Techdirt is off for Memorial Day. We'll be back with regularly scheduled posting tomorrow!Hide

aldestrawk’s Techdirt Profile


About aldestrawk

aldestrawk’s Comments comment rss

  • May 19th, 2015 @ 5:20pm

    IFE network is connected to the Avionics networks

    After reading the comments, I see there is some skepticism here about the fact that, on more modern aircraft, the IFE network shares the same network cabling as the avionics network(s). It is true. This was done to save weight despite the fact that you can no longer use the best security, which is a air-gapped networks. The aircraft manufacturers, such as Boeing, claim that the security they have in place in sufficient. They claim that even if a passenger laptop is connected to the IFE, no packets can be injected into the avionics networks. They probably have a network switch which is set to filter out any packets coming from the boxes under the passenger seats. What they probably really mean is that no conversations can be initiated from the seats as a lot of common protocols, including those used for the IFE, involve packets sent from these seats. Such a system can be secure, but I would be very nervous about proclaiming this set up to actually be secure. One of the possible vulnerabilities are commands to the network switches themselves to change the filtering.

    Not only is there common cabling between the networks, but the manufacturers have moved away from a proprietary protocol stack and are using TCP/IP on top of a modified Ethernet protocol. This allows someone, with a little knowledge, to connect their laptop to the box underneath the seat. [Please note, Timothy Geigner, that this does not involve the WI-FI network] Undoubtedly, the FAA, and the aircraft manufacturers, have put some effort into assuring passengers can't affect any of the avionics controls or sensors. The question is, have they done enough? Since the industry is also relying on security through obscurity by keeping the details secret, it makes it hard for independent researchers to confirm this.

  • May 1st, 2015 @ 7:57am

    AT&T caps rate below contracted agreement.

    An interesting thing concerning the max DSL rate happened to me a few years back. I live in a rural area near Silicon Valley and have a wonderful ISP. I am still limited to 1.3 Mbps as that is the max rate for DSL here considering my distance to the nearest central office. AT&T, of course, provides all the infrastructure, for which the ISP, Cruzio, pays them to be able to offer Internet connections. One day, I noticed videos were pausing during download. I went through my usual debugging strategy (I'm a software engineer who works on switches and routers). A speed test consistently maxed out at 384 Kbps. That number was instantly suspicious to me and indicated that AT&T had intentionally capped my rate on their routers at the central office. Luckily, I didn't have to deal with AT&T directly. I called Cruzio and was able to talk to a tech guy immediately. He said, a number of their customers in my small town had experienced the same problem. He said he would deal with AT&T. 10 minutes later, the problem was solved and I have never had that issue again. So, it looks like AT&T had an issue with overall throughput and decided to handle it by capping the rate on various customers, hoping they wouldn't notice. I don't know what would have happened if I had to deal with AT&T directly. I am certain solving the problem would have taken longer than 10 minutes though. I would like to have a faster connection but my only choice for that is Comcast.

  • Apr 20th, 2015 @ 7:32am

    Re: Re:

    What you are describing is a replay attack. The transponders used for locking/unlocking the car and for vehicle immobilizers already use encryption in a way to defeat a replay attack. The technique of using a repeater, or relay, device is different from a replay attack. With keyless entry, you don't have to have physical possession of the key to initiate the cryptographic handshaking. The key can sit in your house while the thief uses the relay device to fool the car into thinking the key is close by. The relay device just transmits the entire cryptographic handshake in both directions. Unless, there is a way to distinguish actual proximity from the use of a relay device, this same problem will exist for the smartphone + application.

  • Apr 7th, 2015 @ 8:27am

    an obvious solution

    As an engineer, I have learned how to gleen the basic requirements from complex problems and craft a workable design to provide a solution.

    -The main concern of the NSPCC is that children viewing porn gives them a distorted view of what sex is about. Among the potential problems:
    -exaggerated and stylized male and female bodies leading to body image issues.
    -seeing violent and controlling relationships as normal.
    -seeing fetish, or extreme, sex as typical.

    -The survey included a total of 2000 children from 12-17. One of the 11 questions was whether they had taken part in, or made, a sexually explicit video. 12% answered yes.

    -The UK government is convinced that age verification is a workable solution to restrict certain age groups to certain websites.

    Given this, I suggest child porn for children websites. The child porn will be made by children, starring children (no adults allowed), and only accessible by children through age verification. Clearly, this is a much healthier solution than the current situation. What could go wrong?

  • Apr 7th, 2015 @ 7:29am

    worried or addicted?

