Archive for October, 2011

Oct 31 2011

Open tabs 10/31/11

it was a fun Halloween, or at least as much fun as it can be if you spend the whole day home working.  It would have been fun to be in the office today to see my co-workers in their costumes, but I had far to much to do to make the commute to my office.  Tomorrow, however is a different story.  We’ll actually have a podcast this week, since I sat down and talked to HD Moore and Josh Corman about “HD Moore’s Law”.  If you don’t know what that is yet, tune in tomorrow.

Open Tabs 10/31/11

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 30 2011

$65 Standing Desk

Published by under General

          

I’ve wanted a stand-up desk since I was a kid.  Except then they were called ‘drafting tables’ and they weren’t set up for computers, they didn’t have a place to put the monitors and they were slanted to make drawing easier.  I work from home more often than I do from the office, which means I have my computer at home and work on it for 8-10+ hours a day, which I previously spent sitting in the same chair.  I spent even more time sitting in the chair since the same office space is also my play area in a lot of ways.  I record my podcast, I surf the net and play video games all on the same set of systems, and controls.   Which means I was really spending 12+ hours every day sitting in the same exact desk.

I am not great carpenter, funds are tight at the moment and I couldn’t honestly say that I’d like using a standing desk, so I decided to make one that was quick and dirty out of a 4’x8′ sheet of 5/8″ plywood I already had and picked up 3 8′ 4×4’s and 6 8′ 2×4’s.  I probably could have done it with a couple less 2×4’s if I’d planned the cuts better, but I didn’t.  The planks cost me $40 total at a local Home Depot and the plywood probably cost around $25 when I purchased it, so essentially the standing desk cost me about $65 to build.  I had a lot of 3″ screws from various other projects, since I am a homeowner and have had to use them on plenty of other projects.  I used couple of squares, a long straight edge, a pair of saw horses, a miter saw, a Ryobi cordless saw and drill and a small orbital sander.  My first big problem was making sure that the miter saw was square, which took quite a bit of tinkering.  Oh, I also used a countersink to drill all the screw holes.  I don’t think any of these are tools that the average homeowner doesn’t have, except for the miter saw.  It’s hard to saw through the 4×4’s without it, but a hand saw will do if you’re very careful.

Two decisions drove most of the design of this desk:  How high should the desktop be and how high should the monitors be?  I did a fair amount of research (well, a couple of hours at least) and most of the sites I read say the top of the desk should be within a few inches of the level of your elbow.  I went a little lower with mine, which is how I ended with a desk top height of 42″.  My elbows aren’t at a 90 degree angle, but they’re not too far off.  My monitor is 19″ tall and my reading suggests that the top of the monitor should be at the top of your head level or slightly below, so the shelf for the monitor came in at 53″, placing the top of the monitor at 72″, about 4″ below the top of my head.  This gives me a slight downward angle to a lot of the things I look at on screen, which seems to work pretty well so far.

The middle shelf I put in for a number of the things I need space for but don’t access on a daily basis, such as my printer, my subwoofer and my mixer.  I extended the ends of the shelf over the supports by 6″ and placed my computer on one end.  The plywood is strong enough to support my computer easily, it get’s the computer off the floor and solves a lot of my dust problems.  Actually, the desk and the fact that it’s so open below solved a number of dust problems I’d had for years and gave me a lot more access to the space under and around the desk.  The fact that my monitors and mixer don’t take up desk space gives me a much more effective space to work with and relives the need to clear space when I want to work on something that doesn’t require a keyboard.

One thing I had in mind from the beginning but didn’t put in until the desk was in my office was the foot rest in the front of the desk.  I’d put it in the original design (comic sketch, really), but decided not to put it in at first.  But a couple hours of standing at the desk made me realize I needed it there in order to help both with changes in my stance and to give the desk a little more stability.

