Slashdot Mirror


User: natehoy

natehoy's activity in the archive.

Stories
0
Comments
3,122
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,122

  1. this just in from Pottsylvania on Twitter, Facebook DDoS Attack Targeted One User · · Score: 1

    "Was Moose and Squirrel!"
      - B. Badenov

  2. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 1

    Right, and there are some parallels between cell and avcom that could be applied. I'm not saying we're inventing a whole new technology, only that it's an expensive proposition.

    Cell phones aren't cheap, really, but they appear so because you pay for them as part of your cell plan, but point taken that they ARE cheaper than your average AvCom.

    But the kind of a "cell phone" and network you'd need to support aviation would be very different from your average handset.

    If you want individual registration and encryption, the tower system would have to handle secure multicast (pilots calling in to a conference line or something analogous?). That's a lot of channels if you want to secure the communication, as opposed to the current handful of channels.

    Keep in mind that a very large number of airports in the US do not have a control tower. Pilots use UNICOM, which basically means a frequency is assigned to the airport and anyone in the vicinity who is equipped with a radio is encouraged to use it to talk to each other. So you're adding a centralized system to a lot of airports that don't have one, or pilots will have to have two radios if they want to use UNICOM airports.

    Cells are also low-range, so you'd either need to put in a lot of towers in rural areas (or add more if you want to use the existing cell network), or go with a higher-powered radio (meaning more frequencies need to be available to reduce crosstalk). The current cell frequencies are pretty loaded up as it is.

    Aviation uses AM radios because they have excellent range, decent fidelity, and are simple and reliable (and NOT dependent on a centralized system to work - if the Tower goes down for some reason pilots can still talk to each other). Also, they use a frequency that is really only good for voice (not enough bandwidth/clarity in AM for encrypted singlecast, much less multicast).

    Readback (having each pilot acknowledge orders from the Tower) already ensures that Pilots and Controllers are actively confirming the validity of their mutual conversation. If you tried to introduce invalid instructions, they'd get caught quickly.

    So, even if you went to the significant expense of building out a cell-like system, or had pilots use the existing system with all the government-sponsored expansion of the existing system that would mean.. you're putting a lot of money toward solving a problem that doesn't really need a technological solution.

  3. Re:anything worth doing on Large Hadron Collider Struggling · · Score: 5, Insightful

    Agreed. There's a reason the term "cutting edge" is used to describe cutting edge science, and in cutting edge science, well, if it worked perfectly the first time it probably wasn't very ambitious.

  4. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 1

    I'm glad I don't have any mod points, because I couldn't decide between "Funny" and "Insightful". :)

  5. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 1

    Hmm, I hadn't thought about one-way identification. That does raise an interesting possibility. I still think proper read-back would offer essentially the same assurance (since once a bonehead starts injecting invalid commands into a frequency, the real controller is going to start issuing corrections really quick, and pilots are trained in visual signals if the radio comms become unclear). But that does make positive identification of the tower a real possibility. IMHO not nearly worth the expense, but it's an excellent point.

  6. Re:Could be easily worse on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 3, Interesting

    If CTA instituted a "read-back" policy like what is used in Aviation, they'd have very close to 100% security from invalid instructions at almost no cost.

    If "Hackboy" tried to introduce an invalid instruction, even if he was on board the train or at the station so only one side could hear him, the transmission would be identified quickly. Even if Hackboy knew the lingo.

    Example:
    Hackboy: "Train 123 this is Control, the blockage ahead of you has been cleared, you are cleared to resume full speed."
    Train: "Control this is Train 123, Iacknowledge blockage has been cleared, resuming full speed now" (starts to speed up)
    Control: "Train 123 NEGATIVE. Train 123 this is Control. Blockage has NOT been cleared. Do not resume speed."
    Train: (pulls back speed) "Control, this is Train 123, I have lowered speed, but you said just a second ago that the blockage has been cleared."
    Control: "Train 123 this is control. No, I said no such thing. Continue slowly. Do not resume speed until you hear from me and have acknowledged."


    Now the Controller and Train know they have a troublemaker in their midst, and the troublemaker has had no real opportunity to cause mischief. With AM, even if the troublemaker had tried to acknowledge and drown out the Controller's negative response, what the train operator would have received is a garbled mess probably containing the yelled word "NEGATIVE" or "DO NOT" somewhere, and he would have likely pulled back on the accelerator and requested clarification.

