Tuesday, March 29, 2005

Blockbuster busted


For the most part, this is a good thing. It was addressed fairly quickly for one. I'm not sure that, aside from the negative publicity, that this is going to dissuade them from continuing with other deceptive practices because, according to the agreement, they do not have to do anything other than:

"Blockbuster also agreed to provide a full refund or credit to any customer who failed to return the item within the thirty day period, but who now returns it in good condition by April 28, 2005.

If the customer already has returned the item but has paid a "restocking" fee, the customer can obtain a refund of the "restocking" fee. A request for restitution must be made in writing and allege a failure to understand the "No Late Fee" program."

So, "oops", they just have to refund the deceptive charges and don't have to provide any kind of other restitution.

Monday, March 28, 2005

ID theft targets are everywhere

Security no match for theater lovers

This article shows that for the promise of a $7-$10 movie ticket, you can trivially gather enough information about almost anyone to steal their identity. And this was at a security conference. I've seen a couple of other studies such as this with other low-value enticements work just as effectively.

Thursday, March 24, 2005

OWASP opens Seattle Chapter

Web Security Group Launches Northwest Chapter

Web Security Group Launches Northwest Chapter

The leading web application security organization, Open Web Application Security Project (OWASP), has opened a local chapter in Seattle.

I may be spending some time with this group. Glad to see more volunteer security orgs in the Seattle area! And glad to see some emphasis on application security, of course.

Their website is http://www.owasp.org/local/seattle.html

Be warned: the site looks atrocious in Firefox.

This website can read your mind


Select the "Think in english" link to proceed in english. This is an automated 20 questions that is very good at guessing what you are thinking of. Haven't seen this in some time but got sent the link recently.


new bookmark: 15 Megs of Fame

I haven't poked around too much at what is on here, but it's supposed to carry on the torch of mp3.com for small, independent artists. Seems like a pretty cool site.

15 Megs of Fame | Artists and Fans unite!

Mobile phone industry blocking iTunes phone??

Courtesy www.fiercewireless.com

If this is true, this is really sad. I know the mobile phone industry would just love to keep charging exhorbitant rates for worse-than-midi ringtones to counteract the trend of them becoming commodity carriers for wireless voice, but to go this far -- hindering technology growth and restricting use of their mobile data networks -- is the wrong move. It took the public Internet to launch the explosion of new technology, services, etc. The variety and growth in technology that exists on and over the Internet today would not have occurred if the only game in town was still the AOL or Compuserve network -- just to offer a historical analogy.

Rumor Mill: Who is trying to kill the iTunes phone?

Motorola was supposed to launch the much-hyped iTunes phone yesterday at CeBit. The company, however, cancelled its launch at the last minute reportedly after a secret phone conversation with a carrier or carriers. Supposedly, the carrier(s) in question was not excited by the prospect of a handset that could access iTunes content, but that didn't include them in the revenue share. So, the rumor goes, the carrier in question bascially said they would not carry the iTunes phone, forcing Motorola to pull back on its launch plans. Many claim that carriers are working to block Motorola's iTunes phone outright in favor of their own mobile music services. Some insiders claim that carriers are more interested in owning the mobile music process and that they do not want to have to compete with Apple's iTunes platform for revenue.

Rumor Mill: Is Motorola trying to cover up the iTunes phone story?

Motorola yesterday said that, contrary to rumors, the iTunes phone was delayed not because of carrier worries but because of issues with its partner Apple Computer. At a press conference at CTIA, Motorola's mobile phone head, Ron Garriques, told reporters that the iTunes phone's sudden disappearance last week at CeBit was due to differences in the two companies' approach to marketing. Garriques blamed Apple for trying to launch the handset too soon. He claimed that Motorola delayed the device because it was not ready for the market. Garriques also added that an iTunes phone will make it to market in the second half of the year.

Insiders at CTIA dimissed Garriques' comments, claiming that the rumors that broke at CeBit were likely the true version of the story -- i.e., that carriers killed the iTunes phone because they fear Apple will dominate the mobile music market and because the iTunes phone does not support over-the-air music downloads.