    What NSPCC states in regards to one of the 11 questions in the survey was that, "one in ten 12-13 year olds are worried they are addicted to porn". The Vice article, in it's criticism, states this as "apparently addicted to porn". I doubt those children who took part in the survey were instructed as to what a proper definition of porn addiction is. Some might think that viewing any porn on a regular, or semi-regular, basis is an indication of addiction. An indication that the wording of the questions may not give useful results is that one of the questions produced the result that 20% of 12 to 13-year-olds thinks that watching porn is normal behaviour. Let's assume that normal refers just to whether or not kids of that age watch any porn. Studies show, that the prevalence of internet porn addiction in adults is about 1% of internet users. Yet this survey suggests that fully half of 12-13 year olds who watch internet porn fear they may be addicted. It's not likely there is a huge difference in addiction prevalence between tweens and adults. One problem is that if you ask whether something is normal most people think you are asking "is this acceptable by society?" What their survey does show is that wording of questions is extremely important, particularly with children. This survey is fairly useless, but there is now distortion on all sides.

    The NSPCC's Childline program seems to me to be helpful. They are focusing on providing information to children whose only source of sex education is internet pornography. They aren't trying to stop children viewing Internet porn. Rather they are saying to them that the images in porn don't represent typical bodies and real life sex. I have to agree that sex education in a society shouldn't be coming exclusively from the porn industry.

  • Apr 3rd, 2015 @ 5:11pm

    Re: Re: Re: Root cause

    according to Illinois Law:
    If the “Romeo and Juliet” exception applies, sexual abuse is a Class A misdemeanor, punishable by up to one year in jail, up to two years of probation, and a fine of up to $2,500.

    So, in this case the police did have the option to charge all the children with statutory rape. Child porn charges though, have more severe penalties for them.

  • Mar 27th, 2015 @ 2:53pm

    Re: Re: Re: Autoupdates are bad

    I use Secunia's PSI to indicate updates for a lot of common software. I keep a list of things that may need updating that are not covered by this.

  • Mar 27th, 2015 @ 1:32pm

    (untitled comment)

    Chemnitz? Ach bitte, es ist Karl Marx Stadt.

  • Mar 27th, 2015 @ 1:31pm

    Re: Autoupdates are bad

    Absolutely! The trouble is Microsoft encourages auto-update, particularly when it is a home computer and not managed by an IT department. The first thing I do with a new computer, or new software be it the OS, a browser, or random application program is to check for and disable any auto-updates. On the other hand, if auto-update didn't exist then there are a lot of folk who would never think to update and leave themselves vulnerable.

  • Mar 27th, 2015 @ 1:18pm


    This puts an interesting spin on the system of screening done by the TSA. I don't think anyone is truly afraid of Sara Jane Olson blowing up the plane she is on in a suicidal attack. There are Americans who don't believe in rehabilitation, or that she could tire of being a violent radical even after more than 30 years of being a mom and showing no inclination towards any sort of violence. They would have her placed on the no-fly list, at the very least, as a form of further punishment. It makes sense to me that because she is so well known, notorious in fact, she should be given pre-check approval rather than being subjugated to the bias of any particular TSA agent who recognizes her name. I know Tim is ranting about the general lack of common sense and inconsistency shown by the TSA, but I think this particular action did make sense.

  • Mar 26th, 2015 @ 1:05pm

    (untitled comment)

    So, evidence now points to the co-pilot intentionally crashing the plane. He did this when the pilot left the cockpit to use the bathroom. What was probably the only sane response to 9/11 was to reinforce the cockpit doors and keep them locked. Here, you have the cockpit door being used as an impenetrable barrier being used as part of the plan to crash a plane. What do we do now?

  • Mar 26th, 2015 @ 12:58pm


    I'll take this post seriously and point out the problems with that idea. Do you think TSA will let you take a parachute on board? What makes you think you can physically open a door while the plane is flying at full speed? Even if you could physically open the door, do you think others on the plane will act rationally and let you do it? What do you think will happen if you exit a plane going 600mph?

  • Mar 3rd, 2015 @ 7:17am

    (untitled comment)

    His argument makes no sense at all. Firstly, even if a wireless network is used to connect components on a self-driving car, it's going to be a LAN an not dependent upon any traffic in the Internet. It would be insane to design such a system otherwise. Even with high-bandwidth connections there are always occasional delays due to congestion and outages. There is absolutely no reason that I can see that makes the basic operation of a driverless-car, in particular, the crash avoidance sub-system, dependent upon traffic through the Internet. Perhaps, it gets information on traffic conditions and a 5 second delay makes it miss that last second decision to exit and you get stuck in traffic.
    Boo hoo, net neutrality made my driverless car 12 minutes later than I had to be. What am I going to do sitting here in traffic. Watch TV, call on the phone, text my friends, read a book, write a diatribe about how evil net neutrality is?

