Open Source Security
Welcome at » off-topic

Apropos of nothing, this squiggled my funny bone this morning: Pew Research reports that there is a glass ceiling for female white collar criminals. It sounds like they are doing it wrong: “More than half of all women (56%) did not personally profit from the fraud”. Some backbone is needed: “Still others said they knowingly committed illegal acts simply because they were instructed to do so by a superior”. Sigh. They couldn’t at least ask for a candy bar? I heard the story on NPR this morning during my commute.

I’ve been writing this blog just over a year now. The year started out very strong with some my favorite posts coming early on. As my core job responsibilities moved beyond security, writing a security focused blog has become more difficult, and I have posted much less frequently over the past several months.

Looking back over the year, the posts with the most hits:

  1. Not With A Bang But A Whimper
  2. eCryptfs in Fedora 8
  3. Password Length
  4. Security Design Principles

While that list certainly includes the posts that are my favorites, I also keep going back to Linux Security Best Practices because the NSA guide is so valuable and contains the answers to many of the most often asked security questions.
And I remain surprised at how popular the posts of weekly news links have been.

I’ve enjoyed having this forum (far more than I expected) as a place to put my opinions and thoughts about Linux security, a place to focus my attention on Linux security, and a place to even post a few facts from time to time.

Thank you.

TruTV (was CourtTV) has created a new show on security testing called Tiger Team. You can view the first episode online at the TruTV video website. Their “Share” feature yielded this link but these links don’t tend to stay fresh long, so to find it click on New, then look down through the listings for Tiger Team (on page two as of Jan. 2). This show has widely been reported as an IT show, but the first episode is about pen testing a car dealership. Only one person on the team specializes in computer security, another person specialized in social engineering. It shows them dumpster diving, social engineering, breaking in after dark (“daring late night break in”), casing the dealership, etc. Choice quote: “If there is any other team in the world who does what we do, hands down we are the best”. Don’t expect to learn anything from it, but it is highly amusing in the reality show breathless kind of way and vividly demonstrates the security mindset.

Here’s a great blog post by Matt Hines that describes the episode in amusing detail.

Maker Faire was in Austin this past weekend and it was awesome! It was busy but not packed so it was quite pleasant and so there is a reasonable chance that we might see it again next year. (Please, please, please Maker Faire organizers, come back again soon!)

My father-in-law brought his MultiMachine – a general purpose all in one mill that can be made out of junk. He has quite an active Yahoo group so several people who were already familiar with the MultiMachine popped by to take a look. The number one comment was about how easy it looked to build. My father-in-law would really love to see non-profit orgs (NGOs) adopt the design of the machine and take it to distressed areas so that impoverished people could use it as a way to build things and generate income.

There were all kinds of creative and unique bicycles, robots, and musical instruments. There were several electric cars including a Prius conversion. There were yarn spinners, knitters and hand quilters. There was at least one blacksmith with an active forge. The feel of the conference was very open and generous. People were showing off their creations and sharing ways for attendees to learn to make their own. A big Thank you! to the kind woman who helped my 3 year old make her own necklace.

On topics of interest to this blog – open source, there was a very cool display by Rep Rap the Replicating Rapid Prototyper which has the ability to make itself. They say that it is a “practical self-copying 3D printer”. With this device you have the ability to create physical items for yourself and to share with your friends and you can even go a step farther and make another device to give to your friends, so that they can share the physical creations with their friends. Richard Stallman says “Software differs from material objects—such as chairs, sandwiches, and gasoline—in that it can be copied and changed much more easily.” With Rep Rap, at least somethings can now be copied and changed almost as easily as software (though perhaps not yet sandwiches and gasoline).

[1] Maker Faire Blog at
[2] Multi-machine Yahoo Group with a picture of the multi-machine at
[3] Rep Rap at

How do you know that you live in an obscure part of the Net? It took 27 days to get my first 3 spam comments. 🙂