Skip navigation

Well, i finally made it.  I’ve completed another House of Cards marathon.  This one wasn’t as rapid and blitzkrieg-ish as the first or second season was for me (both of which I’m fairly certain I watched in almost one or two sittings… just powering though.)

This season, however, I just kind of got to it as I found the time, on this recent business trip.  I wasn’t watching each episode one after the other, as if I couldn’t look away.  No, this time… it became just a long, awful, grueling slog.  I just wanted to see it through, like having chosen an awful hiking trail, yet not being willing to turn around and head back to the car but instead pushing on to the next shelter or campsite because… well… it’s just something you feel you have to do.

And, as any hiker in that situation can tell you, the mix of feelings and emotions that overcomes you at the end can be gut-wrenching.  This blog post is part of my necessary catharsis.


Phew… I am done with watching House of Cards.  And I do not just mean in the sense of completing season three.  I am done for good.  Yes, I know they left it (as they so often do) with such a compelling plot point as to coerce people to tune back in next time.  I don’t give a single damn.  Do so if you want to see what happens.  Me… I’m out.

How can I react that way, given the last episode’s breaking updates and everything left on edge?  It’s easy: I no longer give the smallest shit about any of the characters.

Let me explain it this way.  Were I to start viewing season four — for reasons beyond understanding — imagine the first episode were to just be a cold-open set in a hospital or medical center.

[indistinct voices over a tinny PA system, paging some medical tech to another floor, etc]

[camera shot looks through the cracked door of a specialist’s office, as we see her at her desk, looking at files and addressing a character who is out of frame, but clearly seated across from her… the camera pushes in and a tracking shot brings us into the office where the discussion is taking place. There is a severe look on the doctor’s face.]


Doctor: “I know this comes as a shock.  But we’ve checked it twice.  I’ve even sent one more sample to the Jennings Institute in Atlanta, but at this time we have no indications that they will come back with a different result.  I’m sorry, but the evidence is clear.”

[camera pans down slightly, as to showcase more of the chart in the doctor’s hands.  the top of the image still frames the lower-half of her face, and we see her mouth as she reads the diagnosis]

Doctor: “You have cancer of the AIDS of the eyeballs.  And it’s inoperable.”

Then I imagine the camera makes a rapid yet smooth track toward the doctor’s side of the desk, and pans directly across to reveal seated before her…


I honestly could not goddamn care.  I have so little empathy, sympathy, or even general interest in ANY of the characters on this show, that my reaction to such horrific and life-changing medical news for them would be a resounding, “meh.”

Remy has eye-AIDS-cancer?  Meh.

Claire has eye-AIDS-cancer? Meh.

Doug has eye-AIDS-cancer? Meh with a side of karma.

President Underwood has eye-AIDS-cancer? Meh with half a chuckle.

Jackie Sharp has eye-AIDS-cancer? Double Meh.

Heather Dunbar has eye-AIDS-cancer? Meeeeeeehhhhhh.

You could put any one of this show’s dozens of characters into that (ridiculously contrived) opening sequence in the very first moments of season four and I would feel utterly nothing at all for them.  The camera could linger on their face.  The highly-trained acting talent of so many quality actors on this program could be aptly applied to the ever-so-subtle slightest microexpression that crosses them.  All of the tremendous production values and talent of the people who are behind this program could be poured into that opening scene.  And I wouldn’t give a single damn at all.

The fact that I don’t care a jot about anything or anyone on this show anymore should come as a relief to me.  I don’t have to watch.  I utterly LOVE cutting TV shows out from my life.  I never got into Breaking Bad.  I’ve written off Mad Men.  I barely bother downloading Family Guy or the Simpsons anymore.  I celebrated the ending of the West Wing.  With each show that ends (or gets the kiss-off from me) I have more free time and I’m thankful.

So why don’t I feel so exuberant now?  Because season three didn’t just turn me off from the future of House of Cards.  It was so underwhelming as to literally taint the previous installments.  The first two seasons were a triumph.  The ending of season two, with Frank behind the desk in the Oval Office, rapping his fist twice on the Resolute wood… that moment was untouchable.  And now, it’s like they’re all just compromised to me.

Ah well, I was raised Catholic.  And before I left the church long, long ago… I learned of the power of self-persuasion and the ability to put on blinders so tightly as to convince oneself of a fiction that you just need to be fact.  Now, I was never one who actually bought into all that bollocks… but maybe, just maybe, if I try hard enough I can forget that season three ever happened.

Hell, if the fans of The Matrix can believe in their hearts that two sequel films never actually took place, maybe with enough will power (or enough whiskey) I could blot out this season from my mind.  And, one day in the future, if someone asks me if I enjoyed House of Cards, I could honestly answer them, “Yes.  It was quite an amazing show, those two fine seasons it was around.  And to end the way they did… with that swelling music score and ghastly foreshadowing of a presidential administration to come.  I’ll never forget that final scene, as we looked right into Kevin Spacey’s eyes and he looked into ours.  Rap Rap! on the desk… smash-cut to black.  A perfect ending to the show that redefined what it meant to distribute new and fresh content in the digital age.”
(And then if they start to protest and try to say anything about a third season or anything that may follow, I could always Catholic it up just a little bit and stick fingers in my ears, walking away saying, “La la la la la, I can’t hear you, la la la la!”)
P.S. – Correction.  If for some sadistic reason the writers were to give Old Freddy (the ribs joint fellow) Cancer of the AIDS of the eyeballs, I would feel something.  But I still wouldn’t watch the next season.

This short rant is probably unnecessary, given that anyone who sees this post will probably either (a) instantly agree with me, thus obviating their need to actually read this, or (b) not think there’s any problem with this behavior, in which case my words here aren’t likely to help them improve themselves… or help them find a fire to jump into.   (Pity, because either of those actions would benefit the rest of us massively.)

It’s 2015.  We all have smartphones.  They all have cameras.  With that great power comes great responsibility.

Most people understand that it’s not polite to whip out your phone and attempt to photo something in, say, a restroom.  Many people have learned that their friends online probably do not need to see pictures of every single comestible about to be put into someone’s mouth.  However, time and time again, I encounter one incredible failing of social grace that seems to persist even while most people are learning all other forms of smartphone etiquette.  So I must ask the question…

Why are some of you jackasses trying to record concerts and other performances??

I understand that you may be particularly pleased to be experiencing melody, dance, and voice to your liking.  I understand that you may wish to preserve this moment so as to experience it later… but that is why we have cognition and memory.  Please use your own evolved human brain and remember the performance by simply paying attention to it and enjoying it.  You’d think this would be obvious, but that is not the tactic employed by so many people.

Nowadays, no matter the venue or the genre, it’s not uncommon to see one or more jackasses holding up smartphones and attempting to record the event, ostensibly for later viewing…

Recording Performances with Smartphones


Of course, there are a number of problems associated with this idiotic behavior.  Let’s make a short list of them here…

1. Doing this bothers everyone else

2. Doing this means you are not actually paying full attention to the performance you are spending the time (and probably money) to attend

3. Doing this yields invariably shitty results

4. Doing this is often unnecessary

Please take these criticisms to heart and understand that everyone else in the theater (at least, everyone behind you) hates you when you are holding up your smartphone or other device.


1. Doing this bothers everyone else 

I’m going to borrow a line from Maddox when it comes to the use of phones or pretty much any other kind of technology in a darkened theater…


No matter how much you think that you have turned down the brightness on your screen or how well you are attempting to hold the phone close to your body (which almost no one actually even makes the effort to do) it is painfully bright to everyone else behind you.

You think that your phone looks like this…

What you think

When in fact it looks like this…

What we see


2. Doing this means you are not actually paying full attention to the performance

Many of the photos in this blog post were taken by me (yes, I realize the irony… but understand that I was actually in the back of the theater) during a performance by the famed Irish musician Danny O’Mahony who had traveled all the way to Montana.  This was a rare and wonderful opportunity to hear a talented and worldly performer and storyteller.

Yet, during the evening, there was no shortage of jackwagons with their smartphones and cameras, attempting to record.  One woman was so painfully inept that she spent the better part of the evening scrolling through menus and configuration settings on her phone while almost never successfully recording anything that she wanted to…

Idiot woman

… and another man in front of her was attempting to only record the song segments of the evening, but this meant that he had to hustle and shuffle around at the start of each piece, attempting to unlock his phone and start the video footage.  He was cutting off between 5 and 10 seconds at the start of every song.

And then, as if to put a cherry on top of this shit sundae, down in a front row we got to see… iPad man.

iPad man

If you thought smartphone people were the worst in public, you were wrong.  That honor goes to the more elusive but also more idiotic creature known as iPad man.  Using your iPad as a camera (or a videocamera, no less) in public is just about the most inconsiderate thing you can do to others.  The massive screen is not only brighter, its sheer size makes for blocked views behind you, too, due to simple geometry.

iPads are our generation’s Fanny Pack… no one looks cool with one out in public, and the fact that they hold more than what you can put in your pocket means that the most gauche among us think they’re the greatest thing ever: capable of storing loads and loads of crap that no one needs or wants, and allowing you to collect more along the way.


