Entries Tagged as 'Observation'

1984 Here We Come

Randu2

I’ve always wondered whether or not federal law enforcement management ever think about what they say before saying it.   Currently, they want to put a backdoor in every piece of software so that if given a warrant, the government can go in and snoop on sensitive cyber-information.  And their reasoning is based on the fact that CALEA has worked with telecommunications so why can’t it be done elsewhere, predominantly software.

As a telecommunications professional of over a decade of experience and having been in the security industry for a major part of my life, I have to say that they fail to actually understand how CALEA is implemented.  While it is a government mandated security act that telecommunications and internet providers have had to deal with, it’s also got something that most software doesn’t.  A physical footprint.   To actually use a CALEA backdoor, you physically have to go to a 24/7 manned switch, that has hardware to jack into to basically “eavesdrop”.   It’s more complicated than that, but that’s pretty much how it works.

However, with software, if there is a backdoor and it’s known by hackers, then hackers will try everything in their power to break in through that area.  You know how in linux, they say never to use the root user?  That’s the same principle.   Don’t give it out, don’t acknowledge, because once people know that it exists, it becomes a security risk.

And if you’re in security, you should understand the risk assessment value and how ease of use is predominantly inversely proportional to security.  Always has been, and for the most part, always will be.  On top of all of this, there is another method that people will use to get around all of this.   Bouncers and darknets.   If this law is passed, they actually make their lives a lot more difficult as enforcement since most people don’t just think about using darknets or even understand how bouncers work.  If a wiretap is in place in all areas though, then it forces the underground to come up with new ways of communications without fear of someone looking over their shoulder.  And is that what law enforcement wants?  That doesn’t sound “easier” by any means of the imagination.

At least not to me.

Enhanced by Zemanta

Ping? No Thanks

Ping Screen shot 2010-09-01 at 9.32.17 PM
Image by swanksalot via Flickr

Amusing. TechCrunch released an article about how Ping isn’t as social as Apple made it out to be. What’s even more funny is that I don’t see this going anywhere just like Genius didn’t go anywhere.

First, let me throw it out there. When I find new music, I don’t know the name of the song, or what it is. I just hear something while browsing a website, Youtube, or even listening to the radio. You know what Apple needs to do? Buy Shazam. Take that technology and load it in instead of relying on my friends. Truthfully, what my friends like in music could have absolutely no relevance in what I like. I like opera, but I can guarantee you that my wife doesn’t really care for it. But would we be in the same circle of friends? Sure. That’s a failure in itself for recommendations.

Second, I decided to give Ping a shot, even though during the Apple announcement, I was already arguing with people about how Apple could make things nice, but they don’t exactly understand the Internet trends. Let me put it into perspective. Myspace is probably one of the ugliest social networks ever. I said it back when it started, and it still is to date. But yet, the young kids that made it popular is what attracted bands and other musicians to it. That’s also why MySpace still lives… due to those relationships. If Apple wants to attack that head-on, they need to allow every single band lay claim to their pages and have followers able to already follow the band without the claim.

For example, I was testing out Ping, thinking, hey… this might not be half bad. Let me add one of my all-time favorite bands: My Chemical Romance. Now I’ve purchased their albums from iTunes before, so I know they exist on there (unlike some of the jrock/jpop/crock/cpop artists), but lo-and-behold, I can’t follow them. No MCR follow means that Ping fails in my book. I mean, the recommendations based on my genres that I selected gave me Lady Gaga, Katy Perry, and Coldplay. All artists that are tied to Apple. What about Daft Punk? What about Gorillaz? If you’re building social, you have to think social.

Personally, I think that Ping is a great idea, but the execution was absolutely sloppy on Apple’s part. If you’re going to build a social network for musicians, figure out what the strengths of social networks are and build around that. Don’t tie it directly to your iTunes store. The difference between customers and users might be a credit card number, but the difference between a social network and a store is a world apart.

Enhanced by Zemanta

Do Illegal Immigrants REALLY Contribute to Social Security?

