I rented a BGAN Immersat ethernet transceiver and a Iridium satellite phone. The BGAN is really expensive, not only the weekly rental fee by the $10 per megabyte charge. Both work as promised, but no better.

Realistically, light only travels so fast and the trip to orbit, Houston, and back adds substantial lag. The throughput isn’t bad, but the time between packets precludes gaming completely.

The Iridium phone worked every time we tried it. While it is advertised as “you must be able to see the sky” it was able to receive text messages and “hear” incoming calls while inside a metal vehicle and inside my two story wood house. If the phone rang, I would have to go outside so the satellite could “hear” the less-powerful unidirectional handset. The phone does have a lot of compression artifact and the bit rate is low. It sounds like talking on early VoIP applications. While it is “full duplex,” you really need to concentrate on taking turns talking because your conversations are half a second or so out of phase with each other. I did have trouble calling some people with fancy pants handsets like Treos, which seem to have their own sample rate that never meshed up. Then again, I have trouble calling those people from analog lines too. The phone worked in sandstorms. I only saw one cellphone that worked at Burning Man. Someone brought a tower and an old analog phone. That tower was scheduled to go off-line on 30 September 2008.

The BGAN Immersat satellite phone worked consistently… consistently slowly, that is. If you needed Internet, it was the best thing out there. If you call up a web page, it might take 5-10 seconds to it to start appearing, but once it started loading it was much faster. Streaming operations worked with the same startup delay.

The system worked great on my Apple MacBook. The software was a little more complex than needed, but was helpful for a first time user. You might not actually need it. The system has a GPS to figure out where you are, then it helps you aim it. There is a magnetic compass on the top (which won’t work if you put it near a big metal thing like your car). It starts beeping and beeps faster as you get closer to the satellite. Our satellite was parked over Brazil and we were nearly at the end of the service range. Packet latency to our servers in New York ranged from 800-2300 milliseconds. Response times were scattered randomly on each packet, but it was consistent. It never dropped a packet. Email was fine. Web pages were like dialup on a 14.4k modem. Using web based programs like Gmail was similarly slow. SSH was painful and I found myself counting keystrokes to move the cursor around and change a little bit of code.

Several other types of Internet connections were supposedly available. I frequently saw people at center camp with laptops and I heard rumor of a 45 megabit microwave connection and another rumor of 3-6 megabit. While I was able to see a lot of access points, only half would give me a DHCP address and the other half could never route for me. Someone said distant sand storms affected the connection. I also saw a few people with WildBlue and Hughes backfeed dishes. Some fancy RVs have gyroscope based systems as well.

In terms of use, I made one small code change that could have waited, sent a few emails and photos, and we checked weather one day when we heard a rumor about Thunderstorms. Several people in our camp were going to leave, so we checked several weather sites and determined it to be just a rumor.

If you get a BGAN, make sure you watch your bandwidth. At $10/MB, automatically downloading that video someone emailed you, your operating system’s automatic update, your podcasts, etc. will run up a multi-thousand dollar bill in a hurry. Turn that stuff off and make sure you have a visual bandwidth meter at all times!

Next year, I plan to take a satellite phone (which ultimately cost less than roaming in Europe) and leave the BGAN behind, though if I go with a large enough group, we might get a Wild Blue and share with other people.

My final word of warning is that sand gets everywhere. I only brought out my laptop when there was no wind and it still got lots of sand in it just from what falls off your clothes and hair. Airtight ziplocks or Pelican cases are a good idea, but ultimately don’t bring any equipment where you would cry if it was utterly destroyed. This is a use for your 5 year old laptop.

Burn on, everyone.

I have some medium sized tables that I’m doing duplicate removal on and I tried a variety of techniques to see what works the fastest. The differences are amazing.

The server is a dual Pentium 1.8, 256 Meg SCRAM single Seagate SCSI 7200rpm drive running Linux and MySQL 4.x using MyISAM. I have a table with 2.8 million phone numbers and tried SELECT DISTINCT and GROUP BY with and without indexes. The phone number field is a BIGINT with NO NULL.

• SELECT DISTINCT with no index took 9 minutes 3 seconds.


• Using GROUP BY took 13 minutes flat with no index.


• The index took 18 seconds to create.


