I would be very disturbed if someone who had been disemboweled posted on Slashdot. Both that a cat had done so and that they survived. Of course, velociraptors had 3.5" claws, which is a bit longer than most house cats that I've seen, and larger cats can actually disembowel their prey.
Just skimming over the comments made thus far there are probably over a hundred that are defending Apple, and very few that agree that "easily scratched" is a design flaw. I mean, I wouldn't buy a nano if it was badly scratched in the store, and I doubt that it was explained just how frail the casing is. If something is small and portable then it's only common sense that it's going to get a lot of abuse. Scratches, while they don't affect how the unit plays music, are annoying, especially if they make the screen harder to read. Electronics aren't inheritantly fragile. Circuit boards and microchips are quite difficult to break (you practically need a hammer, especially with microchips). Take a JOGR flash drive for instance. I kept one on my keychain for about a year, and I still can't find a single scratch on it. You could drop one from a building and it'd bounce when it hit the ground. It's even water resistant (I always took my keychain with me when I showered in my dorm). I just don't get why most portable electronics are made to be so fragile. Perhaps companies make more money if they make a fragile product that people have to replace when it breaks...
I use a laptop and still play Windows games (causing me to use at least two OSes on most days), so I reboot fairly often. Of course, it's between a hibernated Windows XP and BeOS, so I don't have to wait for very long and I get to sleep in a quieter, cooler room with my laptop off at night. Although, with Linux's boot time I can certainly see why people would want to avoid rebooting. =)
QEMU + a disk image of an OS smaller than the flash drive capacity is nice. You can install whatever you want and take everything anywhere. It's possible with a lot of Linux distros, BeOS, and a few others. If you want Windows then I'd try Bart's PE.
You bring up several interesting points, but I still maintain that it's on the same level of security as a traditional lock.
Picking takes skill
As does any technological approach. Given, I would expect that most people reading this site could figure it out, but I would guess that the difficulty of the two attacks are roughly the same. Remember, the average person doesn't know how to pick locks, but they also couldn't tell you what encryption or RFID is either. A downloadable attack against a certain type of RFID lock is roughly equivalent (IMHO) to learning how to exploit a certain flaw in a normal lock (credit card trick for instance). RFID locks would have the disadvantage of someone remotely working with them, but on the other hand, they also have the possibility of being upgraded (challenge/response with a 512 bit RSA key would be nice).
This method of "picking" leaves behind no trace.
And why would most thieves care? I'm not talking about people stealing priceless paintings and stuff (which I imagine this system won't be used to protect), more like the traditional break-in and steal anything of value stuff. In the latter case I would assume most thieves would want their victims to get insurance money. It makes their actions a little better morally (from their standpoint), and if they felt so inclined they could come back later and steal from the same place again when everything got replaced.
A thief can find vulnerable targets en mass
Most homes have garage doors, which would suffer from the same problem, and businesses, at night, are pretty much devoid of people, so walking around looking at lock brands doesn't seem like it'd be difficult. As for garage doors, some use an 8 bit static code, so I think we both know how (in)secure that is. As for the ones that use a rolling code, they are a little more difficult. With 2^37 possibilities (2^40 - 256 accepted codes) and a reasonably secure opener (won't take 2^7 tries a second) it wouldn't be practical to sit around trying to crack it. However, since the RFID attacks you mentioned require observing the victim and the lock (whereas a lock can be picked on a whim), lets say someone recorded 10 valid codes. Using a computer to simulate the pseudo-random number generator I would guess it would be possible to crack in a reasonable amount of time.
A thief can defeat a single target with ease.
Similar to the above vulnerability, but I think you're overestimating the difficulty of figuring out which lock someone uses. Say they go to a suburb with lots of houses built by the same builder, or they happen to see which brand of lock a business uses on one door and assumes that they got all their locks on bid from the same supplier. This already happens with car thieves, they know how to steal a few types of cars quickly, so they look for those types.
