Archive for the ‘Clippings’ Category

DEFCON 21: -1 day notes.

Wednesday, July 31st, 2013

Just because I’m not going to DEFCON 21 doesn’t mean I can’t try to cover it. From 1,500 miles away. Sort of half-assedly.

DEFCON hasn’t even started yet, but Black Hat is going on, and some stuff is coming out. The biggest story so far has been Barnaby Jack’s death. I haven’t mentioned it previously because I’ve felt like it was well covered elsewhere (even FARK).

Another “big” (well, I think it is) story that I haven’t seen very much coverage of is the phone cracking bot. Justin Engler (@justinengler on Twitter) and Paul Vines, according to the synopsis of their talk and the linked article, built a robot for under $200 that can brute force PINs. Like the one on your phone.

Robotic Reconfigurable Button Basher (R2B2) is a ~$200 robot designed to manually brute force PINs or other passwords via manual entry. R2B2 can operate on touch screens or physical buttons. R2B2 can also handle more esoteric lockscreen types such as pattern tracing.

This is one I’ll be keeping an eye on.

Borepatch is in Vegas this year, attending both Black Hat and DEFCON. He’s got a couple of posts up: a liveblog of the NSA director’s presentation at Black Hat, and another post about the links between black hats and political candidates.

So the DEFCON schedule is up. If I was going, what would get me excited? (I’ve included the Twitter handles of the speakers from the DEFCON 21 schedule information; I figure this gives a central source for looking up someone’s feed and getting copies of their presentation.)

From Thursday’s talks: I’d probably go to “Hacker Law School“, as I’m a frustrated wanna-be lawyer anyway. Why not?

Anch’s (@boneheadsanon) “Pentesters Toolkit” talk makes my heart skip a beat:

You’ve been hired to perform a penetration test, you have one week to prepare. What goes in the bag? What is worth lugging through airport security and what do you leave home. I’ll go through my assessment bag and show you what I think is important and not, talk about tools and livecd’s, what comes in handy and what I’ve cut out of my normal pen-test rig.

Push some more of my buttons, please.

The Aaron Bayles (@AlxRogan) “Oil and Gas Infosec 101” talk kind of intrigues me, but it would depend on my mood at the time as to whether I went to that one, or skipped out for a break.

Likewise with the Beaker and Flipper talk on robot building: yeah, robot building is something I’m interested in doing, but I might just be in a mood to visit the Atomic Testing Museum instead, and read your slides later. Nothing personal: I’m sure it will be a great talk.

I’m intrigued by the ZeroChaos (@pentoo_linux) panel on the Pentoo LINUX distribution for penetration testing. I’m not sure how that differs from, say, BackTrack, but I’d probably show up just so I could find out.

The “Wireless Penetration Testing 101 & Wireless Contesting” talk by DaKahuna and Rick Mellendick (@rmellendick) hits yet another of my hot buttons. I can’t tell from the description how much of this is going to be describing contests in the Hacker Village, and how much will be practical advice, but I’d show up anyway.

That takes us into Friday. Just from a preliminary look at the schedule, it looks like the big thing this year is hacking femtocells. Doug DePerry (@dugdep) and Tom Ritter (@TomRitterVG) are doing a talk on “I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell”:

During this talk, we will demonstrate how we’ve used a femtocell for traffic interception of voice/SMS/data, active network attacks and explain how we were able to clone a mobile device without physical access.

The Charlie Miller (@0xcharlie) and Chris Valasek (@nudehaberdasher) talk, “Adventures in Automotive Networks and Control Units“, sounds interesting as well. I’m just slightly more interested in femtocells than automotive hacking, so apologies to Mr. Miller and Mr. Valasek: if the two weren’t in conflict, I’d hit your talk for sure.

And if you haven’t been to a software defined radio talk, Balint Seeber’s (@spenchdotnet) sounds promising.

