Feb 19 2013
Rather than stay home for my birthday (which I've done for the past few years) I decided to make things interesting this time 'round the sun. Sitwon and Haxwithaxe had secured a hotel room and passes for Shmoocon in downtown DC last weekend, so I threw my hat into the ring more or less at the last minute. Shmoocon is an excellent hacker conference, don't get me wrong, but I don't ordinarily get much out of it. It is, as they say around here, above my pay grade. That said, I decided to go solely to see what I could make of the weekend and went with few preconceived notions and no idea of what was on the schedule for this year. I didn't sign up for any of the competitions, either, and limited myself to only the cash I had in my wallet at the time.
For various reasons I wasn't able to take Friday off so I missed the entire first day of the conference, but I figure that video recordings of presentations given that day will appear presently. After work it was a short Metro ride to get downtown and somewhat to my surprise my phone got me to the hotel without much trouble. I pinged Sitwon on my way in, acquired a hotel room key, conference badge and ski resort-themed con swag, dropped my gear off in our room, and then we met up with Haxwithaxe (who is on the con security staff) to get dinner. A few metro stops Tono Sushi can be found, and everyone treated me to a sushi dinner for my birthday. After taking the Metro back to the hotel I spent a few minutes hanging out at the hotel bar with the rest of the con-goers, but after a long day at work and a couple of subway trips I opted to head back to our room upstairs to read a bit and go to bed early to recuperate.
I got up the next morning just in time to catch the last half of a presentation on security concerns in cloud hosting software, in particular those of a project called Openstack. I'm working with a similar package at work these days, so at least some of the infosec concerns should carry over if not their precise implementations. I made sure to attend a talk on practical language-theoretic security concerns by a colleague of mine. Maradydd's work on characterizing vulnerabilities as functions of the languages they are implemented in and not merely as mistakes made by developers is unparalleled, and I think Hammer is going to be very useful in the very near future for a couple of projects.
After her talk was over a half-dozen of us went out to lunch at a pub a few blocks away. I wound up talking with one of the next presenters at Shmoocon about his presentation and a few of us put our heads together on the topic of identity politics, names, and the implications thereof. We came up with some interesting points and I think a few good dodges for specific cases that would otherwise have sidetracked the entire discussion. I'm waiting for the talk in question to hit the Net so I can rewatch it. Another colleague of mine also attended Aestetix's talk that afternoon, and made the observation that it was suprising that so many of the attendees found these ideas novel and not axiomatic. Discussing the talk over coffee later that afternoon, we concluded that this is, in part probably due to the fact that more recent generations of hackers generallly feel less pressure to conceal their identities and not release information that could be used to (eventually) identify them if push came to shove. Hackers who came of age during the time learned fast and hard to protect information about ourselves; privacy risks were discussed at length and in great detail and we take steps to minimize those risks (such as using pre-paid phones, not discussing our projects and interests openly, encrypting our e-mail, and other such countermeasures). The later generations, on the other hand, came of age during a time when security research was somewhat legitimized (case in point, actionable research published under birthnames and being included on CV's) and open association with others was not seen as a potential hazard. The argument could also be made that we came of age during a time in which self-knowledge and reflection were less stigmatized than such things are today.
After dinner I headed back to the hotel room to change and get ready for the rest of the night. Rather than go to the Shmoocon Saturday night party (which convention buzz says wasn't much fun) I hopped back on the Metro and went uptown a ways to Spellbound to dance the night away and celebrate my birthday. After arriving I met up with family and the usual suspects to celebrate until we had to break to the Metro before it closed for the night. Some nights the mix is off, the track selection never gels, and things just feel wonky. Saturday night was not one of those nights. We spent half the night on the dancefloor enjoying the music and celebrating another year in proper fashion. We also signed up for the VIP card, whcih means that now we have to go out more often, which also means that we'll wind up getting out of the house more and getting more exercise. I'm not seeing much of a problem here.
I woke up just in time on Sunday morning to pack my stuff, raid the breakfast buffet downstairs, and catch gmark's talk on Hacking As An Act of War. Always informative, always funny, and always uncannily perceptive he explained the (unclassified) state of things and put the last year or so into sharp perspective. It's definitely a talk to catch when it goes online if you're in the field of information security.. or management, for that matter, because you need to know the state of things, too, and why it's happening. I hit the vendors' booths one last time, grabbed my stuff, and then started to leave the hotel to go home. This didn't exactly happen. I wound up hanging out in the hotel lobby for a couple of hours with Aestetix, Maradydd, TQ, and a few other folks discussing identity politics a bit more, as well as reputation networks and concomitant economies.
It was only after hiking to the Metro station that I discovered just how cold it'd gotten outside, and regretted only wearing two shirts. By the time I got to the station closest to home I jumped into a waiting cab rather than calling for a ride, as previously arranged.
I don't have much else to add on the topic of Shmoocon this year. The con has a "no photography" rule so I didn't take any pictures. Out of respect for my friends and colleagues at the con if they weren't on the convention schedule (i.e., their names were published) I didn't name them, and while I wrote about the conversations we had I painted in the broadest possible strokes the subject matter while still giving the general gist of what we talked about. There's a lot of stuff that I'm not going to write about as well - personal stuff, friendly stuff, stuff that isn't of interest to anyone else.
That is, I should probably admit, one of the reasons that I haven't posted much here in a while. More and more privacy is something that people are beginning to care about, which means an inverse proportion of disclosure. People are starting to want more private lives, which means that talking about them openly... isn't private. This has also changed how I interact with the Net; there is less in my personal life that I feel comfortable posting wherever anyone can see it, even if it's something as simple as contemplating getting a pet or two to liven things up a bit at home. When I was younger (in the late 1990's and even into the early years of the twenty-first century) I was very circumspect about what I did online, what I posted and where I posted it, and even announcing my presence. After I got a bit older I realized something which changed how I did things: I didn't have many friends because I hadn't shared much of myself with anyone. So, I opened up a bit, set up a website, and started doing this weird thing called blogging. And I made a lot of friends and started building a reputation. Now the cycle has changed back to less disclosure and circumspection. Now, I mostly write about things that interest me or which are developments that other people might find interesting or useful but trading off . So it goes.