So far, I really like the desk.  My back is not in great shape and I have to take a fair number of small breaks during the day to let it rest, but the recovery time has become noticeably less already.  Finding a chair that is tall enough to allow me to sit occasionally and continue to work has not been easy.  I finally found one online, the LabTek Drafting Chair that looks like it will be tall enough for me to use without having to look up too drastically at the monitors.  There a number of changes I’ll make when I have the time (and help from my father in law) needed to create a finer version of this desk.  The biggest thing will obviously be much nicer wood than what I have now.  Cheap 2×4’s and plywood is nice for a prototype, but for something long term, it won’t do.  The second change will be to extend the top shelf the full width of the desk and maybe even a little beyond.  I’d like to be able to fit a third monitor on the shelf.  I’ll then be able to fit my work laptop and monitor on the desk, rather than having it on a second desk like I do now.  I do a lot of my communication with co-workers on my personal system rather than the work system, a side effect of using Skype a lot.  A few other potential changes are:  raise the desktop an inch or two, put in adjustable feet and use a brass footrest like you see in a bar.  I’ll also round most of the edges, which I did with the orbital sander on this version, but I’d use and actual round over bit in my router next time.  The power tool, not the thing built by Cisco.

In order to draw up the desk, I asked the Twitterverse what program I should use to draft it.  The reply that came back from a number of people was Google Sketchup.  The program was a little frustrating at first, but once I gave up and actually watched the first few primers, it ended up being a fairly easy project to do.  You can see a jpeg created from the program below, or you can download Sketchup and my sketch here.

Let me know what you think.

Update:  I was asked to add some of the links I’d looked at in making the desk and I have start by saying I was remiss in not stating that the real impetus for my creating my own standing desk was Leigh Hollowell’s post “Making My Standing Desk“.  Leigh is a friend who made a desk using a pair of Ikea chests and a beech desktop.  I looked at the Ooda chests she used and they were too short for what I wanted and something of the appropriate size for me was almost $200 each, much more than I wanted to spend.  And as we discussed on twitter, I’ve had to learn a lot more carpentry than she has, since I own an older house. 
Links:

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

Oct 30 2011

Open tabs 10/30/11

Published by under General

It was a good week.  I took off Monday for Miami and the Hacker Halted conference where I caught up with a number of friends and enjoyed some good talks.  George Kurtz from McAffee was very educational, first because of his subject matter, “Have we lost the war on Security”, but also because he’s a very polished and experienced presenter.  I haven’t done a ton of presenting and I appreciate any chance I can get to see someone who’s at the top of his game at it.  It also helped create minor twitter storm, which I also enjoy.  On day 2, I got to present with my friend, Mike Dahn, which went off extremely well if I do say so myself.  Mike and I don’t practice our presentation, but we’ve got a good back and forth between us that keeps the energy high.  And to top everything off, I got to have dinner at my favorite Cuban restaurant in Miami.  Which is not saying as much as you might think, since I’ve only eaten at a couple Cuban places in Miami.

Open tabs 10/30/11

  • Facebook is looking for a Security Outreach Program Manager – Not for me, but maybe someone who actually uses Facebook might be interested.
  • U.S. firm acknowledges Syria uses its gear to block web – Now they’re admitting it at least.  I have it on good authority that their software licensing is so poorly implemented Blue Coat really doesn’t have any idea where their systems end up.  Good excuse.
  • Dolphin HD browser snared in security breach – “We fixed it in the latest patch.  What?  That patch didn’t fix it?  The next one will, we promise!”
  • DSD wins US Cybersecurity Innovation award – They had me up until they said “Whitelisting”.  That’s a great idea that almost never works when it comes to the real world implementation.  Seriously, in nearly 15 years in the industry, I’ve never run into a fully implemented whitelisting program, or even a well run partial implementation. 
  • Online hackers threaten to expose cartel’s secrets – A member of Anonymous was kidnapped, so Anon replied by stating “Release him or we’ll release everything there is to know about you.”  Finally, a good use of the power of Anonymous.
  • Top foreclosure firm threw homeless themed Halloween bash – Not security related, but this is the most tasteless, reprehensible and disgusting example of a firm that puts greed first and to hell with anyone not able to defend themselves.   If these guys weren’t already undergoing several investigations, this would hopefully open a few.
  • Skype goes after reverse-engineering – I’m not certain this is an appropriate use of the DMCA, but I guess that’s part of why I’m not a lawyer.
  • My own wikipedia article – Thanks to the guy who started this Wikipedia page on me, even though a number of the ‘facts’ about me aren’t quite right.  I did correct a couple things, but in the spirit of ‘don’t write your own bio’, I’m trying to stay away from it and just seeing what happens. 
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 28 2011

Why “Wife0″ and the Spawn?