The Secret Life of SIM Cards” by Karl Koscher (@supersat) and Eric Butler (@codebutler) intrigues me the most out of the 11:00 talks. And I’m kind of interested in the Ryan W. Smith (@ryanwsmith13) and Tim Strazzere “DragonLady: An Investigation of SMS Fraud Operations in Russia” presentation because, well…

This presentation will show key findings and methods of this investigation into top Android malware distributors operating in Russia and the surrounding region. The investigation includes the discovery of 10’s of thousands of bot-controlled twitter accounts spreading links to this type of SMS fraud malware, tracing distribution through thousands of domains and custom websites, and the identification of multiple “affiliate web traffic monetization” websites based in Russia which provide custom Android SMS fraud malware packaging for their “affiliates”. During this investigation we have mapped out an entire ecosystem of actors, each providing their own tool or trade to help this underground community thrive.

There’s not much that intrigues me after Benjamin Caudill’s (@RhinoSecurity) presentation on “Offensive Forensics: CSI for the Bad Guy“. If I was at DEFCON, this is the time where I’d probably be browsing the dealer’s room, though I might go to the Amir Etemadieh (@Zenofex)/Mike Baker (@gtvhacker)/CJ Heres (@cj_000)/Hans Nielsen (@n0nst1ck) Google TV panel: these are the same folks who did the Google TV talk at DEFCON 20.

I feel kind of conflicted at 4:00. The Daniel Selifonov talk, “A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It” sounds interesting. But I’m also intrigued by the “Decapping Chips the Easy Hard Way” with Adam Laurie and Zac Franken. Decapping chips is something I’ve been fascinated by, and it looks like Adam and Zac have found methods that don’t involve things like fuming nitric acid (and thus, are suitable for an apartment).

This is also the time when we, once again, present the “Hippie, please!” award to Richard Thieme for “The Government and UFOs: A Historical Analysis“.

I’m slightly intrigued by Nicolas Oberli’s (@Baldanos) talk about the ccTalk protocol, “Please Insert Inject More Coins”:

The ccTalk protocol is widely used in the vending machine sector as well as casino gaming industry, but is actually not that much known, and very little information exists about it except the official documentation. This protocol is used to transfer money-related information between various devices and the machine mainboard like the value of the inserted bill or how many coins need to be given as change to the customer.

Saturday morning, we have the second femtocell talk, “Do-It-Yourself Cellular IDS”, by Sherri Davidoff (@sherridavidoff), Scott Fretheim, David Harrison, and Randi Price:

For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system.

Opposite that, and worth noting, are the annual Tobias/Bluzmanis lock talk, and the David Lawrence et al talk on using 3D printers to defeat the Schlage Primus.

More than likely, I’d hit the Daniel Crowley et al (@dan_crowley) talk, “Home Invasion 2.0 – Attacking Network-Controlled Consumer Devices“, and the Philip Polstra (@ppolstra) presentation “We are Legion: Pentesting with an Army of Low-power Low-cost Devices“. I’m particularly intrigued by the Polstra talk, as one of my areas of interest is how small can we make devices that can still do useful hacking? What’s the smallest feasible wardriving system, for example?

I do want to give Jaime Sanchez (@segofensiva) a shout-out for his talk on “Building an Android IDS on Network Level“. This is worth watching.

I’d have to go to the Phorkus (@PeakSec)/Evilrob “Doing Bad Things to ‘Good’ Security Appliances” talk:

The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible!

Because, tape! But the Wesley McGrew “Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices” talk also interests me.

The PIN cracking device talk is on Saturday, opposite Amber Baldet’s (@AmberBaldet) talk on “Suicide Risk Assessment and Intervention Tactics“. I’m glad DEFCON accepted her talk, and I am looking forward to seeing the presentation online.

Also noteworthy, I think: James Snodgrass and Josh Hoover (@wishbone1138) on “BYO-Disaster and Why Corporate Wireless Security Still Sucks“.

Todd Manning (@tmanning) and Zach Lanier (@quine) are doing a presentation on “GoPro or GTFO: A Tale of Reversing an Embedded System“. I don’t have a GoPro (yet) or much of a use for one (yet) but I think they are interesting devices, so I’ll be watching for slides from this talk. Same for the conflicting Melissa Elliott talk, “Noise Floor: Exploring the World of Unintentional Radio Emissions“.

This takes us to Sunday. There’s not a whole lot that really turns me on early, though I admit to some interest in the Jaime Filson/Rob Fuller talk on harvesting github to build word lists:

After downloading approximately 500,000 repositories, storing 6TB on multiple usb drives; this will be a story of one computer, bandwidth, basic python and how a small idea quickly got out of hand.

