Did you know that keeping a blog up to date takes work?  Who freaking knew!? 

Like so many things, keeping something relevant and up to date is a real challenge, especially if you're disorganized. Let me tell you from experience... YES, this is not easy. Life and ideas come at you fast and there's barely time to get one thing on the page before the next something pops up.  So in an effort push to grow and improve, I'm writing my first blog entry for 2019. What's it about?  

Moving the needle, that's what. So here we are, watching Firefly for the bazillionth time, hoping the band will get back together?  NO. This is more than that. This is admitting that we enjoyed the band while they were around, but we have to look forward. What lies ahead is the future. We'll just keep an eye on history to see if we can maybe learn something from it. It would be really great if it was the RIGHT something, but no promises. Let's just take one step at a time and see where this goes.

And for goodness sake, don't roll a 1.

I'm a creature of habit, preferring to use tools that do a good job. At some point, that stops being the case because either something breaks, or bit-rot sets in, or worse, it g-e-t-s  s--l--o--w  and painful to use. That's what happened with my old lenovo ideapad s10. I loved the heck out of this thing. It's not new, but it shouldn't be painful to use, right? I mean, isn't that what Linux is known for?  Making the old things usable, again?  Maybe it's true in some cases, but not so much with the IdeaPad. What do you mean I can't run a modern browser on a piece of damaged hardware that never accepted the upgrade ram I tried to install?  So you're telling me that 1GB of RAM isn't enough to run chrome and 3 VMs simultaneously on my netbook?!??  What's a nerd to do?  

The obvious answer is to re-enact a now-famous scene from Office Space, with my netbook standing in for the printer/fax machine. (What does PC/LOAD LETTER MEAN?!)  Stepping back from the ledge, I realize there may yet be hope for the netbook, but not really running more modern browsers. Maybe others can offer some suggestions in that department, but I don't know if Xombrero supports plugins... and I've got other irons in the fire.  Instead, I took to looking for an inexpensive alternative. Something with the ability to get some work done and also be lightweight enough to go on the road.  Enter a used Surface 3 I picked up on eBay. This non-pro model has 4 GB RAM and uses a newer Atom processor.  I passed up several listings with visible or the mention of damage in the descriptions. ALWAYS read the descriptions closely. Wound up winning an auction for less than $165 that came with a keyboard and power supply. The listing explained that windows had been replaced with Ubuntu 17, which is what I was looking for anyway. The auction started for less than $100, but apparently I wasn't the only person who thought this was a good idea. Still comparable to a chromebook, but with 64GB of storage. Say what you want, but I've enjoyed the surface tablet form-factor. To each their own.
​
The box arrived ahead of the estimate and was well packed. The listing said it was a bit dirty, and they were truthful.  Took a bit of effort, but the screen is in great shape, the body has a few scratches, but that's okay.  I spent time with some following the instructions on cleaning the keyboard and the special coating surrounding it and on the bottom of the type cover. Once ungrodified, I left it to dry near a fan, because I'm impatient. I even cleaned the power brick and USB cable that powers the tablet. Having interned with a video production company, I've been trained to be nice to cables, as they can either be your friend or enemy, depending on the situation. The power cable in this case... was treated like it owed somebody money.  It cleaned up with some rubbing alcohol and maybe it will last? Time will tell. Oh, I forgot to mention... While this is a full tablet, it should charge / run on an external battery as long as it supports 2.5a.  I've had success with Anker as a brand, but I'm sure others would work too. Just make sure the specs support 2.5a.  So next time you realize you forgot the power supply, at least a phone charging battery could extend your computing session. Can't do that with a pro model at this price. 

Being cautious by nature, I knew I would feel better if I re-installed from scratch, but I've never done this before. I'll admit that this took a bit more learning than expected, but was well worth the experience. I started tinkering before the reply came in... I tried 'password' and 'user' or 'admin' but sadly didn't try the shorter 'pass'.  Shame, I suppose, but being so impatient, I went ahead and tried to re-build using an existing live image from a thumb drive. Oops! UEFI is different?? WHAAaaat?  Of course it won't be that simple... so did a bit of learning there... so after trying 3 different attempts at rebuilding, I'm right back with Ubuntu 17.04... I had to use the simplest, unpowered USB hub I could find, because the surface only has one port. Now the one I used is a y-2146 by Unitek, but it's long since out of production. Maybe a newer version will also work?  The track pad from the keyboard didn't always get recognized, depending on the distro. Worse still, the touch features only worked in Ubuntu 17. This meant I really needed a hub to add a wireless mouse. The keyboard worked, but it was a bit tricky working out keyboard only installation. Even harder to get wireless active without use of the touch screen or a mouse. So adding a hub before booting seemed the right move. Thankfully it worked and the tablet DID boot from the thumb drive.  

