Just take the phone apart and inflict slight damage to the flash circuits.
Alternatively, you may put a small SMD switch to the battery compartment to selectively disable the flash. A firmware hack with doing the same from the phone's menu is cooler, but more difficult because of the closed-source nature of the hell-bound bastards who make the phones.
You just make putting tape on the flash illegal and restrict web sites that talk about adhesive technology.
Trivial to circumvent. Don't use tape, just desolder one pin of the LED. Will pass any casual inspection. If you want to be secure even against more detailed inspection, replace the LED with a fried one that conducts but doesn't shine. If there are no visible marks of soldering (you have to be very careful here, if possible use professional equipment), you can claim equipment malfunction.
Maybe it could be possible to even fry the LED without taking it off the board. There is usually a serial resistor that serves as a current limiter, you may like to put a slight overvoltage directly through the LED and let the chip overheat for long enough - without putting higher voltage to the rest of the circuit than what would damage the other chips.
If a xenon-type flash is mandated, make it look like the phone was dropped and a thin wire was ripped in the inductor coil, or dehermetize the xenon tube.
No big problem.:) I can see this kind of mods as a nice increase of quality of life for EE students.
They told us about how millions of American expats the world over were trying to contact their friends and associates in the United States, to coordinate their political efforts via web sites in the US, etc. only to have their emails bounce relentlessly, and the websites in the US be unreachable for weeks at a time. Phone converstations with friends revealed that these websites were, interestingly enough, perfectly reachable from within the US.
Traceroutes from multiple points? Attempts to reach the unreachable websites by proxies in different locations? Messages in the bounced emails stating the bounce reasons? Do you have any more details?
This may be a serious case of a Homeland Firewall, or just a bunch of regular snafus in the networking infrastructure, depending on the exact nature of the problems experienced.
We also have a third option: in all cases where it's practical wrap the connections to SSL or IPsec or any other suitable kind of encryption. The censors can't censor what they can't see. This won't protect websites, but will take care of the person-to-person communication.
The websites would have to be moved offshore, outside of the FCC's dirty little paws.
Worst case scenario: ISPs are required to install "smart filter/search" Echelon-like systems that watch for "pirated" content and snuff it...
...to which the market will react by moving to SSL or GPG enhanced instant messaging systems. Once the ISP's system can't see more than a TCP connection to a quite common port, with a SSL handshake inside, they are forced to do traffic analysis only.
Even if they would ban this, there is still a plenty of ways to obfuscate the communication to hide it from automated snoops, and there are also ways to masquerade data as something entirely different; eg. as a video stream from a webcam, or a bidirectional UDP traffic of a multiplayer game.
If they want to deploy technical solutions on us, we will do what we know the best: technical countermeasures. If they want a war, they can get some 4G one.
You must feel so secure now that you've secured a small part of your link to the internet.
If everybody would be so proactive in securing their small part, the overall situation would be significantly better. Hey - even if only the mailserver operators would do it, it would be a significant help.
Also you've now brought more attention to yourself by using encryption when it's not needed.
False. By consistently encrypting traffic to his servers, he won't have to change his behavior patterns once he'll really start to need it.
Thus said, you may like to ask your SMTP server operator to enable STARTTLS on his machine. The more people do so, the less noticeable every one of them is.
Judging from my logs, using SMTP/TLS is increasingly common in international business. Join the wave, help the world being more secure against passive email wiretaps.
when NOBODY had a cell phone in the cinema or on a concert...
Because nobody had a cellphone, nobody was expected to have a cellphone. Who needed to be on call, had a pager.
Today the pager networks are being replaced with cellphone ones. People are expected to be immediately available, both by their families and their employers. Being unavailable for periods of time is becoming a luxury only few lucky people can afford.
Repeat this later, after you won't be able to reach somebody you need during a system downtime that will cause you losing a contract worth a lot of money and send you into bankruptcy.
Don't diss the people who maintain the technological infrastructure you are dependent on.
Maybe the small hosting company maintains a line over which a SCADA system of your local power company operates, and its downtime in a wrong moment can subject the mentioned firefighters and doctors to a blackout. Combine this with their slashed budgets and resulting lack of maintenance of their generators. Even a seemingly unimportant part of infrastructure can have a great impact.
Also, given the proliferation of VoIP, even phone services are becoming dependent on computer networks.