I like the idea behind John Ortiz’s “Fast Forensics Using Simple Statistics and Cool Tools“, and he teaches at the University of Texas – San Antonio, so I’d probably go to that.

Now is when things start heating up from my perspective. Joseph Paul Cohen is giving a talk on his new tool, “Blucat: Netcat For Bluetooth“:

TCP/IP has tools such as nmap and netcat to explore devices and create socket connections. Bluetooth has sockets but doesn’t have the same tools. Blucat fills this need for the Bluetooth realm.

Holy crap, this sounds awesome. All I ask for is code that compiles.

(Unfortunately, this is up against the Eric Robi (@ericrobi)/Michael Perklin talk on “Forensic Fails“, which sounds like fun. But Bluetooth hacking is a big area of interest for me; sorry, guys.)

Speaking of Bluetooth hacking, Ryan Holeman (@hackgnar) is doing a talk on “The Bluetooth Device Database”. Which is exactly what it sounds like:

During this presentation I will go over the current community driven, distributed, real time, client/server architecture of the project. I will show off some of analytics that can be leveraged from the projects data sets. Finally, I will be releasing various open source open source bluetooth scanning clients (Linux, iOS, OSX).

Dude lives in Austin, too! Holy crap^2!

And that takes us through to the closing ceremonies and the end of DEFCON 21. I will try to link to presentations as they go up, significant news stories, other people’s blogs, and anything else I think you guys might be interested in. If you have specific requests or tips, please either let me know in comments or by email to stainles at mac dot com, stainles at gmail dot com, or stainles at sportsfirings dot com.

Time, time, time, see what’s become of me…

Wednesday, July 31st, 2013

I can’t believe Lawrence isn’t all over this like a fat man on a Chinese buffet.

Bookmarks.

Tuesday, July 30th, 2013

The camera that shot Che. And a bunch of other people, too.

I’ve been going to Precision Camera about once a week to poke around and drool over the used Leicas. One of these days…

Everything you wanted to know about SQL injection (but were afraid to ask). My only complaint about this article is that the author failed to include the XKCD link required by Internet Law.

Random notes: July 30, 2013.

Tuesday, July 30th, 2013

Latest update on the “Rebecca” case (previously):

A former Long Island stockbroker accused of bilking the producers of a planned Broadway musical production of “Rebecca” pleaded guilty to federal fraud charges on Monday, admitting that he had conjured up fictitious overseas investors and a phantom loan as part of a sham effort to rescue the financially troubled show.

Memo from the Department of “Here’s a Shocker”:

Fifty-five percent of respondents to a 2009 agency-wide survey who said they were resigning or thinking about it cited poor management as the main reason, according to a 2010 report on retention by the agency’s internal watchdog that mirrored the findings of a 2005 report. Although the CIA’s overall rate of employee turnover is unusually low, the report cited “challenges” in the retention of officers with unique and crucial skills, such as field operatives.

More:

“Perceptions of poor management, and a lack of accountability for poor management, comprised five of the top 10 reasons why people leave or consider leaving CIA and were the most frequent topic of concern among those who volunteered comments,” the inspector general’s report says.
CIA employees complained of “poor first-line supervision, lack of communication about work-related matters and lack of support for prudent risk taking,” the report says.

Some bars in West Hollywood and other cities are boycotting Stolichnaya vodka over Putin’s “anti-gay” regulations, “banning ‘propaganda of nontraditional sexual relations,’ including gay pride events and providing children with information about homosexuality.” Fair enough; a boycott seems like a reasonable response, though I don’t know how much good it will do. (I’m not convinced boycotts work against the batshit crazy.) But:

West Hollywood City Councilman John Duran, who has been encouraging bars to join the boycott, said protesters in West Hollywood plan to dump the contents of Stolichnaya bottles into a gutter to raise awareness of Russia’s laws. The protest is planned for Thursday in front of Micky’s bar and will use bottles filled with water, not vodka, he said.

