WEP More Broken, Too

From WEP More Broken, Too:

Previous attacks, per their analysis, required from 32,000 to 40,000 packets to be processed to gain a 50-percent likelihood of key recovery. They moved that down to about 24,000.

Now, here's the truly scary part:

Retailers who accept credit cards may not deploy new systems with WEP starting 1-April-2009, and must discontinue all use of WEP by 30-June-2010

WEP is useless, now even more useless, yet retailers are still allowed to use it!? Once again, it comes down to what Bruce Schneier has been saying for many years -- until the cost of identity theft is transferred from the victim back to the responsible party (the credit card company), nothing is going to be done to prevent it.

Read more

M$ Stats Misleading

According to InfoWorld fully 1 in 3 Vista users has decided to downgrade to XP.

Debian with XFCE

I've not posted in many months -- seems I've not taken the time to write much of anything in fact. I seem attracted to Tumblr and Twitter -- I can share my ideas and finds much quicker there. This post is primarily a test message, then.

I've not given up on Linux, but I'm still seeking The Killer Desktop OS. Debian is my latest find, and with it XFCE. I grabbed a copy of the Debian Network Installation and tried it out on an old box (1.2G Celeron w/ integrated video). It found all the hardware and worked flawlessly, installing with the GNOME desktop. I had to tweak it a bit to get SAMBA installed and working, but once set up it actually worked seamlessly with my Windows shares (Windows saw Debian, Debian saw Windows). I then replaced GNOME with XFCE and I've not looked back.

Read more

Happy Anniversary, Sean Stevens and Peter Berdovsky

It was on this date one year ago that Sean and Peter crippled Boston with Mooninite Madness.

Refuse to be Terrorized!

Intel vs. OLPC

Quoting Intel 'undermined' laptop project on the BBC:

Nicholas Negroponte accused Intel, which makes a rival PC, of underhand sales tactics and trying to block contracts to buy his machines.

Mr Negroponte cited an example in Peru where Intel sales staff tried to persuade the country's vice-minister of education, Oscar Becerra Tresierra, to buy the Intel Classmate PC.

Of course, Intel has a completely different story. Both are at CES this week -- can't you just feel the love?

Say Goodnight, Vista

Face it. Vista was never about you. It was all about them and protecting their copyrights. BillyG felt he had to do it because he dreams of ruling your set-top box.

NEW YORK (Reuters) - Sony BMG Music Entertainment, the world's second largest music company, will this month become the last of the big four majors to drop copy protection software on music downloads, also known as digital rights management (DRM).

OOops. CD sales fell 15% last year and digital music sales didn't take up the slack. Steve Jobs lead the parade -- he felt DRM was a barrier and took it down. Seems everyone is getting in line with him. Whither goest thou, Vista?

Restore Support for Old Files Formats in Office 2003 SP3

I just came upon this tip while reading Digital Inspiration. Useful stuff for those folks affected.

Intel leaves the OLPC after dispute

You can read the C|net article HERE or the Techtree article HERE.

Essentially Intel's Classmate PC means more to Intel than it's six-month association with Negroponte's Dream. Good for Intel, bad for OLPC.

I think I showed how I felt about the OLPC in an earlier post.

Tumblr

Greetings and Happy New Year to everyone. I survived the holidays, barely. I don't dare step on the scales, but at least I can still fit into my old blue jeans. Hope everyone enjoyed a safe and festive holiday season, and avoided any champagne made in China.

Only yesterday I discovered a nifty (and free) blog called Tumblr. Imagine you are browsing and you come upon a photo, movie, sound byte or web page you would like to 'own' -- you want some way to mark it and to share it. That's Tumblr -- your way to collect 'web things'. The templates aren't thrilling, but they make it pretty easy to get in and customize them yourself, if you so desire. No, what makes it nifty is the Tumblr Button, added to the toolbar of your browser. When you discover something you want to add to your Tumblr blog, just click the button. Tumblr analyzes the page and suggests content to extract -- you can easily modify that, if needed, or add additional text.

You're welcome to look at My Tumblr Blog. Roll to the bottom and click on 'Powered by Tumblr' to learn more.

Christmas Cubicle

On 11/02/07 I wrote about cube farming (you can read that post here).

Check out this very geeky Christmas Cubicle. And have a Very Merry Christmas.

