Update #2 on Snickers

Snickers got a bath; she is all pretty, smells good and doing well.

I am now playing the vegetable game, trying to figure out which veggies she likes, which I can get her to eat even if not her favorite and which she will clearly not touch.

Kay got her a feeding ball thingy, which I am placing veggies in. Snickers fights with it, doing her best to pull the veggies out. This is apparently good for gpigs and stimulates their mind as well as gives them a workout. She struggles with the ball and chews at the veggies, she seems to like it.

We also have a flexible ‘rainbow bridge’ that is shaped to form a ramp up to a plastic tray hanging off her cage. I’m putting some of her veggies in the tray to force her to walk on the bridge, as the solid wood is good to help keep her nails filed down. She isn’t a big fan of it, but she will suffer it to get to fresh cucumbers and romain lettuce. So far, she loves cucumbers (can we say “crack”?) and romaine lettuce.

Selling out, the process continues…

This dose of selling out was beneficial in many ways. First, by joining LinkedIn, I could see more profile information of people I was curious about. This greatly assisted some Errata research to start. In the last year or so, I turned my profile into a ‘real’ one. One caveat; I only list hobby experience on the profile. CFP review, my work on attrition.org, my work for OSF including OSVDB, etc. With a ‘real’ profile, but not my real name, I was also curious who would link to me. Over time, many have, and most have had fun endorsing me for creative things. All in all, I sold out right on this one.

Update #1 on Snickers

Yesterday Kay took Snickers to Alameda East and got to see Dr. Fitzgerald, a specialist for small rodents like Chinchillas and Guinea Pigs.

Dr. Fitz checked in several different ways for mites, fungus and ringworms, even though he said it didn’t look at all like any of those. Parasites tend to cause at least some skin irritation, which she has none. They also tend to cause progressively worse skin irritation, and would have led to extreme illness and probably death in the time we know she has had the hair missing.

He poked around at her belly, which he said was quite obviously enlarged and lumpy. This is almost always caused in older, female guinea pigs by hormonal problems resulting from a tumor. She has swollen, enlarged nipples that is also almost always a sign of an adrenal gland tumor. The pattern of hair loss (literally the locations of it) was also classic for adrenal gland tumor, which in the end was his probable diagnosis.

It’s not the sort that is going to spread to her entire body, because it simply would have by now and she would have lots of other horrible symptoms. An ultrasound would confirm it, but he says he is 95% sure and any sort of tumor it could be isn’t hurting her and won’t effect her

In summary, she has a tumor…if it grows it will instantly start to hurt her, and she will immediately stop eating…at which point the best thing to do for her is to put her to sleep. He doesn’t think that will be anytime soon, however.

In the mean time, I am finding amusement and joy preparing her little plates of mixed vegetables. Most days I hand feed them to her one at a time. Some days she is a little spastic and will snatch the veggie from my hand and run into her pigloo. When she isn’t feeling social like that, she gets the whole plate to enjoy at her own pace.

Last night she spent a lot of time on Spudlet’s lap, then spent time on my computer desk. She seems to not care about the cats and Badger remains deathly afraid of her when face to face.


Kay has been harassing me to adopt a guinea pig (gpig, piggie, cavy) for months now. last night during one of her routine perusals of the various shelter web pages, she ran across a very cute and mangled gpig. Named Snickers, she had been at the Boulder Humane Society for several months and was four years old. in the world of gpigs, four years is more than half their life span (6 – 8 years tops depending on who you ask). people simply don’t adopt old animals, be it a cat, dog or rodent. while most of the shelters don’t euthanise as a general practice, some animals are eventually put down (the Boulder Human Society has an 85% or more adoption rate, they really do a great job). long story short, the odds of Snickers being adopted were slim to none.

