Say you wanted to protect your Wi-Fi network from surrounding buildings. The most obvious way to do this would be to secure the devices on your network using the wireless security protocol of choice. A very effective, but more extreme, way to do this would be to secure the building itself by making it act as a Faraday cage, shielding the radio frequency waves used by Wi-Fi.
The article (boo, hiss, free registration required – I got 2 page views on the site before being asked to register, this article and the previously linked one about the 16GB USB drive) goes on to discuss other applications such as shutting down cell phones or blocking RFID signals. All I could think of was Brill from Enemy of the State:
Robert Clayton Dean: What the hell is happening?
Brill: I blew up the building.
Robert Clayton Dean: Why?
Brill: Because you made a phone call.
Posted by protected static as random at 10:16 AM UTC
Despite some uncertainty that people would want large-size portable USB drives, an explosion in memory dongles and a quick shift up the scale from the early 256MB to 1GB models has demonstrated that the gadget has niche appeal. Quite what use someone would have for 16GB version is uncertain as yet, but it may be one of the occasional cases of: who cares? It’s a 16GB USB drive that fits in your pocket and weighs 12 grams!
Who cares, indeed… Toshiba’s official press release may be found here.
Yesterday we went to a picnic organized by the PTA at The Boy’s new school, Dr X’s Home for Wayward Mutants. When we initially read about it during their open house back in May, we got the impression that it was for incoming students only – but it was a school-wide thing instead.
Not that this was a bad thing; The Boy got to meet his new teacher, along with some other incoming first graders. First impressions: the kids are, all in all, pretty normal kids. There were only one or two complete introverts sitting to the side reading rather than participating, but apart from that it was pretty indistinguishable from The Boy’s previous school. The parents, on the other hand…
But I kid. Seriously, the parents we met were, as a group, far more open and welcoming than the parents at our last school. The fact that everyone who was there had to take active steps to get their kid there probably has a lot to do with it. Also, as parents of incoming first graders we were all new to the school. The school is also an all-city draw, so you immediately remove the tensions between strict neighborhood school proponents and supporters of city-wide school choice – that was a truly ugly dynamic that played itself out more than I care to think about at The Boy’s last school, with people from that neighborhood expressing resentment and in some cases, outright hostility towards families from outside that area.
We also met a family with another first grader that is moving into our neighborhood next week. They don’t know anyone in the neighborhood, so we’re going to try and facilitate some kind of get-together with the other parents in our neighborhood who have similarly-aged kids. There’s at least one other kid in our neighborhood going to The Boy’s school, but she’s a lot older than he is – assuming the parents aren’t complete jerks, it’ll be good to have another kid going to the same school living nearby.
I still don’t think this school will be a panacea – but I’m feeling cautiously optimistic. The Boy is still somewhat ambivalent about changing schools, but unlike previous schools, he hasn’t expressed an interest in keeping in touch with any of the other kids. In sharp contrast, he made a point of exchanging phone numbers with a kid he really hit it off with at summer camp, and he only knew this other boy for 5 or 6 weeks, so I’m thinking (hoping) that the transition to the new school will probably go pretty smoothly. Oh, he’ll have a minor meltdown 3-4 weeks into school, where he’ll test a lot of limits for a couple of weeks (that’s been his pattern whenever we’ve changed schools with him), but still… I’m fairly hopeful.
*sigh* Y’all can file this under “to be continued”, I guess…
Posted by protected static as random at 4:48 PM UTC
P[arenting] has obvious effects on mothers, but fathers appear to be affected, too. A study published this week shows that fatherhood increases the nerve connections in the region of the brain that controls goal-driven behaviour—at least, it does in marmosets.
Seriously, though – it’s worth a click… It dovetails nicely with some of the research around involved fathers – for instance, the more engaged a father is with the day-to-day raising of offspring, the less likely he is to harm them… Changing diapers & assisting with feedings on a regular basis has got to have a major impact on the way you perceive your child, and since there’s a whole chicken/egg-style feedback loop that goes on with thoughts and brain structure (thoughts influence brain structure, brain structure influences thoughts, back and forth, round and round), I would be so not surprised if similar-ish changes could be seen in human brains.
