This Case Won’t Die

Seriously this is getting ridiculous, when you think the SCO vs. IBM lawsuit is dead it rises again from the dead. For those of you who don’t know SCO sued IBM back in 2003 for the sum of $1 billion because SCO thought they owned the rights to UNIX. See Linux killed their business and IBM was one of Linux’s largest supporters as well as a supporter with lots of money so they became target one. Well things became fortunate when a court ruling stated Novell owned the rights to UNIX and Novell was more than happy to let other people use it.

That ruling has now been overturned allowing what is left of SCO to continue going after IBM. The worst part is SCO never once provided proof that it owned the rights to UNIX nor that Linux contained any code from SCO’s UNIX. They also kept changing their claims and tactics which dragged the case one for many years while draining SCO’s small amount of money. Of course Microsoft, who Linux has been steadily chipping away at, eventually floated SCO some money to keep the lawsuit going. Even that money wasn’t enough because after it was ruled Novell owned the rights to UNIX SCO had to file Chapter 11.

Sadly it seems as though this case will rise from the dead. Cripes!

Trust No One, Especially if They Produce Your Cell Phone

It’s no secret I’m a geek. I work at a technology company, pay attention to technology news, get excited over new releases of Mac OS, Linux, and Windows and I have a smart phone. My smart phone is an old Palm Treo 755p running Palm OS (I still refuse to call it Garnet OS). By today’s standards, and even by the standards of the day I purchased it, it’s an outdated phone.

I’ve been looking at new phones but haven’t found one that suites me. The iPhone would be nice if it wasn’t on AT&T, and didn’t have draconian policies in place for it’s App Store. Android would be nice but it’s on T-Mobile which doesn’t get coverage in may places I travel to. Then there is the Palm Pre which I’ve had a slight love affair with due to the fact it’s from Palm and it’s on Sprint (I’m out of contract so I’m in no hurry to get into a contract with another carrier). I’ve been waiting for Palm to open the flood gates and allow third party applications to be installed on the Pre without using the special developer mode. Well I think the Pre may be off of my list.

Apparently the Palm Pre periodically reports you GPS coordinates back to Palm. I know what you’re thinking, since the cell phone providers can triangulate your position from your cell phone what does it matter if GPS coordinates are being transmitted? Well triangulating my position via my phone is simply a side effect of the technology and can be done with any radio based device. Also Palm is receiving these coordinates, and frankly they have no business having them. They have no need to know where I am when using their product, and they never mention that they are doing this. It’s slight of hand acts like this that really piss me off.

The link does have instructions on disabling this problem but it’s unknown if these changes will hold after a software update. But this is a good lesson on why you should trust no one with your security. This goes doubly so for closed source software vendors where you can’t know for certain that they aren’t doing something malicious under the hood. This goes triple for a company that produces a product that you carry around with you everywhere that has the ability to track you. Paranoia when it comes to personal security is a good thing.

Further Research


Palm’s terms and conditions that legally allow them to get away with this. (PDF)

Outrage and Lies

I saw a video posted on John C. Dvorak’s site entitled “Log into Cars.gov and Turn Your Computer Over to Obama” yesterday. I didn’t think much of it but I see it’s making the rounds now so I thought I’d comment.

In the video Glenn Beck says when you visit the cars.gov web site provides a disclaimer stating that once on the site your computer becomes federal property. Once I saw this I headed over to the site to check it out and couldn’t find the said disclaimer. I figured the site owners probably removed it once this aired due to public outcry but I’ve since discovered it only applies to the dealer’s site. Here is the text of the disclaimer:

his application provides access to the DoT CARS system. When logged on to the CARS system, your computer is considered a Federal computer system and is the property of the United States Government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DoT, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion CARS or the DoT personnel.

That is a pretty severe disclaimer. In essence it states that certain people have unrestricted access to your system and its files. I agree that this in itself is outrageous but further in the video is where the lies come in.

Mr. Beck goes on a tirade about the government having all sorts of evil software that can infect your system and turn it over to government control. Further he implies that if you go to that website the government will probably upload this software onto your system (at least that’s how I understood what he was saying). This of course if after a series of hysteric disclaimers saying people shouldn’t go to the website on their computer.