3. Doing this yields invariably shitty results

Travon Free said it best during an old installment of The Gentlemen’s Rant


No matter how steady you think your hands are or how great a view you have, etc etc… nine times out of ten, any recording that you make on a smartphone during a concert or other performance in a theater space is going to turn out like crap.  The lighting will be severe, the resolution will be blurry, and almost always the sound will either be muffled or full of clipping due to levels that aren’t right for your shitty little microphone which your hand is blocking half of the time.

Regardless of the quality of the recordings, I’d wager that most people aren’t even going to bother playing those clips in the future.  Not for their own pleasure, not to show friends, not for anyone.  These are just recordings that will take up space on their device, and which bothered everyone when they were being filmed.


4. Doing this is often unnecessary

This would be the most hilarious part for me, if it weren’t quite so sad and annoying.  Many, many musicians and other performing artists nowadays have roadies (or just good friends) with professional gear and genuine skill who record their performances for them.  That was even the case during this concert in Montana…

professional recording

…when it was all over, I shared a laugh with the cameraman who had set up in the back corner and had captured the entire performance with a long zoom lens and board-level sound input.  This kind of set up is no longer the exclusive purview of headlining bands that sell out stadiums.  Check your local artists’ youtube or twitter pages, chances are the have recordings of the shows that you attended.  It’s very possible to enjoy can enjoy the melodies and lyrics again and again without having to bother anyone around you.

So, please… if you’re the type of person who feels inclined to whip out your smartphone and record during a concert (even just for a song or two), STOP.  Just stop.  The results are ass and you are annoying the hell out of everyone else.

If you really, really want to enjoy the concert after-the-fact and your mind is too addled and fried for you to remember it with sufficient clarity, contact your artist and ask them about a recording.

Or, do what all proper dedicated fans do at shows where crowd recording is encouraged (hint: it’s the same thing plenty of dads did back in the 80s and 90s with their camcorders at school plays and the like)… position yourself in the very rear of the theater and learn how to document a show properly.  You may not be 100% “present” for the performance as it happens, but at least then you’ll have a fighting chance of producing a recording that is worth something to you and others after-the-fact.

Or maybe it won’t be, because you’re a nimrod and can’t operate your camera.  I don’t care either way.  Just stop doing it in front of the rest of us, lest we start resorting to pouring drinks on your head “accidentally” when we get up during a break.

So, i cannot believe the volume of tweets and discussion that this all generated.  🙂  Loads of people replied to me on Twitter (that link is just one of about a dozen conversation threads that rattled away) and the answers I saw were wide-ranging.  Of course, there were more follow-up questions than there were actual answers, i think.  🙂

People disagreed if the distances should be calculated based on surface travel or as the crow flies.  The great-circle theorem and Haversine formula were linked.  We all mentioned that moose do not fly.  Someone asked about the moose stealing a plane.  The question was clearly phrased with the words “running” and “walking” and no moose-bearing plane could fly at those low velocities.  Someone asserted that moose COULD fly and someone started working on art to show this.  Someone else asked about the forward surface area & air resistance of an adult moose.  My house mate responded that this should already be presumed to be factored in.

On the ground routes, people disagreed over whether the moose would use Google’s walking or driving directions for route planning.   I stated that while I hadn’t considered that, the photo in my blog post clearly shows the moose on a road, near a car.  Someone asked if that was just a moose CROSSING a road.  Bruce Potter brought up the issue of moose and swimming.  Noise and Aloria both asserted that moose do not proceed across the landscape with any urgency and often stop to rest and eat.  People discussed whether a moose could hijack a car.  Someone else asked about a moose with a jetpack… clearly irrelevant, but now that’s all I can picture in my mind and I wish to see Congress appropriate funding for the development of this technology.

And there were no shortage of people offering theories involving the Philadelphia (or, alternately, the Cleveland) moose being drunk, a brawler, or eager to leave his or her own city faster.  Space Rogue pointed out that neither city is part of the natural range of any moose so that the moose “From Maine” is the winner because that moose actually exists.  It was also pointed out that I did not specify which Cleveland in my original question.

I was inclined to give a prize to Carl Numbus…

But ultimately, here is how I was calculating things…

Cleveland, OH moose has to travel 369 miles and at 25 M.P.H. this takes 14.76 hours
Philadelphia, PA moose has to travel 138 miles and at 10 M.P.H. this takes 13.8 hours

ANSWER: the Philly moose should get there ~58 minutes sooner

It turns out that the first person to actually tweet to me was the one who came the closest to the answer I was expecting.  He followed-up with the answer in minutes shortly thereafter and was therefore declared the winner in my book.  He can email me this week and purchase a spare ticket I had grabbed for face value.

Thank you to everyone and I’ll see you in Washington, D.C. this January!




– — —– ———-[ ORIGINAL POST ]———- —– — –

Two moose are going to ShmooCon.


Moose 1 runs from Cleveland to Washington D.C. at 25 Miles per Hour

Moose A walks from Philadelphia to Washington D.C. at 10 Miles per Hour

If they start at the same time, which moose gets there first and by how many minutes do they beat the other moose to the finish?  (Plus or minus 5 minutes)


First person to tweet the answer to me gets to buy a spare ShmooCon ticket at face value from me.


Thank you to everyone who reached out to me, helped spread the word, helped re-tweet, and did things I don’t understand on the Facebook, something of which I am not a user.  😉  Extra big thanks to Heidi Potter whose exceptional efforts in spreading the word came to the attention of some other hacker friends elsewhere in PA.  Their cat has been lonely ever since her companion bunny rabbit in the house passed away.  They reached out and so lovingly offered up a home for Chico and Mouse Face.

The actually process was nothing short of a catastrophe, thanks to the badly-managed and logistically broken SPCA here in Pennsylvania.  Despite making all arrangements with the Philadelphia office to have the cats held and waiting for their new owners on Friday, things went awry.  The new folks were driving all the way down from the Poconos to meet me in North Philly at that SPCA office when I learned that, with NO explanation, the cats had been MOVED many hours away.  So, abruptly and after having almost made it to Philadelphia, they pulled off the road, I spent time on the phone, and we tracked down the cats like prisoners who had been mistakenly lost somewhere in the DoC network.

In the end, we all arrived at the Danville, PA SPCA and it was so dysfunctional that over an hour passed before things could be completed.  The administrative “do not adopt out” holds that had been placed on the cats’ files could not be removed, then the staff kept attempting to attend to dozens of other odd tasks at the same time, and even (surreally) a farmer and his wife came in and started trying to talk to everyone present about a sheep theft from their farm.  This was a case of over-worked staff trying hard to do “everything” at the same time and ultimately doing nothing at all in the process.  Eventually, we took matters in to our own hand and took the carriers back to the holding areas and sprung Chico and Mouse Face from their cage.  They were so scared.

This is the most morally-conflicted part of the tale for me.  I mean, I love the SPCA and the work that they do and I am SOOOO grateful for the organization’s No Kill policy, but let’s face it… it’s kind of a hell hole back in those holding areas.  There are just row after row of huge barracks of cages.  All the animals are stirred up and constantly yowling and yapping and howling.  It’s really like some sort of awful jail to them, where everyone is shaking and unsure of what’s going on.  Chico immediately ran into my arms when I popped the lock on his cage.  Mouse Face was initially hard to find… he had hidden himself beneath all of the bedding and cushions in the cage.

In the end, we got them secured and finished all the paperwork, petting them the whole while…




And, many dollars in fees later, my friends were taking them home.  Getting a photo sent to me later that evening showing my pair of cats resting comfortably and undisturbed on nice chairs like regular pets set my heart glowing and lifted a tremendous weight from my shoulders.

cats home

Despite all its logistical failings (and the stories we heard from staff and patrons while waiting were manifold… Transport services often moves animals incorrectly, people lose paperwork, medications are handled incorrectly, etc etc etc) the SPCA is a wonderful organization and deserves our support.

And, of course, if you are thinking of bringing a new pet into your home… please consider adopting from shelters or other services where animals without homes are waiting for you.

Thank you.  And thank you to all my friends who helped make this one of the best Holiday Seasons ever for me.

Much love to you all.

– — —–[ ORIGINAL POST]—– — –

As some folk who know me are aware, I am the owner of two adorable and friendly cats — Chico and Mouse Face — who deserve more love and attention than I can provide at this time.  When it was me and my then-girlfriend, someone was always around.  Then it was just me, plus other housemates from time to time.  Now… it’s just me.  And I am out of the area (and out of the country) more and more every month.  My time is becoming divided between D.C., Montana, Europe, and the Middle East.


chico 01


Because I am spending as much as half of my time overseas for the foreseeable future, it was undeniable that this was not fair to the cats or to any friends whom I would ask to look after them when I’m away.  I was forced to seek a new home for them where people were around more often and they would not get so lonely.  One friend pitched in for a while, because he shelters animals with no place else to go.  In his tiny 2-bedroom house he was caring for 5 cats but still agreed to give Chico and Mouse Face a good home.  This arrangement was imperfect, but for the past few months it’s been what we had to do.

mouse face 01

Mouse Face


Now he is forced to take on an 85-lb Labrador pup because of an owner who was urgently called out of the area on a legal matter.  The situation at his place reached a breaking point, and my cats had to move on.  After trying for weeks and weeks to ask anyone whom I knew, it was clear that we were out of options.  With the dog deadline day looming, the hardest thing I can recall doing in my life was to take Chico and Mouse Face to the SPCA and offer them for adoption.  The PA SPCA has a no-kill policy and Good Home Guarantee if the pets meet proper health and personality criteria.  Many medical tests, many fees, and many tears later, they were being accepted back to their new cat condo in North Philly.

