Summer 2017

Posted in Uncategorized on September 26th, 2017 by josh

Back in June 2017, I went to London to speak at InfoSecurity World London. Immediately after, I flew to Florence, where I checked things out, fought off mosquitos in an airbnb and ate lots of amazing food. I then went to Barcelona. There, I swam, ate amazing things, drank, met people, drank some more and then went home (very hungover).

In August, I spent a week on a houseboat on Lake Shasta with Sara’s dad and some of his family. The day after returning, Sara and I went to Copenhagen for a week, where we did what you do: ate amazing food, drank great coffee and explored. She returned home while my co worker and her fiance met me in Berlin. We rode bikes all over the place in the near 100 degree weather, had a lot of beer and, at the end of it, made our way to Amsterdam. There, my co-worker and I each gave separate presentations at BSides Amsterdam and then returned home after a couple of days.

A week after that trip, I flew to Milwaukee for 2 days to present at the ‘Midwest Cyber Security Conference’. I created a talk just for them called, ‘Your Cloud is Bigger Than You Think’. Milwaukee kind of reminded me of Copenhagen, just a little. It helps that the weather was warm and wonderful.

It’s Sept 26 now and in San Francisco, the weather is heat-waving. I love it, but am about to go to an even warmer place: The Mojave desert. I’m heading to Wasteland Weekend on Thursday. It’s a mad max themed event that takes place every year that I just found out about and figured it would be fun to check out.

Here’s my outfit:

I have four more talks planned:

1: The Future of the Internet (in 3 weeks) – Still being created. Will be done locally, for Santa Clara City government.

2: Behavioral Analysis using DNS and Network logs: A conference in Prague in Nov.

3: Visualizing Botnets, co-presenting with the same Berlin co-worker in Prague and in Vienna in Nov.

While this talking and traveling is fantastic most of the time, I am anxious to focus hard on making music and finishing an album. I’ll be doing that through the winter.

Also this winter, I’ll be doing my P2 test in Krav Maga, so I’m starting to ramp up training. Currently, I train 2 hours Monday, 2 hours Wed, and 2-3 hours Sat (depending on how I feel). I’m about to start adding in Thursday and to start always training 3 hours Sat. When Nov approaches, I’m going to do 4 hours on Sat, much like when ramping up for my P1 test. It really helped me to last the 5 hours. I’ve heard that the P2 test can be up to 7 hours. I’ll be taking the test in Santa Clara and am going to rent a hotel room somewhere with a jacuzzi. That will be awesome regardless of how I do.

Passed my Krav P1 test / adjusting my googles

Posted in Uncategorized on March 3rd, 2017 by josh

Krav Maga P1 Test

It’s been a bit over a month since the Krav Maga P1 test and I forgot to write about it. It was 5 intense and really fun hours! About a week after, they told me I passed! Since then, I’ve started to attend more advanced classes and am regularly getting punched in the face, kicked in the groin and legs and loving all of it (most of the time). Looking forward to more!

Adjusting my googles

Just before the ‘trumpening’ occurred (trump becoming president), I moved my email off gmail and onto my own server. It was a good reason to finally take control of my email and communications. It’s working wonderfully, but I have additional plans. I’m going to make all emails auto-encrypt on the server. My devices that access them will decrypt each email as I view them. This is also being turned into a workshop that can be taught to others.

Then, I’m using three browsers for separate activities, which is slightly annoying but not terrible. Safari is for facebook, chrome is for work and personal gmail-connected services and Firefox is for everything else, with no google integration. Duckduckgo is my search provider. I did just buy a thinkpad carbon x1 laptop and installed linux. I’ll have to figure out what browser to use with Facebook. Maybe chromium since I won’t be doing anything else in it.

On my phone, I’ve installed firefox and made it my default browser. Of course, I use signal for SMS and tinfoil for facebook (a wrapper for facebook) for those times when I want to see what’s up with others or post a random picture. google voice activation is turned off, but there is still heavy google integration on my phone. Soon, I’m going to install a cleaner ROM and won’t be connecting a google account that is tied to other accounts to the phone. I just have to work out the details.

