The Uncertain Future of Necco Wafers and the Logical Response

Recently, the Necco wafer factory abruptly shut down after the company sold it to an “unknown buyer”.

The footer to that image reads: “Necco, the oldest candy company in the country, abruptly shut down its Revere, Mass. factory on July 26, and left about 230 workers jobless. (Reuters)”

Yes, the oldest candy company in the country! This is history right here. We must preserve and honor it, do everything we can to preserve it, even if a tiny majority of Americans enjoy Necco wafers (like me)! I’m not the only one… Newsweek reports, “Fans stock up as America’s Oldest Candy Company Faces Closure”.

I caught wind of this several months ago, and as a fan of Necco wafers, I was obviously worried. So I did what any red-blooded, patriotic, Type-1 diabetic American would do… I bought some.

I bought 154 rolls of Necco wafers, including the rare Sour ones that are doubly delicious.

That is 33,850 calories of Necco wafers.

That is 8,624 carbohydrates (sugar) of Necco wafers.

And my insurance provider tried to tell me and my doctor that I didn’t need insulin as a Type-1 diabetic. CHALLENGE ACCEPTED.

Advertisements

Jericho in Vegas Next Week… (for real)

Hi!

Given my occasional good-natured trolling on Twitter, and since many have asked me the last few weeks, I want to set the record straight. I will be in Las Vegas next week, for real. I arrive tomorrow evening and leave the following Sunday. This is the first time at BH/DC in several years for me.

Between Monday and Wednesday I will be doing the corporate thing around Mandalay and adjacent to the Black Hat event. I am not actually attending the conference, thus ‘adjacent’. Each day already has several meetings lined up so I won’t be readily available for parts of the day. When not in a meeting, happy to meet up with anyone looking to better understand the nuances of the vulnerability intelligence landscape. On Tuesday evening I will be at the Guidepoint Party at the Aureole in Mandalay Bay for several hours. Wednesday night I hope to crash the BSidesLV pool party and enjoy the cool 94 degree temperatures Vegas has to offer at night.

Between Thursday and Sunday I will be doing the hallway thing at DEF CON primarily. On Thursday at 3:30p I will be on the DC101 panel, apparently because I am old, to dish out horror stories about our industry to those attending. On Friday and Saturday I will no doubt be around Skytalks on and off to harass and support that track. Otherwise, you can likely find me roaming around Caesar’s and Flamingo checking out villages and side events.

I have a Twitter client on my phone but it doesn’t have any alerts, so that won’t be a reliable way to reach me. I hope to check Twitter every so often but my lizard brain isn’t wired to check that really. If I do camp down at a spot in a hallway or bar I hope to remember to Tweet my location in case anyone wants to discuss wildlife rehabilitation or vulnerability databases or anything else interesting really. As for spotting me, I will be one of ~ 100 wearing the DC26 Attrition badge, and a T-shirt that has an animal on it. As many have said, I too am really bad at remembering names while fairly good at remembering faces. Worse, when I do remember trying to figure out if you prefer to go by real name or handle at what events. Please don’t be offended and please re-introduce yourself! It may take me a minute to remember our history, my brain is a tad broken these days.

Finally, this will be my last year attending DEF CON. I attended DEF CON 2 back in 1994 at the Sahara, so this will be my 25th anniversary. I see a lot of value in DEF CON and continue to volunteer reviewing talks on the CFP panel to help shape the conference and try to make the content the best possible. Next year I will stay on with CFP in a more limited role, but still offer my input for certain types of talks. That said, as many say before and after ‘hacker summer camp’, the week is emotionally and physically draining, and many of us often come back with ‘con flu’ or some other kind of crud. The last time I attended, I went a full week not seeing some friends that were in Las Vegas, because the meta-convention is just so big and spread out. I hope that doesn’t happen this year, but it is one discouraging aspect of a week in Vegas.

While DEF CON doesn’t work so well for me personally, I see a lot of potential in it especially with the huge rise of villages. More and more that I talk to say that the villages are the first part of the conference that attracts them, more so than the main lineup of talks. Villages are an evolved modern evolution of old “birds of a feather” sessions at conferences back in the day, before ‘hallway con’ was a thing even. A group of people that share a particular interest and want to focus on a given topic have the ability to do it. Even better, often times that comes with elaborate and painstakingly designed networks and challenges to test your skills and learn more. In addition to villages are the side events for runners, shooters, coffee-drinkers, and more. I encourage everyone, especially newcomers, to embrace these side events and villages. DEF CON will be what you make of it, and there is more opportunity now than ever before to make the best of it.

DC26 Attrition Badge Round-up

This is the first DEF CON I am attending after a long break. For kicks I decided to make up a run of DC26 Attrition badges like prior years and conferences. Depending on who you ask, the badge is a decoration only, or it gets you into fabulous parties and amazing events. Anyone with a badge is encouraged to embellish.