  7. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 1

    Well, just to play devil's advocate, I'd rather lose all aviation comms entirely than start relying on invalid information. I don't NEED a radio to fly. It just allows for far more efficient handling of traffic. If you managed somehow to knock out every radio in the country, there would be very few crashes (possibly even none) - pilots would receive visual instructions to either vacate the area for a while (or head to a reliever airport for landing) or continue in pattern, and of course no one would get takeoff clearance so the fact that planes are landing less frequently just means you have a couple of pretty hairy hours for pilots and controllers until enough planes land and get off the active runways. If it happened in IFR (instrument) it would get a little uglier, but there are pretty decent procedures to handle it fairly well.

    On the other hand, adding invalid information to a channel could add real risk. So if I call an airport frequency at night for tarmac conditions and get a response that everything is fine (when in reality the tarmac is being plowed up by the Mayor of Chicago, but the runway lights are still on) I'm at more risk than if no one answered at all. I have a spot where I'm less likely to look for a hazard where one may actually exist.

    I agree with you (for many other reasons I've stated in other posts) that an encrypted radio system is pretty useless for aviation from a security perspective. It's theoretically possible but basically practically impossible to truly secure aviation communications. And if it doesn't add security, it obviously doesn't justify increasing complexity.

    But there are conditions under which no communication at all is better than possibly compromised communications. Trains may be a good example of this - a train operator can be told that if the radios go down they need to slow the trains way down so they can see hazards. The "DOS attack" introduces major inconvenience and delays, but no significant risk to passengers. The comms are providing efficiency, not safety. Whereas injecting real-sounding but false information ("Train 321, that blockage ahead of you has been cleared, you are free to resume speed") could present a real hazard - and a low-powered radio near the train you are targeting could easily be heard by the train conductor but NOT by a central controller.

    So I could see where there may be some conditions where encrypted radios are useful. Aviation isn't one of them, but it's like protecting a network against a DOS attack - you can't lower security to prevent the DOS attack, and sometimes you accept an increased risk of DOS attacks as a cost of securing communications when they DO happen. In fact, a very rational response to a perceived "hack attack" on your network is to disconnect your network from the Internet for a while. A self-imposed DOS attack to prevent something more serious.

    But, is it worth the money? What are the chances of a successful injection of invalid instructions? Are there cheaper methods available, such as "read back" (when you get instructions from the Tower, you read them back to the Tower along with your aircraft ID in your acknowledgment - this is to ensure that the correct pilot got the information correctly), that would be just as useful at basically no cost?

  8. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 5, Insightful

    No, many planes are equipped with multiple radios (for backup or simply to be able to switch frequencies quickly) anyway.

    The real issues are threefold:

    1. Money: Encrypted radios cost, and there are a LOT of the old AM-band radios out there that would need to be replaced. Most planes have one, and most pilots carry at least one handheld for emergency backup and to get ATIS and just to monitor the frequency while they are preflighting to get an idea of what traffic is like, etc.
    2. Range: With an AM, unencrypted radio, you can lose a surprising amount of signal and still make out what the person on the other end is saying. Once you encrypt the signal, your signal has to be pretty close to perfect or the decryption doesn't work. So you either just cost radios serious amounts of range, or you have to find a new frequency band where more information can be packed into the same frequency and you have more discrete frequencies to ensure a clear transmission free of interference.
    3. Security: In order to use them, pilots will need to purchase them. So every pilot shop is going to need to offer these radios for easy sale. If pilots can buy them, so can other people, unless you want to get into a registration system as complex and useless as a gun ownership database. Then, of course, you can't really issue unique encryption keys to each radio because registering them is going to require a hellishly complex system. So you'll end up with something that is easily replicated and easily acquired, and therefore offers no real security.

  9. Re:Why is public transport still living in stone a on FBI Nabs Chicago Transit Authority Radio Hacker · · Score: 5, Insightful

    Well, partly because if you upgrade all aviation comms to encrypted radios, then every pilot would need to go out and upgrade their equipment to an encrypted unit. Which then means that encrypted radios need to become readily available for every pilot and/or A&P mechanic to purchase, which means every Tom, Dick, and Harry can walk into Ye Olde Pilot Shoppe and buy one, which means that said Tom, Dick, or Harry can then carry on with their mischief. You'd in essence be forcing everyone in the Aviation field who uses comms for anything to upgrade their gear and not improving anything as a result.