As for the barcode recommendation, I would say it's still on the same level of security as these. Imagine a Kroger store clerk that setup a hidden camera. They get an image of the barcode as people showed their keyring attached Kroger Plus thing, get the name of anyone who doesn't pay by cash, and the address of those who pay by check. So by the end of the day they would probably have a few dozen easy targets.
Well, it's not like the current system is any more secure. Most locks aren't *that* hard to pick. In fact, I've got a lock box (Brinks) that it as easy to pick as open with a key (given, it's kinda cheap, but it is still a 5 pin lock). Most buildings have master keys, and IIRC there's a rather simple way to make one given any key based on it. Of course, even if you have the best lock in the world, what is the average door made of? A couple inches of wood? A couple sheets of metal? Or how about the bolt? I suspect that it's magnetic, so perhaps a strong magnet could pull it (just speculation on my part here). The point is that despite its insecurities, it's on the same level of security as the current system, only more convenient.
I'm starting to get worried here. Most of the space programs in the world are trying to hit asteroids, perhaps deflect them. Even the military is now looking at anti-satellite weapons. So I'm beginning to wonder, what's with this sudden surge of interest in defense against things hitting us from space? Do they know something (troubling) that I don't?
Wait a second, why would "who's responsible" matter? Nobody is trying to gun down school buses, and if one did then it would be a tragic accident that people should take measures to prevent from reoccuring, not punish someone over (unless it was caused by some huge fault of theirs). Of course, I'd hope that the AI would be smarter than that (or shut down in the event of a malfunction), or that they keep loaded school buses out of war zones where these things would be deployed. Preferably both.
I've always assumed that the right to unreasonable search only applies to active means. An e-nose would be a passive detection device, so you'd have to be emitting some kind of smell before it'd detect it. I can't really see any difference from a dog or e-nose smelling something and a police officer seeing something. I don't mean they could stop a person & smell them (or cause any trouble like making people walk past the detectors in single file), but if they are just walking down the street & the detector alarms then isn't it soft of the same as if you were carrying some drugs & dropped them in front of an officer? You don't have a right to break the law & get away with it, just a right to not be treated like a criminal if you're innocent.
A properly configured Linux system is probably indistinguishable from a properly configured BeOS system under normal desktop use.
I have to disagree with you there, an out of the box BeOS install is probably an order of magnitude more responsive than XP or Linux. Try maxing out your cpu and working with the GUI in Windows (I haven't tried it in Linux), the menus lag and the system becomes annoying to use. In BeOS it is quite difficult to emulate that effect (you usually have to boost the priority of the CPU sucking application).
Boot times are hardly comparable. I know that doesn't matter for a server or if you never turn off your computer, but it certainly is an issue for about half of desktop users (who do turn off their computer at least nightly) and laptop users. That also seems kinda like side-stepping the issue IMHO.
I tried opening a folder on the desktop in Windows & Linux, a very typical user action, it took at least half a second. In BeOS it was at most a tenth (I couldn't really judge the time from my letting go on the double click and the window appearing).
Those are some of the main reasons I use BeOS for my primary OS even though I have Linux and Windows installed. It can do 90% of what I want, and it does that quickly. BeOS has always been more like a tool, you use it if it does the job best, use something else if it doesn't. If I want to play a game I boot XP. If I want to make a disk image for QEMU that does funky things for my VPN (like make it quasi-p2p) then I use Linux.
BTW, BeOS can run servers just fine, just not quite as well as Linux.
The scheduling seems to be fitting for a desktop OS. BeOS can run servers, but not as well as Linux (hence the reason several BeOS sites eventually switched to Linux servers). For media it's amazing. Gaming seems to work pretty well (Quake 2 for BeOS normally doesn't use hardware acceleration, which until recently was unavailable, and still works fine). And BeOS is know for how responsive its GUI is. The system boots quickly and most applications start quickly (ported software usually takes much longer). Firefox (javascript specifically) even seems to run quite a bit faster under BeOS on dual boot machines (but it's probably just a testament to the programming skills of the BeZilla people). It seems to me that BeOS does better with that stuff because it's designed to be a desktop OS and not a server, so its scheduler is probably a little more fine tuned for that role.
