While the use of default router passwords is of course stupid, it's important to think about what exactly this situation really is.
What the author of this white paper really accessed is the admin interface of a wireless internet service provider. With this access, he/she could steal internet service or allow others to do so, or even obtain personal customer data, includingcredit card information, and use it for his/her own gain. While these are of course Bad Things, they really come nowhere close to constituting a national security risk. An inconvenience and a violation of state and federal law, yes, but a national security risk, no.
What would change things is if it were actually possible to access _train station_ systems through the wireless network. However, these systems are not configured this way. The wireless access is provided by a 3rd party provider that handles only pay-for-service internet access. Anything related to station services or railway control would be handled by its own seperate network. The author of this white paper says nothing to indicate that it is possible to do anything that would touch train station operations or that would be of any use to terrorists in an attack on the "very important" nearby buildings.
I was curious about this story, so I pulled the talkback crash reports from talkback-public.mozilla.org, where submitted crash reports are processed and archived. The MTBF (mean time between failures) for 1.0 is estimated at about 17.324830, while the MTBF for PR is about 19.281392 hours (these are both the numbers for Win32, Linux is lower and Mac is significantly higher). YMMV of course.
It's hard to really extrapolate a trend from these numbers, but the data does generally appear to support the idea of 1.0 being slightly less stable than PR. Of course, there's always 1.1...
You probably don't know about Yellow Dog Linux, which sells custom Apple hardware, but with Linux pre-installed. They have a special license from Apple to sell the hardware with Linux, and optionally they will install OS X and Mac On Linux, allowing you to run the MacOS from inside the Linux environment. Check them out at yellowdoglinux.com
A lot of people are saying that this shouldn't be any big deal, and even that it would be trivial to use alphanumeric VIN's, leaving a huge number of possibilities. However, the problem with this is that there is a huge amount of hardware around that relies on the existing VIN format, such as the machines the parking-ticket people use or eqipment at the vehicle factory. While it is usually (unless you lost the source code, but that's another story) possible to update software to handle the larger numbers, it's a completely different story when the code is etched in hardware. Furthermore, these hardware devices are very light-weight, meaning that memory is at a premium and the designers would have been unlikely to build their systems in a way that would easily handle the extra digits.
As for those who are saying that alphanumeric VIN's should be used, it's a pretty big deal to add alphanumeric keyboards to all the machines with only numeric keyboards.
(note: I have no association with Contour Designs, just a love for their products)
This is nothing particularly new. I've been using a Contour Designs ShuttlePro for years now with my left hand. It's a Jog/Shuttle controller, which you can of course use for video editing, but it's completely programmable for any other use, so I've configured it for back/forward buttons when in Mozilla, delete/compose/send/reply buttons in my mail client, scroll up/down in most applications (it's far easier on the hand then a wheel mouse), etc...
It's well worth checking out, especially because of their great programmable software which lets you do just about anything from the controller. It takes a little getting used to, but worth it in the amount of time it saves.
I began the process by walking in to the store and complaining and being told I would get a free phone in exchange for signing a contract and they would be sending a mailing regarding this "upgrade" in the next few weeks. Shortly thereafter, I did get a mailing notifying me that I will recieve a new phone, but only with a new two-year contract (this was rather buried in the letter, but it is clear that it is their policy).
ATT Wireless is really running a scam with this "upgrade" arrangement. See this post for more information. The real catch is that to get the "free" phone, you have to sign a new contract with them. Worse yet, it's not just a new contract, it's a two year contract (basically forever as far as I am concerned). The free phones they offer are of course pretty terrible (far more annoying than the free phone I got from them getting their service in the first place) and more importantly, their network is practically useless in many places unless you upgrade (since they rolled out the upgrade, I've had no service (GSM) throughout much of San Francisco). I would even be willing to just purchase a new cell phone, but they have made it impossible to purchase a phone at retail without a contract, and it would cost way too much (price gouging to force people to sign a contract basically).
I'm currently shopping around for a new provider, though the crazy set of plans and prices that all the firms offer makes it impossible to compare plans or even figure out how much the service will cost.
Georgia Tech student Peter Sahlstrom said he found 10 Diebold terminals sitting unprotected in the lobby of the school's student center Monday.