• SELECT DISTINCT with the index took 8 minutes 25 seconds.


• Using GROUP BY took 25 seconds flat (zero minutes).

WOW! What a difference the phrasing can make. I would almost consider it a bug that there is such a difference.

Keep in mind that creating this table without an index and doing the inserts unindexed was faster. Making the index once is much less work for the database engine than 2.8 million index updates.

I haven’t been to DefCon in five years and a lot of things changed.

First, of course, is the change of venue to the Riviera. The Riv has a lot more space that allowed the convention to run five tracks, plus have breakout spaces for Q&A to continue after each panel – a very nice touch. It is spread out more, which made it seem like a smaller crowd at times, but the crowd at the closing ceremony was huge and I think Dark Tangent’s estimate of 7,500 people is probably about right.

While larger, the crowd has really changed. DefCon, overall, was much more subdued than in years past. To some degree, this was a necessity for DefCon to continue as some aspects were a out of control. I remember talking to Priest and DT before DC10 and the general opinion was that if were anything like DC9 that it would be the conference’s last year. There are some other reasons as well. For sure, money came and went from the scene, but it was still striking how the cDc’s presentation went from being nearly a rock concert to “hi, I’m with Cult of the Dead Cow. Here’s our presentation.”

The average age of a DefCon attendee has gone up. I don’t know if they are all the same people, but I think the average age is now around 33-35 and a good number of people have 2.5 kids, etc. so people are a little more responsible, I think. Someone said that Jinx sold out of all the kid/baby sized shirts in just a few hours.

There were also more women. Some of this is attributed us guys getting older and bringing significant others, but there were also quite a few women attending the show on their own. More power to you all. Bring your friends.

The Black and White Ball really shrunk, although it was still worthwhile and I had a great time. I enjoyed seeing Karen again and I hope some of the other DJs post mp3s.

No fire marshal problems this year. The goons were mostly well behaved. Even Priest has calmed down a little – complete with a running joke about being to “sensitivity training.”

Number of contests has really increased. The awards took almost 2 hours. The badges were cool (although a little large) and had a small LED sign that was programmable/hackable. Sadly, they ran out of the mod kits for them which included wireless and a 3 axis accelerometer!

Lock picking, while ever present at DefCon, was really big this year. DefCon provided permanent space for several “villages” including one for hacker spaces, wireless, and lock-picking.

My biggest complaint is that many of the panels ran out of time – largely because panelists didn’t appear to have tested or practiced their presentation. Sometimes this was due to loading or seating issues, and that isn’t the panelist’s fault. But, hey, I understand that it’s a little nerve-racking to stand up in front of a few thousand people – so if they get a little off track, that’s life. I just think that a few more of the presentations should have been two hour blocks – especially for a certain Shmoo who has great rants but always runs into overtime. Same goes for the Meet the Fed panel, which only had about 20 minutes of actual Q&A (is that a conspiracy?)

Highlights:

• Toxic BBQ looked really cool (or hot, depending on your point of view) and I wished I could have made it.


• Beer cooling contest (the winner only cooled at 2 degrees/second… surely I can do better? Nice excuse for a liquid nitrogen pump!)
• High security lock review – The Mul-T-Lock picking tool was just fantastic. I enjoyed showing my key ring to several people seated near me as many people have never even seen the keys for the locks talked about in the presentation.
• Update on radio scanning technologies.
• Several presentations on Tor issues., confirming all of my suspicions of various propellerhead vulnerabilities – and some cool ones I had not thought of.
• Review of quasi-multi-factor authentication for banks. Since I’m a security-application web developer, I didn’t learn anything new that I can apply to my own practice (i.e., I didn’t leave screaming “oh, shit, I need to login to my servers and fix this!), but I had no idea just how crappy some of these new systems were. I screamed at my bank a little and told them how stupid I thought it was, but quickly realized that this was the direction the industry was going and getting them to change would be like abolishing ATM fees. I really need to just start my own bank.
• I learned a lot in the Reanimating Hard Drives panel.
• The legal panels confirmed that I have a pretty good grasp on the areas that affect me.
• Black and White Balls were lots of fun. It was a small crowd, but the DJs were pretty good and there was a lot of cool people to dance with. Mad props to the two people who were contact juggling while dancing. Just, WOW! I would think you pretty much have to be able to do it with your eyes closed in order to not be distracted by strobes, etc. Very impressive.