Kay mailed Cavy Care Inc., a Denver based guinea pig rescue pleading that they take Snickers in if we adopted her and brought her to the rescue. they mailed and called early this morning saying that despite being full and ‘not taking in new gpigs’, they would make an exception and take Snickers. we were extremely happy given the circumstances and both of us will be making donations to Cavy Care this year for sure.

this morning, we decided to adopt her even though neither of us really have the habitat, nor the time we’d love to spend given our current assortment of animals and the fact we had already found a new home for her (meaning, she will get a lot of time and attention, especially more than the shelter or more new homes would give). we figured that one of our households was a far better option than a life at the shelter or possibly being put down, and it’s always rough adding to the burden of animal rescues. fortunately, spudlet had done a world of research on gpigs to help me get one at some point. with two cats, one a perpetual kitten, having any type of rodent here is probably not the best plan. i had figured it would be years before i could possibly adopt one.

we headed out toward Boulder this morning, stopping for gas and then lunch at Chic-fil-A at the Westminster mall. while there we stopped at the pet store to see what was on display. they had four chinchillas that were surprisingly well cared for (except the food), but in a cage too small for that many. they were all active and several were likely from a local breeder given the colors and probable pedigree. one employee took note of the food information spudlet passed on which was a nice change from the normal routine. we also stopped several times by the front display with a dozen rabbits and three gpigs because a young kid was there physically abusing the animals. he kept trying to pick the rabbits up by the end of the ears, kept hitting one of the gpigs to make him run away, etc. a couple scornful comments to the kid (in front of his dad, who didn’t care what his crotchfruit was doing) and a not-so-veiled threat of physical retaliation didn’t make him stop (as Daniel Tosh says, I will choke you if you are younger, smaller and preferably white). we got the attention of an employee, told him what the kid had been doing for the last half hour and watched as the employee immediately told him to leave the store w/o another word. it is truly nice to see a mall pet store hire several responsible and caring people.

we headed to Boulder to go adopt Snickers. once we arrived, we visited the gpig and immediately noticed that the adoption picture didn’t clearly show the true extent of the hair loss. Snickers was skittish to say the least and wouldn’t let us near. due to the hair loss and questionable background, we were a bit nervous to adopt her because neither of us were in a position to take care of a gpig that needed intensive care or special treatment. we took a lot of time going over her medical history with the shelter to see if they had any idea why she had no fur. all we really knew is that after four years; her original guardian relinquished her to the shelter, the original owner admitted she had never had vegetables and couldn’t continue to keep her, the shelter vet could not identify any health problems but continued to say she “looked unhealthy” and that everyone’s best guess is that she did not have proper nutrition for a long time. as a result, it is very unlikely she will ever regrow the missing hair.

when we said yes, we were adopting her, half of the staff in the front area instantly rejoiced. one called out loudly “snickers is going home!” and the lady from the small store ran out smiling, in complete disbelief. it was obvious that the staff was pretty sure no one would take the poor thing. during the next half hour we found out that the lady from the small store loved the various rodents, especially guinea pigs and had been personally taking care of Snickers while at the shelter. she also rescued any of the rodents that she could that were ever to the point of being put to sleep and was overjoyed that relatively sane people were interested in taking home an old gpig with a spotty history.

it is very rough taking in an animal that is sick or old. you do so knowing their life span is cut short and you do so knowing you may have to deal with their passing sooner than later. it is emotionally trying, but the world needs more people to do it since every shelter has their share of older animals who may never get adopted w/o some mercy and understanding.

once back to my place, she got her new cage setup and took up residence. even though the plan was to have her live at spudlet’s where she would have her own space, i insisted that she stay at my place for the first week since i work from home and could monitor her. when i go back on the road in a few weeks she will definitely move to spudlet’s where both she and gatzby can look after her. in reality, i’m emotionally four years old and a sap when it comes to animals. i do want a guinea pig, but my place isn’t the best environment with an over-zealous and playful cat here.

Snickers now has high quality pine bedding, high quality food, a plastic igloo (popular for rodents, called a ‘pigloo’ by gpig owners), a chube (chewable cardboard tube), a hard plastic forked tube, bowl with hay, water bottle, towel and food dish. she seems to like everything and i think the cage is busy enough for her to keep her happy. we locked the cats in the bedroom and hit the grocery store to buy an assortment of gpig approved vegetables (some are great for gpigs, some are incredibly poisonous) and began to feed her a little of each. she loves cucumbers and romain lettuce so far, but turned her nose at the radish. as we slowly introduce her to more vegetables and begin to establish the proper diet, we’ll learn what other vegies she digs.

at the end of the night, we each took a turn picking her up and cradling her to get her used to us and let Badger figure out what she was. he had been insanely curious and staring through the cage for a while, putting his paws in slowly and trying to figure out what kind of beast it was. while in my lap she made her first noises which seemed to be happy/social noises! during this, Badger sniffed her nose to nose at one point and then flopped over on his back, totally submitting to her.

she will sleep alone in the spare room with the door closed tonight, hopefully a long restful night after a traumatic day and what sounds like a more traumatic life. she can look forward to a life of care and free flowing vegetables, that is for sure.

