I found your comment interesting because it's different from what I know from experience is the case on the desktop machines (G5 towers). While I have no experience with the newer Intel-based systems, I always assumed they were the same.
At least on the G5, the firmware acts only as a "fail safe." If the software doesn't come up after some reasonable amount of time and take control of the fans, and keep the core temperatures within a normal range, it will kick the fans on to keep the system from melting (or going into some sort of thermal-shutdown mode, also bad).
You could test this easily by rebooting the machine into single-user (recovery, safe, whatever you want to call it) or target disk mode, in which all the hardware/firmware systems ought to be running normally, but many parts of the system aren't loaded, and watching what happens: after a delay, the fans would be ramped up to their highest setting and left there. The intelligent control normally performed (which regulates the fans/pumps based on temperature) doesn't happen at all.
Seems like it would be a pretty easy test on any other machine to reboot it in Target Disk mode or single-user mode (maybe it was open firmware mode), and watching what happens to the fans, to see if they're managed by a firmware system, or by a combination of hardware and a kernel extension.
I wanted to put in my two cents here and say that I agree.
Part of the problem seems to be that we've taken to using the word "terrorist" so broadly, and with such a stigma attached to it, that we've forgotten what it actually means. A terrorist is a person who intentionally attacks a civilian population, usually with the immediate goal of causing mass casualties, with the ultimate goal of accomplishing a political end by causing terror and fear in said civilian population.
To say "one man's freedom fighter is another man's terrorist" is a lie; at the very least, it assumes that one man is either deluded, or misunderstanding the nature of terrorism. (At the very least it is simplistic: a person could be both a freedom fighter and a terrorist, or neither, or either one singly.)
To be a "terrorist" doesn't imply any particular political ideology. You could be a "Zionist" terrorist as easily as you could be an "Islamo-facist" one. Being a terrorist also doesn't require that someone be disconnected from a government, either; I think you could make a fairly convincing argument that a lot of warfare and accepted strategy in World War Two falls squarely into the realm of terrorism: bombing a city for its "morale effect" is simply terrorism by another name. (It's worth pointing out that most countries have rejected these tactics, and at the same time the word 'terrorist' has become more stigmatized as it becomes a less tolerated practice.)
Just because a word is used politically doesn't immediately strip it of all factual meaning; if that were the case, we wouldn't have any language left.
This is a good point, but I think people are looking at this from the wrong "end" of things.
It's the 'new hits' that are expensive to maintain in a catalog like Netflix's; the 'long tail' is cheap.
Really the economic consideration is "do I have to have Spiderman II in order to stay in business?" And it would appear that the answer, for now, is a resounding "yes."
The reason that the hits are expensive is because each one is like a pig going through a python. For the first week that a big hit movie is out, rentals are going to be through the roof. In order to meet demand and not have dissatisfied customers, you have to have a huge number of discs (inventory) which quickly becomes redundant overhead when everyone moves on to the next hit. Not only do you have to maintain your supply chain for actually getting the movies out and back to customers (Netflix's warehouses, etc.) but you also have to plan on how to acquire and dispose of or store huge numbers of movies that there probably won't ever be peak demand for again.
A large catalog with a small number of discs for each title is easier to maintain, by virtue of predictability.
In short, if you wanted to be a DVD-rental business and you only had enough capital to invest in 100,000 discs for the next year, you wouldn't want to do hits (where your 100,000 discs would get you through one cycle, and then be garbage). You'd want to try and capture the business from the other side of the 80/20 rule, the other 80 percent of the selection that generates 20 percent of the business.
I guess what I'm suggesting -- and granted, I don't have hard evidence for it -- is that it probably takes about equal resources to pursue either the 'front half' of the 80/20 split (the 20 percent of the selection that generates 80 percent of the business) as it does the 'back half.' The hit-based economy seems like it's a gold mine, but you can burn through a lot of resources trying to sate the public's ever-changing demand for the newest thing.
While your points are valid, why concern yourself with nano particles so much, when there are lots of things that could turn your lungs to a pink pulp or fill them full of phelgm and drown you, without looking to nanotechnology?
I think we're overly complacent about the killer weapons (biologicals, particularly) that are already scattered around the planet in significant quantities; before we go and spend a lot of effort worrying about the possible effects of technologies that don't exist yet, we could spend some of the same resources cleaning up problems that exist right now.
Dying from antibiotic-resistant TB may not be as sexy as being consumed by nanobots-run-amok, but at least in the foreseeable future, it's a lot more likely.
So yeah it's worth a few hundred thousand dollars for the lesson IMO.
It's worth a few hundred thousand bucks, sure, but that's not what it's really going to end up costing us.
In the areas where it's attempted, it's going to cost them ever having a viable municipal internet-access system for a generation or more. The cost of failure is usually never being able to try again, particularly when the failure is large in scope.
It's also hard to quantify how many other localities will never bother to try any muni internet systems, if they see early adopters failing, even if the systems were totally different to the ones available for deployment at a later date. (I.e., the failure of 802.11b/g systems will hinder the deployment of WiMax and other systems, because everyone will "remember what happened to those guys back in 2006!")
Sometimes the biggest costs are not the financial ones. Every time a muni wireless project fails, it makes it less likely that some other town will ever begin one. In many cases, I think it's better to never try, then try, fuck up, and become an example that your enemies (in this case, the telcos) can hold up and use as an example to others.
And the flight attendants would know that you were using the wireless card built in to your laptop... how?
Maybe if he put on a headset and started talking to his friends in Zanzibar via Skype, they'd catch on, but short of that I don't see them noticing. A guy on a laptop is just a guy on a laptop.
Heck, if you have a data-capable cellphone with Bluetooth (which will work without being open) you can probably leave your phone in the overhead compartment, connect to it from your computer, and use a cellular internet connection without anyone being any wiser. Those RF waves are pretty sneaky that way.
Until the plane flies into a mountain or something because of the interference, that is.
I don't think the parent poster to yours was recommending a change to the global DNS system, I think he was just suggesting a local-network change. If you know that most users on your network are never going to need to look at sites from Cameroon's TLD, then it might be doing them a favor just to redirect them from www.slashdot.cm to www.slashdot.com.
Of course if you did that, you'd want to be damn sure that nobody on your network ever had to view sites from those domains.
Personally I think it's a bad idea; then again I think any system that takes you to a result or site that's different from what you literally typed in, without telling you of the less-than-literal interpretation it's taking of your input, is a bad thing. It just seems like it would encourage sloppy user practices.
No, at least not based on my reading of their offer; what I think they're saying is that it's $40/mo. on top of your regular voice plan, and for that you get unlimited data usage when you have the phone tethered to your computer as a modem.
