Wednesday, 11 April 2018

Today is one-year since I decided to transition

Author: if you're sensitive to certain subjects including suicide, transphobia, and overall queerphobia, I'd suggest reading this with an abundance of caution. A lot of what is written here may also be paraphrased either due to the fact that time has passed and I wouldn't able to be entirely accurate or it's not necessary to write everything in whole.

A year ago today, I was on holiday from work. I was stressed-out, miserable, hating every single aspect of myself, and just outright feeling dead inside. There was effectively no fuel left in the tank and I was just running on whatever fumes I had remaining.

I took a walk one day in the hopes of having a "good day" and found myself staring at a bridge.

My brain gave me three options as I looked.
  1. Continue with this charade where I pop anti-depressants to calm myself down and find myself becoming increasingly angrier, resembling someone I didn't want to become
  2. Take a walk to the middle of this bridge and 'resolve' the matter, leaving everyone questioning everything about why
  3. Go further down the street, not knowing what will happen but make a radical change in my life
How I got to this point in my life was a culmination of two decades of wondering about my gender and sexuality and eight years of me knowing but trying to not make it a big deal. It wasn't the first time I found myself with my brain suggesting a variation of option two but I was unable to push myself not to like the last time.

Back in July 2009, there was a trans woman who transitioned in front of me and her actions were what started my dealing with being transgender. I knew her from years prior helping run a local convention and then after not seeing her for most of the year leading up to then, she came out. She was beautiful and I was jealous. "I want to be like her" was the theme in my mind as I kept looking in her direction. It was the first time it clicked in my head that maybe I was like her but there were so many questions.

Why her? I worked with transgender persons, made friends with them, and had so many interactions. Why?

It's because I saw her before. She was beautiful before and she was even more beautiful now. I was jealous and it stuck with me harsh. 

When I was 12-years old, I was stealing clothes from the laundry room and in some cases kept them in a drawer next to my bed; I only stopped because my mother caught me. I was ashamed of my body and always found changing before P.E. class aggravating. I felt inferior to the boys I was forced to interact with and compared to my more athletic younger brother I felt like a bit of a runt.

At 18, I was dating my first girlfriend and my sexual experience was awkward, finding myself feeling uncomfortable after. When we broke up a few months later, she asked me if I was gay and my only response was, "I... am not sure". Going forward, I tried to put on this machismo image of myself but truthfully I found it to be absolute garbage; the problem was I didn't understand why.

I was always in fear of being queer to be honest. I remember when I was 16, I admitted to someone that I thought that I was bisexual but I couldn't really say why and only said it to one person. I had to deal with my father making limp-wristed gestures in regards to my cousin being gay and my mother and grandfather referring to a trans woman computer technician he had hired as "he-she" or variations of that. Classmates constantly taunted me frequently, referring to me using queer-specific derogatory terms and using "queer" offensively, replacing my last name with that word due to it rhyming--I now own and use that word now in describing a part of who I am.

Being placed in a Catholic school didn't help me process my queerness in a productive manner. Any thoughts of me being anything close to "queer" was shameful and I lay the blame on the indoctrination I had underwent as a kid. I don't lament my parents placing me in a Catholic school, as they felt like it was the "right thing to do", but honestly there is nothing good to be said about my experience the more and more I revisit this time in my life. The constant bullying I faced during this time was outright awful and never dealt with appropriately by my parents or school officials (blame was virtually pinned on me most of the time), thus making me want to never express my true self. There was no emotional support for me and I was made to believe that I was wrong and I needed to "smarten up".

As an aside to all this, I am not the lone trans person in my rather small class (we had around a hundred students at graduation) as someone we all assumed as a lesbian came out as a trans man many years post-graduation. There were others who came out as queer with one coming out midway through our last year of school.

I digress, but regrettably, this shame I developed early on didn't help me behave outside of grade school any better: I used to use these aforementioned derogatory terms on message boards and in chat. It was only until the mid-noughties did I realise that this behaviour of mine was abhorrent. Cleaning my language of certain words was a long-process and I made an effort to listen to others when called out on it.

During my 20s, I waffled in and out of depression. I came out as depressed to some friends in 2004 and I was reluctant to do anything about it due to a friend's recent passing. I just didn't want to have any attention centred on me and I suffered in silence. Come 2006, I decided to move away from Vancouver thinking that it would fix me. As a consequence, I ended up really isolated, resulting in moving back less than a year later. Some time after my return, I sought out a psychiatrist and got myself on anti-depressants. It lead to this thought that I'd be on my path to finding inner-peace.

All during that time I couldn't figure out what my problem was with my gender and my sexuality. I knew somehow I was queer but just could never put my finger on it. 

I soon started to date my first long-term partner of whom I would later ask to marry me. During that time, I would meet this aforementioned trans woman and thus began my slow spiral; this was not her fault of course! It was a slow burn and even after that incident I gave it a thought but eventually after my car accident in 2010, I started to reevaluate everything.

I was off the anti-depressants and truthfully my time with the medical professional was absolutely useless, but I had convinced myself months before the car accident that I was fine. After the car accident, I found myself back at the same point I was in 2007 if not worse. When I remarked to my mother that I wanted go to back on the medication, she gave me a rather milquetoast response that very much discouraged me from trying again.

My partner and I broke up in mid-2011 and I felt like maybe this trans stuff in my head was in fact nonsense. I didn't find men attractive so why the heck would I be transgender? The trans women I had met before were all ambiguous about their sexuality and as such I left myself with the false impression that they were straight. I briefly flirted with the idea of transitioning around this point although it was the first time it was serious unlike before it was a "what if".

So instead of doing the right thing, I tried to reinvent myself. I had friends help me choose out new clothes and I started to toy with doing my hair differently. I bought a suit for a wedding and felt like I could own myself. I then met a woman at this wedding and we began a long-lasting relationship. We were engaged in 2015 and married a year later; all the while I kept going back to thoughts about why I was born a "man" and not a "woman". The idea of me being trans was still absurd until I was sick in the summer of 2016.