I think there are phones that have a service menu, with a function of being manually locked to a cell of choice, preventing the switch to another. Just lock your phone to a nearby "open" cell, and it will then ignore the filtering microcell, even if its signal is stronger.
You shouldn't compare a harmless screensaver with a 'network' client program such as SETI@Home.
Granted, there is a risk. However, given the nature of the program (communication initiated from the program itself, outbound connection to only one server), the attack would have to involve compromising the DNS server or resolver, or the Seti server. This implies a hole in the Seti client. Possible? Yes. Probable? Given the amount of lower-hanging fruit on the users' desktops, I don't think it's likely somebody would bother with this attack route.
Later generations of operating systems will hopefully definitely address these concerns by allowing running such programs in virtual machines, VMware style, mitigating the risks.
Most people don't get affected by this anyway, as they have a TV already.
Given the small amount of people affected, how they want to enforce it? How safe it will be to just ignore the request and play a "dead bug"? When combined with eg. sharing a Net connection with a neighbour to whom it is registered, or getting connectivity via a WiFi-based community network, so no ISP has a name in their databases to be correlated against a database of known non-owners of a TV, discovering the "infringers" is pretty difficult.
It's a fresh new hard drive with random garbage on it, and can be formatted and used just fine.
Clarification: It's an old and used cheap hard drive with unknown service history (save the SMART data). Otherwise correct.
You've made it far more difficult for a third party who discovers your drive/info in a ditch somewhere to identify it and give it back. Your choise, I guess.
He also made it difficult for the mentioned third party to use the data for identity theft or blackmail or any other harmful purpose - so the loss is limited to the value of a cheap hard drive (and the eventual difference between the actual data and the backups). Good choice, it seems.
If he wants to mitigate the risk you mention, he can always tape his businesscard on top of the drive.
Don't underestimate the power consumption of modern CPUs.
The modern CPUs are not that common in office environment, where Word/Excel/Powerpoint are the required applications and Doom 3 is unheard of. (The situation is likely to be different on servers, though.)
Personally, I am pondering trying to underclock some of our newer machines by 10%, in order to reduce the long-term impact of electromigration and heat-related failures (not sure it's worth the bother, though - did anybody actually performed any reliability tests of this nature?). Most tasks in the contemporary office environment are bound not by CPU, but by disk or Net bandwidth or in case of many concurrent tasks by RAM. When it's difficult to find a sub-gigahertz CPU, its computing power isn't an issue anymore.
Not all theft involves goods, some involve services... hence "theft of services"
Who was the damaged party here? Is it theft when it is wasted otherwise? What's the difference between running Seti screensaver and any other one? Would you complain about a morphing image or dancing Bezier curve? Just because someone else (in this case Project SETI) profits, is it suddenly a theft?
Pull your head out of your ass, realize the extent of your fucking idiocy, then go fuck yourself with a chainsaw and die.
Using your own terminology, are you willing to realize that it's a fucking waste to not appropriate the unused CPU cycles to something more useful than nothing - being it SETI, bruteforcing MD5, or folding proteins? Can you understand that not all games have to be the fucking zero-sum ones, that in this case nobody had to lose anything significant to let the SETI project win couple calculated units?
Been there. Somebody set a screensaver on the office fileserver - a "waving image" one, with a bitmap mapped to a waving surface. It caused occassional unexplainable slowdowns of the server response time. I was quite inexperienced back then, so I was sweating blood trying to hunt it down (as it was screensaver-bound, the problem disappeared whenever I tried to find it) instead of seeing it immediately. It was back when low-grade Pentiums were new and such thing done in realtime ate all the CPU.
Did we fire the perpetrator? No. He got a Look, I got a story, and that was the end. The problem never happened again.
Nobody would question his firing if he was using the state's computers to host a commercial website for his own profit.
That has a negative impact on the machine performance, as the requests come regardless of its load. SETI@home uses the computer only when it doesn't work otherwise.
However, using the same server for SETI@home is somehow better, right?
Yes. What is the real damage done here? If we stretch things a bit, we could get a minor potential vulnerability of running a third-party app taking data from a remote machine, but MSIE - even when fully patched - is orders of magnitude worse in this regard. Other possible damage is a minutely higher power consumption of the CPU - worth perhaps couple cents.