Here's the relevant portion from the link:
Your Sprint Power VisionSM phone can be a high-speed Internet connection for your laptop computer anywhere on the Sprint wireless high-speed multimedia network. Connect your Power Vision phone using a USB cable or the built-in connection on Bluetooth-enabled phones.
Promotional Offer Unlimited $39.99 per month requires a Sprint PCS Voice Plan and a 2-year subscription agreement on the same device. No additional discounts apply.
I don't think that they mean $40 to tether it, on top of data charges; they mean it's $40 for data on top of your voice plan, and you can use the data plan by tethering your device to your computer via Bluetooth or USB.
You've just hit one of the biggest problems facing intelligence today square on the head.
In times past, the real trouble was in the acquisition of information. Now, the problem is on the analysis end: there's just so much information pouring in, nobody can even store it all, much less analyze it to any significant degree. You've got signals from the radio spectrum (broadcast TV and radio, satellite signals, telephone signals), plus all the POTS system voice traffic, plus actual Internet data in its myriad formats; it's really overwhelming.
I don't think there's any pat answer to your question. Obviously the intelligence agencies think that the best solution to the problem is with better analysis software and heuristics programs; stuff that can comb through the haystack and try to find the needle. But of course, those systems are only good at finding stuff, if you have a reasonable idea what you're looking for.
International terrorism, which is the bogeyman today, hasn't been around for long enough that -- in my uninformed opinion, anyway -- we probably know exactly what the "fingerprints" of an upcoming operation look like. We've had a couple of incidents to go on, now, but those are precious few datapoints to base future predictions on, or to use in order to seed systems in the hopes of catching future activity beforehand. It will probably be only in hindsight that we'll know of the next few incidents, and we'll have to use those to program the systems to sort the data.
Obviously, it's a very hard problem, both in the literal layman's sense of the term but also I think in the information-science sense of the term. My personal feeling is that it's such a lucrative problem, both in the public and private-sectors, that we'll get quite good in the future at mining through the rough to find the diamonds; however, it'll always be a cat-and-mouse game with people who want to hide their activities, whatever they are.
To go totally out onto a limb for a moment, my (unjustified) feeling is that eventually, the systems for doing this sort of information-processing will be biological in nature; either using some sort of simulated, self-programming neural networks in silicon, or will actually use neurons that have been plugged in to computer systems (literal 'brains in jars,' perhaps). Assuming we start to see the practical limits of information-processing on silicon, I see biological computing as being the next big step forward in information processing, particularly in the areas requiring a lot of heuristic analysis that don't lend themselves easily to more conventional algorithmic solutions. Data mining seems to be one of the few areas that would have enough possible rewards to justify both the risks and massive investment required, at some point in the future, of research and development.
Actually a while back I was talking to someone who was writing a little steganographic program (not sure if he ever completed it) that was designed to make "word find" puzzles out of encrypted or encoded text. So the result would be a block of letters that you could print up as a trivial word-find puzzle, the ones where you look for the words printed vertically, horizontally, diagonally, etc., but then if you actually analyzed the letters (I think he was using some sort of trivial cipher that could be broken via distribution analysis) it contained a message.
I thought that was pretty neat; "puzzles within puzzles" and all that. When you think about places where you can hide messages though, there are lots of opportunities when you have puzzles, because people expect a certain amount of randomness there. In a newspaper, there aren't a whole lot of other places where you can just have a whole block of random letters and not arouse suspicion; if you find someplace where there is already expected to be high entropy, then you can sneak in your encoded material much more easily.
Sudoku puzzles and crosswords could also be good candidates, but there are even ways you could probably work them into more subtle things if you had a predetermined scheme for encoding the message. I'm sure you could probably work the chess puzzles if you knew what you were doing.
All very true. Which makes it more important -- if you're up to some sort of "no good" (where 'no good' is defined by the people with the most guns in the vicinity) -- that you maintain a passable facade of normalcy, at least as far as the government/credit bureau databases are concerned.
If you're the only person on your block using encrypted email, and using it for all of your email, you're an obvious red flag for some form of side-channel attack (i.e. they just sneak into your house when you're away and bug your keyboard). So if you did want to use encrypted communications, not only would you have to hide said communications in other things, but you'd also have to maintain the regular volume of unencrypted traffic from your email accounts so as not to arouse suspicion.
Email use is a trivial example, but it extends to anything else that can be tracked. The exact same thing goes for purchasing patterns: if you're spending large wads of dough (in cash) buying things that the government doesn't want you to have (*cough*recreational drugs*cough*), then you had better make sure that the rest of your purchasing habits aren't affected, so that nobody can find out how much money you're diverting into your illicit hobbies, just by looking at the difference between your income and your creditcards+savings+retirement accounts.
I, too, see this as becoming a cat and mouse game; as the authorities become better and better about mining information, people are going to start to become more clever and more aware about not only limiting the information they give out, but about putting out patently false information in order to create a semblance of "Joe America" when in reality they could be the Shah of Iran.
I am definitely going to try that tomorrow (or the soonest I have a spare toilet-paper / paper-towel tube available). What was getting to me about the sound is that it's not constant; it changes in pitch and amplitude from time to time, so I thought it was related to the HD or video card, but couldn't ever relate it to the use of either component. (It wasn't as obvious as my Windows laptop, which emits a strange sound from the video chipset whenever you scroll a window, for instance.)
Since I had been using this machine as a server and leaving it on all the time, it's been a real pain to have it turned off because of the annoyance of leaving it on. If your suggestion works, it will have saved me the purchase of a new server.
Secondly, Domesday is a word I've never encountered before, so that my brain filled in automatically with the second 'o' and erased the 'e', so as to spell Doomsday. It's a neat trick, and from what I'm reading in this thread, most of us fell for it. There you have it, the power of the brain in action.
Actually, from what I know (admittedly not much, but I think Wikipedia is on my side here) that's not a bad interpretation. Domesday is some sort of Middle/Old English word that means pretty close to "Doomsday" in today's language.
Apparently the name comes from the fact that it was considered to be an ultimate, inviolate reference for use in property disputes and other things of that nature; hence the 'Doomsday' reference is an allusion to the second coming of Christ, the ultimate reckoning or judgement. I wonder whether the name was at all meant to be humorous or ironic when initially coined, or if it was serious.
Your analogy is flawed. Nobody is preventing you from making your own movie, paying for the videotape, the equipment, and the labor. If you can produce a better product than Hollywood for less, good for you. By your logic, however, you could buy a master print from the first movie theater to release the cool movie of the moment and undersell the distributor. The creators of the movie get nothing, and you make pure profit for doing nothing. I'm sure you'd like that a lot, but honestly, how long do you think that would last before movies stopped getting made?