This is pure lies and hysteria. Let me sum it up in three words computer aren’t magic. A properly secured computer system will not allow remote entities to place software on the said system. The only way to place software on a system remotely is either through administrator tools which restrict access to system administrators (if properly setup) or through security holes. Many malicious software engineers use the later to upload things like worms, which are self replicating software packages that use vulnerabilities found in operating systems to install itself on un-patched systems. The key world there is un-patched. Once a security hole is discovered the operating system manufacturers are usually very quick to get out a patch which fixes the vulnerability. This is what Windows Update does and why Microsoft is so insistent that people either run it or set it to run and install patches automatically.

Furthermore most worms doesn’t come out until the patch has been released. This is because of two reasons. First most people don’t know about the vulnerabilities as security advisors who find them usually keep quiet until the patch is released. The second reason is most malicious hackers (there are good hackers to hence I’m designating the bad ones as malicious) take the patch and reverse engineer it to understand the exploit and then write their worm based off of that newly learned understanding.

But we’re dealing with the government which plays by different rules. Some people believe the government has backdoors in every operating system on the planet or at least in corporate backed operating systems such as Microsoft Windows and Apple Mac OS. Here again we have two points. the first is if they already have these back doors why the Hell would they tell you that your computer is federal property when visiting their dealer site as that would potentially tip people off that they have access to the machines files? But the second point is why would any corporation be willing to place those back doors in their systems?

First off people will say money. Their understanding is the companies will put in back doors for the government because the government is willing to pay them for it. This argument doesn’t hold water because no operating system is totally autonomous. There are security experts combing through modern operating systems, especially Microsoft Windows, looking for previously unknown means of compromising the system’s security. We are not talking about a couple experts but thousands. These people are paid by finding these vulnerabilities and reporting them to the operating system manufacturers and generally will release the details of the discovered exploit after a patch is released to increase their portfolio.

See a security expert whom hasn’t discovered anything isn’t much of an expert while one who has published exploits has some clout and hence is more likely to get a job. Now here is where money for the operating system producers comes in. With each security hole likely being published and certainly being eventually patched people get a feel for the number of security exploits that have been found in each operating system. People don’t want to trust a system they don’t feel is secure, which is why Microsoft has had such an issue getting more people to adopt or at least not dump Windows for secure systems. To this effect operating system producers have been putting tons of time and money into making their systems more secure and have done quite a good job of it.

Now with how little people trust Windows to be secure just imagine if people found out they placed a back door for the federal government in their system? This applies to all operating system producers but since Microsoft is the largest I’m using them as an example. I can guarantee that within minutes of this being discovered and announced (which it would be either via discovery or through a whistle blower at Microsoft) major companies would be hauling in their entire IT staff for an emergency meeting on how to deal with this security threat. The only conceivable outcome of that meeting would be to dump Windows for something more security and probably not corporately controlled such as Linux of FreeBSD. Microsoft would in essence lose thousands if not millions of Windows licensees within the period of time required to move critical systems over to another operating system. Hence it’s not in Microsoft’s, or any other company who produces an operating system’s, best interest to create a back door for anybody in their system.

I’m sorry for the extent of this post but people need to realize that computers aren’t magic. They are designed systems created for human use by mostly paranoid developers.

Now this doesn’t mean don’t be paranoid when using a computer and visiting a web site. There are plenty of exploits out there that can take control of systems, although fully patched systems are generally pretty safe. But don’t let people like Mr. Beck make you believe that your systems is going to be fully exploited and taken over by the federal government because you visiting a website. Honestly the government wouldn’t gain enough to justify the risk of it being revealed that they are breaking into citizens’ computers without any warrant or due process.

Further Research


A good write up about the disclaimer only applying to dealers and the ramifications of that.

Trust No One Especially Baggage Checkers at Airports

I just say this post on Says Uncle. As we all know if you fly with guns you have to put them in checked luggage. This in essence is meant to prevent somebody from coming aboard with a gun and either hijacking the plan or shooting it up. The checked baggage is checked by humans whom are supposed to be airport employees whom you can trust.

