Forgot your password?
typodupeerror

Comment: RTFA FFS! (Score 1) 82

by shrtcircuit (#34323996) Attached to: Crooks Hack Music Players For ATM Skimmers
Lots of comments here about "OMG they're recording the sound of the keypad" or audio tone encoding on the cards, which is silly. It uses a magnetic head to read the stripe, and just records the flux as audio instead of digitally. It's not a bad idea really, though not terribly new - just a different method of recording the same data, which is ultimately just a bunch of 1's and 0's relatively timed to how fast you slide the card through.

Nothing is recording audio of your keypresses (which usually are just monotone anyway) or decoding tones from the card, and they still need video to record your PIN at least for now. I had a thought though, if you could somehow cheaply scan the heat from the keypad after the user has left it could be useful. Covering the pad would eliminate video, but you have to jam on those keys so hard most of the time that there is going to be latent heat from your fingers; just rate the heat of each key and you have the order and position. More expensive, but nearly impossible to defeat.

Comment: Oh no! National security! (Score 1) 285

by shrtcircuit (#34316894) Attached to: Utah vs. NASA On Heavy-Lift Rocket Design

“Today’s meeting confirms that we are in a long-term fight over the future of NASA’s manned space flight program,” Bishop said. “While I appreciate Administrator Charlie Bolden and Assistant Administrator Lori Garver’s willingness to meet with us, I remain very concerned that NASA continues to delay the transition from Constellation systems toward the new heavy-lift program while they needlessly explore private start-up technologies that remain unproven, require more money and are unfit for human-rated space travel. During the meeting, I expressed my disappointment that both Bolden and Garver continue to slow-walk the plans required by the NASA Reauthorization Act. A vital component of our national security with solid booster production remains at high risk so long as the current Administration and its NASA advisors continue to ignore the existing proven and successful space and missile defense technologies in favor of systems that are still considered to be experimental. This concerns me greatly. When national security is at stake, there are certain risks not worth taking, such as abandoning our existing vital industrial base.”

Really? Weren't experimental new technologies the whole point of the space program? Wasn't national security being at stake the whole reason the space program dared to do something farther, faster, and bigger than anyone had ever done before? These congressional idiots have literally lost touch with reality and the spirit of exploration and innovation, which is what made this country great. Thanks Utah for voting these morons in...

Comment: Re:Sounds like bullshit to me (Score 2, Informative) 524

by shrtcircuit (#33779704) Attached to: US Says Plane Finder App Threatens Security
No. From TFA (anyone here even read this shit anymore?): "The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central database."

Places like FlightAware and others actually have a direct feed from the FAA which provides, among other things, radar data of aircraft all around the US. FAA feeds are required to be delayed, with the only exception being that if you have a flight dispatch operation (i.e. airline, big corporate aviation, etc) you can get it realtime - however are under strict guidelines not to release it to anyone else. Even the delayed providers generally can't just replay the data by itself.

Also the thought of encrypting the data is stupid. You have probably dozens of manufacturers of receivers and transceivers, it is foolish to think the keys wouldn't be compromised. In addition it's one more layer of potential issues, and when you are relying on that system to maintain spacing in zero visibility, you just want it to work period.

Not to mention, like others have said, there are easier ways to target an aircraft (like when they are lower and slower).

Comment: Re:Well (Score 1) 467

by shrtcircuit (#33631754) Attached to: Distinguishing Encrypted Data From Random Data?
Also consider the entropy of your "random" data. The encrypted data could be distinguishable by being *too* random compared to other samples which maintain some sort of detectable pattern or base. Random usually isn't with respect to computers (hard to guess or predict != random), and folks go to great length to make it as unpredictable as possible when it counts the most. If an encryption algorithm, which is by design patternless, is compared to a bunch of randomly inserted data, it's possible that it could be detected by as much of what it isn't as what it is.

I think you'd be better off inserting random data which has been encrypted by the same routine and key size. If it's a good, patternless method, you will end up with many samples of data only one of which is useful. Anyone not knowing the offset of the target data could waste a bunch of time trying to get into the other pieces.

Comment: Ironically... (Score 5, Interesting) 218

by shrtcircuit (#33627626) Attached to: Helicopter Crashes While Filming Autonomous Audi
We were up on Pikes Peak last weekend staffing a charity hike event when the autonomous car itself also crashed, running off the road somewhere. The wrecker they sent up to fetch it also broke down blocking the road, so they had it shut down for a while getting yet another wrecker up the mountain to help relocate the first one, and get the car out of there.