So, that’s your factoid of the day.

I have tested this an found it to not be the case on my Delphi Roady. More than a year ago, I disconnected my radio and put it in a box. I then called and canceled. When I powered it back on today, it was immediately in “demo” mode as if it were not subscribed.

I do suspect that the service is not difficult to steal. At the same time, just listening to the demo reminded me of how much I didn’t care for the sound quality. Someone else might try to break it, but I don’t plan to bother.

It’s interesting to see how, no matter how hard I tried at cleaning out the box, there is always a “hum” going on of messages that just came in, messages that go with current issues at work, and messages I just don’t want to throw out or know where to file. It’s normal for me to get 50-75 emails per day, so having that many in the box doesn’t seem that odd to me.

One of the things I have noticed is that back-date spam (spam that has the wrong date and tries to hide in your stack of emails) accumulates and artificially inflates the graph. Since I don’t use a spam filter on my personal account, those start to pile up after a while. When I finally clean them out, it contributes to the “crash” seen every six weeks or so.

Another issue that builds the number of emails up are multiple messages from clients that pertain to the same issue. I can’t seem to get clients to put the information on the ticket that it goes with. So, perhaps I should start making temporary file folders for each ticket, or take it upon myself to add the details to the ticket. That would work for clients where I charge by the hour, I guess, as it would add up to an extra $200 or so per month just to keep them organized.

Finally, I find myself preferring the logarithmic graph below. It keeps the extremes of vacation-buildup, etc. from drowning out the daily din. It makes me feel like there is a lot of stuff there and that I should clean it out more often and makes smaller amounts of mail seem more significant. This is really interesting because the hard-to-deal-with messages just never go away and become part of that daily din.

$cfg['blowfish_secret'] = '';

$cfg['Servers'][$i]['auth_type'] 

$cfg['Servers'][$i]['user']

What you have done is to set it up to require a username and password when you login. The next problem, however, is that the root password for MySQL is empty. Since that is the default, that is the first thing an attacker would guess. So, let’s change it.

Go to http://localhost/ . Click on the link for phpmyadmin. At the login prompt, enter “root” for the username. Leave the password box empty and login. Now find the user management area and change the password for the root user. When you commit the change, you will get kicked out and land back at the login prompt. Test the new username and password.

Finally, keep in mind that if you don’t want people to see this server, it needs to be behind a firewall. Either way, we recommend blocking general access to port 3306 for MySQL – unless you planned to give lots of people direct access to that service.

There are still dozens of ways to break into your box, but these simple changes will at least keep the beginners out. Good luck.

We had a radio scanner to listen to the launch control, which is a good thing because if you don’t hear the countdown you might miss it. You don’t really hear the shuttle when it takes off because it takes sound some time to travel from the launch pad to you. In addition, the shuttle was surprisingly quiet, maybe as loud as a 747 or an F-14, but not as loud as a lot of other military jets. Building implosions are similarly not-loud.

It would be very difficult to make a launch photograph that truly shows the launch as we saw it. The flame from the engines was intensely bright, more than a welder or a magnesium flare but less than the sun. It was actually hard to look at because it was so bright. Some people had trouble looking at it, even with sunglasses. Some of our cameras produced almost night looking images in order to balacne the brightness. The flames lit up the smoke plumes.

The shuttle quickly becomes just a dot and it is difficult to see many of the events after 2 minutes. I could barely see the solid rocket boosters eject and deploy their parachutes. I could not follow them all the way to the ground. For several minutes, the shuttle was just a bright star in the daytime before it finally dissipated.

The smoke plume left at the launch pad was white on the outside but had an orange cast inside. Apparently, the SRB smoke reflects white but transmits orange.

On the delayed launch days we toured Kennedy Space Center, saw the IMAX movies, and hung out on Cocoa Beach.

Even though the space center is geared more toward kids, I did really enjoy it. Actually, I think I enjoyed the other visitors the most. I’ve always been a space buff and it was neat to be surrounded by people who shared that interest. KSC does allow you pretty close to a lot of stuff and has lots of toys to share. Everyone I know who works with NASA seems to really enjoy it and there is palpable sense of family.