Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:From (one of the) TFAs on Police Using Apple iOS Tracking Data For Forensics · · Score: 1

    This guy sniffed the location updates that each iPhone pushes to Apple: http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113

    Apple hasn't kept the way their location services work a secret, but they don't advertise them, either; probably because of the fear of exactly this current hubbub. So we can say that their strategy of "security via obscurity" failed. Or did it? People have become hooked on location services via apps like Maps and Foursquare. They won't want to turn it off.

    I expect that Apple will soon publish a memo saying "We already thought about this. If you don't like it, you can always turn off Location Services in settings. But then the Maps app won't work, and foursquare will break, and other programs will fail. And you don't want them to fail, do you? Besides, we've never misused your data. We just turn it over to the authorities for national security to prevent terrorism. We don't support terrorists. Or child porn. Or speeders. Or democrats."

  2. Re:Senator Al Franken on Police Using Apple iOS Tracking Data For Forensics · · Score: 2

    Minnesotans could also say "Governor Jesse 'The Body' Ventura." Apparently they believe in electoral humor.

    That's because, when given the choice between a turd sandwich and a poop-burger, we chose the shit-taco. Why settle for average dumb asses when you can have a top-of-the-line dumb ass?

    I don't think we ever claimed to be the smartest state in the Union.

  3. Re:Whoa, whoa. on Police Using Apple iOS Tracking Data For Forensics · · Score: 3, Interesting

    Your phone's location data has always been available to anyone who presents a warrant to your phone company. This just makes it easier to perform warrantless searches like they do in Michigan.

    Anyone with a cell phone should have an understanding of this. If you bring a cell phone with you while you're committing a crime, don't be surprised if it's used as evidence against you. And if you bring a cell phone to Michigan, learn how to say NO to the cop who asks you if he can see it. At least in America, you are still not required to cooperate in investigation against you.

  4. Re:Android on Police Using Apple iOS Tracking Data For Forensics · · Score: 1

    First, it seems Android shares a similar problem, though the file containing the location data is "only accessible on devices that have been rooted and opened up to installation of unsigned apps

    Doesn't Android just store the past few days information unlike years together like the iPhone?

    So it's degrees of evil? Do you really think the cops will "bust you less" if they only have a few days worth of your data?

  5. Re:I'm so sick of the word "Agile" on Book Review: Agile Development & Business Goals · · Score: 1

    In the real world, we call that a "Requirements Document". It's handy to have, just in case you can't finish and someone else has to.

    As a software engineer, we call that a "list of half-baked ideas, ill-conceived notions, and incorrect assumptions that neglect serious side effects and consequences of the decisions it represents." Instead of "trying to make the document better", Agile recognizes that the document will never be perfect. Agile instead says "hey, you, Business Stakeholder, come sit with us so that when we run into one of these poorly-thought-out notions we can ask you what you really meant for us to do."

  6. Re:Anecdotal on iPhone and Location: Don't Panic · · Score: 1

    One technical correction on your otherwise excellent post:

    The location data is not the GPS location of the user, it is the location of cell towers the phone can see. All the location data is time stamped, and stamped with the carrier network ID, and the ID of the individual and there's no way you can be in 3, or 6, or 9 different locations at the same time. Depending on how many cell towers were visible, all this tells you is that the phone was within maybe a few km, but up to 25-50km of the tower. If you then take that data and use it to triangulate the users location, you'd typically get a location that was at best accurate to a bit under 1km, and more likely a few km.

    The location is not that of the tower, it's the location of a specific cell that is operated by the tower. And it's not even the location of the antenna, but appears to be the averaged location of the iPhone users who have connected to that particular cell. (Which makes sense, because that's the locations the phones report back to Apple.)

    It makes a difference because a single tower covers a large region that has many different cells. The smaller the cell, the finer grained the location information.

    Also, the iPhone appears to retrieve several cells worth of data at once. If you turn on your phone in a location it's never been before, it will connect to a specific cell, but the cache will be populated with all the cells located within a certain radius of that cell. The cache doesn't say which of those cells you connected to, but if you plot them they appear in a large circle centered on the point you were at.

