Slashdot Mirror


User: icebike

icebike's activity in the archive.

Stories
0
Comments
9,473
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 9,473

  1. Re:Wrong on Open Millions of Hotel Rooms With Arduino · · Score: 1

    Exactly.

    Seriously, I can't imagine how GP was moderated insightful.

    Did the moderators all skip breakfast this morning?

  2. Re:Wrong on Open Millions of Hotel Rooms With Arduino · · Score: 4, Insightful

    Every single lock will not have to be changed. There are several ways to fix this without replacing the entire lock. Fill the hole. Cover the whole with an exterior lock. Put a more secure circuit between the exterior plug and the lock's main board. That more secure circuit only need to handle NOT letting you read the memory. Given that the article is completely wrong about having to change the locks, I would question whether there really isn't a way to fix it via firmware. Either way though, the fix does not require a new lock, and it is a task that the hotel's regular handyman can perform.

    Fill the hole: No. Read the article. The hole is needed and used routinely to charge the battery and reprogram.
    Cover the hole with an exterior lock: So this is your plan to avoid changing out the lock? Add yet another lock on top? And how secure is that lock?
    Add a circuit ahead of the main board: Where? There is no room for that. You would have to replace the entire main board.
    Firmware fix: Perhaps possible, but these are very old designs using very limited microcontrollers. And you would still have to replace every reprogramming device in the field to get around this because your solution would also prevent reprogramming the lock.

    So, NO, the article is not completely wrong. Your post is pretty close to completely wrong.
    By the time you do any of the modifications you suggest, it would be cheaper to change the lock.

    And none of those changes could be accomplished by the handyman. At best, they might be able to change out the lock. Most of those guys know how to swing a wrench and a toilet plunger. They are not very good at board level soldering. Even worse at changing microprocessors inside a lock chassis designed specifically to be tamper resistant.

    Best case is that they can replace the entire circuit board using cheaper more modern ICs in the same amount of space. But even that is likely to more expensive to than just replacing every single lock.

    In actuality, This will never be done, until the next hotel remodel. Additional theft insurance, maybe purchased by the manufacturer, will be by far the cheapest alternative.

  3. Re:What happened to responsible disclosure? on Open Millions of Hotel Rooms With Arduino · · Score: 3, Informative

    He didn't reveal the actual hack, he only demonstrated that one exists.

    Further, there are already several instances of people being sued into silence after responsible disclosure.

    Further the problem can not be fixed, and replacement of all locks world wide would be so experience and time consuming that it would never be done in response to responsible disclosure.

    The probable outcome here is that the lock maker buys more insurance and sends a memo to customers offering a discount on new and improved locks. Which will be ignored by virtually all hotels.

    Responsible disclosure would serve no purpose in this instance.

  4. Re:I always wondered on Apple Wins EU Ban of Smaller Samsung Tablet, Demands $2.5 Billion In Damages · · Score: 1

    I think that the number is based on the profit Samsung made from these devices, Apple's alleged "losses" due to these products, and some punitive amount added in for good measure.

    Just goes to show how much is at stake.

    That might work if the iPad wasn't outselling the Galaxy tab by about 100 to one. Apple still owns the tablet space even tho they have lost the smartphone market.
    But these are triflingly inconsequential patents we are talking about here.

  5. Re:The same thing that killed 'Passport' on Ask Slashdot: What's Holding Up Single Sign-On? · · Score: 1

    Users don't want everything tied to a single identifier, particularly one controlled by Microsoft, Google, Facebook or some other company.

    Exactly.

    However, the sad part about this is we have already gone way past the point where compartmentalization of our on-line experience is anything but a pipe dream.

    Those people who may want to link all your accounts across various websites can now do so without so much as a warrant. And they don't need to be a three letter agency to pull this off. Any hick sheriff or small town detective can do the same thing with a few simple letters.

    The technology of single sign on, when done right, doesn't expose much more than the fact that Google (by way of example) says the person attempting to sign on with that google id knew the password. It really does not pass much info back to the requesting site other than the email address. The site never sees the password, or other account details.

    When people sign up for a site with a custom log in and password, they usually end up giving an email address anyway, but at least when doing it that way, the perception remains that this login stands alone and discrete from other logins. (This is a questionable assumption at best).

    Someone cracking Slashdot's database does not get much. One could make the case that cracking any site that uses OpenID authentication via another site gets even less. No passwords are stored locally at site xyz. If done right. But that is hard to verify.

    The big scary part is when the OpenID provider gets cracked everything is cracked. Unless combined with some form of two factor identification a stolen password is all it takes.

  6. Re:Springsteen, weaponized. on F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC · · Score: 1

    Make your message the hook, not the counterpoint, or you WILL be misunderstood.