  • Feb 2nd, 2015 @ 2:44pm

    defense of duck and cover

    In case of nuclear holocaust, watch this video.

    I don't remember practicing the duck and cover drill, I am not THAT old. However, I think it made some sense at the time it was made (1951). Nuclear weapons were a lot more limited back then. No ICBMs, only airplanes could deliver them. They were a lot smaller than now. The hydrogen bomb had just been invented at that time. So, a 20 kiloton weapon could obliterate the center of a city but on the outskirts, or the suburbs, duck and cover would give you some protection. By the way, it is not sitting under a desk you must be on your knees, head down on the ground with hands around your neck and praying or kissing your ass goodbye, whichever fits in with your religion.
    The damage from radiation was not well understood at the time as well. It was not until the 60's that ICBMs meant attack with little warning and weapons in the megaton range. As the public learned more about radiation and the cold war escalated the number of weapons into the thousands on each side, that is when "duck and cover" became a joke. Around 1980 scientists learned of the potential for a nuclear winter when a threshold of only a 100 weapons were detonated. At that point, duck and cover was a sick joke from the past.

  • Feb 2nd, 2015 @ 1:48pm

    (untitled comment)

    I think that effort by the French deserves snark as it is equivalent to the US "see something, say something" paranoia program. It deserves better snark though. That loaf of bread that is pictured isn't even a baquette and the pictorial is only meant to represent diet in general. That sort of snark deserves snark itself.

  • Feb 2nd, 2015 @ 1:41pm

    Re: As a French-language illiterate I find myself translating according to the graphics:

    I see your humor, but as partially literate in French,I will offer this translation:

    -They are suspicious of old friends they now consider as unclean (impure).

    -They reject members of their family.

    -They abruptly change their dietary habits.

    -They quit school or vocational training because the education provided is part of the [anti-Islamic?] conspiracy. [not totally sure about the last part]

    -They stop listening to music because it distracts them from their mission.

    -They no longer watch television or movies because one can see forbidden images.

    -They stop doing sports where the sexes are mixed.

    -They change their style of fashion, especially for the girls who dress to conceal their bodies.

    -They frequent websites and social networks that are radical and extremist.

  • Feb 2nd, 2015 @ 12:18pm

    the psychology of Hayden

    I watched his talk and I think I understand him better since he seemed to be rather unguarded in his comments. First off, his world is organized into pre 9/11 and post 9/11 and, most interestingly, pre Snowden and post Snowden. His arrogance is telling and his condescension unreserved. He feels that it is his secret knowledge of the world's dangers that makes his decisions informed and correct and those who would disagree, uninformed and incorrect. He can't tell you the secret knowledge which motivates him and that knowledge will always have to stay secret. From my point of view it is his, and a lot of the intelligence community's, addiction to secrecy and culture of paranoia which leads him to readily sacrifice privacy to fight any threat, real or theoretical. They been immersed in this culture too long to see their own bias. I am shocked though that he felt, as director of the NSA, the right to unilaterally decide what "unreasonable" means in the 4th amendment. That is true arrogance!

  • Jan 29th, 2015 @ 6:52pm

    Re: Why did they want his picture?

    They wanted a picture to use in a photo lineup for investigation into a different crime. A mugshot would not do as that would be prejudicial. They wanted a posed shot similar to the others in the lineup.

  • Jan 29th, 2015 @ 4:37pm

    (untitled comment)

    A charge under California penal code, section 148 is commonly referred to as "resisting arrest", but it includes more than that:
    "Every person who willfully resists, delays, or obstructs any public officer, peace officer, or an emergency medical

    If you look at it as a charge of "obstructing a police officer", then it makes more sense.

    However, the truth of that charge depends upon whether she was representing her client at the time. The police are arguing that the posed photography and questioning are related to another criminal investigation and the Public Defender (PD) has not been appointed to represent their client in that context. If that new investigation is ongoing, then how can the police know it is unrelated to the current one? Does the PD have to accept the cop's word on the matter?

  • Jan 14th, 2015 @ 11:04am

    Re: Too many toys

    I am wondering if there was motivation to use the SWAT raid as a training exercise when they knew ahead of time that it was not needed.

More comments from aldestrawk >>