The Bush administration has begun designating as secret some information that the government long provided even to its enemy the former Soviet Union: the numbers of strategic weapons in the U.S. nuclear arsenal during the Cold War.
The Pentagon and the Department of Energy are treating as national security secrets the historical totals of Minuteman, Titan II and other missiles, blacking out the information on previously public documents, according to a new report by the National Security Archive. The archive is a nonprofit research library housed at George Washington University.
“It would be difficult to find more dramatic examples of unjustifiable secrecy than these decisions to classify the numbers of U.S. strategic weapons,” wrote William Burr, a senior analyst at the archive who compiled the report. ” . . . The Pentagon is now trying to keep secret numbers of strategic weapons that have never been classified before.”
[...]
During the Cold War, the United States devoted substantial manpower and money to counting Soviet missiles, experts said. At the same time, U.S. officials sometimes were quite open about the number of American missiles, using the data to illustrate the deterrent power of the U.S. nuclear arsenal and to make the case for more defense spending. Indeed, such numbers were routinely disclosed in annual reports to Capitol Hill by secretaries of defense dating to at least the 1960s, according to Burr.
In a 1971 appearance before the House Armed Services Committee, for instance, Defense Secretary Melvin R. Laird offered a toaster-shaped chart showing, among other things, that the United States had 30 strategic bomber squadrons, 54 Titan intercontinental ballistic missiles and 1,000 Minuteman missiles.
Those numbers, made public on March 9, 1971, are redacted in a copy of the chart obtained by the archive’s researchers in January as part of a declassified government history of the U.S. air and missile defense system, according to archive officials.
Think about that – they’re going after 35-year-old data. Does this mean that they’re going to come and take away all my old International Relations textbooks? Because quite a few of them dealt with nuclear deterrence and were pretty detailed about our strategic nuclear capabilities.
[update 22 Sept 2006 1155AM PDT - I've been remiss in noting that Plone has a new release out that fixes this problem and they have instructions on how to clean up the spammer-generated content. I do, however, think that the folks at Plone are being disengeous when they describe the scope of this vulnerability as being limited to high-visibility sites and when they downplay this as a security hole. Guys, if a spammer can upload arbitrary scripts to your site, that's a security hole.]
This is an open note to the folks on the Plone and Zope projects: I don’t know if this is an exploit you’re aware of, but there’s a script or tool loose in the wild that makes it extremely easy for spammers to generate fake user IDs and bogus content for your systems.
As my regular readers will know, I’m involved with The Mystery of the Haunted Vampire, a quirky horror-ish blog. Lately, I’ve been more of an admin than contributor – and a lot of that has been checking the comment and trackback spam caught by the Askimet WordPress plugin.
So far, we’ve had no false positives and only one or two false negatives, which is definitely a hit ratio I can live with. I click on the “Administer Askimet” tab, give the spam a quick once-over, and select “delete all”. Boom, done. Not that big a deal… But a couple of days ago, something caught my eye – a bit o’ trackback spam that linked to a .edu domain instead of the usual .ru, .nu, .pl, .biz or .info domain.
.edu?
So I checked it out using a text-only browser that sends a valid referrer-agent string (like IE or Mozilla) but displays the raw HTML and/or JavaScript behind a page. Turns out that the site is a homework/reading forum for a Comp Sci class, and the URL in the spam was a post to the forum that consisted solely of a JavaScript that immediately redirects you to a typical pill-spammer site (Gee, that’s where the .biz was hiding. Imagine that.). Figuring that a federally-funded institution didn’t want to be supporting illegal online pharmacies, I reported it to their helpdesk, and the sites were taken down in a day or two.
Well, yesterday we got another lovely chunk of pill-pushing spammy goodness – and almost every single link was to a .edu URL. We aren’t talking questionable schools, either – these were almost all subdomains on the sites of Ivy League, public Ivy, and Top 10 schools.
