Events

Events, generally public, live or streamed.

28C3 Scariest Talk of the Day

Wednesday, December 28, 2011 

We attended Effective Denial of Service attacks against web application platforms by Alexander “alech” Klink and Julian | zeri where they described a really, really easy to implement denial of service attack that exploits an artifact of hash checking which is computationally intensive when the hash table is filled with hash collisions. It is fairly easy to find 2-4 character hash collisions for a given hash functions (and there are only a few variations in use) and as hash operations are performed by default on all POST and POST-like functions, which take (by default) from 2-8MB of data, one can easily tie up a computers CPU effectively indefinitely.

The researchers tested the attack on most web languages in use (and all in common use – only Perl is deployed safe (since 2003) and Ruby 1.9 has a patch available. Every other OS is vulnerable. Today. The attack is only a POST option with a table of delimited hash collision values. You could copypasta a working exploit, it is that easy. The vast (vaaast) majority of sites on the web run PHP, and 1 Gbps of attack vector bandwidth could take down 10,000 cores. With ASP.NET, that 1 Gbps can hold down 30,000 cores cRuby 1.8 (not patched, about half of Ruby installs): that 1 Gbps can keep a million cores tied up.

Yow.

Posted at 18:32:59 GMT-0700

Category: EventsTechnologyTravel

A Very Energetic Band at Borgo a Mozzano’s Halloween

Thursday, November 3, 2011 

This band was playing a small stage along Via Roma at Borgo a Mozzano’s Halloween festival.   I haven’t been able to figure out their name yet (will update when I do).  The singer managed to put out an amazing amount of vocal power from such a small frame.

Encode parameters

 ffmpeg -i Band_at_Borgo_a_Mozzano.MTS -c:v libsvtav1 -pix_fmt yuv420p10le -preset 2 -svtav1-params tune=0 -b:v 0 -crf 40 -pass 1 -an -f null /dev/null && \
 ffmpeg -i Band_at_Borgo_a_Mozzano.MTS -c:v libsvtav1 -pix_fmt yuv420p10le -preset 2 -svtav1-params tune=0 -b:v 0 -crf 40 -pass 2 -c:a libopus -b:a 96000 Band_at_Borgo_a_Mozzano.webm

 

Posted at 07:13:14 GMT-0700

Category: EventsPlacesTravelvideo

Halloween at Borgo a Mozzano

Wednesday, November 2, 2011 

Borgo a Mozzano hosts the biggest Halloween festival in Italy and this year was the biggest yet. The streets were so packed with people it was almost impossible to move in some places. There were at least 8 stages, each hosting several different bands through the night playing all sorts of music from heavy metal to gypsy punk to polka, but one of the best was the marching band which had our town butcher out dancing with a cows head.

Halloween_Borgo_a_Mozzano_2011_DSC06657.jpg
Read more…
Posted at 10:42:55 GMT-0700

Category: EventsPlacesTravel

Lucca Comics and Games 2011

Tuesday, November 1, 2011 

Lucca Comics and Games is a bit like Comic-con except in a medieval walled city, which goes well with a lot of the costumes.

Lucca_Comics_And_Games_2011_DSC06005.jpg
World of Warcraft?

Read more…
Posted at 09:12:49 GMT-0700

Category: EventsPlacesTravel

Passaggio del Terrore

Monday, October 31, 2011 

The first night of Halloween at Borgo a Mozzano (it is a 3 night extravaganza here), we visited the famous Passaggio del Terrore. The highlight was seeing the owner of our local hardware store as a crazed psychopath.

Passaggio del Terrore_DSC05913.jpg
Read more…
Posted at 17:40:44 GMT-0700

Category: EventsphotoPlacesTravel

Miscreants of Taliwood Free Tonight

Wednesday, February 24, 2010 

Carolyn and I saw the Miscreants of Taliwood at the Telluride Film Festival last September and had an opportunity to talk with the director, George Gittoes. We felt the movie was an important record and George an important resource for the people we work with in DC and arranged to have him come for a screening.

Miscreants is the only western film by the only western observer in the Tribal region of Pakistan along the Afghan border during the tumultuous period starting with the siege of the Red Mosque/Lal Masjid in June of 2007 and including the assassination of Benazir Bhutto.

This is a unique document, the sole direct, ground-level view of the geographic heart of Taliban ideology and a core operations center for Al Qaeda. Further, the opportunity to speak with Gittoes is particularly exceptional as his two years in the region were marked by extraordinary encounters that he was unable to incorporate into his documentary because “when people are pointing guns at you, taking out your camera gets you killed.”

We are screening it tonight, Wednesday, February 24th at 8pm at the Letelier Theater at 3251 Prospect Street, NW (upper courtyard – above Café Milano) Wash, DC 20007 202-338-5835. Admission is free. A parking garage is located between Café Milano and Café Peacock.