Mint 18 and mint mate 18 were great, albeit without touch support and some other things, until the firmware updates tried to install. Then it was HANG city... and rebooting didn't help. Tried 16.04.03 LTS and BOY that was real hit and miss with firmware support. On power it seemed ok, but trying to boot on battery was _terrible_... Realized I would have to rebuild the kernel just to get things usable... So I went back and rebuilt 17.04 and that did it. Everything 'just works' now. Oh, except there was no sound... Launched a browser, tried youtube... tried internet radio in VLC... Nothing worked.  Was just starting to look things up in a search engine, when I thought to check the sound settings. Of course the 'no sound' issue was as simple as changing to 'speakers' vs. headset! So, it all works again, and it was a frustrating, but all-in-all fruitful learning experience.  The only minor irritations so far: the brightness control doesn't seem to work to dim the screen and the battery indicator isn't showing up on the Gnome Panel. Fairly small things to deal with. Ubuntu 17.10 is right around the corner, so hopefully the experience should keep right on getting better (or not, but I'm going to go with the optimism on this one).  The docking station is certainly inexpensive enough... Looking forward to making use of this every day.

Happy tinkering, learning, growing, and computing.  Thanks for reading!

​@SciaticNerd

SE News for Mon, 26 Jun 2017
One design firm's jargon-free contract: 'Time is money. More time is more money' / Boing Boing


Oskar Fischinger’s 117th Birthday
https://twitter.com/alecmuffett/status/878903980176396288
Pen-testing as mental out-sourcing...

AES-256 keys sniffed in seconds using €200 of kit a few inches away • The Register

Revenge on an IRS scamming company
Programmer writes script that calls Phone Scammers 28 times a second causing service denial preventing future scams. - videos
Reddit thread

YouTube
Video source
soup/flood.cs at master · Jfaler/soup · GitHub
Source code


Introduction to Python, Data Science & Computational Thinking: Free Online Courses from MIT #MakerEducation « Adafruit Industries – Makers, hackers, artists, designers and engineers!



Brent White - Such a great feeling to see your ideas become realities!
DEF CON 25 - DEF CON Groups panel discussion alongside some great people!
Jayson E. Street Jeff Moss James Smith, and a few more.

YouTube
SuperDeluxe - Block chain explanation

Disciples of the Blackberry, I'm going to say the thing you might not want to hear. Blackberry is dying, if not dead, as a hardware platform. I strongly urge you to find something you dislike the least and begin the transition. That means: please back up your contacts, notes, documents and data from any and all RIM and BB devices to a PC. I do not say this lightly, but cannot in good conscience recommend any more devices from a company that has discontinued production of their own operating system.

The only thing going for it at this point, IMHO, is the physical keyboard. OS updates, which may not seem like much at first, will likely be delayed in being delivered to the phone. This has been my concern over every single Non-Google produced Android phone since I owned a Samsung Galaxy S.

You might be thinking that was a while ago. You'd be right. Why? Because each of the interestingly named editions of Android, and their updates, were released directly to the Google phones while ALL Android phones made by someone else had to wait to receive them... If they got them at all.

So... Would you rather wait for a manufacturer to build a version of the most recently updated Android release that works on your phone? Or would you rather not be thinking about whether or not your data is safer every time we hear about security breaches on mobile devices.

Bottom line:

iPhone: best middle of the road solution. It has all the apps and updates. Siri 2.0 is pretty handy. Accessories practically rain from the sky... AND you can get a battery case that will let you keep using a micro USB cable, if you look a bit, instead of having to invest in all new wires.

Android: Again, IMHO, only buy a handset from Google. Bunches of apps, get updates when they are released, and accessories may be ordered online if the phone is less common. The letdown sometimes is in battery life, but Android v6 (Marshmallow) seems to have finally resolved most of this. Google's virtual assistant has never felt fully formed to me. Maybe I'm not giving it it's due, but it never seems to do what I ask it to. The non-Google licensed Android phones are gorgeous, with great features, but I have my bias about staying up to date within hours or days... Not months or a year behind everyone else.

Windows phone: Very decent hardware. Good battery life. The fantastic Cortana virtual assistant, and honest to goodness MS office on a mobile device. Apps are where this platform falls short. Don't get me wrong, the basics are covered, but if your likely to suffer from app envy if your friends all show up playing with the latest game or software widget. If you honestly spend the bulk of your time with email and documents, I do suggest taking a look at Windows phone. Microsoft is working on right now on an idea called Continuum that looks very promising. Connect your phone to a specialized "dock" and it will be possible to connect a mouse, keyboard and video to a monitor and get real work done, with the phone standing in for a laptop or desktop. That seems pretty exciting to me, but not everybody's interests are the same.

So there you have it. A full rundown, plus opinion. Hope it's helpful and thank you for reading.

https://www.kickstarter.com/projects/5074048/special-dedicated-editing-keyboard-for-photoshop]Well now here's a Keyboard that defies practicality.  Guess this guy got tired of having to learn Keyboard Shortcuts in PhotoShop… so he wants to build and sell a fast-food menu style behemoth to let you pick everything directly… What would that look like with all those functions within PhotoShop?  I'm so glad you asked….