Published by under Family,Privacy,Social Networking

I’m not much of a programmer.  I’ve written a few thousand lines of code in my life, but that’s just enough to make me familiar with the generalities of programming.  One of the things I learned early is that I could either learn to program and sacrifice a large amount of my social skills in the process, or I could learn to pretend to be relatively normal instead.  But one thing I did learn about programming is that you always start any array at 0, not 1.  Though Andy Ellis did have to remind me of this a couple years ago when I started tweeting about my family occasionally.

If you follow me on twitter (@mckeay) you’ll know that I occasionally write about some of the things my family do and/or say.  Even if they sometimes only do and/or say the things I attribute to them in my head.  And whenever I mention their actions, real and imagined, I refer to them as “Wife0″, “Spawn0″ and “Spawn1″.  Which causes me to get a lot of questions about why I call them that.  As well as the occasional joke about “Does that mean you plan on instantiating Wife1?”  To which I reply, “No, since instantiation of Wife1 would require the utter destruction of the Martin parent process”  Oh, geek humor.

Why don’t I just refer to them by name?  Partially because it’s become a running joke in the family and it amuses me.  But mostly because the names of my family are none of the business with 99% of the people who follow me on twitter and of 99.99% of the people on the Internet!  If you know me well enough that I feel like telling you or if I know you well enough that I’ve actually introduced you to my family, then you have a right and need to know what their names really are.  But if you’re an ‘internet friend’, someone I meet every few months at a conference or simply someone who’s decided to follow me because I’m sometimes entertaining on twitter, there’s no need or reason for you to know what I call my family at home.  I always refer to Wife0 as Wife0, Spawn0 as Spawn0 and Spawn1 as Trouble… er, Spawn1. 

Seriously though, there’s enough information leakage that I knowingly let out on twitter and the blog.  And I leak a fair amount of information about my wife and children just by talking about them from time to time.  If someone really wanted to, it wouldn’t be that hard to look them up and find out who they are, where we live and any number of other facts about my family.  But I see no need to make that any easier by spewing out their names every time I want to share an amusing anecdote with my friends and followers on the Internet.  I give them some small manner of anonymity by not referring to them by name and by making no guarantees that anything I’ve ever said about them was based on reality.  And there’s a fair portion of what I say about them on twitter really does only happen in my mind.  But that doesn’t mean it amuses me any less.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Oct 28 2011

Open tabs 10/28/11

Published by under General,Privacy

I spent the week at the Hacker Halted conference in Miami and had a great time.  Except for the part where my iPad gave me an error message stating it needed to be restored from back up and commenced a reboot cycle.  Which lasted until Wednesday afternoon.  Nothing like being at a security convention and having mysterious issues with your electronics.  Talk about having your paranoia spike off the chart!  My talk with Mike Dahn on Compliance in the Cloud (it really is about more than just PCI) was well received and we should see our interview with Tony from InfoSec Island within the next couple of days online.  I’m glad to be home with the family for a little while before hitting the road next week to speak at BSides DFW.  I actually get to give the closing presentation.  No pressure there.  But in the mean time, I have an appointment to keep with my coworker Josh Corman and Rapid 7’s HD Moore to talk about Josh’s idea, “HD Moore’s Law”. 

Open Tabs 10/28/11

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 23 2011

Open Tabs 10/23/11

Published by under General

Yesterday was a very productive day, and I’m more than a bit proud of myself.  I’ve working from home for more than a few years now and I’ve gotten progressively bigger and bigger and in worse and worse shape.  I’ve been in worse shape than I am right now, but it’s been a downward trend recently, something I haven’t been doing enough to combat.  So I decided to quit researching stand up desks and make a prototype standup desk for myself, something i can use to decide if I want to invest in the wood to make something more polished and longer lasting.  With the help of my father in law, who actually has decent skills at woodworking, something I’m sorely lacking.  I’ll write up the desk in a week or two when I’ve had a chance to use it for more than a few hours.

Open Tabs 10/23/11

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 22 2011

Open Tabs 10/22/11

Published by under Blogging,General

The problem with having a body clock that thinks it’s on the East Coast even when it’s not is that I’m up early no matter what day of the week it is.  I’d like to sleep in, but once thoughts of CDN’s and presentations start dancing in my head, it’s time to get up.  Which is okay, since there’s a lot to do this weekend before I head to Miami and Hacker Halted on Monday.  I’m going to be presenting with my good friend and former colleague, Mike Dahn.  Then it’s back home for a few days and off to BSides DFW for a completely different presentation.  The next trip after that is with the family, so the only commitments I’ll have is keeping the kids out of trouble.

