Perpetual Soapbox

Orion 0.4 Squirrel Edition Released

2011-07-23T10:06:00.000-07:00

The Orion Live CD is an Ubuntu-based environment for computer security analysts and incident responders to acquire and analyze data, track case information, and collaborate securely over SSH tunnels.

I started Orion as the last project for my Masters of Information Security Engineering degree with the SANS Technology Institute. The Orion project team is small right now (there are three of us), but we're always on the lookout for the right new members to add.

Please check out version 0.4 (AKA the “Squirrel Edition”) at the sourceforge site:

http://orionlivecd.sourceforge.net

SANS Community Albuquerque: Come learn current hacker techniques!

2011-04-01T06:11:00.000-07:00

I keep having this conversation with former students: "Hey John, remember that thing we talked about in class? It's just like what was in the news the other day!"

Exactly.

The SANS Hacker Techniques, Exploits, and Incident Handling class (SEC 504) has one goal: Teach defenders how attackers are breaking into systems and how to defend against those attacks.

I am pleased to announce that I will be teaching SEC 504 at SANS Community Albuquerque April 25-30. We'll cover the material written by the visionary Ed Skoudis and his co-authors. We'll also discuss current news and what's going on behind the scenes. And, we'll end the week with a rockin' cool Capture the Flag contest to test your new and existing skillz.

Come join me! I guarantee a fun and informative week. :-)

Lector, si monumentum requiris, circumspice

2011-01-09T12:15:00.000-08:00

When Christopher Wren died in 1723, this epitaph was inscribed on his tombstone at St. Paul's Cathedral in London: Reader, if you seek his memorial, look around you.

As one of the most noted English architects, and founder of the Royal Society, the monument to his memory was wrought by his own hands over many years before his mortal end.

It is telling that part of Wren's material legacy included the rebuilding of 50 churches and St. Paul's Cathedral after the Great Fire of London in 1666. From chaos, order. Now, just in case I have piqued the interest of freemasons and occultists -- I really mean this in the most literal sense: the destruction wrought by nature (or even not by nature) has always become an opportunity for creative minds to build something from the ashes.

This cycle of destruction and rebirth is the true human condition, but the detail we often forget is that we create the order and the chaos.

Every day, look around and ask what your monument will be.

You keep using that word...

2010-11-30T20:47:00.001-08:00

A few weeks ago I found myself at a vendor presentation by a well-known physical security vendor. I was looking forward to the discussion on "advanced video analytics" and other cutting edge developments. Unfortunately, this was a pure sales pitch... and the "advanced technology" was primarily focused on how this vendor could help scale the customers' security camera video storage by placing it on a "secure server in the cloud."

I was quiet up to this point in the presentation. But, I had to ask: "What do you mean by, a 'secure server' in the cloud?" The room got a little quieter. The sales guy, his pace interrupted, looked at me with complete sincerity and said: "I mean we secure it for you."

I didn't think he meant that he, himself, was hardening the OS and running assessments against it. Even so, with security cameras and alarms as their forte, I couldn't understand how it made sense for anyone at his company to provide such a service.

The morale of this story is: Question everything.

I would never trust my security camera video data to a company storing it in the cloud -- at least not until I had a chance to check it thoroughly (yes, myself). Believe me, I've recently checked other products thoroughly and found them -- let's just say -- not quite meeting expectations.

Orion Lucid 0.1 RELEASED!

2010-06-12T11:24:00.000-07:00

The Orion Incident Response LiveCD (okay, LiveDVD) has been released at:

http://sourceforge.net/projects/orionlivecd/

This is the first public release, and is based on Ubuntu Lucid Lynx. The original alpha version was based on BackTrack 4, but we decided to switch for a variety of reasons. Because of this, there are a few bugs that need working out.

To read the paper that goes with it, see:

http://bit.ly/cFWFSQ

--john

SANS Technical Institute Masters Graduation

2010-06-12T04:59:00.000-07:00

Last night I received my Master of Science in Information Security Engineering degree from the SANS Technology Institute (STI) at the SANSFIRE 2010 conference in Balitmore. I was also asked to give a speech. A few people have asked for a copy, so I am posting it here:

Good evening, and thank you for attending.

If I seem a bit nervous, it's because I don't normally read speeches -- I prefer "winging it." But I won't waste your time today with extemporaneous rambling. Besides, I have a few important things I want to say.

