Early DEFCON Thoughts...

• Every Apple TV user with any semblance of hacking skills should try out atvusb-creator, which is a patchstick to enable a ton of new capabilities on the Apple TV. Simple, easy, useful.
• Great quote this morning from Bob Lentz, DoD CISO, talking about all the advice he's getting on shutting down Web 2.0 apps like Facebook: "As a security officer, that's the last thing I want to do. I don't want to be Dr. No." Lentz' point is that putting his head in the sand on the topic of social networking would be stupid, particularly in light of the story that he related where he'd recently been on an aircraft carrier where the average age of the 5000 shipboard personnel was 19 1/2--meaning they'd grown up in the Internet age, that they were beyond comfortable in terms of the use of online capabilities, and that to try to shut them down totally would be folly. We play too much whack-a-mole already, so putting some legitimate regulation in place to allow Web 2.0 apps in the military ends up being a helluva lot easier than trying to police every single instance of use.
• A couple of us bumped into Johnny Long last night while on the way to dinner. The work that Johnny is doing in Jinja, Uganda (the mouth of The Nile), is hugely inspiring--down there of his own accord, helping wire up one of the needier places in East Africa. Johnny mentioned that with all the oil money flowing into the country, it's getting to the point where people have the equivalent of Verizon FiOS--in a city with a population of 100,000+, but where the per capita income is about $100. Wow. Every time I wear my "i hack charities" t-shirt, I get a ton of inquiries (and nasty looks) about what the hell that means. Hearing the stories of the small but vital successes Johnny and the hacker community are achieving there make me want to wear that t-shirt every single day.
• Yes, I'm on the network. No, it's not as toxic as the network was in years past, thanks to the new network they deployed a few years ago. But, I'll also say that this is the one place in the world where I'll only deal with https traffic, and where I actually click on the lock in the browser to verify validity of the certificate. And yes, I fully expect to get pwned--that's the risk of using the network here.
• The line to get replacement badges this morning was epic--no kidding, at least a thousand people deep, probably way more. They ran out of real badges multiple times yesterday; I was fortunate enough that when I walked in, I managed to register in about 10 minutes, as well as get a real badge. I thank the karma gods for that one.