Why does the Wii show key presses?
A USB keyboard attached to the Wii should never display key presses on the on-screen keyboard especially when a password input is at play. Now, I know that the console isn't designed with user security in mind, but some common sense should prevail.
Skip ahead by a minute to get through me launching the Wii, browser, et cetera.
Bonus points if you can figure out what I typed in as password.
Sony giveth and taketh with the Playstation 3
Back on a cold, and rather hung-over Boxing Day last year (or December 26th for Americans), I went in line at a Future Shop not far from my office to get my hands on a Playstation 3. For $300, I got the console with three games and the capability to run Linux—it was the last model that would be capable of doing so as all other models were the slim version and had the feature removed. Soon after, I installed Linux and made it capable of playing other, non-PS3 games; and it was excellent.
I was a good little boy to Sony as I had bought several games on top of the three I had already received and also bought two old PS1 games from the Playstation Network Store. However, Sony has now decided that I should make a choice: continue to use the online features such as the store or the PSN friends list and block my access to my Linux install; or I can forget online abilities and keep on using my Linux install. Didn't I purchase the device to do both?
Serious security flaw in Personas for Firefox
Firefox proves it's capable of beating Internet Explorer in silly exploits.
|
With the release of Firefox 3.6 and the automatic inclusion and enabling of Personas, the popular alternative to Microsoft's Internet Explorer is showing signs that it's no better. For the unaware, Persona is a feature of Firefox that allows one to 'theme' their browsers with images. Once a Mozilla-developed addon, it's now included, installed, and enabled by default in the latest browser release.
The problem with the addition to the default install of Firefox is that it introduce a gaping hole.
Rogers and their idiocy with Android
You think that the whole malarky with Rogers not paying HTC for upgrades to Android is bad? Look at the garbage that I have gone through with my newly-acquired HTC Dream. Why is it that the lone GSM provider in the country has the most inept managers and network technicians?
If Rogers was serious about a revolution with the HTC Dream, then this is certainly a hell of a one.
Ed (20:50 PDT): Added a section on Rogers' stupidity with Blackberries. Oi.
Repost: I do not accept your forced firmware update
Being that I had to endure the bullshit that Rogers placed upon me with my HTC Dream, my friend, Luke had something to say:
Hello Rogers Communications Inc,
I do not accept the premise that you can disconnect my paid data service unless I install your firmware on my device.
I understand and appreciate that you want your customers to be running stable, secure, bug-free phone software/firmware. However, I do not accept your premise that the only path is for me to install your firmware when you say. My phone is a small computer. I'm sure we'd both agree that it would be ridiculous for your Internet Service Provider to mandate what operating system you ran on your home PC or laptop. This is essentially the same issue.
Right now, as a customer of your service I have two options:
1) Use the firmware you give me. If I bought my phone from you I have firmware that you've chosen. I do not have access to details (read: code) describing what it does, it has no regular update schedule, it is locked down (restricting my freedoms), it is extremely slow to receive security updates (eg: a critical 911 fix left un-fixed for 4 months), the update process is bulky and difficult and it does not receive community support to add new features and improve it.
OR
2) Install the firmware I want to use. I can gain administrative access to my phone, and then install custom firmware created by an active open source community. I have full access to the source code (meaning I can verify it as well as improve it), I regularly get new features and performance improvements, security updates are available within days of discovery (eg: the 911 GPS fix), has an amazing built-in firmware updater ("over the air") and has an extremely active community for support.
I assert that provided that my device functions correctly on your network, I should receive the service I pay for regardless of the software or firmware running on my device.
I would strongly advise all Rogers customers with HTC Magic or Dream phones to immediately take steps to remove the locked down Rogers firmware on their phone, and replace it with the high quality open source "Cyanogenmod" firmware. Rogers customers should attempt the process themselves, or get in touch with their local hackspace and ask if anyone can help.
Rogers, I will not assume any bad intent on your part with this update. You are new to this new world of next-generation phones (via Android), and likely do not yet have business processes in place to enable fast turnaround on security issues or the core abilities to quickly backport features and add new functionality to the firmware your customers use. It is great that you are fixing this GPS/911 bug (finally) for all your customers and pushing out a firmware update, but do not force this on customers that have had this issue fixed for months and are running much better, newer firmware.
Rogers, please focus on building a solid network and trying to give me the best data service at the best price.