My wife was out of town and I came down with a nasty case of bronchitis. I couldn't work at all so I found myself reading all sorts of random things. An article I came across was by a trans woman about being closeted and how her life had improved once she came out. She described who I was to a T and it was outright unnerving; she had help me complete my knowledge in the separation between gender and sexuality. I didn't know what to do so for months I distracted myself with whatever I could and it shifted the spiral towards its steepest.

My sexuality was no longer the problem; my gender was however. Sex has always been broken for me in some capacity, but it had become hyperaware to me at this point. I couldn't face myself in a mirror anymore and the idea of me being any photos by myself bothered me immensely; this was a problem before but it really felt significantly amplified by this point. Everything was just outright broken in my head.

My self-image of myself had always been skewed. For example: I've always hated my facial hair.

I tried to grow it out while living in Edmonton, but after a week I found it absolutely awful and went back to shaving it regularly. I made many quips about wanting to wax my face to my partners, but they all said it was a horrible idea; I just never wanted to see stubble. The way I approached my genitals at the time was slightly different albeit the same, but I am not up for elaborating on this.

Side-tracking here a bit further: it's sort of funny how we assign gender roles right at birth based on what is between the legs, allowing for zero self-determination since at the start we're already telling the child what they're supposed to be. This scene (at 3:40) from Monty Python's Meaning of Life exemplifies the absurdity of it all.

I remember after the 2016 American election (or debacle), I went to sleep that night negotiating with myself that maybe I could transition but only in a decade or so; I don't know what initiated it all but I imagine the completion of a bottle of whiskey was at play.

Maybe things will be better, maybe I'll get over this, or maybe I'll "come to my senses" and figure out that this is just a really absurd fever dream and that I just need to "pull up my socks". I was really drunk and at the same time failing to fall asleep; it was probably the worst night's sleep of my life.

It was at this point the obvious anxiety attacks started; I would later realise that I have had anxiety attacks of this severity before but not at this frequency. I would spend Christmas and New Years just in a complete panic, doing my best to keep myself together at least on the surface.

Work was my only outlet really, finding myself just spending all day at my day job doing as much as I could tolerate. However, I was reaching close to burn-out and opted to shut down a service I was running in the hopes I could refocus. I tried to spin up new, smaller projects and had some decent success but couldn't keep the momentum going. I was burning the candle at both ends basically.

In desperation, I joined a gym to help destress from everything and while it did improve some things for me, overall it didn't really help; I lost 14 KG (30 lbs) between February and April. All during that time I was on anti-depressants again and I was visiting a psychologist.

There were two things happened in March that changed everything.

First, my psychologist said something profound: "all anxieties are rooted in something; we need to find what it is in your case". Second, my wife said, "we used to be on the same page, but now I feel like we're in different books". We had agreed to buy a home but a few nights before we had a fight over going ahead with buying one at the time and we spent the car ride home from where we ate in absolute silence. Everything was stressing me out and I was starting to break and break hard.

The week off was approaching and I felt like it was going to "reset" me. In fact, it was the end of this spiral and the start of something new. I managed to get through the first day off by doing things I wanted but the second day was a hard start. I decided to go for a long walk from my home to the city centre. I came to the Pattullo Bridge and began to walk up the path for no apparent reason, stopped, and then found myself presented with those options.

It would be the last time I would visit a pub and consume several pints in the middle of the day; but I did make a decision. I was about to mess things up, yet I didn't know what else to do other than tell the truth--or at least everything that I had thought about up until that point as I didn't have the luxury of retrospection like I do here right now.

I wanted to write about my coming out which was on April 13th, but I am still dealing with the aftermath of that ordeal. Most people in my life have been fairly chill about it and in some cases relationships significantly improved, but I have one aspect that is in complete tatters and I am still working on sorting out my thoughts on the whole matter. It has resulted in me seeking counselling and while it's making things better for me mentally, I still have a long ways to go. There are people I want to acknowledge that have done so much for me since but until I can make amends with others or at least myself, it'll need to rest.

These people do know who they are and I love you all and cannot express enough the gratitude I have for your patience and friendship. Some of you have done more than for me than I could ever expect especially considering how difficult our past relationships may have been. Seriously it means a lot to me.

Revisiting this spot for the two photos was really jarring. I didn't want to stay much longer than I needed to and I found myself crying in the car for a little bit after this experience. It hurt and even as I am writing this the pain is all too real. There was so much pain involved in my coming out but what I will say is that regardless of the hardships I still face, I don't regret it. Nothing is perfect now but things are better. My only regret is that I wish I did this sooner and perhaps I could have handled things better when I did come out in the first place; but it did happen and well there is no do-over now is there?

I've basically "unlearned" gender and it has been quite a trip to say the least.

I think that 2018 will continue to be a good year for me as a person and I hope that in 2019 I can talk about some presently unresolved issues in a positive light. My door is still open for most who are still "coming around", but I won't allow for myself to get hurt.

Tuesday, 20 March 2018

Performing Your Own Dentistry - Challenges, Unknowns, and What is Overlooked in Security Log Collection

This is essentially a blog post version of my BSides Vancouver 2018 presentation that I gave on Tuesday, March 13th. You can download a copy of my slides in PDF format and at the start of this YouTube stream is where I am speaking (albeit the first 5 minutes is cut off). I'll update this blog post with the actual video release which may be in a few months.

I've opted to write this entry in a condensed format so for further context I do suggest grabbing the slides and following along with my presentation. However, much of what I spoke about will be contained within. Some people remarked to me post-presentation that they wish they had seen my talk before they had embarked on their journey in collecting security logs.

One thing I'll warn you all on is that I may skip things since I spoke about them verbally in the talk. Additionally, the notes that form most of this entry were initially strictly for me so any odd typos or grammatical errors are to be expected.

A copy of the slides can be downloaded here.

Getting a running start...

To give you a backgrounder on who I am: I've been working in various information security roles for the past decade, but presently for the past 3.5 years as of this writing for a natural resources company as their senior analyst. The company I work for has about 10,000 employees scattered globally and has some interesting challenges; namely a need to defend both corporate and industrial control assets and geographical challenges that I never thought about until I came onboard. We process and store anywhere between 170 and 250 GB of data within our security log software daily with a year's retention.