Deny by default has its share of downsides as well. It works perfectly for servers or mindless drones, but with people who don't do exactly the same thing everyday it can become just as (or more) difficult to manage as permit by default. Take my boarding school for example. They blocked everything except outbound ports 80, 110, and 443. That means people couldn't use FTP, NTP, Usenet, IMAP(S), POP3S, or any other somewhat useful internet services. They also weren't willing to open a port for just one user. So after getting frustrated at not being able to access those services (not to mention a few obscure websites running on non-default ports) I was motivated to circumvent it. After a little research/trial and error I found that HTTPort & public proxies worked for Windows, and that the firewall wasn't compatible with BeOS (which I still use today, so some good did came from this). While most users won't resort to those measures, it isn't exactly a good idea to block things just because you (an IT person) don't think that other people (in my case students) need access to it. A better solution, IMHO, would be to block any normally ports that Windows normally keeps open, and possibly any know trojan/spyware ports, and allow everything else.
I've got one of those mice and it certainly wasn't very complicated. Just a normal optical mouse with a device attached to the housing that made it shake. Last year my roommate and I decided to swap out most the leds in our room with blue ones. The mouse was simple enough, it had maybe 5 major parts (vibration unit, circuit board, mouse wheel, piece of plastic the wheel rested on, and a plastic lens thing for the led). Replacing the led and putting it back together wasn't any really difficult and certainly not what I'd call complicated. It even boosted the accuracy (brighter led I guess) and is as reliable as ever. I'd guess that the upper end joysticks are more complicated, but the mice are fairly simple.
Oh now I see what you were talking about. But it seems that both TugZip & Zip Genius (which I currently have installed) do that as well. A feature that never occurred to me since I rarely have very many folders opened simultaneously.
Actually a lot of free programs do that. I haven't used WinZip in years because I found freeware alternatives that would extract/create more types of archives (RAR for instance) and have more features (like renaming a file in an archive, repairing corrupt files, or scheduling backups). In the last 6 years I've used several such programs, FilZip, ZipGenius, and TugZip that I can remember. AFAIK they all have that level of explorer integration and can extract about 20 types of archives (and compress to about 7). ZipGenius, for instance, is giving me options (in a subdirectory of my context menu on multiple zip files) to add to a Downloads.zip file, add to an archive with options, add to any zip archive, create & e-mail archive, extract all here, extract all to..., extract here in separate folders, extract all to... in separate folders, and compress to 7-zip. TugZip is giving me a few less options (but still has extract in subfolders) but also has an option to convert them to self extracting archives.
I've heard several claims of people recovering significant parts of files even after the data has been overwritten multiple times. The best solution is simply to use full disk encryption and be done with it, but if you have one file that you want gone then this is still a useful procedure. By overwrite I mean overwriting the sectors where the data is physically stored. Like with DOD 5220.22-M, overwrite each bit with a 1 or 0, its complement, and then a random bit. But some criticize that standard for being weak with only 3 overwrites. Hence the reason I wonder how many rewrites other have been able to usefully recover data after.
Just wondering, how many overwrites does it take before data is reasonably securely deleted? I know if you're paranoid you could overwrite data dozens of times, and software like DriveCrypt or CompuSec kinda make this issue kinda moot. Still though, I'm curious to see what is actually possible and what is just unreasonably paranoid for individuals.
How about incorporating captcha into showing the cards? That way a bot couldn't read the cards but a human (theoretically) could. Such a measure would
cut down on bots, but it still wouldn't stop someone from physically playing, but still consulting a program to see what they should do. But, I doubt there's a way to stop people from doing that.