Because they are a pair, that means they get a little more space at the shelter.  But it might also be harder to place them.  So I am turning to the Internet for help.


kittens 01


These two cats are both almost 8 years old and from the same litter.  They squabble on occasion but always make up soon after.  They are both fixed and have clean medical histories.  I will supply their new owners with treats, toys, and also their hardware.  What hardware?  Well, these two cats use an automated feeder that dispenses their servings at the right time of day and a water fountain that recycles and cleans itself.  My buddy also still has their pet carriers.  All you’d need to provide is love.

If you are from anywhere in the tri-state area or even as far north as New York or as far south as DC, I would totally make it cost-neutral for you to adopt these two lovely, lost souls.  I will cover all fees at the SPCA, help you with mileage to and from here, and even take you out for a meal (I’d want to do that anyway, to get to know you.)

If anyone in the hacker or tech community is willing to open their home to two little animals who need more love than I can provide, I can’t say what a difference that would make for my Holiday Season.  It’s all I want for Christmas.

Please feel free to email me anytime…



I’m totally not above trying to play on your emotions here.  So allow me to just say: here are my two cats looking up at you, hopeful that your home would be right for them…



And I’d like to tell you a little bit more about them.  Chico loves to explore in order to find new places to investigate…

2012-03-22 16.05.34

… and Mouse Face loves to explore in order to find new places to sleep…

2012-02-12 15.05.32

… Chico likes to sleep, too.  But his favorite sleeping spots tend to be under covers (see the white feet sticking out)…

2012-01-16 14.36.21

… some of Mouse Face’s favorite spots are boxes…

2012-01-24 13.04.21

… but what cat doesn’t like boxes?  Chico also appreciates them sometimes…

Chico in a Box

… Mouse Face always gets told how a brave and well-behaved he is, even on trips to the vet…

2012-10-05 15.36.00

… but mostly these two just like to lounge and stretch out and spend their day sleeping. Next to people if possible, but on any soft surface is all they ask…

2012-11-07 8.06.29

… well, that and tummy rubs.  If you see this inviting pose…

2012-02-23 13.58.50

… then you shall know immediately what time it is!


Please let me know if you think you have extra belly rubs to give to deserving cats this holiday season.  Thank you.

In mid-November, Twitter follower Kevin Anderson asked me about a firearm lock box product called the GunBox.  Every now and then, because of my general interest in teaching and presenting about firearms and gun technology folk will reach out with such questions.  Often, the safe and lock box inquiries come my way because of a presentation I gave at DEF CON 19 regarding the relative security (or insecurity) of many popular firearm lock boxes.

According to the manufacturer’s web site, the GunBox “has cutting edge technology, state-of-the-art design, and incredible features that make safely storing firearms with quick access a reality” and it is “the ideal way to Defend Responsibly.”  As you will see from the analysis below, while the GunBox is as effective as any other low-cost firearm lock box (most of them retail in the $150 – $300 range and the GunBox is within this zone, albeit on the higher end) at preventing a toddler from accidentally laying hands on your gun and having a terrible accident, it is not at all suitable for long-term storage or for deterring criminals or even curious teenagers.

The staff who monitor the GunBox’s Twitter account were not keen on discussing how their hardware functions, but it becomes apparent from the moment that you open up this unit how their lock (and also the bypass/override method) works.  Honestly, this is the first thing you see when the lid is open.  I didn’t even have to take the internal compartment apart or pull back any rubber or plastic elements.  Because the bypass method is so painfully obvious, I do not have any real ethical qualms with documenting it here.  The manufacturer is more than adequately aware of how this works and (it would seem) has no plans to change how this feature (or “vulnerability” depending on your point of view)  is implemented.


Amazon has this item available via Prime shipping, so the unit actually beat me to my house.  I ordered it a couple of days before flying home from the Persian Gulf and it was there when I arrived.


Upon opening the unit, one immediately can see the latching mechanism that keeps it shut when closed and locked.  There is a small peg with a metal cone on its tip sticking up from the base…


… and this peg interfaces with a pair of sliding metal plates in the lid that form a hole which can expand and contract via spring pressure…



As the lock box can be closed just by pressing the lid shut, one can immediately discern that the metal plates slide apart simply by any force acting upon them.  The lock and circuitry mechanism is not needed to cause them to move…




As mentioned by the GunBox folk on Twitter, the unit ships with a small hex head Allen key which can be used to bypass the main locking mechanism and open the box if other methods fail to work.  While the conversation they had online was intentionally vague, they attempted to indicate that the Allen key was simply “the tool that is used [to access the bypass hole]” and they went on to state that “the manual override is not that simple.”  This is patently false.

Yes, the hex head bit is used to remove a small set screw in the bottom of the box, exposing the bypass hole.  After that, however, the same exact tool is inserted and simply wiggled from side to side.  That is all.  That’s the entire attack.  The shaft of the Allen key interacts with this small slot on the metal plates…


When we opened up the box and look at this, you can see that we figured it out in seconds.  The following video (which was Take One of the whole analysis) shows the process unfold.  Not only did we figure out the attack in short order, but it was trivial to perform.  It took me about 15 seconds to seat the handle of the Allen key in the correct slot the first time, then 5 seconds later the box was open. Subsequent attempts took under 10 seconds total.  It’s a process of (1) insert, (2) rock the handle of the tool toward you and therefore angle the inside tip of the tool rearward, (3) find the bypass slot in the metal plates, (4) press the tool to your right and therefore disengage the upper plate which moves to the left inside the box, (5) press the tool to your left and therefore disengage the lower plate which moves to the right inside the box, (6) the box is open.


(If for any reason that video becomes unavailable on YouTube, I’ve also uploaded it here on Vimeo)


There were quite a few things that I found disturbing about this whole process…

1. This entire bypass process was monumentally trivial to discover and to perform.  The fact that anyone could speak of this as though it were some massive secret is astonishing.  The bypass hole and the slot in the plates where it is performed are immediately visible to anyone operating the safe or even just glancing at it when it is open.

2. There is no evidence at all that the bypass is used.  The safe doesn’t appear to have any logging functionality if the latch is released manually.  The small set screw could be secured with a tamper-evident seal (although, as The CORE Group will tell you, tampering with security seals is often a very valid attack vector, as well)

3. The unit does not alarm if the lid is made to open up without any valid credential or token associated with that event. (For instance, by bypassing it.)  There is no reed switch or contact switch to tell the GunBox if the lid is open or closed.

4. In general, it was surprisingly hard to actually set off the “tamper” alarm at all.  I could not tell what manner of conditions cause it to beep, but as you can see in the video a lot of jiggling and banging did not set it off.  Apparently, only totally tipping the unit vertically seemed to cause the alarm for me.  Maybe I was doing something wrong.

5. The fingerprint reader and RFID tag appeared very unreliable in their operation.  Again, I’ll leave it to GunBox to respond… maybe I was making too many repeated attempts with fingerprints and mis-reads of the RFID tag and this caused some kind of delay/timeout period to trigger.  In general, however, I would most assuredly NOT trust my safety or my family’s security to this unit during a tense situation when a firearm was needed quickly.

6. The RFID technoloy used looks highly clone-able.  Babak is still in the Gulf for another week, but once he gets home we’ll test the RFID tokens out with his ProxMark.  I’ll wager dollars to doughnuts that these RFID credentials have zero protection against cloning and copying.  That will constitute Part Two of this review and analysis.


Beyond all that, the unit appears to be your run-of-the-mill firearm lock box.  It is spacious enough to store one (or more) pistols or revolvers of adequate size…




… and I even hit on an interesting phenomenon: when I had two of my H&K pistols in this box together, they obscured and occluded the bypass hole and made it unfeasible to perform the manual override opening technique…


… of course, given how shaky the fingerprint and RFID readers were on the GunBox that I was testing, I don’t know how wise it is to lock up any valuable pistols with the override disabled.  😉

Honestly, though, if I were forced to choose between a lock box that offered almost no protection versus a box that was unreliable but had no bypass opening, I’d probably go with the latter.  Were I to own a GunBox, I’d use some ThreadLock (the red permanent kind, not the blue light-duty variety) on that little set screw and feel a lot better about the unit.  But that’s if I were somehow forced to use this.  In the end, my plan will be to let my buddy tinker with the RFID controls, then box it all back up and return it to Amazon.  The folks at GunBox have stated that they “do not want everyone knowing the manual override” but I can’t imagine how anyone would predict this information not becoming public.  They have taken utterly no steps to obfuscate or protect the bypass feature.  Ultimately, of course, security engineers know that the best way to prevent details of a backdoor in your system from becoming public is to not design a bypass in your security in the first place.