Wouldn’t this be a more effective protest if they actually dumped the vodka? If they are worried about the environmental impact of dumping vodka into the gutter, couldn’t they pour it down the sink instead, like they do with unfinished drinks? Is the environmental impact of dumping vodka that great, especially since I suspect much of the alcohol will evaporate in the storm sewers?

And what are they going to do with the vodka that was in the bottles? Or have they been saving empties for this protest?

A couple of random bits for July 27, 2013.

Saturday, July 27th, 2013

This one goes out to Lawrence and a couple of other friends.

I have written previously about NASA’s “System Failure Case Studies” site, where the organizations posts brief analysis of significant failures and the lessons learned from them.

NASA recently redesigned the site: I find it slightly more aesthetically pleasing than I did previously. And one of the things they’ve covered recently is the Piper Alpha disaster.

Some other recent SFCS articles of note:

  • the crash of a F-22A Raptor, apparently due to a combination of pilot hypoxia and bad ergonomics (especially when pilots were wearing night vision and cold weather gear).
  • The Halifax explosion. It seems to me that this event is mostly forgotten today, but I vividly remember reading a first hand account from one of the survivors in a really old Reader’s Digest at my grandmother’s house:

    The Mont-Blanc drifted toward the Halifax shore and then blew apart, with a shockwave equivalent to 2,989 tons of TNT expanding across Halifax at more than 4,900 feet per second and reached across 325 acres. The pressure and temperature (in excess of 9,000 degrees Fahrenheit at the origin) pushed a fireball of hot gas and debris into the sky that rained shrapnel on people in the streets below. The water around the Mont-Blanc was immediately vaporized and a 52-foot tidal wave swept three city blocks deep into Halifax’s Richmond neighborhood. Windows were reportedly shattered over 50 miles away from the epicenter.

  • And the Xcel Energy fire, which comes across as just total all-around incompetence:

    Although Xcel and RPI recognized the penstock as a permit required confined space, neither treated it as such during the recoating work…Entry procedures were not developed and the required daily permits were incomplete and lacking detail pertaining to the hazards of the day‘s work activities. Air monitoring was performed almost exclusively at the entrance, about 1,450 feet away from the actual work area within the penstock. Neither RPI nor Xcel provided the CSB with a documented basis for declassifying the penstock space as non-permit required…Xcel and RPI managers did not plan or coordinate the immediate availability of qualified confined space technical rescuers and equipment outside the penstock, although the use of flammable solvent in the open atmosphere of the permit space created the need for immediate rescue because of the potential for Immediately Dangerous to Life and Health (IDLH) conditions

    Xcel and RPI killed five workers because of these failures.

On another note, I greatly enjoy the Priceonomics blog, which has covered topics like how does SkyMall work (and their questionable ties to Xhibit Corp), what charities do with those donated cars, and the economics of starting a bike shop.

The latest article has some ties to something I wrote about previously – the pot growers of the Emerald Triangle. Or, as Priceonomics puts it:

Legal Weed is Hurting San Francisco’s Hippies

Some quotes:

“The hippy kids used to be able to sell their weed real easy at high prices,” he tells us. “There were lots of customers and they made enough in a few days to travel for a few weeks. Now though…” At which point Kenny repeats the complaint made by drug dealers throughout the park, that California’s legal dispensaries for “medical marijuana” have depressed prices and stolen away their customer base.

While legalization increased the supply of weed in California, the segment suggests that increased transparency – rather than increased supply – explains the price drop. Chuck, a dealer who switched from selling weed in California to New York and quadrupled his income, told WNYC, “There’s plenty of weed in New York. There’s just an illusion of scarcity, which is part of what I’m capitalizing on. Because this is a black market business, there’s insufficient information for customers.”

Don’t be evil. Again.

Thursday, July 25th, 2013

A while back, I wrote about the Knife Depot and their battle with Google’s Adwords people over selling “assisted opening” knives. The Knife Depot lost their Adwords account because they refused to cave in to Google’s demand that they stop selling (not just advertising, but selling) “assisted opening” knives, which are legal in every state of the Union.

Dan Lawton over at the Knife Depot was kind enough to share a couple of his followup posts with me. Adwords restored the Knife Depot’s account in May, but imposed a requirement that the Knife Depot couldn’t have “assisted opening” knives on any of the landing pages.

