Archive for the 'chuckles' Category

outgrown (facebook) status

‍‍ב׳ אייר ה׳ תשע״ג - Thursday, April 11th, 2013

finding sorting old clothing fascinating- as uncertain numbers and intended fate dictate placement, variations on folding affect the interaction of placements, object valuation based – and weighted – between functional utility, social utility, and personal totemism — of memory, of self indulgence, interplay between a systemic approach and the feel, the music playing on Pandora: its distraction and relation to memory, and the subsumption of all – and me – to the end task.  Should have done this sooner.

far more interesting than most social interaction in recent memory and the repetitive, inevitable discussions the apologia, leading EITHER to confrontation borne of ego and the bludgeon of validation or worse, bullet point, wielded OR the prophetic cloak of inspiration being thrust upon me.  and still it infects me as i run through those thoughts in their broad curves and the precise turns of recent iterations.  and letter to score unneeded conflict where I’m in the right compose themselves once more for the the thousandth fragmented time. but still, this, this, these clothes, unlike people, I can’t so easily predict and I’ve seen each of these threads before, but until this job, never the tapestry.  also, my Zepp channel on Pandora is pretty good.  To wit – How Many More Times is on and I’m out.

Only half the threat – and most of the answer.

‍‍ה׳ חשון ה׳ תש״ע - Thursday, October 22nd, 2009

Today, Slashdot posted a story to the front page regarding a widespread SMC 8014 router/modem vulnerability, allowing access to administrative functions. I would link to the original blog post, but it seems to be slashdotted. (Edit: no longer. I also indulged myself with a comment on the slashdot story and the blog post, both came late in the game. No, I’m not selling anything nor do I get ad revenue.) In any case, this is nothing new. These and similar SMC routers are common in New York and are identifiable in their use of a four digit hex SSID. Naturally, all APs broadcast their Wifi adapters’ MAC address in the clear, allowing for identification of the manufacturer (barring spoofing).

These SMC routers were ordered in bulk with a custom firmware, with some “features” that were put in place to (presumably) assist in over the phone tech support. The firmware enables WEP encryption with a preset key on the network and uses Javascript to disable more advanced features, including choosing WPA. If that wasn’t problematic enough, the WEP key is derivable from the MAC address. Let me repeat that point as clearly as I can.

The preset WEP key is derivable from the MAC address that is broadcast in the clear.

That last part is trivial, and I’m not going to give out (what I hesitate to call) the algorithm.

But wait, there’s more. One of the advanced features disabled by the Javascript hack is the ability to change the WEP key. I was not vulnerable to this (I use a different service with my own hardware), but a friend was -which allowed me to do a bit of work on these routers and their deployment. We were told (July 2008) by a customer service rep that changing the WEP key was not supported for the end user – even after I asked my friend to claim that she thought someone had her “network password” (which was technically true).

Ironically, the vulnerability mentioned in the Slashdot article is the means to secure the router: by using various techniques (disabling Javascript, Greasemonkey, etc.) you can restore these functions: changing the mode of encryption, the key, and the administrative values.

SMC is not the only company to have sold these gelded all-in-one routers to bulk telecom customers; nor is Time Warner the only customer to deploy them. In a private discussion sharing these findings with some westcoasters at Defcon in Aug 2008, I was told there was an L.A. telecom doing exactly the same things – mass deployed routers with predictable keys and a broken firmware that prevented a fix.

Signs of things terribly wrong… or right…

‍‍י״ג אלול ה׳ תשס״ח - Friday, September 12th, 2008

When a Math/Compsci Professor comes to your apartment, peeks his head around a corner and exclaims

- with sarcasm, suprise, and a hint of disgust -

“Oh look. Another computer.”

A butterfly clicks on a web page in Florida and causes a storm in New York.

‍‍י״ב אלול ה׳ תשס״ח - Friday, September 12th, 2008

The UAL story – as a parable – is too good to be true. (As fact, it seems patently unfair to UAL.)

As a cautionary tale, it got even better – expanding on the chaotic complexity of interacting state machines:

Single Web Hit Led to UAL Glitch, Tribune Says – WSJ.com

About that trip to Miami… apparently it was b’shogeg.

‍‍כ״א תשרי ה׳ תשס״ח - Wednesday, October 3rd, 2007

How did I miss this?!!? Miami is ASSUR!!

Amusing and yet ironic…

‍‍א׳ תשרי ה׳ תשס״ח - Wednesday, September 12th, 2007

…because the page is fairly ugly, poorly categorized (tabs… controls… stupidity? These are not like things) and dated navigation tools.  Still, not nearly as bad as the examples contained in the Interface Hall of Shame – Controls.   Perhaps the irony is intentional?