The Internet Archive and Others

A cold and rainy day, and not much moving -- I went hunting Donna the Buffalo and stumbled into this site: The Internet Archive.

As I view the site they have cataloged 114,000 movies, 44,000 live concerts, 222,000 audio recordings and 306,000 texts. From their about page:

The Internet Archive is a 501(c)(3) non-profit that was founded to build an Internet library, with the purpose of offering permanent access for researchers, historians, and scholars to historical collections that exist in digital format. Founded in 1996 and located in the Presidio of San Francisco, the Archive has been receiving data donations from Alexa Internet and others. In late 1999, the organization started to grow to include more well-rounded collections. Now the Internet Archive includes texts, audio, moving images, and software as well as archived web pages in our collections.

From here I discovered other archive projects:
The Red Hot Jazz Archive -- A history of Jazz before 1930.
Vintage ToonCast -- Playing public domain vintage cartoons and high quality short films.

I'm sure there are scores more, and I invited you to add your archive finds in a comment.

Dvorak Disses OLPC

His article is here: One Laptop per Child Doesn't Change the World. A line from that article:

Does anyone but me see this as an insulting "let them eat cake" sort of message to the world's poor?

I hate to admit this, since Christmas is supposed to be the one true feel-good time of year, but I think he's got a point.

I watched what happened when they gave notebooks to our local high school kids. One year later, they have a pile of useless hardware with a large percentage "missing". End of "experiment". And these kids could read and write. Well, most could pass a TAKS test anyway.

Is OLPC just another way to spell WOFTAM?

Carbonite, Revisited

The best-laid schemes o' mice an 'men
Gang aft agley,
An'lea'e us nought but grief an' pain,
For promis'd joy!

To A Mouse, On Turning Her Up In Her Nest With The Plough
    Robert Burns, 1785

Last October I mentioned Carbonite and said I preferred Mozy. David Friend, Carbonite's CEO, stepped in and corrected me on a couple of points, and I promised I'd take another look. I recently had a chance to do just that.

The customer who got me involved with Carbonite in the first place has built a new office, and that meant a new computer network. I set him up with a new server and new workstations. I switched his primary app from a standalone box, dropping Carbonite, and installed Carbonite as trialware on his new server. I spoke to their customer support before starting on this adventure, so I had a game-plan with their blessings.

The software installed easily, and in just a few minutes I had it up and running and tied to my customer's account. Everything looked pretty good -- the user interface was simple enough, with color-coding to tell you what files were backed up and what files were not. But I began having some second thoughts, even though I'd been blessed.

Turns out Carbonite does not do versioning (it's planned in a new release). They are only storing the most recent version of a backed up file. Not good, but I worked around that by keeping my own versioned backup sets locally, and letting Carbonite back up that data as well as the live data. That got me to thinking about their scheme more generally...

Carbonite backs up files (from their FAQ) "at full speed when you're away from your computer and automatically slows down when you're actively using your computer so that it won't interfere with your CPU or Internet speed". Consider my customer's situation: his application allows up to four simultaneous users, and logs inactive workstations out. There are a LOT of files, and their rates of activity are widely varied. It seems to me that, using Carbonite's approach, it would be possible for some files to not get backed up for days, assuming the server is shut down at the end of the business day. If there is a failure during the day, the Carbonite backup set may have files that are no longer synchronized. In other words, the only backup sets on Carbonite that I trust are the ones created by my own versioning system. Am I waisting time trying to back up live data?

To make matters worse, it now looks like Carbonite didn't transfer my customer's license to the new server, and that all datasets have been deleted due to inactivity (the trialware expired two weeks ago). I'm glad I built the server with a healthy RAID.

Mozy is a bit more complex to set up, but it does versioning every time it backs up -- I can go back to any backup set created in the last thirty days. Mozy backs up all of the files at once -- it doesn't take them one at a time, based on inactivity, but on a schedule that I control. Carbonite Customer Support is available weekdays between 9am and 5pm EST. Mozy Customer Support is available 24/7 -- even Christmas.

In your post dated 10/17, David, you said you were using 1024-bit Blowfish. Your FAQ says you use "a combination of Blowfish and AES". Blowfish has a max key length of 448 bits. AES has a 256-bit key length. Has Carbonite developed their own encryption methods?