While I'm not necessarily agreeing with the GP, I think your straw man is also flawed. The business model which exists right now for the creation of music/movies/etc. would not be the one that a sane person would try to use in the absence of copyright laws.
Historically, it's not what artists used in the past, either, prior to the creation of copyright laws.
Right now, the movie studios basically make a movie on speculation. They attract investors, and pour money into a production, on the assumption that they'll be able to recoup costs over many months of theater ticket sales (and then make profits from the DVDs and merchandise). As you very astutely pointed out, this would not work if people could redistribute the movie once it hit the first screen.
However, this wouldn't mean the demise of motion pictures altogether, just of the current business model. The public demand for movies would still be there; that's not going to change. And frankly, even if every movie in the back catalog of every studio in the world was available on-demand, there is still going to be a market for new movies, simply because they're new. The market abhors a vacuum, and where there's a demand, people will rise to supply it.
Without copyright allowing a studio/producer to sell the same thing over and over and over to recoup costs, more emphasis would have to be placed on selling the very first copy. In effect, all art would have to work on a patronage basis: if you wanted a particular studio to make a particular film, you might have to sign up and send them some money. (For which you might get some sort of direct benefit: a first-pressing DVD, your name in the credits, etc. But the important thing to note is that the payment isn't for the copy of the movie -- that's valueless, since a day later, anyone would be able to get a copy -- but for actually having the movie made in the first place.)
Movies which people weren't willing to pay to have created, to essentially commission artists to make in advance, would simply not get made.
Frankly I see this as a plus; right now we have a lot of crappy, low-grade corporate kitsch turned out by studios and artists working on speculation, trying to gauge the public's interest in something and not doing a very good job of it. By forcing people to pay up front -- perhaps resulting in more fan-driven movies -- only works that a substantial number of people wanted would ever be made. The theaters would show the films they thought would sell the most tickets, which would probably be a mix of old standbys and new material (that is if the theaters remained in business at all, without the studios propping them up by giving them exclusivity during first runs).
Your perspective is a common one, namely that the current framework is the only one in which art can be created. That's not true; when you live in a world where anybody can have a copy of something that's been made yesterday, having something newly created, or commissioning the creation of something unique becomes much more valuable. If everyone can have a giant collection of movies, there's no longer any social impetus to do so; instead if you want to show how rich you are, it becomes a question of how many movies you can get yourself in the credits of as a result of your patronage.
Where there is a demand for content, society and a free market will always find a way to fill it; a system where there was not any copyr
Very true; although I think the ubiquitousness of those "infringing" activities suffers from a generational gap right now. Most young people don't think twice about ripping a DVD to their iPod, and probably more than a few don't give a damn about the questionable legality of downloading music from a foreign country with lax laws (aka AllOfMP3) or straight peer-to-peer.
I'm not sure it's widespread enough for me to call it Prohibition-like, yet. There are still large segments of society that think DVDs are flat-out impossible to copy, because they've never had any reason to figure out whether or not it was possible. However, as portable video players become more common, and cease to become a young person's trendy accessory and get to the point where even older people have them, I think you'll see more surprise and disbelief that it's illegal to do with a DVD what everyone is used to doing with Audio CDs; ripping and compressing them for use on a portable device.
Anyway, I think we're agreeing with each other here, it's just semantics whether you think the "Digital Prohibition" is here today, or still to come; I think the outrage and flouting of the law hasn't reached nearly its peak yet (and won't, until the law is eventually corrected), so I'm holding off on awarding the title. But the situation today ought to provide strong evidence as to the direction we're headed as a society, and I can't imagine that it must make any lovers of the DMCA sleep soundly in their beds at night. A law in a democratic society can only be in direct opposition to a vast majority of the public's desires for so long (actually true even in an undemocratic society, it just takes longer); laws which run so obviously contrary to technology, progress, and the rights of consumers do not have much of a future. Unfortunately, the social cost of their abolition is often quite high, which is why their creation needs to be opposed at every turn; they're nothing to be cavalier about when we see them being made.
OT: Love your sig quote. It took me a while to figure out where it was from, though.
Well, before you take my word as gospel, I'd suggest you read some of the articles written by actual lawyers and legal scholars about the decision. In an earlier post I made about this same topic, I linked to a few.
In particular for this issue I recommend the article from the Georgetown Law Journal (53 pages long; it helps to read it with adblock, otherwise it's unbearable -- start reading on around p.3 for the subject at hand), which talks about the CleanFlicks issue versus analog splicing and the newer digital EDL-based censoring systems (aka ClearPlay, which is still around).
Ugh, that sounds exactly like the sound one of my computers has started to make lately.
I can't figure out what part it is; originally I thought it was some type of mechanical noise because it seems to go on and off from time to time, but I opened up the case and unplugged all the fans and it still does that. Same thing when I disconnect the hard drive. I think it's in the power supply. (I guess the next step is to replace the PS and see if it goes away... since the sound does go away when I shut the system down.)
Anyway, I'm not that young and it's like running fingernails down a blackboard to me. I've started keeping that computer turned off because it's so obnoxious to have running; I can only imagine how bad something designed to make that sound could be.
I'm not sure that your analysis is really the whole story. It wasn't just the editing that got CleanFlicks in hot water, it was the copying of an edited version. If they had just taken a VHS tape, and physically cut out offensive sections with a razor blade and spliced it back together, they would have been fine. (Actually, my understanding is that some companies did that, pre-DVD, although it's too labor-intensive to be commercially viable.) The problem was that they were editing the film and then reproducing it; even though it was 1 reproduction for every 1 original copy, and they were rendering the originals unplayable, it was still infringement. The problem stemmed from a combination of the commercial nature of the service, the fact that the edits weren't authorized, the fact that the copy could have been passed off as the 'actual movie' (i.e. someone might have watched it and not known that what they were watching was not what the director really made), and the fact that they were making unauthorized copies of the edited versions.
Copyright law is fairly vague, particularly in relation to fair use. It's difficult to look at something like CleanFlicks and say "this action right here, this is what was illegal" within the scope of their entire business practices. It was the whole procedure that was found to be infringing. If they had done the editing without reproduction (e.g. VHS splices, or the timecode based systems now in use) they probably would have been okay. But the combination of things they were doing precluded a fair use defense, and thus they lost.