All of this stuff could be organized into a cleaner workflow. As it gets smoothed out, I’ll write about the steps anyone can take to recover some of their privacy without being fully excluded from technology-oriented social circles.

7 months of Krav Maga / Another trip to Europe

Posted in Uncategorized on January 25th, 2017 by josh

On a whim on the first Saturday of July, 2016, I left my house in a hurry to rush to a Krav Maga gym in Oakland. I took the class without knowing much about it other than that it’s a self-defense system. That 1 hour class worked me out hard core and it took a week to recover. I went again the next week and the next and the next. Eventually, I started going on Wednesday’s too. At this point, it was only about 2-3 days of recovery time needed.

As the months went on, I decided to up my cardio and started taking a combat cardio class along with the krav class on the weekend as well as my middle of the week classes. Now, seven months in and frequently taking three classes in a row multiple days a week, I’m looking towards next Saturday, 1/28/17. I will be taking my P1 test. It’s a five hour test of endurance and the moves learned to graduate to the next level. My instructor on Monday said it was the hardest thing he’s done other than marinecore bootcamp. I’m super excited and a little nervous. I want to succeed and know that the muscle memory is in place to do the techniques.

Most of the time, my bumps and bruises are fairly minor, but last nights classes resulted in the most injuries. I was kicked pretty hard and now have a bump and bruise on my right forearm. And then, while escaping from a strong headlock, my ear was quickly and painfully bent in a bad way while clawing my way out of it. Hopefully these things heal up in time for class tomorrow and hopefully I’ll have a ton of fun taking the test on Saturday!

I bought a really nice bottle of wine for Sat night, which will be enjoyed whether I pass or not.

Other news:

I went to Europe again in November to speak at DeepSec 2016 in Vienna. The trip was two weeks. Just to summarize:

Oakland – London – Amsterdam, one night (maybe 10 hours) in Amsterdam.

Train to Hamburg, visited model train museum, then train to Berlin.

Several days in Berlin, went to Tresor, saw where David Bowie lived, visited Hansa Recording Studio, walked all over and took the train. Did a Krav Maga class. Worked from my airbnb.

Night train to Vienna: Conference, then accepted to speak at BSides Vienna.

Train to Budapest: Went to four different sauna places. One was a dance party at night.

Night train back to Berlin, then a day in Berlin. I was ready to come home though at this point.

Flight to Copenhaagen, stay at an airport hotel, flight to London next morning and flight home.

It was nice and I love it in Berlin and Budapest. I would like to really see Copenhaagen and would love to go back and stay for a long time, but in the summer. For now, it’s nice to stay put. There’s a trip to Vegas soon and then a speaking thing in Orlando. I’m not excited to go to Orlando, but it’ll probably become exciting when closer.

Weekend in Tahoe

Posted in Uncategorized on June 6th, 2016 by josh

I rode the motorcycle up to Tahoe on Friday with Sara behind me and a whole bunch of camping stuff attached. We met her dad, Ted at Nevada beach, where I had a campsite that was reserved almost six months ago.

Originally, I wanted to go by myself on this trip as a way to start thinking about my fathers death 11 months ago. I haven’t read his obituary yet and wanted to read it while doing something that he loves. He always took me camping, so I figured this would be good. However, I realized that this campsite would be full of people and not a good place to process and ended up inviting others to join. A bunch of people were planning on coming, but everyone ended up cancelling except Sara and her dad. Now I’m going to plan a personal trip somewhere remote where I can follow the original plan.

It was light camping – sort of an intro to camping for the summer, as I didn’t camp last summer. We ate out every night and only cooked one meal – breakfast on Saturday morning. It was really great and fun. Now I’m ready for some reclusive camping where everything must be brought along.