You're done with using the command line tools like grep, awk, and cut and you're done with data going into the aether, so now you want to collect your logs and have them somewhere in a central repository. You have figured out that using the tools of old is not faster (they're not) and now you're embarking on looking for a software solution.

Here's the mess you'll encounter:

This is a sampling of the smörgåsbord that is security log collection. All of these displayed above have different use cases, different feature sets, and you will be bombarded with buzz terms like "machine learning" and "threat intelligence". Vendors are going to be super eager when they get a whiff of you having a budget and will do anything to convince you that their solution is the best option. I'm not going to tell you what to choose but I will tell you what to consider.

Right off of the bat, you must try and keep this simple at least in the short term. The first six months of you using your new kit is going to be you implementing it, getting it configured right, and then pulling your hair out because you think you understand just a fraction of what it is doing. It is super tempting to aim to have these really neat features that on the surface appear to solve all of your woes, but realistically you need to set expectations and set them early so you don't get blind-sided when you discover that they're not living up to your expectations.

Knowing your network before you dive in is super important. Do you know everything that is on your network? When your network is small (say a 20 person company), there is probably not a lot of legacy things or at least if there are you know what they are. However, as time has gone on, your large organisation probably hasn’t been so lucky and you have oddball things scattered about and have become long-forgotten yet somehow important.

Annoyingly, not every device is going to have an effective method for log collection! Even security appliances can fall victim to this issue! In one case, I had a proxy server that had only one output for its logs and at the time we were sending them to an analytic software by the same vendor. We chose to ditch the software and have the proxy send its data directly namely because our log collection software could do a much better and faster job at answering questions and generating reports.

Not everything needs to be collected either. Your brain doesn't store all the information it is fed at all. All the while you're reading this, your eyes are capturing approximately 30 GB of data (let's just run with the idea of your brain storing bits here). It is assumed by neuroscientists that you could keep anything between 10 TB and 2.5 PB within, meaning that within a whole day you'd be full! Of course, your brain is very clever and discards so much of that information unless it is important. You need to know what you want to keep otherwise things will just become way too much to handle!

If your team is large enough maybe host your security logs yourself! It’s a lot of work but then you have full control over the log collection. However, you need to be prepared to have lots of storage capacity. How long do you want to keep it around?

My organisation collects 200 GB per day and we’re about to migrate to 72 TB of our data to our own infrastructure. Can you host 72 TB? Can you backup 72 TB? Do you need to collect a year’s worth of data?

However, on the flip side, the advantage of having someone else host your log collection is that it takes the infrastructure challenges off of your plate. Make sure your SLA includes backups and storage redundancy! And you should also keep in mind that you may want to seize the data should you decide to pull the data into your own environment.

You’re now freeing up time and energy to devote to responding to incidents or integrating the log collection into other systems. However, one challenge you may face is that you will lose a lot of flexibility in terms of configurations.

You’re going to find that since you chose your SaaS solution that certain configurations are not going to be supported or after badgering the vendor to do something to improve it they come up with a solution that their support team cannot make sense of so when it breaks you find yourself pulling hair because they won’t get the urgency of the situation.

Do you have change control? It is quite possible that a new device or a change to an existing device could lead to a problem with log collection. Will a change to an existing device cause the log output to change or stop all together? Will you be able to support the log collection?

Things are in place--now what?

Make sure that everyone is aware of what your intentions are for these logs. Knowing the difference between collecting, monitoring, hunting, and predicting when it comes to all this is super important in setting expectations.

Truthfully, never say more than collecting as if you’re using this in an incident response role, you want to set the expectations before something occurs in how you’ll deal with a situation. You may be creating alerts (monitor) based on existing indicators and you’re probably going to do the same for hunting.

Predicting is something I highly doubt you’re going to achieve. You can of course use the software to forecast, but it probably isn’t going to tell you when you’re about to get breached. If any product could do that, security would be “solved”.

You need to know what you’re going to do with this data. Is it for digital forensics? Incident response? Employee behaviour?

Can you measure the amount of data and events per second (EPS) you’re going to generate? I won’t get into how you’ll want to do this but there are many guides out there for doing this effectively. This is something you’ll want to consider before signing that licence agreement. At 200 GB per day, we’re eating up almost a quarter of our daily Internet traffic sending our data over to an AWS cluster.

It’s quite possible you’ll end up with duplicate data. Do you need to collect device from your router sitting in front of your firewall?

Who is responsible for the data? Who is supposed to be involved in any changes? This is an opportunity to learn the RACI model.

Working with the data

Let's talk about what I am collecting.

The biggest set of logs you’ll probably collect will be your event logs. You have your typical Application, System, and Security logs, but Windows Event Log system is a lot more extensible than just that. Some security products create their own event logs (such as many endpoint solutions) and having that data collected can make a whole lot of difference in incident response.

On the subject of endpoint security, there are a lot of products out on the market that will keep a ledger of sorts to help in digital forensics. However, your organisation may be unable to afford such software. An alternative is to make use of Sysmon logging which is something native within Windows. Actions such as specific user behaviour and various other events not otherwise captured by event logs can be recorded. This has proven very, very useful in determining the spread of malware within my organisation.

However, bear in mind that event logs are probably going to be the bulk of your log collection so you should determine how much traffic you’re going to generate from those details alone.

One thing to take advantage of here is to forward your event logs to a central spot. This is a feature that exists within Windows and can be very useful in avoiding installing too many collector agents -- especially useful for workstations such as what I mentioned here with Sysmon. Bear in mind that you will need to do some rewrites on the log data to correct tag the log data itself as the source and host data may end up getting lost.

Proxy data is very useful as well but something to keep in mind is if your web filtering solution is doing HTTPS inspection, you may need to ensure that recording this activity is permissible. I am not your risk and legal here so I won’t bother to elaborate further on this point, but this may be very important to keep in mind.

When it comes to DNS, it’s surprisingly easy to capture and record this traffic. Assuming you have centralised your name servers, you don’t need to do much in the way of logging to disk to make this effective. There are ways to just outright capture the traffic by monitoring the network traffic itself. You can either just sniff traffic right on the DNS servers or mirror traffic going to them to a dedicated collector running the capture software.

