James’ World

I don’t watch much sports, but always make time to see the summer Olympic track events.

Usain Bolt made it a very memorable games for sprint, with 3 gold medals, including 3 WR.

• 100m – 9.69s (untied shoe, jog finish for last 15m)
• 200m – 19.30s (splits 9.96 and 9.34, 2 mph headwind)
• 4×100m relay – 37.10s

A big challenge for sports photographers with a runner this fast is getting him and 2nd place in the same frame.

Favorite Usain quote (to his agent before 200m race), “Tonight I’m going to race the whole thing.”

He just turned 22, has just started weight training, and trains in Jamaica, not the US college system. At 6′5″ has has a longer stride than other runners.

After his performance, some wonder if raw talent in sprint can triumph over sports science, and if there have been other runners in the distant past with his level of talent or higher that we don’t know about.

China came up short on most, if not all, promises to allow dissent and press freedom. One story I read online was about some grandmothers threatened with being sent to a work camp if they continued to request a protest permit.

Although they came first in the gold medal count, that’s not the point of the Olympics, and I don’t think they understand that.

Defcon was held once again at the Riviera hotel in Las Vegas.

I think the attendance went up from 5,000 last year to 12,000 this year. The organizers used the same room layout, which resulted in grid lock at times in the hallways, but I was always able to get into a talk.

Getting a badge was an adventure again this year. They started with a laminated greenish paper one, and allowed approx. the first 10,000 attendees to trade for an electronic version that included a radio transmitter with LED.

Lots of interesting talks, but my executive IT summary would be:

• Use Firefox and the noscript plugin to prevent Javascript attacks.
• Social networking sites (Facebook, myspace, etc.) are not safe to view because of JS attacks by XSS and applet JS attacks
• Microsoft SQL Server is subject to a lot of automated attacks now, so hard to defend. Especially with recent .NET built-in.
• You can use the ssh-vulnkeys tool on Debian to see if your ssh keys are weak. 3% of verisign SSL certs are vulnerable.
• nmap –reason –T4 is recommended as being useful. Also nmap now has rate limiting options built-in, and a nice Windows frontend called zenmap.

Some of the talks I went to …

nmap, Fyodor

The nmap talk alone was worth the trip.

I talked to one guy who rented a Segway for $125/day during the conference. He said it was handy for getting around the long halls, and used it instead of a taxi for short trips down the strip.

I bought a Foundry switch and a Tripplite rackmount 20 amp switch from one vendor and was able to scrounge up a discarded cardboard box for the airline trip back.

I asked him what he did with gear after the conference and he said, “I have to truck it back because when I gave away free equipment at the Alexis, it ended up in the pool.”

Defcon Presentations