fully loaded is even thinner than at least one of the others I was considering while that one was emtpy.  I still have one candidate on the way from amazon, as it turns out.  The Ultra Slim Original Wallet is due to arrive tomorrow, but I think I will likely just send it back.  The Big Skinny appears at first glance to be a real winner.

While I still can’t quite stomach owning a product with the word “hipster” in the name, the results appear to be satisfying enough that I’ll learn to live with it.  But I’m not going to start eating avocado toast.

Oklahoma Has Passed A Bill That Requires Women To Get Written Permission From A Man To Get An Abortion” read the headline.

As reported in various news media last week, The House Public Health Committee voted 5-2 in favor of a bill by Rep. Justin Humphrey that would require women to get written permission from the father of the child before a pregnancy could be terminated, despite objections from opponents that the measure is patently unconstitutional.

In reaction to this, on Twitter I remarked

Everyone who claims to fear “Sharia law” in the US but who supports this is an asinine hypocritical bastard.

The comment got some likes and RTs, and resulted in some conversation with like-minded associates.  But one fellow, Ian Hayes, took a more measured approach and wanted to tease out some of the subtlety of the matter.  He asked

Not a fan of anti-abortion law, but prior to this what voice did the father have in whether to abort or not?

When others explained that prior to this, no one else was ever required for consultation on such matters, he then followed up asking

So a more accurate version of this pearl-clutchy headline would change “a man” to “the father”, yes?

I will grant that the article’s wording in the headline could be construed as slightly sensationalist.  (I do not believe that Ian’s attempt to point this out was in the service of any views he might hold that put him greatly at odds with women’s rights supporters.  I’ll let him speak for himself, but by all initial appearances, Ian is one who appreciates measured discussion and wanted to unpack an idea, even on a firey topic.)  However, even if the headline was worded to be attention-grabbing, I thought that there was an important point to make here about whose place it is to have a say in these matters.  I responded

Most of us on this side of the debate do not make a distinction. Actually, going to write a quick blog post.

So here we are.  🙂


Allow me to open up with a rather unequivocal and direct statement summarizing my personal views on the matter, as far as the law is concerned:

I believe that in matters of reproductive health, as with all other matters pertaining to women’s health, the only party with whom ultimate authority should rest for all decisions is the woman herself.  In consult with her doctor(s) preferably (to which I hope she has adequate, affordable access) and with informed input from other close associates and sources of factual medical advice… but, ultimately, it is my belief that anyone’s personal life decisions should be theirs and theirs alone under the law.  Others with a vested stake or strong connection to her life may have a voice (in healthy interpersonal relationships, considering the feelings and thoughts and advice of others close to you is certainly not a bad thing) but that voice shouldn’t carry any legally-binding weight.  I believe that each one of us — and this goes for people of any gender, not just women — is the ultimate and final authority over what happens to our bodies.

Let’s examine a quote that has circulated quite a bit in the coverage of this law…

And you know when you enter into a relationship you’re going to be that host and so, you know … take all precautions and don’t get pregnant. … After you’re irresponsible then don’t claim, “well, I can just go and do this with another body,” when you’re the host and you invited that in.

This statement comes from Oklahoma State Rep. Justin Humphrey (who few folk will be surprised to learn was a career corrections officer before this, served as head of the FoP, is a drug prohibition crusader, and wears a bolo tie and ten-gallon hat when conducting business at the State Capitol) and it’s as repugnant on its face as your initial gut reaction tells you it is.  Women are not “hosts” and it’s infantilizing to finger-wag and scold them with language laden with terms like “irresponsible” etc etc.  However, even if we were to afford SR Humphrey a measure of charity to which he is barely entitled here and sanitize his language to something more professional and less blundering, I would still claim that this quote exposes a strong double-standard tilted squarely against women…

You know when you enter into an intimate relationship that the possibility exists that you may become pregnant.. … Whether by not practicing safer sex or by failure of birth control, let’s say you get pregnant… I don’t feel you can then just claim, “I want to make my own reproductive choices now [without consulting anyone else, such as the biological father],” when you’re the one who knew this was a possibility at the onset.

Again, for the more low-IQ readers out there or those who are determined to twist the words of other people, let me state that the above is nowhere close to my own views on the matter.  (See well above where I outlined those, and they haven’t changed in the past few paragraphs.)  I am merely adding a more professional polish to the original turd that was Humphrey’s argument.

