Wednesday, July 25, 2007

Got Alarm?

If you have an alarm system for your home or business, and it uses wireless analog to communicate with the dispatcher, you may want to contact your alarm vender soon.

AMPS (analog mobile phone system) has been around since the early 1980's. It forwards intrusion, fire or medical alerts to your monitoring company, who then dispatch an appropriate response. It may be the primary comm system for your alarm, or it could be the backup method - used if an intruder cuts the phone cable to your building.

There are over 26 million installations using AMPS in the US.

On Feb 18, 2008 AMPS will be cut off because our national phone providers think running the analog system is too expensive. They successfully lobbied the FCC to allow them to stop providing analog service.

There is a replacement system, based on modern digital systems. Most alarm systems should be upgradeable. But the timeline to get that upgrade is fairly short.

More info:
http://www.alarm.org/pressreleases/2007/pr072507_amps.htm

Tuesday, July 24, 2007

Note to self: it's the battery stupid!

Two weeks ago my Vulcan crapped out 320 miles from home on the return leg from a PGR mission in Utah. One moment I was cruising along at 75 mph, the next my engine went completely dead. No lights, no dash, no starter.

Yanked in the clutch and coasted to a stop on the shoulder.


Tried to start it again . . . no power. Nada. Wait for 20 minutes, turn the key, the dash lights up -- but when I press the starter a funny sound from deep inside goes "clunk" and everything dies. 45 seconds later the dash comes back to life all by itself. Repeat, rinse, same result.

Two bikers stopped to lend assistance. We mucked around with wires, connectors, checked the safety interlock switches (all three of them - clutch, stand and upright detector).

One of us had a small multimeter in the pack. Battery showed 12.8 volts - about optimal according to my manual. No shorts, no opens anywhere on the circuit.

End up waiting at a small town named Silt, CO for my partner to arrive with the trailer -- a 4.5 hour drive. We load it up and go home.

IN the garage I start tracing things out with my Fluke. Started at the alternator (thinking it had fried), checked the regulator/rectifiers, and ended up checking darn near every wire, cable, component, switch, relay and fuse on the system. Everything checked out.

Battery gets a fresh charge, try again - same symptom as above.

I finally decided to spring for a new battery . . . filled it up, charged it last night and . . . everything works! Charging circuit is fine, I am getting 12.8 volts on the new battery at rest, and it's charging fine at 14.1 volts @ 1800 rpm and up.

Funny thing, the old battery still shows 12.8 volts right now, but it's definitely gone bad. And on this Vulcan Classic Fi - it killed the bike even while running. Odd that.

Thursday, July 19, 2007

Firefox 2.0.0.5 released

Most Firefox users will see a prompt to auto-update sometime over the next few days, or you can get it now.

http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/

Among other fixes, this release patches the "Remote code execution by launching Firefox from Internet Explorer" bug that I wrote about last week.

Perhaps this is where I'm going wrong?



Dwell as near as possible
to the channel in which your life flows.


- Henry David Thoreau

Thursday, July 12, 2007

Adobe Flash Player critical vulnerabilities



For Mac, Windows and Linux users:

Adobe has announced the release of three critical patches for Flash Player, a plug-in used by your browser to display Flash content.

You can visit the Adobe Flash page to get updated. If you use more than one browser (IE, Firefox, Opera, Safari etc) you should repeat the process for each browser.

Details about the fixes at:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Patch or upgrade your browser at:
http://www.adobe.com/go/getflashplayer/

If you cannot upgrade to version 9.x (certain older systems), Adobe has also released these patches for version 7.x at:
http://kb.adobe.com/selfservice/viewContent.do?externalId=d9c2fe33&sliceId=1

"Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

Adobe categorizes this as a critical issue and recommends affected users upgrade to version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux)."





Also - a reminder that Microsoft released several critical patches for their operating systems and Office last Tuesday. You know what to do if you don't use auto-updates.

Wednesday, July 11, 2007

Cross-Browser Command Injection Vulnerability

How many Firefox users disable, remove or entirely stop using IE once they install Firefox?

A new vulnerability has been discovered that allows IE to call Firefox and pass parameters that could compromise a users system and allow a remote attacker to take complete control over your computer. As of this writing, there is no official fix from either Microsoft nor the Mozilla group. After an initial flurry of finger pointing, this looks to be the fault of BOTH organizations: IE for not validating calls to external URI's, and Firefox for using a registered handler method that is outdated and known to be insecure.

If you have Firefox installed, then you are probably safe if you only use Firefox and if you set Firefox to be your default browser. You can also de-register the handler that IE uses to call Firefox.

If you don't have Firefox installed, you are immune to this particular attack.



Standard warnings and disclaimers apply if you edit your registry manually! Do so at your own risk. If you are not comfortable with the process, then wait for an official patch and browse cautiously.

Find and backup (export), then delete the FirefoxURL "command" reg key and it's default value at:
[HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command]

The default value will look something like (depending on your Firefox install location):
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -url \"%1\" -requestPending"

Reboot . . .

