The No Starch Press Blog

Just got the message below from the har-announce list. This is going to be a great event which I’ll have to miss, unfortunately. I’m knee-deep in the remodel of our new building. Bleh.

Learn more about Hacking at Random here: https://har2009.org/. You should go.

   Wikileaks will speak about their position in a society where
   governments are increasingly secretive
   about their own policies, and discuss the hazards and complications of
   publishing leaked documents. We'll talk about the policies of search
   engines, the dangers of data breaches, and EFF will explain their
   strategy for civilians to defend themselves against the ubiquitous
   surveillance society. Anonymous will talk about social media as a
   political tool, and they'll explain why fun is important when you start
   an argument with Scientology. We'll talk about copyright and
   distribution rights.

   There's plenty of hardcore tech as well. How Mifare was broken and what
   to do next; reverse engineering chips; side channel analysis (reading
   votes cast on a voting machines from a distance), and how to use the
   debug port of your devices to do hardware hacking.

   We'll have scientific talks on crypto - can we use quantum mechanics to
   provide secure identification in an insecure environment? - and we'll
   talk about the relation between the need for open source and the
   progress of science. Or to put it the other way around: how science
   suffers through proprietary formats, patens and non-disclosure.

I’m just back from CanSecWest in beautiful Vancouver, B.C. This is one of my favorite conferences for a few reasons. For one, there’s only one track which tends to make attendees coalesce. Of course, I didn’t see any of the talks because I was playing Mr. Vendor for the entire time.

Dragos, the conference organizer, and his colleagues, sets a great tone for the conference. This isn’t a script-kiddie show. There are quite a few well-known attendees but it feels like everyone is on a level playing field. There’s very little posturing or pontificating, at least publicly. I’m not saying that it doesn’t happen, it’s just not made into a scene.

There was a small vendor area at the show. The last time that I attended, a couple of years ago, there was no vendor area. As I recall, Dragos pulled in a table at some point and Theo of OpenBSD and I shared a table. That was fun. (I am not kidding. I like Theo.)

I think the atmosphere at CanSecWest is similar to what one finds at a conference like Recon or CodeCon. People are there to learn and to share information; not to shoot supersoakers. Not that that’s a bad thing, but the craziness gets a little old sometimes.

Vancouver itself is simply beautiful. The mountains across the water from the hotel are stunning, even when it’s raining, or snowing, or hailing. The weather in Vancouver is changeable.

I had a couple of very good meals, most notably at Prima Taste on Robson Street (Singaporean) and Kitanoya Guu (Japanese fusion) in Gastown. Kitanoya has a fun atmosphere thought it’s a bit overpriced and the food is just okay. The food at Prima Taste was much better. The staff at both was very friendly. Even the cab drivers in Vancouver are very friendly.

Not only that, the people at my hotel (the lovely YWCA Hotel) were also very friendly. I guess Vancouver is just a very friendly place, or this is part of auditioning for the Olympics.

Oh, here’s something. There was a march down Robson street — a bunch of people wearing the same t-shirts, carrying signs, and chanting stuff like “stop the media distortion.” This was a rally to support China in the face of the recent crackdown in Tibet.

I love China but not the Chinese government. Something came over me and I started walking against the march chanting “China out of Tibet Now!”, with a big smile on my face. The marchers smiled back. One yelled back at me “we love China!”, to which I responded “I love China too! China leave Tibet alone!”

The remarkable thing is I’m still alive.

Time for what has become my yearly trip to Shmoocon in Washington, DC. This is a relatively small conference with some very good presentations and a nice, tightly knit group. The atmosphere is very shmoo-like. I suspect there will be shmoo balls used as projectiles and other interesting activities.

Several of our authors will be there, either attending or giving presentations, including Michael Rash (Linux Firewalls), Greg Conti (Security Data Visualization) and Steve Pugh (forthcoming title on Ruby). And several should-be No Starch Press authors will be there as well. Let’s see if I can do any convincing.

I’ll be offering recent titles for sale, playing vendor. I generally like playing vendor; the only thing this time is that I’m flying up from Florida to attend the con, after which I’m returning for one last evening, then back to SF. Not only do I have do the airplane thing, I have to deal with getting from Dulles, to my friend David’s house to pick up a couple of packages, get to the Marriott and either pay their exorbitant parking charge or circle the block for a space, get back to David’s, and so on. But one nice thing is that I get to see David (and family), a childhood friend. Childhood. I think I remember that.

Well, I’ll blog about Shmoocon once I have something interesting to say. Or not.

Mike Schrenk, author of Webbots, Spiders, and Screen Scrapers, and Greg Conti, author of the upcoming Security Data Visualization, are speaking at Defcon. From Defcon.org:

The Executable Image Exploit

8:00-8:50 PM, Friday August 3, Track 3
Michael Schrenk
The “Executable Image Exploit” lets you insert a dynamic program into any community website that allows references to off-domain images, like MySpace or eBay. By uploading the following line of HTML to a community website,

<img src=”http://www.mydomain.com/executable.jpg” /> you can launch a dynamic program that masquerades as a static image and capable of reading and writing cookies, analyzing referrer (and other browser) variables and access databases. It is even possible to create an image that causes a browser to execute JavaScript.

Satellite Imagery Analysis

1:00-1:50 PM, Sunday August 5, Track 2
Greg Conti, Lieutenant Colonel, United States Military Academy
Satellite imagery was once restricted to organizations like CTU, but now it is freely available to us all via powerful free online tools and commercial services. In this talk we will look at commercial collection platforms and capabilities, orbital mechanics and a variety of imagery analysis techniques. We will analyze examples from interesting places around the world and explore issues surrounding the future of satellite surveillance.

No Starch will also be there. Drop by and say hello!