DHCP is also useful (and can be captured the same way) for looking for rogue devices and for historical DNS lookups. If you don’t have any sort of network access control, this could be a way to supplement one.

Firewall data; not much to be said. If you’re lucky to have a firewall that does packet inspection and thus can tag the application data or are able to tag users and IP addresses, this can be extremely useful.

Be careful with Netflow! Holy heck have I ever seen this one go sideways if you have far too many devices capable of it. Netflow is super useful for determining lateral movement within the network but because of how noisy it is you may find it nigh-impossible to make use of it. In my situation, I am only using it for egress and ingress traffic at our sites where our main firewalls do not cover them and they’re set up in a split tunnel configuration, meaning that Internet traffic isn’t captured by our usual means. Netflow can easily surpass the amount of data that event logs generate.

Lastly, I have lots of other random logs I am collecting from mainframes, various database software, and from Internet-facing appliances.

What about your cloud data? You should own that data and if your vendor says you don’t then it’s time to consider going elsewhere.

Many SaaS solutions do offer log data either via an API or syslog (usually over TLS). However, it may not be documented all that well and there is a good chance that you’ll either have to write some of your own code or have something sitting within your DMZ to capture this traffic.

I’ve had situations where the vendor has provided the log data but it’s only what they deem as “important” and not the general activity. Be prepared for this to happen and do not hesitate to demand a feature request to change this.

A grotesque myriad of log formats

You’re going to find three popular HTTP daemon log formats: Apache, W3C (done by the standards committee for the world wide web), and Microsoft IIS. IIS is kind of ridiculous as they modeled their format off of W3C but like all things Microsoft from the late 90s and early noughties, they opted to go their own way sort of.

This is something you’re going to have to face and you have a few options for dealing with it. In a lot of cases, the software you use will do field extractions for you automatically if the product is mainstream. You may luck out and the vendor or a very nice person may have written a solution for you. However, even if a solution is provided, you have weird edge cases that arise.

It’s very tempting to log all traffic on your file server. If you’re small enough, it’s probably no big deal, but what happens as you scale? Just like I mentioned earlier with Netflow traffic, it can become far too difficult to sift out what is a real threat and what is normal activity. Consider evaluating the event IDs you absolutely want and filter out whatever you don’t. This can be useful in reducing the amount of traffic and storage required.

I guess I am harping on event logs here still but by default it does include helper details that to you and I is super useful. However, when you have millions of events per day, those details add up and are not useful to keep around. Consider filtering that stuff out too and you may find that you save at least a third of your storage requirements!

This is your typical contents of a Windows Event log. Out of your box your software solution should support the format and if not then I have no idea what you’re using and you’re probably going to want to reconsider everything you’re doing. However, it will by default only deal with your typical System, Application, and Security event logs.

In this case, we have an output from Sysmon, allowing my organisation to see what is happening on a machine--if you have the ability to set this up, sysmon data is an absolute goldmine for information. However, if you look at the message field, you’ll notice that it starts to differ.

Okay. You’ve fixed the Sysmon issue, but now you’re like me and you’re collecting AV logs. In this case, SCCM manages our built-in Windows AV solution but in order to get the data out, we had to create a trigger within MSSQL to dump the event into an event log. It works great but take a look at the Path and DN fields. This would not be extracted properly with the same solution as Sysmon.

There are times however where everything just sucks. The above is an output that couldn't be extracted properly. It was awful. None of the data was consistent and the log software would just do everything improperly. I hated it so much but I fortunately had a solution after much complaining to the vendor (I'll elaborate a bit later).

To fix most of these, you’ll want to learn regular expressions. They’re absolutely useful to learn but do require a lot and I mean a lot of time to learn effectively. I am very rusty with them these days but there are solutions for writing them without having to spend too much time getting beyond the basics. I recommend working with RegEx101 if you want to get a start on things.

However, don't get too creative as it doesn't fix everything.

Shout out to Ex-Parrot for this disastrous regular expression.

This was not written by hand. If your regular expressions are getting to this point, you’re going to hate life. Regex is NOT a solution to all of your woes and does not mean 100% perfection. You will NOT achieve perfection in your extractions--but you will get something functional with enough work.

Do not use regular expressions to parse XML either. Your software should be able to work with it natively (as well as JSON, which can be regex'd but shouldn't need to).

If your syslog output has CEF (Common Event Format) as an option: use it. There are variations of it per vendor, but it's night and day in contrast to other log formats.

In the case of the vendor with the terrible output, after much complaining and pointing out their other products can do better, they provided us with a JSON output that pushed over HTTP. It has been the most workable data I have received yet so far so sometimes vendors can improve and improve real well in this space if you ask them to!

Things will break I promise you

Prepare for things to break and prepare to not panic. You must accept that somehow everything will break. Have everything documented and understand the impact of missing or delayed data.

If any amount of downtime or interruption causes a compliance issue, you must prepare for it either through redundancy or risk acceptance. These are things I cannot walk you through but know who to consult as it is important!

Regardless of whether or not you’re dealing with one, two, or fifteen time zones, you should always set everything to UTC. This will make it easier for you to build timelines. Having accurate time also means you can correlate with other sources effectively.

Have a central NTP source too. Time can be a few seconds off but any more than that and it makes correlation very difficult!

Time will break without you trying to. One of the times here is correct and one of them is not. This will become a headache.

As I mentioned earlier, one of the things I deal with in my organisation is industrial control--you may have heard it referred to as “real-time systems”, “process control”, or “SCADA” but they’re all one in the same. There’s a huge concern for safety and as a result we do monitor some aspects of our IC environments.

Be very, very careful when it comes to monitoring these spaces as even though you’re listening, you’re not necessarily passive about it. I highly recommend skipping to the part of the video where I use the above image as I go into detail about how using TCP instead of UDP can lead to trouble.

If you’re a team of one, then you’re responsible for everything that breaks!

If not, then you need to be able to identify the problems and then determine where the fault lies. Have your partners within your department involved in these situations and make sure that they’re aware of what their involvement needs to be. You may not have access to that firewall that is no longer sending syslog but they do. These teams may want to identify your log collection software as at fault so ensure that you have checked everything on your end and done the appropriate tests. Don’t be afraid to use netcat for example!