Anyway, I agree with your ultimate point: Circuit City isn't going to have nearly the problem with copyright law as they're going to have with the anti-circumvention provisions of the DMCA. Frankly if they do end up in court, I think this could end up being a much more significant and interesting case than CleanFlicks was. On the scale of "bad laws," the DMCA is orders of magnitude worse than copyright law even in its current state, since it has no exemption for fair use. In the CleanFlicks case I could at least see the situation from the perspective of the studios or a copyright holder who didn't want edits being made to their stuff, but I don't think that they have any such right to dictate the format in which a viewer watches the Work. Except wherein the format it's watched in has a real impact on the artistic merits of the movie, and where the prohibition is enforced against (say) all portable players because it was designed to only be seen in IMAX theaters, that's not something that a rightsholder should be able to claim control over.
I think we're only starting to see the very beginning of the battles over the DMCA: the number of future services that are going to run afoul of it are just mind boggling; ultimately I think the consumer demand for these services is going to be so great, that if the law is not modified it's just going to be flouted by the public, leading to some Prohibition-like state where the law is so disconnected from reality that it's bordering on irrelevance.
this can only be seen as a blatant attempt to use a Mac as a headline attention-getter.
I think they were pretty clear that was exactly what they were doing. They used the Mac because the exploit happened to work, and because apparently they were irritated by the Mac/PC commercials, and because one guy thought that Mac users have an inflated idea of the own machines' security. And I also expect, because the exploit gets a lot more press if it's actually demonstrated on a Mac machine, than if they demoed it on a PC, everyone yawns, and then they just slip in somewhere "oh, and it works on Macs and embedded systems, too."
The fact that they were using the Mac as a blatant press troll doesn't make the actual vulnerability go away, or really any less serious. It's still there, and the Mac is still at least allegedly vulnerable when using its built-in card and drivers. I think that's serious enough to warrant attention, regardless of lack of taste in their presentation.
What makes you say you don't need to connect to be exploited? Did I miss something in the video?
I don't think that there's ever been any really good clarification on exactly what you need to do to be vulnerable. In one of the articles, the original Washington Post blog post, it says:
One of the dangers of this type of attack is that a machine running a vulnerable wireless device driver could be subverted just by being turned on. The wireless devices in most laptops -- and indeed the Macbook targeted in this example -- are by default constantly broadcasting their presence to any network within range, and most are configured to automatically connect to any available wireless network.
I'm not sure I'd draw the conclusion from that either way, that you have to connect or that you just have to be broadcasting an SSID.
Even if you do have to connect, it's still a fairly severe vulnerability (although less so than if you just have to have the radio turned on) because people aren't used to the idea that connecting to a network can compromise their computer. Compromise the information you send over it, sure; but actually hose your system, just by virtue of establishing the connection, with your computer fully firewalled? I'm relatively paranoid and I've never really considered that possibility until now. At the least, some new and much more severe warnings than the current "untrusted network, do you want to connect?" messages would have to be presented to the user.
Plus, even if you have to connect, it doesn't seem like it would be very hard for an attacker to pose themselves as a legitimate AP. Let's say you go and sit in a webcafe somewhere and change your SSID to "TMobile" -- the same SSID used by TMobile Wireless Hotspots. There's no way for a user to know whether they're connecting to the legitimate access point, or the one that's going to fuck them up. Particularly if you use a wireless card that's been modified to transmit at a higher-than-legal power, an attacker could just spoof a legit AP's SSID and MAC address, and just transmit on the same channel and overpower it. I can think of a lot of ways to get people to connect to an access point, and not all of them are trivial to work around. How do you verify if an access point is legitimate when everything you know about it can be spoofed, and when in order to get any more information, you have to connect and give it an opportunity to compromise your system? Just telling people not to connect to untrusted AP's is not a solution, because unless you're in a Faraday cage with a single AP that you set up yourself, all APs have to be treated as untrusted until you log in and verify cryptographically that it's the one you think you're connecting to. (Via some sort of robust authentication.)
I think it's important not to blow this discovery out of proportion, but I think there's a certain tendency to understate things, and try to minimize them. That's dangerous, and shouldn't be done -- this is a pretty serious problem and people need to be aware of that, so that enough pressure is put on the manufacturers to fix them, and more importantly, fix the processes that led to the creation of the structural vulnerabilities in the first place.
This has been mentioned elsewhere in the thread, but it's not true. The 3rd-party WL adapter was a red herring, used to take some of the heat off of Apple and show that it's not just an Apple flaw. But allegedly the build-in card and drivers are vulnerable as well:
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
Yours are all excellent points, however: it's not clear whether using the external wireless card was an integral part of the exploit, or just something that they did to make it less clear which hardware is vulnerable.
It's obvious at this point that using the MacBook as the target machine was a bit (well, more than a bit) of a publicity stunt. But whether the 'Book's chipset and drivers are also vulnerable to the same sort of attack is an open question. Without more technical details, I don't think it's safe to assume at this point that any wireless card is entirely safe.
There's been a lot of speculation that this is related to Atheros WL chipsets, just because that's what the MacBook uses, but that seems to be a jump to conclusions. I think it would be better to look at this as less of a "bug" than as a structural vulnerability, a direct consequence of running drivers that aren't rigorously reviewed and tested for security in Ring 0 of the operating system. Finger-pointing, whether at Apple or Microsoft or even at Atheros, really isn't all that productive. When there are more technical details, I have no doubt that process will start in earnest; however it's hardly the really important issue.
Well, the "spin" was really a result of the way the discoverers demonstated their findings.
The flaw was found in a number of wireless drivers; they purposely chose to demonstrate it (in their video, which I haven't been able to find on the web anywhere) using a MacBook, because of that "aura of smugness."
Apparently their biggest complaint is those Mac/PC Apple ads: "'We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,' Maynor said." (That's from the Ars article.)
So really, while the vulnerability is pretty much platform-independent, the discoverers chose to use a Mac as the demonstration platform because if its reputation for security. In terms of publicity generation, it was probably a smart move: "Hack a MacBook in 60 Seconds" is going to get them a whole lot more press than "Hack a Dell Inspiron B230 in 60 Seconds."
I'm a guy who's lucky enough to be currently involved with a woman who also shares an interest in technology, and I just have to say, I'd probably think twice before giving her a plasma TV as an important gift, versus say a piece of jewelry.
The TV -- or, for that matter, an iPod, or a new computer, or a Apple Cinema Display -- is probably more useful, but that doesn't mean it's as good a gift. Sometimes the things that you want to receive as gifts aren't the same things as what you just flat-out want to own. I have no doubt that if my girlfriend wanted a new iPod, she'd buy a new iPod.