Really, would you think it would be discrimination if he decided to donate some of his employer's PCs to Goodwill and got fired?
That would negatively affect the employer's ability to use the PCs - while SETI@home software doesn't use the CPU when other apps need it.
More accurate comparison would be being fired for running a CPU-intensive screensaver.
This smells more like a dumb manageroid hating a specific employee (which would also explain his later remarks), and using the first excuse to get rid of him.
Basically, he was doing something that constitutes theft of service, with somebody else's computer.
If it was theft, where's the stolen goods missing from?
Couple more such raids, and sooner or later somebody comes up with an idea how to make realtime mirroring of content between a swarm of servers. Think RAIW, Redundant Array of Independent Webservers. Identical, strewn across jurisdictions. Could also serve as a neat load-balancing, and, if combined with an array of "hidden nodes" that would upload copies to eg. Freenet, practically impossible to shut down.
Given that the demographics behind Indymedia and behind various open-source projects overlaps to significant degree, it's the virtually only possible reaction to the mounting pressure.
its mercury salts that are poisonous... (hence the "mad hatters"), not mercury, *sigh*
Well... the concern here is probably the mercury vapors. When the ambient temperature is high, at least. And even that not too much.
Metallic mercury risk is only in the vapors; and, when ingested, it causes violent diarrhea. (It's not entirely friendly material, but no cause of fear, at least unless combined with liability lawyers and clueless jury. Which could explain the hazmat dudes. The threat of lawyers often leads to irrational behavior.)
The salts are dangerous when they are soluble. Calomel is quite harmless, in comparison with soluble mercury(II) chloride. (A better example here is barium, which is very toxic, and barium sulphide, which is commonly used as x-ray contrast stuff in medicine, and is nontoxic because its extremely low solubility.) The real bitch, however, are organic mercury compounds, eg. dimethyl mercury, which - in combination with fishing industry - can lead to whole villages being affected (see Minamata Disease).
They might not know high voltage is lurking in the display and may assume it's low voltage LED's that light the display.
They should be able to recognize a fluorescent tube.
They might appreciate a warning that it may bite.
That's true. However, a small, reasonably painful lesson that high voltage may lurk in unexpected unmarked places even in otherwise low-voltage electronics, may save them from a more painful (and costly) experience in the future.:)
The tube has mecurey and uses high voltage. It's not the same as tearing apart an old C64.
Bah. The amount of mercury is negligible (older people here still remember the times when mercury balls from a broken thermometer weren't a reason to evacuate a school and call hazmat team but to go on knees and hunt them together with a piece of paper, and we didn't grow two heads from that), the high voltage in the invertor is at most unpleasant (which, as a bonus, is a nice and quite safe way to teach them how to respect invertors - from experience I can say the kick from a laptop backlight is FAR more pleasant than what an ignition coil does (ouch)).
There's a difference between "reasonable amount of risk" and "safety hysteria".
I'd be somehow more concerned about the AC part of the power supply.
Slashdot Mirror
Just take the phone apart and inflict slight damage to the flash circuits.
Alternatively, you may put a small SMD switch to the battery compartment to selectively disable the flash. A firmware hack with doing the same from the phone's menu is cooler, but more difficult because of the closed-source nature of the hell-bound bastards who make the phones.
Trivial to circumvent. Don't use tape, just desolder one pin of the LED. Will pass any casual inspection. If you want to be secure even against more detailed inspection, replace the LED with a fried one that conducts but doesn't shine. If there are no visible marks of soldering (you have to be very careful here, if possible use professional equipment), you can claim equipment malfunction.
Maybe it could be possible to even fry the LED without taking it off the board. There is usually a serial resistor that serves as a current limiter, you may like to put a slight overvoltage directly through the LED and let the chip overheat for long enough - without putting higher voltage to the rest of the circuit than what would damage the other chips.
If a xenon-type flash is mandated, make it look like the phone was dropped and a thin wire was ripped in the inductor coil, or dehermetize the xenon tube.
No big problem. :) I can see this kind of mods as a nice increase of quality of life for EE students.
Just a few people who work in large buildings... that are still standing.
STBs (Stupidly Tall Buildings) are mostly prevalent in big cities.
Big cities were the areas that typically favored Kerry. I think it includes NYC itself.
I am afraid something doesn't fit in your statement.
