This is the blog, but if you want to know more about me and my projects, check out the Projects and About pages.

The Top Five Highlights of Defcon 27

Voting Village at Defcon 27

I love Defcon. For years, since I was a young script kiddie in high school, I had attending Defcon, the crazy huge hacker convention held every year in Las Vegas, on my bucket list. Now, Defcon 27 was my third Defcon and I seem to enjoy the conference more every year.

I could, and have, talked about Defcon and my love for the Defcon community at length…but I won’t here. What I do want to share is a short list of some of the best things I saw, learned, and experienced this year at Defcon.

5. Social Media Manipulation

One of the first main conference talks I attended this year (meaning it will be posted online at some point) was about social media manipulation. The primary point of the talk was discussing a particular botnet worm that a group is using to generate fake clicks, comments, and other engagement, but the talk was an interesting tour of the dark side of social media all together.

When I attend Defcon I do it as myself and work hard to keep my “day job” at arms length so that I can enjoy the conference and not feel like I have to tie it back to my professional work in any way, but obviously in my role as CTO of Studio71, this topic is of particular interest and I think there’s more the Studio71 team can do to research this topic in the future.

4. Everything Your Dev Team Does is OSINT Fodder

I’ll be very short here as this talk was off the record, but it’s amazing to think about how much information you and your teams leak by using standard development tools, such as Jira. Click a link from a ticket and your referrer information tells that site little bits of info. Is all of it bad? No, but added up and it could be. Something to think about.

3. Biohacking Disclosure Issues

Some people go to Defcon and hyperfocus on one or two topics they are particularly interested in, such as hanging out the whole time at the lock picking village. I love to talk to those people, but I’m more of a Defcon omnivore, roaming around the conference popping in to lots of lots of different things that sound interesting even if I have no plans to follow up with that topic later.

For example, on a whim, I walked in to a talk on biohacking and it was a panel discussion on the issues involved in biohacking (ex: finding security flaws in medical equipment such as a pacemaker). It’s not entirely shocking, but the medical industry has a long way to go in regards to responsible disclosure of exploits and ensuring all devices are as secure as possible. Really interesting stuff, and the key take away for me is: If I ever have to use a device like a pacemaker, dialysis machine, etc, ask a lot of questions and search the internet for the device maker before you move forward. The last thing you need is a pacemaker with exploitable software lodged in your chest for years.

2. The Fake TSA

There was a long line (no uncommon) to get in to the Defcon Arcade party on Saturday night. Just as the doors opened and the line started moving a group of guys wearing blue polo shirts ran up next to the line, set up a table, put bins on the table and started asking people to present their bags, take off their shoes, and walk through a metal detector. This was a joke. It was very much a joke…and yet…that wasn’t clear or that bit of monkey brain we all have that was programmed by almost two decades of travel didn’t want to question it for a lot of people. People started to grumble while taking off their shoes, and as I walked around the TSA stunt I heard one of the “agents” telling someone: “Dude, calm down. It’s a joke!”

Don’t let security theater seep in to your monkey brain.

1. Hack the Vote

The Voting Village is always equal parts awesome, enlightening and depressing…ok, maybe it’s 60% depressing, 20% awesome and 20% enlightening. This year, I took part in a group discussion, again off the record, with various election officials on what they can do to improve their security. I really feel for the gentlemen we worked with. I really believe they are doing everything they can to protect the vote in their counties (from a midwest state) but they are handcuffed on two key elements: The antiquated, potentially un-patched, voter registration system managed by the state, and the lack of decision making power to force a move to paper ballots.

I’d love to find ways to help on this, but the red tape and infighting make that so difficult, but even if I could step in an officially help these two midwest counties, what could I do that they haven’t? Maybe tighten a few things like forcing longer passwords, but if the State is unwilling or unable to upgrade their system and confirm that basic system maintenance is taking place, what can anyone do about it? The Federal government is the only entity that can, and we all know that one party is…disinterested…in making these critical changes.

See you next year, Defcon.

(And see you in October, ShellCon!)

My First Mention in Variety

I’m late on this on the blog, but after a few years of working in entertainment and two years of living in Los Angeles, I got my first name drop in Variety.

A few weeks ago, we were talking internally about the entanglement of buyers and sellers and products and platforms, when someone wondered aloud about how many different ways there are to sell branded content in the market. Our CTO, Mike Flynn, was in the office at the time and took that question as a math challenge. He immediately set about doodling an equation to explain the cacophony.

Big picture? It’s nice and doesn’t matter much, but it is cool. I’ve also had posts on the front page of Hacker News a few times and that’s certainly lead to more emails, but it’s still cool to get a mention in the Hollywood press.

via Variety

Techcrunch Gives the Finger to Journalism and Kicks Newborn Puppy While Slapping Your Mom

In the latest segment in the endlessly long syndicated program entitled “Every Thing is On Fire at Journalism’s House” we have Techcrunch writing an article about the new but only Wednesday mid-day level news of Amazon Web Services launching the DocumentDB service.

I’ll let you guess what the title of this article, written by Federic Lardinois, is running in a (formally) respected tech news source.

A: “AWS Launches New DocumentDB service to take on MongoDB”

B: “MongoDB challenged by Amazon Web Services new DocumentDB Service”

C: “AWS gives open source the middle finger”

D: “You can earn $100 an hour working from home buying stuff online! Click here!”