I especially want to thank the families and friends of the graduates who were able to make it today. My own family traveled from California, Texas, and New Mexico to be with us. I am very thankful that you could all be here today, and I deeply appreciate the support and sacrifices of my wife and two daughters over the last few years while I was working nights and weekends toward this goal. I know I share this sentiment with my fellow graduates.

Thank you also to the SANS Community. Without you, none of this would be possible. From the excellent instructors and gifted students to the SANS Forensics blog team and active SANS mailing lists, you continue to create the most productive and inquisitive organization of network security experts in the world.

The SANS Technical Institute leaders and staff also deserve a huge Thank You today. Stephen Northcutt, Alan Paller, Eric Cole, Johannes Ullrich, Ed Skoudis, and others have put forth a vision, and have applied all their formidable talents to turn it into a reality. STI, if you haven't heard, has achieved candidacy status -- an impressive accomplishment in such a short time. And Dean Debbie Svoboda, perhaps more than anyone else, deserves our appreciation -- as the rudder (and sometimes even the sails) to make this ship go.

I also want to congratulate my fellow graduates: John, Rob, Rodney, and Tim.
As graduates, our work on our masters degree programs is now complete. However, the real work has only just begun.

Recently I re-read my student outcome statement. In it I wrote I was inspired by the sci-fi/cyberpunk author William Gibson, who coined the term Cyberspace in the 1980's.
Gibson painted a fascinating, but dark, picture of the future where technology leads to black market cybernetic augmentation, pervasive surveillance, Console Cowboys controlling cyberspace, the blurring of government and mega-corporations, and blended military operations of electronic and conventional warfare.

Here is a passage:

"You're a console cowboy. The prototypes of the programs you use to crack industrial banks were developed for Screaming Fist. For the assault on the Kirensk computer nexus. Basic module was a Nightwing microlight, a pilot, a matrix deck, a jockey. We were running a virus called Mole. The Mole series was the first generation of real intrusion programs."

Now, just as in the real world, a lot of that sounds simultaneously scary and exciting. But, our goal, as leaders, should be to guide us to the brighter, rather than the darker, aspects of that future. As you know, cyberspace has already become the New Arms Race. As SANS graduates, instructors, and students... we each have a larger role to play. In Randy Marchany's recent blog posting ("Building Skynet -- The Beginning"), he states that we are the Builders in this arms race, but we are not the Controllers. We understand things, and think we have a handle on them, but we are not always making the decisions. Randy concludes with two "Ugly Secrets" that most of us here know very well: ONE) We know we are becoming a surveillance society, because we are helping to build it, and TWO) The Controllers trump the Builders. Some of these controllers are the management and government officials who might, say, turn things we build into weapons of mass destruction, BUT ... more insidiously ... sometimes we hand Control over to automation. You know this is true if you simply recall the last time you were told, with a shrug of resignation:

"I'm sorry, there is nothing I can do, it's the computer."

So, this is my challenge to you: While you are building -- build integrity and checks-and-balances into your creations. Make sure, to the best of your abilities, that you are not enabling the leverage for oppression or creating the surveillance state. And, be very, very careful about ceding the Controller position to automated software. We write the software, and we know it can make mistakes, because WE make mistakes. Bake this thinking in to what you do, who you know, and what you teach. You are leaders, and this is your... And my... Responsibility. This is the challenge I issue to you: the graduates of STI -- and the entire SANS community. And... I am heartened, as I look around the room, because I know we have the right people to do the job. It's not an easy job, but I am still inspired by the words of a certain dead president, that we do these things:

"not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win."

Thank you.

You ate... what?

2010-05-18T22:57:00.000-07:00

Tonight a friend and I shared a dessert that is positively the strangest one I've ever had. We went to Layang Layang, a Malaysian restaurant in Cupertino. Our food was excellent -- and exactly what I was craving.

But, the star of the meal was this dessert, the Ice Kacang (aka, "A.B.C."). I saw a picture in the menu and read a description before we ordered it. It didn't matter. I still wasn't prepared for the mountain of shaved ice mixed with a bizarre (yet, excellent) combination of ingredients. It arrived to at our table looking like an icy volcano drizzled with caramel. Digging into the center brought more surprises in the form of sweet corn kernels, palm seeds, and little green jelly cubes. Two of us could not finish it, but it had a fascinating array of flavors -- including some that our palettes had absolutely no reference for.