Well, I'd say most desktop users care. I, for one, own a laptop with about 6 primary partions that I like to boot into. On a typical day I probably switch between BeOS and a hibernated Windows XP about three or four times. I also like to take my laptop with me on trips, which happens about every week or so. Since my laptop can also function as a noisy space heater for my dorm room I like to turn it off at night and if I go anywhere. (Lots of people turn their computer off if they aren't using it, most discussions that I've seen about it on forums show about half of the people do.) So reboot time is a big concern for me (contributing to my primary OS choices).
It's kinda silly for every computer to have the same local administrator password to begin with. Take my school for example. It's a boarding school that issued each student a laptop. Initially we were power users on our machines, and people couldn't install printers or anything so they told everyone the admin password (which was the same for every student laptop on the LAN). Other years they didn't tell it to us, but LANMAN isn't exactly the most secure hash... Anyway, as is the case with essentially every Windows box I've seen lately, the "Server" service was left to start automatically. Since the computers were on the same network anyone could use that password (the AUP forbids changing it) and get onto the default hidden shares for each drive, access the registry/services, or even control the computer as if it had VNC on it if you had the right programs. Fortunately, I don't think anyone but me knew how to use the "net use" command (and I didn't do anything too evil to my classmates). Still though, I can't imagine why any self-respecting network administrator would allow such a serious security problem arise and repeat itself year after year in the first place.
Just like having curtains means that you're doing something illegal inside your house. Same for using SSL, or objecting when someone stares at your laptop screen on a plane. You're almost certainly right about people using it that way, but that doesn't mean that it shouldn't be implemented. I for one do not want to explain to a school techie that something I downloaded is in fact legal even though it's an mp3 or whatever.
IIRC it's because it needs Java, and that port isn't finished yet. Hopefully a few more open source projects will start paying attention to it when Haiku is released...
Slashdot Mirror
I would be very disturbed if someone who had been disemboweled posted on Slashdot. Both that a cat had done so and that they survived. Of course, velociraptors had 3.5" claws, which is a bit longer than most house cats that I've seen, and larger cats can actually disembowel their prey.
Just skimming over the comments made thus far there are probably over a hundred that are defending Apple, and very few that agree that "easily scratched" is a design flaw. I mean, I wouldn't buy a nano if it was badly scratched in the store, and I doubt that it was explained just how frail the casing is. If something is small and portable then it's only common sense that it's going to get a lot of abuse. Scratches, while they don't affect how the unit plays music, are annoying, especially if they make the screen harder to read. Electronics aren't inheritantly fragile. Circuit boards and microchips are quite difficult to break (you practically need a hammer, especially with microchips). Take a JOGR flash drive for instance. I kept one on my keychain for about a year, and I still can't find a single scratch on it. You could drop one from a building and it'd bounce when it hit the ground. It's even water resistant (I always took my keychain with me when I showered in my dorm). I just don't get why most portable electronics are made to be so fragile. Perhaps companies make more money if they make a fragile product that people have to replace when it breaks...
I use a laptop and still play Windows games (causing me to use at least two OSes on most days), so I reboot fairly often. Of course, it's between a hibernated Windows XP and BeOS, so I don't have to wait for very long and I get to sleep in a quieter, cooler room with my laptop off at night. Although, with Linux's boot time I can certainly see why people would want to avoid rebooting. =)
QEMU + a disk image of an OS smaller than the flash drive capacity is nice. You can install whatever you want and take everything anywhere. It's possible with a lot of Linux distros, BeOS, and a few others. If you want Windows then I'd try Bart's PE.
You bring up several interesting points, but I still maintain that it's on the same level of security as a traditional lock.
Picking takes skill
As does any technological approach. Given, I would expect that most people reading this site could figure it out, but I would guess that the difficulty of the two attacks are roughly the same. Remember, the average person doesn't know how to pick locks, but they also couldn't tell you what encryption or RFID is either. A downloadable attack against a certain type of RFID lock is roughly equivalent (IMHO) to learning how to exploit a certain flaw in a normal lock (credit card trick for instance). RFID locks would have the disadvantage of someone remotely working with them, but on the other hand, they also have the possibility of being upgraded (challenge/response with a 512 bit RSA key would be nice).