2007 Black Hat / DEF CON

Tuesday, July 31st, 2007 – Black Hat – Day 1

Flight was uneventful. McCarran has a new car rental complex a ways from the airport. Leaving the complex dumps you directly on the strip, how convenient! I imagine someone on the tourism board is happy with themselves.

Rented from Hertz as usual. While I did receive a mostly free upgrade from compact to full-size with GPS thrown in, the car came with on-board warnings about tire and oil pressure. The GPS apparently saved a co-worker who had to ferry another 10 miles off strip, but it failed miserably in helping us find a real bank branch we needed (it likes to report any ATM as a bank location).

This year we stayed at the Platinum Hotel & Spa which had obscenely good prices considering the hotel. Finished in late 2006, the rooms are actually individually owned and rented out like time shares from what I understand. The larger regular rooms are 1200 square feet and have a full size fridge, three seat bar, washer/dryer, balcony with four seat table, king+ size bed, huge jacuzzi tub, large shower and more. The exercise room and pool were more than adequate and the complimentary valet parking a nice touch, even though I prefer having free self-park if given the choice. Since the hotel is off strip the bar doesn’t get much traffic which is a shame, as the bartender Christie is really cute and very personable.

The Black Hat speaker party was fairly empty but nice of the organizers.

Wednesday, August 1st, 2007 – Black Hat – Day 2

Wednesday was the first of the long days many of us come to expect from con. Despite being up at an early hour I still ended up missing (skipping) many talks. Seems like each year the talks get more bland, more repetitious or offered at DEF CON too.

I participated in Hacker Court again, this year focusing on the legality of border searches as pertains to electronics and digital material. As with previous years, we had a great lineup of professionals participating. Kevin Bankston (EFF lawyer), Jennifer Grannick (Executive Director, Center for Internet and Society), Richard Salgado (former DOJ lawyer), Jon Klein (forensics expert) and Jesse Kornblum (forensics expert) under the guidance of Carole Fennelly put on a mock trial that explores legal issues surrounding computers, security and the law that haven’t been tested in the courts. For those interested in computer law, this presentation is fascinating on many levels. While it can be long for a conference presentation (pushing a bit past two hours), it is interlaced with humor and popular media references to keep the crowd happy. Despite the experts and unique presentation, Black Hat keeps pushing us more and more out of the way each year. Last minute cuts on the time slot, last minute room changes, virtually no press/advertising even though it is often the only talk and always concurrent with free food and an open bar. People still don’t realize they can get the free food/booze, walk 25 feet and sit down to enjoy it in the presentation room. All said and done, it ends up being a long involved process for preparing and organizing for very few people watching.

That evening I visited the party put on by Cisco at Pure. Had a relaxed evening with good food, free booze and a chance to chat with some of the Cisco folks that I have business dealings with.

We missed the SPI Dynamics part at Tao unfortunately. While Spudlet and I wanted to check out the club and I wanted a chance to talk with SPI more regarding their product, they had invited some 300+ people to a party that could only accommodate 150 or so due to the space they had reserved. Sorry SPI, if I want to wait in line for a Vegas club, I can do that any night.

Following suit, the OWASP party at the Shadow Bar in Caesars was overbooked and had a long line. Given the small size of the bar, they really should have known to find more room. Perhaps we can joke about OWASP being vulnerable to an overflow situation. I regret missing this as I had wanted to discuss various aspects of OWASP as relates to OSVDB.

Fortunately, the VIM informal sit down went well. Folks from CVE, Secunia and OSVDB had a great discussion about issues pertaining to vulnerability databases. This was the first time we had met some guys from Secunia so it was nice getting their perspective as their database is commercial and offers a different perspective.

Thursday, August 2nd, 2007 – Black Hat – Day 3

Thursday started with a simple breakfast with Lyger and BK. I stole half his boiled egg off the chef salad he ordered and failed to finish. We headed back to the convention to listen to a turbo talk titled “Social Network Site Data Mining” by Stephen Patton (CISSP!). This talk should have been titled “Look ma, free entry into con!” as it was barely worthy of being called “remedial web surfing social sites“. The fact that this guy actually investigates anything is scary and I couldn’t even bring myself to point out all of the flaws in his talk after the first I brought up.

