dmuth's blog

So I Wrote A Craps Simulator

Work is sending me to a conference that just happens to be hosted in Las Vegas, a city where there are a few casinos. I'm not much for gambling, so I figured I should learn a little about it before I even think of doing such a thing. I read that craps is a fun game that has some pretty safe bets, so I decided to learn more about that. To that end, I wrote a craps simulator.

To get it up and running, make sure you have PHP and Composer installed, and do the following:

git clone
cd craps-simulator/
composer installer

Syntax is explained in the file, but just by running the file main.php, you can run games of craps and see what the results are. The simulator allows you to place "Pass" and "Take Odds on the Point" bets. Multiple players with different starting balances, bet amounts, and betting/exit strategies can also be simulated.

A successful run will look something like this:

Note that if you simulate enough games, you will lose all of your money. That's the whole point of how casinos work, actually. Use my simulator to see how it works instead of playing a few dozen games and finding out for yourself. Smiling

Average: 5 (2 votes)
Your rating: None

What a Phone Scam Sounds Like: Meet "Rachel from cardholder services"

I got this voicemail the other day from "Rachel at cardholder services":

(If the embedded player doesn't work, here's the direct link)

This one is kinda clever, that rather than a human using high-pressure tactics to get you to enter your credit card number, what you hear instead is a recorded message which asks you to "press 1 to get a lower interest rate". Had I pressed 1, I suspect I'd be transferred to a nice sounding human operator who would try to coax me into giving them my credit card number.

There's two takeaways from this:

1) Never give out your card card number to someone who calls you on the phone. (caller ID can be spoofed)

2) Strongly consider against picking up the phone when an unknown number calls you. Let it go to voicemail. If it's someone trying to get a hold of you, you can listen to the voicemail right away (or use Google Voice, which does transcripts), and call the person back.

Stay safe.

Average: 5 (1 vote)
Your rating: None

Anthrocon 2015 Con Report and Pictures

This year's Anthrocon has come and gone and it was a great year! There was a total of 6,348 attendees and 1,460 fursuits in the fursuit parade. We also raised $35,910 for our charity this year, The Western PA Humane Society.

Anthrocon-2015-174 Anthrocon-2015-193 Anthrocon-2015-208 Anthrocon-2015-305 Anthrocon-2015-005 Anthrocon-2015-220

Taking the Fursuit Parade Outside

We tried something new this year--we took the fursuit parade outside and invited the entire city of Pittsburgh to come watch! The turnout was impressive--according to Visit Pittsbirgh, there were an estimated 5,000 people who showed up to watch. And it went over really well!

Anthrocon-2015-254 Anthrocon-2015-265 Anthrocon-2015-261

We received lots of positive feedback from convention attendees, fursuiters who were in the parade, and the City of Pittsburgh itself. We're thrilled that it went so well!

In Closing

I know, I know. This is a rather short con report for such a big convention. The truth is, like with other Anthrocons, I was very very busy at this one, and it seems like every year as the con gets bigger, I get busier. Smiling

For what it's worth, I did get some downtime in which I was able to see some old friends, make some new ones, and generally enjoy the city of Pittsburgh. It does amaze me how welcoming the city is to us every year, and I am thankful for that.

Anthrocon-2015-079 Anthrocon-2015-081 Anthrocon-2015-157

I have a much bigger repository of several hundred photos that I took this Anthrocon. The full set can be found on both Facebook and over on Flickr.

This a busy summer for me! My next cons will be BronyCon, Eurofurence, and MarinaraCon. They're all as good as they sound. I hope I'll see you there.

-- Giza

Average: 5 (3 votes)
Your rating: None

Introducing Diceware: Secure Passwords You Can Remember!

In general, the longer the password, and the more random it is, the more secure it is. This is because if a password file is stolen, the passwords are stored there are stored in encrypted format, where each password is encrypted with... itself. This means that in order to determine what an account's password is, an attack must try encrypting every random possible string and see if it matches the encrypted password.

Naturally, this means that all possible 2-character strings can be tried quicker than 3-character strings, and 4 character strings will take even longer. Unfortunately, thanks to Moore's Law, "longer" means "a few milliseconds". 8 character passwords are usually the minimum, but by some estimates, even that is not sufficient. To make for an even bigger challenge, us humans tend to have a hard time remembering random letters and numbers. This leads to bad habits such as using the same password on multiple sites, and that can cause its own problems.

