Archive for the ‘Work’ Category

Busy, busy

Monday, March 7th, 2011

Just spent a week in San Francisco at the Game Developers’ Conference (GDC). I stayed with Dan, Hongli, Angelina and Carina. And I got to see Jack. It was a great trip!

Apogee Certified Translators

Saturday, February 26th, 2011

Sorry about the lack of posting here recently. I think you’ll understand, however, if you follow the link to my company’s new offering, located here.


Saturday, November 6th, 2010

Just felt like putting this up again. Play. Really. It’s simply great. “If you’ve never failed, you’ve never lived.”

DefCon 18

Thursday, August 26th, 2010

It’s been a few weeks now and I haven’t posted about attending DefCon 18 in Las Vegas. I’ve been letting it fester a bit before talking about it. Time to get it down.

First of all, what is it? It’s a hacker convention, but don’t get the wrong idea here. Most (though certainly not all) of the people there have no interest in stealing the passwords to your bank account. Certainly I’m not. My interest stems from the same place my interest in physics comes from: how is the world put together? What can you do with it?

Also, I run all of my own servers. I have had direct experience of having them hacked (many years ago, thank God) and see the daily barrage of kiddie scripts from South Korea and China trying to gain access to my systems.

So let me give you some highlights of the events of the three days:

Meeting Captain Crunch

Captain Crunch showed up at the opening picnic, under the center tent. He’s famous in the community for figuring out in the 1960’s that a whistle making a sound at 2600hz over a telephone line would trick Bell’s computers to switching your call to a cost-free line. His name comes from the fact that whistles given away free inside a box of Captain Crunch cereal would use exactly that pitch. Later, he started making blue boxes to replicate the sound. One of the people who profited from sales of those boxes was future Apple founder Steve Jobs.

The Keynote Speech

Given by the head of technology for Facebook, the speech was interesting but nothing to write home about. Far more interesting were the people I was sitting next to. On my left was a sysadmin for a series of Portland, Oregon coffeehouses. On my right was the gentleman (“John”) in charge of securing all of the computers on the .mil network (all of the Pentagon computers, for starters). And, interestingly, the three of us had a great and useful discussion afterward.

How It Works

The easy part is going to the lectures, but if that’s all that you do you will be wasting your time. The best idea is to start conversations with the people around you. Everyone here has a similar interest and mindset. I saw perhaps eight speeches of varying quality, but the folk that I randomly bumped into in the halls were at least as interesting as the speakers.

Sample Lecture One: Hacking ATMs

This was one of the most popular sessions and I did not get to see it myself. However, I got brought up-to-date with someone who did sit through it. Not as interesting as the video makes out. I had visions of all the ATMs at the Bellagio spewing cash after this speech, but that’s not really what happened. The hacker had to be able to purchase the ATM on the open market to experiment with it, then had to find an active machine to work on. He had to have  physical access to the internal system in order to update the firmware. Only then did the machine start to throw cash around. Not very impressive in the end.

Sample Lecture Two: Eavesdropping on GSM Cellphone Conversations

I was also unable to attend this one (Saturday mid-day lectures were horribly overcrowded). This one worked as advertised. Despite warnings not to give the speech by the FCC, the hacker set up about $1500 worth of ham radio equipment and proceeded to take over everyone’s cellphone in the hotel. Every call they made was routed through his setup. Every call anyone made was prefaced with a warning, “Your conversation is being recorded.” And at the end of the presentation, the speaker takes out a USB keydrive with all of the recorded conversations and publicly cuts it in half. More info on this interesting and entertaining presentation here.

Sample Lecture Three: China’s Cyber Army

This one did not happen. The presenters were told by the Taiwan government not to give it, so they gave a technical lecture on securing SQL databases instead. From information on the web (corroborated in part by .mil’s “John” above), China is the biggest official problem in computer and data security. Furthermore, the US is not their sole or even their most important target. Taiwan and China have been having an ongoing, undeclared cyberwar going over a couple of years now, which was going to be the heart of this talk.

There is some public information available, which multiple people pointed me to, here and here. Very interesting, and I would have loved to have heard more.

Sample Lecture Four: The Power of Chinese Security

This was interesting, but not in the way I thought it would be. There were three speakers, each with a different specialty. The first one was a native Hong Konger, who spoke with a very thick accent. His information, on how the Great Firewall of China operates, was of great interest and I took extensive notes. The second speaker was a volunteer developer for TOR, who became famous soon afterward. He’s also a volunteer developer for WikiLeaks and he was detained by customs officials prior to entering the US. All three of his cellphones were confiscated.