As usual, it's the physical security issues that pose bigger issues than electronic security. At my High School in San Francisco, CA, which is a polling place for all elections, including this one, voting machines are delivered to the school about two weeks before each election, and simply left in a small alcove off of a main hallway. See this for further details on this problem In short, I (or anyone else who enters the unlocked school building) have had many opportunities to simply wheel the entire kit out the door and to bring it back in some time later (this would of course violate state law, so it is left as an exercise to the reader).
Cities need to take basic physical security precautions with their voting equipment as well.
Depending on what exactly you want out of a "high-tech" watch, you may want to look at the Suunto line. Their watches combine time features with compases, altimeters, barometers, and (on some models) far far more (including GPS). http://www.suunto.com has their entire line. One nice thing about their products is that they hold up (they are fairly popular among the gadget-loving backpacking crowd) and many of their models actually look good (the Observer line in particular).
http://www.suuntowatches.com/compare.htm has a very nice comparison chart of all their models.
While you could probably roll your own system with a lot of work, you are better off going with a real Clearcom system for theater use. They do both wired (cheaper, but it's really all you need for high school) and wireless (quite expensive). eBay often has some used eqipment you can buy as well. These systems are what are actually used in the field, and in many schools as well and are quite less likely to fail than a home-grown solution (rebooting the communications computer in the middle of a show so the SM can talk to a board-op is a very very bad idea). It may seem easier to put together a free system than buying the Real Thing, but by the time you purchase wireless eqipment and setup a custom system you have spent more in time and money than you would with a real system.
$800 for a CS-222 ClearCom 2 Channel Main Station is a lot of money, so another thing you may want to try are Motorola TalkAbout radios with headsets (not in VOX mode though, you don't want that in a theatre since you want to avoid unintentional chatter on the comms system). They tend to have fairly good range in my experience and if you take the time to pick out clear channels there isn't an issue with interference).
While some have recomended APM Tuner as a way to reduce the noise, I wouldn't recomend this. APM Tuner adjusts power management settings. However, it sounds like your issue is that the drive is going south. No amount of power setting changes will fix that.
Instead, I recomend that you run, do not walk, to the nearest backup device and backup all your data. The last time I heard click of death noises from my laptop drive, it was about 4 hours later (with about 2 hours of use in that time) that it was completely gone. You can't just ignore it and hope it will go away.
While I'm sure you intended this as a joke, it actually does come with a screwdriver I believe, just not a Philips-head. LaCie drives ship with a torx-headed screwdriver to attach the stand to the bottom of the disk (it can be removed for stacking). I'm pretty sure this is true of the BigDisk line as well (though I only own one of the smaller disks from them).
They don't happen to everyone, you could be lucky:) In general, they are showing up within a week or so, but they get worse over time. After about a week and a half with mine, they are pretty bad.
The good news is that even without AppleCare, Apple will still replace or repair your machine for free. Call 800-SOS-APPL and they will do the rest.
Apple actually did build their own codec (it's used by QuickTime as well) and spent quite a great deal of time and money doing so. I think it shows though.
I agree, exactly. My conclusions were just guesses, but if you were doing this for real, you could build statistical models based on the actions of real people and process the results from there.
If you got a big enough sample, you could feed the results into a special Naive Bayesian algorithom and classify people by the data that he presents.
I was pointing out how easy it is to gather data just by looking at his map let alone using specialized models.
When I first looked at this, I thought (as a lot of people here have commented) that this wasn't much of a big deal: so what? This guy scanned in a few receipts and plotted them on a map, big deal...
However, as I started to look more closely at his patterns, I thought to myself: wow! Based on just this tiny swatch of information, I already know the aproximate area where he lives. If I wanted, I could find the average household income in his neighborhood. I know what he eats and I can tell if he's going to have a party next week based on what he got at the grocery store.
I know what date and time he went to the market, so if I had a few more data points, I could probably predict when he's going to be there.
He got a map of Central America at Borders, perhaps a statistical model shows that people following his patterns are likely to be terrorists who want to commit atacks in Central America? Or perhaps we can market cheap airline tickets to him?