This morning, we woke at around 5:45 with the sun, had breakfast and headed back home. Sara rode with her dad and I rode alone. It’s nice to ride by myself because it doesn’t feel as crowded. Additionally, I always think about how dangerous riding a motorcycle is. It’s bad enough that I do it, but even worse when I’m responsible for someone else. Every time I get on the motorcycle, I’m aware of how close to death or other bad situations I am. It’s strangely much more comfortable to be alone on the bike over sharing the experience since it’s just me who’s at risk. I’d honestly just rather not have to travel like that at all. But as a creature of matter, I have to travel at the speed of meat – in airplanes, in cars, on motorcycles, bicycles, and by walking.

When I think about being scared of flying, I think about how ridiculous it is that I’ll sometimes take xanax to calm myself but will ride a motorcycle with all the crazy-ass drivers on the road. I guess it’s a control thing-as in I feel like it’s better if I am in control. I know planes are way safer than being on the road without a seatbelt or surrounded by a metal exoskeleton.

I also think about things like this: David Bowie was afraid of flying. He didn’t like the feeling of acceleration followed with rising up in the air. He said it was like wiley coyote going fast and off the edge of a cliff in the road runner cartoons. Most of his trips that I’ve read about involved trains or boats. When he was filming the Man Who Fell to Earth, he took a train from LA to Albuquerque. When moving from LA to France after recording Station to Station (prior to his Berlin trilogy), he took a boat. Yet, after all that fear, which resulted in him wasting precious moments of experiencing time with people or life in general, he ended up dying of liver cancer. Maybe he liked the long hours sitting on Amtrak or swimming in a cruise ship pool. But maybe he could have had more time doing something else if he’d taken the 1 hour flight over the two day train ride or the ten hour flight over the three week boat ride.

Ok, I’ve gone off on a tangent. Today was cool because we woke early, I rode home alone and made it home from Tahoe (180 miles) in about 3.5 hours. I was home by 11:40. I showered, then napped for an hour, then met my friend Rob at the Tribune bar (in the building of the Oakland Tribune). We watched the Warriors basketball game. Afterwards, I came home and watched Game of Thrones while drinking wine in the dark.

I love when days are this varied – when you squeeze 3 days into one.

Whole30, podcast, trip to Europe, music, slightly apathetic this morning

Posted in Uncategorized on January 21st, 2016 by josh

This morning, I was driving the motorcycle to work and was just exiting the bay bridge. Generally, I’m very excited to experience the day, regardless of whatever. I love that I get to be alive. However, I was just sort of not feeling it and had to downshift to 2nd gear because I was almost ready to stop at the end of the ramp. I didn’t really ‘feel’ like downshifting, like I was being kind of, “ugh…I have to do a thing”. That was the beginning. The day has felt kind of like that, but I pushed through and worked, went to the gym went to meetings, worked on the podcast for work and generally had a good day.
Speaking of podcast, I haven’t mentioned it yet. Work wants to do a podcast about security and they want to do it differently than others. I’m going to be the host and am really excited! We’ve already begun working on and recording the first episode.

For January, I decided to take a break from alchohol, just because. Then, before quitting for the month, I decided to do the whole30. That’s an elimination diet where you don’t eat carbs, sugar, bread, dairy, alcohol, etc. Basically, just meat and veggies. Caveman/woman style – Paleo. I’m on day 17 (started on Jan 4) and will be going until my birthday, Feb 5. On that day, I’ll have my first glass of wine and maybe some desert. I like what this has done. I have a lot more energy all the time but struggle with wanting a treat or a nice drink. The main reason for doing this was just mental discipline. I also wanted to stop taking alcohol for granted. Sometimes I can drink a bottle in a night just because it’s there. I’d really prefer to be satisfied with one glass every day or two or three days. I drink recreationally, but some days have been more recreational than others.

Music: I’ve decided to get serious again about music and finish an album by spring. I want to play shows and I don’t care to who or where. I have no interest in jockying for a slot in some show as I just don’t give any fucks. It’s about having fun. Hopefully, some shows will happen where I can just play, even if it’s for myself.