Unfortunately, the speech was not so interesting. His concern was to free the Chinese people of the Great Firewall with a publicly available service like TOR. While there were some interesting problems involved, nothing of interest to me in particular (though he did have an interesting judo-style attack in mind for re-setting the Great Firewall IP blocks). The last speaker, whom I had just heard in an Android cellphone rootkit presentation, gave a long, useless lecture on Green Dam, a discontinued project by the Chinese government to legally bug all computers in China.

Sample Lecture Five: Moxie Marlinspike

This lecture had no interest to me at all, but I’d met people who work with this guy. “Changing Threats to Privacy: TIA to Google” No interest at all. Wow! I’ve never felt so much that I was living in a science fiction novel than when I was listening to this guy. Tracking the flow of social networking data was never so interesting … Completely dissected the worldview of Neil Stephenson (data havens and crypto) and showed why, outside of China and Iran, it never happened and what it has been replaced with.

Contests and Parties

There were lots of contests. The best one was the Social Networking Room, where hackers get people working at major corporations and positions give up sensitive data or visit websites in ways that would allow an unscrupulous sort to hack into them. The data they wanted? The operating system the person worked on, programs (with version numbers) they had, if they had wifi and if they used out-of-house backup services. We watched as several companies fell by the wayside.

At the end, Kevin Mitnick stands up. He’d earlier volunteered for an attack on Microsoft, but his lawyer talked him out of it. He presented it to the audience and it was simply brilliant.

Does this sort of thing have any legitimate use? Yes. The bad guys do it, so we need to know how. The person sitting next to me in the presentation did this sort of thing for a living. When his security firm starts working with a new client (almost always a bank or financial institution), he does a social attack on them exactly like we were watching. They then train their clients to recognize and prevent these kind of attacks.

And the surprise of the contest? Google. Every other target succumbed almost immediately. Not Google. I watched three different conversations where the Google employee simply hung up the phone on the attacker. No other company came close.

Other contests including a race to chill a pint of beer. Another was to hack as many set computers as possible, then protect them from other teams. Another was to take a mass of wireless data and surmise the usernames and passwords from them. I believe the record was for 50,000 combinations. And there was the Wall of Sheep, an automated sniffer that would show the username and (obscured) password of every non-protected wifi user at the show.

Oh, and parties? Not for me. Too used to my early morning awake, early to bed life of raising kids and running a business. I was in bed by 10 every night. I did win at blackjack though …

China Travel — Technical Aspects

Wednesday, July 7th, 2010

Road Warrior Tools

Going to China for two weeks requires a bit of technical preparation. In my sparse luggage, I took with me:

  • MacBook Pro
  • iPhone 3G
  • External Hard Drive with Copy of Laptop Contents

I needed to be able to run my business, have confidential communications and surmount the Great Firewall of China. All of these were accomplished with ease.

iPhone screen in China. Note the service provider is China Unicom (the Chinese characters). 3G is active, as is my VPN service. The page showing is my sister's Blogger page, a page which is blocked in China by the Great Firewall.

Before leaving, I prepared two methods of encrypted communication with my server in Southern California. The first one was a standard VPN (Virtual Private Network). This is the gold standard for private communication. It establishes a direct digital connection between my laptop (or cellphone) and the server, scrambling all of the information using mathematical keywords. I installed PPTPD on my Linux server and tested it before leaving. Both Apple’s OS X operating system and iOS for the iPhone have VPN built-in to their systems.

As a backup, I also tested SSH Tunneling, a technique with is not as clean as VPN, but which I used when living in Budapest two years previously.

Mostly using VPN, I was able to drill through the Great Firewall and maintain posts on Facebook and Twitter while traveling. Further, I was able to do so both on my laptop and on my cellphone.

While in Shanghai, I used a blogger‘s instructions to use a China Unicom SIM card in my Apple iPhone. The SIM card cost 126RMB ($19) to purchase. It gave me a month-to-month billing program of 66RMB ($10) which included voice calls, SMS and 300MB of 3G data connection. I used the data connection extensively in my two weeks.

One unanticipated problem I ran into were locked-down WiFi services. There were several WiFi connections I used which only allowed traffic on ports 80 (standard web traffic) and 443 (secure web traffic, used for https:// connections like banking and shopping). Both VPN and SSH Tunneling require non-standard ports, so they were often useless with WiFi. Fortunately, I always had my cellphone connection, which did not block any ports, as a back-up.

Outgoing international phone calls were done with Skype (both through the laptop and cellphone directly). Incoming calls were routed directly to my Chinese phone number.