Thanks,
Luke Closs
I hope to $deity that Rogers fulfils their statement to me of giving me a month's worth of data for free. I am also overlooking my existing contract to see if I should just as well leave the carrier.
And for the record: I didn't bother with the plan in my previous entry. I am going to wait for WIND's arrival here in Vancouver this upcoming June and then decide on what I'd like to do.
Security issue: WRT54G-series routers and improper setups
Back in the early part of this year, it was made aware that there is a worm that can infect routers, but now it seems to me that a related attack vector is possible if the router is mis-configured. In this case, it involves WRT54G-series routers that are capable of running DD-WRT (or anything related) and their ability to allow for tunnelling via SSH.
Simply put: the same exploit that the Psyb0t worm employs is easily doable by virtually anybody and can be done without having to scan for exploitable hosts on your own.
Announcement: 9/11 Pager search is online!
Since Wikileaks has released a set of pager data from September 11th, 2001, I decided to create a simple search function that will allow you to search for keywords within the pager data.
You can try it out by clicking here. I encourage you to link to this if you find it interesting.
Here are some examples of data I found:
2001-09-11 11:46:34
Arch
[0900949]
ALPHA
butthen is heading home. Thinks maybe you can't get in the building so is going out. F16s have surrounded plane
2001-09-11 09:26:35
Arch
[0928548]
ALPHA
2Planes have crashed into World Trade Center Towers. Attempts to reach Intl. Ops. and UBOC contacts are underway. NewYork1 is currently pingable and viewable on the network. Will page as more information is avaliable. Kris 9/11/01
Note: UBOC (Union Bank of California) was in the north tower.
2001-09-11 10:18:25
Arch
[0959190]
ALPHA
#ePhoneBook@uboc|(From:Wayne) Lost Fed & CHIPS (building collapsed) Lea calling NCC to get a dial-up from MPK working, please follow **************************************************
2001-09-11 12:13:22
Metrocall
[1786392]
ALPHA
Frm:MGeorge Sub: sad Txt: Palestinian gunmen at refugee camps in Lebanon fired into the air to celebrate news of the attacks on major U.S. landmarks and offices.
2001-09-11 16:53:36
Arch
[0935569]
ALPHA
knasheed|Iowe you. VERY sorry for the firedrill. Good news. I'm getting a new sysem today and having my system re-imaged THIS week. This issue will be behind me by COB Friday. Again, pls accept my Karleton
Kind of a bad day to do a firedrill, hey?
Feel free to offer suggestions. I will be adding a few features as I go along.
Follow-up to my previous ScanLife entry
The day after my ScanLife write-up had appeared on this blog, I had received contact from David Javitch, Vice-President of Marketing at ScanBuy, Inc.
In said e-mail, he clarified a few things that I wondered about the software and even offered a chance to be in on future releases under the condition that I sign a non-disclosure agreement--I politely turned the offer down.
Snapshots from BazCampYVR at VHS
Half a week has passed since the first-ever BazCampYVR was held at the upper-level of VHS and I figure it's time that I share the photos before I forget.
Luke did take some video of the presentations and I believe that they'll be available shortly.
On a somewhat-unrelated note, I did receive a e-mail from ScanLife regarding my last blog entry and I will likely share its contents next week.
In case that you weren't there, here were the talks that were performed:
- Untitled, a short talk about guitars by Goldfish, yo!
- Interactive fiction in Shoes/Ruby via Fashion Quest - DJ Mike Cantelon
- Scanbuy's EZ Code - Colin (afreak)
- Collaborative Web Games (Zeitgeist) - Lukec
- Interferometry on the desktop - JamesG
- Making Worlds: Procedural Planet Generation - unconed
- Fun with MicroControllers - JoeB
- RFID & Embedded Linux Toys - Robbat
- Cybercraft - the tech & biz of trill adventure VR simulation theatres - John S.
Here are the photos! Regrettably, they're not the best due to my phone's terrible camera.
ScanLife’s 2D code system – Flaws, privacy, and whatnot
A while ago, I covered a bit on Metro News' and other publications' implementation of ScanLife's 2D barcode system for users of smart phones.
I have gotten a bit interested in it seeing that it has advertised itself as a better alternative to QR and data matrix codes. This seemed unlikely and I began to take a look.
Ed: forgive any weird grammar or spelling errors here.