Traceroutes from multiple points? Attempts to reach the unreachable websites by proxies in different locations? Messages in the bounced emails stating the bounce reasons? Do you have any more details?
This may be a serious case of a Homeland Firewall, or just a bunch of regular snafus in the networking infrastructure, depending on the exact nature of the problems experienced.
The websites would have to be moved offshore, outside of the FCC's dirty little paws.
Even if they would ban this, there is still a plenty of ways to obfuscate the communication to hide it from automated snoops, and there are also ways to masquerade data as something entirely different; eg. as a video stream from a webcam, or a bidirectional UDP traffic of a multiplayer game.
If they want to deploy technical solutions on us, we will do what we know the best: technical countermeasures. If they want a war, they can get some 4G one.
If everybody would be so proactive in securing their small part, the overall situation would be significantly better. Hey - even if only the mailserver operators would do it, it would be a significant help.
Also you've now brought more attention to yourself by using encryption when it's not needed.
False. By consistently encrypting traffic to his servers, he won't have to change his behavior patterns once he'll really start to need it.
Thus said, you may like to ask your SMTP server operator to enable STARTTLS on his machine. The more people do so, the less noticeable every one of them is.
Judging from my logs, using SMTP/TLS is increasingly common in international business. Join the wave, help the world being more secure against passive email wiretaps.
Oh, come on! Everybody knows Elves paid Tolkien to portrait them better than they are.
Because nobody had a cellphone, nobody was expected to have a cellphone. Who needed to be on call, had a pager.
Today the pager networks are being replaced with cellphone ones. People are expected to be immediately available, both by their families and their employers. Being unavailable for periods of time is becoming a luxury only few lucky people can afford.
Don't diss the people who maintain the technological infrastructure you are dependent on.
Maybe the small hosting company maintains a line over which a SCADA system of your local power company operates, and its downtime in a wrong moment can subject the mentioned firefighters and doctors to a blackout. Combine this with their slashed budgets and resulting lack of maintenance of their generators. Even a seemingly unimportant part of infrastructure can have a great impact.
Also, given the proliferation of VoIP, even phone services are becoming dependent on computer networks.
Part of certain jobs is to be on call for extended periods of time. May the gods curse you with one.
I think there are phones that have a service menu, with a function of being manually locked to a cell of choice, preventing the switch to another. Just lock your phone to a nearby "open" cell, and it will then ignore the filtering microcell, even if its signal is stronger.
Alternatively, when they come to check, don't let them in without a proper search warrant.
Granted, there is a risk. However, given the nature of the program (communication initiated from the program itself, outbound connection to only one server), the attack would have to involve compromising the DNS server or resolver, or the Seti server. This implies a hole in the Seti client. Possible? Yes. Probable? Given the amount of lower-hanging fruit on the users' desktops, I don't think it's likely somebody would bother with this attack route.
Later generations of operating systems will hopefully definitely address these concerns by allowing running such programs in virtual machines, VMware style, mitigating the risks.
Given the small amount of people affected, how they want to enforce it? How safe it will be to just ignore the request and play a "dead bug"? When combined with eg. sharing a Net connection with a neighbour to whom it is registered, or getting connectivity via a WiFi-based community network, so no ISP has a name in their databases to be correlated against a database of known non-owners of a TV, discovering the "infringers" is pretty difficult.
Clarification: It's an old and used cheap hard drive with unknown service history (save the SMART data). Otherwise correct.
You've made it far more difficult for a third party who discovers your drive/info in a ditch somewhere to identify it and give it back. Your choise, I guess.
He also made it difficult for the mentioned third party to use the data for identity theft or blackmail or any other harmful purpose - so the loss is limited to the value of a cheap hard drive (and the eventual difference between the actual data and the backups). Good choice, it seems.
If he wants to mitigate the risk you mention, he can always tape his businesscard on top of the drive.
The modern CPUs are not that common in office environment, where Word/Excel/Powerpoint are the required applications and Doom 3 is unheard of. (The situation is likely to be different on servers, though.)
Personally, I am pondering trying to underclock some of our newer machines by 10%, in order to reduce the long-term impact of electromigration and heat-related failures (not sure it's worth the bother, though - did anybody actually performed any reliability tests of this nature?). Most tasks in the contemporary office environment are bound not by CPU, but by disk or Net bandwidth or in case of many concurrent tasks by RAM. When it's difficult to find a sub-gigahertz CPU, its computing power isn't an issue anymore.