Closing Remarks

Be prepared for things to break and have a plan to deal with it. This also includes identifying the risks involved.

Don’t hesitate to hire a consultant and make use of them. They’re assets and can make your life easier. You're burning money if they're doing nothing.

This is probably the most effective security software you’ll use, but it’s not a holy grail so don’t treat it as such.

Lastly, this was the first talk I've given since coming out as queer. I really appreciate those who were attendance and appreciated the questions and feedback.

Tuesday, 27 February 2018

Finding the best London Fog in Vancouver

The above beverage is a London Fog, which is a tea-based latte. The basic ingredients of what is my favourite drink are typically as follows:

  • Earl Grey tea (1 bag)
  • 100 mL boiling water
  • 10-30 mL vanilla syrup (to taste)
  • Steamed milk (to taste)
There are all sorts of variations on the above but that is more or less what I expect. In some cases, you can work with simple syrup and then add real vanilla into it or you can also just use vanilla extract, but the above is what I would be the absolute basics of what you'd need to make it at home.

I've been drinking this beverage as a default in most Metro Vancouver cafes for a good decade and a bit; I first came across it in my university's coffee shop and was immediately hooked. Its origins are disputed, but it has been suggested it originated from a now-defunct place on West 4th Avenue called the Buckwheat Cafe. I've tried to find more details on the place but information is scarce as it existed before the Internet was commonplace (the claim is that it was invented in late 1996) and the digital records on the City of Vancouver Archives website do not make mention of the place anywhere.

At some point I'll have to do more digging and maybe check with the Vancouver Library. I want to know why it was called a London Fog (presumably due to its use of Earl Grey tea), if the stories about its origins written the Internet are true, and maybe a bit more about the shop itself. If you know anything, do drop me a line!

I've been hitting up random cafes I tend to frequent and have compiled a list of what I think about their version of a London Fog. Because some places will do theirs slightly differently than the above recipe, I've opted to skip on mentioning them.

Name Location Thoughts
Kafka 2525 Main Street
(Near Broadway)
I am going to say that this is probably one of my favourites. The cafe is near two friends of mine so I have only hit it up when I am with them but each time I've had the drink there it has been absolutely fantastic. It's not too sweet, it appears to use real vanilla, and it has the right balance of ingredients.
Cafe Deux Soleils 2096 Commercial Dr. To be honest, I really come here for the vegetarian food but they do serve a fairly okay London Fog. There isn't anything to write home about but I will remark that it's good and I don't find myself offended by it.
Starbucks Earth Like most things in Starbucks, it's not all that great. Like if I need a cup of tea or anything, it's fine, but I find that their version is just far too sweet. That said, it does exist outside of their Vancouver locations as someone in Dallas confirmed that they can make it. In a pinch, I'll settle with them but maybe ask them to not pump in so much syrup.
Blenz Metro Vancouver Theirs is mediocre. Being that there are three locations near me sometimes I do settle for going with them, but there are far better options but nowhere near that is convenient. Better than Starbucks but that is not an achievement.
JJ Bean Vancouver & Toronto It's good. I've had it at two of their locations (Marine Building and Commercial Drive) and it's fine and really I have no complaints. Definitely better than Blenz and if I feel like walking further away from work I'll go to them.
Prado Cafe 1938 Commercial Drive Prado has a few locations but I generally go to this one due to its accessibility--if I ask to take you there, I probably like you. Theirs is really good and is probably as good or close to as good as Kafka's. The above photo is in fact one I had just earlier this week.

So these are my really ridiculous tasting notes for my favourite beverage. I hope to find out more information about the origins of the London Fog. Once I have dealt with some personal matters in the coming few months, I am going to start digging more into it. I also am going to start making my own at home!

Monday, 1 January 2018

How I made my custom-coloured keyboards

For some time, I've seen many people have these really wicked pastel-coloured keyboards usually representing the colours on the transgender tri-colour. I decided that after fully coming-out that I'd change my keyboard at home and at work to reflect that--other people have these fancy LED Cherry MX-type keyboards so I figured why not.

Here's the end result of what I ended up building:

The top keyboard I bought brand new from Amazon for $77 CAD and the bottom one is a Coolermaster CM Storm which I have had for a few years for use at home. Both make use of Cherry MX switches meaning that swapping the keycaps was really straightforward!

These two links can be used to get the correct colour keycaps if you happen to like pink and blue in pastel tones:

I got the keyboard and the keycaps within a few weeks (keyboard came the next day) but any Cherry MX keyboard of your liking will suffice.

Friday, 29 December 2017

Things I liked, did, or have remarks about in 2017

Oh boy. If 2016 was a wild ride for the world then 2017 was me trying to play catch up. I came out earlier this year and have had a lot of my life unraveled and am now in the midst of ironing things out once again. With that said, I have been inspired by Natalie's "Nattos" awards albeit I will be writing about things that I did or consumed in the year as opposed to what is necessarily new.

I'll try and do this once a year going forward. Items that I'll cover may include purchases, things I've read or watched, food, places I've visited, and so forth. Let's get started!

I've broken this apart into a list here in case you're only interested in certain subjects since this is rather long.

My new car

Of course I am going to start off with the biggest purchase I've made in a decade: I bought a brand new 2017 Hyundai Ioniq Hybrid! I test-drove several cars including a Kia Niro, Kia Optima, and a Ford Explorer--the first two were hybrids and the last one was a rental so I'll count it. I had a few requirements but one in particular was that it had to be a hybrid. After some humming and hawing, I settled on the Ioniq and I cannot say anything seriously bad about this thing!

There are of course little quirks and annoyances with the car, but they're really so minor that I am not bothering to write about them.

It looks really nice too!

Two of the reasons why I love my car are the incredible fuel economy I get out of it and Android Auto. During the summer, I was averaging between 4.0 and 4.8 L/100 KM (49-58 MPG) but during the winter it's somewhere around 5.5 and 5.8 (40-42 MPG) due to my desire to have the heat on. This is overall fuel economy and there have been times where I've encouraged it to run at 1.9 L/100 KM (123 MPG) when I've driven it gingerly from the gas station to my home a few blocks away.