I'm definitely glad we decided to be adventurous. I recommend trying it if you find yourself in the Cupertino area.

Juicy, juicy mangoes!

2009-06-18T22:21:00.000-07:00

I used to like mangoes okay. They were good, but a little over-sweet and a little stringy.

It turns out... I really, really like mangoes. It's just that I hadn't had a very good one until this week.

My wife orders a box of organic produce every other week, and we got two slender, yellow mangoes. These are from Mexico, are organic (obviously), but I don't know the name. They are INCREDIBLE. Juicy, smooth-as-silk, and sweet with a little bit of limey tartness.

I just cut one up for lunches tomorrow, and I'm already obsessing over how to get more.

If you have any recommendations, please send them to me!

Recreating XML files from fragments

2009-06-18T19:29:00.000-07:00

I'm working on an interesting problem right now. Occasionally I acquire fragments of files that I would like to re-create as much as possible. Many of these are Microsoft Word 2007 files. MS Word 2007 uses an XML format, so it would seem possible to parse the file to detect tags that were ended, but don't have a matching opening (because the beginning was cut off).

I figured that I'm probably not the first one to think about this problem, so I went trolling the intertubes for ready-made solutions. Since perl is my glueware language of choice, I searched until I found the following handy snippet from prlmnks.org:

use XML::LibXML;
my $parser = XML::LibXML->new();
$parser->recover(1);
my $doc = $parser->parse_file($ARGV[0]);
print $doc->toString(1);

Very, very nice! Now I am part of the way there. Next, I took a pre-existing MS Word document of similar make and model, and prepended it. With a little manual massaging, I got the script above to parse it, and even pretty-print it (a nice bonus). Unfortunately, Microsoft Word still doesn't like the resultant "document."

I'm still working on this problem, but that's decent progress for an hour of work.

Ubiquity

2009-04-30T21:39:00.001-07:00

At first I was stunned at just how much I liked my iPod Touch. I just wanted a replacement for my 5th gen iPod, that stopped working when it mysteriously acquired a dent in its formerly pristine stainless steel back.

It didn't take long for it to turn into my most indispensible tool. Place to eat? UrbanSpoon. Reservation? OpenTable. And the list goes on: calculators, converters, levels, action games, puzzles, wikipedia apps, ebook readers, and even a way to read books from my Safari account.

If the kid is bored... a bit of Shrek. Long flight?A pithy podcast is the trick. Can't sleep? Ambient noise generator FTW!

In short, this little glass and steel box has become utterly indispensible.

This post, of course... composed, in bed, one thumb at a time.

Securing Our Medical Infrastucture

2009-03-28T19:14:00.000-07:00

On Friday, April 17th, InfraGard New Mexico is holding it's annual conference in Albuquerque, NM at the Hilton Garden Inn in Uptown.

The conference is titled: Securing Our Medical Infrastructure

At $175 ($125 for current InfraGard members), the all-day conference is steal!!

The speakers include Larry Pesce (from PaulDotCom), Bill Tydeman (computer crime investigator for Health and Human Services), and others.

Visit the conference site for more details on registration and sponsorship. Hope to see you there!!!

--john

Get ready for Conficker - No April Fools Day Joke

2009-03-25T19:14:00.000-07:00

Good news: The patch for this issue came out from Microsoft in October last year. If you had automatic updates enabled at that time, you were probably already not vulnerable.

Not so good news: I can confirm that it is set to become more active again on April 1st. On that day, if you are infected, you may notice your machine is very slow for the first six hours or so.

Worse news: Conficker is suspected to be building the largest "botnet" of computers to date. These computers are typically used to perform massive spam campaigns, launder money, host illegal or thieving web sites, or even take down computer systems of nation states (such as Estonia).

What you can do now:
1) Read the Wikipedia article on Conficker, which provides a lot of good information,
2) Download the BitDefender Conficker removal tool from http://bdtools.net/ and check/clean your computer.

Darn it, they got me doing Karaoke again!

2009-03-09T21:25:00.000-07:00

I met some incredibly talented folks at SANS 2009 this year. Ryan, Jason, Don, Zoher and I hung out with Ed Skoudis, Mike Poor, Larry Pesce, and others.

Ryan truly has an evil mind (this is a good thing, in our field), and I was impressed with Don's massive cahones for his efforts over at EthicalHacker.net (and also for owning a bar while owning a software company!).