Let’s take that argument, however, and flip it around.  SR Humphrey wants men to be consulted before any reproductive health care measures can be selected by pregnant women.  He views the matter as not entirely under the women’s field of authority because “they should have known that this might happen” when they first entered the relationship (or whatever form the sexual encounter was).

Pray tell me, then, Mr. Representative, how you would feel about men who knock people up and then demand standing in the subsequent decision-making process being lectured as follows…

You knew when you chose to engage in sex that there was a possibility of one of your little swimmers finding an egg at the end of the day. … Whether or not you were trying to make a baby, it sometimes will happen… I don’t feel you can then just claim, “I want a child!” (or, conversely, “I don’t want to be a father!”) and expect the partner whom you impregnated to go along with that decision.  You knew this was a possibility at the onset and still you chose to shoot between wind and water before you had known what the decisions of your partner might be should a pregnancy arise.

Ultimately, I think this argument makes far greater sense.  At least to me.  It is the man who is intruding into someone else’s life and space and field of existence, both in matters of intercourse as well as (more particularly) in matters of pregnancy.  And while pregnancies can take couples by surprise, the mechanism by which fetuses develop and are born is not a mystery.  Whether or not you were planning on a pregnancy, it’s no shock who is going to bare said pregnancy.  With that bit of information already well-established before anyone orders their third bourbon or exchanges hotel room keys, it should come as no surprise (in my view) that any unforseen baby is going to be on the lady’s turf.

It is the fellow who must accept the fact that he chose to get involved in someone else’s body.  Flipping Humphrey’s words around, I claim that no man can come around later and say, “Wait, wait, wait, this isn’t what I signed up for!”  No, it’s exactly what you signed up for:  to engage in some activities that would have uncertain outcomes for which you may or may not have to bear indeterminate future responsibility depending upon a set of decisions that are going to be made by someone wholly other than yourself.  If ceding all this authority to a woman sounds too risky for you, then for fuck’s sake keep your meat log out of the honey jar.


I have had a lot of sex in my life.  Much of it has been relatively safe sex.  And some of it has not been.  However, in all instances, I went in with eyes open (OK, sometimes slightly blearily open) to the following absolute truths…

  1. The person I was with knew I didn’t want to get them pregnant
  2. The person I was knew that she did not want to get pregnant
  3. Should something unforeseen occur, we had already discussed that we were had no intention of seeing a pregnancy come to term
  4. Ultimately, if we had to cross that bridge, despite having talked about it beforehand, the ultimate authority would rest with her

… that’s my personal definition of responsible sexual practices.

In my ideal world, no sexual decision is one-sided (unless you’re talking about sex with yourself, which is the safest of all.)  In my ideal world, both (or “all” depending on circumstance) individuals directly involved would know each others’ intentions well in advance of any deeply intimate encounters and would not have resorted to any deception or ruse in an effort to advance the course of intimacy.  In my ideal world, unforeseen pregnancies may be momentarily distressing but their outcomes shouldn’t come as a shock to the parties involved because they would have already been discussed and an understanding shared long before they arose.  And, yes, in my ideal world, despite often having a voice in the process, men would have absolutely zero authority over reproductive health decisions.

That goes for the men in the bedroom and the men in the statehouse.

There are a number of wonderful guides for getting the most out of attending the RSA security conference.  SpaceRogue and Violet Blue have written two that come to mind.  Here’s my take on the event thus far…


1. In keeping with all of my previous tradition, I am religiously avoiding the Moscone center with all of my might.  I haven’t been within 4 blocks of it this year.  That’s nothing in comparison to previous years, where I would travel to other cities or even other countries so as to celebrate being as far from the RSA conference as possible.  I’m not doing quite as well this year, having flown into the San Francisco for BSides, but I’m still earning my gold star and free pencil.


2. I started my morning walking around town, checking out the quaint trolleys and enjoying the city.  I don’t think I could ever live here (or anywhere in California, your nutty politics are a bridge too far) but it’s wonderful to have an excuse to visit.


3. I basked in the lovely weather.  I sat in a city park where it seems everyone was getting stoned.  I bought far too many hot dogs from a local vendor.  I enjoyed only one of these bread-borne encased meat logs.  The rest went to local transients who always have the best stories and are interesting conversationalists.


4. I wandered back to the hotel, then prepared some steaks for in-room sous vide cooking.  With the meat and veg coming to temperature in the hot pot, I soaked in the hot tub.


