June 11th 2015

Montrose Music Festival, 23rd May 2015

music festival

During the music festival, Montrose High Street is closed off to cars. This year, in addition to the main stage, there was also a market street area, serving food and drinks (crepes, cocktails, hog roasts, sushi, noodles, coffee, bubble tea…I could go on). You should know that I made a beeline for a Nutella Crepe!

On to the bands and performers I saw. Here goes…

  • Around 7- a Forfar-based rock band- did a cracking AC/DC cover! Witnessed an old lady head-banging in her chair during the performance.
  • Red Pine Timber Co- country-sounding rock and roll band from Perth. They reminded me of Bruce Springsteen and the E-Street Band during The Rising era. Need to see them again.
  • Cheryl Brown- only caught the end of her set (because I required some coffee). Great voice.
  • If All Else Fails- they weren’t performing this time. They were presenting a cheque to Crohn’s and Colitis UK- through their fundraising efforts, they have raised £1600 from sales of the single released about Lewis. Buy it now!
  • Jenna Morrow- dressed as Elsa from Frozen and performed Let It Go. She did a great job and a small child tried to rush the stage to see her which was pretty entertaining.
  • The Holy Ghosts- you’ve probably heard me rave about these guys. I’ve seen them at the last 2 music festivals (supporting both Toploader and Status Quo) and I think they’re brilliant. Proper rock and roll.

I rounded off my day at the festival by heading down to Busby’s with some friends to see the Buffalo Soldiers perform. We first saw them back in 2012 at Sharky’s. That was quite a gig- the combination of the hot summer evening, funky reggae music and the sight of people enjoying themselves (there were a number of old men climbing on tables and dancing) made it a great night. Busby’s was more of the same. Reggae music just screams sunshine. This time we saw the entire 2 hour set and danced around in the packed venue. Great atmosphere and I’m hoping to catch these guys again sometime soon.

June 11th 2015

Ash, Montrose Music Festival, Town Hall, 22nd May 2015

ash

When it’s May in Montrose, Angus, it means it’s time for the annual music festival. There’s traditionally a headline act on the Friday evening and this time, the gig was performed by Ash. Here’s my quick review of the show.

If All Else Fails
If All Else Fails are a Montrose-based metal group who released their first album Introspective last year. The band have faced a tough time of late- last September, their bassist Lewis was rushed into hospital owing to complications from Crohn’s Disease and ended up fighting for his life on multiple occasions (see this article by the Review). This gig marked the band’s return to the stage.

The band did a fantastic job in getting the crowd going ahead of the main act with their fast-paced metal tunes. They performed their charity single “For You, Brother”- all proceeds from sales of the single go to Crohn’s and Colitis UK. If you want to support the cause, you can buy the song on iTunes (it’s only 99p!).

The Amorettes
Next up was the second support act, The Amorettes, an all female rock band. I’d heard good things about them and had recently bought their Game On album. Again, I thought they were great- more like classic rock and roll!

Ash
The main act! Admittedly, I only knew a few of Ash’s songs before I went to the gig- that didn’t stop me enjoying it though! They performed a number of songs from their new album, Kablammo! which features the classic Ash sound. Of course, old classics that we know and love were performed too- Burn Baby Burn, Girl from Mars, etc. I particularly enjoyed Return Of White Rabbit- it had a very funky vibe. Bonus points for the cover of Teenage Kicks!

I think Ash performed for around 2 hours (finishing around 11.25pm) and it was a storming set. The band looked like they were really enjoying themselves too :) Would love to see them again!

May 20th 2015

Using multiple Firefox profiles on OS X

If you’re developing Firefox extensions, it may be useful to have multiple profiles: one for every day use containing the extensions/setting you use regularly, and another as a development environment. Separate profiles ensure that if you accidentally break something during development, your usual browser environment will remain the same. I’ve found this to be particularly useful so thought I’d write a post about it. Before I get started, I should point out this post is geared towards OS X users.

First of all, you will need to access Firefox’s profile manager tool. To do this, type the following into the Terminal-

/Applications/Firefox.app/Contents/MacOS/firefox-bin --profilemanager

This will cause the Profile Manager window to appear. If you’re already a Firefox user, your default profile should appear. Click on the Create Profile button to make a new profile. Give it a name (remember this name) and choose the folder in which you wish to store your profile information. For the purpose of this post we’ll call our profile “devProfile”. That’s all there is to creating a new profile however, if you wish to use it as a development environment, you must launch it with Firefox. The next part of this tutorial will show you how to create a second instance of Firefox for your development profile.

Open the Script Editor app. On Yosemite, this can be found in Applications > Utilities > Script Editor. Type in the following-

do shell script "/Applications/Firefox.app/Contents/MacOS/firefox-bin -P devProfile"

When typing in the script, watch the quote- ensure they are regular double quotes, rather than smart quotes. Save the file as an Application. Now we need to Info.plist file. This can be found by right-clicking on the Application you just saved > Show Package Contents > Contents. Find these 2 lines-

<key>LSRequiresCarbon</key>
<true></true>

Under the true tag, add the following 2 lines-

<key>LSUIElement</key>
<string>1</string>

LSUIElement is a Launch Key in OS X. Launch keys help to launch apps and figure out which apps should open certain document types. According to Apple’s Documentation, LSUIElement Specifies whether the app is an agent app, that is, an app that should not appear in the Dock or Force Quit window.

That’s really all there is to it. You can change the icon on the new Launcher Application you have just created (or leave it as the default script icon, but that’s a bit boring). When clicked, the Application will cause another Firefox icon to appear in the Dock. This instance of Firefox will launch with the development profile you created.

Of course, an alternative way of launching a new instance of Firefox with a development profile is to use the Automator app.