One evening we spent some time chatting with Ed Skoudis after one of his talks at the local Sushi bar. I didn't have Sushi since I'd just eaten, but somehow (it must have been the mojito), Mike Poor convinced a few of us to join him on stage for a dead-on (umm, not) rendition of Bohemian Rhapsody. It was fun, but not to be attempted without some liquid courage (at least not with my singing voice).

By the way, Jason, thanks for posting the tamer pictures.

That'll Do, Donkey, That'll Do

2009-03-09T21:11:00.000-07:00

[Update 2009-03-13: Our team received notification yesterday that we Passed this project.]

I completed my Group Discussion and Written Project for my SANS Masters program while at SANS 2009 last week. I'm pretty sure the grade will be good, but I won't know for another week or so.

Seth Misenar and Tim Proffitt were my tiger teammates for an assignment that involved researching detective and preventive measures for Downadup/Conficker. We had 24 hours to do the work and present to the ficticious CIO (played by Stephen Northcutt) of GIAC Enterprises. Seth did an excellent job of presenting, but in the end we were "fired" by the CIO because we commented that he had gotten "too excited" about the possibility of his email being infected.

Later in the week we were asked to present again. It was suggested that we should rotate the role of presenter, so I volunteered. We presented a 2nd time on March 7th, and after we were done, Stephen Northcutt didn't say anything.

I got a little nervous at that point and asked, "Do you have any questions? Or any feedback?"

Stephen's response was a simple: "No."

After a little more prodding he added, "I don't even have any recommendations. You nailed it."

Ah.... sweet success. :-)

SANS 2009: MGT 525

2009-03-09T20:52:00.000-07:00

I'm just back from SANS 2009 in Orlando (#SANS2009). I took MGT525 -- yes, the project management class -- with Jeff Frisk. I signed up for the class because it is a required component of the degree I am working on. I had actually heard some negative things about the class, so I was dreading it just a little (sorry Jeff). But, I'm pleased to report that I found it incredibly useful. I have been running large projects (large information security projects) for awhile, but I haven't really ever had any formal PM training. We have a Project Management Office, and they provide guidelines and templates, and I know what a WBS and Gantt chart are for, but I didn't really know the "proper" way to go from one step to the next.

My eyes were opened when we worked through labs on taking the WBS and producing a precedence diagram to figure out the actual critical path -- including identifying what activities had how much float time.

Now project management seems much less like art and more like science. This makes me happy.

Thanks Jeff!

MD5 Considered Harmful Today or Don't Put Too Much Faith in PKI

2008-12-31T08:11:00.000-08:00

A group of 7 security researchers from the United States, Switzerland, and the Netherlands has released details of an exploitation ("MD5 considered harmful today") in the now well-known MD5 Hash Collision vulnerability that would allow a rogue web site to issue a rogue SSL certificate... as well as a rogue signing certificate that is trusted by a valid root Certificate Authority.

Putting that all into English (or at least non-geekspeak):

"Secure" web sites can be impersonated by evildoers, even with the cute little lock icon and a completely "valid" certificate as far as your browser is concerned. This web site could be your bank.

The paper discusses countermeasures, mostly aimed at Certificate Authorities (CAs) and browser vendors. One thing you can do is look at your certificate chain for critical sites to see if MD5 is used by the CA's signing certificate.

The Mozilla developers are already working on a patch for Firefox, et al.:
https://bugzilla.mozilla.org/show_bug.cgi?id=471539

--john

We cannot let this man be elected as President

2008-10-05T20:56:00.000-07:00

I am appalled. If John McCain has done even one tenth of the things listed in this Rolling Stone article, we cannot let him take the office of the Commander in Chief:

~~http://tinyurl.com/3oje6n~~

Update:
Scary. Someone actually went to the trouble of breaking the above URL. Here is the new one:
http://tinyurl.com/mcmaverick

Or, just google for "mccain maverick rolling stone".

strip=1 ftw

2008-09-14T13:15:00.000-07:00

I use lots of browser flame-retardant suit layers these days... NoScript, AdBlock, etc. I even tend to NoScript google.com by default. If you only go to "normal" web sites this might seem extreme, but if you are poking around the seedy back streets of the intertubes, you probably know what I mean.