This method of "picking" leaves behind no trace.
And why would most thieves care? I'm not talking about people stealing priceless paintings and stuff (which I imagine this system won't be used to protect), more like the traditional break-in and steal anything of value stuff. In the latter case I would assume most thieves would want their victims to get insurance money. It makes their actions a little better morally (from their standpoint), and if they felt so inclined they could come back later and steal from the same place again when everything got replaced.
A thief can find vulnerable targets en mass
Most homes have garage doors, which would suffer from the same problem, and businesses, at night, are pretty much devoid of people, so walking around looking at lock brands doesn't seem like it'd be difficult. As for garage doors, some use an 8 bit static code, so I think we both know how (in)secure that is. As for the ones that use a rolling code, they are a little more difficult. With 2^37 possibilities (2^40 - 256 accepted codes) and a reasonably secure opener (won't take 2^7 tries a second) it wouldn't be practical to sit around trying to crack it. However, since the RFID attacks you mentioned require observing the victim and the lock (whereas a lock can be picked on a whim), lets say someone recorded 10 valid codes. Using a computer to simulate the pseudo-random number generator I would guess it would be possible to crack in a reasonable amount of time.
A thief can defeat a single target with ease.
Similar to the above vulnerability, but I think you're overestimating the difficulty of figuring out which lock someone uses. Say they go to a suburb with lots of houses built by the same builder, or they happen to see which brand of lock a business uses on one door and assumes that they got all their locks on bid from the same supplier. This already happens with car thieves, they know how to steal a few types of cars quickly, so they look for those types.
As for the barcode recommendation, I would say it's still on the same level of security as these. Imagine a Kroger store clerk that setup a hidden camera. They get an image of the barcode as people showed their keyring attached Kroger Plus thing, get the name of anyone who doesn't pay by cash, and the address of those who pay by check. So by the end of the day they would probably have a few dozen easy targets.
Well, it's not like the current system is any more secure. Most locks aren't *that* hard to pick. In fact, I've got a lock box (Brinks) that it as easy to pick as open with a key (given, it's kinda cheap, but it is still a 5 pin lock). Most buildings have master keys, and IIRC there's a rather simple way to make one given any key based on it. Of course, even if you have the best lock in the world, what is the average door made of? A couple inches of wood? A couple sheets of metal? Or how about the bolt? I suspect that it's magnetic, so perhaps a strong magnet could pull it (just speculation on my part here). The point is that despite its insecurities, it's on the same level of security as the current system, only more convenient.
But everyone who's seen Evangelion knows that the test type is better than the production version!
I'm starting to get worried here. Most of the space programs in the world are trying to hit asteroids, perhaps deflect them. Even the military is now looking at anti-satellite weapons. So I'm beginning to wonder, what's with this sudden surge of interest in defense against things hitting us from space? Do they know something (troubling) that I don't?
Wait a second, why would "who's responsible" matter? Nobody is trying to gun down school buses, and if one did then it would be a tragic accident that people should take measures to prevent from reoccuring, not punish someone over (unless it was caused by some huge fault of theirs). Of course, I'd hope that the AI would be smarter than that (or shut down in the event of a malfunction), or that they keep loaded school buses out of war zones where these things would be deployed. Preferably both.
I've always assumed that the right to unreasonable search only applies to active means. An e-nose would be a passive detection device, so you'd have to be emitting some kind of smell before it'd detect it. I can't really see any difference from a dog or e-nose smelling something and a police officer seeing something. I don't mean they could stop a person & smell them (or cause any trouble like making people walk past the detectors in single file), but if they are just walking down the street & the detector alarms then isn't it soft of the same as if you were carrying some drugs & dropped them in front of an officer? You don't have a right to break the law & get away with it, just a right to not be treated like a criminal if you're innocent.
