My wife takes classes at a local university, and they have recently started using the iclicker. She got hers today, and I immediately started scheming. It's $40 so I don't really want to go out and buy another one just to take apart, but it's still pretty tempting. All in all, I'm fairly disgusted by the whole thing (especially since I'm sure her uni is making a bit of a profit off selling her this thing). She has to go to their website - the company's, not the university's - in order to tie it to her student ID. Looks like it might be susceptible to jamming, at least (maybe a modified 900MHz cordless phone?). Unfortunately, my wife won't let me take hers apart, but it might almost be worth sinking $40 into it to see what I can do with it. Of course, I wouldn't use my knowledge for Bad, but I wonder how much thought has been put into this thing's security? It's tied to your student ID, after all.
August 2006 Archives
Everybody who knows me knows I hate most Apple stuff less than anything else. Given a choice - and I have been - I'll default to using a Mac for general purpose stuff, although best tool for the task still rules.
One of "my" profs got a Macbook Pro recently - first one I've seen myself. Being the curious type, the first thing I did was take as much of it apart as I could without voiding the warranty. First thing was a look inside the battery compartment.
Why is there more or less exposed circuitry in there? I mean, normally you won't be poking around in there too much, but it's reasonable to expect a user to have and use a spare battery, and it's also reasonable to assume that will be in close quarters (airplane seat, say). Why expose more than needs to be exposed?
After their respective rookie seasons, Flameheads were taking us Oilerfans to task for effectively trading Lombardi for Stoll. Lombardi's faster, they said, he's a scorer they said, he's already got more goals than Stoll ever will.
Fast forward a couple of years. Lombardi's the last guy signed to a 1 year contract; this is his last chance. Stoll's so integral to the team that he'll likely be taking all their major faceoffs next year - and why shouldn't he - and is being paid accordingly.
I wonder where all those Flamehead fans are now?
Normally I'm not given to gloating, and note that I haven't looked at any numbers a la mudcrutch79 style or anything. But in this case, I think it's pretty clear to even the most biased viewers that right now, Stoll is very much a part of Edmonton's future, and Lombardi... well, he's lucky he still has a job, given that better players than he (Radek Dvorak, Anson Carter) are still looking.
*twists the knife a bit more*
After reading Tao of Network Security Monitoring, and other associated reading, I was all fired up to try getting some session data of my own. (Having a stepdaughter with her own internet-connected PC makes me leery too.)
So I tried argus from ports tree (2.0.6) and didn't have much luck with it, although in retrospect I'm not sure that it just doesn't like the tcpdump files I was passing it for some reason. I've been keeping all my documentation on this stuff in a private twiki, but I thought some of this information might be useful more generally, so I'm throwing it out onto the internets, Bejtlich-style.
Sean Avery did an interview with Maxim. (Hat tip to Jes Golbez.)
Man, you don't even need Lexis/Nexis for this guy, it's all in this interview. Calls down on Maltby for slapping him (must have been good if it broke his nose, next time try a bit lower, Kirk) and then says that pulling somebody's jersey up over their head and punching away is fair because "You try to win at any expense. That’s the whole point of sports." Funny, coming from a guy that got off the ice whenever Georges Laraque stepped on.
This was a good one too: "No, but what I am losing sleep over is the fact that I’m not allowed to speak my mind. What happened to freedom of speech? It’s nonexistent in sports. I mean, when does a reporter ever ask a hockey player about his political views? You’ve never heard that." Actually, I have - hockey players usually avoid that question by saying they have no opinion or don't follow politics. Just nobody's interested in Sean Avery's opinion, probably because they know he's a dick.
Guys like him are half the reason why I *don't* miss being in the militia.
OK, I'm really just trying to cover for the fact that everybody else is saying what little hockey news there is to go around right now before I can. Is it showing? I'll try to do a roundup before the season starts, anyway. I don't think Lowe's done yet though.
Mark Grimsley writes Blog Them Out of the Stone Age. He posted an entry linking to an SF Chronicle article that quoted him, regarding the American soldiers currently being considered for prosecution for raping and murdering civilians in Iraq.
Not to make light of it, but it makes the shenanigans our own Airborne got up to in Somalia look relatively tame by comparison. First, a personal story.