Posting to Facebook from China, another blocked service

China Time Machine — How Much Has Changed in 20 Years

Tuesday, July 6th, 2010

My Chinese visa, 1989

The last time I stepped foot in Mainland China was April 24, 1989. I had just spent a month in-country, seeing Guangzhou, Guilin, Kunming and Shanghai. I spent the final five days of my trip in that city. The night before I left, the evening sky was filled with the protests of students as the forces that culminated in the Tiananmen Massacre of June 5. My American host at Fudan University told me it was probably a football match.

Shanghai Bund, 1989

Regarding Shanghai, it’s hard to imagine a deeper contrast. Nanjing East Road, today a vast shopping route, was a sparsely traveled narrow road. I remember a few dozen shops open, including a dusty old bakery (one of the few in China – bakeries are not part of Chinese cuisine), a bookstore with perhaps a dozen titles, a few magazine shops and little more. Dust was everywhere.

Shanghai had been an international city, an open port since the Opium Wars in the early 1800’s. Prior to that, it was simply a sleepy fishing and weaving village of little importance. As trade came through the area, foreigners moved in. By the beginnings of the 20th Century, while there were only 20 to 30,000 westerners living there, their army of Chinese laborers had built them a full city of western buildings, paved roads and the like.

Horse Racing in Earlier Days in Shanghai

In 1989, much of this was still visibly evident. Between the concrete monstrosities of communist construction, there were numerous beautiful mansions and villas for the wealth few. In the middle of the city was the abandoned British horse racing track. A gigantic part of the inner city, it was leveled to build the People’s Square park and complex of museums.

Today, Shanghai is again a cosmopolitan center of business, finance and trade.

Modern Shanghai, Pudong District

Skyscrapers dot the skyline. Streets are littered with shops, banks and other modern delights. The remaining old villas of pre-communist China are marked by historical markers, but are otherwise not very noticeable between the modern, trendy constructions of the present.

But these were changes I was expecting. The news, after all, is full of detail on the changing face of China. But there were aspects of these changes that struck me to the core. Three things in particular that I was not expecting.

Chinese Backpackers

1) Chinese Backpackers and Tourists. When I traveled China in 1989, moving from one place to another was so enormously complicated, difficult and expensive, few Chinese people did so for pleasure. I remember talking to people in a village outside of Kunming. None of them had traveled anywhere expect to the provincial capital. And those trips were only by necessity, not to see the sights.

The Chinese backpackers were everywhere, taking pictures of everything. They look exactly like I did when I was one of the first independent travelers in China all those years ago. These people saw what we were doing, copied it, and made it theirs. The Chinese backpackers, in the swarming thousands, are my spiritual descendants.

Suzhou Redlight

2) Red Light Districts in Suzhou. Nothing prepared me for a red light district in the People’s Republic of China. Walking to a pub to meet a friend and watch World Cup Soccer one night, a Mama-san grabbed my arm and took me into her small pub to show me her girls. It simply shocked me. I’ve seen Manila, Hong Kong and the infamous Patpong District in Bangkok, but never expected anything here. There was one for foreigners (located on Shiquan Street, near the intersection with Fenghuang Street), and one that was exclusively Chinese south of the Night Market.

Suzhou Massage

A local resident told me that Shanghai had closed all of their redlight districts in preparation for the Expo, and that several of them had move to Suzhou, an hours drive to the west.

Friendly People

3) Talking to People. In 1989, Chinese people were extremely reticent to talk to foreigners traveling in their country. I don’t blame them; people with foreign connections were targets during some of the upheavals in the ’60s and ’70s.

Today is different. It really is possible to sit down and talk with people. Not everyone, but lots of people are certainly open to just talking for a period of time. Common questions when they learn I can speak Chinese: “Where are you from?” “How do you like China?” “How many kids do you have?” “Four!?!?!?!”

It’s a different place. And, very largely, for the good. Twenty years ago I thought growing up Chinese was a terrible tragedy. I’m so happy to be proven wrong.

Re-Acquiring Chinese

Monday, July 5th, 2010

One of my Chinese professors once told me that learning any language is a graduating series of failures, coming at higher and higher levels. When you start a language, you fail at the simplest things. Then you can pass the salt and find the toilet, but you can’t determine who’s who in your friend’s family (a fairly complicated process in Chinese). And so on …

Re-acquiring the language after a twenty year hiatus was like this, only at warp speed. I’d listened to elementary CD’s at home in Southern California, which all seemed clear as a bell. But when I stepped in my first taxi on the first day in Shanghai and tried to tell the driver to turn left or right, my mouth opened and nothing came out.

