X-Geek

Extreme geekiness

There are 701 posts filed in X-Geek (this is page 30 of 71).

Following up on Romney hacking with an expert


I saw that the Mother Jones reporter consulted security expert Bill Pennington on the Romney Facebook hacking. Like any good digital sleuth, I hunted down Pennington’s email address to see what he thought about the situation. Pennington works at White Hat Security as the Chief Strategy Officer.

This afternoon I sent him the following email:

Hi Bill,

I’m Mark Turner, a guy who was contacted by Mother Jones about the Mitt Romney Facebook hacking thing.

I wanted to be clear about my experience: I’ve worked in IT and network security for 20 years. I’m a sysadmin who maintains security on my corporate network. I’m the guy who keeps the others in the office from clicking on things they shouldn’t.

I use Privoxy ad-blocking software on my Linux desktops. I do not click on ads, ever. And I rarely if ever use Facebook’s mobile app because it sucks ass. Yet, somehow I became a fan of Mitt Romney without my knowledge.

Facebook’s Activity Log shows every one of the 400+ likes I’ve clicked on during the life of my Facebook account. It does NOT show me ever liking Mitt Romney. That’s the only Like that doesn’t show up. Even if I screwed up and clicked on something by mistake, I would expect there to be a record of it.

But there isn’t. That’s why I think something hacked my account from the inside.
Continue reading

Groups Call for Scientists to Engage the Body Politic – NYTimes.com

Great article in the NY Times about an effort to get more geeks in Congress.

Ahem.

In American public life, researchers are largely absent. Trained to stick to the purity of the laboratory, they tend to avoid the sometimes irrational hurly-burly of politics.

For example, according to the Congressional Research Service, the technically trained among the 435 members of the House include one physicist, 22 people with medical training (including 2 psychologists and a veterinarian), a chemist, a microbiologist and 6 engineers.

via Groups Call for Scientists to Engage the Body Politic – NYTimes.com.

Virtual treadmill run with Google Maps

I’ve started running again after going a long time avoiding it in favor of biking. Turns out I enjoy it more than I thought I did, though it’s certainly a lot more fun running with someone else.

For those times when I can’t run with someone else (for instance, when I’m stuck at home with the kids) it would be nice to jazz up the usually-dull running on the treadmill. Running while staring at a wall is pretty boring, you know.

Then I remembered how cool I’ve always thought it would be to build my own flight simulator. Why not apply this concept to the treadmill? What if I could connect a mouse or other control to my treadmill and use it to drive a moving Google Maps image on a screen in front of me?
Continue reading

Stolen Toyota Highlanders

One couple in Oakwood awoke this morning to find their 2012 Toyota Highlander had been stolen. The owners had both sets of keys so they were mystified as to how this happened. Fortunately for them, their vehicle was recovered this morning, a few miles away. The police said the engine was still hot so they might have just missed the thief.

It seems Toyota Highlanders are popular targets for car thieves. A half-dozen disappeared from one Montreal neighborhood one night in 2009, prompting authorities to wonder if Toyota’s keyless security system had been compromised:

Authorities say they are still trying to determine if an organized crime ring is behind the thefts. They are also trying to determine if the thieves used “proximity keys” to steal electric codes from lock systems — a new technology available on the Toyota Highlander.

The key can capture lock, entry and start codes by monitoring the radio waves given off when the owner approaches the vehicle to leave home.

“They didn’t get the keys,” said Michael Dougherty, a Leaside resident who had his car stolen Wednesday. “Police said apparently thieves can use a laptop computer to disable the chip in the key and the entrance (lock) somehow.”

Another possibility is that the cars are being stolen through social engineering, Thieves could be taking the target vehicle’s VIN to a Toyota dealer and convincing them to make a duplicate key. If so, that should leave a paper trail and possibly a shot of the thief on the dealer’s surveillance cameras:

One explanation for the rash of thefts is that criminals have been able to get their hands on duplicate keys, said Dubin.

In the past, crooks have been able to convince dealerships they are owners who have lost theirs. Another explanation, he said, is that the Highlanders were simply towed away, which has also been a problem.

Having six Highlanders in one neighborhood stolen in one night seems to point to a vulnerability in the keyless system, rather than stealing them with duplicate keys. It’s unlikely a thief would reappear six times at a dealer to get duplicate keys made.

At any rate, if I had a Toyota Highlander I would be sleeping with one eye open!

Using Prey for laptop tracking: smart or foolish?

This N&O article yesterday got my attention. One of my neighbors installed the open-source Prey tracking software, after which his new MacBook Air laptop was stolen. He used the software to successfully recover his laptop:

While still on his honeymoon, Moss got an e-mail from his landlord. It appeared that his house had been burglarized.

