Introducing DEFCam or how i made a hat for DEFCON!

DEFCam hat

This is a silly project that i have spent probably too much time on.  First I thought, why not time-lapse my upcoming defcon trip.  Then i thought, why not live stream it.  So… I started with a Pi Zero and a Pi Camera v1.  Wired some pins to the GPIO for power.  Made a custom wire and hot glued it into the hat.  Done!

https://be3n.com/defcon

DEFCam - pi zero cam case

DEFCam - prototypeDEFCam - original wiringDEFCam - can see itself
Continue reading “Introducing DEFCam or how i made a hat for DEFCON!”

My Defcon 26 Short Story Contest Entry Part 1! Finally!

Defcon Short story contest entry by be3n

Chapter 1 : Knowledge Distribution and Collection

In a large lecture hall only moderately filled, Yohan stood before a class of first year computer science students.  The dark rings under his brown eyes and matted light brown hair highlighted his rumpled and unkempt appearance. He was of average height with broad shoulders and a bit of a barrel chest.  Barely older than his students, he hardly had their attention as he began to speak.

“Infinite monkeys pounding on keyboards will eventually produce Shakespeare!  We’ve all heard this. Is that machine learning? Are these nearly infinite transistors your army of monkeys?”, he asks.  A few students timidly raised hands before he answered himself, “No, we are not leveraging the power of infinite monkeys here.  Here we teach learning systems not just how to learn, but how to teach themselves to learn even better,” he continued. The students started to raise eyes from their glowing screens to follow Yohan as he slowly drew their attention.

Speaking enthusiastically, his eyes began to brighten, “Your model is derived by the learning systems analysis of the data you feed it. Bad data creates bad learning. One famous example from the early days of machine learning was an Army effort to train a system to detect tanks from aerial reconnaissance.  The scientists working on the project did not notice at the time that all the photographs taken containing tanks in the sample were taken on overcast days. Most of the photos that did not contain tanks, had been taken on sunny days. In the end, they did not train the model to detect tanks, but instead to detect cloudy weather.  If you are not careful this can happen to you.

“False assumptions lead to false predictions and the model degrades.  It is increasingly important to properly select the data points for your matrix as well as allowing for the training of weights and biases assigned to these data points.

“Just like our tank example, we can find other false assumptions.  The racist biases that lead to the idea that immigrants bring crime can also be attributed to a bad learning data set.  In our immigrant example, that learning data set could be the content produced by Fox News. Bias is not always bad, we need them to judge the significance of our data.  For another example, say you wanted to go out to eat. In order to select a location, you might ask a friend, Paul for his favorite restaurant. He suggests a Bowling alley diner.  Does this choice reflect bias? Might it help to know going in that Paul’s favorite food is hot dogs and bowls every weekend as part of a league? Should it affect the significance you mentally apply to his suggestion?  These are the weights and biases that we apply in our everyday decision making. These same sort of weights and biases must be trained into the learning model. And they are, every time. It is usually not possible to eliminate input bias entirely..” Many in the class seemed a bit perplexed by all this new information.

“Rule of acquisition #74 states that knowledge equals profit.  In our case knowledge equals model. The more training you can supply, the more points in your matrix, the greater and more accurate the predictability.  How many of you have worked with confusion matrices?” Someone called out, “They’re all confusion matrices to me,” but Yohan didn’t reply, he just waited patiently. . In time nearly all the students raised their hands. .  That was a good sign. He continued his lecture going over some examples of using bias of various data to increase the flexibility of the model. . . By the time he was talking about practical uses for stochastic gradiants, most of his students’ attention had wandered. Continue reading “My Defcon 26 Short Story Contest Entry Part 1! Finally!”

Last minute writing contest entry received!

Defcon short story submission received!

It came down to the wire, but I got my story submitted.  Well, half of it anyway.  yea, i ended my story with the classic “To Be Continued”  Now i need to set to work on the conclusion.

Thanks to Sora, Paul, and my wife for not killing me while I got crazier and crazier over this project.

I will post both Part 1 and Part 2 here at some point.  Official Entries can be found here.  I want to  finish one more pass of edits first.  But get to reading, only 1 week to vote!

My first purchase from a KeyMe kiosk and I have notes!

KeyMe Kiosk

I have used MinuteKEY in the past to easily bypass DO NOT COPY keys. Today’s errand was more about a quick solution then a security bypass. I was just copying normal keys today.  Here is what i learned.  With MinuteKEY, you could only make batch copies of the same key.  In fact, the MinuteKEY kiosk locked your key into the machine until all the copying is done.  There were zero protections against DO NOT COPY keys.  They do however print keys right there in a variety of styles and colors.

MinuteKey - DO NOT COPY close Continue reading “My first purchase from a KeyMe kiosk and I have notes!”

Last days of the #dailyshowlibrary!

tiny hands tweeting

This small exhibit includes audio/video recordings from the Daily Show cast as well as Trump Survivors.  Even a set with a golden toilet and props to pose with. (i had to grab a tie, but it wasn’t long enough for me).  We were given name tags upon our arrival complete with nickname (mine was “Buzzkill be3n”).  you can see the whole exhibit in under an hour.  well worth the visit!

Sunday June 17th is the last day in LA.  631 N Robertson Blvd. 12pm-10pm.


be3n Trump #dailyshowlibrary set with golden toilet
Continue reading “Last days of the #dailyshowlibrary!”

Hosted Unifi controller with Let’s Encrypt SSL!

Unifi controller with SSL from Let's Encrypt

I have been consolidating some of my sites onto a single hosted Unifi controller.  Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller.  second frustration, java.  once you get over that, it’s super easy.

I had some issues with the initial migration.  i ended up having to start over.  handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.

Getting started with SSL, I learned mostly from here.  First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>

this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/).  Now we need to feed the CSR into certbot.  Note that at this point,  i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for.  Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der

Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller.  Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”