This is where Diceware comes in. The concept is over a decade old, and rather simple: you roll 5 dice, and then look up the number against a word list to get a word. Words are easy for us humans to remember, yet the dice rolls themselves are quite random. Let's look at a sample run:

That's 20 dice rolls, which means there is a one-in-6^20 (3.65 * 10^15) chance of getting that specific dice roll or, for an attacker, 6^20 guesses they need to make to try every possible password. As computers evolve and longer passwords are needed, more rolls of the dice can be made.

This app can be used online at:

Please try it out and let me know what you think. Naturally, my source code is also available for download. It can be found over on GitHub.

Average: 5 (3 votes)
Your rating: None

Anthro New England 2015 Con Report

I recently had the pleasure of attending Anthro New England, a first year furry convention held in Cambridge, Massachusetts.

First, numbers! The convention had 757 attendees, an astonishingly high number for a first year convention. They also raised $10,000 for their charity, Vest-A-Dog. This led to the ANE organizers getting pied in the face, as shown at the end of this set of pictures. Smiling

AnthroNewEngland-2015-013 AnthroNewEngland-2015-028 AnthroNewEngland-2015-045

What Went Well?

There was a schedule, and it was stuck to remarkably well. All of the events that I attended started on time, or very close to it. This included Opening Ceremonies, Closing Ceremonies, and the "Meet the Charity" event. The IT Meet and Greet panel was also on-time, fun, and well attended.

AnthroNewEngland-2015-068 AnthroNewEngland-2015-087 AnthroNewEngland-2015-091

What Else Went Well?

One of the reasons Anthro New England succeeded was because it showed confidence without being pretentious. It did all of the things a first year con would normally do (Dealers Room, Artists Alley, Dances, Opening/Closing Ceremonies, having a charity, etc.), but it did these things without overdoing them. The function rooms holding each area were reasonably sized and didn't feel cavernous. The programming started late Friday morning and ended on early Sunday evening, letting many attendees commute to the con and leave on Sunday after Closing Ceremonies. Finally, having everything all on one floor made it easy to find all of the rooms and see other attendees.

AnthroNewEngland-2015-207 AnthroNewEngland-2015-220 AnthroNewEngland-2015-141 AnthroNewEngland-2015-226 AnthroNewEngland-2015-230 AnthroNewEngland-2015-278

Average: 5 (1 vote)
Your rating: None

Data Analysis of The Streisand Effect

The Streisand Effect (, for those not aware, is where an attempt to remove, hide, or censor a piece of information has the unintended consequence of publicizing that information more widely by way of drawing attention to it. It is named after Barbara Streisand, who once filed a lawsuit to have an arial image of her home removed from the Internet. In her case, it resulted in a flood of publicity and thousands of people viewing that image.

What happened here?

An individual took issue with a post that I wrote 8 years ago. The identity of the person and the content of the post aren't relevant to this post, but what is important is that prior to this event, the post was sitting by itself, pretty much left alone except for for the occasional web crawler visiting it. The post would have stayed that way, except that the person who had an issue with my post decided to complain in a heavily trafficked forum. This resulted in the post receiving more traffic than the previous several months combined. Additionally, many more people were made aware of the contents of the post, which I'm fairly sure the person complaining did not want to see happen.

How about some numbers?

Here's a graph of HTTP requests to that page over time:

Note the huge spike, when is when the post in question was mentioned. Approximately one thousand separate people visited the post in question during the spike in traffic.

Now, what did we learn?

Average: 5 (2 votes)
Your rating: None

Notes from February 2015 Philly DevOps Meetup: Security Practices for DevOps Teams

Sense. This picture makes none.

As a service to the Philly tech community (and because folks asked), I took notes at tonight's presentation, called "Security Practices for DevOps Teams". It was presented by Chris Merrick, VP of Engineering at RJMetrics.

