Skip to main content

RSA Day 1

 Today was a travel day to RSA 2024. It started off simple enough, boarding at my municipal airport, then a puddle jumper to the nearest metro-airport, Atlanta. 

Luckily, as if there wasn't enough anxiety around Boeing aircraft, our initial plan was inoperable and a secondary plane had to be found delaying our flight. Considering Boeing's in the business of killing whistleblowers this week, and they make roughly 90% in Delta's fleet (Atlanta is Delta's home turf) it didn't look like I was going to make it west on a non-Boeing flight. 

(Inconsequentially, I spent the three weeks leading up to RSA obsessing over the Amtrak website trying to find a sub-$3k route to California sans air travel.)

I landed in Atlanta's C concourse after the flight to SFO had already been boarding, so I took off at a full sprint towards Concourse A. The flight from Chattanooga had been full, so they'd already checked my carry-on's minus my laptop. 

Not surprisingly, I got to Concourse A to discover that the flight had been delayed, and I had time to grab a turkey sub from a terminal bodega for $15. (Yikes, who can afford these prices without an expense account. It was a decent sandwich though.) 

In the air, I had the time to do some writing and some reading. A friend had went to VulnCon recently on the East Coast and had the chance to meet a favorite author of mine, Andy Greenberg. Now of Wired, formerly of Forbes, Andy has written one of my favorite books, Sandworm: New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers,  and what is page-by-page becoming my second-favorite book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. In the book, Greenberg follows the development of BitCoin as a global currency and highlights the stories of gain and loss caused by the transparent and traceable nature of a blockchain. From Mt. Gox to BTC-e and Silk Road to AlphaBay, I've so far not been able to put it down. Highly recommend you pick up a copy or borrow one from your local library

After landing in SFO, I made a break for the baggage claim, finding everything had arrived as expected and headed into town. The Bay was everything I'd hoped it would be, big monoliths of biotech office blocks, advertisements for niche technology companies, even the people on the plane had been my "kind" of people (fellow techies). 

But as I got closer to the center of the city my hopes and dreams about the Bay area were dashed against the rocks. You can't quite blame me. I spent my entire childhood in rural TN reading stories from Wired, and Ars Technica, and other tech publishers about the amazing things happening here. I dreamed of going west and hanging out with anarch-libertarian-crypto-communes and participating in the design of society bending technologies that would ultimately make the world a better place. And what I saw was far from that.

As I passed the gilded balconets of San Francisco City Hall, I was met by the stark poverty and danger of the Tenderloin. I've participated in homeless and unhoused missions work through religious organizations since 2008, passing out food and tents, ran medical missions and clothing exchanges in Miami in 2010, and worked with migrants in Des Moines during a brutal winter in 2012. Through all of these, and more recent work in Chattanooga*, I've never felt accosted, or threatened, or like a situation could get out of hand. Unfortunately, just walking down the street I was greeted by aggressively unmedicated individuals, while men on motorcycles ran red lights and burned-out, and police in a nearby SUV just watched with mild interest. 

Upon arriving at the hotel, I had to ring a doorbell where a young woman came and manually unlocked the door and provided me with a room key, a set of ear plugs, and admonition to not wear opened toed shoes and "watch for needles if you're walking to the Moscone [the conference center.]"

 Placing my things in my room, I quickly realized what the ear plugs were for. Above the street, the sounds of firetrucks (at least 5 individual incidences?), homeless individuals yelling ambling screeds, and more motorcycles, mixed into a cacophony of annoyance. 

 Ignoring this, I changed out of some too thin and too short shorts into jeans. The 50° weather in the Bay was a stark difference to the 85° in Atlanta! Knocking on my bosses door, we headed off in search of a Thai place with particularly high reviews.

Again I was alarmed by the sheer poverty and danger that seem to be manifest. Here was the bright and bustling tech metropolis I had dreamed of and it reminded me more of Gotham than the Jetson's. There were vestiges of the tech industry everywhere, I passed probably fifty or more people on electric bikes and scooters, and waymo driverless taxi's wedged their way in and out of traffic. But here were 30 individuals huddled in an alley fifteen feet away sharing needles.

I will say, the high point of the night was the restaurant my compatriot picked. An unassuming restaurant called Thai Spice, on Polk St in Nob Hill. This place had chicken satay, and larb and som tum (green papaya salad) and a host of other delicious looking things. We opted for the chicken satay, a Mussaman Beef Roti dish, and Kao Pad Gra Prow-Mun Nuer. (I usually pride myself on learning the correct pronunciations for food, this one we opted for the point-to-order method.)




The food was amazing. The beef rib literally slid off the bone and the mussaman broth was deep and rich. A welcome reprieve to the chilly Bay air outside. I didn't eat the Kao Pad Gra Prow-Mun Nuer, but we both left with empty bowls and full stomachs which seems like endorsement enough.

 The walk back was uneventful but filled with the same unease as we passed other humans in some of the most abject conditions I think possible. Looking around, I kept wandering where the church was. Where were the kitchens, the needle exchanges, the dentist, and barbers, and people who cared? Then I noticed it, while standing in front of a large brick building, the cornerstone near my foot read, "EST. 1890, Built 2008" a little ways up the brick "For SALE, Inquire Online" and further up "The United Church of Christ". Apparently the techies fleeing east weren't the only thing pulling out of San Francisco. 

 

*Chattanooga has decided to be particularly hostile, destroying Miller Plaza's beautiful fountains and creating a hostile concrete monolith, consequently a perfect place for unhoused persons' encampments, another thing the city systematically destroyed. Weirdly destroying someones tent city without providing any housing doesn't make them less homeless, just more visible. Whoulda thought? The city has also failed to provide bus shelters or even bus benches around town, something the Chattanooga Urbanist Society is attempting to resolve through direct action.


Labels:
Location: Tenderloin, San Francisco, CA, USA

Popular posts from this blog

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr
Read more

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open infosec.exchange , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza
Read more

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.
Read more