Personally, I’m very happy with my MicroVault and LockSĀF products, since I’ve modified their manual override locks for greater protection and robustness against attack.  And that’s just for times when I need a quick-and-simple solution in my home or my car for carry pistols.  Essentially ANY small firearm lock box tends to be something designed first and foremost to prevent little hands from causing a negligent discharge and then –only secondarily– to guard against some forms of basic quick theft attempts.  Small firearm lock boxes should NEVER be though of as guns safes and they should not be considered a means of housing and storing valuable firearms in a permanent way.  Only my daily carry pistols are kept in small lock boxes.  My main collection all resides in heavy-duty Liberty safes at the various homes where it is housed.

That’s just my two cents.  Feel free to do your own testing and do whatever you feel is right and best for you and your loved ones.  Stay safe out there!

It’s Halloween and not April Fool’s Day, so hopefully you won’t take it as a gimmick when I say “I had a rather rewarding Twitter conversation recently” at the start of this blog post.  But I did.  This long collection of thoughts is my reply and follow-up to that dialog with some other folks since — as you’ll see — if I tried to shoehorn these comments into 140 character chunks I’d be kicked off of Twitter via the rate limits in their API.

It all began (for me) when my friend Laura (@soapturtle) retweeted something where the author C E Murphy (@ce_murphy) had linked to an article by Kat George (@kat_george)…


Six things you might not think are harassment but definitely are (because apparently we need to clear a few things up)

This article lists the following behaviors as unwelcome forms of harassment practiced by “sex pests” on our city streets…

  1. Telling someone to “smile”
  1. Saying “god bless you”
  1. Giving compliments
  1. Staring
  1. Speaking to someone who clearly does not want to be spoken to
  1. Becoming incredulous when you are ignored


While I found the main thrust of the piece to be very accurate and a good accounting of speech and actions that are totally creeper behavior, I (and apparently many other people) took issue with item #3… “giving compliments.”  One must presume that Ms. George was actually talking about “compliments that aren’t really compliments” but the tenor and tone of the article made it difficult to really gather where the author felt the line should be drawn.  For instance, Kat mentions that…

…we can receive compliments that are given out of kindness. For instance, there’s an elderly man who lives on my block and when I see him on the street and I’m dressed up to go out he’ll tell me I look lovely. He’s pretty much a stranger, I don’t know his name or anything else about him. But he’s not eye-fucking me when he says it, and there’s a sincerity in his tone

…and if that point were made more prominently, I feel that the whole piece could be received a little more easily.  However,  Ms. George calls that individual a “complete anomaly” and takes a much harsher tone elsewhere.  I and other readers who commented a bit started to fixate on other passages, such as…

Complimenting the physical appearance of a random woman on the street is not a compliment. Even if you think of it as a compliment, and think you’re being nice and that she should feel glad to have received your compliment, well, that view is indicative of a really problematic mindset that says your opinion matters enough for us to want to hear it.

The man “complimenting” her feels entitled to look at her, judge how she looks, force that judgment onto her, forcing her to internalize his view of herself. And if he feels entitled to her in those ways, where does it stop? Where is the line of entitlement drawn? Maybe that’s as far as it goes with this one person. But how does the woman know? How does she know that he doesn’t feel equally entitled to have sex with her or beat her or kill her, as some men do feel entitled to do to women?

Being complimented by a stranger for her nice dress or top is just as insulting as it is harassing.

Ultimately, the notion that we should all ignore our fellow citizens in the streets seemed to be the theme expressed.  I do not believe that was actually what Kat George was attempting to convey, but the wording grew particularly harsh and very concrete in some places…

It’s safe to assume that a vast majority of people don’t leave their house in the morning looking for a conversation with a stranger on the street.

Unless there’s something circumstantial that creates cause for polite conversation (the loose shoelace, for instance), there’s no reason to assume a woman would like to be spoken to

I would strongly encourage everyone to take the time to read fully through Kat’s piece, however.  Clearly, I am picking and choosing specific quotes from her article to illustrate a certain atmosphere that some sentences carried, but I don’t want to be seen as crafting her theme for her.  Read the whole piece, and see how it strikes you.

It moved me enough to reply on Twitter.

I responded to Laura and Ms. Murphy, registering my unease at the tone of defensiveness and dour attitude espoused in the article’s writing.  “Lines like ‘being a woman walking in the street, almost ALL uninvited attention from men is threatening’ make it hard for a lot of readers to accurately judge the tone of that piece. It’s easy to dismiss as alarmist,” I remarked (across a few tweets).

Laura encouraged me to see it more from the perspective of women, and Ms. Murphy made a more in-depth response…

But it’s true. Most uninvited attention is threatening. It’s not an alarmist statement to/from/by women.  I’m not trying to be difficult when I say that I assume from your userpic that you’re male, & that to me when you say “a lot of readers” it scans to me as “men” because most women wouldn’t find it alarmist, just accurate.

One problem is this: if a man grabs a woman’s ass, uninvited, he is presumed to be getting something out of it.  If a woman retaliates, i.e., grabs a man’s ass uninvited… he is presumed to be getting something out of it. The power dynamic there is always in the man’s favour, see? It’s the same with nearly any male/female interaction.

I genuinely appreciated these and other folks’ desire to respond and engage me on this topic, so I made the best attempt I could at replying with a few more tweets…

I’d love more dialog on this. And yes, I am male. 🙂

I fear that my perspective on this is inherently flawed due to (a) being raised right, (b) the circles i’m in.  A number of other women have reached out to me, essentially saying, “the hacker world is not the same” etc etc.  Most of all, the small 140-char limit is poor for deeper discussions like this. I wish we could all hang out sometime.

While the limits of brief tweets and the lack of any facial expressions or body language injected into the social discourse can often lead to unnecessary ratcheting-up of emotions and unhelpful sniping, this was a really rewarding conversation and we both agreed that it would be good to attempt fleshing out of our thoughts a bit more via some other medium.  Ms. Murphy made the following comments back to me which I found deeply rewarding.

“It’s really heartening to have an interaction with someone like you. So seriously, thank you. Also, do you guys mind if I blog about this conversation? … I’d like to talk about it.”

That’s wonderful, in my view.  I find it very heartening when brief chatter can turn into a real dialog and no one resorts to ad hominem attacks or being needlessly catty or rude.  I later emailed Ms. Murphy, offering up some of my own words and thoughts.  And now I’m sharing them here… because Twitter would most assuredly not suffice for the torrent of commentary I had on this topic.


My response to Six things you might not think are harassment by Kat George…

While most men (or just about any people who would attack the position voiced in the article) probably hold opinions of the unhelpful “ah, speech is speech, just ignore it or toughen up” variety, I feel that my take on the matter is somewhat different.

Let me be clear from the start that I hold deeply passionate libertarian views and therefore part of me really does believe that on a fundamental level, society is best governed by the old adage “free speech stops where the fist meets the face.” One can rant and rave and get right up in someone’s mug but unless they actually touch the person or directly impact them physically, I’m loathe to see legislation that would curtail the behavior of the offending party. (That’s not to say societal norms shouldn’t put pressure on them… I’m just being clear that being an asshole shouldn’t be a crime, in my view.)

However, I think a different streak of my libertarian persona is actually driving my feelings on this topic. It’s more akin to the “someone else’s bad behavior is not adequate reason to curtail my liberty” kind of thinking. Allow me to approach the topic from a wholly other perspective for a moment… the realm of intoxicating substances. It may further make me look like an extremist libertarian whackjob to say it, but I’ve believed in decriminalization of nearly all drugs and alcohol for quite some time. The freedom of an individual to put whatever they want into their body and alter their consciousness as they see fit — even to their own detriment — is something that I see as their own choice which should not be impeded by the state. Again, societal norms and pressure from friends/family are wholly appropriate means of attempting to affect someone’s decisions, but law enforcement and criminal penalties are not, in my view.

“But what about the rife problem of addiction and negative behavior that society faces!” comes the criticism in retort. “From drunk driving to broken homes to abuse to school drop-outs to blah blah blah on down the line…” runs the list of ills that we face when people become dependent upon and ultimately abuse alcohol, marijuana, cocaine, and the like. I do not deny this, but (and now we finally come to my key point) I see myself as a responsible person. I see myself as in control. I see myself as a fully free agent capable of (and by right entitled to) making my own decisions, including decisions about substance use. In short… “The bad behavior of other people — including law-breaking people — is not sufficient grounds to curtail my own behavior, especially since I am decent and law-abiding” is my philosophy.

Often innocent people (or, phrased another way, people who are not posing or doing any harm to others) are the ones most impacted when calls are voiced for limiting behavior or speech in some manner. Since there are far more decent people in the world than bad people, inevitably new regulations or attempts at curtailing behavior wind up impacting good people more than bad ones.