Real schools, all really well-known names, all harboring spammer redirects. Whoops.
When I went to look up the contacts for these sites, I noticed they were all running the exact same software: Plone and/or Zope. Plone & Zope are open-source content management systems (CMS isn’t my thing, but it looks like Zope is the foundation that Plone is built upon.) that provide an extensible, flexible framework for, well, community portals – very similar to the Comp Sci portal I initially saw. And every single site that spammer exploited was using pretty damn close to the exact same combination of tools.
So I guess you can also consider this an open note to all those academic and non-profit teams running open-source community portals like Plone: tighten up your security, and make sure you lock the damn site down if it isn’t live. One Ivy League school linked in that spam had thousands of spammer redirects on one of their sites – and it looked like the main site hadn’t been actively used in a couple of years. How’d you like to have Google results for pyramid schemes, skeezy refinance outfits, work at home ripoffs, illegal narcotics, and penis pills associated with your domain?
Got some spam today with another one of the least compelling subject lines I’ve ever seen. What follows might qualify as NSFW, so I’ve put it ‘below the fold’ as they say. Read the rest of this entry »
Posted by protected static as random, spam at 9:42 AM UTC
Haven’t had one of these in a while, have we? At any rate, via Crooked Timber comes a site that made me think something I’d never imagine possible: I might actually want to visit Utah some day.
That’s certainly the dream of Liftport, the space-elevator company I’ve written about before – and it’s the subtitle of their recently-published, eponymously-titled book. I was given the privilege of downloading an advance copy to read and (ideally) review, which I did. Well, I finished the downloading and most of the reading parts, all with the best of intentions.
And I’m sorry, Brian – a PDF just ain’t the same thing as a book ;-) I got about 2/3 of the way through it before I got a little brown and toasty around the edges… 300+ pages of PDF, man! Maybe with an e-book reader that has the same form-factor and heft as a book it’d be easier, but until then, I think I’m a hard-copy guy. Dead trees: wasteful and inefficient, but still oh-so-satisfying…
So today I satisfied that urge. While I couldn’t make last night’s reading and signing at the UW Bookstore in Seattle (supper: 6:30PM; event: 7PM; bedtime for The Boy: 7:30PM. Wasn’t gonna happen.), I could (and did) swing by today to pick up a (signed! woo-hoo!) copy of the book. I don’t have the cash lying around to actually invest in Liftport, so until such time as I have that degree of discretionary income this is the least I can do…
So in a couple of days, I’ll have a review up. Really.
Posted by protected static as space at 9:11 PM UTC
And you know what kind of list it is, don’t you? This just seems to be my week to get annoyed by large software companies…
So here’s the backstory: a while ago, I downloaded some trial software from Autodesk (makers of 3ds Max, one of the top 3-D modeling packages). IIRC, their click-through conditions do not allow you to opt-out of getting email directly from them. You can opt-out of them selling your name, you can opt-out of them emailing you with ‘additional items of interest’ – but you can’t opt-out entirely of them sending you their spam purely opt-in marketing materials. You know, ‘opt-in’, just like yesterday’s rant about McAfee… But, whatever. This is the price one occasionally pays, right? At any rate, at the time I downloaded the trial software, it wasn’t a big deal.
And, as it turns out, I confirmed that I am still not a 3-D artist. Never have been, never will be, and I certainly don’t want to devote as many cycles as it would take to learn how to be one – and I uninstalled the software. Actually, what prompted me to uninstall the software was a “your trial is almost up, are you going to buy it” email from Autodesk. Oh, thanks; no, I’m not, Control Panel –> Add/Remove Programs –> Remove [whatever it was I downloaded].
Done. No big deal.
Fast-forward to today: nearly 3 months go by without any more email from Autodesk – then bing! Today I got a sales pitch from them for the latest and greatest version of 3ds Max. Still pretty standard stuff, and no big deal. Having accepted my shortcomings for the time being (thereby saving the world from yet more half-assed 3-D art), I really don’t want anymore email from Autodesk. And oh look! There’s something about “send a message blah-blah-blah REMOVE in the subject line blah-blah-blah we value your privacy blah-blah-blah Autodesk blah.”