Well once again live shows a wrench in the best laid plans as three baggage handlers have been arrested for theft. They were busted as a result of a string operation which was set in place when a retired police officer’s gun was stolen after being checked in at the airport.

This should present a couple major ideas. First and foremost never use those TSA approved locks. These locks for those who do not know are ones which can be opened by any TSA officer should they need to look at an item contained in the locked case. These locks are flimsy and not secure to begin with but knowing anybody with a specific key can open your luggage should worry you. If you don’t have a TSA approved key you will be called to the desk to open the locked container should they need to look at it. This is ideal since you’ll be there to open the case and stand there while they look at it. This means you see everything from the case being opened to the case being closed again so nothing should go missing.

The second thing to note is you should have a plan should your container be stolen. If you have a good case with a good lock it will take the thief some time to open it, in fact they probably won’t get to it before the end of the day when they can get the case home. This means you should be able to put a tracking device inside of the case and it probably won’t be taken out until the thief gets the case back home. The linked tracking device has an option to send SMS texts to you based on outlined criteria. This means you could setup criteria that once the case leaves the airport you get an SMS with it’s location and get periodic updates from then on. This would allow you to track the case and you will know if it’s heading in the right direction. Further should the case be stolen you can tell the police where it went and where is potentially is. Of course the device I linked to is pricey but if you have one or two custom guns in there isn’t not really that expensive considering the cost of losing the guns.

If You’re Going to Scam Try Doing it Somewhere Not Overrun by Security Experts

This is a rather funny but also scary story. An unknown criminal entity setup a fake ATM at a hotel. The fake ATM was meant to steal credit card numbers and provide them to the controlling entity. Well the people who set it up probably didn’t realize that Defcon, an event focusing on security, was going to be in town.

Needless to say a place flooded with security experts meant somebody took note that the ATM didn’t look quite right. After a short investigation they discovered the machine was in fact fraudulent and contacted the police whom took it away.

The scary part here is realizing how sophisticated criminals are becoming. Who would suspect a fake ATM machine? But all that is needed is to create a casing that looks like an ATM and slap a computer with a card scanner in it and you have an instant way of harvesting credit card numbers. For bonus points you can put in a cellular data card tied to a stolen account and have the computer inside the machine transfer the credit card numbers to a compromised computer which in turn will transmit them to the controlling entity.

Of course creating a fully functional fake ATM isn’t necessary. A simple card reading device can be overlaid on an authentic ATM. When you insert your card the overlay will read the card number and then feed it into the ATM. At that point you have no idea your credit card number was recorded by an entity besides the ATM. After a period of time the thief can retrieve the overlay and obtain the recorded credit card numbers. Furthermore to prevent having to physically retrieve the overlay the thief could setup some kind of wireless transmitter inside the overlay which would allow the numbers to be retrieved from a distance.

People trust ATMs because they don’t realize people can make fake imitations which look real. This seems like a job that would be too expensive and sophisticated for a generic criminal and hence nobody worries about it. This story should remind everybody that being paranoid isn’t necessarily a bad thing.

Further Research


A Diebold white paper on ATM fraud and security. (PDF)

Web Development Made Awesome

I’m doing some web development for work currently and have decided that there are two tools all web developers need to know. The first is Django…

http://www.djangoproject.com/

Django is an amazing web development framework. Think of it as Ruby on Rails but for Python. The Django framework allows you to do all you server side work in Python which to me make it an amazing tool. And get this unlike many development tools out there Django is very well documented. Their web page has a good tutorial for starting off to top off the documentation.

Then there is jQuery…

http://jquery.com/

jQuery is a JavaScript widget library. It let’s you “AJAXify” your site easily for buzzword compliance and make designing the page interface very easy. But I think the best part is that the data presented by jQuery will display if a visitor has disabled scripting. Granted the information won’t look nearly as pretty but it will display.

These two tools have made web development very easy on me.