Who was the damaged party here? Is it theft when it is wasted otherwise? What's the difference between running Seti screensaver and any other one? Would you complain about a morphing image or dancing Bezier curve? Just because someone else (in this case Project SETI) profits, is it suddenly a theft?
Pull your head out of your ass, realize the extent of your fucking idiocy, then go fuck yourself with a chainsaw and die.
Using your own terminology, are you willing to realize that it's a fucking waste to not appropriate the unused CPU cycles to something more useful than nothing - being it SETI, bruteforcing MD5, or folding proteins? Can you understand that not all games have to be the fucking zero-sum ones, that in this case nobody had to lose anything significant to let the SETI project win couple calculated units?
Sorry, your request won't be granted.
Been there. Somebody set a screensaver on the office fileserver - a "waving image" one, with a bitmap mapped to a waving surface. It caused occassional unexplainable slowdowns of the server response time. I was quite inexperienced back then, so I was sweating blood trying to hunt it down (as it was screensaver-bound, the problem disappeared whenever I tried to find it) instead of seeing it immediately. It was back when low-grade Pentiums were new and such thing done in realtime ate all the CPU.
Did we fire the perpetrator? No. He got a Look, I got a story, and that was the end. The problem never happened again.
That has a negative impact on the machine performance, as the requests come regardless of its load. SETI@home uses the computer only when it doesn't work otherwise.
However, using the same server for SETI@home is somehow better, right?
Yes. What is the real damage done here? If we stretch things a bit, we could get a minor potential vulnerability of running a third-party app taking data from a remote machine, but MSIE - even when fully patched - is orders of magnitude worse in this regard. Other possible damage is a minutely higher power consumption of the CPU - worth perhaps couple cents.
Really, would you think it would be discrimination if he decided to donate some of his employer's PCs to Goodwill and got fired?
That would negatively affect the employer's ability to use the PCs - while SETI@home software doesn't use the CPU when other apps need it.
More accurate comparison would be being fired for running a CPU-intensive screensaver.
This smells more like a dumb manageroid hating a specific employee (which would also explain his later remarks), and using the first excuse to get rid of him.
Basically, he was doing something that constitutes theft of service, with somebody else's computer.
If it was theft, where's the stolen goods missing from?
Another question is where to move to. Either the infrastructure sucks, or it's going down quite the same hole.
Given that the demographics behind Indymedia and behind various open-source projects overlaps to significant degree, it's the virtually only possible reaction to the mounting pressure.
Well... the concern here is probably the mercury vapors. When the ambient temperature is high, at least. And even that not too much.
Metallic mercury risk is only in the vapors; and, when ingested, it causes violent diarrhea. (It's not entirely friendly material, but no cause of fear, at least unless combined with liability lawyers and clueless jury. Which could explain the hazmat dudes. The threat of lawyers often leads to irrational behavior.)
The salts are dangerous when they are soluble. Calomel is quite harmless, in comparison with soluble mercury(II) chloride. (A better example here is barium, which is very toxic, and barium sulphide, which is commonly used as x-ray contrast stuff in medicine, and is nontoxic because its extremely low solubility.) The real bitch, however, are organic mercury compounds, eg. dimethyl mercury, which - in combination with fishing industry - can lead to whole villages being affected (see Minamata Disease).
They should be able to recognize a fluorescent tube.
They might appreciate a warning that it may bite.
That's true. However, a small, reasonably painful lesson that high voltage may lurk in unexpected unmarked places even in otherwise low-voltage electronics, may save them from a more painful (and costly) experience in the future. :)
Bah. The amount of mercury is negligible (older people here still remember the times when mercury balls from a broken thermometer weren't a reason to evacuate a school and call hazmat team but to go on knees and hunt them together with a piece of paper, and we didn't grow two heads from that), the high voltage in the invertor is at most unpleasant (which, as a bonus, is a nice and quite safe way to teach them how to respect invertors - from experience I can say the kick from a laptop backlight is FAR more pleasant than what an ignition coil does (ouch)).
There's a difference between "reasonable amount of risk" and "safety hysteria".
I'd be somehow more concerned about the AC part of the power supply.