Profile

Cover photo
Chris Horsley
Works at CSIRT Foundry
177 followers|40,960 views
AboutPostsPhotosVideos

Stream

Chris Horsley

Shared publicly  - 
 
I've been keen on getting a standing desk for sometime now. I stumbled on the instructions in the below blog during the week, went out today and bought the parts from Ikea (actually $30 in Australian dollars).

Ten minutes with a philips head screwdriver later, one standing desk! Considering it's made of a coffee table and shelf bolted together, it looks surprisingly harmonious.

Of course, a height-adjustable standing desk is the best solution so you can easily alternate between sitting and standing, but they seem to start at about $800 locally. For $30 / $22, definitely a great entry-level model to experiment with!

 http://iamnotaprogrammer.com/Ikea-Standing-desk-for-22-dollars.html
2
Kieu Minh Thang's profile photoJustin Knotzke's profile photoChris Horsley's profile photoTony Irvine's profile photo
5 comments
 
I ended up getting one from Clark Rubber here in Australia. They seem to sell them at Officeworks too.
Add a comment...

Chris Horsley

Shared publicly  - 
 
This week's blog post - how we overuse map visualisations in infosec.

http://csirtfoundry.com/blog/tools/map-ip-visualisations/
1
Add a comment...

Chris Horsley

Shared publicly  - 
 
I'm extremely impressed with Stanford's online machine learning class. It really doesn't feel like you're missing a lot from a traditional uni course (other than some drinking, and you can always do that by yourself). Lectures are recorded as videos, so you can rewind / fast forward as the occasion demands it. Sensibly, they're broken in 5-13 minute blocks, which is perfect to consolidate a single idea before moving on. The homework assignments are automatically graded, and they're marked incrementally, so you can make sure you have each concept nailed before moving on. Discussion forums let the students discuss the more difficult concepts.

If courses of this quality gain legitimacy as recognised qualifications, perhaps we'll start to see adverse effects on other universities. World-leading institutions will offer affordable (free?), high quality courses, which local unis won't be able to compete with.

The one thing that's lacking right now is that you can't say you "went to Stanford" after doing this course, but perhaps this will change one day. Just getting into an Ivy League school is something of an achievement in itself, whereas the online machine learning course is open to all. While you might get the same knowledge, you lose the exclusivity. I'm fascinated to see what higher education will look like in ten years.
1
Chris Horsley's profile photoTony Irvine's profile photo
6 comments
 
+Wes Young Sounds like it - I'm sure we must have some similar ideas in mind :) It turns out I've tried to (badly) reinvent a lot of the techniques in the course to solve other problems, but naturally discovering a lot of dead ends along the way. Let me know when I can hear how you're going to use it in SES v3!
Add a comment...

Chris Horsley

Shared publicly  - 
 
http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html

Fuzzing at scale indeed: "You run an algorithm to generate a minimal set of sample files that achieves the code coverage of the full set (of file samples)....we cranked through 20 terabytes of SWF file downloads followed by 1 week of run time on 2,000 CPU cores to calculate the minimal set of about 20,000 files."
1
David Conran's profile photoTony Irvine's profile photo
2 comments
 
Mine no longer does after working there 
Add a comment...

Chris Horsley

Shared publicly  - 
 
Released v0.2 of my Python library for a simple bulk WHOIS interface to Shadowserver's and Cymru's services. Feedback appreciated!

https://github.com/csirtfoundry/BulkWhois
1
Add a comment...
Have him in circles
177 people
Rob Floodeen's profile photo
Daniel McNamara's profile photo
Gary Ow's profile photo
Keishi Kubo's profile photo

Chris Horsley

Shared publicly  - 
 
 
how i innovate

while i'm no rich genius, i wanted to discuss how i try and innovate, or at least try and anticipate the future. in addition, i keep my eye on a variety of RSS feeds in my 'must read' catalog which include things like materials science and a couple of future blogs. i also try and keep my eye on large emerging market trend blogs (china, india, etc). so far so good. what i don't do - and should do more of - is have a circle of friends in so many different fields, like the arts, sciences, medicine, etc. friends like these enrich your life and your creative processes so much, and just make life more fun, anyhow. this is where i'm weakest, and something i should address.

innovation, however, requires some skill of thought. it's fun, challenging, and honestly one of the best ways i can spend some time. i like to do it removed from technology distractions, maybe while driving, drifting off to sleep, on vacation, etc. i have three innovation strategies, and two both rely on removal of things and then following what happens, while the third looks at second order possibilities.

the first method involves mapping systems or processes into their few critical elements, and then removing one. for example: military aircraft. a plane, a pilot, and weapons. remove the pilot and you have drone aircraft, UAVs. remove the weapons and you have passenger aircraft. remove the plane and you have iron man. "simple" as that, basically the challenge is to reduce common things to their most basic principle components - but not too many - and then remove one of them.

the second is to remove barriers, maybe temporary ones or even fundamental barriers. the temporary ones are things like the costs of PCs, which dropped dramatically in the past few decades, or the amount of time it takes to do something, which is also decreasing. these are artificial, in that they're consequences of the current state of things (manufacturing processes and cost recovery mechanisms, or materials limitations) but most of them eventually disappear. map out the barriers to things happening, remove the biggest one, and then go from there. fundamental barriers are tougher. imagine "see through walls", now imagine you're a cave man. step one basically lead to the development of glass, a wall that you can see through. or x-ray vision, or thermal scopes, etc. once you are convinced that these sorts of barriers can be overcome, all sorts of fun can happen.

the final one is to take the above two methods and carry them to their next steps. you imagine a world where there are autonomous cars, ok. now what? what would that require? what would that enable? same with low cost PCs, what would that enable the world to look like? once you do that, you can see what requirements must be met - for example tons of training on the use of PCs, user-friendly systems, etc - and what that enables - diversions and games, chat and communications, etc. then you can map out how to get there, and start to envision the future.

i'll be honest, i don't do this and make a huge smashing success in the tech industry, for example. i'm no larry page or anyone of consequence. also, the above is hard, it requires really hard thinking to reduce systems to their critical elements, and creative thinking to imagine those changes. but once you do, you can imagine a world of the future, and with that flexibility comes great fun.

you can also use these techniques to analyze a possible disruptive technology for true disruption. the internet? yes, people want to connect with each other and the net - with the right applications - enables that. the segway? neat but not disruptive, it requires too many changes to the world to utilize effectively on a mass scale.

if i ever seem to be drifting off, assume i'm innovating, ok?
1
Add a comment...