There will be a Q & A with George Gittoes immediately following the screening.

Miscreants_poster.jpg
Posted at 13:38:50 GMT-0700

Category: EventsGeopostPositiveReviews

26c3 Berlin

Thursday, December 31, 2009 

26c3 was a blast, as was Berlin. It’s a good conference in the olde school hacker style: mostly younger people, mostly wearing black. There weren’t a lot of women, but Carolyn, Isabella, and Meredith tried to even out the ratio a bit.

Some of the best lectures included one by some German engineers working on the lunar x-prize. They had their prototype rover with them and gave a great talk about the various challenges.

Another great one was Dan Kaminski’s talk on PKI. I don’t agree with the premise that SSL should be a reliable method for identifying the owners of websites as people just can’t tell the difference between bankofamerica.com and bancomerica.com and so it doesn’t make anyone safer if the bankofamerica site is super green if bancomerica.com is also super green, and so the complexities of getting an accepted certificate simply reduce the use of secure connections and the overall security of the internet. But he had some pretty great attacks on the security of SSL that causes problems no matter what.

We enjoyed fuzzing the phone as well. It was a very entertaining talk on attacking phones with crafted SMSes. The method of creating the attacks was very clever – rooting the phone, redirecting the radio to a wifi link to a CPU so they could try zillions of SMS and see what would happen. In the process they discovered they could remotely root the communications manager (which runs as root). And %n to specific windows phones and they’ll crash and fail to reboot until the SMS is cleared out of the inbox.

Berlin is a great city and it was fun working in the shadow of the TV tower.

We made reservations for lunch but we could tell it wasn’t going to be a great day. In the end it was a very intimate lunch with pretty clouds pressing against the glass.

The fog lifted but was replaced by snow, which is a lot of fun in a city when you don’t have to drive.

IMG00220-20091228-0842.jpg

IMG00224-20091229-1405.jpg

IMG00225-20091229-1438.jpg

IMG00226-20091230-1303.jpg

IMG00230-20091230-1653.jpg

IMG00214-20091228-0802.jpg
Posted at 11:42:34 GMT-0700

Category: Cell phonesEventsFreeBSDLinuxphotoPlacesTechnologyTravelWeather

NIMBY Party

Sunday, June 21, 2009 

On Saturday, Mike Wehner and I went to the NIMBY party. It turned out really well, a good crowd and fun entertainment despite the anomalous efforts of the OPD to embargo the party. It was something I’ve never seen before: the police blocked access to the building thus locking out a few thousand would-be-party-goers.

They did not interfere with the party with respect to those people who found a way in or were already in attendance. They were polite and didn’t give anyone a hard time. They just did what they could to keep anyone from getting in. There was a rumor going around that an edict had been issued by a politician to the OPD to shut down the party.

A solid 500-1,000 people (it seemed to me) did get to enjoy the event including a therm demonstration, a very impressive stunt riding demonstration, and, of course, the boxing.

I’m not a fan of spectator sports of any kind, and have never actually watched a complete boxing match before, but this was particularly entertaining. Really drunk bikers knocking each other around (safely supervised, with gloves and mouthguards) was sometimes pretty hilarious, and sometimes a good excuse for a drink. A few of the men I saw get up there were technically pretty good and fun to watch.

By far though, the most entertaining fighters were the women. Some wrestled instead of boxed, which was awfully sexy from an oogling perspective (the most vociferous ooglers were other women, by far, who were the only one’s calling out for clothing removal moves I heard). What was most surprising was that some of the female bouts were actually really good boxing – far better than the men. They stayed clean for three rounds, fought well, had good form, and were just technically better fighters and had the most interesting bouts even from a purely athletic perspective.

21-06-09_0022.jpg

Posted at 22:37:01 GMT-0700

Category: Eventsphoto

Yay! News Quiz is Back

Friday, May 8, 2009 

With Sandy Toksvig. Week is funny again.

I’m very worried about this flu thing.

I tried to phone NHS… but all I got was this cracklin’

Posted at 19:04:34 GMT-0700

Category: EventsFunnyGeopost

The third accident this weekend…

Sunday, August 19, 2007 

Why are these kids so reluctant to chat with the police after an accident? Hmmm… The only time these accidents aren’t hit and run, is when the kids are hurt enough they can’t run. Unfortunately, modern cars are way too safe.

IMG00073.jpg

I offered to help my neighbor, Bila, change the tire in the morning. This morning at 9:00, when he was done baking, he rang my bell and we changed the tire. From the glass on the street, it looked like the perps’ car was far worse off. Bila’s axle might have been a bit tweaked though.

Posted at 02:05:15 GMT-0700

Category: Eventsphoto

Newer Entries »