Unibody MacBook Pro 15″ Review

A month or two ago (I’m bad with time estimates) I finally broke down and decided I needed a new laptop. For perspective my old laptop is a PowerBook G4 with a 15″ screen. It held out but after four years it has finally become too slow for daily use. For instance it can not reliably run YouTube movies and Skype at the same time. On top of this Apple and will not support the PowerPC processor with the next Mac OS version by the looks of it.

Being a UNIX addict I looked at two options. The first was a cheap netbook which I’d put Linux on and the second was another Mac. I ended up getting a Mac since my last one ran so well and netbooks doesn’t have the power to run virtual machines which I use daily at work. I settled on the cheapest unibody MacBook Pro with a 15″ screen. I didn’t find the slight increase in processor speed not a higher end graphics card which I’ll never use on a laptop worth the extra money and honestly I find 15″ to be the perfect balance between portability and screen real estate.

First off I’ll zip through the feature list. It’s pretty must the same features you find on most laptops these days. It has build in 802.11n draft WiFi, Bluetooth, CD/DVD RW (it supports every format of DVD RW I’m aware of),two USB 2.0 ports, one Firewire 800 port, 1 gigabit Ethernet port, an audio in jack, and audio out jack, webcam, microphone, and SD card slot, and finally a connector for an external monitor. The laptop itself is made of aluminium and is very thin and lights for a 15″ laptop.

The first thing I want to note is the battery. The battery is integrated so you can’t easily pull it out and swap in another battery when it’s out of juice. This may be a huge problem for many people and honestly I thought it would be one for me. But with the screen a full brightness while using WiFi I can easily get five and a half hours out of the battery so long as I’m not running a virtual machine. This satisfies my power requirements but may not satisfy those who have to be on a ten hour flight without access to one board airplane power. I will note replacing the battery itself is easy, all you have to do is pull off the back plate (just a series of Philips head screws) and it’s right at the trackpad end of the body. Overall I’m amazed at the battery life this thing gets since I’ve not had a laptop yet that could manage five hours with the screen brightness all the way down and WiFi disabled.

The next thing to note is the screen, it’s gorgeous. The color definition is great and the LED back lighting makes the image on the screen appear as if it’s painted on. With that said the screen is also incredibly glossy. Although this makes the picture look nicer it also reflects everything behind it. You can see yourself if the screen image is dark and any light source will glare on the screen. Although I find this to be a disadvantage normally I haven’t really had an issue with it. This could be due to the fact I’ve had a glossy screen laptop in the past and learned to angle the screen in such a way that any light sources behind me aren’t reflecting off of the screen. Honestly though if the screen image consists mostly of lighter colors (blues and white let’s say) you won’t notice the reflection.

Then there is the keyboard. It uses chiclet style keys. Apple has been transitioning to this type of keyboard since the MacBook was first introduced. The MacBook pros were the last series to have a regular keyboard until the unibody ones were released. Personally I haven’t no issues typing on either setup so I haven’t noticed any problem. The keys are also back lit so when you’re in a dark area the letters on the keys will glow a soft blue. I had this feature on my previous two PowerBooks and absolutely love it. Although I touch type and therefore never look at the keys the back lit keys are just cool looking.

Just under the keyboard is the trackpad. I know there usually isn’t much to say about trackpads but the one on the new MacBook Pros is fairly unique. First of all it’s made of etched glass instead of plastic. The idea here is that is won’t wear down (get shiny) like plastic trackpads eventually do. Until I’ve had the laptop for a year I’ll not notice this though. I do notice the trackpad feels smoother under my finger and it’s easier to do really minute movements with it. The second thing to note about the trackpad is that is doesn’t have a button at the bottom of it. Instead the entire trackpad presses down as a button. This allows for using gestures which the new MacBook Pros make heavy use of. For instance tapping on the trackpad works as a regular left click while tapping on the trackpad with two fingers works as a right click. Moving two fingers up, down, left, or right works as a scroll wheel would. Swiping with three fingers navigates though program specific objects (documents, pictures, files, etc.). Swiping up with four fingers reveals the desktop and swiping down with four fingers shows all the windows open on the current desktop. Finally you can zoom in and out using a pinch motion with two fingers. These features do speed up navigation quite a bit.