I still prefer Mozy over Carbonite. David, please, if you see this, post a reply.

7 Security Rules Employees Love to Break

Just spotted this one over on CSOonline.com -- from a survey of 893 corporate IT workers, done by the Ponemon Institute:

1. Copying confidential information onto a USB memory stick: 87% of respondents believe their company’s policy forbids it, yet 51% they do it anyway.

2. Accessing web-based e-mail accounts from a workplace computer: 45% of those surveyed use webmail at work; 74% say there is no stated policy that forbids it.

3. Losing a portable data-bearing device: 39% of respondents say they have lost or misplaced such a device, and 72% of them did not report the lost device immediately.

4. Downloading personal software onto a company computer: 60% of respondents say there is no stated policy that forbids downloading personal software, a practice that 45% of respondents admit to.

5. Sending workplace documents as an attachment in e-mail: 33% of respondents send work documents as attachments, and 48% aren’t even sure whether or not that violates policy.

6. Disabling security and firewall settings: 80% of those surveyed don’t know whether disabling security is against policy; 17% of respondents do it.

7. Sharing passwords with co-workers: 67% say the company’s policy forbids sharing passwords, but 46% of them do it anyway.

IT, Heal Thyself

Orthus, a security company monitoring data leakage, has complete a study that encompasses 100,000 hours of computer usage. Key findings (quoting their press release):

-Corporate data leakage was most likely to occur through mobile devices with 68% of all events identified linked to mobile rather than fixed desktop systems.

-Information Technology and Customer Services Departments had the highest incidence of data leakage.

-Most incidents of data leakage occur during the extended working day (7-7 Monday to Friday).

-The applications most favoured by users to remove sensitive data were identified as web mail, instant messaging (IM) and social networking web sites.

-The top 4 data leakage vectors were identified as mobile devices, web mail, removable media and corporate email.

-All data leakage incidents identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.

Wireless Keyboard Hacking for Dummies

Keylogging, remotely. Click HERE for the SBS. With video.

I've always felt that my privacy was worth a wire on my desk.

Death by Cell Phone? Er...

From the BBC this AM:

A South Korean man initially thought to have been killed by an exploding mobile phone battery was in fact crushed by a quarry vehicle, police have said.

Media frenzy, prompted by an irresponsible "medical opinion" (hint: don't go to Korea for your open heart surgery). Now, if they guy had been carrying a Dell notebook...

QuickTime Vulnerable. Again. Still.

The popular QuickTime Player was patched, and once more is leaking. This time public code exists for the exploit, and Apple has no patch (a zero-day exploit). The exploit crashes ActiveX, but the Firefox browser passes the code on to QuickTime, making that platform a bit more vulnerable than MSIE (for a change). You can read Symantec's description HERE.

If you're like me and fed up with the QuickTime bloat, uninstall QT and get a copy of QuickTime Alternative, an open-source solution. Use version 1.95 on Windows XP and Vista, 1.90 on Windows 2000 and 1.81 on Windows 98.

Read more

Not Your Grandpa's Nuke

Say "nuclear power" in a crowd and the reactions are going to include "Three Mile Island", "Chernobyl", "Hiroshima" and many more, all negative. Nuclear power in this country hasn't seen any development in decades. With the price of crude hovering around $100 a barrel, cheap power is on everyone's mind. Enter Hyperion Power Generation.

The company is just over a month old, but it's coming from Los Alamos National Laboratory (they know nukes), and HPG hopes to have units in production by 2012. Scientist Otis Peterson filed the patent for the nuclear fission reactor in 2003. The reactor uses uranium hydride crystals and hydrogen isotopes to create an internal, self-regulating balance. The portable nuke is about the size of a hot tub and encased in concrete. It would be buried on site and connected to a steam turbine to crank out 27 megawatts of power for five years -- enough power to drive 25,000 homes. That would "refuel" a lot of Tesla Roadsters.

Review of the Everex TC2502 Green gPC

Review of the Everex TC2502 Green gPC
By Ben Crowell

My overall impression of the gPC's hardware was that it was very good, for a non-gaming machine, although its supposed environmental friendliness was overblown, if you compare with other non-gaming machines. The software, however, seems very raw and unpolished, and I wouldn't recommend gOS to anyone as a Linux distribution.

Read more