While this may just look like a guys random map, you can piece together a whole lot from this.
You might be able to cook something up with a Palm and a USB audio converter, but you wouldn't need a serial console to do it. However, here's a better idea:
Get the SliMP3. It connects to your stero system and has an ethernet port on the back. Grab a Linksys WET11 and it's wireless if you can't run ethernet to your stereo for some reason. It works with iTunes and you can keep all your music in one place.
While this is a bug in OS X, it really isn't anything more. It can only be exploited with physical access to the machine, something that we have known for a long time to be insecure. Apple should fix it for sure, but with the same priority given to any other minor crasher bug (minor as users cannot really expect the application not to crash when typing thousands of characters into the tiny password field).
Screensaver passwords provide no real security; anyone exploiting this issue in the real world would know many (far easier) methods and anyone with data that must be kept secure will (should) know better than to rely on the screensaver password.
That's a good idea. It sounds like you are describing a later version of the Anoto system (marketed as the io, see http://www.logitech.com/index.cfm?page=products/fe atures/digitalwriting&countryid=19&languageid= 1)
Of course, you would need some way to ensure that the data wasn't sniffed off your pen as you walked by. The idea of wireless jabber, etc... is interesting, though how would you read the other side of the conversation?
"I threatened to sue them, but I was young, and I threatened to sue everyone.:-)"
"Oh but I was so much older then, I'm younger than that now" -- Bob Dylan
I've talked to a couple teachers about PowerSchool because I was curious about it (I'm a student). The general conclusion was that PowerSchool is great for "normal" schools where there's 7 periods (or whatever) in a day and the normal set of letter grades are used. For schools with more "different" methods, but still a need to track information (e.g. narrative reports instead of grades, etc...), PowerSchool just can't handle it.
While I love and use Apple's products, I would expect something better from a company challenging us to "Think Different."
I really resent your comments. Certainly I do not know what every part of my system is doing 100% of the time, nor should I have to know. The idea is to know about one area, or one set of areas and have a good understanding of that component. I know enough about how my system works to use it in the ways I want to and if I don't I go lean more about it so I can make it happen. However, are script kiddies module owners for open-source software projects? Do script kiddies spend the weekend building tools to assist with the development of perl6 (not a language war flame)? I think not.
You seem to be making baseless accusiations with absolutely no proof. Personally, I find technical theater to be facinating and do not see how that reflects on my social skills or my ability to use technology.
Please try not to post flames just for the sake of attacking random innocent people. Get to know someone, then determine what skills they may or may not have.
Slashdot Mirror
While the use of default router passwords is of course stupid, it's important to think about what exactly this situation really is.
What the author of this white paper really accessed is the admin interface of a wireless internet service provider. With this access, he/she could steal internet service or allow others to do so, or even obtain personal customer data, includingcredit card information, and use it for his/her own gain. While these are of course Bad Things, they really come nowhere close to constituting a national security risk. An inconvenience and a violation of state and federal law, yes, but a national security risk, no.
What would change things is if it were actually possible to access _train station_ systems through the wireless network. However, these systems are not configured this way. The wireless access is provided by a 3rd party provider that handles only pay-for-service internet access. Anything related to station services or railway control would be handled by its own seperate network. The author of this white paper says nothing to indicate that it is possible to do anything that would touch train station operations or that would be of any use to terrorists in an attack on the "very important" nearby buildings.
Sounds like a whole lot of nothingness to me...
I was curious about this story, so I pulled the talkback crash reports from talkback-public.mozilla.org, where submitted crash reports are processed and archived. The MTBF (mean time between failures) for 1.0 is estimated at about 17.324830, while the MTBF for PR is about 19.281392 hours (these are both the numbers for Win32, Linux is lower and Mac is significantly higher). YMMV of course.
It's hard to really extrapolate a trend from these numbers, but the data does generally appear to support the idea of 1.0 being slightly less stable than PR. Of course, there's always 1.1...