Modern Social Security card.
Image via Wikipedia

So I read this story in the Washington Post about how illegal immigrants help Social Security and without them, that program would be in more turmoil than it is now.  But in all honesty, is that even a true statement?

I mean, with all the statistics that op-ed throws out there, it misses a crucial fact:

Employers pay part of Social Security.

Here’s the point.   I was watching a story on CBS a while back about illegal immigration and they interviewed the farms that basically hire almost all Hispanics for seasonal jobs.  One of the most interesting takeaways from that was that the employer would deduct SS and all necessary fees out of their pay, and what those workers did with it outside that was their issue.   If that’s the case, then at least 33% of the statistics is paid for by the employer and has to be taken out.  The rest is conjecture since there’s no way of knowing how many fake SSNs are out there and while estimation is a great thing, let’s look at the rule of thumb in the business world.

If I pay you in cash, usually people do not pay their social security on that.   Nor do they pay their any other income tax on it.  In fact, forget illegals.  How many Americans do you know that actually pay taxes when they’re paid in cash?   I could be wrong, but I don’t think I’ve ever met anyone.  Not even people high up in society.  Everyone knows the “unspoken” rule.

So the only actual part that you can really deem as indirectly contributed to the Social Security program is what the employers pay because they have to pay it.  It’s part of hiring a labor force.  But that could be attributed to any single individual, and does not have to be an illegal immigrant.

If that’s the case, do illegals really contribute to Social Security?  Or is it just in the mind of this op-ed columnist that hasn’t really thought out the actual employer/employee process?  Maybe I’m just crazy, but if I were an illegal immigrant, I wouldn’t pay a big red target on myself and collect Social Security or pay the taxes.  I’m already a ghost in the system.  Why put myself on the radar and put my family and me in danger?   Just saying.

Enhanced by Zemanta

FAA Still Denies Cell Phones in Air

Cell Phones Everywhere
Image by Scott Ableman via Flickr

The FAA is still denying that cell phones are safe in the air.   While it’s true that cell phones do generate electromagnetic signals, it’s also true that the signal of the EM field dramatically drops off as you get farther away from the user.  Most do not generate any substantial field outside of the “personal space” of the cell phone user.   If you don’t believe this, go buy a EM reader and give it a shot.   It’s rather interesting on the non-linear drop.

On top of this, it was shown on Mythbusters (episode 49) a while back that cell phones do not interfere with the navigational equipment of a plane unless the plane has unshielded wiring.  And believe me, if you’re running faulty wiring, the least of your worries will be coming from mobile devices.

I will agree that banning cell phone use on a plane for sake of safety is a cop out play when in reality, the only thing that cell phones are in the air would probably be the annoyance factor.   Due to the background noise of the plane, people that talk loudly already would just raise their voices.   And the last thing most passengers want to to is to be locked in a confined space with a bunch of shouting business people that are trying to conduct business.

Fortunately, I have a solution for this.   If someone has enough change to spare that they’re willing to sign an agreement before the flight takes off to have a decibel monitor on them, and their credit card on file, then if their voice ever goes above a certain level, they’re automatically fined.  This fine is then distributed to both the flight crew, airline, and passengers on board guided by the fact that since everyone will be annoyed, you might as well be compensated for the annoyance.

This would either prevent people from calling as much on flights, or keep their voices down of which they should be doing anyways.   While policing the airwaves at thirty thousand feet isn’t something fun, use the right reasoning.   I mean, let’s be honest.   If people can use cell phones when they “touch down” on the landing, then it would also be safe to say that those EM transmissions would not effect other instruments.  Or else every time you land, you’d see a blip in your flight instruments that would be visible to the naked eye.

Enhanced by Zemanta

Strange Waitress Behaviors

I have to say that the last two times I’ve been out to dinner with my wife, it’s been a rather strange experience. Both times, I was asked whether or not we wanted separate checks. What’s weird is that I’m getting the strange feeling that this could be the fact that we’re a mixed couple and people make assumptions that apparently that doesn’t exist in the South.

How odd is that? I can’t think of any other reason that you’d ask whether or not someone wanted separate checks. Usually, people ask, but both times at different restaurants, the waitresses offered up the option right away.