    Had the hook been the main message the song would never have been played. How would that have served any purpose?

    The idea was to get the song on every radio station, and sell records (and make money). It worked.

    Once out there, people listen more closely, and when they do the message won't be misunderstood. That you still see it used today, inappropriately simply indicated people new to the song haven't yet listened to much beyond the hook. These are useful idiots, serving the song writer's purpose.

    Now don't get me started on Pumped Up Kicks. Not after Aurora.

  7. Re:Standard connectors? LOL you wish! on Reports Say Apple Is Shrinking Its Docking Connector With iPhone 5 · · Score: 2

    I'm sure MicroUSB and other industry-standard connectors weren't considered. For how many years now has Apple been the last holdout with proprietary connectors?

    Didn't the EU mandate a standardized charger connection? Apple slips through a loop hole by providing an adapter. Like the people who forgot their charger will remember the adapter.

    Why not some teeth in the law? Forbid the import or sale in the EU of any phone that uses ANYTHING other than the standard adapter for charging.

    Or are those draconian measures reserved only for rounded corners? Why does Apple get a pass?

  8. Re:Standard connectors? LOL you wish! on Reports Say Apple Is Shrinking Its Docking Connector With iPhone 5 · · Score: -1, Flamebait

    {whistle!} a little sensitive, aren't we. whew! i can only imagine how overprotective you are with more personal things.

    I rather suspect his iPhone is the only personal possession he has. Most likely his girlfriend-in-the-pocket.

  9. Re:Sarcasm! on F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC · · Score: 1

    Oh, and here's an apostrophe for the punctuation police: '

  10. Re:Sarcasm! on F-Secure Report: Another SCADA Attack in Iran — This Time With AC/DC · · Score: 3, Insightful

    Actually, playing the music, and calling attention to the exploit is a sign of kiddies at play, and nothing to do
    with any professional or state backed efforts. Why would you reveal your exploit?

    Its possible this is a diversionary tactic to hide something serious going on at different workstations. But I doubt it.
    It could also be an inside prank, because unless you are there to see the panic ensue, why play music. But I doubt that as well.

    The story is just as likely to be totally bogus: Unverified email form a nuclear scientist, Really!?, Like these guys get to send mail unguarded, un-scanned, un-censored?

  11. Re:There is - far less on Developer Drops Game Price To $0 Citing Android Piracy · · Score: 4, Interesting

    On the other hand, not keeping your mouth shut about the piracy, and suddenly announcing you're giving your game away because of all the "piracy" may get you some publicity that will increase your in-app income by even more than continued sales would have done. It's possible, and obviously it's what these guys are banking on.

    And the beauty of that is there doesn't have to be any real level of piracy for this ploy to work.

    Their refusal to reveal actual piracy numbers pretty much lends credence to this possibility.

  12. Re:There is - far less on Developer Drops Game Price To $0 Citing Android Piracy · · Score: 5, Insightful

    Did you ever stop to consider that perhaps it's easier to control in-app purchases than it is to prevent the initial pirated version from being installed?

    I considered this for about 37 seconds, then realized it was not germane.
    So what if people are emailing the .apk all over the world? The were still able to bank all the sales reported in the Google Market.

    They had around a quarter of a million PAID downloads at the time they declared it free.

    Regardless of being pirated or purchased, the money flow from In-APP will be the same. They knew this going in. Like I said, its not their first trip to the bank with games. If you can earn a quick quarter million in under a month, why make it free? Just keep your mouth shut about the piracy and bank the legitimate sales along with the in-app money.

  13. Re:There is - far less on Developer Drops Game Price To $0 Citing Android Piracy · · Score: 5, Insightful

    If random people with illegitimate copies are allowed to use your servers to patch or for gameplay, then you are doing it wrong.

    Or, you are doing it INTENTIONALLY.

    The game in question supports In-App-Purchases, and in fact, to play the game to conclusion, most users will spend more money
    for in-app-purchase of weapons etc than the game's initial purchase price. The game calls home.

    These purchases can't (yet) be hacked like the reported hacking of IOS in-app purchases.

    Its widely suspected that this was Madfinger Games monetization plan all along.

    They planned to release at 99 cents, gain a quick couple hundred thousand downloads, recovering all of their development costs. (This isn't their first game, and they already had their game engine in the can from earlier games).

    Then, magnanimously, when it became clear that you needed to make in-app-purchases, they planned to make it free.

    They go so much flack for making it free after charging about a quarter of a million people 99 cents, that they decided to play the victim card.

    But ALL THE TIME their game had been calling home for authorization at install, and ALL THE TIME they had allowed these pirated installs because they were intending to make their money on In-App-Purchases, and really didn't give a rip about piracy.