I can’t remember if I wrote about this, but it doesn’t matter:
Went on a trip to speak in Vienna in November about computer security stuff. I visited a lot of places too: London, Vienna, Rome, Venice, Paris, Brussels, Amsterdam. It was all just after the Bataclan terrorist attack, so things were interesting. In fact, I saw the attack taking place on a TV in a bar at SFO just before boarding my flight.
The best part of my trip might have been the private car on a night train from Vienna to Rome through the Alps. I had a Donor Kabab, a bottle of Austrian wine and myself for company. It was beautiful.
It looks like I’ll be attending another security conference in Heidleberg, Germany in March if all goes well. My talk wasn’t accepted, but I’m a backup speaker. It means I have to get my own plane ticket. I don’t mind, but I have to find the money. It’s worth it to get a Donor Kabab and see Germany again. I’ll spend some time in Berlin – maybe even try to get into Berghain.

I may not have updated with all my travels. In 2015, I did a lot of speaking at security conferences. I went to Chicago (bsides conference), austin (bsides), Kentucky, Derbycon, Vegas (a lot – pleasure and for Defcon), LA (bsides), Joshua Tree (for fun), Seattle and Boston (Source Conference) and probably some other places I can’t remember. It was basically a trip every 3 weeks on average. Really awesome! I’ve got two trips to Vegas (for fun) coming up in the next month and have submitted a new talk to various conferences all over the US and some in Europe.

I want to start writing a lot more here just to kind of document my days. Let’s see if that happens.

Privacy and traveling

Posted in Uncategorized on November 15th, 2015 by josh

Hmmmm…I didn’t update since my 40th birthday. Now it’s only a few months until 41.

Ok, here’s what’s happened.

Starting with this: Sara and I eloped in Vegas in June.  It was a nice way to celebrate our relationship and how we feel about each other. It’s caused some issues with a others and I’m trying to work those issues out. I’m happy with it though and feel at ease with myself in a way I can’t put into words. Most people who say they got married would be all gushing and whatnot. However, I don’t see marriage the same way as a lot of people I know. To me, it’s just another neat thing I’ve done with someone I love and doesn’t change how we relate or affect how I feel. I love who I love regardless of titles, papers or promises.

Super serious privacy stuff now:

I’m in London right now – arrived 15 hours ago. I’m very jetlagged and a little bit drunk from going out at 2 in the afternoon my time, 10 pm London time.

As I was waiting to take off from SFO, I saw the potentially ISIS attacks happening live on the news in the bar.

As a security researcher, here are my thoughts going forward based on recent events.
The attacks on Paris, Beirut and Baghdad will probably result in continuing justification for more anti-privacy legislation for the general public. This is a low hanging fruit that governments pick to combat terrorism. However, people who plan to do harm know how to protect themselves (with encryption and non-digital communication) and will generally continue to be unaffected no matter how much surveillance is in effect. France is currently legally allowed to tap phones and email communications without warrants, but that didn’t help stop what just happened.
While people often say they have “nothing to hide”, it’s important for everyone to continue encrypting all data and communications as much as possible to make it difficult for agencies and people who think total surveillance is the way to make it all better. Hopefully, this difficulty will make them look to better legal avenues for predicting and combating malicious activity.
Some things you can do:

  • Use a VPN if on public internet or when out of the country.
  • Use full disk encryption on your phone and laptop.
  • Consider apps to increase security, such as Signal, an iphone and android app that will
  • Encrypt your texts and phone calls.
  • Use https everywhere to increase security for non-secure websites (a plugin from the Electronic Frontier Foundation).
  • If traveling, completely power down all devices before going through any security checkpoints.

40 years

Posted in Uncategorized on February 5th, 2015 by josh

So….today is 40. At 2:33 PM, 40 years ago, I was officially born.  It hasn’t really phased me that much, but it’s an occasion to note.