It was like this for the first three or four days. The very simplest of statements came only with great difficulty. I moved into a youth hostel in Suzhou where very few people spoke English (the clientele were mostly Chinese backpackers). And there were days in that hostel when I would wake up in the morning, dreading going out and challenging my lack of language again. Several times, I thought I’d imagined ever speaking Chinese in the past. It was one of those ways the brain tricks you into thinking that you are someone special or different. No, I’d never done it.

Then, on Wednesday, after living in the hostel for three days, I negotiated changing my room to a nicer one. The whole negotiation and moving was done entirely in the language. One of the assistants in the hostel looked at me and said, “You speak Chinese now?” It was my first serious breakthrough. I was in heaven.

Every day after that had a breakthrough of one kind or another, very much like learning a language from scratch, but much, much faster. Phrases would come to my mouth, unbidden but remembered. The long phrase for percentage in Chinese was one. Thursday, I had a 20 minute conversation about my family with two cleaning ladies at the hostel. I’d been back in China for six days then.

The re-learning was not a smooth ride. While I gained confidence, there would always be somewhere to fall down. And once a conversation goes poorly, it becomes difficult to re-start it and convince your partner that, yes, you do understand what they are saying.

My professional conference started on Monday, June 28. I’d been in-country for ten days and, while not at all fluent, I was able to make myself understood and listen to other people. My level was still one where the language was a basic and blunt tool, not a thing of joy.

On my days back in Shanghai, before coming back to the US, I found myself again able to make simple jokes. Taxis had long ceased to be a problem. I could work my way around most forgotten or mis-understood words. I’d found part of my tongue, but not all of it. I can now remember being able to play word games twenty years ago, and know that those memories are genuine. And if I were to remain in-country for some time, I’d certainly re-acquire the ability.

But the last two days in Shanghai before boarding the plane were really very comfortable for me. My language was back, and I could use it.


Sunday, July 4th, 2010

I made it back from China. “So, how was it?” you ask.

Confusing, big, crowded, busy, noisy. Everything that you’ve heard, and lot’s that you haven’t. I plan on doing a few posts over the next few days, detailing some of the things that I was interested in.

As an overview, the trip was very successful. I gave a well-received speech and met lots of people from my industry in Suzhou. By coming ten days early, I was able to re-start my Chinese language skills from twenty years ago. And, I was able to get all of my techie-things more or less accomplished (bypassing the Great Firewall and posting to Facebook – getting my iPhone to work on a Chinese SIM card – and the like).

I expected to see lots of things: buildings, roadways and factories. I was not expecting to see others: Chinese backpackers, loads of Chinese speaking foreigners and an incredible invasion of American franchise stores.

If you want to see my photos from Facebook, but for some reason haven’t managed to, they can be seen on the following links:

Shanghai, my first day

Suzhou, my first day in a smaller Chinese city

Traveling in China

Day Trip to Shanghai

Back in Suzhou

Speaking at LISA, Five Star Hotel and a return to Shanghai

Seeing Nick and Aubrey, and my last day in China

Blogging While Traveling

Monday, June 14th, 2010

Some notes on what to expect here over the coming weeks. Unlike my sister, Helen, who is starting on her epic bicycle trip across the US, I don’t intend to blog my trip to China.

“Why not?”, you ask. “It’s so easy, and you have all the equipment. Server, laptop, smartphone … it would be really, really great.”

The reason lies in the primary purpose of the first part of my trip: re-establishing my ability to use the spoken language. This means avoiding English as much as possible, placing myself in the here-and-now of China for ten days. Running back on the internet, with English language websites and contacts, puts me back in my comfort zone—not where I want to be. I need to be uncomfortable; forced to use some long-dormant language skills. The second part of the trip will be multiple meetings, speeches and my chance to see Shanghai as a tourist—I’m going to be busy!

The one place I may allow myself to cheat is with Twitter updates. You can follow me here, or come back to the Steussy Ranch and check out the column on the right (“Twittering Steussy”). There is a minor technical issue – surmounting the Great Firewall of China – which I will have to solve to Twitter. Blogging should pop up again after July 4, when I’m back with lots of photos and reports.

I won’t be a hermit, however. The business phone number (+1 323 963 3270) will always reach me, as will email. I can’t run a business and ignore these, after all.

Studying Chinese

Friday, June 11th, 2010

I have three Chinese textbooks with CD’s that I am listening to before heading to China. For the most part, the sounds and cadences come back to me naturally. There are a series of words, however, that simply don’t register for me. They sound like more-or-less random noise. In English, they are the words for: email, web site, web page, computer crash, computer virus, download, software, cellphone, ringtone and the like.

Just a hint that things have changed rather a lot since 1990. I’m working on getting myself up-to-date.