That thing has some sort of bad omen surrounding it. Everything mechanical around it, including itself, seems to break or crash! I'm amazed nobody has been killed yet, especially with the helo going down on the side of the mountain (that usually ends very badly, so my props go to the pilot for keeping everyone alive).

Comment: Re:Let us take care of it (Score 2, Informative) 765

by shrtcircuit (#32882534) Attached to: Retrieving a Stolen Laptop By IP Address Alone?
Meh, the 1% of people replying to this who aren't still living in Mom's basement aren't going to commit a felony to exact revenge on a misdemeanor for some dipshit that couldn't take his computer inside with him.

OP: Sorry about the loss, but it's one of life's little lessons and you won't do it again. The $1000 laptop doesn't mean shit to cops, feds, or anyone else, particularly considering the amount of coordination and paperwork involved - you are literally asking for expenditures of many thousands of $$ and a lot of man hours just to recover a machine that isn't worth what you paid for it anyway, and truthfully *they do not care*. The ISP *does not care* and will not give you customer information anyway. If you can plug that IP into an accurate geolocation service you might be able to go issue a beatdown yourself, but really I think that's unlikely to happen.

Comment: Re:Quoi. (Score 1) 141

by shrtcircuit (#31706910) Attached to: Indian Census To Collect Fingerprints, Photos
Hm. Every government-issued ID I have has my photo on it. Kids get printed in school and have for decades, which means current adults *have* been printed before (I have no idea where that information ended up - do you?). Babies even have to send in blood samples for genetic tests, which most states destroy but not all.

While not an official photo/print program at a national level, I'm quite certain I'm in a number of gov't databases at that level.

Comment: Re:Security (Score 5, Interesting) 457

by shrtcircuit (#31582582) Attached to: Senate Votes To Replace Aviation Radar With GPS
Planes already send their location back to ATC using query/response from the ground radar in an easily breached system. We haven't seen the big scary terrorists making fake planes appear on screens yet. In fact the current system is significantly more vulnerable, as it can only handle so many planes in its "view" at a time. Try to imagine loading that up with a few hundred fake transponders that block out real aircraft from showing up - essentially an ATC DoS attack. NextGen would, I hope, be considerably harder to attack in that method. With the current method it isn't unheard of for busy areas to DoS themselves from overload so it's already a weak model.

Also while I don't think GPS is or could ever be 100% reliable, we pilots do have something called pilotage, paper charts, and good old fashioned flying that we can use to get where we're going. It isn't as cool or convenient as a big moving map on your panel, but is a tried and true way to safely navigate that folks have been using since Jeppesen invented aeronautical charting. Even if some freak solar storm blew out all of the GPS satellites, pilots aren't going to suddenly find themselves completely lost, and planes aren't going just drop out of the sky. GPS receivers and transponders fail in planes from time to time, and we have backup plans to account for that and continue on. It's really not the end of the world. In effect an aircraft could suffer entire avionics failure and still make it down just fine.

NextGen is not the end of the world, it's a much needed upgrade to a vastly outdated system. It's better than what we have now, and if it breaks there won't be airliners crashing right and left. It's OK.

My personal beef with it is the "personal electronics" thing. I use my phone to access aviation information (weather, databases, etc) and fail to see why I should stop just because a couple wankers couldn't stop playing Doom in the cockpit or whatever they were doing. Federal Aviation Regs *already* have clauses to deal with pilot stupidity, this is just extra bullshit with literally zero benefit.

Comment: Re:Serial Ports.. (Score 2, Interesting) 460

by shrtcircuit (#31302390) Attached to: Will the Serial Console Ever Die?
We have about 20,000 servers, plus switches, routers, firewalls, and a whole pile of other gear that all has serial access through out of band management systems; ALL of them have serial ports natively. Why? It's simple (it is NOT non-standard, RS-232 is quite established), basic management often doesn't require anything more, and when the system goes completely tits-up it often gives a method of recovery not otherwise available without having to physically be in front of it (hard to do with equipment around the world).

Just because you can't type http://accessmyshit does not mean it isn't still very useful in the real world, particularly at large scale enterprise-grade data centers.

Comment: Ok, really? (Score 1) 578

by shrtcircuit (#31217684) Attached to: Fingerprint Requirement For a Work-Study Job?
Who cares? It's not a DNA sample, or even a complete fingerprint, it's a machine that stores a few data points. These have been in widespread use for well over a decade.

You're already identified as you, this is just way for you to prove it without them having to issue things that get lost, which I'm sure can be a big logistical issue for a University seeing as college students are irresponsible idiots most of the time. I suppose they could give you a badge to swipe, but I would imagine they also have issues with students clocking their friends in and out (see previous "irresponsible idiots" statement), so this is a way to physically verify you were really there with as little administrative overhead as possible.