Chris Horsley

Shared publicly  - 
 
 
I'm really interested to know which companies in the world are sending developers the right message. Who is it that you want to work for? Where in the world do you want to work? It would be great to hear what you think :)

Form is available below in the form below, however, is not quite as obvious as the results link, so here it is again:

https://docs.google.com/spreadsheet/viewform?formkey=dEdlOGdORkJsamJ6VjFNN0UwTDY1YXc6MQ

Results are available in this spreadsheet here:

https://docs.google.com/spreadsheet/ccc?key=0ApWuKfEFYQ6YdEdlOGdORkJsamJ6VjFNN0UwTDY1YXc

These results will be kept open for viewing for all, and will remain unedited by me (except in instances where an entry is obviously written in poor taste or potentially slanderous in nature). Obviously this shouldn't happen as we are all grown-ups and this is a conversation about where we would like to work, not where we wouldn't.

Additionally, while I would love to be able to open the spreadsheet for further interaction (e.g. commenting) that doesn't seem to be an option, so I would suggest if you want to discuss this further then head over to HackerNews and get some discussion going on the related discussion page: http://news.ycombinator.com/item?id=3785817 (which is a little empty right at this moment).
1
Add a comment...

Chris Horsley

Shared publicly  - 
 
Update: installed Preware last night, which lets you install developer software (i.e. non-HP app store), new kernels and patches. Then installed the Uberkernel update, which lets you overclock the CPU from 1.1 GHz to 1.5 GHz as well as installing other optimisations. It's startling how much a lot of the problems with sluggishness go away - the interface feels much snappier, and things like web pages render much faster. So, a lot of the comments below about performance can probably be downgraded. (BTW, if you're going to install Preware, don't use a Mac - for whatever reason, it fails. It seems you'll need Windows or possible Linux).

I've been using the HP Touchpad for almost a week now after rushing down to get one at firesale prices ($98 AUD). It's an almost-excellent piece of tech, and it's one of those devices you form an attachment with, like a Kindle or almost any piece of Apple kit (and unlike any commodity Windows machine). The good things:

1. Built on Linux and very hackable, without unnecessarily exposing any of the internals to the casual user.
2. A refined, glossy, beautiful interface.
3. Excellent notification system, which beats iOS 4 hands-down.
4. Multithreading rather than just freeze / restore - though, don't go too crazy or things get sluggish.
5. Possibly the best executed multi-tasking interface I've seen on any platform, mobile or otherwise, via WebOS's Cards.

Unfortunately it:

1. Is unstable. The interface sometimes stops responding to touch while (I assume) app states are restored from swap back into memory. More apps crash than you'd like. Undermined confidence in an OS makes it difficult to relax while using it.
2. Can get sluggish under load or extended use. The two most important apps, the mail program and web browser, cannot be called fast. Handling of Flash, complex Javascript and big / complex web sites strain the browser.
3. Is not an iPad. Not unfortunate in general, but unfortunate for HP, because from the Apple-sque package opening "experience" to the iPhone 3G shape, it's trying so very hard to emulate it. The iPad is a simpler but slicker, more stable experience all around.
4. Has poor app support. I sympathise with anyone who put a lot of effort into app development before forces beyond their control nuked their meal ticket. Looking through the app store, there are so many free apps I assume some of the devs just gave their apps away when HP pulled the plug.

For $100 though, it's been an absolute bargain. While house-hunting last weekend, it was fantastic for swapping between real estate websites, maps and inspection calendars. I think it will go down as a cult collectable, but I'm not surprised it failed in the market.
1
Chris Horsley's profile photoTony Irvine's profile photo
4 comments
 
That's true. When the casing melts, I guess the experiment will be at an end.
Add a comment...

Chris Horsley

Shared publicly  - 
1
Jeremy Dunn's profile photoChris Horsley's profile photoTony Irvine's profile photoScott McIntyre's profile photo
6 comments
 
It did. But Scott guilted me into removing it. :-D 
Add a comment...

Chris Horsley

Shared publicly  - 
 
First upload to PyPI for my BulkWhois lib: http://pypi.python.org/pypi/BulkWhois/. Now that means the magical "pip install BulkWhois" command should work.
2
Zane J's profile photoDamon Oehlman's profile photo
2 comments
 
Nice one Chris :)
Add a comment...
People
Have him in circles
177 people
Rob Floodeen's profile photo
Daniel McNamara's profile photo
Gary Ow's profile photo
Keishi Kubo's profile photo
Work
Employment
  • CSIRT Foundry
    Founder, 2011 - present
  • JPCERT/CC
    Security Analyst, 2007 - 2011
  • AusCERT
    Security Analyst, 2004 - 2007
  • RACQ
    Developer / sysadmin, 1998 - 2004
Links
Other profiles
Contributor to
Story
Introduction
Infosec, visualisation, development, Python, Perl, information gathering.
Basic Information
Gender
Male