That’s when he took matters into his own hands and tracked down his stolen laptop, using his iPad from his hotel on the small island of Aruba.

Prey software, available in both Mac or PC versions, is a web service that’s free for the first three items a user registers.

The software can detect the wireless network closest to the registered device, even if the user is not signed onto that network. Prey also uses webcam technology, if available, to capture images of the device’s location.

I use open-source software every day so I thought I would look into Prey. It seemed like cheap (free!) peace of mind. Then I read one person’s quick security audit of Prey, after which he began steering people away from it:

Prey is able to parse config files over the web and it blindly accepts them with no authentication whatsoever. This means if an attacker used trivial ARP spoofing attacks on a network, a coffee-shop’s wireless for example, s/he could replace your config file with their own. Worse, what is in your config file gets eval’ed by bash with full root privileges. Simply, this means the attacker can run any code s/he wants to. Your hard drive could be deleted, or a reverse SSH session could be set up giving the attacker a command prompt as root.

Granted, his post is over a year old but it does give me pause. I’ve downloaded a copy of Prey myself and will be looking into it myself this weekend. While I’d like to be able to track my laptop if it’s ever stolen, I don’t want my laptop exposed to a giant security hole for 99.99999999% of the rest of the time.

via Raleigh man uses GPS tracker to locate man who stole his laptop – Crime/Safety – NewsObserver.com.

Raleigh Union Station

Raleigh’s Union Station, circa 1940s. Photo by John F. Gilbert.


This morning, federal, state, and local officials gathered in the Dillon Supply Viaduct building to announce that Raleigh’s proposed new Union Station is now fully-funded. The chance of Raleigh getting a new train station anytime this decade looked remote until Raleigh won a $21 million federal grant. The Feds are kicking in $15 million of stimulus money and the state is kicking in an additional $6 million. Raleigh is funding $3 million from its earlier transportation bond and Triangle Transit is contributing the $1.3 million property.

Above is a circa 1940s photo of Raleigh’s former Union Station, which still stands at the corner of Dawson and Martin streets facing Nash Square. Raleigh’s station was an “end-station” with stub-end tracks, meaning trains stopping at Raleigh had to back either in or out of the station.

Backing up trains takes a lot of time, so when the Seaboard station and Southern station (both through-stations) opened up it spelled the doom of Union Station. Now the building houses offices. I believe the station’s tracks are still embedded beneath the surrounding roads.

MiniVAN and canvassing

I did a little canvassing today on behalf of Obama. When I was handed the usual walk lists for the work, I remarked that the campaign has a smartphone app for this kind of thing, called MiniVAN. In a few minutes, the canvassers had downloaded their walk lists to their phones and were ready to canvass. I was amazed at how much more efficient this app made canvassing.
Continue reading

Apple Worked A Broken Patent System – InformationWeek

Our patent system is definitely broken. This is worth a read.

Samsung too closely copied some elements of the Apple iPhone, and for that it should be hung up in the public square. But Samsung should be hung by its thumbs, at worst, not its neck.

Copying in some measure is all around us. It is continuously present in many parts of a free enterprise system and in some ways is a yardstick to the health of that system. I often see small, muscular-looking cars with lines similar to the BMW 300 series, but they have Swedish or Japanese nameplates on them. Watching what sells is a basic premise of anyone engaged in a competitive race. Matching a competitor under your own brand is a time-honored practice.

via Apple Worked A Broken Patent System – Mobility – Smartphones – Informationweek.

Update Google services from the command line

I hate using browser-based file uploaders because inevitably they’re not compatible with my Ubuntu Firefox browser. Plus there’s all that unnecessary clicking.

A few months ago I found the GoogleCL package, a script which can update nearly any Google service such as Google Plus, Picasa, Google Calendar, Google Contacts, and many others.

Rather than manipulate a large album of pics through some horrid web UI, I simply use this command and the album gets created the way I want it, the first time!

google picasa create –summary “The City of Raleigh held a stream monitoring workshop to train citizen-scientists to monitor city streams” “City of Raleigh Stream Monitoring Workshop” –date 2012-08-25 *.jpg

Now that’s what I’m talking about.

Little Raleigh Radio attracts a crowd

Little Raleigh Radio

Last night a volunteer open house was held at Kings Barcade for Little Raleigh Radio. It seems the publicity the station got from the recent write-up in the News and Observer drew a crowd of over 75 potential volunteers, ranging from radio newbies to grizzled radio veterans.

It was inspiring to see all the support. I could hardly sleep afterward, I was buzzing from all the energy!
Continue reading