It seems a little backwards, but sometimes you buy someone something as a gift because of its limited real-world utility. You're giving it to them because you want to give them something, that's it. When the object is utterly useless for anything else, it's a sort of unstated guarantee that there's no competing motive. With the HDTV, there's a sort of open question as to whether I'm giving it as a gift to her, or if I'm giving it as a gift because I really want an HDTV and this is a good excuse to buy one. (Hey, I get to watch the TV too, right?)
Even if your girl says that she'd like a TV as much as she'd like a rock, not insignificant amounts of personal experience have taught me that the reaction you will get when you give someone something that you have absolutely no use for, that they would never purchase for themselves, and is clearly nothing but an expression of your feelings for them, is a lot more impressive than if you give them something more utilitarian. Particularly if it's a surprise.
Want to be on the safe side? Buy both. Or combine an expected-but-utilitarian gift with a frivolous-but-surprising one. Tough go to wrong there.
I found your comment interesting because it's different from what I know from experience is the case on the desktop machines (G5 towers). While I have no experience with the newer Intel-based systems, I always assumed they were the same.
At least on the G5, the firmware acts only as a "fail safe." If the software doesn't come up after some reasonable amount of time and take control of the fans, and keep the core temperatures within a normal range, it will kick the fans on to keep the system from melting (or going into some sort of thermal-shutdown mode, also bad).
You could test this easily by rebooting the machine into single-user (recovery, safe, whatever you want to call it) or target disk mode, in which all the hardware/firmware systems ought to be running normally, but many parts of the system aren't loaded, and watching what happens: after a delay, the fans would be ramped up to their highest setting and left there. The intelligent control normally performed (which regulates the fans/pumps based on temperature) doesn't happen at all.
Seems like it would be a pretty easy test on any other machine to reboot it in Target Disk mode or single-user mode (maybe it was open firmware mode), and watching what happens to the fans, to see if they're managed by a firmware system, or by a combination of hardware and a kernel extension.
I wanted to put in my two cents here and say that I agree.
Part of the problem seems to be that we've taken to using the word "terrorist" so broadly, and with such a stigma attached to it, that we've forgotten what it actually means. A terrorist is a person who intentionally attacks a civilian population, usually with the immediate goal of causing mass casualties, with the ultimate goal of accomplishing a political end by causing terror and fear in said civilian population.
To say "one man's freedom fighter is another man's terrorist" is a lie; at the very least, it assumes that one man is either deluded, or misunderstanding the nature of terrorism. (At the very least it is simplistic: a person could be both a freedom fighter and a terrorist, or neither, or either one singly.)
To be a "terrorist" doesn't imply any particular political ideology. You could be a "Zionist" terrorist as easily as you could be an "Islamo-facist" one. Being a terrorist also doesn't require that someone be disconnected from a government, either; I think you could make a fairly convincing argument that a lot of warfare and accepted strategy in World War Two falls squarely into the realm of terrorism: bombing a city for its "morale effect" is simply terrorism by another name. (It's worth pointing out that most countries have rejected these tactics, and at the same time the word 'terrorist' has become more stigmatized as it becomes a less tolerated practice.)
Just because a word is used politically doesn't immediately strip it of all factual meaning; if that were the case, we wouldn't have any language left.
This is a good point, but I think people are looking at this from the wrong "end" of things.
It's the 'new hits' that are expensive to maintain in a catalog like Netflix's; the 'long tail' is cheap.
Really the economic consideration is "do I have to have Spiderman II in order to stay in business?" And it would appear that the answer, for now, is a resounding "yes."
The reason that the hits are expensive is because each one is like a pig going through a python. For the first week that a big hit movie is out, rentals are going to be through the roof. In order to meet demand and not have dissatisfied customers, you have to have a huge number of discs (inventory) which quickly becomes redundant overhead when everyone moves on to the next hit. Not only do you have to maintain your supply chain for actually getting the movies out and back to customers (Netflix's warehouses, etc.) but you also have to plan on how to acquire and dispose of or store huge numbers of movies that there probably won't ever be peak demand for again.
A large catalog with a small number of discs for each title is easier to maintain, by virtue of predictability.
In short, if you wanted to be a DVD-rental business and you only had enough capital to invest in 100,000 discs for the next year, you wouldn't want to do hits (where your 100,000 discs would get you through one cycle, and then be garbage). You'd want to try and capture the business from the other side of the 80/20 rule, the other 80 percent of the selection that generates 20 percent of the business.
I guess what I'm suggesting -- and granted, I don't have hard evidence for it -- is that it probably takes about equal resources to pursue either the 'front half' of the 80/20 split (the 20 percent of the selection that generates 80 percent of the business) as it does the 'back half.' The hit-based economy seems like it's a gold mine, but you can burn through a lot of resources trying to sate the public's ever-changing demand for the newest thing.
While your points are valid, why concern yourself with nano particles so much, when there are lots of things that could turn your lungs to a pink pulp or fill them full of phelgm and drown you, without looking to nanotechnology?
I think we're overly complacent about the killer weapons (biologicals, particularly) that are already scattered around the planet in significant quantities; before we go and spend a lot of effort worrying about the possible effects of technologies that don't exist yet, we could spend some of the same resources cleaning up problems that exist right now.
Dying from antibiotic-resistant TB may not be as sexy as being consumed by nanobots-run-amok, but at least in the foreseeable future, it's a lot more likely.
So yeah it's worth a few hundred thousand dollars for the lesson IMO.
It's worth a few hundred thousand bucks, sure, but that's not what it's really going to end up costing us.
In the areas where it's attempted, it's going to cost them ever having a viable municipal internet-access system for a generation or more. The cost of failure is usually never being able to try again, particularly when the failure is large in scope.
It's also hard to quantify how many other localities will never bother to try any muni internet systems, if they see early adopters failing, even if the systems were totally different to the ones available for deployment at a later date. (I.e., the failure of 802.11b/g systems will hinder the deployment of WiMax and other systems, because everyone will "remember what happened to those guys back in 2006!")
Sometimes the biggest costs are not the financial ones. Every time a muni wireless project fails, it makes it less likely that some other town will ever begin one. In many cases, I think it's better to never try, then try, fuck up, and become an example that your enemies (in this case, the telcos) can hold up and use as an example to others.
And the flight attendants would know that you were using the wireless card built in to your laptop ... how?
Maybe if he put on a headset and started talking to his friends in Zanzibar via Skype, they'd catch on, but short of that I don't see them noticing. A guy on a laptop is just a guy on a laptop.
Heck, if you have a data-capable cellphone with Bluetooth (which will work without being open) you can probably leave your phone in the overhead compartment, connect to it from your computer, and use a cellular internet connection without anyone being any wiser. Those RF waves are pretty sneaky that way.
Until the plane flies into a mountain or something because of the interference, that is.