Here is another good pair of tips for safer browsing:

1. Use the cache, Luke, and
2. Always use strip=1

You can use the google cache to search for your topic of interest, and the oracle will return some hits (e.g., "100th monkey"):

Hundredth Monkey Effect - Wikipedia, the free encyclopedia
The “Hundredth Monkey Effect” is a supposed phenomenon in which a learned behaviour spreads instantaneously from one group of monkeys to all related monkeys ...
en.wikipedia.org/wiki/Hundredth_Monkey - 32k - Cached - Similar pages - Note this
The 100th Monkey Studio
An open art studio using art therapy and creativity in Portland Oregon.
www.the100thmonkeystudio.com/ - 14k - Cached - Similar pages - Note this

Then, click on the "Cached" link to view the page from the Google servers -- and avoid nastiness that might be found and the listed web sites themselves.

However...

That little trick doesn't completely protect you. Don't believe me? Just start up your favorite network sniffer (tcpdump, wireshark, etc.). You will see, if the page has certain types of content -- such as images, they will still come from the original web site. Oops! You have been identified, and hopefully not served.

The way to avoid this is to Right Click on that "Cached" link, past it into a browser's URL bar and add "&strip=1" to the end of it, such as...

http://www.google.com/search?q=cache:en.wikipedia.org\
/wiki/Hundredth_Monkey+100th+monkey&strip=1

Now your sniffer will happily report that all information comes only from Google.

Happy browsing!

SANS Forensics Blog is up!

2008-08-28T07:18:00.000-07:00

Okay, you heard it here first!

SANS has created a new blog on digital forensics, and yours truly is the first poster.

SANS has chosen a team of about 25 contributors to provide the latest news, tips, and techniques on the topic of forensics. There are some great posts on the way, so enjoy!

PenTest at the Alamo!

2008-08-26T19:48:00.000-07:00

Last year I took my kids to San Antonio for some fall heat, killer whales, and our first visit to The Alamo. I eventually had to be dragged away from the Bowie knife collection (note to wives: it's a guy thing).

Now I'm ready to go back. Not because I need more time with whales or knives, but because SANS San Antonio (Nov 8-13), will be featuring the new SEC560 Network Penetration and Ethical Hacking class.

I have heard fantastic things about this new class. The courseware author, Ed Skoudis, apparently pulled out all the stops putting this one together. And, for Ed, that's really saying something.

The class is being taught by Jim Shewmaker. Shew is a great instructor, and it should be a rockin' fun time. Also on site will be Tanya Baccam (Oracle-security-guru-extraordinaire) and Jonathan Ham. I assisted Jonathan with the Google Hacking class in San Diego last year, and it was an excellent class... with attendees from the NSA to keep things extra interesting.

Think about it... when it's cold in November, you could be eating chips and salsa, drinking margaritas, and honing your pen testing skills-- what could be better than that!

Ah... finally an exploit framework I can sink my teeth into

2008-08-26T19:23:00.000-07:00

Call me a curmudgeon, but I just cannot make myself learn Ruby. I know I should, and I know this "on rails" stuff is really cool, but days are short and I still haven't invented that cloning machine. So, I was excited when I heard that Francisco Amato at InfoByte Security had released evilgrade -- with support for writing modules in perl. This is perl, I know this!.

Also cool is the IOS-like command line interface. I must admit I prefer bash or tcsh, but IOS is plenty familiar and easy to settle into.

Francisco has a very useful readme file posted as well as an impressive video demonstration.

Check it out. :-)

Teaching SEC401 at SANS Community Albuquerque 2008

2008-06-29T21:52:00.000-07:00

I will be teaching the SANS Security Essentials (Security 401) class at the University of New Mexico August 11-16. We'll be doing it bootcamp-style (yeah, baby!), so sign up if you want to work hard, play hard, and meet some other security geeks.

SANS Community Albuquerque 2008

Little Things like Butterfly Wings

2008-06-20T06:32:00.000-07:00

Little things count. They count a lot. In fact, attention to the little things... the details... and how they fit together makes it easy to bring the big picture to realization.

There are so many times that I have experienced large system failures because someone was too busy, too tired, too lazy, too rushed, too something to do the job correctly. The funny thing is... it is always more work to go back and fix what wasn't done right the first time than it would have to have done the job right the first time. Intuitively people seem to understand this, but why don't they DO it?

Recently I had a network meltdown because a developer on was building a network application. This happened behind a firewall, which is an interesting story for another time. Even though the network was "isolated" we experienced the meltdown because the developer glossed over some "little things" ... and so did I.