Note that if you update Firefox this reg key may be re-written - which is fine if that update includes a future as-yet-to-be-released patch for this problem.

Details about the vulnerability may be found at:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
(Including a "safe" test to see if you are vulnerable - good to use after you implement the reg-key workaround above.)

http://secunia.com/advisories/25984/

http://news.com.com/8301-10784_3-9741435-7.html

Edit: Workaround no longer needed. Get patched instead with the new version of Firefox: http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/

Tuesday, July 10, 2007

Open Source cell phone arrives

Why I don't care about the iPhone . . .

A direct comparison between the iPhone and the OpenMoko Neo 1973.

Get one.

SDK and Developers Info.

(Links open in new tab or window)

This new device is first revision, and it's missing a few features, but the concept rocks. Look to the next version to fill in the missing pieces and enter the mass market.



Edit: Did I mention this is carrier agnostic? And Quad-Band?

Tuesday, July 3, 2007

You thought you were free . . .

The following is a slight rewrite of a small portion of the book "They Thought They Were Free, The Germans, 1933-45" by Milton Mayer.

My apologies to the original author and publisher for mangling Mr. Mayer's prose.



"What no one seemed to notice," said a colleague of mine, "was the ever widening gap, after 2007, between the government and the people. Just think how very wide this gap was to begin with, here in the United States. And it became always wider. You know, it doesn’t make people close to their government to be told that this is a people’s government, a true democracy, or to be enrolled in the National Guard, or even to vote.



"What happened here was the gradual habituation of the people, little by little, to being governed by surprise; to receiving decisions deliberated in secret; to believing that the situation was so complicated that the government had to act on information which the people could not understand, or so dangerous that, even if the people could not understand it, it could not be released because of national security. And their sense of identification with Bush and Cheney, their trust in them, made it easier to widen this gap and reassured those who would otherwise have worried about it.

"This separation of government from people, this widening of the gap, took place so gradually and so insensibly, each step disguised (perhaps not even intentionally) as a temporary emergency measure or associated with true patriotic allegiance or with real social purposes. And all the crises and reforms (real reforms, too) so occupied the people that they did not see the slow motion underneath, of the whole process of government growing remoter and remoter.

. . .

"But your friends are fewer now. Some have drifted off somewhere or submerged themselves in their work. You no longer see as many as you did at meetings or gatherings. Informal groups become smaller; attendance drops off in little organizations, and the organizations themselves wither. Now, in small gatherings of your oldest friends, you feel that you are talking to yourselves, that you are isolated from the reality of things. This weakens your confidence still further and serves as a further deterrent to — to what? It is clearer all the time that, if you are going to do anything, you must make an occasion to do it, and then you are obviously a troublemaker. So you wait, and you wait.

"But the one great shocking occasion, when tens or hundreds or thousands will join with you, never comes. That’s the difficulty. If the last and worst act of the whole regime had come immediately after the first and smallest, thousands, yes, millions would have been sufficiently shocked - if, let us say, the illegal suspension of presidential term limits in 2008 had come immediately after the Twin Towers attack in 2001. But of course this isn’t the way it happens. In between come all the hundreds of little steps, some of them imperceptible, each of them preparing you not to be shocked by the next. Step C is not so much worse than Step B, and, if you did not make a stand at Step B, why should you at Step C? And so on to Step D.

"And one day, too late, your principles, if you were ever sensible of them, all rush in upon you. The burden of self-deception has grown too heavy, and some minor incident, in my case my little boy, hardly more than a baby, saying ‘Muslim swine,’ collapses it all at once, and you see that everything, everything, has changed and changed completely under your nose. The world you live in — your nation, your people — is not the world you were born in at all. The forms are all there, all untouched, all reassuring, the houses, the shops, the jobs, the mealtimes, the visits, the concerts, the cinema, the holidays. But the spirit, which you never noticed because you made the lifelong mistake of identifying it with the forms, is changed. Now you live in a world of hate and fear, and the people who hate and fear do not even know it themselves; when everyone is transformed, no one is transformed. Now you live in a system which rules without responsibility even to God. The system itself could not have intended this in the beginning, but in order to sustain itself it was compelled to go all the way.

"You have gone almost all the way yourself. Life is a continuing process, a flow, not a succession of acts and events at all. It has flowed to a new level, carrying you with it, without any effort on your part. On this new level you live, you have been living more comfortably every day, with new morals, new principles. You have accepted things you would not have accepted five years ago, a year ago, things that your father could not have imagined.

"Suddenly it all comes down, all at once. You see what you are, what you have done, or, more accurately, what you haven’t done (for that was all that was required of most of us: that we do nothing). You remember those early meetings of your department in the university when, if one had stood, others would have stood, perhaps, but no one stood. A small matter, a matter of hiring this man or that, and you hired this one rather than that. You remember everything now, and your heart breaks. Too late.

"You are compromised beyond repair."