See also Motorola: iTunes phone no-show due to Apple

MIMO standards at war

Courtesy www.fiercewireless.com

Trend: New WiFi products may ignite MIMO definition war
MIMO technology is very much in the news these days, and not only because of the intense fight between the two warring camps, each relying on MIMO, over the specifications of 802.11n. A soon-to-be-released MIMO-based RangeMax WLAN kit from Netgear has again caused many to ask what exactly was the meaning of MIMO. Most MIMO chips on the market now come from Airgo, but Netgear chose chips from Video54 instead, leading Airgo to charge that Netgear's solution is not truly a MIMO product. This is not mere semantics: As the battle over MIMO-reliant 802.11n specifications intensifies, the last thing we need is to have that battle complicated further by skirmishes on the flanks over the precise definition of MIMO.

The differences between the two approaches are clear. Airgo makes the complete chipset for offerings by Belkin and Linksys. Netgear, in contrast, relies on its Atheros chips: Video54's BeamFlex chips are merely an overlay which can add MIMO to chips from other vendors. Airgo's products use spatial multiplexing (sending two radio signals in one channel); Netgear uses seven independent internal antennas which may be turned on and off, offering 128 routing patterns. Netgear says its technology give its products a range of 495 feet and a real throughput of up to 48 Mbps.

For more on the debate over MIMO:
- see Peter Judge's Computerworld discussion

RIP: Spencer Garrett

komo news | Libertarian Congressional Candidate Dies In Skydiving Accident

This was shocking news in a year that is shaping up to be at least as bizarre as last year for me.

Spencer was one of the smartest people I have ever met, one of the best UNIX/network/tech/IT administrator gurus anywhere and a great friend to all. You will be missed.

His ISP business 2alpha will hopefully continue on with his business partners still at the helm.

SNOHOMISH - Spencer Garrett, a Libertarian candidate for Congress last fall, has died in a skydiving accident outside this town northeast of Seattle.

Instructions for Life in the new millennium from the Dalai Lama

Earlier this year, I got a chain email containing a powerpoint (!!) that I'm not going to pass on via email, but I liked the majority of the advice so here is a transcription.

  1. Take into account that great love and great achievements involve great risk.

  2. When you lose, don't lose the lesson.

  3. Follow the three R's:
    Respect for self,
    Respect for others,
    Responsibility for all your actions .

  4. Remember that not getting what you want is sometimes a wonderful stroke of luck.

  5. Learn the rules so you know how to break them properly.

  6. Don't let a little dispute injure a great friendship.

  7. When you realize you've made a mistake, take immediate steps to correct it!

  8. Spend some time alone everyday.

  9. Open your arms to change, but don't let go of your values.

  10. Remember that silence is sometimes the best answer.

  11. Live a good, honorable life. Then, when you get older and think back, you'll be able to enjoy it a second time.

  12. A loving atmosphere in your home is the foundation for your life.

  13. In disagreements with loved ones, deal only with the current situation.

  14. Don't bring up the past.

  15. Share your knowledge. It's a way to achieve immortality.

  16. Be gentle with the earth.

  17. Once a year, go someplace you've never been before.

  18. Remember that the best relationship is one in which your love for each other exceeds your need for each other.

  19. Judge your success by what you had to give up in order to get it.

  20. Approach love and cooking with reckless abandon.

Verisign conflict of interest opposition

ICANN Email Archives: [net-rfp-verisign]

See also http://www.financialcryptography.com/mt/archives/000332.html

...Verisign also operates a 'Lawful Intercept' service called
NetDiscovery [2]. This service is provided to "... [assist]
government agencies with lawful interception and subpoena requests
for subscriber records [3]."

We believe that under such a service, VeriSign could be required
to issue false certificates, ones _unauthorised_ by the nominal
owner. Such certificates could be employed in an attack on the
user's traffic via the DNS services now under question. Further,
the design of the SSL browser system includes a 'root list' of
trusted issuers, and a breach of _any_ of these means that the
protection afforded by SSL can now be bypassed.


The cryptographers and security architects who designed the SSL system in 1994 and 1995 envisaged the issuer of certificates to be _trusted by the certificate owner_. This development represents the antithesis of this security requirement.