This was shortly after I had filled the car I think.

Android Auto is by far the best feature of the car's interior. Having Google Maps, Spotify, and other services readily available with either my voice or via touch screen is just perfect. Also, the basic self-driving feature in the car via the adaptive cruise control has made the odd morning commute I would do a lot more tolerable.

Previous cars I've owned included a mid-90s Plymouth Voyager mini-van, a 2009 Hyundai Accent, and then before the Ioniq I was driving a 2013 Hyundai Elantra--I guess I can say that I like Hyundais.

Concerts and music

Can we say here that Cari is stereotypically queer? I guess it is no surprise that after years of not listening to Laura's music, I'd find myself listening to Against Me! once again. Most of it resonated with me harsh and when I found out she was making a tour stop in Vancouver at The Vogue, I decided to buy tickets and go with two other queer friends.

The show was absolutely fantastic.

It was a really great show and I will say that if I find myself in the same city as her once again, I'll definitely come out to a show.

I did also attend some other concerts including Coldplay when they also stopped in Vancouver the same month. It was held at BC Place and the show was really good except for one thing: that stadium is just so huge and it felt more like it was at an outdoor venue (technically it is) than anything else.

This is the second time I've had a colourful LED wrist band whilst Coldplay performed.

I had seen Coldplay play twice before but at Rogers Arena, where it's not intended for playing soccer or football but instead ice hockey and basketball. I'd totally go see a concert at BC Place again, but it's still a weird experience that takes some getting used to.

I also picked up an record player this past summer and am slowly building up by vinyl collection. I may write about this in a later blog entry once I have curated enough things.

A smaller amount of travel this year?

For some of you who know me well, I have really picked up a habit of travelling the past number of years. I've been to over a dozen countries and I have plans for visits to other places as well. However, being that this year was a bit tumultuous, I cancelled a trip to Japan that I would have taken in September. However, this didn't mean I didn't travel (just not outside of North America for once) and one place I did go to was Montreal.

Not a terrible view from my hotel room!

I've actually been to Montreal several times before but this was the first time I was able to go there for the purposes of relaxing and seeing friends. In a previous job, I would travel to Montreal periodically to perform some work as a consultant and I'd find myself basically having enough time to fly in, do the work required, stay for the night, and then fly off. Being that I do have a trip to the city in the next few years that won't be for work nor necessarily for pleasure (those who know me personally know what I am talking about), I wanted at least one trip there that would be fun!

Notre Dame in Montreal very much reminds me of its namesake in Paris.

Lots of Montreal reminds me of Europe--in particular Paris and parts of Brussels. It definitely was easier for me to speak French here than it was in Paris--in Paris, I'd have merchants and various other people responding to me in English after hearing my Anglophone-esque Quebecois. Everything was familiar and yet at the same time was different. Basically, Montreal is a really rad city and I can see myself going back for the heck of it again for sure.

Got to meet Zandra after all these years!

Highlights of the trip include going rock indoor rock climbing with some friends who came out from Kingston, Ontario and another person that was local, a birthday dinner of sorts at a sushi restaurant with said friends and another friend who I was doing a Christmas gift exchange with the year prior, and meeting an old friend from IRC back in the early 2000s that I reconnected with via Twitter (see above). The trip was really fantastic and I feel like it was very much deserved!

Next year I plan a trip to Ireland to deal with some legal matters in Dublin and to make one last visit to Belfast before Brexit screws it all up. Additionally, I'll make a hop over to the UK to visit some friends and make a trip to Bletchley Park, and then finally I'll visit New York City for the first time in six years on the way back to pay respects to someone who passed away this year and meet friends and family. Other trips are planned but this is probably the most notable one so far.

Destroying my body further by playing roller derby

You know, right now I see myself as very much femme and a song that played often this past year according to Spotify was Against Me's Delicate, Petite, & Other Things I'll Never Be. So why the heck am I playing a contact sport? Roller derby definite fits into that definition.

Preparing my skates for outdoor use. I've learnt a lot about wheels in the past few months!

I joined the Terminal City Roller Girls (TCRG) Mix-Tapes team, which is meant for people like me who are interested in playing but need to build up the skills. Ultimately I'd like to be drafted on to a league team and play in bouts so I am trying to get into even better shape than I started out with--I lost about 15 KG (~33 lbs) this past year and am now trying to work up some core strength and stamina.

I'm the one with the green helmet on the left as we're attempting to do T-stops.

Skating on quads has proven to be something I am sort of competent at being that I've previously ice skated and own a pair of inlines. I'm able to keep myself mostly stable when skating at speed and there are things that I am slowly getting better at achieving.

Stamina has proven to be my second biggest problem as while I am faster than most beginners, I'm finding that a combination of back pain due to a lack of core strength, a breathing problem that I am currently being diagnosed for, and a change in hormones is really making me hit a wall really quickly.

Where this is exemplified is during a 27/5 trial, where you must achieve 27 laps in under 5 minutes. When I first did the trial, I did 18 laps in that period, but got myself up to 22 in three months. However, I've since dropped back down to 19 and I think the ailment and the hormones have caught up with me. To put this into context, if you take the most optimum line possible, you should be covering at least 1,560 metres in that period of time.

I think that with more advancements in skills (I need to get better at doing my transitions from forward to backward skating as well as getting my stops in better order) that a more efficient skate will be achieved and I will hit that 27th lap. I'm also starting my gym regiment once again and am working on adjusting my diet to make it easier for me to power through these things.

Front page of the WFTDA

One thing that attracted me to the sport besides the fact that it is really fun to play is the fact that the world governing body, Womens Flat Track Derby Assocation (WFTDA) has been front and centre about its support for gender-diverse persons within its member leagues. Having met a few other transgender persons within the TCRG by now has really affirmed my decision to join as it's full of cis women, enbies, trans women, and everyone in-between. I was nervous at first but once we did our introductions and explained who we are, my fears went out the window.

Watching the WFTDA finals with others in TCRG. Rose City versus Victoria was intense by the way!