Then Google yanked the Adwords account again…this time, because Google has a problem with “throwing knives”.

Could you injure someone with a throwing knife? Sure, in the same way you could injure someone with a baseball, a frying pan, a brick, a bottle, a rabid cat or a slew of other projectiles that can become weapons if paired with malicious intent.
However, a throwing knife is poorly suited for criminal activity. These knives are generally large, making them hard to conceal; they have blunt edges and they’re damn hard to throw with fatal accuracy.

I have no joke here, I just wanted an excuse to post this:

But wait, there’s more! You know who else doesn’t like knives? Yes! Facebook!

But surely Google has learned their lesson, and these policies are being applied equally to all vendors? Unlike the “assisted opening” advertising ban, in which Google allowed big vendors like Amazon and Walmart to advertise those knives, while cutting off the Knife Depot and smaller vendors? Right?

Hahahahahahahaha. Nope. Google is still operating on the same double standard they had back in March – the same double standard that was openly called out by a Google employee in internal communication – and refuses to offer any explanation of why certain vendors are allowed to advertise “assisted opening” knives, “throwing knives”…or “herbal incense”, for that matter.

Thanks to Mr. Lawton for bringing my attention to these posts. And, as a side note to people who want me to write about their stuff, this is the way to do it: Mr. Lawton sent me a nice, personalized email summarizing his posts, politely suggesting that I might want to write about them based on my previous coverage, and even provided some evidence that he’s actually read more of the blog than just that one post. He had my curiosity when I saw the email; by the time I finished reading it, he had my attention.

(For the record, the Knife Depot hasn’t given me anything – money, knives, gift certificates, or anything of value – in exchange for this post. Nor have I asked for anything.)

Random notes: July 24, 2013.

Wednesday, July 24th, 2013

Man, this is a day for sad sports stories in the NYT.

George Sauer Jr. passed away in May.

He caught eight passes in the Jets’ upset victory over the Baltimore Colts in Super Bowl III. In six seasons with the Jets, Sauer caught 309 passes for 4,965 yards and 28 touchdowns. But after the 1970 season, when he was 27, George Sauer retired, criticizing a sport that he described as having a “chauvinistic authority,” “militaristic structure” and that he termed “inhumanly brutal.” He briefly returned to play with the New York Stars of the World Football League three years later, but after that, Sauer’s football days were over.

What makes this story interesting is that Sauer, according to people who knew him, was a really smart guy who may have never wanted to play football in the first place; what he really wanted to be was a writer.

On a slightly more upbeat note, there’s an interesting piece by Frank Bruni in the paper of record. Vetri, a very well regarded Italian restaurant in Philadelphia, transformed itself for three nights into Le Bec-Fin, a legendary restaurant that closed (temporarily?) in 2012.

I like the idea of recreating legendary restaurants for a few nights. I’m not sure what Austin restaurant I’d like to see do this; I think that needs some more consideration than I am currently able to give it.

And since this isn’t behind the paywall, i’ll link to it: the Austin Police Department has fired another officer. What did he do? Well…bad guy broke into someone’s home and stole their pickup and gun. Police chased the bad guy. Bad guy wrecked the truck, fled on foot, and broke into another house.

As police converged on the home, he began backing out of the garage in the homeowner’s car.
In a disciplinary memo, Austin Police Chief Art Acevedo said [Christopher] Allen [the fired officer – DB] fired four shots into the car’s window as it backed out of the driveway before chasing the car down the street on foot while firing an additional 10 shots, forcing other officers to take cover.

This has gone to the arbitrator:

According to the opinion, Allen acknowledged that he shouldn’t have fired all 14 shots but contended that he complied with the department’s deadly force policies because the suspect was an imminent threat to the public.

And the arbitrator said:

…that sustained violations of use of force policies have consistently resulted in termination, and that Allen should have been expected to avoid approaching the vehicle containing a possibly-armed suspect.
Though he said Allen seemed like a “thoroughly decent individual and dedicated police officer,” he decided there was no justification to overturn his termination.

I think the take-away here is: hit what you aim at. And always be sure of your target and what’s behind it:

The chief said Allen’s actions violated several departmental policies, including determining the objective reasonableness of force, and that he was a more of a threat to the public than the suspect.