I don't think the parent poster to yours was recommending a change to the global DNS system, I think he was just suggesting a local-network change. If you know that most users on your network are never going to need to look at sites from Cameroon's TLD, then it might be doing them a favor just to redirect them from www.slashdot.cm to www.slashdot.com.
Of course if you did that, you'd want to be damn sure that nobody on your network ever had to view sites from those domains.
Personally I think it's a bad idea; then again I think any system that takes you to a result or site that's different from what you literally typed in, without telling you of the less-than-literal interpretation it's taking of your input, is a bad thing. It just seems like it would encourage sloppy user practices.
Here's the relevant portion from the link:I don't think that they mean $40 to tether it, on top of data charges; they mean it's $40 for data on top of your voice plan, and you can use the data plan by tethering your device to your computer via Bluetooth or USB.
You've just hit one of the biggest problems facing intelligence today square on the head.
In times past, the real trouble was in the acquisition of information. Now, the problem is on the analysis end: there's just so much information pouring in, nobody can even store it all, much less analyze it to any significant degree. You've got signals from the radio spectrum (broadcast TV and radio, satellite signals, telephone signals), plus all the POTS system voice traffic, plus actual Internet data in its myriad formats; it's really overwhelming.
I don't think there's any pat answer to your question. Obviously the intelligence agencies think that the best solution to the problem is with better analysis software and heuristics programs; stuff that can comb through the haystack and try to find the needle. But of course, those systems are only good at finding stuff, if you have a reasonable idea what you're looking for.
International terrorism, which is the bogeyman today, hasn't been around for long enough that -- in my uninformed opinion, anyway -- we probably know exactly what the "fingerprints" of an upcoming operation look like. We've had a couple of incidents to go on, now, but those are precious few datapoints to base future predictions on, or to use in order to seed systems in the hopes of catching future activity beforehand. It will probably be only in hindsight that we'll know of the next few incidents, and we'll have to use those to program the systems to sort the data.
Obviously, it's a very hard problem, both in the literal layman's sense of the term but also I think in the information-science sense of the term. My personal feeling is that it's such a lucrative problem, both in the public and private-sectors, that we'll get quite good in the future at mining through the rough to find the diamonds; however, it'll always be a cat-and-mouse game with people who want to hide their activities, whatever they are.
To go totally out onto a limb for a moment, my (unjustified) feeling is that eventually, the systems for doing this sort of information-processing will be biological in nature; either using some sort of simulated, self-programming neural networks in silicon, or will actually use neurons that have been plugged in to computer systems (literal 'brains in jars,' perhaps). Assuming we start to see the practical limits of information-processing on silicon, I see biological computing as being the next big step forward in information processing, particularly in the areas requiring a lot of heuristic analysis that don't lend themselves easily to more conventional algorithmic solutions. Data mining seems to be one of the few areas that would have enough possible rewards to justify both the risks and massive investment required, at some point in the future, of research and development.
Actually a while back I was talking to someone who was writing a little steganographic program (not sure if he ever completed it) that was designed to make "word find" puzzles out of encrypted or encoded text. So the result would be a block of letters that you could print up as a trivial word-find puzzle, the ones where you look for the words printed vertically, horizontally, diagonally, etc., but then if you actually analyzed the letters (I think he was using some sort of trivial cipher that could be broken via distribution analysis) it contained a message.
I thought that was pretty neat; "puzzles within puzzles" and all that. When you think about places where you can hide messages though, there are lots of opportunities when you have puzzles, because people expect a certain amount of randomness there. In a newspaper, there aren't a whole lot of other places where you can just have a whole block of random letters and not arouse suspicion; if you find someplace where there is already expected to be high entropy, then you can sneak in your encoded material much more easily.
Sudoku puzzles and crosswords could also be good candidates, but there are even ways you could probably work them into more subtle things if you had a predetermined scheme for encoding the message. I'm sure you could probably work the chess puzzles if you knew what you were doing.
All very true. Which makes it more important -- if you're up to some sort of "no good" (where 'no good' is defined by the people with the most guns in the vicinity) -- that you maintain a passable facade of normalcy, at least as far as the government/credit bureau databases are concerned.
If you're the only person on your block using encrypted email, and using it for all of your email, you're an obvious red flag for some form of side-channel attack (i.e. they just sneak into your house when you're away and bug your keyboard). So if you did want to use encrypted communications, not only would you have to hide said communications in other things, but you'd also have to maintain the regular volume of unencrypted traffic from your email accounts so as not to arouse suspicion.
Email use is a trivial example, but it extends to anything else that can be tracked. The exact same thing goes for purchasing patterns: if you're spending large wads of dough (in cash) buying things that the government doesn't want you to have (*cough*recreational drugs*cough*), then you had better make sure that the rest of your purchasing habits aren't affected, so that nobody can find out how much money you're diverting into your illicit hobbies, just by looking at the difference between your income and your creditcards+savings+retirement accounts.
I, too, see this as becoming a cat and mouse game; as the authorities become better and better about mining information, people are going to start to become more clever and more aware about not only limiting the information they give out, but about putting out patently false information in order to create a semblance of "Joe America" when in reality they could be the Shah of Iran.
I am definitely going to try that tomorrow (or the soonest I have a spare toilet-paper / paper-towel tube available). What was getting to me about the sound is that it's not constant; it changes in pitch and amplitude from time to time, so I thought it was related to the HD or video card, but couldn't ever relate it to the use of either component. (It wasn't as obvious as my Windows laptop, which emits a strange sound from the video chipset whenever you scroll a window, for instance.)
Since I had been using this machine as a server and leaving it on all the time, it's been a real pain to have it turned off because of the annoyance of leaving it on. If your suggestion works, it will have saved me the purchase of a new server.
Apparently the name comes from the fact that it was considered to be an ultimate, inviolate reference for use in property disputes and other things of that nature; hence the 'Doomsday' reference is an allusion to the second coming of Christ, the ultimate reckoning or judgement. I wonder whether the name was at all meant to be humorous or ironic when initially coined, or if it was serious.
Anyway, the WP article is pretty good reading (I just wasted a good 15 minutes of my life on it):
http://en.wikipedia.org/wiki/Domesday_Book#Subseq
Your analogy is flawed. Nobody is preventing you from making your own movie, paying for the videotape, the equipment, and the labor. If you can produce a better product than Hollywood for less, good for you. By your logic, however, you could buy a master print from the first movie theater to release the cool movie of the moment and undersell the distributor. The creators of the movie get nothing, and you make pure profit for doing nothing. I'm sure you'd like that a lot, but honestly, how long do you think that would last before movies stopped getting made?