Open Tabs

A couple late additions, since I’m waiting on the next cup of coffee to be ready:

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 20 2011

“PCI Compliance in a box” Really? #RAGE

Published by under PCI

I knew it had to happen eventually, but that doesn’t lessen my desire to strangle the marketing person responsible for what was probably just a reprinted press release!  Or maybe the reporter who came up with the title of the article should be the one throttled.  In either case, I can’t let an article that states “PCI-DSS Compliance in a Box” go by without raging against the very stupidity of the statement at least a little.  It is SC Magazine, but I still hope for better.

If you have even a passing familiarity with PCI, you know exactly why this story about RandomStorm (I have another name for them, but I can’t put it in writing) making a box that meets all your PCI compliance needs is utter nonsense!  It sounds like a UTM providing a bunch of related services, like IDS, log management and vulnerability scanning with a reporting tool on top of it, but these are only a small part of the PCI requirements.  To state otherwise or try to sell a product as covering everything that PCI requires is disingenuous and dishonest at the least, and criminally misleading at the worst end of the spectrum.  How someone could be reporting on the compliance market and not know that is beyond me, but then again no one at SC Magazine was willing to put their name on the post, so maybe they did know how much BS this press release was.

“MicroStorm is delivered on a single small form factor appliance that is
designed to help merchants monitor and prove their compliance on an
ongoing basis, with the reassurance that if anything breaches their
network, they will be immediately alerted.”

Given names like RandomStorm and MicroStorm, I’m hoping this is some sort of trolling attempt and just a joke.  I can’t imagine anyone who knows how to spell PCI actually making a statement like this with a straight face.  I can however imagine many marketing and sales guys trying to sell SMB merchants a small black box with blinky lights that they sit on a shelf somewhere that will protect them from PCI bug bears!  After all, isn’t that what all too many vendors are saying about their products and “Standard Techniques Failed Uss”.

One box cannot meet with all of the PCI compliance requirements.  Even ignoring the fact that a large number of PCI requirements are based on policies and have no way of being satisfied by a technology.  And if you ever find one box that meets all of the technological requirements, back away slowly and get far away from it.  I can almost guarantee that even if it meets any of the requirements in theory, when you actually have to sit down with a QSA or forensics investigator to explain how it works, half the technologies it’s supposed to incorporate will be so minimal as to be worthless.  Less, since they give a false sense of security.  I also predict it will be a forensics investigator you have to talk to, not the QSA.

Simply put, this is more snake oil.  Enough said.

Update (10/24/2011):  You can see a comment from the CTO of Random Storm in the comments along with my reply.  Additionally, I received the following twetts from @phinessence on twitter taking the blame for the naming.  Glad to see they’re on top of the situation, but it was a bad move, despite the use of quotes, inverted or otherwise.

Blame me for that headline. It was in inverted commas for the very reasons you state. Thanks for highlighting the dangers though.
My bad I’m afraid.  It was to provide context, hence the inverted commas, buy your comments have been taken on board.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

Oct 20 2011

Open Tabs 10/20/11

Published by under General

The last couple months seem to have flown by.  It seems like just yesterday I was complaining about September being gone before I knew it and now it’s almost Halloween.  I’m pretty certain no one’s stealing my time, but some days I wonder.  In any case there’s stuff to do and places to go today, especially since I spent the last few days trying to recover from last week’s conference.

I used to use the blog as my extended, external memory.  Kind of like Ratbert strapping a piece of liver to his belly and calling it an external brain-pack. Except I’m hoping the blog won’t start to smell after a few days.

Open Tabs 10/20/11

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 18 2011

Open tabs 10/18/11

Published by under Blogging,General

I used to post some of my reading material at least daily, but got out of the habit because I was using the posts to fuel the podcast.  But since I’ve been bad at posting anything at all lately, I’ve decided that I should post at least every few days the articles I’m reading to keep myself up to date.  I know I could use something like Instapaper to do this as well, but I’m an old-school blogger, so I’ll do it here instead.

Open tabs 10/18/11

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Next »