A properly configured Linux system is probably indistinguishable from a properly configured BeOS system under normal desktop use.
I have to disagree with you there, an out of the box BeOS install is probably an order of magnitude more responsive than XP or Linux. Try maxing out your cpu and working with the GUI in Windows (I haven't tried it in Linux), the menus lag and the system becomes annoying to use. In BeOS it is quite difficult to emulate that effect (you usually have to boost the priority of the CPU sucking application).
Boot times are hardly comparable. I know that doesn't matter for a server or if you never turn off your computer, but it certainly is an issue for about half of desktop users (who do turn off their computer at least nightly) and laptop users. That also seems kinda like side-stepping the issue IMHO.
I tried opening a folder on the desktop in Windows & Linux, a very typical user action, it took at least half a second. In BeOS it was at most a tenth (I couldn't really judge the time from my letting go on the double click and the window appearing).
Those are some of the main reasons I use BeOS for my primary OS even though I have Linux and Windows installed. It can do 90% of what I want, and it does that quickly. BeOS has always been more like a tool, you use it if it does the job best, use something else if it doesn't. If I want to play a game I boot XP. If I want to make a disk image for QEMU that does funky things for my VPN (like make it quasi-p2p) then I use Linux. BTW, BeOS can run servers just fine, just not quite as well as Linux.
The scheduling seems to be fitting for a desktop OS. BeOS can run servers, but not as well as Linux (hence the reason several BeOS sites eventually switched to Linux servers). For media it's amazing. Gaming seems to work pretty well (Quake 2 for BeOS normally doesn't use hardware acceleration, which until recently was unavailable, and still works fine). And BeOS is know for how responsive its GUI is. The system boots quickly and most applications start quickly (ported software usually takes much longer). Firefox (javascript specifically) even seems to run quite a bit faster under BeOS on dual boot machines (but it's probably just a testament to the programming skills of the BeZilla people). It seems to me that BeOS does better with that stuff because it's designed to be a desktop OS and not a server, so its scheduler is probably a little more fine tuned for that role.
Deny by default has its share of downsides as well. It works perfectly for servers or mindless drones, but with people who don't do exactly the same thing everyday it can become just as (or more) difficult to manage as permit by default. Take my boarding school for example. They blocked everything except outbound ports 80, 110, and 443. That means people couldn't use FTP, NTP, Usenet, IMAP(S), POP3S, or any other somewhat useful internet services. They also weren't willing to open a port for just one user. So after getting frustrated at not being able to access those services (not to mention a few obscure websites running on non-default ports) I was motivated to circumvent it. After a little research/trial and error I found that HTTPort & public proxies worked for Windows, and that the firewall wasn't compatible with BeOS (which I still use today, so some good did came from this). While most users won't resort to those measures, it isn't exactly a good idea to block things just because you (an IT person) don't think that other people (in my case students) need access to it. A better solution, IMHO, would be to block any normally ports that Windows normally keeps open, and possibly any know trojan/spyware ports, and allow everything else.
I've got one of those mice and it certainly wasn't very complicated. Just a normal optical mouse with a device attached to the housing that made it shake. Last year my roommate and I decided to swap out most the leds in our room with blue ones. The mouse was simple enough, it had maybe 5 major parts (vibration unit, circuit board, mouse wheel, piece of plastic the wheel rested on, and a plastic lens thing for the led). Replacing the led and putting it back together wasn't any really difficult and certainly not what I'd call complicated. It even boosted the accuracy (brighter led I guess) and is as reliable as ever. I'd guess that the upper end joysticks are more complicated, but the mice are fairly simple.
Oh now I see what you were talking about. But it seems that both TugZip & Zip Genius (which I currently have installed) do that as well. A feature that never occurred to me since I rarely have very many folders opened simultaneously.