For some odd reason, I haven’t been able to justify it by any other means, and giving benefit of the doubt. It just doesn’t make any logical sense unless you throw race into play. While I know that these tendencies still exist, it’s usually strange to see it so blatantly. But really, why am I not surprised at all…

China Domain Scams

I have to say that it’s very amusing when you get emails like this. I had to do a little bit of digging to get the dirt on it, but fortunately when you’re not the first of these types of scams, the Internet can be a great resource. Basically, the idea is no different than the domain snail mail letters that people send in the mail that look like a bill in the US. This takes a different approach, since it makes you scared that your brand is in jeopardy and you didn’t buy up some of the other domains.

The below was a verbatim email that I got from the scammers. I had started a dialogue in my usual manners, but was fascinated when they basically said that they were doing due diligence, but then they could not deny the application by the other corporation even though they were doing due diligence.

Hmm, makes you wonder. What’s the point of doing due diligence then?

If you ask about it, then they’ll send you a cost sheet, and it’s like $60-$120 per brand and domain. Amusingly, these same domains cost somewhere around $10 to $30USD depending on what they were, and a lot of them, you have to show registration of a legitimate business within that domain. For example, in Hong Kong and Taiwan, you have to have a registered business within those regions to actually even apply for the .com.tw and .com.hk. I don’t know about China, but in all honesty, it’s not something that I would care to register as a business owner. In the end, the .com is king and anyone in the web world knows that.

This happened to come from a site called “drc-asia.org” which claims to be a domain registrar in China. Interestingly enough if you look up the domain itself, it’s owned by “shanghaifengwangwangluokejiyouxiangongsi”. Which is fine in itself, except for the fact that they have a .live.cn (Hotmail China) email registration. Crazy thing here, but legitimate businesses never have domains registered under any personal email places. No hotmail, gmail, or anything else. Much less when a domain registrar doesn’t know how to set up a CNAMEs so that drc-asia.org doesn’t point anywhere, but www.drc-asia.org actually does go to a host? Come on.

In any case, if you find yourself worried that you might be on the verge of getting taken in, fear not. Usually it’s a permutation of the email below.


(If you are not the person who is in charge of this, please forward to the right person/ department, as this is urgent, thank you!)

Dear CEO,

We are the department of registration service in China. we have something need to confirm with you. We formally received an application on Aug 16, 2010, One company which self-styled " dre&y trading ltd" are applying to register "merchantsmirror" as brand name and domain names as below :
merchantsmirror.asia
merchantsmirror.cn
merchantsmirror.com.cn
merchantsmirror.com.hk
merchantsmirror.com.tw
merchantsmirror.hk
merchantsmirror.tw
After our initial checking, we found the brand name and these domain names being applied are as same as your company's, so we need to get the confirmation from your company. If the aforesaid company is your business partner or your subsidiary company, please don't reply us, we will approve the application automatically.

If you have no any relationship with this company, please contact us within 7 workdays. If out of the deadline, we will approve the application submitted by "dre&y trading ltd" unconditionally.

Best regards,
Robert Yang

How Does TSA Take to “Paperless Boarding Passes”?

Boarding pass
Image by Simon Aughton via Flickr

Interestingly enough, there’s this new fun little thing that the TSA is pushing which really shows that they’re actually with the times.   While most people still use the paper boarding passes, you can now have it sent to your phone.   What it does, is that it actually sends you an image of a QR code I believe, of which is then scanned at the TSA checkpoint.   They use one of the red bar code scanners so it doesn’t really get effected as much by the reflective screens on smart phones.

What’s neat about this technology isn’t just because it’s “green” since there’s no paper, but the fact that the government is finally getting on board the technology train WHILE it’s going.   Not like ten years behind.  Usually you don’t see things like that except in military and advanced research labs.   I find that absolutely fascinating.

While I had the opportunity to use it more recently, I was hesitant mainly because I didn’t want to hassle with it if there were airports that had screeners that were not trained to actually deal with the passes.  Even if the airlines are pushing it, it doesn’t necessarily mean there are untrained staff out there.  So I decided to observe and see for myself.