Rick, DK, Lyger and I had decided to grab lunch at Spago. Besides knowing it was an upscale restaurant by Wolfgang Puck, I had only heard it was snooty and joked about in the song Car Phone by Sheeler & Sheeler / Dr. Demento. The front of the restaurant opened up to the Forum Shops attached to Caesars Palace and before we hit the host I joked about not being pretty enough to sit out there. A minute later the host suggested we could get immediate seating in the back, implying we were either too ugly for the front or all of those tables magically had reservations ten minutes after they had opened. We laughed and sat at the back of the pretty social bus, three of us enjoying a shrimp po’boy sandwich, Lyger enjoying two Bud Lites (how else does he maintain his girlish figure?!)

Shortly after we returned to the convention and caught “Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing” by Jared DeMott (President, VDA Labs). His talk and new fuzzing tool were definitely interesting, but the slides with the background of Jesus carrying a cross (and no joke/explanation) were a bit weird. We headed to the next talk quietly reflecting our lord and savior (or joking about fuzzing jesus). Next up was “Unforgivable Vulnerabilities” by Steven Christey of CVE/MITRE. At the conclusion of his great talk I wondered if anyone else saw the hypocrisy of Litchfield/NGSS calling for VAAL, which is heavily dependent on publishing vulnerability information, which NGSS simply does not do. At the end, I also then questioned that if we called vulnerabilities in regular software “unforgivable”, what do we call vulnerabilities in security software? The best answer anyone came up with was “criminal” to which I agreed.

We spent a considerable amount of the afternoon talking with vendors, specifically Cenzic and SPI Dynamics, as many folks at work are no longer happy with Watchfire’s Appscan. Both tools have promise and we will be testing them the coming weeks. The fact that an extremely well respected web application hacker type works for one is re-assuring. Hopefully one of them works out.

Later that evening we hit Hooters Hotel for the Hooters restaurant and some hot wings, for the yearly OSVDB mangler dinner. Hot wings, booze and boobs, what a way to celebrate open source projects! Next up was the Microsoft party at Pure, this time on the terrace. While it does have a really swell view of the strip, it’s Las Vegas in the dead of summer and hot as hell. Miserably so. Worse when the music is still set to “club” loud, not “geek social” volumes. Still generous of Microsoft, just wish they would treat it a bit more like an informal Blue Hat.

Friday, August 3rd, 2007 – DEF CON – Day 1

First, the badges issued for DEF CON 15 are neat, but the guy who designed them didn’t really test them. after programming them to scroll custom text (including “osvdb”, “I ❤ Satan” and “ATM” depending on who was with me), just walking around caused the badges to get bumped and lose the programming. like previous years, they also ran out of badges within the first four hours of Friday (giving out some 6800 apparently?!)

First meal of the day, Pink Taco at the Hard Rock. Always exceptionally good food and neat atmosphere. This year we had a pitcher of margaritas with a high quality tequila that cost ~ 60 bucks. For a few bucks more it could have been Patron but I didn’t order. Amusing that a bottle of Patron is 700 bucks and another bottle goes for 1100+ (usually about 250 in stores). I know it’s Vegas, but that kind of markup is just stupid. spending money for the sake of showing off, nothing more.

Spent the afternoon walking around the convention, meeting and chatting with various folks new and old. as years before, the vendor area just screams ‘sell out’ with mostly ‘mainstream’ geek stuff and ridiculously overpriced retro/legacy hardware.

Seemingly competing with the Wall of Sheep, another group had a similar display on a different wall, but with logins to various HTTPS sites. one yelled out that they would show how it was done later that night, suggesting a pretty efficient MITM utility. slick stuff

Opting for a quick dinner before the nightly parties, we stopped by the restaurant at the Platinum hotel. Since it had a good lunch menu with conservative prices (for a Vegas hotel), we figured the dinner menu would be good. If so, we sure won’t know! If you are going to charge 40 – 50 dollars a plate, let me give you some advice. First, don’t drench my papers and electronics I set at the corner of the table in water. High class restaurants use wait staff that know to hold a cloth under the pitcher when pouring to avoid that. Second, if you are going to charge more than Roy’s or Nobu, you better have an exciting menu that moves beyond “steak” and you better come with reviews to back that price. After seeing the menu, we apologized and left.

