icon blindness - noun phrase - The state of mind in which you search your desktop for minutes on end for one particular application's icon but don't find it.  You give up and open it from the application menu, whereupon you have no trouble remembering which category it's in or what the name (in text) of the application is.

Some time ago I wrote an article about what Keybase is and what it's good for.  I also mentioned one of my pet peeves, which is that, by default the fonts used by the Keybase desktop client are way, way too small to see easily on Windbringer.  A couple of days ago somebody finally figured out how to blow up the fonts on the desktop, so I can finally see what's going on without putting my nose on the display (and making the mouse cursor jump around because Windbringer has a touchscreen).  While I wish that this would be a configuration option in the GUI (or, hell, even a config file) I'll take what I can get.  First, some background so everything makes sense...

This week, it was my turn to suffer a somewhat debilitaring kitchen accident.

Last week, Lyssa nearly took the tip of her thumb off with a chef's knife while helping to make pizza for dinner, an accident which resulted in several stitches to reattach the flap of skin that ordinarily formed the end of her left thumb.

Last night, while helping to make dinner I accidentally grabbed the handle of a skillet that had spent the previous half-hour in a 400 degree Fahrenheit oven.  With my entire hand.  There are (still closed) blisters on four of the five digits on that hand (the irregular whitish oval patches), the web of the thumb (not shown), and parts of the palm (barely visible in that image) (my hand's wet-looking appearance was due to soaking my hand in ice water for about half an hour to stop it cooking).  Dinner was spent with my hand submerged in ice water, but the rest of last night was spent in the emergency room when the blistering became readily apparent.

Diagnosis: Second degree burns on... let's say 45% of my hand, lacking a scientifc metric.  The pain was somewhere around a 6 on the numeric scale; I'd carefully say that it was as uncomfortable as having one or two broken ribs due to how difficult the gnawing pain made to concentrate.

I've got a pile of prescriptions that I need to get filled today, and I most certainly should probably not be typing right now because it'll aggravate the discomfort (though it'll probably keep the damaged skin from shrinking and seizing up).  All I can really do is manage pain and prevent infection until the skin regenerates.

Looks like I'm on the shelf for the next couple of days.

Well, I'm finally back from Defcon 25 and writing up my notes while in the throes of con drop before too much of the experience fades from memory.  Suffice it to say that I have opinions about last weekend, which I will attempt to write as concisely as I can.  I don't like being negative about things because my experience is my own, and I much prefer that people have their own experiences and make up their own minds about things.  However, I would be lying if I painted a rosy picture of my attendence of the largest hacker convention on the planet this year.  I did not have a good time, I was not the only one, I learned just about nothing new, and it left me with very few fun (or even good) tales to regale people with.  It also felt like the weekend flew by - three days came and went before I knew it, which is both a little disorienting and not actually a bad thing when looking at the thirty thousand foot view.

After a protracted period of getting ready, most of which involved fighting with trying to get my designated burner phone reactivated after sitting for a year in the box I was finally ready to hit the road.  You can, in fact, purchase functional SIM cards for just about any cellular provider from eBay and buy a pre-paid plan.  Upon arriving in Las Vegas and accepting the 106 degree punch in the face, I hailed a shuttle to my hotel and climbed aboard.  This year, Vlad found us lodgings within easy walking distance of Caesar's Palace, where Defcon had moved to this year.  I hauled my kit upstairs, ordered a pizza, and plopped myself down to read and relax for the first time in a couple of days.

I'd love to tell you how much fun I had at Defcon and give you detailed write-ups of all the talks I went to (taken from copious handwritten notes, of course), but I didn't make it to a single talk, and was able to visit only one village (the Biohacking Village) twice.  Mind you, this was after waiting in line for roughly two hours and not getting into the talks I'd originally come to see.  Not that the talks I wound up seeing weren't interesting, they were, but they weren't what I was trying to attend.  In addition, the Biohacking Village (that I know of) and other village rooms (that I only heard about and thus cannot confirm firsthand) have made a practice of flushing the room (throwing everybody out) to prevent camping, so as to keep the lines moving and thus making sure that most everybody in line gets into something.  The lines for just about every talk I saw were around the corner, sometimes two corners, and most of the way down the hallways.  I didn't bother trying to get into the talks in the main tracks.  Unsurprisingly, go ahead and laugh, I kept getting lost in the labyrinthine hallways of Caesar's Palace.  Possibly much to your surprise, many people who actually have a sense of direction kept getting lost there, too.  Some of the maps posted on the corners and at the infobooths gave incorrect directions to various locations.  Many of the Goons I spoke to didn't know where things were, either.  I don't blame them for it at all; a few admitted to me that they had no idea where anything was, either, so I don't feel alone in my frustration.  I can't speak to how well organized Defcon was this year because I'm not in a position to know what was going on.  What I do know is that Caesar's Palace is very difficult to navigate, and if I'd known how hard it would be I would have gone up a couple of days early specifically to sneak around and learn where everything was ahead of time.

Back from Defcon 25.

Exhausted.

Dealt with multiple crises at home.

Didn't spend as much money as I usually do, which isn't a bad thing.

Spent quality time with some old friends.  I hope I made a few new ones.

I have opinions.  They'll have to wait until I get some sleep.

So, after many years I've decided that it's my turn to write a first-timer's guide to Defcon.  There are many like it, so I'll try to be as frank as I can about the topic.  I'm going to try to write for people who've never been to Defcon before (but may have been to other hacker cons).  I'm not going to lie or joke around (which some of the guides tend to do) and give as much personal advice as I can.  I'm also going to try to not sound like your parents, because nobody likes to read stuff like that.