5. The steaks and the such are close to ready.  While the rest of you are up to your eyeballs in bright colors, badly-suited hairdos fluent in douche-speak, and Cyber Cyber Cyber, i’m in a heavenly bed staying still enough to not tip over my wine glass while watching a downloaded episode of Murder She Wrote.


I think I’ve got this whole RSA thing on fucking lock.


I’ll see all of you over drinks and such in the evenings.  Friends and camaraderie… that’s what this event (or any big-dollar con, frankly) should be about.  If you can master that part, you’ll do just fine.



I was invited some time ago to dine at “churrascaria” by an associate.  I put the term in quotes because it is often mis-applied, or at the very least misunderstood.  So let me begin with a clarification for those who have heard two related, but distinct, restaurant terms muddled in the past…

Churrascaria – a “churrasqueira” is a style of BBQ grill used in the preparation of food (typically meats and other proteins) in South America… particularly in southern Brazil, which has a vibrant and venerable ranching culture.  A churrascaria is an eatery that caters to serving this style of meat.  In high-tone establishments of this nature, such as Fogo de Chão, the service is often performed by wait staff who dress in an homage to the “gaucho” rancher folk of southern Brasil.  That service, in an of itself however, is not requiste for an eatery to be a churrascaria.  See below…

Rodízio – when “gaucho” waiters proceed about an establishment offering meat (typically presented and served by means of swords) this is “rodízio” style dining.  Typically offered in an all-you-can eat fashion (many rodízio establishments utilize small cards with red and green opposing sides so that diners can indicate if they are ready for an additional helping) this is often what most consumers are thinking about when someone suggests dining at a “churrascaria.”

So, in a nutshell… churrascaria is a style of food preparation, rodízio is a style of food service.

And, of course, some establishments (particularly outside of South America) are often both.  In the United States in particular, it’s sometimes difficult to find a “Brazilian grill” (a.k.a. churrascaria) that is not a sit-down affair serviced by gauchos.  It is possible, however.  For a more economical evening, many patrons like to enjoy churrascaria food prepared and offered up cafeteria-style.  The Picanha Brazilian Grill in Philadelphia is such an establishment… where patrons order and are served at a walk-up counter and they pay by the pound.  (A article by a food reviewer still managed to confuse the terms there, with the author referencing the smell of “rodízio” meat being prepared on skewers.  If said meat were not merely cooked on but were also served on those same skewers, table-side, then that would be a rodízio.  But that’s not the case at the Picanha Grill in the northeast region of the City of Brotherly Love.)

Fogo de Chão is both.  They cook Brazilian BBQ-grilled meats over a traditional field setup as would have been common in the pastures down south (“fogo de chão” literally means “fire on the floor”) … making them a churrascaria.  And then they serve this food by means of gaucho-style waiters who zip about offering said meat via the very same swords … making them also a rodízio establishment.

Fogo is not the only place out there that serves churrascaria meat in rodízio style.  But, I submit, they happen to be the best.  Thus we return to the above anecdote… wherein I was invited to a “churrascaria” by an associate.  I presumed (since we were in a big city) that it might have been Fogo de Chão, but I didn’t get my hopes 100% up.  I was right to be cautious.  We were slated to dine at Chima.

Chima is a fine enough place, but it is also an exemplar of the very typical problem in the restaurant world wherein establishments attempting to compete with Fogo de Chão miss the mark, often badly.  Pretenders to the crown, as it were, make the incorrect assumption that all Fogo patrons are seeking is south american meat served on swords.  After all, isn’t that what I was going on and on about above?  Well, yes and no.

Fogo de Chão is a churrascaria.  Fogo de Chão brings the food around rodízio-style.  But, and here’s the real kicker, Fogo de Chão is also a high-tone establishment with super stellar service.  You literally get a 4 or higher Zagat-rated experience across the board.  It is fine dining, not just a gimmick.