Basically the community is great and the sport is absolutely fun. I've sprained my wrists a few times, seen someone get a concussion, and a few weeks prior to my showing up, someone broke their arm. I think that the fact that I have such a bad relationship with my body makes me not worry about injuries and should I find myself hurt, I'll just mend myself and get back to playing. This is not an attitude that I had before and I am sure as heck going to ride this one.

Games that everyone can play!

This is a really, really new game I was introduced to: Machi Koro is a city building game that is all card-based! Being that I really like Cities Skylines a lot, it's natural that this game became extremely attractive to me.

Come over and play this game with me!

I made some new friends this past month and one of the questions they asked is if I like card and board games: I answered yes and they brought this out. When I walked into a game store during Boxing Day, they had it available for 20% off and I couldn't resist buying it!

I'll write a proper review for this game once I've sat down and played it once more.

Finding unicorns in gaming both real and not

This year not only did I get one current-generation console, I got two! I ended up getting both a Nintendo Switch and a PlayStation 4. However, the one game that I have sunk a lot of time into (almost 100 hours as of this writing) is The Legend of Zelda: Breath of the Wild.

I had a copy of Zelda before I had a Switch.

It's possibly the most beautiful game I've ever played but I really need to just finish it seeing that I've been grinding for the past few months. Some new DLC has been issued for it but I am putting it off until I finish it and a few other games.

Seriously. This is a bloody unicorn.

Other gaming highlights this year include attending the local retro video game show and seeing the literal unicorn that is the Nintendo Playstation. I was lucky to have a photo of me holding it but unfortunately I am not super eager to share some photos of me from the past year--the one earlier with Zandra is the first one I was super comfortable with someone else posting on Twitter since I actually look nice.

This game was totally worth the $26 CAD.

Other highlights include Sonic Mania and the SNES Classic Edition. I'd like to remark more on it but gaming is something I've become a little bit bothered writing about for obvious reasons.

Rethinking my diet and the lifestyle that goes with it

Back in 2011, I started an experiment to see if not eating meat was possible for me and whether or not it would improve my digestive system; I ceased this experiment early on but wanted to return to it eventually. Having mentioned earlier in my derby remarks that my relationship with my body is pretty terrible, my digestive system definitely reflected that. I can safely say that cutting out meat except for fish out of my diet has proven to be a better state; I refer to myself as vegetarian but pescatarian is the best definition here.

I cannot remember what this dish was but it did taste good.

I've gotten better at cooking since I started and am now really getting used to just doing everything with spices and whatever proteins I can. And proteins are key: for me to get better and stronger at derby, I really need to give my body some building blocks to build on.

Fish has become something I am consuming less at home and more often when out. This is okay as one of the complaints I've heard from others is that my consumption of vegetables was really poor. I'm trying to make a change for the better here!

Irish Soda Bread!

Baking is another hobby I've really liked once again and it's not unusual for me once a week to make a loaf of bread, some sweet treats to bring to work, or just something I'll throw in the freezer for consumption later.

I ate half a dozen of these in five days.

This is a Monster Bar, and it's possibly the best desert I've had in a while. I discovered them while in Montreal and at some point I need to make them here at home because they're just incredibly good and impossible to find here. They're almost everywhere in coffee shops there and yet they're obscure or unknown over here on the West Coast.

One other thing: I sort of gave up drinking? I think that for now I'll continue my sobriety. I am cool with being around others who are drinking and have bought wine and other things for friends as gifts, but I am not sure about what my relationship with alcohol is going forward. I gave my beer making equipment away over the summer and the last time I had any alcohol was when a few friends were over and I wanted to check that the drink I made actually tasted like I expected.

If you're at my home I'll still make sure that there is some booze to consume!

Making an attempt to read things that are way less technical but still for me

I don't think that it is a surprise that this particular book has been picked as my favourite this year being that the first time I've written a review for something in forever was for it.

I love the cover art.

I've read a few other notable books this past year including Girl Sex 101, Queer Privacy, Queer: A Graphic History, and Nevada--holy heck this is really queer.

Sarah is an incredibly wonderful person in real life too.

If you're looking for a copy of Queer Privacy, in the aforementioned blog post at the opening of this piece, there is a link to my coming out post and it may be possible that some of the referral links for free copies may still work.

Improving my career by taking a small step back

I really burnt myself out earlier this year and it's no surprise. To combat my anxiety, I was working aggressively at targets at the end of last year and going into this year, I buried myself in things both at work and at home trying to spin up projects that really went nowhere fast.

Basically I killed my drive and I killed it hard.

RIP 2013 - 2017
One of the things I did early on was shutdown Canario. It was a hard decision as it did give me some credibility within the information security echo chamber that resides on Twitter, but there were so many legal and technical challenges that I myself could not continue to bear. I got a lot of experience out of the project but ultimately I had to bail and it marginally improved my mental health at the start of the year.

There was a VPN project I started to work on and bought equipment for that I too also scrapped in the new year. I figured that by not having Canario on my plate any longer that I'd be able to move forward with other things, but ultimately that too just fizzled out. My mental health was a complete dumpster fire this past year until I finally admitted that I was struggling with being transgender.

As a way to recover, I focused more on what I am doing at work and what I am doing well. I took on some large projects this past year and while they were hard they were most definitely worth it. I can look back at my past year at work with a bit of pride and next year I am going to be able to focus on things far better than I have in the past.

I also pulled away from stuff outside of work and made a point to let my brain relax and sort itself out. I stopped attending the local information security meetups and now the nights I'd find myself there are occupied by going to derby practice. I'm going to show my face at the local VanCitySec meet for the first time in eight months since we're not playing again until February.

I'm also going to start attending conferences once again. I'll be at the Women in Tech Regatta here in Vancouver next month, submitted a talk to BSides Vancouver, and hopefully will be at Hackers on Planet Earth (HOPE) in July.

A lot of personal projects have sprung up but I am taking them very slowly. I am still playing with A/UX and have some odd plans for that project, a few things I am rebuilding are on the road to completion, and I have some data I am sitting on that I plan to share for a good laugh. I have a plan to do more analysis on 3DO games since I keep putting that on the back-burner, but I won't stress out too much here.

British Columbia's wildfires

Let me tell you, this year was the worst year on record for wildfires in British Columbia.

