AltSci Cell

Sept 24, 2013

My friend Colin and I went to EMP this morning. We both became members at the dual price. We went and played a jam. I played a real drumset for the first time in my life. I've been practicing on my electronic drums for years but this was my first real drum set. I'm a natural. It's just like playing electronic drums but you have to play as lightly as possible in order to not hurt your ears. I didn't get a recording of my first playing (that would have been cool) but I got two recordings of Colin and I playing. They charge $6 to burn a CD with your 10 minute jam on it. If you bring a recorder, you don't get the beautiful mixed version, but it is a cheap way to get that beautiful sound.

Below are download links of the awesome recording.

• FLAC (61 MB)
• Ogg Vorbis (17 MB)
• MP3 (15 MB)

Sept 15, 2013

The first vulnerability has been found in AltSci Crypto Mailing List. It took andrewx 13.5 hours from the posting of this blog to find a Django Security Bulletin posted today which is a denial of service via long passwords. After learning of this, I promptly upgraded Django on my server.

Javantea Out.

Sept 14, 2013

The first post to AltSci Crypto Mailing List has been posted. Let's get to hacking.

For more information, check out the previous post about the AltSci Crypto Mailing List.

Sept 2, 2013

I work in the security industry, so you can probably guess that I am jaded and paranoid. You might guess that I'm depressed, but I'm not. This three-day weekend, I spent time on projects that I enjoy, not leaving the house for any reason except to buy bananas and other necessary food items. Many people in the security industry believe that secure software is impossible. They believe that sometime down the road our best efforts will be overcome by some hacker who wants something that we have. To avoid destruction, we have a process of looking for bugs, making sure that our employees' access rights are limited in some way. But that only goes so far. Sometimes there are serious gaps. So what do you do? Duct tape it together. Vendors sell duct tape by the roll. Then devs, admins and security consultants write Perl or Python scripts to hold everything together and we hope that it doesn't introduce bigger bugs than the ones we're solving.

But I have a different idea in mind. If we put our minds to the task, we can create a secure system. The cost of security is a fraction of the development cost (not dwarfing the development cost like some projects). For a while I thought that Django seemed pretty good at security. It didn't take long for a security bug to show up in a strange place that I didn't have time to check. It happens. Now I know where to look. Do I think there will be another high severity vulnerability in one of my Django projects? It's possible, but if I put a bit of time into it, it may be the one.