  7. Re:ummm on Apple Logging Locations of All iPhone Users · · Score: 1

    If you read the appmakers' FAQ, they mention it deliberately downgrades the resolution:

    "To make it less useful for snoops, the spatial and temporal accuracy of the data has been artificially reduced. You can only animate week-by-week even though the data is timed to the second, and if you zoom in youâ(TM)ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately."

    Regarding your idea that "it's some sort of cache/database file used by the OS to make better connections and to do it faster" - uh, how?

    wifi/cell: Hey there I'm an access point, here's my station id, give me the right password and I'll let you use me.
    phone: cool, hang on, before I look up my station:password table I'll just look up my database of where I've been before so I can connect to you faster!
    wifi/cell: wtf?

    Not having a Mac, I didn't use their app. I opened the database files and retrieved the data myself, then plotted it in KML, so there was no "downgrade of resolution". I was playing with the raw data. The data strongly appears to be cache entries for use by Location Services. The timestamps indicate it's retrieved in groups of rows, returning several points simultaneously. When you look at the plots of the data, you can see a series of bubbles around specific points I had recently been at or driven past. The data is not an accurate rendition of where I was, but rather a large cloud of points around areas where I'd been. The data shows that I traveled to a northern town last weekend, but does not show where in that town I spent my time. And it contains data for places I didn't even go to, but those places surrounded a straight line extending my actual travel path. Possibly it heard a cell tower from far to the west, and shoved the cache of local-to-it towers to my phone.

    Location Services is Apple's interface to answer the question "where is the phone now?" It uses all kinds of radio data to figure it out: Wifi access points, cell tower triangulation, and GPS all are inputs, even if one or more is unavailable. If it encounters a new MAC address, it sends the current GPS coordinates back to Apple so they can send it out to other iPhone users. If it encounters a new cell tower, it reports that as well. The iPhone users all invisibly share the creation and use of Apple's common location database.

    So be paranoid if you want. Fine, I won't stop you. But I'm going to bed tonight without losing any sleep over it.

  8. Re:ummm on Apple Logging Locations of All iPhone Users · · Score: 1

    I just spent time decoding the data and viewing it in Google Earth. It has my location to within an area roughly a kilometer wide, not to a point. It appears to be caching the MCC, MNC, LAC, and CI of the towers near the locations I've traveled, the timestamp of when it first downloaded them, and it caches several of them at a time. The reason is likely to be "to provide quick response for location services".

    Would it be damning if I were someone trying to deny my phone was near a place at a certain time? It could be. I think the next step is to take the phone on a tour of the city, preloading the cache with data about every tower and wifi access point in town. At least then the time stamps wouldn't convict me of a later visit. Of course, the police could more easily retrieve the real-time records directly from AT&T, with a warrant and without my consent.

    I'm hardly an apple fanboi, but the reasons seem fairly explainable, even if the results seem potentially dangerous.

  9. I can't wait for the hacks on Lasers To Replace Sparkplugs In Engines? · · Score: 4, Insightful

    Seriously, just think of the potential hacking uses of a pencil sized high powered laser! Cutting and drilling through hardened steel. Remote ignition of fires or detonation of explosives. Actual blinding weapons in a flashlight case.

    I'm afraid they'll be too cool to be let out in public.

  10. Re:Iranian Idiot on Iran Says Siemens Helped US, Israel Build Stuxnet · · Score: 1

    What the hell does Siemens have to do with the code running in their SCADA systems? Siemens sells PLCs and SCADA software. YOU hire someone to program it for you. At no point in the transaction does Siemens have a copy of your code or architecture unless you GIVE it to them... dumbass.

    Because a significant part of the stuxnet hack was to modify their SCADA programming environment so that it would embed the malicious payload in the SCADA instructions without revealing its existence to the SCADA programmers. Coincidentally, the Department of Homeland Security had supposedly just finished "reviewing the Siemens source code for security flaws". Could there be collusion? Sure. The bigger question is if anyone will care if Iran tries to sue them? Doubt it. It's not like Siemens execs are going to fly to Tehran to stand trial in front of those useless crazies.

  11. Re:OK, if you want to be normal... on What Monty Python Teaches Us About Computing · · Score: 4, Funny

    Who shit in your Cheerios this morning, pumpkin?