Tiny, huh?  No?  Are your eyes overwhelmed with the number of keys and buttons and light and colors yet??!?!  How about a view from the top down?  And at $89 for the early bird models…. How can you go wrong!?!? 😉


That's right… It's bigger than your laptop and brighter to boot! (But I admit I'm still curious)

The need to go "beyond the exploit” and work on Defense is a growing trend at InfoSec conferences over the last few years. You're with see a paper describes how a diligent researcher has discovered yet another wall in a popular product or service. Now I think she needs to go out to all those folks you keep working this. This is not my area of expertise and I think their service and they do. The challenges that not everybody is looking for just how to. It's great to know where the holes are, but what about identifying a way to solve it?
Have you ever gone through that? Someone comes to you with a problem or complaints, and all they do is want to talk to you about how bad things are. Then when you ask them how to fix the issue they look at you blankly and say I don't know. C, this is what I'm talking about. I do find myself wondering if this is what the organizers of information security conferences are talking about, to. The concerns that we spend so much time focusing on how to locate the problems without defining for providing solutions.

Today's example comes from an article stumbled across on Twitter called "Stealing PIN Codes With a Wink and a Nod," by Dennis Fisher. The article steps through the risks and discusses a method that might improve things... So why not make an app that displays the digits in a different order each time?

But this opens in tirely different can of worms doesn't it? Why is or how do you provide solutions when there's nobody paying for them? It's great to identify a solution, but at what point do we cross the threshold from being helpful too giving something away for free when we could charge for it? And it could easily be argued that giving something away for free is a great loss leader to get people closer to your service, but we all know that in this industry in particular function for certain they don't have to pay for anything and if somebody wants something for nothing, it's really easy to come by. Hello internet, space what's the point? Do I just keep getting your stuff after giving your stuff or are you going to help me out too?  

I mean, pie isn't going to by itself, is it? So where do we draw the line between asking the internet people of the Internet the community of the internet for help in providing solutions when there's no one to go? Oh wait that's not the right questions it's not so much are we ready who will buy you things that we have to prepare something that they can buy so if you like to find a problem where's the line? Do I tell people about it? Will that mean that someone takes my idea and runs off with it or I could/should have made money? Maybe it's better to just have the software out there.

The following is the abstract for the attached slides from my presentation from LASCON earlier this week.

Establishing Electronic Trust is becoming a more important part of the digital landscape than ever before.  This presentation aims to do two things: One is to use allegory and a story like approach to explain what PKI is without the math.  The other seeks to paint a picture of the impact to doing business and where the road looks to be going.

Part One:  What is PKI in practical terms. It may seem commonplace in the industry by now, but believe you me, there are plenty who don't know a Relying Party from a hole in the ground.  We'll cover some of the common terms above and beyond Digital Certificates, how they interact, and how things are managed.  An attempt will be made to inject some humor as gravy to what is seen as an otherwise dry topic.  

This isn't to say this that finger puppets will be used, but for the people want to learn, demystifying information in plain English should be a welcome change. An explanation of the trusted roles involved in deploying certificates, the governance of the system, and the management and distribution of keys will be offered afterwards. 

Part Two: A few real world examples of how to apply these concepts will then be offered, having established a basic understanding of how the pieces of the jigsaw fit together. Once these topics are briefly covered, it will be time to suggest where things are going based on key events taking place in this ever active and growing industry of Identity Management.  Included will be some observed happenings regarding the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the much sought after on-the-fly provisioning methods.

This is not exhaustive by any means, but at the time of this writing, the links below should represent a time savings over locating the information.  

HIPAA - Health Insurance Portability & Accountability Act (pub law) - HHS has a page devoted to it as well as a good summary page for HIPPA

SOX - Sarbanes Oxley - found a quick guide

Gramm-leach-blilley act - Financial breach notification - Summary page from FTC

FISMA - Federal Information Security Management Act (PDF)

95/46/ec - EU based Data protection directive also 95/46/ec (31995L0046)

2002/58/ec - EU based - Processing personal data

Decent summary on EU Protection of personal data

Common Criteria is a set of standard to facilitate product comparisons to help consumers select the right security products for their needs within AIC goals (Availability, Integrity, and Confidentiality)

ISO 15408 - defines methodologies which resolve the differences between TCSEC and ITSEC. High level presentation. Slightly harder to find is a free copy of the standards themselves. Search for 15408 on the page.

NIST SP 800-53 is a good resource for a catalog of security controls along with the ISO 27000 series.
The 800-53 was on rev 4 (Apr. 2013) at the time of this entry (as well as almost 500 pages!).  The ISO 27000 link above is only to the Glossary and will likely land at a 'click to accept our terms' page. The actual 27000 series documents (Information Security Management Systems or ISMS) don't have a free link as they require payment to obtain.

NIST SP 800-18 will list documentation requirements to consider




It ain't pretty, but it's posted.  #GetToIt

First!Ironically, this is the funniest part about it. Using nothing but a simple templates I am able to dictate my first blog post. I'll admit this is not a whole lot of substance, but it's late.