In just this relatively small amount of time, I’ve learned things change quickly day to day while other things change over time in a gradual fashion and it’s important to react appropriately to the right changes. I’ve learned not to hold onto things as they were, but to cherish the past for shaping me and the environment in which I inhabit. I’ve also learned to embrace the present because it’s the most concrete reality from moment to moment. While doing this, I think about the future and how to arrive and act when those future moments become the present. I’ve long visualized living like flowing down a river. There are rocks in the way and sometimes they just pop up, impeding your progress. But for the most part, you can see all the obstacles and all the things you’d like to bump into and steer your way away or towards them. Making huge changes on a moments notice in this metaphorical river requires a lot of personal energy, but making huge changes later on down the river based on what you see ahead is easier because you primarily use the rivers energy along with a small bit of your own. This concept is what keeps me striving for success and contentment. It’s how I visualize achieving goals and living a full life that is mostly full of love and wonder.

I’m so thankful to everyone I know and have met and all the experiences so far. Additionally, I’m really happy to be alive, living in a universe full of matter and energy that makes up everything and everyone and am so thankful for having ritualistically almost always said yes to everything so almost no experience is missed. It’s a gift to be here.

Pattern recognition/Beard experiment/Motorcycle crash/trips coming up

Posted in Uncategorized on June 4th, 2014 by josh

Pattern Recognition:

This morning I was riding to work and was thinking about how I calculate risks when doing things like lane splitting or just riding down the road. I intuitively follow the feeling of the traffic. I was thinking about how all these people are doing their own thing, mostly in control of their actions but controlled by the actions of all the others creating boundaries for them to work within. You can get a picture of what might happen by watching one car if you’re interested only in what that one car is going to do, but to stay situationally  aware, you have to look at all the cars as one organism. It’s a moving whole. Individual actions can in most cases be predicted by watching the whole and listening to your intuitive knowledge of physics. Then, I was thinking about this in relation to watching network traffic or log data and trying to find anomalies. How do you go about taking a large amount of data and finding the unexpected bits? It’s certainly hard to find what to zero in on by looking at one packet or one IP address or one network connection. However, if you look at all the traffic in a given time frame, you can spot trends as well as the opposite of trends. I’m going to need to mull this one over some more. I feel like there are some good ideas in this on improving my ability to do pattern recognition or improve my workflow.

Beard experiment:

I’m attempting an experiment in which I grow a beard in the summer. I started probably back in April, 2014. It’s definitely a beard now… I’ve noticed they grow slower when it’s hot. In the winter, it’s almost twice as fast, I think.

Motorcycles:

Other news: A car spun out of control on 880 right into my lane a few weeks ago while I was riding home. I body slammed her vehicle, but thankfully I wear full gear and only had a hurt thumb and sore body. The Ducati Monster 696 still worked, but repairs were so much that it was considered a loss. Since then, I’ve purchased a faster and larger bike: a Yamaha Super Tenere. It’s my first new vehicle purchase and I love it. I am also reconstructing a 1996 Honda Shadow VT1100C. I have a trip planned on the Honda down to LA -> Vegas -> North Rim Grand Canyon -> Bryce Canyon -> somewhere in the desert -> Reno and then home at the end of this month.

In August, I’ll be heading to Colorado to visit Sara as she’s volunteering at a meditation retreat. I’ll be taking the Yamaha for that one and camping in the desert under the stars again. After visiting her, I’ll head to Vegas for Defcon and swimming/hanging out by the pool. I’ll then stay a night in Death Valley, get up super early to avoid the heat and ride home. Hopefully I can find the time to ride by Mono Lake, even though it’s out of my way.

 

Been a while…

Posted in Uncategorized on April 18th, 2013 by josh

Woa. It’s been almost a year since I updated. LASIK was successful and is awesome. I have a Ducati Monster 696 motorcycle and sold the Honda Shadow. Sara and I are sharing my apt with two cats. I’m back working for the gov. I grew an amazing beard and mustache, then shaved it off. The mustache is growing back now though. I also moved this site to a different hosting provider. I went to the AVN awards in Vegas in Jan, visited Apple Valley in Nov or maybe Feb. I’ll attempt to update more often.