One last thing I’ll cover on the generic features list is the external monitor port. The new MacBook Pros use a mini DisplayPort connector instead of regular DVI or VGA connectors. This means if you want to hook up to any monitor besides Apple’s current 24″ Cinema Display you’ll need to get an adapter. I will warn you the mini DisplayPort to DVI adapter doesn’t have connectors for the four pins by the “blade” nor a connector for the vertical “blade” pin (bear with me I’m trying to use a little technical jargon as possible). So make sure to check your DVI connector before picking up Apple’s official adapter.

This laptop has plenty of processing power for my needs. It comes equipped with a 2.53 GHz Intel Core 2 Duo processor. This is roughly equivalent to my desktop which has two 2.66 GHz dual core Xeon Woodcrest processors. This translates to plenty of speed for running multiple virtual machines and anything else you would normally want to do with a laptop. It also comes with 4GB of RAM which is on the low end side for my uses but it can be upgraded to 8GB (Note never buy official Apple RAM. Always get the bare minimum Apple sells and upgrade the RAM using any decent and cheaper RAM such as Kingston or Crucial. You’ll get all the advantages with half the cost). I’ll probably upgrade the RAM sometime down the road.

I did upgrade the hard drive in this thing already. It came with a 5400 RPM 250GB drive so I went with a Western Digital 7200 RPM 320 GB drive. It’s faster and has more space. Likewise upgrading the drive yourself saves you money over ordering a larger and faster drive from Apple (I got my drive for $80.00 on Newegg while Apple wanted $100.00 for the upgrade). The drive still seems slow compared to my four drive RAID on my desktop but it gets the job done. Do note if you want to lay down some serious coinage you can put in a solid state drive which I hear greatly speeds up the drive read and write times.

I’m not going to review Mac OS since other people have done that to death. Needless to say everything runs acceptably fast (no computer is “fast enough” in my book) for what I need. I can run two virtual machines simultaneously without much issue. The only reason I can’t run three is because the hard drive begins to choke under all the read and write accesses. Aperture works great without any real noticeable slow down as well. Overall I love this machine so far and look forward to four more years on it (hopefully).

Using Waste Water to Determine Drug Use

This is an interesting study…

http://eastoregonian.com/main.asp?SectionID=13&SubSectionID=48&ArticleID=95522&TM=41256.42

Researchers are testing untreated sewage for chemicals that are found in drugs. From the article…

Scientists from Oregon State University, the University of Washington and McGill University partnered with city workers in 96 communities, including Pendleton, Hermiston and Umatilla, to gather samples on one day, March 4, 2008. The scientists then tested the samples for evidence of methamphetamine, cocaine and ecstasy, or MDMA.

Just wait until all waste water leaving your home gets tested. If they find traces of anything illegal it will give the Drug Enforcement Agency probably cause to storm your home. Ah yes, progress.

Source: http://www.schneier.com/blog/archives/2009/07/mapping_drug_us.html

United Arab Emirate Upload Spyware to Blackberries, Research in Motion Posts Removal Tool

I must say my opinion of RIM just went from “I don’t really care” to “Wow talk about rock solid.” A United Arab Emirate telecom company call Etisalat posted an over the air update for its Blackberry users. Emirate said, “upgrades were required for service enhancements”. It turned out the update installed surveillance software produced by SS8 in California…

http://news.bbc.co.uk/2/hi/technology/8161190.stm

From the article…

The update has now been identified as an application developed by American firm SS8. The California-based company describes itself as a provider of “lawful electronic intercept and surveillance solutions”.

Yup I’m sure the freedom loving rulers of the UAE wanted this only for lawful reasons. Wait a minute the UAE isn’t comprised of freedom loving rulers? They probably wanted this software to spy on its citizens? But if you’re not doing anything illegal you have nothing to hide hence why would you be uncomfortable with your government spying on you? Oh that’s right people like privacy.

Research in Motion, the makers of the Blackberry, stated they did not authorize or develop any such update. To alleviate this issue they have released a removal too which can be found here…

http://na.blackberry.com/eng/ataglance/security/regappremover.jsp?CPID=OTC-REGAPPREMOVER

I say good on Research in Motion.