His mistake was deciding that on this isolated little test network, he didn't need to follow the recommendations in the RFC -- required by the test network switch he was using -- to re-send ARP packets to reset the aging table timeout. This had a fascinating effect on the test network that was only illuminated by watch the switch port traffic. For a short, initial period of time, the switch would dutifully forward packets from the port the test generator was plugged into to the port the receiving test system was connected to. Then, after the timeout occurred, and no new ARP packet was seen, the switch happily turned itself into a dumb hub... dutifully forwarding packets to every port with link (including the uplink to the switch where the firewall was located).

My mistake was believing that I had achieved isolation by routing a VLAN though a firewall and then back into the same switch as the production network. I convinced myself that I was concerned with stability, not clever attackers or malware... and therefore became complacent.

The engineer is fixing his problem (surely customers would not appreciate this test bench behavior). And I have learned my lesson as well.

The little things count -- just like butterfly wings.

--john

Helpful software or malware?

2008-03-23T15:09:00.000-07:00

One thing I often do when visiting relatives is fix their computers. They normally have various theories on what the problems are, but increasingly the issues are caused by "assistants" and "helpers" and "utilities" installed by hardware and software vendors on the systems of unsuspecting users.

A perfect example is TGCMD (tgshell.exe). This site has more details on this software: http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm
including this amusing (though sad) comment:
"Absolutely nightmarish software which eats up CPU, drives the hard disk hard, causes boot-up Kernel32 errors, generates illegal operations, invalid page faults and much more."

I will add that it caused my in-laws' PC to hang with a "Cannot find tgshell.exe" error and take a very long time to start up.

Sorry, but this is not only spyware (as mentioned at the link above), but -- since it is launching a continual, insidious DoS on the host computer -- in my opinion it's good, old-fashioned malware.

People who should know better

2008-01-07T09:36:00.000-08:00

/soapbox-on

People are worried about the wrong things. This gets my bile up sometimes because they have all kinds of crazy rationalizations for their misunderstanding of risk. For example, they might not want to fly or sky dive, but they get in a car all the time. They neglect to look left and right before crossing the street. They get complacent about all the little, important things their parents taught them when they were a kid. Instead they are wooed by the F.U.D. spread by mass media.

Fast-forward to the digital age. It's the same thing. It's not the little lock icon on the web site that makes you secure. It's your behavior. And, even worse is when the people who should know better, system administrators and system architects, build systems where the windows have bars, but the front door is left wide open.

And complacency is not only for the uninformed. Sometimes it's willful ignorance (or even flat-out stupidity) from people who should know better that creates the problems. If someone says, "Oh, it's SSL encrypted," you had better challenge them by asking, "SSLv2 or SSLv3? What is the cipher used? Are you sure it is sent to encrypt? Better yet, I'll sniff packets and check myself." This happens because the people who should know better don't do their jobs. And then (this is the best part), they defend their position vehemently. As in, "Well, SSLv2 is good enough. Do you think hackers really want this data?" Or, as I heard not long a go (I kid you not), "Who the heck would crack a non-priveleged account?"

Sigh. It's a tough world out there folks. If you should know better, act better.

/soapbox-on (still)

Trip to Chicago: Day 5

2006-05-31T19:09:00.000-07:00

Day 5: Union Railroad Museum
This cool railroad museum is only 15 minutes from my grandmother's house.
Even though it was stifling hot (and humid), we had fun riding on two different trains. At one point, our train (which was electric) had to stop because we lost about 400 volts on the line. This apparently happened because they were putting away some of the older trains. After a few minutes of waiting, we were able to start up again. Train travel must have require a measure of patience.

Trip to Chicago: Day 4

2006-05-31T18:55:00.000-07:00

Day 4: Fishing at Busha's house
It was a rather pleasant day, and the girls and I fished for quite awhile -- a pretty strange thing for all of us. The water was clear and we could cast right in front of the fish. We caught two bass and a bluegill before everyone, including the fish, became bored. Mica demonstrated some excellent casting skills... better than mine.

Dinner at Frontera Grill

2006-05-30T16:23:00.000-07:00

Carly grimaces for the camera at Frontera Grill. I decided to pass on the huitlecoche. Someday I *will* try this corn fungus, but today it sounded too plain -- especially next to the other platas poqueños.

