San Francisco Chinese New Year Parade

It’s that time of year again, and it was a very wet one. Why couldn’t they have the parade in March like last year? And because of the rain, I didn’t get to see many costumes or even floats with people on it before the parade started. Miss Chinatown didn’t even come out yet by the time we started the parade! And for the second year in a row, I missed the Miss Chinatown pageant. Someone from the Chinese Chamber of Commerce really needs to get me invited to that event. Anyway, here are a few pictures I took at the parade.


The rest of my pictures can be found on flickr.

OWASP-SF Meeting

Tonight was another good OWASP Bay Area meeting. Over 50 people attended the meeting, and I hope these numbers continue to rise.

The first talk was on Adobe Flash security. Here are my notes:

  • Cross-site flashing takes advantage of the html flash parameter allowscriptaccess=always
  • Stefano Di Paola released SWFIntruder a few months ago to help analyze Flash applications at runtime

The second talk was on PCI. I was surprised that the discussion around this topic was lively, as I thought it would be pretty boring. Anyway, here are my notes from this talk.

  • Criminals are getting better
    • Tiny wireless skimmers are point of sale devices
    • In-line wiretaps to record transactions
  • Current PCI spec doesn’t require end to end encryption
  • Visa’s PABP – Payment Application Best Practice
  • PA-DSS – PCI Council adapted version of Visa’s PABP
  • Section 6.6 is required by June 30, 2008
    • Requires either a code review or a web application firewall for front facing sites
    • But what defines a code review? Static vs dynamic
  • Section 11.3 talks about pentesting

The next Bay Area meeting will be in the East Bay, probably somewhere in Pleasanton. If you want to give a talk at the next meeting, please drop me a line.

I only took a few pictures at this event, but they can be found on flickr.

Update: There is a great blog on PCI at

2007 Crunchies Award Ceremony

Last Friday was the 2007 Crunchies award ceremony at the Herbst Theatre in San Francisco. This was my first time attending the award ceremony, and I had a great time. The Crunchies is an annual competition and award ceremony to recognize and celebrate the most compelling startups, internet and technology innovations of the year. It was hosted by TechCrunch, GigaOm, Read/WriteWeb, and VentureBeat.

Some of the award categories were ‘Best new gadget’, ‘Best business model’, ‘Most likely to succeed’ and ‘Best start-up founder’. Congrats to all the winners.

One of my highlights of the night was seeing the Richter Scales perform ‘Here Comes Another Bubble‘. I didn’t shoot the below video, but I found it funny that you can see me running around in the beginning trying to get better photo angles.

My other highlight was when the ‘Best new gadget’ was announced. The winner was the Apple iphone, but nobody from Apple showed up to receive the award. So who filled their spot? The fake Steve Jobs of course with hilarious commentary.

My pictures of the event can be found on flickr here, all tagged with “2007crunchies“.

Update: Sarah Meyers posted links to the video clips from the ceremony, and has a good post on the after party.

Engadget SF Reader Meetup

Wow, it was pretty crazy at the Engadget reader meetup today. For the first 200 people, a 4gb Sandisk Sansa Connect with WiFi was given, and for the next 250 people, a free Flickr Pro account was given. But by the time I got there, the line was around the corner!

And by the time I actually got into the conference room, it was fully packed, and out of food! Trying to navigate through the crowds to talk to vendors was hard, and I gave up after a while because I was starving. I found it funny that people were just camping around the empty food trays, waiting for the next batch to come out. As I left for food, I saw that someone modified the welcome sign.

Hopefully next time they will have a bigger room to host the event, and better food service. And I should remind myself that if I want a freebie, I need to stand in line two hours before it starts.

The rest of my pictures can be found on flickr.

OWASP-SF Meeting

Yesterday was another great OWASP meeting by the SF chapter. The lineup included Ivan Ristic, who talked about web application firewalls (WAF), and Neil Daswani, who talked about emerging security vulnerabilities and the impact to business.

The meeting was held at Golden Gate University, a place I didn’t even know existed, even though I pass it all the time. The lecture rooms were very nice though, with power and network connections at each seat.

Both talks were very good, and here are some of the interesting points that I remember:

There will be no San Jose or San Francisco OWASP meeting next month, due to the OWASP and WASC AppSec conference in San Jose. That event will be taking place at eBay, from November 12th to the 15th.

Below are a couple from the event, the full set can be found on flickr.


Kung Fu Tournament

Last Saturday, the Tat Wong Kung Fu Academy had its annual in-house tournament at Kezar Pavilion in San Francisco.

The day started off with the lions escorting all the students in for the national anthem. Following that were amazing performances from the various sihings, sijehs, and sifus from the various schools.

During the tournament I was judging, so I didn’t get the chance to take many pictures, but I was able to see the sanshou fights.

As always, the tournament was awesome, and it was great to see people that I haven’t seen in a while. The rest of my pictures are on flickr.