Allow me to relate some notes about our experience at Chima…

  • We were not handed enough menus when they first sat us.  Not like many folk are ordering odd one-off items at a rodízio, but come on… you know how many of us are present when you prepare to walk us to the table.
  • The servers were constantly interrupting us.  They would approach, see us in conversation, and immediately ask a question or prompt us for something.  If you’re a waiter at a fine-dining establishment, let me clue you in:  If you approach a table and no patrons look up at you, wait silently for a few seconds for them to stop talking.  Even if the conversation doesn’t cease, often the person nearest to you will lean aside to see what you need.  If no one acknowledges you after 5 to 10 seconds… walk away silently and return in a minute or two.  It’s not hard.
  • Almost every dish or side or salad choice was presented with an overly-complicated discussion that no one could possibly follow.  If an establishment can’t convey what a dish or option is in one or two sentences, it doesn’t belong on a menu.
  • We actually didn’t opt for all-you-can eat service.  It was lunch so we each ordered a basic dish.  Our protiens were, we found out later, still going to be served on swords.  A nice touch, but… after we had finished our salads, a pseduo-gaucho waiter brought one person’s entree meat (on a sword) and discovered there was nowhere to plate it.  No clean dish was on the table.  The waiter stood there frozen for a while (I can only hope he didn’t expect one of us to go back to the salad bar to get a clean plate) until something like a minute later he wandered off and found someone who could bring a plate.
  • The table and chairs were wobbly.  If you think a restaurant manager at a high-tone place doesn’t know exactly how comfortable the seating is, you’re mad.  No care was taken here.
  • There was a large “screen” in the middle of the restaurant, projecting various video clips.  I am aghast that anyone felt that a bit of decor suited to a sports bar belonged in a sit-down white-tablecloth eatery.
  • Waiters were constantly plating and clearing dishes from the wrong side of patrons.  No rhyme or reason.
  • One server tried to clear my friend’s espresso mug when he had left the table.  The server looked at me quizzically when I stopped him, asking, “oh, are you not done with that?”  I think he didn’t even understand the coffee wasn’t mine.
  • Ordering additional coffee was an ordeal, with repeated requests necessary to convey that someone who already had enjoyed a coffee would somehow still want an additional coffee.
  • In the end, because of various expense accounts across the whole assembled group, we asked to split the bill.  Now, some very high-tone places do not like this… but here at Chima it was an ordeal just to explain to the waitstaff what we wanted to do.
In the end, everyone’s food was decent.  We enjoyed one another’s company.  But it surely solidified in my mind that Fogo de Chão is in a league of their own when it comes to high-tone churrascaria food served in rodízio style.
Eat well, my friends.  🙂

A recent Twitter spree with noise, Heidi, and many others (most prominently, Rob Jorgensen, Shawnfish, and Jack Gavigan) has me wanting to share a few thoughts (and lots of photos) about preparation of delicious food.  Specifically, steak.

Now, Jack has already made this fine, famous video available and it covers some of the basics perfectly well.  In short: if you get a proper-quality meat, it doesn’t need much (if any) adulteration.  The first rule of cooking any fine food (especially good fish or good meat) is “do no harm” and that predominantly comes down to…

  • don’t over-season
  • don’t over-fire


For this reason, many of us in the above list now opt to sous-vide our steaks (and other protein) since it’s much harder (some would say, near-impossible… unless you’re a colossal assbutt) to over-cook and thus ruin great meat if you’re using a water immersion bath.  If you are not familiar with sous-vide cooking, this video conveys the key details pretty quickly.

Essentially, in conventional cooking, food is exposed to much higher temperatures (externally) than one needs.  In order to get a steak to 125°F internally, it’s over a fiery grill or on a hot stove at anywhere from 300° to 600° … if you don’t time things just right, you’re facing tragically over-cooked meat.  In sous-vide cooking, food is immersed in precision-heated water so that it reaches a target temperature without going over.  The food is placed in a sealed bag so that it’s not in direct contact with the water bath.  This allows the food to retain all its natural juices, vitamins, and flavors.  (Sous-vide prepared foods such as steak are finished in a hot pan for searing and generating a proper Maillard reaction, maximizing flavor)

Once only the domain of restaurants and high-class chefs (mostly due to the size and cost of immersion circulators) now home users can select from a number of very affordable and very easy-to-use sous-vide cookers.  Top among them are:


In addition to a sous-vide cooker, one wants a quality pan in which to finish (or, as you will see in a bit, sometimes prep) the meat in question.  While you can use almost any conventional large pan, it’s damn hard to beat cast iron.  Why?  This blog post summarizes it well…

Cast iron has a higher heat capacity than copper, so it takes more energy to heat a pound of cast iron to a given temperature than a pound of copper. More energy is stored in each pound of the cast iron. Aluminum has a higher heat capacity than iron (it stores more heat per pound) but is much less dense than iron. For a given volume, therefore, cast iron stores more heat than aluminum.

