DefCon 33 arrives, my talk from DefCon III survives

The T-shirt I bought at my first DefCon, which was DefCon III in 1995

DefCon, the very popular annual hacking conference held annually in Las Vegas opens today, August 7th and runs through the 10th. This is DefCon 33 and I'm a bit sad I can't be there. This would have been an anniversary event of sorts, the 30th anniversary of my first Defcon talk. And I will miss seeing all the folks I know that will be there this year.

The good news is that Jeff Moss—the founder of DefCon—had the wisdom and the foresight to insist, even back in 1995, that all talks delivered at Defcon be archived. That means anyone with an internet connection learn from past events, which is great because in my experience DefCon never fails to deliver cutting edge information about digital technologies, how they work, how they don't, and what that might mean. 

DefCon III shirt with human inside

More than a few times I have used the DeCon archives to find out when a particular vulnerability was discovered or explotied for the first time. 

As a big believer in learning from history rather than repeating it, I like to debunk statements like "we had no idea criminals would exploit our technology like that."

Really? You mean nobody from your security team went to the session at DefCon X where exact same exploit was demonstrated?

And on a personal level, those DefCon sound archives mean I can still listen to what I said, 25 years ago, preserved as an audio (.m4b) file. 

If you want to listen, just go to the DEFCON III Archive and search for Cobb. My talk was titled: The Party's Over: Why Hacking Sucks. Alternatively, you may be able to listen in your broswer (not all browsers are supported). The talk is about 49 minutes long and while the sound starts out rough, it quickly gets better.

My goal with this talk was to generate dialogue about the ethics of hacking, and I think I succeeded. In fact, the audio captures that quite well. As someone who had been working on the computer security problem since the 1980s, I have to say that I learned a lot from that 1995 session and appreciated everyone's input. The feedback from the audience must have been okay because I was invited back the next year

A Cobb in a Kilt, 2018, DefCon 26, 

My talk at DefCon 4 in 1996 was about how to go from being a hacker to being an infosec professional. The title was 101 Things to Do With an Ex-hacker. Like many early DefCon talks this one took some unexpected turns. For example, I talked for a bit about trainspotting, not so much the movie as the hobby in which you try to see as many railway locomotives as possible. 

Trainspotting was one of my hobbies when I was a boy, back when steam engines were still is service. My point was that in our enthusiasm to explore this fascinating pre-digital technology we would sometimes break the law and trespass into locomotive sheds.

The parallel with hacking was that despite this illegality, some of us matured into respected professionals with rewarding careers. Indeed, one of my fellow trainspotters has had a long and fulfilling career writing and editing books about trains. 

Anyway, the talk lasts less than 30 minutes and might be worth a listen, eve if it's just as a historical curiosity. However, before you click this link to that talk be warned that there is some swearing, albeit in a very polite voice.

Over time, the Defcon archives have evolved to become a quite amazing cornucopia of knowledge and history, a feast for eager minds, and a legacy for future generations. 

Thanks Jeff and DefCon! Thanks your foresight!

And please accept my apologies for not being their this year. I will be keeping an eye on things from 5,000 miles away in Coventry, England, where I'm looking after my mum (96) and my partner Chey, herself a Blackhat speaker (Why Government SystemsFail at Security, 2001).

P.S. For more about Chey and her current condition, you may want to read this.

What's Amusia Got to Do With It

A few years ago I learned that I have something called congenital amusia, an inherited condition that can make it impossible to carry a tune or learn to play a musical instrument. In other words, amusia is tone deafness, or to use a derogatory expression, tin ears.

Amusia is defined as: "a musical disorder that appears mainly as a defect in processing pitch but also encompasses musical memory and recognition" (Wikipedia). Some studies suggest that as many as 4% of people are born with an innate inability to recognize musical tones or to reproduce them. This is referred to as congenital amusia.

In 2018, advances in genetics led me to discover that my lifelong failure to sing or learn guitar —despite great effort—was due to congenital amusia, not some weird character defect (although you can still find music coaches who insist that amusiacs are just being lazy).

When time permits, I plan to blog about my own journey with amusia, but in the meantime I put up a separate website —4Amusia.com— to curate links to information about amusia. Those links should not be taken as endorsements of the content to which I link, and the look and feel of the site may change over time; however, I am also color blind (deutan), so please excuse any jarring color choices you may encounter there.

You might be surprised at how many things can be affected by amusia, like some forms of speech and comprehension. The leading researcher in all things amusic is Dr. Isabelle Peretz and if you're interested in this topic her website is the place to look. It features a link to an online hearing test that you can take to diagnose amusia.

For myself, the stigma of being a tone deaf child was unpleasant, and the decades spent failing to learn a musical instrument were frustrating. At times I experienced deep sadness at not being able to express my feelings in song in the presence of other humans. Nevertheless, learning that there is a physical basis for these limitations, rather than some character defect, was quite liberating!

Happy 2025!

Welcome to a new and potentially extraordinary year. I am looking forward to making some long overdue changes here on the blog for 2025. 

As you can see Lola is looking forward too.

In many ways 2024 was a tough year for me and my family. I hope to find time in the coming months to share some of the lessons I've learned from dealing with those challenges, even as some of them continue to take a toll.

In 2024, I discovered several things about myself. For example, it turns out I am a cat person, even though I have never sought to get a cat as a pet. This might not sound like a life-changing revelation, but the fact that you can still learn stuff about yourself, even when you're in your seventies, well I find that encouraging.

Here's hoping we all have a great year in 2025.