Be far more concerned with all the other information they have about you (like, your whole life), and how securely it's actually being stored. Security breaches at colleges are rampant, and a few data points on a time clock are really the least of your worries if it got out.

How the hell did this get to >430 replies over misplaced paranoia?

Comment: Re:They don't make disaster recoveries like before (Score 1) 265

by shrtcircuit (#30870652) Attached to: Radio Hams Fired Upon In Haiti
<quote><p>You can't have it because O'Reilly and a bunch of others played the morality card, which always trumps common sense. The morality card states that all money collected must be diverted to [insert cause], and not stockpiled. The common sense card says disaster preparation requires a plan ahead of time -- you can't fuck around waiting to allocate resources when it hits. Which is exactly what has happened with Katrina, 9/11, Haiti, and many disasters yet to come. We've reduced our position from being proactive (being able to execute a rescue plan immediately because resources are already available) to reactive (waiting until resources are collected and organized before formulating and executing a plan).</p></quote>

Learn a bit about NIMS and ICS before you make assumptions. There is a *significant* amount of pre-planning that goes on (Katrina f-up's aside, a lot of learning came from that). Part of that plan includes responding, but you have to collect, stage, and organize your already-available resources within a standard chain of command or it quickly turns into a major mess. A lot of responses where people just rush in and "do stuff" end up considerably less effective because nobody has any common grasp of what they're supposed to do. Resource allocation/realization happens well ahead of time, but it still takes time to get it where you need it and get it all working towards a common goal.

Comment: Just maybe... (Score 2, Informative) 818

by shrtcircuit (#30737624) Attached to: US Youth Have Serious Mental Health Issues
Perhaps if parents took the time to PARENT, got their kids off the venti mocha-latte-quad-shot-whipped-lookatmeI'msocool drinks, made them put down the cell phones and television, and taught them how to live like real actual people in the real actual world, this wouldn't be an issue.

No shit they have unrealistic optimism! In a world where you can't fail, where it's everyone else's responsibility to prop you up and deal with your shit, you are probably the most optimistic motherfucker on the planet! The problem is once it becomes everyone else's responsibility, it becomes nobody's responsibility, and we're left with a bunch of dysfunctional retards sitting there whining because mommy and daddy can't give them their lattes and tell them it's going to be OK.

These kids don't have anxiety, they have a lack of understanding of life. They're freaked out over what is quite honestly stupid, piddly things because they're not allowed to experience failure anymore. The answer, according to a bunch of "experts", is to drug them up so they stop caring about it and go back to being irrelevant little twats.

Comment: Re:Paging Mr. Vader - something slipping through (Score 1) 620

by shrtcircuit (#30655656) Attached to: IT Workers To Get Fewer Perks, No Free Coffee
The "suck it up and be happy you have a job" was almost the exact phrase our VP issued down a few months ago, along with "if you don't want to be here to make all our dreams come true, go somewhere else". The problem is that our company relies on a fair bit of "rockstar" technology talent to make things happen, and even with so many people unemployed, it's not that easy to find qualified people at that level (there is, however, a metric ton of mediocre talent, and people who think they're way better than they really are out there). So, the rockstars find they can locate other good jobs with some relative ease (being rockstars and all) and take that VP's message to heart.

Making profit is important, maybe the most important thing to a company. But if you start treating your employees like unwanted burdens and making it feel like a prison instead of a good place to spend 8-10 hours of your day, the ones you want to keep WILL leave simply because they can, and you will be left with the ones you really don't care about because they're too much like all the other "just average" employees out there to find anything else. You won't be able to reliably acquire new rockstars either, because by that point in their career they can smell a shithole a mile away.

I'm not suggesting every office needs to be an arcade, or that you have to make lavish expenses routinely. But little things like free coffee, bagels once a week, reasonable but not totally locked down Internet policies, etc go a long way. I fully expect that I can hit gmail or slashdot from time to time - I don't spend my whole day on there, but my productivity is worse if I can't break my mind away from other more tedious things. This is pretty normal human behavior. As long as I'm getting my work done and not violating HR use policies (porn, etc), the rest should take care of itself. Employees that can't find that balance will magically disappear at the next round of layoffs anyway.

Be in business to make money. Don't forget that upper management can't do the job alone, and don't chase away anyone with the innovation and talent to get you there just because you tried to scrape the barrel. Ruthless profiteering may work in the short term, but rarely retains the kind of people you need to have except in a rare few business cases.

backups: always in season, never out of style.

Working...