    I don't know, but I want that job when the guy who does it quits.

  12. Re:You don't need a weatherman on Hacker Claims He Broke Into Wind Turbine Systems · · Score: 2

    Do you know for sure that's true, or is that something you desperately want to believe with all your heart that we're not stupid enough to turn over all mechanical functions to embedded systems? Because I have to say I've been amazed to learn of the diversity of different physical systems that have been turned over to software control. Sensors, motor speed controllers, pumps, switches, relays, etc., all are frequently software operated, or have some measure of software control over them.

    Power companies are no strangers to automation systems. They've been early adopters in the field of automating control systems because their systems are so geographically diverse. And it's hard to blame the engineers, because those things make systems flexible, easy to monitor, and easy to manage, all from remote sites. Any time you can use a controller that will save a maintenance guy a trip in a truck and up a ladder, you're saving money and improving problem response time.

    Sure, I like to imagine that there are still failsafe mechanical systems in place. That if there is too much current that some fuse will blow, or that a cog will trip an actual power relay when some motor tries to reach beyond its absolute limit of travel. But I've also come to believe that even the most innocuous devices could be subverted to cause serious problems. Maybe it's a sump pump, responsible for draining rainwater from a motor pit, or a ventilation louver that is supposed to close when the rain sensors are tripped. Maybe it's the lubrication system, or the weather vane, or the access hatch, or a hydraulic pump.

    I see the cost of everything trumps engineering decisions all around us. I have so little faith that everyone is doing things "the right way" instead of "the cheap way" that I would be surprised if these systems couldn't be remotely destroyed by a malicious attacker.

  13. Re:time conceals, then reveals non-physical wounds on Wind Power Firm Sees No Evidence of Hack · · Score: 1

    Dammit, Timecube, you've crossposted back into the sane world again. Stop that!

  14. Re:You don't need a weatherman on Hacker Claims He Broke Into Wind Turbine Systems · · Score: 2

    Supposedly he accessed the SCADA system. If so, he could alter the behavior of any or all of the mechanical controls: he could disable the logic that locks the wind turbine blades when the wind is too strong in order to prevent damage. He could shut off the lubricating pumps, and send phony sensor data back indicating the bearings are all operating within normal temperature and vibration parameters. He could remove the generator load, allowing the blades to freewheel, then instantly reconnect the full load once the blades were spinning over their max rated speed. He could alter the pitch of the blades (possibly one blade at a time) causing an out-of-balance condition. He could alter the motors that position or hold the turbine blades facing into the wind. Basically, changing any limiting parameter that prevents the system from damaging itself places the system at risk.

    There is no doubt a long list of potential attacks, both subtle and overt, that a well placed hacker could execute. I am not a wind-generator expert, so any or all of the above suggestions could be completely off-base, but I took inspiration from the damage Stuxnet was coded to cause. A real wind-generator engineer would no doubt have a real list of actual damage a malprogrammed SCADA system could inflict.

  15. Re:Are these hazardous to airplanes? on High Schoolers Push Down Price of Near-Space Photography · · Score: 2

    I'm going to put on my buzz kill hat and say that it's only a matter of time before one of these contraptions is going to get sucked into a jet engine or foul a propellor.

    The FAA does have rules on flying unmanned balloons. They say things like don't operate them near airports, deploy them only on days with less than 50% cloud coverage, if they're deployed at night they have to have blinking lights, etc. Without more details, we don't really know if these kids followed those rules or not, but they're pretty simple rules to follow, and given the sophistication of their device I'm betting these kids were capable of following them.

    They'd only be collision hazards during the limited time periods of ascent and descent. At 95,000 feet, there is no traffic of any kind except for those that bring their own oxidants with them (rockets.) And when you think about it, airspace is really really big, so the chances of a mid-air collision are vanishingly small. When you say "a matter of time", you might be talking thousands of years.

    As far as a jet engine vs. this contraption, well, given that it's being lifted by a balloon less than a meter in diameter, it's probably made of the lightest mass plastic components possible, and would have a pretty small chance of causing damage to an engine. And consider the worst case, where the battery gets sucked into the engine and explodes. In the middle of a screaming combustion chamber. Designed to burn gallons of Jet-A fuel every second. It's probably not going to make too much of an impact there.

