Heading back to college tomorrow.  Updates will be a little more sparse for a time but will pick back up again soon.

I’m currently working on a few projects, including Arduino stuff.  I’ll keep you all posted for further information

Some of you probably read about the vulnerability in Vista that doesn’t just take advantage of any new exploit but rather Vista’s fundamental architecture all together.

Well the way this systematic attack is approached is via an arbitrary browser exploit.  But what if browser exploits were cut off from the main machine?

Meet ZoneAlarm’s new security tool that’s been a bit long in coming in my opinion.  It’s called ForceField (and with good reason).

What the product does is put your browser inside of a virtual environment that’s totally cut off from the underlying OS.  It also cuts off the OS from the browser (helping negate the effects of keystroke loggers and such).

Now earlier they were giving away free CD keys for ForceField and I registered for a copy (1 year subscription).  It doesn’t have Vista 64-bit support unfortunately but it is on my laptop (32-bit Windows XP) and I’d say that it runs rather well.  My laptop is a machine that’s gaining a little age (although it’s far from old) and typically has some trouble running Firefox 3.0 with all my normal extensions.  However even running virtually, it still runs rather fast (negligible performance decreases).

So aside from negating this proposed attack, it can also protect against a wide variety of other problems, and it’s existence (albeit probably inevitable) is certainly welcome.  It will certainly be nice to be even less concerned about visited websites leaving cookies, ads containing exploits, and the like.

Well apparently the new e-passports that were supposedly so good have already been hacked, furthermore with minimal equipment and within an hour.

Kind of ignorant to think about something as simple as that as secure.

The Public Key Directory sounds like a decent way to make it more secure.

Personally my idea is that every e-passport needs more hardware.  Hardware that stores data, preferably in a rotating array like RSA SecurIDs, and would better yet have another mechanism which would never transmit the internal rotating IDs but rather would transmit a hashed ID, which would furthermore be salted with an ID that is unique to the scanning station, so every single scanning station would have a unique salt ID, or better yet a group of salt IDs that change depending on several factors, that would be added to the internal ID upon hashing and would produce the more secure resultant ID.

With how cheap FlashROM is now, it’d be great if they had an updatable internal mechanism for rotating keys for your personal ID (such as updating internal IDs whenever you renew your passport), as well as keeping an internal database of the salt IDs for all the stations so the salt ID wouldn’t have to be transmitted anywhere near as often, thus reducing risk of an attack on the hashing algorithm.

Also, since all of this hardware is going into these things, might as well build in an authentication mechanism so the e-passport doesn’t arbitrarily send out IDs where a differential attack may be observed, similar to how WEP was cracked.

But like I said, this would require a lot more hardware.  However, RFIDs are not really a good idea for important information.  Security, especially like this, needs to be taken seriously in this day and age and even if it’s not "cost effective", then don’t bother giving out a far less secure system that can endanger the privacy and identities of people.

Hackers, despite what you may have heard, have ethics, but apparently a couple of giddy Frenchies though they would be "1337" and sniff a few packets on a line designated as secure at hacker convention Black Hat 2008.  Turns out monitoring traffic when parties involved are not informed is a felony.  What a surprise.  Furthermore surprising is that FBI agents attend Black Hat (I’m being sarcastic, it’s not surprising).

Lest we all forget the NBC "shock" reporter…

Explanation:
Reporters are welcomed at hacker conventions like Black Hat and Defcon, but they are also required to declare themselves as reporters and wear a press badge.  This woman was hiding a camera in her purse and recording the events.  Unsurprisingly she was caught very early in the con.  She was attempting to do a shock piece for NBC Dateline on hackers and federal agents.  Unfortunately, aside from the usual fun of "spot the fed" (where the people try and point out who they think are federal agents in good fun but no real seriousness), this woman would have revealed the identities of many agents and otherwise.  Hence it’s a big deal.

Ok so Adaptive Path’s Aurora concept is very cool

But even so with this cool concept, I can’t help but keep thinking back to Windows Live Search for Windows Mobile.  Windows Mobile is a platform people have really been neglecting and it’s really a highly advanced, and easy to use, mobile OS, which I happen to greatly prefer to the iPhone OS.  More after the break.

Read more

So just 3 more days until the LHC goes online this Thursday (the initial beams get injected on Thursday, the first collisions aren’t scheduled but for another 2-3 months or so).  Currently the whole thing is being frozen to 1.9 Kelvins using liquid Argon.  Can you say really cold?