    Now, with a closed-loop internal system like bus and train, I see your point. You have a fixed number of authorized users, and life is good. Mischief would be limited to a hacker who has the time and resources to monitor the frequencies long enough to break the encryption (which wouldn't be terribly long, since all the radios would have to use the same encryption keys, but at least the infantile idiots who buy a GPRS radio at WalMart and have trouble inserting the batteries properly would be excluded - so when someone DOES break in they'll celebrate their achievement by something more sophisticated than yelling "AFLAC" in a falsetto duck voice every ten seconds).

    I don't know how much more encrypted radios are, but I'm assuming it's more of a budget issue than a technological one, and the very real possibility that the system can be broken anyway. Heck, I'd think using the cellular network would give them more secure communications with better voice quality and less need to maintain expensive radio towers. But that's point-to-point communications and not broadcast like a radio would be (which means a switch operator can't get on a radio and yell that anyone approaching switch XYZ had better stop right now or risk a crash, for example).

  10. Re:Do people just like wearing glasses? on Adjustable-Focus Glasses Can Replace Bifocals · · Score: 1

    I think your eyesight problem is considerably different from the one these glasses were meant to solve. People with extreme nearsightedness like myself might find these a useful, if a bit overly technical, solution.

    Currently, I have single-vision lenses, and they correct for my nearsightedness. This is all well and good, but my prescription is strong. Strong enough that things less than a few feet from my eyes are somewhat difficult to focus on. So, for example, reading causes additional eyestrain.

    But if I take my glasses off, I have to hold the book about 2 inches from my nose to make out the words, so obviously that's not practical.

    I tried bifocals, but found that the position I had to hold my head to read was uncomfortable after a while. So, eventually, I just started getting reading glasses (a second set of eyeglasses with a prescription slightly weaker than my normal glasses). Reading glasses are great, but I also like to have them for, say, doing my day job (working on a computer all day long) and working down in the workshop (carving), etc. So I either have to carry around a second pair of glasses, get bifocals or progressives, or pick a prescription that meets driving requirements but doesn't give me 20/20 vision.

    Glasses like this would mean I could wear one pair of glasses all day and adjust them to suit whatever I happen to be doing at the moment. So when I'm at the computer or reading, set them to a more relaxed prescription, when I'm driving crank them to 20/20 or better, and when I'm in the workshop really relax the prescription so I can see up close really well.

    Of course, with $8 mail-order glasses available now, you could easily buy several pairs of optimized glasses for every activity.

  11. Re:Google Voice Rejected on Google CEO Schmidt Leaves Apple Board · · Score: 5, Informative

    Probably the latest in a long string of conflicts of interest. Schmidt couldn't really honestly get involved in the Google Voice discussions, obviously, since he represents the competition.

    As Google wants to eat more and more of Apple's lunch (and vice versa) having the same person on both Boards is almost guaranteed to be an automatic conflict. The timing of this is about right, since Google is getting into new lines of business that compete with almost everything Apple wants to do now.

  12. Re:Or maybe... on A Hypothesis On Segway Hate · · Score: 5, Insightful

    Safety statistic comparisons between a segway and a cycle are going to be tricky. They are completely different vehicles operating in different areas.

    I've only got a couple thousand bicycle commuting miles under my belt, but for my commute a segway would be completely impractical. I ride 15 miles each way, and most of that commute is on roads that don't have sidewalks (a good chunk of the commute is on roads that lack shoulders entirely). By cycling carefully (that is, staying as close to the side as possible, riding to the right of the white when there is a shoulder and it's not too broken up, and watching my mirror and being aware that every car might decide not to move over), I've managed to go two years without an accident at all. A few close calls, but no accidents.

    But a segway is a pedestrian device, not a roadway one. The major danger with pedestrians is being unaware of the stopping distance of cars, and/or encountering a car that fails to yield in a crosswalk. A car taking a right-hand turn onto a side road with a "blind crosswalk" (a crosswalk the driver cannot see until they are executing the turn, say due to parked cars) would be a close second on the danger scale.

    A "safe" segway rider is probably safer than a "safe" bicycle rider only because the segway rider can come to a stop at any place they'd likely encounter traffic and wait for traffic to pass or recognize their presence, while a "safe" bicycle rider has traffic closing behind them and if the traffic is inattentive or has a beef with cyclists, the cycle is an easy kill.