Despite invites to the iDefense party at Body English and another party in a hotel suite by iSIGHT, it was a no brainer to head over to the Bellagio to join Dave Aitel and Immunity at Caramel. This small lounge is beatiful, well staffed and an ideal location to have a social gathering. While chatting, the staff came around with trays of finger foods that put some restaurants to shame. All in all, this was hands down the classiest and nicest get-together at either convention and reminds me why such parties were thrown to begin with.

Saturday, August 4th, 2007 – DEF CON – Day 2

Last day of the convention week for me, sounds more like an orgy of food (more so than previous days), but I assure you the gaps were nothing more than bad memory and little to note!

Began the day with Pink Taco again, this time with Rick and a lot of business talk. Next was a lunch (no, I didn’t eat) with thewronghands and Konstantinos to talk about all things abnormal.

More time passed and I met Steven Christey, Tornio, Jake, Sullo, str0ke and Lyger for a good discussion about vulnerability databases.

More time passed, some booze was consumed and I broke off for a private dinner at PF Changs. Some great discussion and humor to be had, most of us headed back to the Riviera to hang out at the 303 and Ninja parties, which were side by side. Each offered good music, booze and great people. Props to Caesar for the Ninja party and the various 303 thugs, especially Pyro, for their party. 2 or 3am rolled around and off we went, for some sleep before a day of travel.

Sunday, August 5th, 2007 – Travel Musings

Traveling via plane is getting progressively worse it seems. More delays, more crowds, more full flights, more canceled flights and little sign it is getting better. Spudlet and I decided to leave early to try to get out on stand-by. She had to work early Monday, I had to travel again most of the day. We check in about 1 minute apart, both head to the first flight. Neither of us make it on, shift to the second flight available. I manage to get on that and get told that she is “two or three” names down the list. After sitting down I watch eight people board the plane, but no Spudlet. I have since found out that your frequent flyer mileage total help dictate how fast you get a stand-by seat, not when you got on the list.

We push back from the gate, hit the runway and get notified of a one hour delay due to weather in DEN, even though Lyger had just taken off from DEN shortly before. the crew manages to serve most of the plane water, but not me.

After an hour on the runway, we head back to the gate after being notified of an additional 45 minute delay, are given that much time to grab snacks off the plane. Meanwhile, Spudlet was passed up not only for the plane I was on, but one more flight and then got a seat on the fourth flight available. Despite boarding her plane as we were returning to gate, she hadn’t caught wind of the delay until my text messages start rolling in. I get back on my plane just as the gate crew goes wild and stops anyone else from boarding. I quickly learn that my flight crew was ‘illegal’ (worked too many hours that day) and had to get a new crew. Once they were on board, they let the rest of the people back on the plane and we end up leaving the gate short eight people.

Right after leaving the gate my iPod locks up. I’m sitting next to an unhealthy big woman that forces me off one arm rest. i can’t see the movie since the screen dropped down right above my head. overall a pretty bad flight.

All said and done, i land one hour after Spudlet, one hour after my luggage and one hour before my original flight. so getting to the airport at 11:30a instead of 6:30p bought me one hour, and i still walked in the door after midnight.

I mention my luggage above because my suitcase obviously did not travel on the same flight I did. this is a sore point of contention for me, because I am fucking tired of United telling me i can not get on a stand-by list because “you checked your bag, it has to travel on the same flight you do“. I’ve been told that three separate times, all by United gate agents, all quoting some mythical bullshit ‘regulation’ that they selectively enforce. I still need to find out if that is a United or FAA regulation. if the latter, I’m definitely filing a complaint.

Con Summary

The Good:

  • Steve Christey w/ CVE/MITRE
  • The Hacker Court crew
  • Miles walked
  • 303/Ninja
  • Pigeons
  • Friends and coworkers

The Bad:

  • Overly crowded conventions and gatherings
  • Clubs and the desire to ‘be’, what people endure to ‘live the life’
  • Parties overlapping, forcing decisions
  • Hertz rental GPS and bank confusion
  • DEF CON badges resetting
  • Airlines