At this point D is a solid guess so no shame there if that’s where you went, but the answer is actually C. C! “AWS give open source the middle finger” is the title of an news article and it’s blowing my mind. Also, and this is the real kicker here…spoiler alert…no they didn’t.

AWS launched DocumentDB today, a new database offering that is compatible with the MongoDB API. […] In effect, it’s a hosted drop-in replacement for MongoDB that doesn’t use any MongoDB code. […] AWS argues that while MongoDB is great at what it does, its customers have found it hard to build fast and highly available applications on the open-source platform…

No argument here…

It’s also no secret that AWS has long been accused of taking the best open-source projects and re-using and re-branding them without always giving back to those communities. […] MongoDB was one of the first companies that aimed to put a stop to this by re-licensing its open-source tools under a new license that explicitly stated that companies that wanted to do this had to buy a commercial license.

That’s a perfectly fine solution. AWS no longer uses MongoDB or they pay for it. Seems fair, but the article goes on to list several quotes from MongoDB executives and even describes them as “feisty.”

“However, developers are technically savvy enough to distinguish between the real thing and a poor imitation. MongoDB will continue to outperform any impersonations in the market.”

That kind of thing. Then after that Lardinois ends with a quick aside that mentions that AWS has actually been better about giving back to open source lately, but MongoDB is pissed because they “bypassed” their license. The end.

That’s it.

Did I miss the middle finger?

Did I miss the part where you told everyone about the new service AWS was offering?

Did I miss the part where MongoDB actually gave solid reasons why a company would want to run and scale MongoDB themselves rather than pay AWS to do the dirty work?

Lets review and see if we can find that middle finger…

  1. Amazon used MongoDB, which was an open source product.
  2. MongoDB didn’t like that so they changed their license to force Amazon to pay to use it.
  3. Amazon stopped using it and made their own similar product.
  4. MongoDB got super mad and stuff and called their buddy at Techcrunch to tell him all about it.

Did MongoDB actually give the finger to open source? Did Techcrunch give the finger to news? Did AWS do what all big tech companies do and you can choose to use their products or not? Is this the first time I’ve been to Techcrunch in years? Can you end an article with a series of questions?

(Yes. Yes. Yes. Yes. Yes.)

via Hacker News

My Current Media Diet - January 2019

In the vein of the wonderful and prolific Jason Kottke, I’d like to start sharing my current media diet on my blog. I’m not going to keep track of everything I read, watch, or listen to, but I do think a general review of what I’m consuming would be interesting to others and myself in the future.

Spider-Man Into the Spider-verse

Movies

I’m slow on movie intake these days, but we did take the whole family to “Spider-Man: Into the Spider-Verse” and I throughly enjoyed it. Very funny, the art direction was amazing, and loved the focus on Miles. I can’t wait for the many sequels. I think Sony as finally done something interesting with their Spider-Man license. (To be fair, 2004’s Spider-Man 2 was pretty good, but that whole trilogy has been hopelessly tainted by the atrocious Spider-Man 3)

TV

Outside of “The Office” reruns, I have watched half of the third season of “Daredevil” on Netflix but stalled out over the holidays and then watched the entirety of “Bodyguard” which was really awesome. Best show I’ve watched in a while.

YouTube

As of this moment, I’m tracking some YouTube creator drama, checking out the world of mechanical keyboards and watching people fix old Hot Wheels.

Books

I’ve stalled a bit on my Audible queue in favor of Podcasts, but I’ve started “Countdown to Zero Day” (interesting but pretty dry) and “The Coming Storm” (same).

Games

I beat Far Cry 4 in early December and moved in to Spider-Man on the PS4. On mobile, I’m playing a lot of Alto’s Odyssey while waiting in line or while watching TV.

Podcasts

My usual weekly roster applies:

Music

Current Go-To Spotify Playlists or Albums:

Context Powers Brand Safety at Studio71

Have you heard about the brand safety concerns on YouTube? Maybe you’ve heard it described as the “Adpocalypse”? Even if you haven’t caught wind of the madness over the last 12 months, surely you understand that anything mixed with “apocalypse” isn’t a good thing. As is common in “whatever-pocalypse” situations there was a fair bit of freak out, but Studio71 went to work!

The result of that work is Studio71 Context. Context is our Brand Safety scanning technology that we have been quietly testing over the last few months, and I couldn’t be more excited about how it has turned out. Context takes in all of the data we already know about the Studio71 creator and the amazing content they produce, leverages machine learning to fully understand every video uploaded, and works in tandem with our manual review team to make the right decisions at scale. What does that mean? It means we can ensure brands attach their message only to the content that makes sense for their brand and nothing else!

As I’m sure all other digital media companies can attest, the task of understanding video content is a difficult technical challenge and we couldn’t have developed and scaled Context as quickly as we did without the help of our partners at Google and Amazon, and the fact that this team has built a platform that is flexible and stable enough to build complex products on with confidence. In the 5+ years I’ve been at Studio71, Context is easily the most exciting project the Tech team has worked on and it looks like it may be the most successful as well.

Studio71 Context Video

mikeflynn @ GitHub thatmikeflynn @ Twitter