    The real risk with segways and cars is speed. If the segway driver is tootling along on a sidewalk and makes a fast turn onto a crosswalk, there may not be enough time for a car doing 25MPH to come to a stop. Pedestrians tend to (but don't always) stop at the road edge and look for the cars to stop first, and even if they step out they won't tend to be moving very fast into the lane, so if a car can't stop they can at least swerve. Bicycles (with riders mounted, not walking the cycle) and segways have a greater opportunity to get completely in front of the car, and therefore an "unsafe" foot pedestrian is easier to avoid than an "unsafe" segway rider (or bicycle rider who thinks they are a pedestrian all of a sudden, which is also a very stupid idea).

    But a segway is limited to 12MPH and areas where they can legally use sidewalks. So the effective range is greatly reduced, and a segway driver is actually more of a risk to the pedestrians around them than anything else is a threat to them. A bicycle (by law) spends most or all of its time in the motorway, not on the sidewalks. A segway operates in pedestrian zones where there are fewer things capable of hitting them.

    The segway may be safer TO THE RIDER, but it's an increased risk to everyone around it, since it is operating silently at speeds 3-4 times the average pedestrian. Walking along, see an interesting news headline or something in a shop window, stop and walk sideways suddenly, and WHAM, "segway hood ornament".

    This is probably part of the cause of "segway hate", or at least dislike. Segways are as dangerous to pedestrians as bicycles, yet they are allowed to operate on the sidewalks. A well-designed electric bicycle will be cheaper, faster, have better range, and operate on the streets where it is not increasing the risk to pedestrians. The segway is a "new niche" which we don't really have a safe spot for in most places yet.

    Dean Kamen was right about one thing. He said that segways would prompt a redesign of cities. And you do need to redesign a city to allow safe use of segways. He just assumed that enough people really wanted them to justify that redesign.

  13. Re:What if this happend on an airoplane? on Apple Tries To Gag Owner of Exploding iPod · · Score: 2, Insightful

    While not trying to minimize the impact of this on an airplane, and certainly not trying to downplay the stupidity of Apple's apparent PR gaffe on this one...

    Li-Ion batteries contain a lot of energy, and they will (not may, WILL) occasionally do this. The frequency depends on the quality of the plant that manufactured the battery, but even the very best plant will put out batteries that will do this from time to time. Put any weight on the battery, or don't allow it to dissipate its heat while in use, and the battery suddenly becomes a prime candidate for a meltdown, and possibly a catastrophic one.

    Frankly, I'd be FAR more concerned about, say, your average "long battery life" laptop. If one of those suckers goes up, there's a lot more battery to go "boom", a lot more fumes released, etc. An iPod/iPhone has a small enough battery that any physical harm would probably be limited to the owner and maybe their seatmates, and the fumes would be dissipate pretty quickly. A large laptop battery could cause harm over several rows, and possibly even cause some minor damage to the aircraft (nothing it couldn't land with, but enough to cause a divert).

    Given the minuscule chances that any one battery will decide that it wants to go "blammo", the risk is about as statistically significant as hitting the lottery. If you short, compress or overheat the battery, you increase your chances somewhat, but still we're talking lottery statistics. But the risk is real, and it exists in every device containing a battery (and especially Li-Ion).

  14. Re:Parking Meter Botnet on Hackers Get Free Parking In San Francisco · · Score: 1

    True, but if the hackers don't raise awareness of this, other cities will also spend millions of dollars on the same broken system. So in addition to letting San Francisco know they wasted millions on an easily-hacked system, the hackers are also warning other cities not to waste money on it.

  15. Re:Hrrm on Student Suing Amazon For Book Deletions · · Score: 1

    Books are sometimes sold without the cover. These are generally "stripped" books in that the covers have been returned to the publisher with the agreement that the remainder of the book has been destroyed. Some unscrupulous booksellers will return the covers for a refund, then sell the book at a discount anyway (or some people will dumpster-dive and collect the books, then resell them for fun and profit). There's a warning about this inside a lot of books, right on the copyright page. So "illegal" copies of paper books are sold all the time. Of course, your point is well-taken that an electronic copy IS a lot easier to make.

  16. Re:The beauty of public cryptographic algorithms on Another New AES Attack · · Score: 5, Funny

    Like one of my bosses once said, years ago, "If we implement industry standards in our processes, then we'll be doing things just like everyone else does! Where's the competitive advantage in THAT?"

  17. Re:Nice to know the've got emergencies covered... on School System Considers Jamming Students' Phones · · Score: 1

    Good point.

  18. Re:Come an emergency... on School System Considers Jamming Students' Phones · · Score: 2, Interesting

    I'm going to assume there are exceptions for dangerous items in your argument. If a teacher sees a student with a gun or a knife, and they have the ability to safely confiscate the item, I'm presuming that teacher has the right to act in the best interests of the classroom and remove those items, correct?