Anyways the idea is that they’ll be able to recreate the big bang, but (hopefully) on a much smaller scale.  The internet is having a field day because the thing is so powerful it can create micro-black holes as well as other space-time anomalies, and the natural assumption is that we’re all going to die.  This suspicion of impending doom is further exaggerated by CERN (the orchestrating body) publishing reports stating that they "beyond reasonable doubt, heavy-ion experiments at RHIC will not endanger our planet"[src] (Murphy’s Law….) as well as the facility looking like the Black Mesa Research Facility from Half-Life.  More after the break.

Read more

I was on Google Maps earlier and you now have two options for making a trip, by car (the default, the way we’ve always known Google Maps) and now via walking.

Gas in Oklahoma is going down thankfully, but it’s still over $3/gallon, and is gas really that high now that we have to force people to start walking?

Nanci Pelosi and other liberals need to realize that this gas problem can’t be solved by trying to force new technologies that don’t exist yet down people’s throats.  For example, hydrogen?  Yeah it’s refined from methane and currently emits more pollution in the refining process than do petroleum powered vehicles across the board.  Hybrids?  Sure great idea but expensive and the batteries are having issues both on public health/safety and environment empact from what I hear.  Ethanol, sure another great idea, but currently refined from corn and driving prices of corn sky high.  More after the break

Read more

So I was at the pumps today filling up and I noticed the State of Oklahoma Standards testing and noticed a few things interesting.  Just a thought but you can maximize your return by going for the pumps with the closest measurement to being accurate.  Oklahoma has a legal tolerance of +/- 6 cubic inches and I noticed regular was -2, mid-grade was 0′d, and Premium was +2.  Check the pumps next time to get a true maximum return.

Also, I always put in premium once every 5 fill-ups or so to help with engine gunking and carbon buildup.  Your ECU typically will compensate for the higher octane of fuel but most premium gasolines come with cleaners in them to help remove gunk(I use Shell V-power usually) and I seem to get better gas milage on higher octane fuels as well.

Finally, I don’t let my car go bellow 1/4 tank(I did this week but I try not to).  Reason being is the fuel pump.  Think gas is high, how about a $1000 fuel pump replacement job?  Fueling more often doesn’t hurt your gas economy much to the best of my knowledge and it can save you that fuel pump damage due to overheating and burnout.

A lot of people ask me why I stick with Logitech gear when I could be getting Razer and other gaming branded stuff.  Why?  This is why.  I remember having that exact same keyboard and mouse(STILL have them in fact, the MX500 mouse currently serves my laptop) before I stepped up to the Logitech MX5000 combo.

Why do I keep on using Logitech gear?  Because it’s solid, it works, and it’s comfortable.  I mean solid too.  I can recount countless times where I’ve ended a game bashing on my keyboard, both my old and new keyboards have held together like you wouldn’t believe(even though Xbox 360 controllers aren’t up to the task).

They’re always comfortable to me.  I can spend hours on these things without much problem at all.

And best yet, it works.  Ok so the MX5000’s bluetooth stack has a few issues but it’s really pretty rare for me and it’s not much of a problem.

So go ahead and spent that extra money on "gaming" hardware.  Logitech is still going strong and I love their gear.

Don’t like it?  Well…

Everyone should know about the recent investigations against Intel.  Personally, I use Intel processor(I also have a few AMD processors) and I like how Intel has really been spending some money to push in some fresh new blood into the desktop x86 market.  I also like seeing them push some extra competition into the mobile products market(them and nVidia), but has anyone ever ventured to go beyond the major computer players such as Intel and Microsoft and investigate someone who is blatantly conspiring against consumers?

I’m talking about the RIAA and MPAA and the entertainment corporations behind them.  They’re blatantly conspiring together, and they’re definitely out to get "pirates" and they don’t care who or what they step on.

Now maybe they really are loosing a lot of profits.  My sentiments are really, too bad.  I’m not going to pirate music personally but that’s not going to stop several hundred million others.  But really, if they’d get off of their high wagon and do something innovative and fresh, maybe they’d make more profits.

Lets take the consumer laptop/desktop market.  This is obviously a market with razor sharp margins on products.  Yet people like HP(I’m a big HP fan, sorry if you’re not, but I have my reasons) are pumping out some seriously cool stuff(you didn’t think I’d forget the Blackbird would you?).  And they also seem to be making plenty of money in the consumer market.

Remember my previous post on the future of profits for Hollywood?  Well that’s what other companies seem to be well doing.

But back to anti-trust.  Isn’t one inclined to think that these companies need a good dose of reality and need to have some consumer rights forced down their throat(since they’re obviously not interested in doing it themselves)?

Up to you, but as for me, I’m off of their "products" until they see the light, or maybe they never will and I’ll be stuck in the indie world forever(fine by me really).