Because cast iron pans typically weigh much more and are thicker than the same size pan in another material, they tend to store more energy when heated. … A cast iron pan usually contains more thermal energy than other pans at the same temperature — a significant cooking advantage. Cast iron has unparalleled searing power because it has a lot of available thermal energy. …

Cast iron is slow to heat up, so it’s also slow to cool down. It is a good regulator. It retains its temperature longer than other materials and won’t produce temperature spikes.

So yeah… cast iron is hard as nails, has great volumetric heat capacity, and has utterly astonishing thermal emissivity (Stainless steel has an emissivity of around .07 while cast iron has an emissivity rating of something like .65) making it perfect for searing your meat.  One of the best (and most venerable) brands of cast iron is Lodge.  This terrific firm, located in America’s steel city of Pittsburgh, has been making cast iron for over a century and they are still the top name in the field, in my opinion.

Both sous-vide cookers and cast iron pans can all be bought on Amazon for as competitive a price as you’re likely to find anywhere.


A Handy Chart

Keep this in your kitchen, it will serve you well.

Meat Cooking Temps

On to the photos and stories! …



This was the scene of my very first sous-vide cooking of a steak.  


As you can see in the above chart, a medium-rare steak should be 135°F inside.  I wanted to try things more on the rare side, so I opted for 127° on the Anova.  At the time I did not have a vacuum sealer, so heavy ziplock bags with the air drawn out (cocktail straw in the bag, lung power to vacuum it, heh) is what I used to contain things in the pot.


The lodge cast iron was hot and I was using beef tallow from Fatworks.  A nice sear was had, but see here…


… i left the meat in the pan for just a little too long on one side and cooking action took place beneath the surface.  Remember, you are not cooking your meat in the pan at the end.  You’ve already cooked the meat, in the sous-vide pot.  All you need is a good sear.  30 seconds, tops, on each side in the hot pan should do it.


I still loved my dinner, as it was.  No sides, no veggies, no other courses.  Just steak and wine.  A fine first go.

Story Number Two


Not many photos of the process here, just the results.  A much more satisfying endeavor!  (And even some greenery on the plate, too!)


The next day, I thin-sliced the remaining steak and warmed it in the pan (with extra sear all around) and added it to breakfast…


“steak and eggs and eggs and steak… that’s what you should eat for breakfast!”



Third Story… My Finest Hour?


I started with a three-pound slab of bone-in ribeye.  This was about 2″ thick.  Awe, yeah.


I got it home to my girlfriend’s place, and prepared her cast iron.  Why heat the pan at this time?  Well, i was trying something that my buddy Babak encouraged: a double sear.  Instead of simply hitting the meat to the cast iron after the cooking process, he told me that sometimes he will start the whole process with a sear against the cold meat.  Then, after an initial Maillard reaction has taken place, the sous-vide bag and water bath can begin!


As you can see, the meat within that immersion cooker is already browned around the edges.  I’ve also dialed down the heat bath to 126°F


After about 2½ hours, the meat was done.  With the fat gelled and tender, we were ready for the finishing sear.  I sprinkled seasoning salt and black pepper on both sides of the meat as I heated the pan.


The pan was hot as hell and had a fine bottom layer of macadamia nut oil.  Just about any good fat will do, but any oils or fats that have a high smoke point work best simply because they don’t turn your kitchen into as much of a caliginous haze once the iron starts getting very hot.


Compare this to the “before final sear” photo and you’ll see the very increased bark around that outer surface.  That’s one fucking hell of a good sear!


And the inside, oh baby.  Two inches thick and pink 100% through.  The sear reaction was exclusively the outermost edge, all around.  That’s just incredible.


This was, and yet still may be even now, the greatest steak I have ever cooked in my life.  It was shared with the family and I had my first beer in months to pair with it.



Fourth Story – A full, ideal meal


I started right away with a hot pan.  Double-sear was the name of the game, yet again.  This time I opted for both macadamia nut oil and some bacon renderings from breakfast for a touch of different flavor.


20-ish seconds per side on a bone-in ribeye that was still cool from the butcher’s case was giving it a nice brown outer surface.


Into the water bath at 125°F with the browned edges all showing.


Side dish #1 for the meal was steakhouse mushrooms.  Sliced cremini mushrooms went into a saucepan containing kerrygold butter, olive oil, a thwack of bacon fat, balsamic vinegar, worcestershire sauce, black pepper, and seasoned salt.  They were left to saute for a while as i prepared…


Side dish #2, asparagus.  I chop off the bottom inch or two from the stalks to make things extra tender upon cooking.  They will be done in a skillet with olive oil, salt, and pepper.