Actually a lot of free programs do that. I haven't used WinZip in years because I found freeware alternatives that would extract/create more types of archives (RAR for instance) and have more features (like renaming a file in an archive, repairing corrupt files, or scheduling backups). In the last 6 years I've used several such programs, FilZip, ZipGenius, and TugZip that I can remember. AFAIK they all have that level of explorer integration and can extract about 20 types of archives (and compress to about 7). ZipGenius, for instance, is giving me options (in a subdirectory of my context menu on multiple zip files) to add to a Downloads.zip file, add to an archive with options, add to any zip archive, create & e-mail archive, extract all here, extract all to..., extract here in separate folders, extract all to... in separate folders, and compress to 7-zip. TugZip is giving me a few less options (but still has extract in subfolders) but also has an option to convert them to self extracting archives.
I've heard several claims of people recovering significant parts of files even after the data has been overwritten multiple times. The best solution is simply to use full disk encryption and be done with it, but if you have one file that you want gone then this is still a useful procedure. By overwrite I mean overwriting the sectors where the data is physically stored. Like with DOD 5220.22-M, overwrite each bit with a 1 or 0, its complement, and then a random bit. But some criticize that standard for being weak with only 3 overwrites. Hence the reason I wonder how many rewrites other have been able to usefully recover data after.
Just wondering, how many overwrites does it take before data is reasonably securely deleted? I know if you're paranoid you could overwrite data dozens of times, and software like DriveCrypt or CompuSec kinda make this issue kinda moot. Still though, I'm curious to see what is actually possible and what is just unreasonably paranoid for individuals.
How about incorporating captcha into showing the cards? That way a bot couldn't read the cards but a human (theoretically) could. Such a measure would cut down on bots, but it still wouldn't stop someone from physically playing, but still consulting a program to see what they should do. But, I doubt there's a way to stop people from doing that.
Well, I'd say most desktop users care. I, for one, own a laptop with about 6 primary partions that I like to boot into. On a typical day I probably switch between BeOS and a hibernated Windows XP about three or four times. I also like to take my laptop with me on trips, which happens about every week or so. Since my laptop can also function as a noisy space heater for my dorm room I like to turn it off at night and if I go anywhere. (Lots of people turn their computer off if they aren't using it, most discussions that I've seen about it on forums show about half of the people do.) So reboot time is a big concern for me (contributing to my primary OS choices).
Well, http://www.g66g3e.com/ points to a slightly helpful page, although it looks like it's offering a (IMHO) useless program and a few ads.
But geeks tend to be more tolerant, after all, don't most people here occasionally use Microsoft products?
It's kinda silly for every computer to have the same local administrator password to begin with. Take my school for example. It's a boarding school that issued each student a laptop. Initially we were power users on our machines, and people couldn't install printers or anything so they told everyone the admin password (which was the same for every student laptop on the LAN). Other years they didn't tell it to us, but LANMAN isn't exactly the most secure hash... Anyway, as is the case with essentially every Windows box I've seen lately, the "Server" service was left to start automatically. Since the computers were on the same network anyone could use that password (the AUP forbids changing it) and get onto the default hidden shares for each drive, access the registry/services, or even control the computer as if it had VNC on it if you had the right programs. Fortunately, I don't think anyone but me knew how to use the "net use" command (and I didn't do anything too evil to my classmates). Still though, I can't imagine why any self-respecting network administrator would allow such a serious security problem arise and repeat itself year after year in the first place.
Just like having curtains means that you're doing something illegal inside your house. Same for using SSL, or objecting when someone stares at your laptop screen on a plane. You're almost certainly right about people using it that way, but that doesn't mean that it shouldn't be implemented. I for one do not want to explain to a school techie that something I downloaded is in fact legal even though it's an mp3 or whatever.
IIRC it's because it needs Java, and that port isn't finished yet. Hopefully a few more open source projects will start paying attention to it when Haiku is released...