I sent the remove request to the address indicated. About 15 minutes later, I got an email from Autodesk’s mailbot containing this:
I mean really, people… WTF? Is it too much to ask that y’all actually, you know, pay attention to customer service? Or even, like, proofread your marketing materials? Maybe check with corporate IT to see that yes, in fact, we actually do have all the email addresses mentioned in the email up and running and monitored?
That is, “we’re going to bully you into doing what we want and count on you being too ignorant about your home computer to know that we’re full of shit”. You know, that kind of help.
So, I have McAfee’s consumer-grade protection software installed on my home PC. Lately, McAfee has been pushing out messages from the System Tray as an annoying pop-up message: A new version is available as a free upgrade, yadda, yadda, please install it. The only options are “Yes, I want to upgrade now” or “No, I want to continue doing what I was doing.”
Guess what happens when you click “No” – no really, guess.
Why, that’s right! The next day, they hit you with another pop-up!
In an effort to make them Just Go Away Now, Thank You, I finally clicked on “Yes, I want to upgrade now.” Please note that to McAfee, the value of “I want to” now apparently includes “because we’re forcing you to.”
So I clicked the “because we’re forcing you to” option, and after a couple of dialog boxes that I clicked through without paying a whole lot of attention to (McAfee having already demonstrated to me how much they give a shit about what I want or care about, eh?), the installation starts… and shortly thereafter fails. The message? Why, “Installation failed!” of course! Not what failed, or how it failed, just that it didn’t work out. Okay. Whatever. I click “OK”, nothing gets installed, and life goes on.
And the next day, I get another frigging pop-up informing me about this wonderful upgrade experience that I can get for free, yes! free my friend, if you only click here now – or do you want to continue doing what you’re doing? Jesus Christ on roller skates, people!
So wanting to see exactly what was going on, I once again clicked the “Yes, I want you to stop sending me pop-up messages if I don’t upgrade your crappy software now, you worthless pieces of shite” option (I swear: really, there’s a resource string buried in the source code that says that exactly – it’s a hidden localization option). Only this time, I’m going to pay attention to what’s going on.
Click, click, click… Aha! “The Download Manager is now scanning your system for incompatible software.” I watch the progress bar do its thing (that is to say, nothing except let me know that the software hasn’t crashed (one of my trade’s dirty little secrets)), and I get another dialog to the effect that McAfee has found incompatible software on my PC and components of their upgrade won’t be installed.
Okay, fine by me. The installer is choking on ZoneAlarm (which I know isn’t a ‘real’ firewall – but it stops the script kiddies and other obvious threats well enough) and it also objects to SE Ad-Aware. Mmmm, okay. I click “Next” to see what actually will be installed.
And no wonder the installer crashed – the presence of those two apps stop the software from installing, well, anything! Oh, this is good…
So I click “Cancel” and bop on over to McAfee’s website to see if I can figure out what’s going on. There’s a DIY help section, so I click through a couple of options to find this FAQ item:
Is there a need to uninstall other online protection programs before installing McAfee software?
The honest answer to this question, boys and girls, is “No, there isn’t a need.” The official answer is this:
Before you install McAfee software, you must uninstall any other protection programs on your computer. You could experience installation issues or other conflicts by having third-party software installed on your computer. Please follow your third-party program’s uninstall instructions.
So, McAfee’s going to keep pestering me with pop-ups until I uninstall software that’s doing a perfectly adequate job protecting my creaky old Win2K system and replace it with a McAfee digital monoculture. The truly shitty thing about this (and part of what makes this dishonest, to boot) is that if you’re really concerned about spyware, the safest thing to do is to have more than one anti-spyware program installed. Why? Because they all miss some malware. It’s a “belt-and-suspenders” approach, and it’ll work just fine – no matter what McAfee says.