It happened that there was one lady in front of me at Newark that used this system.  It was actually very quick and easy and definitely put my mind at ease that perhaps this is the next thing I’ll adopt while I travel.  Nothing like getting rid of the abundance of boarding passes that one has to carry these days along with all of the advertisements and the weather and what not.  In all honesty, while it seemed like a pretty good idea, I usually am annoyed that they print all my boarding passes on separate pages with a bunch of junk on them.   Just print them all on one page!

I’m actually pretty happy that so far my observation of the paperless boarding pass has been a great experience.

Enhanced by Zemanta

Android Market Comments Need Moderation

Android Market
Image via Wikipedia

Google needs to step up to the plate when it comes to moderating Android Market comments.  Overall, the ratings system is pretty typical.  If you like a product, you rate it high, if you dislike you rate it low.  There’s some trolls when it comes to ratings, but it’s actually not all that bad for the most part.  The good stuff still tends to float to the top.

But lately, there’s been a rash of really annoying 5-star comments that I mark as spam all the time and keep seeing everywhere.   Subscription services are going around and posting comments everywhere and basically saying how it’s this website has all of the apps for a monthly subscription and it’s cheaper, and all that.  Extremely annoying when you’re trying to read about whether or not an app works or not and what problems they might encounter.

Think of the commenting system as a user review board.   I mean, overall, the goal is to be like Amazon’s product reviews where people tend to use these days as a secondary source of “real people-real reviews” type of place outside of reading Consumer Reports.   Since Android Market doesn’t have a Consumer Reports, you’ll just have to settle for trial and error, and user reviews.  Unfortunately, on a mobile interface, spam type comments not only take up space, but it throws the review off.   Especially these types of subscription services.

Enhanced by Zemanta

Quotes are the Bane of Social Media

"Graphs & Social Networks" Facebook ...
Image by sociomantic via Flickr

I don’t know who came up with using quotes. But having analyzed much of the traffic that goes across social networks, I have to say that if you use quotes, you’re asking for trouble.

Why?

Have you ever looked the twitter bot accounts and what they post? Usually, a substantial number of them use quotes. Those that filter onto Facebook also use quotes. In fact, there really isn’t any time that those bots don’t throw in the quotes section since they want some filler that could be applicable to human interaction. And thus, those of us that actually do watch and read the traffic become extremely desensitized to quotations.

This is a lose-lose situation. First, the people that read don’t feel like there’s substance there so they skip reading your information, even if you might have some fabulous stuff later on. What can I say, the attention span of Internet users is fairly short. But also, the user of the medium that has integrated quotations also gets thrown into the bucket with the spam bots. Now, I don’t know about you, but I wouldn’t want to be in the same bucket as spam bots.

If you do use quotes, I implore you to stop. It’s not helping and the filler really isn’t useful. If you intend to keep at it though, no worries. The rest of the world is probably ignoring you.

Enhanced by Zemanta

Blasting Zone FUD

I have to say that there’s some things that seem entirely like FUD because people watch too many movies. So there’s this sign that I saw while I was driving home and the more I thought about it, the more ridiculous it seemed.

Most people wouldn’t think twice about reading this sign and would just do as it said. But, think about it. Most of your 2-way radios are on the family band. This means that it’s a public channel. These channels are for use of all sorts of things (thus the word public). Private radio bands require licensing and is on a different spectrum. But regardless, you would imagine that anyone setting a wireless detonator on a public band is absolutely bonkers. I mean, there are signals at all times on those bands so that wouldn’t make any sense.

And the entire cell phone thing is silly too since the signal is on two levels. One is from the base station, and one is from your mobile. If you turn off your phone, that doesn’t mean the base station quits trying to provide coverage. So, if a cell phone signal would set off blasting, then wouldn’t you have to shield it from all cell phone signals? Including the base station? So if you use wireless detonators, you call the wireless companies to turn off their towers? What about emergency band vehicles? No more 911 calls?

Without more solid evidence that there is any reason to turn off a two-way radio or cell phone, this becomes very much like a movie based FUD action. Lovely.