    That point aside, Let's run with your argument for a second. A student who is reading a book or doing something else that is not part of the expected behavior within the class is a distraction. You can remove the object that is distracting the student, or you can remove the student. Which is in the better interests of the student (and of the classroom)?

    Each individual student has the absolute right to decide for him/herself whether he or she wants to participate in the learning experience, and you are correct - that DOES have its own consequences. But an individual student has no right to decide whether OTHERS get to participate.

    Personally, I agree with you. No student should have anything confiscated from them, ever. The teacher should ask for the item and if the student refuses the student should then be removed from the classroom and get to sit in the Principal's office for the remainder of the day until a parent comes in to pick them up.

    Longer term, if a student does not want to take advantage of the education the taxpayers are shelling out good money for, they should have the right to leave the classroom as soon as they sign their "no welfare if I fail because of my own decision" disclaimer. But they don't have the right to blow it for anyone else.

  19. Re:emergency/911 calls? on School System Considers Jamming Students' Phones · · Score: 1

    Thank you for clarifying that for me. I was thinking it was signal strength-related, not brand-of-cell-tower-related.
    So, the school just needs to put in a very assertive tower that uses both GSM/EDGE and LTE frequencies, but identifies itself as a nonexistent phone company. That way, all the mobiles in the building train to that tower and can only call 911. Ideally, shield the school so the signals are isolated (inside building = School tower, outside building = Carrier towers).
    But I digress. :)
    Ideally, this is not a technological problem to be solved, this is a behavior problem. The school needs to have the authority to appropriately control the behavior in the short term (take away the phone) and the responsibility to inform the parent (only the parent can authorize the phone's release).

  20. Re:Nice to know the've got emergencies covered... on School System Considers Jamming Students' Phones · · Score: 2, Insightful

    Hmm, methinks the rapist, if they have that sort of strength, might be able to prevent their victim from getting hold of their cell phone and dialing 9-1-1-SEND. Then, of course, there's the matter of identifying the location (GPS doesn't work indoors) and nature of the crime in progress, and waiting for the police to arrive. I sincerely doubt the rapist would allow all of that to happen.
    A loud, piercing, and frequently-repeated scream and appropriate use of fingernails, teeth, and any other blunt or pointy part that can be applied would be far more likely to be useful. At that point, the phone is best applied as a blunt (or if you smash it hard enough against a hard surface and make a shiv, pointy) weapon.
    I'm not saying that there's aren't cases where a student's ability to make a 911 call would be useful, even critical, but this doesn't appear to be one of them. If the rapist has overwhelming force sufficient to carry out the act, they have more than enough control to prevent something as complex as a telephone call.

  21. Re:emergency/911 calls? on School System Considers Jamming Students' Phones · · Score: 2, Interesting

    Very true, but that all depends on how the jamming is done. If it's done in cooperation with the cell companies, perhaps the "jam" can be some form of signal that puts the phones in "SOS Mode" (911 calls go through, everything else is blocked). I know when I have marginal signal on my AT&T BlackBerry (not enough to have any chance of completing a call, but enough to see that a tower is out there) it goes into this mode. Still, this seems to be something better solved by a simple, enforced rule. Cell phones are allowed on school grounds, and may be used freely during break periods and between classes, and during class only with permission (if the student is done with some assignment early and is on "slack time", for example). If a student is caught using a cell phone during a time when it is not permissible, the cell phone will be confiscated and (and this is important) A PARENT will be allowed to pick it up after school, or must give verbal consent for the phone to be released back to the student. None of this "the worst that can happen is your cell is returned at the end of the day". If the student is using a cell as a distraction while they are in class, this should prompt at least a brief discussion between a school representative and the parent. Then the parent has enough information at hand to do their job. In case you have a parent who refuses to do their job, make repeat "cell offenses" the same as sneaking any other banned item into the class (answer key, crib notes, etc). Student is unable to take any test that may take place that day and gets an automatic zero, after-school detention, revocation of privileges, etc, on the usual escalating scale of severity.

  22. Re:It's time for the Minute of Hate on Student Suing Amazon For Book Deletions · · Score: 2, Insightful

    "Fahrenheit 451" would have been an even better book for this, but "1984" and "Animal Farm" are both good ones. E-books gooo-oo-ood, paperbacks baa-aa-aa-aad. Doublespeak: We deleted the books to benefit you, the user, from being sullied by reading something impure.