Security is a “cursed role”

  • the sense that if you’re doing a really good job as a security engineer, no one knows you exist.
    • It isn’t sexy
    • It’s hard to quantify
    • It’s never done

As DevOps engineers, we are all de facto security engineers

Some tips to avoid ending up like this [Picture of a dismembered C3PO]

  • Security Principles
    • Obscurity is not Security
      • “A secret endpoint on your website is not security"
      • “Don’t rely on randomness to secure things"
    • Least Privilege
      • Do not give more privileges than are needed
    • Weakest Link
      • If you talk to an insecure system, you’re at risk
    • Inevitability
Average: 5 (3 votes)
Your rating: None

My MagFest 2015 Report

Last month I went to my first MagFest in several years. Once again, I worked security with The Dorsai Irregulars, and had a good time there, both while working security and at the event itself.

The event has grown quite a bit since I had been there last in 2009, and what used to be a reasonable sized video arcade was now a huge arcade, taking up an entire convention hall.

The concerts that were held every night were also great--I got to see a few bands such as Machinae Supremacy play. One thing that contributed to me getting much better pictures at this event compared to past events was my purchase of a 35 mm Prime Lens from Nikon. The downside was not being able to zoom nor take wide-angle photographs, but the upside was that I could get ridiculous amount of light with the F 1.8 aperture, and that made for some great shots in artificial as well as low light.

I was also pleased to see the amount of cosplay that went on. I counted at least 4 other White Mages present that weekend.

The only downside of this event was something completely out of their control--in order to get the weekend they wanted, they had to have the last date of the event on a Monday. As one might expect, many people did not stay through to Tuesday but instead departed that Monday morning, leaving the hotel with a bit of a "ghost town" feel for most of that day. The upside was that I got to be the last cosplayer standing on Monday night, so that was nice.

Average: 5 (1 vote)
Your rating: None

MidWest FurFest 2014 Con Report and Photos

I spent December 5th-7th at MidWest FurFest, held in the Hyatt Regency O'Hare in Rosemont, IL. It was another well-run convention that I had a good time attending (and staffing).


In addition to walking around the convention and seeing friends, I dropped in on Eosfoxx's "How To Draw Animals" panel. She went through detail on how to draw different kinds of animals, and how they differed from humans. Not having much of an art background myself, I actually found the panel rather informative. I came away from there better understanding the artistic process, at least when tablets are involved. Smiling

Midwest FurFest 2014 - 67 Midwest FurFest 2014 - 90 Midwest FurFest 2014 - 42


This was the big day with our Fursuit Parade. I got to help count the parade again, which is both fun and affords me an interesting view of the parade. The final count for number of fursuiters in the parade was 1,132.

The rest of the night involved hanging out with some friends until about 1 AM. Then the chlorine gas attack happened. I won't go into that here, seeing as I already wrote about that.

Midwest FurFest 2014 - 1 Midwest FurFest 2014 - 17 Midwest FurFest 2014 - 88 Midwest FurFest 2014 - 12

Average: 5 (1 vote)
Your rating: None

Eurofurence 2014 and my Trip to Berlin, Germany

I had quite a trip to Berlin, Germany last month! I was there for 11 days and got to see some of the sights as well as attend Eurofurence.

Let's start with the city…

The Holocaust Museum

Having never been to a holocaust museum before, I really wanted to visit the one in Berlin. It was in a prominent part of Berlin, near the Brandenburg Gate. The museum was underground, with the are above it containing these giant concrete slabs:

The Holocaust Museum in Berlin The Holocaust Museum in Berlin The Holocaust Museum in Berlin The Holocaust Museum in Berlin

The slabs were unmarked and people were encouraged to walk among them. The path itself went below street level while the top of the slabs stayed at the some level, creating a rather eerie quiet effect.

Inside the museum itself, each visitor was given an iPad with earphones and set to the language of their choice. This also created a very quiet atmosphere inside the museum itself as people walked through it and listened to the different descriptions.

Checkpoint Charlie

After the Holocaust Museum, I was a bit bummed out and walked around town with Joel and Yellowfur until we arrived at Checkpoint Charlie:

Checkpoint Charlie Checkpoint Charlie Checkpoint Charlie

Despite being a key location during the Cold Ware, the modern day site of Checkpoint Charlie was very upbeat. It was in the middle of a busy street with traffic going through, and was absolutely mobbed by tourists. There were some people dressed up as American soldiers who would let you have your picture taken with them.

Average: 5 (1 vote)
Your rating: None