  16. Re:Really reaching here on New Houses Killing Wi-Fi · · Score: 1

    So you can afford a $300 heating bill over the $80 heating bill in the winter, but cannot spend $250 each month in the summer to replace a window at a time? Or spending $220 month in the summer adding insulation to your house? They're actually quite simple tasks that you can learn fairly quickly, so there should be nothing stopping you from doing the work yourself.

    It always surprises me that people who can least afford the high cost to heat their house are the ones who never ever do anything about it.

    If you really think you can't spend that much, can you afford a few batts of insulation to stuff around the windows? Can you buy some $15 packs of 3M window wrap, and at least stop the biggest drafts? Can you replace the worn-out trim strips around your doorways? There are a lot of inexpensive measures that you could take that won't be as good as actually adding insulation or replacing windows, but will help save some energy (and money.)

  17. Re:Site Survey on New Houses Killing Wi-Fi · · Score: 1

    Buying a house is all about location, location, location. Scenery, convenience, parking, noise, cellular coverage, neighbors, parks, water, privacy, roads, local industries, tax base, schools, drainage, lot size, all that stuff matters to some degree or another to various people.

    For me, the things I can change are the things I can ignore. Cell coverage or wi-fi? I'll buy a booster or an extra access point, problem solved. Noise? I can put in better windows. Schools? If he wasn't already gone and I had the need, I would drive him to an alternate school. Scenery? That's trickier. You have to be sure that the empty lot next door isn't zoned for a three story apartment building. Drainage? A valley is likely to have more water problems than a hilltop. And so on.

    Then there's the matter of the house itself: architecture, style, price range, rooms, woodwork, siding, construction, age, condition, etc. Changing architecture is much harder than changing paint colors.

    And none of that matters a bit when the wife says "Oh, honey, I want this one, they have flowers on the antique light switch cover plates!!" Sigh.

  18. Re:Non-issue really on New Houses Killing Wi-Fi · · Score: 1

    It's not as uncommon as you think. Builders often put insulation in interior bathroom walls strictly for sound dampening purposes, especially if there's a whirlpool spa tub in the bathroom. Of course, they don't necessarily use foil-backed insulation for this purpose.

  19. Re:how will they on Chinese Censors Crack Down on Time Travel · · Score: 2

    How will they prevent their people from traveling to the future naturally?

    They have a time-tested bullet related procedure that's highly effective.

  20. Re:He's an Idiot with Plenty of Company on 'Scrapers' Dig Deep For Data On Web · · Score: 2

    "Why," I inevitably ask myself, "would I ever buy anything from you, you knucklehead, you?"

    You aren't supposed to buy from them. The link isn't there for your benefit. It's an SEO trick, part of the strategy in trying to raise the page rank for that site.

    If you run a blog, you'll find you'll get a commenters that say stuff like "hi, your site is a good understand! one for my book marks." It's flatteringly nice, and obviously English isn't their native tongue, so you thank them for their kind words. And with luck, you may not follow the link in their user name, which you might then discover links to some Russian site, which if you bother to visit with a translator looks like some kind of news aggregator page. "Even weirder", you think.

    Eventually, you realize that the comment they posted is utterly generic, and could have applied equally to a cooking site or a fishing tutorial site. But why link to a news aggregator? You can peel the onion further, dig around the news site, and never find anything that appears to be of value. If you look at the collection of them, however, you discover it's but one plot in a link farm that ultimately links to a lot of sister sites, and all of them have links to the companies that paid them for the optimization. You'll finally realize there's a whole fake web of links out there that exist strictly to boost Google's page rank of their customer's sites.

    The best way to fight them is to make sure your blog software adds rel="nofollow" to any href tags providing links to user-supplied URLs. Most SEO spammers know that Google won't use those links when computing pagerank, and will hopefully leave your blog alone.

  21. Re:the darker side of grey on 'Scrapers' Dig Deep For Data On Web · · Score: 1

    Certain kinds of discrimination are illegal in specific cases, of course, and remain illegal regardless of how you obtained the information.