1. People use alcohol
2. Some people abuse alcohol
3. Alcohol is made illegal
4. Now no one (ostensibly) gets alcohol
5. A few bad people are (again, in theory) denied alcohol
6. Far more good people are denied alcohol
Net Result: more harm done to society than ill prevented

Side Result: step 5 doesn’t work well and plenty of “bad” people are still drinking and causing trouble

I think that people like me see the tenor and theme of many articles like Ms. George’s as almost advocating the notion that “men should never talk to women whom they don’t know on the street” and this, of course, leads people to the following logic…

1. People talk while out in public
2. Some jackoffs talk abusively and harrassingly
3. People are told “don’t talk to others whom you don’t know”
4. Now no one (ostensibly) speaks to women they don’t know
5. Maybe some jackoffs shut up (but probably won’t)
6. Mostly, this just prevents normal societal intercourse while out in public
Net Result: streets are actually a LESS friendly place for all citizens

Side Result: women’s interactions with others now actually tend to seem /more/ hostile and unfriendly because good folk are encouraged to stay silent but assholes will continue to be assholes.

Ultimately, I think that as outsiders reading a piece like this, we come away with the impression that the author and those like her advocate a rule of thumb being, “When out in public, just don’t talk to women around you if you don’t know them… especially if you’re male.”

Aside from giving me visions of time spent in repressed Muslim countries, that kind of logic leads (in my view) to the problem described above: it just makes society a less friendly place and ultimately reduces how we can interact with one another. I would think that for maximum impact and greatest acceptance to all readers, articles like that one would do well if their overriding theme and take-away lesson was twofold…

1. If you see harassing or ungentlemanly behavior towards women (or, frankly, towards anyone else) on the streets or out in public, stand up to it. That applies to both men and women. Taking an active role in saying “this is not OK and you are a loser who is a joke to everyone else” has a real impact. It has the MOST impact if it comes from friends and associates of the asshole and they register their complaint directly and plainly to them.

2. Just as important, in my view, is “if you are NOT an asshole and not hitting on everyone you see, be friendly, polite, and open in your hellos and compliments to others… including women.” I see the solution as not less speech, but more speech. Specifically, good and kind speech.

I say hi to almost anyone I encounter while waiting for a trolley, standing in line, holding open a door. I say “how do you do” in a brief but friendly manner to others sitting in my row on a plane or riding the same elevator as me. And, yes, I frequently also compliment things about them. “That coat is exceptional… you don’t normally see people wear purple, but that really works on you!” or “Let me just say, those boots are really spot-on. Nice leatherwork!” and “Wow… you don’t see someone reading The Guardian often. Good choice! Who carries that around here?” are three examples of comments I made just yesterday. In all cases, it was clear that I was not hitting on anyone and had no expectation beyond brightening their day. In all cases, I was met with smiles and kind chatter back.

Yes, it is true that I tend to compliment women more than men. But that’s not an exclusive thing, and I like to believe I’m not doing it out of some position of sexual desire. I’ve told guys out in public that their jacket was kickass or that I liked the band or political sentiment represented on their shirt. I’ve done so on the streets of West Philly or in the Gayborhood on Pine Street. I treat all genders and orientations pretty much the same in my conversations because in all instances I am not interested in having anything to do with them without benefit of my pants.

So yes, that’s my main philosophy and it works for me…

1. Discourage assholes from assholin’ whenever you see it

2. Say hi to as many of your fellow citizens as you can and make it clear from your behavior that you’re not interested in immediately seeing them naked

… If more articles were to include that as their overall theme and not word things quite so much along the “leave women alone at all times because they are in constant danger and need to be insulated from men” kind of phrasing (yes, I’m over-dramatizing) then I think society would be a much better and happier place.



Incidentally, if I were ever afforded the chance to sit and chat in person with Catie Murphy or Kat George I would jump on that opportunity.  I’d even buy the first round.  😉  (OK, maybe this is the wrong time for that joke.)

Overall, I hope that this post just generates more positive discussion.  I also hope that my analysis above of Kat’s piece didn’t give the indication that I dislike her or find her to be wrong-headed.  It was just the manner in how she chose to speak that raised an eyebrow with me.  And this is expected, perhaps, given that when we write something with passion on a topic where emotions run high it is natural to speak with fervor more than finesse.

The bulk of Kat’s work appears to be delightful and enjoyable.  I’m eager to see future installments of “The Big Gulp” but I have thus far not experienced any of Catie’s creations as of yet.  At least one appears to involve handcuffs, however, so my interest is piqued somewhat on that front.

If you’re here with me at DerbyCon right now then I hope you’ve stopped by the Lockpick Village.  I have nothing to do with running it, rather it’s offered up and operated by the outstanding FOOLS (Fraternal Order of LockSport) who do an epic job every single year, bringing out new tech and new toys to teach all the girls and boys.

I have added one thing to their Village this year, however.  It’s a single purple padlock, hanging on one of their lock boards…

Purple Puzzle Padlock

… this is a contest lock.  If you aren’t familiar with this style of mechanism, let me explain.  This is known as the Master 1500i, which they call the “speed dial” but which we call the “hash lock” because “speed dial” is a stupid name for it.

Nothing is “dialed” when operating this mechanism.  The combination to open a padlock of this type is entered as a series of pushes… up, left, down, or right …on the single big button on the front.

Press in on the shackle (to reset the gears inside), enter your series of pushes, then pull it open… simple, right?  Well, the actual internals are pretty amazing stuff.  Our good friend Michael Huebler of the German sportpicking group SSDeV did extensive research on these locks and even produced a very interesting internal visualizer tool and white paper to teach others.

There is a decode attack for these locks.

It is not super easy.

If you want, you can try to decode this lock.  If you’d like to try to get the combination by another means, however, I’ve put up a little crypto puzzle.  Follow the clues and you should be able to discern the correct series of pushes to open the lock.

If you show the lock to any member of the FOOLS staff in the Lockpick Village before the end of DerbyCon, I’ll have a prize for you!  (You must bring the lock to them OPEN, not merely photograph or video it or tell them what you think the code is.  They do not know it.  Although, you should still try to bribe them with drinks.)

We’re calling this puzzle “Around the (most of) the World in (more or less) Eighty Hours.”  Here you go…

Around The World



UPDATE – The above Puzzle has been solved by Scorche of TOOOL and DC949. Way to go, man!

The solution appears below, along with a step-by-step breakdown of the stages and the clues that were available to help people along.


Step One – the above image from the post announcing this contest (which was paired with some nonsense text about being at the controls of a spaceship, etc) contains a reference to a YouTube URL.  Some people spotted that the font on the blackboard was different in one place…

Chalkboard Text

… and if people didn’t think that a v= variable could represent a youtube URL element, I later tweeted this hint image…


So hopefully that steered enough people to find this clip.


Step Two – The YouTube clip was clearly a Morse code segment, and if people couldn’t figure that out I even included the image of a signaling key there.  So, folk would listen to that and hear a series of letters.

If someone is very, very good with radio they might have been able to just listen to the dots and dashes, but there are also a series of other tools that can make the job easier.

Morse Translator

The above is an app that runs on Android and iOS and will listen to Morse via the microphone and simply show characters.  Also, later on I tweeted the following hint…

Off Liberty is a site that will easily allow you to download a YouTube video as MP4 or MP3 audio.  If someone were to pull the file and view the soundtrack in a wave editor, the dots and dashes of the Morse can become very easy to read…

Wave 01

Wave 02

So these dots and dashes would transcribe into the following groups of letters…

PCG     XEX      RJE      LZK      YVF      PVN      ROO      CUY      FQS


Step Three – The letters above could mean a lot of things, but I tried to give people a slight hint with the following tweeted image…


You see a boarding pass, hopefully you think Airport Codes.  And all of the above letter groups are airports… almost.  These letter codes represented airports in very, very obscure places (and someone later told me they almost lined up in a nice great circle route!) but one letter code is just wrong.

Some people explained that they thought I had done something wrong in keying the Morse code letters.  So i later sent out another tweeted hint image…

Apollo 13

…now while this may have led some people very astray in their thinking, given that this is clearly a press photo for a NASA mission, a few diligent and observant folk spotted that this was the crew of the Apollo 13.

What do hackers think during crypto contests when the number 13 appears?


Step Four – That’s right… run the letter codes from the Morse message through a ROT-13 pass.  This is the result…

CPT     KRK      EWR      YMX      LIS      CIA      EBB      PHL      SDF

Now THOSE look like some more common airports.   All that was left was to plot the route going from those cities, in order, and see what “direction” you would be flying.

Scorche map

The hash padlock uses a series of pushes.  So if the “plane” is flying North, that’d be “up” and West would be “left” etc etc etc.  Look down the flight itinerary and this is what you ultimately find…

U    L    U    R    R    D    L    L

And here you can see Scorche solving the puzzle… great work!


Thanks for letting me whip up a little contest like this for DerbyCon.  Thank you to everyone gave it a try.  I always focus on mechanical locks, so this little crypto puzzle was a hoot.  (Best part: realizing that when I ran the airports through a ROT-13 pass that they STILL were legit codes in all but one instance.  That was awesome and totally unplanned.)