You probably don't know about Yellow Dog Linux, which sells custom Apple hardware, but with Linux pre-installed. They have a special license from Apple to sell the hardware with Linux, and optionally they will install OS X and Mac On Linux, allowing you to run the MacOS from inside the Linux environment. Check them out at yellowdoglinux.com
A lot of people are saying that this shouldn't be any big deal, and even that it would be trivial to use alphanumeric VIN's, leaving a huge number of possibilities. However, the problem with this is that there is a huge amount of hardware around that relies on the existing VIN format, such as the machines the parking-ticket people use or eqipment at the vehicle factory. While it is usually (unless you lost the source code, but that's another story) possible to update software to handle the larger numbers, it's a completely different story when the code is etched in hardware. Furthermore, these hardware devices are very light-weight, meaning that memory is at a premium and the designers would have been unlikely to build their systems in a way that would easily handle the extra digits.
As for those who are saying that alphanumeric VIN's should be used, it's a pretty big deal to add alphanumeric keyboards to all the machines with only numeric keyboards.
This is nothing particularly new. I've been using a Contour Designs ShuttlePro for years now with my left hand. It's a Jog/Shuttle controller, which you can of course use for video editing, but it's completely programmable for any other use, so I've configured it for back/forward buttons when in Mozilla, delete/compose/send/reply buttons in my mail client, scroll up/down in most applications (it's far easier on the hand then a wheel mouse), etc...
It's well worth checking out, especially because of their great programmable software which lets you do just about anything from the controller. It takes a little getting used to, but worth it in the amount of time it saves.
Actually, I'm not mistaken.
I began the process by walking in to the store and complaining and being told I would get a free phone in exchange for signing a contract and they would be sending a mailing regarding this "upgrade" in the next few weeks. Shortly thereafter, I did get a mailing notifying me that I will recieve a new phone, but only with a new two-year contract (this was rather buried in the letter, but it is clear that it is their policy).
I'm currently shopping around for a new provider, though the crazy set of plans and prices that all the firms offer makes it impossible to compare plans or even figure out how much the service will cost.
As usual, it's the physical security issues that pose bigger issues than electronic security. At my High School in San Francisco, CA, which is a polling place for all elections, including this one, voting machines are delivered to the school about two weeks before each election, and simply left in a small alcove off of a main hallway. See this for further details on this problem In short, I (or anyone else who enters the unlocked school building) have had many opportunities to simply wheel the entire kit out the door and to bring it back in some time later (this would of course violate state law, so it is left as an exercise to the reader).
Cities need to take basic physical security precautions with their voting equipment as well.
Depending on what exactly you want out of a "high-tech" watch, you may want to look at the Suunto line. Their watches combine time features with compases, altimeters, barometers, and (on some models) far far more (including GPS). http://www.suunto.com has their entire line. One nice thing about their products is that they hold up (they are fairly popular among the gadget-loving backpacking crowd) and many of their models actually look good (the Observer line in particular).
http://www.suuntowatches.com/compare.htm has a very nice comparison chart of all their models.
While you could probably roll your own system with a lot of work, you are better off going with a real Clearcom system for theater use. They do both wired (cheaper, but it's really all you need for high school) and wireless (quite expensive). eBay often has some used eqipment you can buy as well. These systems are what are actually used in the field, and in many schools as well and are quite less likely to fail than a home-grown solution (rebooting the communications computer in the middle of a show so the SM can talk to a board-op is a very very bad idea). It may seem easier to put together a free system than buying the Real Thing, but by the time you purchase wireless eqipment and setup a custom system you have spent more in time and money than you would with a real system.
$800 for a CS-222 ClearCom 2 Channel Main Station is a lot of money, so another thing you may want to try are Motorola TalkAbout radios with headsets (not in VOX mode though, you don't want that in a theatre since you want to avoid unintentional chatter on the comms system). They tend to have fairly good range in my experience and if you take the time to pick out clear channels there isn't an issue with interference).
While some have recomended APM Tuner as a way to reduce the noise, I wouldn't recomend this. APM Tuner adjusts power management settings. However, it sounds like your issue is that the drive is going south. No amount of power setting changes will fix that.
Instead, I recomend that you run, do not walk, to the nearest backup device and backup all your data. The last time I heard click of death noises from my laptop drive, it was about 4 hours later (with about 2 hours of use in that time) that it was completely gone. You can't just ignore it and hope it will go away.