With the immersion circulator going and the sides coming up to temperature, i opted to open some wine.  😉


The mushrooms were starting to give up their water, and more heat was applied with frequent stirring.


The asparagus was looking great and also (because I use a little more heat than maybe I need to) my tongs were employed liberally to stir and re-arrange them for even heating.


nearly two hours in, and that steak was seeming pretty done.  (it wasn’t nearly as thick as the huge cut in the previous story above.)


The steak came out of the sous-vide bag and got a rub of salt and pepper while I got the cast iron ready.


Macadamia nut oil up to smoking temperature…


…slab of beef in the pan, 30 seconds per side and all edges.  See that smoke, smell that flavor!


A magnificent finish and plating.  Perhaps the second sear was a little too long, or of not quite sufficiently a high enough temperature on the pan, since that final cooking process seemed to penetrate a little more deeply than one might require… but only slightly.  The fat was still soft and gelled and the bulk of the meat was perfectly pink.


I put on an old noir film as I ate and drank my wine.


I finished off the meal with a bit of fine dark chocolate.  😉


Perhaps the best part of an evening like that?  Getting all the dishes totally done, going to bed with a full belly, sleeping like the dead… and then upon waking the next morning, returning to the kitchen at breakfast time and having it still smell like deliciousness.  The smoke was almost still hanging in the air.  😀

This one is for my pal Edison, who sold me a terrific new receiver when I moved (at the old house I owned the speakers but my buddy owned the actual head end) and much to my dismay I learned that the antique furniture piece I had planned to use as the enclosure was just a hair too narrow…


Now that might look totally unfeasible, but as it turns out — upon closer inspection — we’re really talking about less than a quarter inch of difficulty.  Lining up one edge exactly and then inspecting the other confirms this…



Edison informed me that it was only out of sheer dumb luck that my old roommate’s receiver had fit in here.  Almost all modern units conform to a uniform size standard and I was going to be pretty screwed, no matter what model I selected.  I debated removing the face plate and trimming it down a bit, then hit on a better solution… it was time for me to break out the belt sander!



It might look ugly in the moment there, but actually once the job was done, very little of that additional craftsmanship is visible once the receiver is in place…




I have to say, overall I’m pretty pleased with how this all turned out.  One day I’ll probably get around to rubbing a bit of wood stain inside where I sanded down the inner side panel, but for now I’m just super happy that the old, wooden end table (which I found moldering in the corner of a used furniture shop back in Philly and then brought back from the dead) gets to still be with me in my living room.

Thanks for the great unit, Edison.  Got it all hooked up and I’ll be dialing in the speakers with the setup microphone this weekend, once I get a cable for the sub.


On twitter recently, a conversation arose between myself and some other lockpickers and locksmiths regarding everyone’s favorite pick tools for everyday carry, typical entry, etc.  I promised folk that I would document my personal gear, and no disrespect to Team #RockAdvocacy, the following are the lock tools that tend to be on or near my person all of the time…


My Main Pick Kit

This is what most folk would expect me to show if I were asked to take out my “pick kit”… it is a case made in the style of the HPC “Superior” kit, but the leather is far softer and I like that the inside is left as a natural suede.  It was obtained from my friend Ed, a locksmith in New Jersey… and hand crafted by a friend of his.  It’s been with me many years.


Unzipping it and looking inside, we find…



… an assortment of various things, certainly not all of which are picks and turning tools.  But every last item in this case has been useful enough to me (more or less) over the years that I keep it in this form pretty much all of the time now.  Let’s take a closer look and I’ll list what’s in there…


… going more or less in rows from the upper-left on down, my zippered leather case contains:

  • a Mini-Jim is at the top left, because why pick a lock if you can bypass a latch?
  • laying on the open case is a key decoder card, similar to these from Pro-Lok. useful while impressioning or just when you want to re-pin a lock or quickly learn key bittings
  • the red-tipped item is a chopped-down Grobet Swiss #2 file half round, for impressioning and other small work (like making a bump key or adjusting small parts or bitting cuts. I use it a lot actually)
  • LAB brand small-size pinning tweezers.  These were a gift from Clay, the owner of Lockmasters and S&G, when he couldn’t bear to keep watching me re-pin locks by hand with nothing but a half-diamond and my slotted wooden dowel follower.  I insist that I was doing just fine that way.  😉
  • a Peterson American Lock bypass driver is seen, with blue tape covering the spot where the plastic dipped handle has chipped away over the years.
  • the next row begins with a two-pronged Wishbone style turning tool.  Lots of folk don’t like them, and I seldom need it, but I like having it.  It doesn’t fit well next to the other turning tools, so off on the left wing it lives, next to…
  • my keyring full of wafer jigglers, warded lock tools, and the decoder for my convertible 7-pin/8-pin tubular pick (kept in my other kit, below)
  • a Traveler Hook (a.k.a. Shrum/Loiding tool) is seen with a green finish.  you won’t see that in anyone else’s kit because there are no others exactly like it (in green) but similar ones are available online.
  • starting the next row is a small wooden dowel that I use as a plug follower when servicing locks in a non-serious way.  solid core and no lip on either end, that makes it perfect for me.  i’ve carved a small notch slot in the wood (with the Grobet file) and that’s all i need most of the time.  One layer of blue painter’s tape made the surface smoother and fits it nice and snug into almost all typical plug housings
  • Bobby pins with the little balls cracked off of their tips are great for demos of improvised handcuff tools (or when you need to un-set a double lock on a handcuff)
  • Most of the time, the handcuff shims right next to those pins are all I need, however.
  • I also keep one of the tools that some outfits call an “EZ Decoder” but I simply refer to as the “Master 175 bypass blade”
  • A thin sliver of metal can be used to rear-shim a lock during disassembly, and next to that is a tiny S&G safe dial spline key… good to have when you really need one!
  • What remains in the kit photo, therefore, are my pick tools… and there aren’t a lot.  One medium-sized hook, a half-diamond, and three rakes (one classic Bogota and two long-handled faux-gota picks) are kept in there along with over a dozen turning tools… and each one is slightly different than all the others.  I find the best fitting turning tool possible in whatever scenario I’m facing and go from there.

Now, there are some times when it’s really useful to have a larger item that can’t fit in this case.  Hence, in my backpack (where this above-kit lives) I also have this auxiliary pouch…


Auxiilary Tool Pouch

This leather-ish velcro-flap case was probably originally for sunglasses or something like that…


… now it contains…05-aux_dumped

… so that is an assortment of items that are sometimes useful (both for entry work as well as field-servicing tasks) but I can’t fit them (or choose not to attempt to stuff them) into my “main” pick case.  In any event, the above items (both the main pick kit and the auxiliary tools kit) live in my backpack most of the time, and aren’t typically in my coat or in my pants pockets.  However, I will in all but the most RARE circumstances, always have picks on me.  Let’s move on to…


Pocket Carry Kit

The following item is almost always present in the hip pocket of any pants I’m wearing…


… fashioned from an old leather cigar case, I use this mostly to prevent my everyday-carry flashlight (a Klarus XT2C) from flipping sideways in my pocket and being uncomfortable.  This little leather case allows me to easily manage the flashlight, a small lip balm, and also what we’ve come to call my “golf bag” pick set…


… so-named because of how the beige tube (fashioned simply from gaffer’s tape with a tiny rare earth magnet in the bottom) looks with all the picks and turners sticking out the end.



… honestly, the “golf bag” pocket kit gets far more use from me than my “main” pick kit does.  Why reach into my backpack in order to open a lock when chances are I have all I need in my pocket?  This little kit contains…

  • one faux-gota pick (the only full-size pick in this little case)
  • a double-ended medium hook and snake rake (rarely used)
  • a chopped-down HPC half-diamond
  • a chopped-down thin stainless steel half-diamond
  • a chopped-down HPC medium rake
  • over a dozen turning tools in a wide range of thicknesses and styles (some unbent)

… yeah, 9 times out of 10, when I want to get something open, that little pocket kit is enough for me to do it.  I can always turn to the leather zippered case since my backpack is often around (especially at cons or on jobs) but I usually don’t need that.