As some people know, i follow an account on Twitter that isn’t commonly associated with the pro-gun community of which I am a member.  The @GunCrisisNews crew reports on incidents of gun violence, predominantly in my hometown of Philadelphia but also around the country.  They are passionate about reducing the carnage that plagues some of our roughest neighborhoods, discussing themes of community organizing, conflict resolution, and violence prevention.  For the most part, however, the @GunCrisisNews feed is an ongoing stream of reports about shootings and the like.

While I sometimes question the merits of this constant trove of dismal news, facts are facts and I can appreciate their impetus to highlight the suffering and anguish of so many of our city’s citizens when lives are lost to gunfire.  The rate of violent episodes some weeks truly does rise to the level of a “crisis” in parts of this town.

However, something that has frustrated me (and continues to) is the Gun Crisis team’s inclusion in their twitter feed of non-newsworthy events which fail to meet almost any criteria for being labeled with the designation of “crisis” (and so often, that is the hashtag used in reporting them).  One such tweet caught my attention:

Police: Vendor shoots woman at Pennsylvania gun show #guncrisis

That news story reported how “a vendor accidentally shot a woman in the leg while demonstrating a gun and holster at a gun show in central Pennsylvania.”  It contained no evidence that there was malice or intent, but rather it was merely an isolated episode of negligence.

I cringe just a little bit inside when I see tweets like this.  I cringe because I know how the people on my side of the fence tend to react to this.  Many pro-gun voices dismiss gun control advocates if they (the anti-gun folk) are seen as “pumping up” their argument with either inflated numbers or excess data.  And tweets like this fall squarely into that category in the eyes of many people.

Accidental and negligent discharges (see my post here about how those terms are sometimes misused) are always awful, and they can indeed be tragic if there is gross harm or loss of life… but I and many others like me cannot see them as part of a “crisis” in virtually any sense of the word.

I responded to the Gun Crisis News account and the following dialog ensued:

@GunCrisisNews another link to a non-news story about some goof being negligent? this detracts from real topics and clutters your timeline.

@GunCrisisNews … more than anything, it badly dilutes the impact of the term “crisis” and causes readers to not take the topic seriously.

I appreciate your diligent feedback, but what are you boundaries for relevant negligence?

@JimMacMillan @GunCrisisNews nothing in the sphere of negligence rises to the level of “crisis” because they are freak accidents not…

@JimMacMillan @GunCrisisNews … prevented by new policies. Illegal gun use, gun crime… those could be “crises” in some sense.

Not a crisis in itself but sometimes part of the larger crisis:

That last tweet from Jim MacMillan (one of the Gun Crisis News reporters) linked to a news story about two children who were among the victims of a wave of recent violent that claimed various lives.  Jim feels that there is some parallel between these awful crimes (for that is what they are, crimes… events during which the perpetrators exhibit verifiable mens rea) and pitifully stupid acts of negligence.  I do not.

My comments above in the twitter conversation explain much of why I feel this way.  And, hopefully, it explains why I feel treating them as equal undermines so much of what the Gun Crisis project is attempting to accomplish.

A “crisis” is something to be met with our best and brightest minds… something to be fought against and passionately met, addressed, and overcome.  The malicious gunfire that erupts out of anger or territory control or general lawlessness is indeed such a crisis.  And it will take many innovative methods of community organizing and actions of the criminal justice system to stem the tide of this violence.

Negligent gun injuries, however, are not a crisis.  Not only are the infrequent, but even more relevant is the fact that they are not something that can be addressed or prevented by means of new policies or legislation.  You can’t legislate away stupidity.

Most of all, however, I am displeased over the way in which such tweets actually undermine what the Gun Crisis project is trying to do.  They want to raise awareness of a genuine problem and position themselves as a voice of guidance and information for the public.  Lumping in non-issue stories opens them up to criticisms of grandstanding and needless fanning of flames.  If too many non-crisis stories appear in the GunCrisis news feed with the hashtag #guncrisis, then their message becomes painfully diluted and critics can more easily lump them in with the more lunatic fringe of the anti-gun movement.

That same day on twitter, another journalist (who may or may not be affiliated with the Gun Crisis project, I am not certain) spread the news of the article ‘Guns in Bars’ Bill Kicks Off in Georgia which contained some choice quotes such as the following from Piyali Cole: “We are supposed to believe that everybody walking around with a gun is normal behavior, but I reject that.”

Individuals such as Ms. Cole have repeatedly shown themselves to be disinterested in reasonable dialog on the topic of gun violence.  Perhaps they once aspired to genuinely reduce harm, but (much like MADD was initially against drunk driving but later morphed into a full-abstinence, anti-alcohol organization) these activists — many of whom are associated with the group Moms Demand Action, which has itself become so extreme as to no longer be taken seriously in most conversations, sadly — do not advance the cause of serious debate and discussion.

Another example of this level of egregious vitriol came from a news story linked later that same day on Twitter.  Leonard Steinhorn, a man of letters and ostensibly someone for whom academic rigor and well crafted prose should count for something, made the following disingenuous statements in his article Armed, Locked and Loaded: The Worst and Most Intimidating Gun States:

No one should feel safe in the following states. And it is time to take a stand and do something about it. … Alabama, Arizona, Georgia, Indiana and Mississippi. … It is legal in these states to bring loaded guns into gambling establishments, sporting events, and restaurants that serve alcohol. It is legal in these states to carry weapons into stores and shopping malls, and in some cases even onto college campuses and into bars and houses of worship. … These are states of intimidation, where every one of us must wonder if the guy over there with a gun might pull the trigger because he’s angry, under the influence, troubled, mentally ill or simply ticked off.

It is impossible for me to read words like that and not want to weep.  Here we have a genuine thinker, a scholar, and a well-spoken educator… and he is essentially proclaiming, “I want to offer utterly nothing of value towards this discussion.  Please disregard everything I say on this topic.”

Whenever advocates of more restrictive gun policies speak in this fashion, they are almost immediately discounted by such a large swath of the population.  What is it about firearms that so panics certain individuals?  Would I care one bit if someone next to me in a restaurant or a sports stadium or a bar or a mall had a firearm?  No.  I cannot tell why it’s anyone else’s business, or why someone like Mr. Steinhorn thinks that the mere presence of a concealed pistol magically makes him less safe.

Now, if the citizen in possession of such a gun were intoxicated or belligerent or unbalanced, then yes I would see the argument against that situation.  However, nothing about being present in a bar means you are getting drunk in that bar.  I have spent plenty of great nights out with friends as a designated driver.

(I have also spent nights as a designated carrier, actually… when people were thinking about getting some cocktails after a movie one time, I volunteered to hold all of their carry pieces so they would remain legal.  In the state of PA one cannot carry a concealed firearm with a B.A.C. over .08, much like with driving.  So by the end of the night I had no less than three other friends’ carry pieces on my person.  I was thankful for my reinforced gun belt, to say the least.)  😉


Ultimately, I support any policies and laws that allow citizens maximum freedom of movement and the exercise of liberty in a manner that is safe.  I grew up in a home where guns were commonplace and I was raised to mind my own business and stay out of other people’s affairs.

If someone’s behavior isn’t causing a risk to the general safety, I have no problem with anything they are doing.  If someone is actively causing harm or seeking to cause harm to others, then I support the full force of law interceding in their actions.

The Gun Crisis project is a fine resource to stay abreast of the current status of and trends relating to firearm violence in America.  I just hope that they try a little bit harder to stay on-message and do not open themselves up to needless criticism from those who spend so much time being attacked by un-thinking and unhelpful voices of vitriol.

The last thing the Gun Crisis project needs is being lumped in with the likes of Moms Demand Action or writers of baseless op-eds like Leonard Steinhorn’s.  I hope to continue seeing their staff at community events and engaging with them on this topic in a productive way.

Hackers sure love their cons.  And their mini-cons within cons.  So much so, that the term “con” became impossibly over-used in the very early 21st century.  The lockpicking gathering at DEFCON and elsewhere wasn’t the “Lockpick Village” yet, it was LP-CON.  Getting your hair clipped by the badasses in a corner at the 303 party?  That’s “Mohawk Con” you’ve just attended.  Joining a bunch of folk together for sashimi and nigiri and maki? “When and where is SushiCon?” you would ask GM1. (Or SmooshiCon, heh, if you were in D.C. in early February)

OK, so, truth be told… some of these events were not “cons” in any real sense.  They didn’t charge for admission, they didn’t have badges, and –perhaps most of all– they didn’t run concurrent to an entire other con’s duration.

This may be one of the biggest questions and concerns that arise every time someone advances the idea for something “new” at DEFCON or any of the other important hacker events around the country and around the world.  Is this new idea something that will add to the overall energy and vibrance of the event?  Or will it dilute the energy and ultimately pull people in other directions as opposed to bringing them together?