While I'm sure you intended this as a joke, it actually does come with a screwdriver I believe, just not a Philips-head. LaCie drives ship with a torx-headed screwdriver to attach the stand to the bottom of the disk (it can be removed for stacking). I'm pretty sure this is true of the BigDisk line as well (though I only own one of the smaller disks from them).
The good news is that even without AppleCare, Apple will still replace or repair your machine for free. Call 800-SOS-APPL and they will do the rest.
Apple actually did build their own codec (it's used by QuickTime as well) and spent quite a great deal of time and money doing so. I think it shows though.
I agree, exactly. My conclusions were just guesses, but if you were doing this for real, you could build statistical models based on the actions of real people and process the results from there.
If you got a big enough sample, you could feed the results into a special Naive Bayesian algorithom and classify people by the data that he presents.
I was pointing out how easy it is to gather data just by looking at his map let alone using specialized models.
When I first looked at this, I thought (as a lot of people here have commented) that this wasn't much of a big deal: so what? This guy scanned in a few receipts and plotted them on a map, big deal...
However, as I started to look more closely at his patterns, I thought to myself: wow! Based on just this tiny swatch of information, I already know the aproximate area where he lives. If I wanted, I could find the average household income in his neighborhood. I know what he eats and I can tell if he's going to have a party next week based on what he got at the grocery store.
I know what date and time he went to the market, so if I had a few more data points, I could probably predict when he's going to be there.
He got a map of Central America at Borders, perhaps a statistical model shows that people following his patterns are likely to be terrorists who want to commit atacks in Central America? Or perhaps we can market cheap airline tickets to him?
While this may just look like a guys random map, you can piece together a whole lot from this.
You might be able to cook something up with a Palm and a USB audio converter, but you wouldn't need a serial console to do it. However, here's a better idea:
Get the SliMP3. It connects to your stero system and has an ethernet port on the back. Grab a Linksys WET11 and it's wireless if you can't run ethernet to your stereo for some reason. It works with iTunes and you can keep all your music in one place.
While this is a bug in OS X, it really isn't anything more. It can only be exploited with physical access to the machine, something that we have known for a long time to be insecure. Apple should fix it for sure, but with the same priority given to any other minor crasher bug (minor as users cannot really expect the application not to crash when typing thousands of characters into the tiny password field).
Screensaver passwords provide no real security; anyone exploiting this issue in the real world would know many (far easier) methods and anyone with data that must be kept secure will (should) know better than to rely on the screensaver password.
No. Microsoft will have to require that users click twice on each button for it to take effect.
That's a good idea. It sounds like you are describing a later version of the Anoto system (marketed as the io, see http://www.logitech.com/index.cfm?page=products/fe atures/digitalwriting&countryid=19&languageid= 1)
Of course, you would need some way to ensure that the data wasn't sniffed off your pen as you walked by. The idea of wireless jabber, etc... is interesting, though how would you read the other side of the conversation?
Great point.
I've talked to a couple teachers about PowerSchool because I was curious about it (I'm a student). The general conclusion was that PowerSchool is great for "normal" schools where there's 7 periods (or whatever) in a day and the normal set of letter grades are used. For schools with more "different" methods, but still a need to track information (e.g. narrative reports instead of grades, etc...), PowerSchool just can't handle it.
While I love and use Apple's products, I would expect something better from a company challenging us to "Think Different."
http://www.zachlipton.com/apocalypse6.html
Um, what does this have to do with AOL?
[posted without +1 bonus to avoid karma whoring]
I really resent your comments. Certainly I do not know what every part of my system is doing 100% of the time, nor should I have to know. The idea is to know about one area, or one set of areas and have a good understanding of that component. I know enough about how my system works to use it in the ways I want to and if I don't I go lean more about it so I can make it happen. However, are script kiddies module owners for open-source software projects? Do script kiddies spend the weekend building tools to assist with the development of perl6 (not a language war flame)? I think not.
You seem to be making baseless accusiations with absolutely no proof. Personally, I find technical theater to be facinating and do not see how that reflects on my social skills or my ability to use technology.
Please try not to post flames just for the sake of attacking random innocent people. Get to know someone, then determine what skills they may or may not have.