May 19th 2015

Wicked, His Majesty’s Theatre, Aberdeen, 11th May 2015

wicked

Wicked. I finally got to see it! I had purchased tickets (5th row) all the way back in November 2013 and it had been a LONG wait.

For those of you who aren’t familiar with the musical, here’s a bit of background. The show is based on the novel “Wicked: The Life and Times of the Wicked Witch of the West” written by Gregory Maguire in 1995. The novel is the first of a 4 part series, and aims to offer an alternative side to the story told in L. Frank Baum’s “The Wonderful Wizard of Oz”, and the subsequent 1939 film adaptation.

I’m a huge fan of the Wizard of Oz story- I had an abridged version of the story in magazine form when I was a toddler and when I was a little older, I got to see the film. Personally, I didn’t enjoy Maguire’s book. Whilst I thought it was an excellent concept for a story, it wasn’t well executed. The first section showed a lot of promise by introducing Elphaba in all her verdigris glory, who would later become the Wicked Witch of the West. The book then skipped a number of years to her time at Shiz University where Elphaba meets Galinda. From there on in, the book becomes a meandering, dark, mess (and it’s definitely not for children!). I finished it, but it was extremely disappointing.

So how did the musical compare? It was AMAZING! The storyline changed significantly, cutting out the rubbish from the book. I’m not going to post spoilers here but the play provides a more satisfying story that wraps the characters up nicely, with plenty of references to the Wizard of Oz.

In Aberdeen, I saw Jacqueline Hughes in the role of Elphaba and Emily Tierney as Galinda (with a “gah”). The pair of them had amazing voices, as did the supporting cast. Many of the songs have been made “populer….lar” by Glee- For Good and the aforementioned Popular. Of course, the biggest song from the musical is “Defying Gravity” and it was fantastic to hear that live.

The costumes were great and in particular, I liked that the residents of Emerald City wore green glasses. This was the case in L. Frank Baum’s book and matched the illustrated version I had as a child. The entire stage set-up looked rather steampunk and featured The Clock of the Time Dragon- the picture in this post. I’m not going to explain that (spoilers).

Wicked was well worth the wait and I enjoyed it so much that I’m seeing it next week too- I’ve snagged front row matinee seats!

EDIT- Saw this for the second time on the 28th May 2015. Again, Jacqueline Hughes was an amazing Elphaba! This time around, Carina Gillespie was playing Galinda (Glinda), rather than playing Nessarose. It was a nice change and she did a fab job. Not sure sitting in the front row was just a great idea…the monkeys scare me.

March 29th 2015

Securi-Tay IV Conference, 27th February 2015, Dundee

Back in February, I attended the Securi-tay IV infosec conference, run by the students from Abertay’s Ethical Hacking Society. It included fantastic talks, great networking opportunities, and a chance to catch up with people I hadn’t seen for a while. A good day all round. The students deserve a huge well done for arranging and managing the event.

I thought I’d give a brief overview of the talks I attended on the day.

The Five Stages of Security Grief by Gavin Millard (Tenable)
This talk was based on the Kϋbler-Ross model of grief (denial, anger, bargaining, depression and acceptance) and how it applies to the world of computer security. Due to security issues, companies will spend $76.9 billion on the topic in 2015 alone. It was mentioned that education is the key to moving on from denial- this was an interesting point as my research is currently focussed around educating users about security issues.

 

Virtual Terminals and POS Security; How I Had the Chance to Become a Billionaire by Dr Greg Fragkos
This was perhaps one of my favourite talks at the conference and a lot of people were talking about it afterwards! The talk essentially explained just how easy it could be to abuse POS terminals. Obviously, much of the vital information was redacted from the talk (such as specific keypress combinations needed) but the theory alone was terrifying!

 

Robbing Banks and Other Fun Tales by Freaky Clown
An interesting talk on how to use penetration testing techniques and social engineering to get into buildings. He made it sound so simple and I’m amazed at the places he managed to get into without being questioned. Great talk!

 

We Don’t Take Kindly to Your Types Around Here by Graham Sutherland
The software developer in me had been looking forward to this talk. Serialization is a concept that I’ve been discussing in one of my classes this semester and, this talk covered some of the security issues involved when serializing/deserializing objects in languages such as PHP, C# and Java. The talk has made we want to write a few test programs to see if I can replicate some of the flaws in Java.

 

Guest to Root- How to Hack Your Own Career Path and Stand Out by Javvad Malik
I’d heard of Javvad via Twitter and knew he had published many infosec videos, so I was looking forward to his talk. He focussed on how to get noticed in the security industry, and how to prevent yourself from just blending in as just another “faceless” employee. A very engaging talk.

 

Social Security by Dr Jessica Barker
Jessica’s talk sounded like one which might fit in with my research- I was right! The talk concentrated on various aspects of infosec, leaning towards the sociological/psychological side. It largely confirmed what I’ve concluded from my work- the biggest security flaw nowadays is humans! Many people simply suggest that users are stupid, which is a form of victim blaming. Instead, it depends on how you teach the user about security- if you make a user feel stupid during this process, they will shut down. Users must be encouraged to see why the topic of security matters to them.

 

Abusing Blu-ray Players- Stephen Tomkinson (NCC Group)
This talk considered a security issue I hadn’t really thought about: how to circumvent the sandboxed system of a device like a blu-ray player. Stephen demonstrated a number of ways in which he bypassed the security measures the player had implemented, so an attack could begin. If you want to read a little bit more on the subject, Security Week wrote an article about the research- http://www.securityweek.com/attackers-can-use-blu-ray-discs-breach-networks-researcher.

 

If these talks sound interesting, a selection of them were filmed and will be available to watch on YouTube shortly. They will be available from https://www.youtube.com/user/AbertayHackers