Many times, the strongest and most passionate voices on topics such as this speak out when the “new idea” pertains to people who don’t feel central to the hacker world.  Groups who either perceive themselves to be not a good fit for DEFCON / ShmooCon / HOPE / etc and their friends/family/parents will sometimes suggest a side event in order to bolster inclusion or otherwise “ease” people’s access to this scene.  Instead of being met with support in all instances, however, there are many times when criticism and perhaps even outright derision have ensued.

While I find myself having difficulty nailing down the right words to express all of my views on this topic, I feel it’s an important area of discussion.  A number of us have diligently been kicking this topic around on Twitter, but being limited to 140 characters and spread across a number of time zones hasn’t led to the deepest and most meaningful dialog.  So I’m just going to lay down my beliefs here for a bit and then let others chime in…


Side Event vs Side Track vs Off-Site vs Brief Gathering

Perhaps the most substantial way in which people planning a new event can disagree (both with each other and also with the existing community) can bear on the duration and location of their NewIdea-Con.  Best tip from me?  If you can’t deeply justify a reason for pulling people and energy away from the main con, err on the side of “nearby” and “brief”

Many things that have been dubbed with the suffix “-Con” are little more than meetups, frankly.  Two great examples are QueerCon & DEAF CON.  QueerCon has historically been a party that takes place one evening, and it was at the DEFCON hotel as frequently as it has been offsite.  DEAF CON, the Deaf and HoH hacker meetup, takes place chiefly in the chillout area on one or two afternoons for an hour or so.  Similar events (without the name “con” attached) are the Military Veterans’ Meetup and the Podcasters’ Meetup.

In all of these cases, there has been utterly no avenue to criticize the organizers for “pulling folk away from the main conference” substantially.  And yet, while the “meetup” segments themselves are just an hour or two, in many ways these side events reward the participants for the whole main con itself.  They do so by enriching those people’s overall con experience (as in, these participants spend 90% or more of their time at the main event, not a side event) and helping them make new connections while still attending and experiencing much of the rest of the main con.

Happenings and gatherings that have attracted greater criticism, however, tend to be ones which are of longer duration or appear to be exclusive in some manner.  Two examples here are DEFCON Kids (now sometimes known as ROOTZ) and various Wives / Significant Others tracks.

DEFCON Kids was proposed as a means to offer greater options for inclusion of teens and even younger folk at DEFCON who might not otherwise be allowed to wander around by their parents.  Almost immediately, however, the DC Forums lit up with a cacophony of protest and howls of criticism by old-timers, even while others spoke up defending the idea.

“There are already plenty of things for kids to do at DEFCON!” said those of us who organize events suitable for all-ages.

“But I don’t want my kids seeing drunks puking and waving dicks around!” replied concerned parents.

“If we start to make DEFCON sanitized for the kids, then pretty soon I won’t be able to smoke and curse even!” responded the most bacchanal among us.

“Look, this is happening.  Get on board with it because we’re trying it out!” said DT, preventing further roadblocks.

Heh, ok… so virtually none of the conversation went like that, really.  I’m over-generalizing a LOT and using much hyperbole.  But to hear people recount the arguments made by others you’d think that some of the above sentiments were truly being expressed.

I can only speak for my personal experience, so here it is…

I run the Lockpick Village with the rest of the TOOOL staff at events like DEFCON.  We, too, were sometimes the subject of concern that “we occupy a lot of space and take up loads of people’s time” etc etc.  We have generally countered the strongest criticism by pointing out that there aren’t hard time requirements for participation in our area and that folk can wander in and out virtually whenever without missing out on anything here or at the rest of the main con.  Also, we repeatedly resist offers of greater space and chances to extend our operating hours, in order to encourage people to NOT sit with us the whole weekend.

Now, when DEFCON Kids was created, Nico and her staff (side note – i adore Nico and think she’s great.  Her daughter, CyFi, kicks ass and their motivation for all this was good and came with the best of intentions) they approached us and said, “Can you send one of your people our way and give a lockpicking talk in our side track room?”

My reply was, “Well, instead of me pulling one of my staff members, having someone lumbering all the way down there with a ton of gear, etc… why don’t the kids come to OUR area, the Lockpick Village, and we’ll have a very specific talk set up for them, etc?”  In my view, offering a limited and watered-down version of our topic to a limited group of kids in a small, side room was not likely as rewarding (to either them or to my people) than it would be to just have them all mingle with the rest of us in the Lockpicking area itself.  Indeed, TOOOL loves family participation.

Ultimately, of course, DEFCON Kids (a.k.a. DEFCON ROOTZ) has become established and they staunchly wanted to have all their learning and work take place in their own room. TOOOL does send someone (often me, actually) to their track and give a brief talk.  We try to just be so engaging and interesting that we manage to get some of the kids and their families to leave their limited area and join us in the Lockpick Village later.

But can you see from this story why some of the “established” events and organizers and participants feel that new ideas have as much potential siphon off energy from the main con as they might bring new energy to it?


Wives and Significant Others

So now yet again we have an issue coming to the surface in the way it tends to pop up from time to time.  For just about as long as I have ever been coming to cons in a substantial way (since around 2000) there have been folk offering up suggestions for a “girlfriends” event, or a “lost souls lunch”, or some other type of support/camaraderie network for people whose significant others are hackers, but who don’t feel like hackers themselves.

The main problems with these kinds of plans often fall into the following (admittedly broad) categories, which I’ll express with quotes (hypothetical and paraphrasing, these are not anyone’s specific words)…

“If you don’t want to be at the con, then why are you there?  If our community isn’t interesting enough for you, then just don’t attend.”

“Instead of having a side event which might pull your husband/boyfriend aside, why not just join us at the main event to keep the energy up there?”

“I am NOT here with a boyfriend/husband/etc.  I am a technically-capable and competent woman and if your event takes place I really don’t feel like being asked all the time if i’m here for the ‘wives group’ or anything like that!”

Again, these are almost caricatures of the real words that are offered, but the themes are valid in many ways.  And it’s these themes I’d hope for us to explore, perhaps in the comments below (because that’s always a good idea)… i’ve got some spam filtering and moderation enabled, but i’ll do my best to see the discussion isn’t limited if it happens here.  I’ll be hiking Diamond Head today, but should have GSM coverage.


My Suggestions

If the potential organizers of this new event are serious about improving things for the community and making things good for as many people as possible, let me offer the following suggestions…

1. Brief is better – at least in the first year, try to gear whatever you are creating as a “meetup” and not a side track or long-duration activity.  The closer it is the the main conference, the better.  Off-site events smack of “we aren’t interested in your community and don’t want to really ‘be here’ but we’ll make due in order to ‘be around you’ while you ‘do your geeky things’ at this con”

2. Technical and not Social – want hackers to take your new side event seriously?  gear and frame it as “outsiders who want to learn more and become more interested in geeky topics” and not “easing our outsider experience by bringing more ‘mainstream’ topics into the hacker con” … in the past, this suggestion has been met with the reply, “I don’t want to learn anything new, and I don’t care about this geeky stuff.  I’m just here to make sure my man behaves.”  If that’s your feeling, we have little to discuss.

3. Remove Gender and Identity from the Theme – oh dear GOD please if you take away nothing else from this post, take this away.  It is almost always a fucking disaster anytime anyone attempts to create something “for the women” or, even worse, “for girlfriends”… it is patronizing, it is exclusionary (in name if not actually in theme), and it creates no end of goddamn headaches for the wonderful and talented women who are 100% part of the hacker world.  Whether you think it’s fair or right or anything of the sort, the moment that you have a “Wives” or “Ladies” or “Hack my Vagina” event at a con, then a whole litany of people (many of them ignorant or socially backward or just plain foolish) will start to see every female at the main con as “probably here for that side event for girls.”

Is this unfair?  Is it a shame that your new event can get undermined by idiocy and ignorance that isn’t even your own doing?  Yes.  yes, it is.  And that doesn’t make it any less true or real.

And this isn’t even getting into the fact that many significant others and “noob” family members of hackers aren’t female, or married, or easily tagged by so many of the labels that these new events often have.  PLEASE stay away from ANY language that applies to a specific family structure or life arrangement (assuming people to be married, hetero, with kids, etc) or any language that is specific to one sex or gender (since our community is astonishingly terrific about making all sexes and genders and identities — which are all different things, if you are not aware — feel welcome) as this opens you up instantly and needlessly to criticism of many kinds.  There are many women and men who attend together with their significant others, both of whom are hackers.  There are guys who are there with techy and hacker women, frankly, when they themselves aren’t 100% in the scene.  And, being hackers, there are plenty of people who just don’t easily fit into any category or group or role and limiting language will lead to more division, not inclusion.


I think that making the hacker world more accessible and open to new people is a good thing.  Historically, ours has been the community where outsiders can always find a home, can find companionship, can find support, and can even sometimes find the family that they never had elsewhere.

Taking steps to help our biological and social families become more tied to our hacker and technical families does not stem from bad intention.  As long as you name yourself and gear yourself and frame yourself as inclusive and you stay away from anything that could lead to criticisms of (a) siphoning off energy from the main event or (b) being just for “women” or “wives” then there’s going to be much we can discuss and I hope many drinks can be shared… with lots of new people who want to be a bigger part of our world.