It's annoying but it is also just smoke. I could be losing my home instead.

Pretty much half of July, half of August, and a chunk of September brought smoke from the intense fires in the interior down to the coast.

I'm privileged to have this view every day at work.

When it cleared up it was a huge blessing but still. The lingering effects on people's lives and health definitely cannot be ignored. In my case, it intensified my breathing problems and I fear that next year won't be any better with the effects of climate change still continuing to intensify.

Transitioning and finally being open with myself and others

I'll open this part up by saying this: on April 11th, I didn't think I'd be able to see myself writing this blog piece let alone seeing the sun go down that day. It was that realisation that lead me to start to transition.

I have about four more appointments before I'm going to switch to electrolysis.

Once I came out, I started with laser hair removal on my face, something I wanted to do for years but without transition. It has been the best decision I've made pre-hormones as it made the hair removal far, far easier. I am currently at 95% of my hair gone overall.

It was fun to watch the parade but I think I can do without sitting on concrete for four hours.

I attended my first pride parades and marches. I did the transgender march, went to a festival for lesbians, and joined some friends at the pride parade. There were points where I wanted to cry and I just felt almost whole.

A good skin regime has been the bestest friend ever for my face.

I absolutely care about how I look now and don't rush things most days. Skin care has been my biggest challenge as I do suffer from dry skin on my face. I'm spending time each morning taking care of my face and doing the same before I go to bed. 

Taking care of myself is something I want to do. Before I came out, I was effectively letting myself go albeit slowly. Now I am exercising, being social, and just trying to be responsible with my life. 

Went to a masquerade ball with friends and felt incredibly happy.

And that being social has been super important to me. Almost everyone I came out to in my circle of friends have been extremely accepting of me and have been very eager to keep me on their minds and involved in things. Old, new, and rekindled friendships have been extremely valuable to me and there is no way I am able to repay this other than being as much if not more of a friend in return. Everyone who has included me in their life has made a significant impact to me.

It hasn't been entirely easy that said. My relationship with my family is rocky (some extended have been very supportive) and definitely will need to be repaired. I am hoping that this will happen sooner than later but I am always going to be waiting and I hope that they're working towards that; I'm patient.

In addition, I did end up losing a spouse over this. She and I had been together for six years, married for one, and sadly we opted to end our relationship. It's really awkward between us right now and I am hoping that we can remain friends; we did recently have lunch and I felt like we had a good time. This new relationship is not going to be easy but I believe that it is possible for it to work out. I care about her deeply and always will consider her family.

I just felt like I nailed it in this photo.

I take so many photos of myself now and am able to express myself in ways I never did before. I coloured my hair starting in September and decided to give my hair a pink streak the last time around. I think that this may become a trend since it seems to be going over well with everyone and is not tactless or anything.

I just bought this sweater and I think it looks alright on me.

It's not always a happy day for me. The above photo makes me look nice but I feel like I can look so much better. Every day is a mixed challenge but I know I am going to get better and every day is a step forward, not one backward.

This dress is so incredibly comfortable and fits me well. I have a red belt that goes with it.

But here I am feeling confident. Some days I take a photo and I just go "wow" and the whole issue with dysphoria vanishes. I've been told that as months and years go by, it gets much easier and I am starting to believe that. Dysphoria is an awful experience and there are days where I cannot face myself due to it.

I look forward to only taking the tiny blue pills for the rest of my life.

The best story I have about transitioning is this: I took a week off before I transitioned to being me everywhere and I was into my second week of being on hormones. Some things have kicked in quickly such as lowered libido (sorely desired and happily working), but one big thing came along that seems to happen with trans women at this point: I felt good. I was just sitting on the couch watching something on Netflix and it just registered in my mind.

It was a new feeling and the way I can describe it was that it felt like my brain and my senses were talking in a language while new was remarkably familiar. I felt happy over this and even though I had a dumpster fire going off left, right, and centre, somehow I knew at that very moment I was more than capable of living and doing what I need to do.

I'm privileged though in my transition. I've been able to afford laser hair removal without thinking about how much it will impact my ability to eat. My physician was referred to me by the provincial health authority that handles transgender persons and she has been absolutely affirming and helpful to the point where we ended up getting me into the system for a procedure all the while us forgetting to talk about my general health issues (we booked a follow up appointment for a few days after). My company has been very good towards me in accommodating my many appointments and letting me know about my options for when eventually I get this procedure done. Effectively, as it stands right now, I am in an enviable position and I won't ever overlook this.

In June, when I saw a psychologist for an assessment, she remarked that she figured I'd be fine and that the panic I had at the time was normal. I thought that her statement was asinine at the time but I realised later on that she was right and when I saw her once again last month, I told her that. I am not panicking about transitioning; I am actually getting through this just fine as she said I would.

As of this writing, I am 136 days into hormone replacement therapy (HRT). I don't want off of these at all; one of the pills I take daily is only needed until I get a procedure performed of which I have already spoken to my physician about. When I was taking anti-depressants, I hated how it ruined my brain and made me feel like a complete alien. With HRT, I feel like a human being again and that human being is a woman.

I'm still exploring my queerness but I am not reluctant to any of it unlike I was for such a long time before. Some other gender diverse people have reached out to me since coming out and have remarked that I am an inspiration for them. I have to say that they're an inspiration to me because it's not easy to do this and I like many other transgender persons before me are following the footsteps of others.

Friends have remarked that I am much more forward with being social and show myself as being happier; I believe them.

Let's end this entry on my favourite event and talk about what's in store for 2018!

Okay. I am going to say this: the solar eclipse was probably the coolest experience of my whole life.

A view from my apartment's patio at peak

Now, granted, it was only something like 88% coverage for those of us in Metro Vancouver, but come on, the way that the light dimmed and how shadows appeared was just truly surreal. I've seen so many lunar eclipses and they are just boring compared to the weirdness that a solar eclipse creates. It also impresses me how even with 12% of the sun's light making it back to us is still as intense as the photo I am sharing here.

In 2018, I plan to continue progressing. I will be more social, I will do my best to mend what is broken, and I will make improvements to my life wherever.