While I'm not necessarily agreeing with the GP, I think your straw man is also flawed. The business model which exists right now for the creation of music/movies/etc. would not be the one that a sane person would try to use in the absence of copyright laws.
Historically, it's not what artists used in the past, either, prior to the creation of copyright laws.
Right now, the movie studios basically make a movie on speculation. They attract investors, and pour money into a production, on the assumption that they'll be able to recoup costs over many months of theater ticket sales (and then make profits from the DVDs and merchandise). As you very astutely pointed out, this would not work if people could redistribute the movie once it hit the first screen.
However, this wouldn't mean the demise of motion pictures altogether, just of the current business model. The public demand for movies would still be there; that's not going to change. And frankly, even if every movie in the back catalog of every studio in the world was available on-demand, there is still going to be a market for new movies, simply because they're new. The market abhors a vacuum, and where there's a demand, people will rise to supply it.
Without copyright allowing a studio/producer to sell the same thing over and over and over to recoup costs, more emphasis would have to be placed on selling the very first copy. In effect, all art would have to work on a patronage basis: if you wanted a particular studio to make a particular film, you might have to sign up and send them some money. (For which you might get some sort of direct benefit: a first-pressing DVD, your name in the credits, etc. But the important thing to note is that the payment isn't for the copy of the movie -- that's valueless, since a day later, anyone would be able to get a copy -- but for actually having the movie made in the first place.)
Movies which people weren't willing to pay to have created, to essentially commission artists to make in advance, would simply not get made.
Frankly I see this as a plus; right now we have a lot of crappy, low-grade corporate kitsch turned out by studios and artists working on speculation, trying to gauge the public's interest in something and not doing a very good job of it. By forcing people to pay up front -- perhaps resulting in more fan-driven movies -- only works that a substantial number of people wanted would ever be made. The theaters would show the films they thought would sell the most tickets, which would probably be a mix of old standbys and new material (that is if the theaters remained in business at all, without the studios propping them up by giving them exclusivity during first runs).
Your perspective is a common one, namely that the current framework is the only one in which art can be created. That's not true; when you live in a world where anybody can have a copy of something that's been made yesterday, having something newly created, or commissioning the creation of something unique becomes much more valuable. If everyone can have a giant collection of movies, there's no longer any social impetus to do so; instead if you want to show how rich you are, it becomes a question of how many movies you can get yourself in the credits of as a result of your patronage.
Where there is a demand for content, society and a free market will always find a way to fill it; a system where there was not any copyr
Very true; although I think the ubiquitousness of those "infringing" activities suffers from a generational gap right now. Most young people don't think twice about ripping a DVD to their iPod, and probably more than a few don't give a damn about the questionable legality of downloading music from a foreign country with lax laws (aka AllOfMP3) or straight peer-to-peer.
I'm not sure it's widespread enough for me to call it Prohibition-like, yet. There are still large segments of society that think DVDs are flat-out impossible to copy, because they've never had any reason to figure out whether or not it was possible. However, as portable video players become more common, and cease to become a young person's trendy accessory and get to the point where even older people have them, I think you'll see more surprise and disbelief that it's illegal to do with a DVD what everyone is used to doing with Audio CDs; ripping and compressing them for use on a portable device.
Anyway, I think we're agreeing with each other here, it's just semantics whether you think the "Digital Prohibition" is here today, or still to come; I think the outrage and flouting of the law hasn't reached nearly its peak yet (and won't, until the law is eventually corrected), so I'm holding off on awarding the title. But the situation today ought to provide strong evidence as to the direction we're headed as a society, and I can't imagine that it must make any lovers of the DMCA sleep soundly in their beds at night. A law in a democratic society can only be in direct opposition to a vast majority of the public's desires for so long (actually true even in an undemocratic society, it just takes longer); laws which run so obviously contrary to technology, progress, and the rights of consumers do not have much of a future. Unfortunately, the social cost of their abolition is often quite high, which is why their creation needs to be opposed at every turn; they're nothing to be cavalier about when we see them being made.
OT: Love your sig quote. It took me a while to figure out where it was from, though.
Well, before you take my word as gospel, I'd suggest you read some of the articles written by actual lawyers and legal scholars about the decision. In an earlier post I made about this same topic, I linked to a few.
In particular for this issue I recommend the article from the Georgetown Law Journal (53 pages long; it helps to read it with adblock, otherwise it's unbearable -- start reading on around p.3 for the subject at hand), which talks about the CleanFlicks issue versus analog splicing and the newer digital EDL-based censoring systems (aka ClearPlay, which is still around).
Ugh, that sounds exactly like the sound one of my computers has started to make lately.
... since the sound does go away when I shut the system down.)
I can't figure out what part it is; originally I thought it was some type of mechanical noise because it seems to go on and off from time to time, but I opened up the case and unplugged all the fans and it still does that. Same thing when I disconnect the hard drive. I think it's in the power supply. (I guess the next step is to replace the PS and see if it goes away
Anyway, I'm not that young and it's like running fingernails down a blackboard to me. I've started keeping that computer turned off because it's so obnoxious to have running; I can only imagine how bad something designed to make that sound could be.
I'm not sure that your analysis is really the whole story. It wasn't just the editing that got CleanFlicks in hot water, it was the copying of an edited version. If they had just taken a VHS tape, and physically cut out offensive sections with a razor blade and spliced it back together, they would have been fine. (Actually, my understanding is that some companies did that, pre-DVD, although it's too labor-intensive to be commercially viable.) The problem was that they were editing the film and then reproducing it; even though it was 1 reproduction for every 1 original copy, and they were rendering the originals unplayable, it was still infringement. The problem stemmed from a combination of the commercial nature of the service, the fact that the edits weren't authorized, the fact that the copy could have been passed off as the 'actual movie' (i.e. someone might have watched it and not known that what they were watching was not what the director really made), and the fact that they were making unauthorized copies of the edited versions.
Copyright law is fairly vague, particularly in relation to fair use. It's difficult to look at something like CleanFlicks and say "this action right here, this is what was illegal" within the scope of their entire business practices. It was the whole procedure that was found to be infringing. If they had done the editing without reproduction (e.g. VHS splices, or the timecode based systems now in use) they probably would have been okay. But the combination of things they were doing precluded a fair use defense, and thus they lost.