OK, it has to be said. This is probably not original to me, although I haven't yet seen it elsewhere (I was camping last week and so was pretty out of touch).
What happens when The Evil Terrorists come up with a plot to destroy an airplane with stuff stashed in a prosthetic limb, using a pacemaker as a trigger? For extra laughs, they can use a wheelchair too. And let's play a race card or two - find some cleancut fellow with black or yellow or white skin to carry it.
Why not just cut to the chase now, and force everybody to fly stark-naked after a two week cleansing in a monitored clinic? Crazy? So is dumping gallons of liquid into big barrels *surrounded by hundreds of people*. The terrorists with explosives in their bottles don't have to make it past security - they just have to make it *to* security.
And my first source of news on this whole sports drink bottle foofarah was Kitchener's own The Record, which had a front page article (continued to the second page for about 12 column inches) on how The New Rules aren't all that bad, really.
My new rules are about this || close to "if I can't walk, drive, bus, or train there, I'm not going". Add that to my refusal to travel to the US now - nothing against you Yanks, I just hate the idea of requiring passports for me and my family at $75 a pop - and it looks like I'm going to be pretty static for a good long time to come.
Remember all those people crying about how we can't let the events of September 11, 2001 change our lives, "or the terrorists will have already won"?
They're winning.
As a few people may know already, I've been having difficulty getting enrolled in classes this term. I'm a fulltime staff member with 5+ years of service; free tuition has been a perk of mine for 4.5 years now. (I've even taken a few courses.) I've broken this into an extended entry. I suspect this post may break RSS readers due to the screenshots included. Hopefully it won't. (Edit: img tags badly break my default layout. I'll use href instead, so you have to click but at least the archive pages don't look like utter shit and the full screenshot is there.)
Long time no security talk. This is meant just as a quickie, to jot some thoughts down while they're in my head and before I take off to The Big Blue Room for a week or so.
I was listening to the most recent pauldotcom podcast, and something struck me about it. They're not alone, but Twitchy spent a good 60 seconds at least decrying Macs for the number of patches they received in the last update.
Now, I'm not the smug Mac user that he / they hate, but it strikes me that it's just as foolish to base one's perception of the security of a product based on the number of patches it receives (security-related or otherwise) as it is to use any other single metric to judge anything else. For instance, judging worker performance by the number of request items closed is crazy. Judging a salesman's performance based exclusively on number of products sold is showing a lack of poor judgement. (If you're going to use a metric there, make it repeat customers. I know for real estate and vehicles that's a bit less convenient, but if the customer's not happy, it's not a good sale just because you have their money. But I digress.)
All operating systems (and suites of software) have tons of exploits. Pick your poison. To quote a bofh who shall remain nameless here, "I've always taken the position that if you can't find anything bad to say about a language or an operating system then you don't understand it." The key is - and in fairness, Twitchy touched on this - to understand just what you're getting into when you run OS X or Linux or FreeBSD or Windows. I run all of those, every day, for different reasons. I have OSes that I prefer over others, and while it would be exaggerating to say that I literally hate them all, there really are things about each one that I can't stand. (And they *all* have very annoying, smug, userbases, albeit FreeBSD's is much smaller because there's far fewer end-users of that than any of the others named.)
Besides, if you're gonna go by the number of patches metric, I'm pretty sure if one were to count up all the patches for all the Linux applications (yeah yeah, Linux is just the kernel, but what the hell can you do with just a kernel?) in the last month, it's a lot more than 50. So there. Hell, Firefox+Thunderbird alone must be approaching that. :-) In other words, I see your OS X 0-day driver vulnerability (that got somebody at ShmooCon 0wned), and raise you a 0-day Linux file privilege escalation vulnerability (that got a major Linux distribution's build box compromised). Rationalize that how you will - "but the Linux one required local user privileges already" - but in the end, it's still a major hole that affected a *lot* of people, and it's far from the only one.
NO operating system is safe by the sheer virtue of its philosophy or designers or hardware or the majority (or minority) of the people using them or any other reason. By extension, no OS is unsafe simply because it has a lot of patches. I've used a lot of them in my time, and believe you me, every OS sucks. Appeal to authority? Maybe. I don't care.