  22. Re:Nonsense on 'Scrapers' Dig Deep For Data On Web · · Score: 1

    Its ridiculous to expect users to anticipate and thwart privacy invasions. These companies could be shut down overnight (or at least rendered illegal) with common-sense legislation. The problem is not users, it is their bought-and-paid-for "representative" government(s) which sell out their constituents to be deceived and abused by sleazy industries.

    It's "ridiculous"? Someone held a gun to your head and told you to post your oh-so-pitiful life story on line? They made you post that picture of you drinking with some friends at a stripper bar, or the story about that time you were snorting coke off a hooker's ass? You think some all-powerful government should come and save your irresponsible neck from someone else trying to make a buck off your drunken stupidity, and do so by censoring your writings from them? And you think that doesn't sound ridiculous?

    It's quite simple. If you don't want to share it with the world, DON'T SHARE IT WITH THE FUCKING WORLD.

  23. Re:Bring on the nuclear applogists on Japan Raises Nuclear Plant Crisis Severity To 7 · · Score: 1

    And that helps solve the problem for the existing waste in exactly what manner? Oh, right, it continues to bypass the current problem and encourages us to continue to ignore it.

    Even if we were to discover a new source of energy that allows us to shut down all current reactors right away, we still have fifty or sixty years of existing waste to deal with. That's waste that can leak due to whatever reason, it can be splattered about the countryside by conventional munitions in a war, it can be stolen or spread by terrorists, or even turned into nuclear weapons. Waste that we will have a problem with at some point in our future history, because we can't agree on what to do today.

    Sure, LTFRs sound nice and safe, at least as much as a nuclear power generating plant can claim those qualities. Fine. Bring them on line. But we still have to do something with the current litterbox full of radioactive poop.

  24. Re:Bring on the nuclear applogists on Japan Raises Nuclear Plant Crisis Severity To 7 · · Score: 1

    Keeping plutonium-laced spent fuel in swimming pools all over the country is dumb-as-fuck

    I think this point is probably one that almost all slashdotters can agree to. I just hate how our government is incapable of coming up with any improvement at all.

    Because improvement is beyond their capability, both in the short term as well as the long term.

    In the short term, you've got NIMBY people. They're all for cheap electricity, as long as you don't bury your radioactive wastes in their state. Or let your nuclear waste train ride across their state's train tracks. No set of politicians is ever going to agree there.

    In the long term, we don't have any experience in building a storage facility that will remain secure for the duration of the decay of the isotopes. Concrete and steel won't last but a few thousand years. Armed guards will last only as long as the civilization continues to pay for them, and there's no great historical track record there, either. We can't even know what language to print on the warning signs to hang outside of the facility that will still be legible an eon from now.

    So we do what we've always done: ignore the problem by leaving the waste on-site, ready to leak into whatever nearby waterways are used to carry away the reactor's waste heat, and task our children with arguing about it 20 years from now. Our only hope is to educate our children better than we were educated, so that they'll be able to make a more rational decision than we're capable of. But given our track record of politicizing education, and the fact that we're still having these arguments that our parents left us, I certainly wouldn't recommend placing a lot of hope in that process.

    Since Chernobyl was a severity 7 event and caused no real global changes, I don't expect the Fukushima-Daiichi crisis will spark much of a change in nuclear policies either. It's probably going to take a severity 8 or 9 crisis (mass extinctions, millions of deaths, the abandonment of a country or continent, and probably an incident on North American soil) to get someone to drill a hole deep enough to bury this waste.

    My guess is that such disposal will eventually happen by force, not by consensus - after the disaster the U.S. Army will essentially invade Utah or Nevada, cordon off a region, dig a hole, and start burying the waste from every reactor in the planet. They may even invade foreign countries in order to collect their spent nuclear waste for burial. But after responding to such a disaster, I wonder if they will still have the resources to actually make it happen.

  25. Re:Apple-time on Apple AirPlay Private Key Exposed · · Score: 1

    Why, for making a public key public? Come-on, even a lawyer will have trouble with that...

    No, he made a private key public. RTFT. Not that Apple didn't already make it public by sending him a copy embedded in the ROMs of the machine he purchased from them.