On the off chance that I don’t have my “pocket holster” as the above-seen brown leather item is sometimes lovingly called (maybe I’m in a suit at a formal affair, let’s say) I will always have my wallet on me…


Wallet Carry

Underneath my licenses and credit cards and other blah blah in my wallet, there are some other tools that I always keep beneath me when I’m seated.  😉  They tuck in small extra pockets, some of which I’ve stitched into the lining, etc…


… these last-ditch “wallet carried” tools include a TOOOL Emergency Pick card behind my credit cards and the following items slipped below my license…


  • A “Husky Head” tool – once available in the 70’s and 80’s, this awesome little item is sadly discontinued now.  Check eBay or vintage sites for them.  It was a keychain that would work well with large or small screws, both phillips and flat-head.  Is it as perfect as a proper screwdriver?  Of course not.  But it’s flat as flat gets.  And that’s enough to make it worthwhile.
  • A diamond wire blade – never needed to use it, but SERE pick sells a LOT of them for a good reason!
  • titanium Bogota pick (triple hump only)
  • titanium flat metal stock converted to a simple turning tool
  • titanium cuff shim (split pawl style)
  • S&G new style cuff key (which I should really get around to converting to a TOOOL universal key)


… so, there you are!  Those are my various “everyday carry” lock tools.  It’s more than most folk might tote around, but less than you see in a lot of “ultimate” kits that contain way too many items, in my view.

These items, carried in the way I have described, have pretty much always guaranteed that I never complain about wishing I had something but not finding it on me.  Well… every so often, I wish I had a plug spinner.  😉




While having a discussion with a close friend recently, the topic of bug bounties came up.  She asked me what I thought was a reasonable price range.  I learned from discussion with her as well as discussion with others that the physical security world is massively different from the IT world in this sense.

Often in our lectures and trainings, we draw a parallel between the physical and digital realms.  The same principles apply, the same kinds of errors lead to the same risks and the same lessons learned.  However — and there’s really no getting around this — the cost to repair/upgrade/patch physical systems tends to be much, much higher.

For this reason, manufacturers of locks, access controls, and other physical security technologies are much more loathe to even discuss (let alone disclose) vulnerabilities with the public.  Likewise, because of the very long persistence that physical bugs tend to have (even when they do become public), this sort of attack vector can be weaponized to much greater effect.

While bug bounties in the software world tend to float around the low four-figures (although occasional high-four-figures and five-figures do happen, and sometimes garner a bit of attention when they do… and six-figure bug bounties have existed very, very rarely) I took the position that just about anyone whom I know in the physical security world would scoff at numbers in the $1,000 to $5,000 range.  Well, perhaps not scoff, but most assuredly we would consider them almost comically low.

In the realm of physical security exploits and the development of tools that leverage such vulns (a development process that often entails far more cost and time than the writing of proof-of-concept code for software bugs) this kind of research often commands five-figures at a minimum.  Such deals also almost always entail NDAs and other very strongly-worded agreements to effectively never publicize said research.  Put plainly, if a physical security researcher finds a flaw in a high security lock, the market for that work tends to be either governments or private firms with deep and often shadowy connection to government operators.  A working tool that can be used to attack a physical security system often commands far more in the private realm than a designer would ever hope to recoup by bringing it to market publicly through retail channels.  Add that to the fact that most designers and vendors in the hardware and physical security space aren’t courting researchers with fiscal rewards, and this leads to a LOT of hardware bugs (lock flaws, access control system hacks, safe manipulation tools, etc) never being revealed to the public at large.

Let us make no mistake, the government and the law enforcement are interested in your data, too.  Their eyebrows perk up at the notion of software flaws and privilege escalation within networks or computers… but what really gets a lot of spooks and police salivating is the chance to surreptitiously enter physical relams.  Intelligence gathering, eavesdropping, sneak and peek work, etc… all of this is based greatly around physical access, and that means possessing attack vectors against supposedly high-security lock systems which the public believes to be immune from vulnerabilities.

Unless physical security vendors consider offering genuine bug bounties (something that is far from likely if they aren’t yet even interested in public disclosure of discovered flaws) the only avenues for researchers are going to be:

1. public disclosure simply for the sake of the community and for the fun of speaking at hacking and security conferences

2. private sale to governments who will undoubtedly use this knowledge for purposes of surveillance and covert entry

So, give a cheer for every hacker con which accepts a talk with a physical security angle.  The speaker may have turned down considerable funds in exchange for being able to present to you.  And the topic areas, while sometimes not-the-norm, are far better aired publicly than kept quiet.

NOTE – This post was not supposed to turn into a “let’s pat ourselves on the back here in the phys sec world” diatribe, so forgive me for that.  Still, I’m pleased to be able to report that — as of the time of this writing — The CORE Group has never accepted any offer of keeping research private in exchange for money, access, or favors.  Our works are always either portrayed publicly and/or disclosed to the original vendor so they may endeavor to correct said problems.