It's been said that it is a common thing for people to write about their OPSEC protocols for Defcon that they don't use any other time, with the implication that they aren't serious about their security or privacy any other time and are sitting ducks any other time.  I would politely like to point out that not everybody has the same threat model: Defcon has one of the most hostile network environments on the planet, one which is not often found anywhere else.  It is erroneous to assume that people who only talk about how they prepare for Defcon do not take the same kinds of precautions at any other time.  What those people do may not be your business or anyone else's at any other time.

To that end, here are some of the security protocols that I use at Defcon, and happen to use at other times while I'm traveling, as well as some friendly advice to folks new to Defcon.

I'm still around, just been too busy to get a lot of other stuff done really.  I need to get a couple of articles written and maybe a tutorial or two.  My overall health seems to be on an upswing right now, which is a really good sign.  First good sign in a while, really.

It's funny, how the tools that you already have are the ones you tend to be afraid of using, because you don't know what'll happen.  Confidence is one of those things that comes with knowing what the hell's going on, or at least having a better idea of same.

When you finally have some answers you can start asking better questions.

On 12 July 2017, websites, Internet users, and online communities will come together to sound the alarm about the FCC’s attack on net neutrality. Learn how you can join the protest and spread the word at https://www.battleforthenet.com/july12.

As of right now, new FCC Chairman and former Verizon lawyer Ajit Pai (local mirror) has a plan to destroy net neutrality and give big cable companies immense control over what we see and do online. If they get their way the FCC will give companies like Comcast, Verizon, and AT&T control over what we can see and do on the Internet, with the power to slow down or block websites and charge apps and sites extra fees to reach an audience.  We're also seeing some shenanagains taking place, in the form of tens of thousands of fraudulent comments being entered on the FCC website. (one, two, three)  Funnily enough, all of the comments are exactly identical.  I sure as hell didn't post a comment saying that net.neutrality was a bad thing, and I've never been a customer of Comcast.  I also don't live in Seattle. (local mirror)  You might want to check to see if your name is in there without your permission, too.  Additionally, properties of some of the bigger ISPs (such as Tumblr, owned by Verizon) are being pressured internally to not support net.neutrality or July 12. (local mirror)

If we lose net neutrality, we could soon face an Internet where some of your favorite websites are forced into a slow lane online, while deep-pocketed companies who can afford expensive new “prioritization” fees have special fast lane access to Internet users - tilting the playing field in their favor.  We could also be facing a Net in which little websites like mine will not exist for all intents and purposes because folks like me won't have the money to even buy into the "slow lanes" of throttled Internet access.  We may even be facing a Net in which censorship of "inconvenient" websites may be imposed under the guise of failure to pay or not falling into one of the defined content types required to buy into one of the speed classes.

But, on July 12th, the Internet will come together to stop them. Websites, Internet users, and online communities will stand tall, and sound the alarm about the FCC’s attack on net neutrality.

The Battle for the Net campaign will provide tools for everyone to make it super easy for your friends, family, followers to take action. From the SOPA blackout to the Internet Slowdown, we've shown time and time again that when the Internet comes together, we can stop censorship and corruption. Now, we have to do it again!

Learn more and join the action here: https://www.battleforthenet.com/july12

A couple of months back I did a brief writeup of Keybase and what it's good for.  I mentioned briefly that it implements a 1-to-n text chat feature, where n>=1.  Yes, this means that you can use Keybase Chat to talk to yourself, which is handy for prototyping and debugging code.  What does not seem to be very well known is that the Keybase command line utility has a JSON API, the documentation of which you can scan through by issuing the command `keybase chat help api` from a command window.  I'm considering incorporating Keybase into my exocortex so I spent some time one afternoon playing around with the API, seeing what I could make it do, and writing up what I had to do to make it work.  As far as I know there is no official API documentation anywhere; at least, Argus and I didn't find any.  So, under the cut are my notes in the hope that it helps other people work with the Keybase API.

The API may drift a bit, so here are the software versions I used during testing:

Client:  1.0.22-20170512224715+f5fba02ec
Service: 1.0.22-20170512224715+f5fba02ec

I've been promising myself that I'd do a series of articles about tools that I've incorporated into my exocortex over the years, and now's as good a time as any to start.  Rather than jump right into the crunchy stuff I thought I'd start with something that's fairly simple to use, straightforward, and endlessly useful for many purposes - a wiki.

Usually, when somebody brings up the topic of wikis one either immediately thinks of Wikipedia or one of the godsawful corporate wikis that one might be forced to use on a daily basis.  And you're not that off the mark, because ultimately they're websites that let one or more people create, modify, and delete articles about just about anything one might be inclined to by using only a web browser.  Usually you need to set up or be given an account to log into them because wiki spam is to this day a horrendous problem to fight (I've had to do it as parts of previous jobs, and I wouldn't wish it on my worst enemy).  If you've been around a while, when you think of having a wiki you might think of setting up something like WikiWikiWeb or Mediawiki, which also means setting up a server, a database, web server software, the wiki software, configuring everything... and unless you have a big, important project that necessitates it, it's kind of overkill and you go right back to a text file on your desktop.  And I don't blame you.

There are other options out there that require much less in the way of overhead that are also nicer than the ubiquitous notes.txt file.  For the past couple of years (since 2012.ev at least) I've been using a personal wiki called Tiddlywiki for most of my projects which requires just a fairly modern web browser (if you're using Internet Explorer you need to be running IE 10 or later) and some room on your desktop for another file.