    Its a suckers play, and most of the mainstream press as well as bloggers who should know better are falling for it.

  14. Re:What era is this again? on FCC Tariff Changes Mean No More Free Conference Calls · · Score: 1

    How hard can pushing buttons on a phone be?

    Remember when you last ordered up a pizza for delivery?
    It's the same thing.

  15. Re:Put stuff in sealed plastic cases? on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 1

    Preserving something for austerity usually involves pinching pennies or something.

    If you meant posterity instead, just recall that we are talking 25 years. Not that big of a deal.

  16. Re:Dumb idea. on HTML5 Splits Into Two Standards · · Score: 4, Insightful

    It will create so many new jobs and so much specialist knowledge, it can't fail to improve the economy!

    Ah, yes, that's it, they are trying to institutionalize the Broken Window Falacy.

    Personally, I suspect the term "Living standard" is code for we don't want any standards we can't subvert, and we want the freedom to pack in as much
    proprietary crap as we can and go after patent license fees down the road.

    This can't help but lead to IE6 all over again.

  17. Re:What era is this again? on FCC Tariff Changes Mean No More Free Conference Calls · · Score: 2

    There are more VOIP providers than there are species of fish.

    Ok, fair warning, I'm officially stealing that line.

    But you do have POTS whether you know it or not. It may not be on your premises, but that's not the issue.
    If you can call a POTS number from your Voip, you can dial into a conference call.

  18. Re:Nitrogen on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 1

    Actually pressed CDs will always be readable, because they do not depend on a chemical ink.
    They are composed of physical pits in a metallic layer.

  19. Re:Nitrogen on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 1

    And then remember to open the chest every year and feed the bacteria.
    Dumb idea.

  20. Re:Macbook Pro (retina) on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 1

    Find a device that can run without the battery. Many, if not most laptops can run with the battery removed by simply plugging it in.
    There is no battery technology in common use today that can survive sitting unused for 25 years. Further, most laptops are never truly "off"
    and are always pulling a trickle charge for the clock.

    But the suggestion to include a whole computer seems pointless to me.

  21. Re:The only storage medium proven to last 100 year on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 2

    Laser printer pages don't stick together.

    I have banker's boxes full of documents (mostly code listings) circa 1986 printed on the first HP laser jet. No sticking problem.

    The only sticking I've seen in laser printing is from early models (circa 1975) of IBM 3800 laser printers (mainframe laser printers) which printed so fast the thermoplastic never had time to cool before it was pressed down by the sheet above. Print jobs directly off the back end would sometimes stick together. This was solved in a few months by a toner change.

  22. Re:Put stuff in sealed plastic cases? on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 5, Informative

    Acid-free archival paper should be good, even for photos. Look at what the manufacturer says - they mean serious business when they make these papers, real art will be put up in museums reproduced on them.

    We are talking 25 years here.
    You don't need to be particularly worried about printed documents, even photos, over that short period.

    Go into any business that has been around for 30 or 40, or dig into some boxes in your attic or your parents attic, dig into the back of the file cabinets or storage boxes, and you will find documents much older than 25 years that are in perfect shape.

    Acid free paper is for 100 years plus, and has been the norm for off the shelf office paper since the 60s or earlier. True archival paper is Alkaline paper, which has a life expectancy of over 1,000 years for the best paper and 500 years for average grades.

    So for 25 years, no special precautions need be taken when using common commercial printing paper that you might buy at your local office supply store.

    Even Newspapers can be saved for 25 years by simply bagging them in plastic, but it might be better to access the newspaper's web site and print the desired articles on you laser printer using standard office paper.

    25 years is not that hard to do.

  23. Re:Put stuff in sealed plastic cases? on Ask Slashdot: Storing Items In a Sealed Chest For 25 Years? · · Score: 1

    I agree. Go with something that is VERY common, and simply a socket connection (like USB, SD card, MicroSD,).

    Don't go with moving media, like disk drives, unless they are in an external drive chassis with USB connectors, because disk drive connectors have changed twice in the last 25 years and its likely to happen again. Bear in mind the desktop or laptop computer may be completely replaced in 25 years by flat screen portable devices.

    Modern interfaces like USB tend to be backward compatible with prior devices. So when USB 6.0 is pushed out in 25 years, there will still be a boat load of USB 1,2 and 3 devices, and chances are if the connectors are the same they will also be compatible.

  24. Re:Bigger != Better on Don't Super-Size My Smartphone! · · Score: 1

    The phone is a new release. It does everything you need. There is no requirement to have the very latest OS to count ad modern.

  25. Re:church on Book Review: UP and To the RIGHT · · Score: 1

    Except that Scientology Advocated at least eat their own dogfood.