Obit watch: July 24, 2013.

Wednesday, July 24th, 2013

This is an incredibly sad obit: Emile Griffith, boxer.

The cause was kidney failure and complications of dementia, said Ron Ross, the author of “Nine … Ten … and Out! The Two Worlds of Emile Griffith,” published in 2008.

Mr. Griffith boxed professionally for nearly 20 years, from 1958 to 1977. He is perhaps best remembered for his fight against Benny Paret on March 24, 1962.

By the 12th round of a scheduled 15, Griffith and Paret were still standing. But in the 12th, Griffith pinned Paret into a corner and let fly a whirlwind of blows to the head….
Griffith delivered 17 punches in five seconds with no response from Paret, according to Griffith’s trainer, Gil Clancy, who counted them up from television replays. Griffith may have punched Paret at least two dozen times in that salvo.

Mr. Paret died ten days later as a result of brain injuries received during the fight.

Please continue to be careful out there.

Tuesday, July 23rd, 2013

A while back, I wrote about Sutchi Hui. Mr. Hui was crossing a San Francisco street when he was struck and killed by Chris Bucchere, who was on a bicycle at the time. The San Francisco DA charged Mr. Bucchere with felony manslaughter.

Mr. Bucchere has now pled guilty to that charge.

“I believe justice has been served,” Gascon told reporters. “Mr. Bucchere has been held accountable to a level that’s historic in the state. His conduct was egregious. He will be providing 1,000 hours of community service. We hope many of those hours are spent talking about traffic safety.”

However, according to the article, Mr. Bucchere will not serve any time in prison. Or perhaps I should say the DA is not requesting any under this plea agreement. Mr. Bucchere will not actually be sentenced until August 16th. The SF Chron says that Mr. Hui’s family agreed to the plea, and that Mr. Bucchere will serve three years on probation. And:

After six months, Gascon said, a judge could reduce the charge to a misdemeanor.

Banana republicans watch: July 23, 2013.

Tuesday, July 23rd, 2013

Do you remember the “Bait Car” incident? In brief, an LA County sheriff’s detective swore under oath that he’d read a suspect his rights; that testimony was contradicted by video taken of the arrest for the “Bait Car” TV series.

Now:

Prosecutors concluded that Det. Anthony Shapiro “willfully, knowingly and intentionally” made false statements when he claimed to have fully read suspects their Miranda rights, according to a memo obtained by The Times. Footage shot by television cameras for the TruTV program “Bait Car” shows that Shapiro never fully read the suspects their constitutional rights, including the right to remain silent and have an attorney present during questioning, prosecutors said.

And what is the DA’s office going to do about this? Not a damn thing.

Despite the findings, the district attorney’s office declined to file criminal charges against Shapiro. The office concluded that Shapiro’s false statements did not amount to perjury because they did not play a key role in the decision to arrest the men or in the outcome of the preliminary hearing where Shapiro testified, according to the memo.

Meanwhile, in the notoriously corrupt city of Vernon, Bruce Malkenhorst used to be the city manager. He resigned (and was later convicted of misappropriating public funds). As city manager, he took home $911,000 a year; his pension was the largest in California, more than $500,000 a year.

At least it was until the California pension board cut it back to $115,000 a year, stating that some of his salary was improperly obtained.

So now the 78-year-old Malkenhorst is suing Vernon to make up the difference. His lawyers are making a novel if improbable argument: Because it paid him a high salary, the city is responsible for keeping his retirement benefits at the higher level even though CalPERS balked.

Obit watch: July 23, 2013.

Tuesday, July 23rd, 2013

Dennis Farina: NYT. LAT. A/V Club.

Ad astra per aspera.

Sunday, July 21st, 2013

I was busy yesterday (the fun kind of busy, shopping for guns and drinking saké) so Lawrence beat me to posting about Apollo 11. Let me see if I can trump him.

From PetaPixel, here’s NASA video of the first few seconds of the Apollo 11 launch, originally shot on a 16mm camera at 500 frames per second.

From Wired, a tribute to the Hasselblad camera used by NASA.

(If I ever get a little ahead, I’d like to pick up a used Hasselblad. And a used Leica, too.)