Anyway, I agree with your ultimate point: Circuit City isn't going to have nearly the problem with copyright law as they're going to have with the anti-circumvention provisions of the DMCA. Frankly if they do end up in court, I think this could end up being a much more significant and interesting case than CleanFlicks was. On the scale of "bad laws," the DMCA is orders of magnitude worse than copyright law even in its current state, since it has no exemption for fair use. In the CleanFlicks case I could at least see the situation from the perspective of the studios or a copyright holder who didn't want edits being made to their stuff, but I don't think that they have any such right to dictate the format in which a viewer watches the Work. Except wherein the format it's watched in has a real impact on the artistic merits of the movie, and where the prohibition is enforced against (say) all portable players because it was designed to only be seen in IMAX theaters, that's not something that a rightsholder should be able to claim control over.
I think we're only starting to see the very beginning of the battles over the DMCA: the number of future services that are going to run afoul of it are just mind boggling; ultimately I think the consumer demand for these services is going to be so great, that if the law is not modified it's just going to be flouted by the public, leading to some Prohibition-like state where the law is so disconnected from reality that it's bordering on irrelevance.
this can only be seen as a blatant attempt to use a Mac as a headline attention-getter.
I think they were pretty clear that was exactly what they were doing. They used the Mac because the exploit happened to work, and because apparently they were irritated by the Mac/PC commercials, and because one guy thought that Mac users have an inflated idea of the own machines' security. And I also expect, because the exploit gets a lot more press if it's actually demonstrated on a Mac machine, than if they demoed it on a PC, everyone yawns, and then they just slip in somewhere "oh, and it works on Macs and embedded systems, too."
The fact that they were using the Mac as a blatant press troll doesn't make the actual vulnerability go away, or really any less serious. It's still there, and the Mac is still at least allegedly vulnerable when using its built-in card and drivers. I think that's serious enough to warrant attention, regardless of lack of taste in their presentation.
I don't think that there's ever been any really good clarification on exactly what you need to do to be vulnerable. In one of the articles, the original Washington Post blog post, it says:I'm not sure I'd draw the conclusion from that either way, that you have to connect or that you just have to be broadcasting an SSID.
Even if you do have to connect, it's still a fairly severe vulnerability (although less so than if you just have to have the radio turned on) because people aren't used to the idea that connecting to a network can compromise their computer. Compromise the information you send over it, sure; but actually hose your system, just by virtue of establishing the connection, with your computer fully firewalled? I'm relatively paranoid and I've never really considered that possibility until now. At the least, some new and much more severe warnings than the current "untrusted network, do you want to connect?" messages would have to be presented to the user.
Plus, even if you have to connect, it doesn't seem like it would be very hard for an attacker to pose themselves as a legitimate AP. Let's say you go and sit in a webcafe somewhere and change your SSID to "TMobile" -- the same SSID used by TMobile Wireless Hotspots. There's no way for a user to know whether they're connecting to the legitimate access point, or the one that's going to fuck them up. Particularly if you use a wireless card that's been modified to transmit at a higher-than-legal power, an attacker could just spoof a legit AP's SSID and MAC address, and just transmit on the same channel and overpower it. I can think of a lot of ways to get people to connect to an access point, and not all of them are trivial to work around. How do you verify if an access point is legitimate when everything you know about it can be spoofed, and when in order to get any more information, you have to connect and give it an opportunity to compromise your system? Just telling people not to connect to untrusted AP's is not a solution, because unless you're in a Faraday cage with a single AP that you set up yourself, all APs have to be treated as untrusted until you log in and verify cryptographically that it's the one you think you're connecting to. (Via some sort of robust authentication.)
I think it's important not to blow this discovery out of proportion, but I think there's a certain tendency to understate things, and try to minimize them. That's dangerous, and shouldn't be done -- this is a pretty serious problem and people need to be aware of that, so that enough pressure is put on the manufacturers to fix them, and more importantly, fix the processes that led to the creation of the structural vulnerabilities in the first place.
Yours are all excellent points, however: it's not clear whether using the external wireless card was an integral part of the exploit, or just something that they did to make it less clear which hardware is vulnerable.
It's obvious at this point that using the MacBook as the target machine was a bit (well, more than a bit) of a publicity stunt. But whether the 'Book's chipset and drivers are also vulnerable to the same sort of attack is an open question. Without more technical details, I don't think it's safe to assume at this point that any wireless card is entirely safe.
There's been a lot of speculation that this is related to Atheros WL chipsets, just because that's what the MacBook uses, but that seems to be a jump to conclusions. I think it would be better to look at this as less of a "bug" than as a structural vulnerability, a direct consequence of running drivers that aren't rigorously reviewed and tested for security in Ring 0 of the operating system. Finger-pointing, whether at Apple or Microsoft or even at Atheros, really isn't all that productive. When there are more technical details, I have no doubt that process will start in earnest; however it's hardly the really important issue.
Well, the "spin" was really a result of the way the discoverers demonstated their findings.
The flaw was found in a number of wireless drivers; they purposely chose to demonstrate it (in their video, which I haven't been able to find on the web anywhere) using a MacBook, because of that "aura of smugness."
Apparently their biggest complaint is those Mac/PC Apple ads: "'We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,' Maynor said." (That's from the Ars article.)
So really, while the vulnerability is pretty much platform-independent, the discoverers chose to use a Mac as the demonstration platform because if its reputation for security. In terms of publicity generation, it was probably a smart move: "Hack a MacBook in 60 Seconds" is going to get them a whole lot more press than "Hack a Dell Inspiron B230 in 60 Seconds."
I'm a guy who's lucky enough to be currently involved with a woman who also shares an interest in technology, and I just have to say, I'd probably think twice before giving her a plasma TV as an important gift, versus say a piece of jewelry.
The TV -- or, for that matter, an iPod, or a new computer, or a Apple Cinema Display -- is probably more useful, but that doesn't mean it's as good a gift. Sometimes the things that you want to receive as gifts aren't the same things as what you just flat-out want to own. I have no doubt that if my girlfriend wanted a new iPod, she'd buy a new iPod.
It seems a little backwards, but sometimes you buy someone something as a gift because of its limited real-world utility. You're giving it to them because you want to give them something, that's it. When the object is utterly useless for anything else, it's a sort of unstated guarantee that there's no competing motive. With the HDTV, there's a sort of open question as to whether I'm giving it as a gift to her, or if I'm giving it as a gift because I really want an HDTV and this is a good excuse to buy one. (Hey, I get to watch the TV too, right?)
Even if your girl says that she'd like a TV as much as she'd like a rock, not insignificant amounts of personal experience have taught me that the reaction you will get when you give someone something that you have absolutely no use for, that they would never purchase for themselves, and is clearly nothing but an expression of your feelings for them, is a lot more impressive than if you give them something more utilitarian. Particularly if it's a surprise.
Want to be on the safe side? Buy both. Or combine an expected-but-utilitarian gift with a frivolous-but-surprising one. Tough go to wrong there.