Since the July 5 announcement of the badge, I increasingly focused on using them to raise money for charity. That, in turn, prompted several people to ask for details of the badges and the money raised. This blog will hopefully answer those questions and maybe inspire others to help out when they can. If you aren’t interested in the quick story, scroll down to the inspiration section please.

First, a link-heavy summary. On July 7, I did the first charity challenge looking to raise money for the ACLU, GLBT Community Center of Colorado (The Center), and Planned Parenthood. I also started giving out a a handful of personal challenges to random people expressing interest in a badge with fun results.

On July 10, I did a second charity drive bigger than the first. I also offered one badge up as part of an art challenge for the best original art featuring Lazlo. Deathjaw17 won that with this epic piece:

In addition to the art, I did a few other trades including for this slick challenge coin as well as a few other DC26 badges. At this point some of the winners of badges started posting pics, including with chickens, with epic beasts, and with bubbly! The Lazlo badge also got a tour of Philly and a sweet visit to the CompSci building in War Games. One badge went out and lead to a fun picture and backstory of a ‘dojo squirrel’. During this process, I got an unexpected care package from Kentaro, that he sent before I sent him a badge, and @Otterannihilation received a badge and sent back an amazing gift as a thanks. Meanwhile, pictures of badges kept coming:

    Inspiration and the Opposite

By this point, after two big charity drives, and several subsequent one-off drives, it was clear to me that raising money for charities was a great option. Badges were in demand and a lot of great people were willing to throw in money to help great causes. This also led to some other great opportunities that aren’t donations to charity, but amazing ways to help out. The level of inspiration and good-will in our industry is always refreshing, one of the few things that keep some of us from losing all hope. More on that later.

The opposite of inspiration came in two forms. First, while the badges w/ lanyards cost $298.60, but the postage to mail them out to x people cost $448.12, meaning the entire effort cost $746.72. This was due to the lanyards, which meant the badge couldn’t go as an envelope; they had to go as a package. Each envelope cost $3.50 domestic, $10 Canadian, and between $13.75 and $14.25 to mail international. This resulted in one fun trip to the post office that took around 30 minutes and produced a generous receipt.

The second came in the form of being questioned and challenged about my badges repeatedly, and being accused ofstrongly [reinforcing] exclusive cliques within infosec“. After assuring someone this was not “a dark stunt satirizing infosec exclusionism and signaling“, giving information on the charity contributions at the time, and reminding everyone that “the charity-driven badges are open to *anyone*. i have sent badges last week, and will send some this week, to people I don’t know and have had little to no interaction with“, I still faced questions about if I was reinforcing the exclusive cliques in infosec. I’ll say this definitively; I am not reinforcing cliques at all. This is trivial to see if you remember the definition of a ‘clique’, and consider that I don’t know half the people getting a badge other than a brief Twitter interaction.

OK, back to the inspiration. At the suggestion of Noah, with his input, two badges were given out to people who volunteered to provide InfoSec training for free. First, Jim Manico volunteered to give one of his well-known and appreciated AppSec classes in December on his birthday, for free, with the focus of recruiting women, LGBQT, and/or PoC for the class. Additionally, Bones volunteered to give design and give an infrastructure/cloud security pentesting course. I also suckered her into slipping in a not-so-subtle requirement.

An even bigger inspiration, and one that shocked me, was the community stepping up to donate to charity for a badge. Once I saw the generosity, I ran with it and focused on using a majority of the badges to continue raising money for charities I support, and ones that the donors support. The charities that received donations in return for badges included the ACLU, Cavy Care, Center for Genocide Research and Education, Colorado Animal Rescue, Electronic Frontier Foundation, Greenwood Wildlife Rehabilitation Center, Hawaiian Humane Society, Kids in Need Foundation, Planned Parenthood, Retriever Rescue of Colorado, SaveABunny, Special Operations Warrior Foundation, Sprout Therapeutic Riding and Education Center, The Wild Animal Sanctuary, and Women in Security and Privacy (WISP). A total of 69 donations from 67 heroes between 2018-07-06 and 2018-07-28, raised a total of $8453.47. I’m still happily shocked at this outcome.

I also want to thank Heidi for chatting and educating me about Women in Security and Privacy (WISP) and their initiative to help more women get to DEF CON. Over a week of chatting, it started out as “this is my first DEF CON and it is rough financially” to her being one of the recipients of the WISP grants. Even better, one of the people that donated and won a badge said to give it to someone else. I suggested Heidi and they said that was a good choice! So on top of getting help to DEF CON, she got a badge, and I threw in some stickers to round out the fun.

Finally… are you sad you didn’t get a badge? Depressed that you didn’t get a chance to donate to charity to win one? Fortunately for you, there is one last chance! Jives reached out and we’re partnering for a big charity auction, with a couple days left! You can bid to win a DerbyCon ticket, a DC26 Attrition badge, and a custom box of shit! Bid now, bid often, win this sucker