At times, it puzzles me almost to no end the degree to which some people will choose to get themselves all worked up and upset over matters that (a) are of little consequence, (b) aren’t directed at them personally, and (c) involve situations where they themselves hold almost all the power.

The latest puzzling incident of this stripe that caught my attention pertains to an individual named Davi Barker.  Political theorist and freedom activist to some, ranting quasi-nutter to others, this man made a blog post in late February of 2014 which set Twitter on fire briefly, because it involved two very reliable buzzwords (TSA and Bitcoin) in the same story.  Within hours, countless people were tweeting and re-tweeting links to the Daily Anarchist blog where the story appeared, telling all of their friends and followers that, “The TSA is actively looking for Bitcoin!!”

Now, the renowned tech-savvy journalist Kashmir Hill has already put together a pretty decent analysis of this incident, but I’m going to offer up a few more thoughts here which do not appear in her column, probably due to limitations of taste and professional decorum.

Ms. Hill has already covered this, but for those who haven’t read her whole piece in Forbes yet, let me assure you… the TSA is not actively looking for Bitcoin (or much of any other currency) in anyone’s luggage.  The TSA is aware (in a vague and probably poorly-trained way) that there are certain laws regarding the transport of large sums of money out of the country… and it’s possible that some TSA screeners choose to ask a few questions in situations where they think someone might be in violation of the law.  But that’s a far cry different from actively seeking out passengers with money and subjecting them to extra scrutiny.  The Forbes article explains as much, with good quotes and citation of other resources online to explain things further.

Ultimately, what I do not get about Mr. Barker’s encounter, is how unnecessarily upset he seems to have gotten over the whole thing.  It almost smacks of a situation wherein someone feels more legitimized in their grief and anger if they can cast themselves in the role of the victim more fully… as opposed to the reality of the situation, which is that TSA screeners have virtually zero power and authority over the public.

Yes, dealing with the TSA is hardly enjoyable and the whole organization is a colossal waste of taxpayer dollars which ultimately makes us less safe, not more safe, every single day.  But to feel legitimately threatened by them?  That’s where I start to raise eyebrows.  Let’s look at some sections of the original write-up post in more detail.

I make it a point to always opt out, and if possible always strike up a conversation with the man molesting me.

Right off the bat, we’re barely one sentence in and already the rhetoric is off to the races.  I hate passenger screening as much as the next guy.  AIT machines are a joke and I, too, am a gold star op-out flier (i have never gone through a backscatter or millimeter wave machine).  Unlike Mr. Barker, however, I recognize that there is a difference between “ineffectual attempts at pat-down by a poorly-trained government functionary” and “sexual assault”.  One is a non-consensual contact crime, the other is just annoying.  (Also, if you fly that much and hate the pat-down, either enroll in TSA Pre-Check or claim a medical opt-out at screening check points.  I rely on both and have never had a pat-down since the middle of last year.)

OK, maybe he was just being a bit over-dramatic in order to start his story off with a bang.  Let’s continue…

What’s absolutely clear is that the TSA is looking for Bitcoin, and Bitcoin users need to be conscious when they travel, especially internationally.

No, what’s absolutely clear is that the author experienced a bizarre encounter, which is hardly evidence of a deeply-entrenched policy.  Bitcoin users more than anyone can relax when they travel due to the very nature of Bitcoin itself.  If you are using cryptocurrency properly, there is no accessible evidence of how much you have or where you are moving it.

Then we get to the real meat of the story.  After an annoying passenger screening experience, where Mr. Barker was slightly delayed due to his backpack being re-run and swabbed, he recounts the following…

Bill and his wife were sitting on a bench in the terminal waiting for me as I approached them. Then two men stepped between us, both wearing dress shirts, one orange and one blue. The orange shirt asked where I was traveling to.

This is the part of the story where things take a turn.  It is also, however, the point in the incident where the two distinct mindsets “Victim of the State” and “Citizen of the State” start to see the situation in very distinct ways.  For the “Victim of the State” every encounter with an authority figure is tense, a time to be on-guard, a moment of oppression happening.  On the other hand, a “Citizen of the State” typically can proceed about their daily life with great confidence, secure in the knowledge that 90% of the bureaucrats and functionaries with whom you may interact have essentially zero power over you.

These two distinct mindsets tend to color virtually all interactions that people have with authority.  If you project fear and act defensive, your typical authority dimwit will respond to this with more forceful words and bluster.  If, however, you are calm and confident and –above all– polite, this reduces the need for petty posturing on everyone’s part.

A “Citizen of the State” might have interacted with these two oddball gentlemen by politely asking for their cards (or at the very least clearly getting their names in conversation and noting them down later) and then excusing themselves and proceeding on.  I really think that this is one of the hallmarks of a self-confident citizen… the ability to rise above and not directly engage idiots when they attempt to insert themselves in your life.  As a “Victim of the State” however, Mr. Barker went into a defensive mode and offered snarky non-answers to their questions.

They identified themselves as “managers” and the orange shirt said he was obligated to inquire whether or not I was traveling internationally, which was not an answer to my question. I replied, “Am I obligated to answer your questions?” He replied, “If you are traveling internationally you are.” I replied, “Do you have any reason to suspect that I’m traveling internationally?” The orange shirt said “We’re the ones asking the questions here” and the the blue shirt asked to search my bag for my boarding pass. I told him that my bag was already inspected and didn’t contain anything dangerous, and that I didn’t consent to another search. He said until I was cleared by security he was free to search. I said I was cleared by security.

If you are going to decline to answer someone’s questions, fine.  But please do so by rising above the issue.  Don’t drop to their level.  I realize that in the moment when one is being hassled by an authority figure it’s not always easy to keep a straight and clear head, but come on… one gruff exchange with a man in a suit and all of a sudden this self-described fan of liberty completely forgot that the TSA has no real power?

There is a time to (politely) escalate things.  If you are not getting satisfaction during a screening incident with a TSO, instruct them to call their LTSO (or STSO).  If these managers were giving Mr. Barker a headache, he could simply instruct them to get the CSM on the phone (all major airports have a Customer Service Manager for the TSA… the big boss above all others).  Failing any of that, a polite but confident assertion that they are free to get the police if they desire would do the trick.

This applies to conversational encounters, disagreements over policy (I’ve had loads of odd conversations regarding my travel with firearms. Escalating to real police has always defused it immediately.) or even shows of force.  Do you think I would ever stop in an airport if a silly TSA “Code Bravo” drill was taking place?  No, I would not.  I wouldn’t get mad, either.  I would simply not give these people a second thought.  They aren’t worth my time, my consideration, or –most surely– my aggravation.

I know that the TSA has become a monstrosity of waste and annoyance, but please don’t ever let your disgust with a government program trick you into thinking that they have any real power over you.  They don’t.  We still live in a free country and no one is going to whisk you away to a secret prison somewhere just because they feel like it. (At least that rule applies within our borders.  Border crossings involve surrendering of many of our rights.)

Read the following snipped segments of text that go on to further illustrate the “oppressed” victimhood in which the author sees himself…

a little frightening that they were looking for Bitcoin. … At this point I was beginning to panic and looking for a way out. … Without [his friend Bill who spoke up in the conversation with TSA] I’m not sure what would have happened to me. … didn’t fully relax until we were in the air, because I’ve seen cases of security pulling passengers right out of their seat.

Really?  Without his friend Bill there he isn’t sure what would have happened to him?  Here’s what would have happened… eventually someone, somewhere (either one of the TSA managers or a law enforcement officer whom they may have gotten involved) would have realized that this man wasn’t leaving the USA and therefore was outside the scope of anything that they could investigate.  No one would be going to jail, no one would have their belongings confiscated.  At worst case, his needless snark and combative attitude might have resulted in his missing a flight.

I should point out one last element that got me thinking while reading Mr. Barker’s write-up.  When talking about travel with Bitcoin, including international travel, he states…

It’s entirely possible that a traveler could be carrying thousands of Casascius coins which are not loaded, and worth little more their value in brass. It’s also possible that a traveler could be carrying one Casascius coin that has been loaded with hundreds of thousands of dollars worth of Bitcoin.

…now this may sound cruel, but I have to point out that if you’re so unbelievably dumb as to carry around physical Bitcoins of real value, then you basically deserve whatever goddamn happens to you.  You are literally too stupid to deserve to own that currency.

The entire benefit of cryptocurrency is that it’s NOT subject to search, seizure, or inspection.  If you are transporting it in physical form (or if you are transporting it electronically but without appropriate device-level protections of encryption and long passphrases, etc) then I genuinely do not know what the hell you have between your ears but it surely isn’t functioning gray matter.

I’m sure someone will make the news doing that at some point.  They will fail the attitude test when interacting with TSA or CBP, then needlessly escalate the situation by playing the victim instead of calmly and politely asserting themselves and rising above the bait.  And, in the end, they will write an article describing how the big, mean authority figures “stole” their Bitcoin and “oppressed” their rights.

I, however, will choose to not be a victim for as long as my smile and my confidence allows.