We did see Rick Bayless. He was working behind the bar, and Karen noticed. Later he came to talk to a couple at the table next to us. Apparently they had moved from Chicago to Atlanta and wanted to come back to see how Frontera was doing. They gushed for several minutes, but that must've been the highlight of their meal, because they frowned a lot after that.

I had a few small plates: Gorditas (teeny, tiny tacos) filled with duck carnitas and garnished with some seriously hot sauce. The sopes (tiny masa tarts) I ordered were also delicious. They were contained an assortment of fillings, including chicken in mole rojo and guacamole. Mica ordered some really good peach ice cream for dessert. It came with cajeta (goat milk caramel), which was pretty good but a little heavy on the cinnamon.

Soap Box: Greedy Music Moguls

2006-05-25T21:43:00.000-07:00

I think the artists are awesome. I think they are creative, work really hard, and often want to make the world a better place. The music labels and the RIAA, on the other hand, boil my blood.

I was looking at some statistics on how much was being made for them via iTunes, and how much they felt they should be making from music sales overall. Their reaction: Waaah! People aren't generating enough revenue in music sales for us. My reaction: Egads! These jerks should feel lucky that they are making as much as they are. They point out that 99 cent downloads don't earn as much for them as a $15 CD does. Ummm... Duh! That is exactly why people are buying those downloads. I always hated buying a CD full of songs I didn't care about just to get the two or three that I wanted. I think most people feel this way -- at least about a portion of the artists whose music they like.

I think these music execs need to crawl on hands-and-knees over to Steve Jobs and thank him profusely. While they are at it, they should send a little gratitude my way. I'm sick of listening to them disparage us all for not buying more overpriced music we didn't want anyway. :-p

Vacation to Chicago: Day 2

2006-05-25T21:13:00.000-07:00

Day 2: Denver to Lincoln
On the second day of our trip, we stopped at a visitors' center in Nebraska and asked for recommendations of things to see. Karen was hoping for something like the world's biggest ball of twine. What the nice old lady at the visitors' center recommended was almost as good: The Great Platt River Road Archway Monument was equal parts Disney, American cheese, and pioneer pride. There was a, as Carly put it, "ginormous" bison statue; an outdoor maze; an escalator leading up into the interactive tour with a wagon train projected on the screen around you as you "entered" the pioneer life; and a procession of exhibit areas that led up through the Pony Express, to the railroads, to the Eisenhower highway project. Random factoid #1: Eisenhower was so impressed by the autobahn during the war that he came back to adopt the idea in the States. All of this in a wood, stone, and acid-treated stainless steel monumount stretching over I-80 in Kearny, Nebraska. Oh, and we can't forget Random factoid #2: The hapless Albert Schmidt (Jack Nicholson) in About Schmidt visited the monument on his post-retirement trip from Omaha to Denver.
Now this, ladies and gentlemen, is the very definition of American Heartland!

Vacation to Chicago: Day 1

2006-05-25T20:02:00.000-07:00

Day One: Albuquerque to Denver
On the way to Denver, we decided, impromptu, to stop at the US Olympic Center in Colorado Springs. It had been about 22 years since I had been there for a Junior Olympics Judo tournament. Things had really changed... a lot. We took a great little tour, saw the synchronized swimmers practicing, and heard about a rising shotgun star (I'm sad to say that I heretofore had no idea shotgun was an Olympic sport). Everyone really enjoyed this little excursion, and we had dinner afterward in downtown Colorado Springs at Old Chicago. That seemed like an appropriate way to start off our trip to Chi Town!

Mother's/Father's Day Preformance

2006-05-17T15:57:00.000-07:00

Mica's class prepared for their "Mother's/Father's Day Performance" for several weeks. All of the children read inspirational poems (deep for 2nd grade), sang songs and read dedications to their parents. Mica read clearly and loudly (good projection skills!) and had a great smile on her face. I took the first picture before they started. I told her it might be the last clear one I got of her.

Carly and Hannah were wearing the exact same dress, so I had to take a picture. They are both hams, can you tell?

Woot! First Blog Entry

2006-05-08T14:50:00.000-07:00

Woot! My first blog posting! Except... does anyone really care? I am not really a big fan of weblogs. However, I have come to realize three things that became the impetus for the creating of this blog:

Venting on a blog, like talking to yourself, can be therapeutic,
Most web logs are more intersting to look at than free web-hosting template home pages,
If I post an idea here first, and then someone patents it... I can claim prior work! Right?