The Sony hack fiasco

*sigh*

I would say that I'm sorry for Sony, but I'm not. They've pulled so much crap over the years, things like their music CD's installing rootkits on people's computers to stop piracy, that they get no sympathy for me.

Most recently, they got hacked. The Play Station Network went down in flames. Sony Online Entertainment was taken offline. Something on the order of 200,000 user accounts were compromised, including a lot of credit cards. People almost immediately started getting strange phone calls from telemarketers who obviously had some of that credit card info.

Sony allegedly fixes their problems and starts bringing their networks back online. It's then discovered that one of their servers (or a server farm, I'm not sure) in Asia is a malware host. They're not allowed to bring up PSN in Japan because of security concerns. It comes out that the re-done and tightened PSN network account passwords can still be reset by using the email and birthdate, said information was compromised in the first round.

Here's the latest: ""As Sony struggles to restore the Playstation Network we receive news today of another breach, this time at Sony Ericsson in Canada. 'Sony Corp. spokesman Atsuo Omagari said Wednesday that names, email and encrypted passwords may have been stolen from the Sony Ericsson Canada website, but no credit card information was taken.' Another group managed to penetrate Sony Entertainment Japan yesterday as well. I almost feel bad for them."

http://it.slashdot.org/story/11/05/25/1337215/Sony-Suffers-Yet-More-Security-Breaches

That's it for me. There's no point in writing anything about Sony. They've become a laughingstock when it comes to network defense, and they're a major international corporation. They made little or no effort to keep their public-facing servers patched for known vulnerabilities even when they were made aware of such problems. They obviously rushed out patches to get the PSN network back online and blew it. It's understandable that they'd want to get it back online ASAP because they're losing a lot of money every minute that it's down, but as serious as this breach is, they owed it to their customers to get it right. And they didn't.

I know I'll continue to see movies made by Sony and maybe occasionally buy music from Sony. But I'm never going to use one of their services or buy any hardware from them again.

I'm also not going to write about their getting hacked again. It's just not worth it. If you use their monthly services and they have your credit card number(s) and you continue using their services, it's your lookout.

The secret P.A.T.R.I.O.T. Act

Sen. Ron Wyden (D-Oregon) says that there's what you think the Act says and allows the government to do, and then there's what the government thinks it says it can do.

Not good. Basically the government has it's own interpretation, and that interpretation is classified. Wyden and others are pressing the Attorney General to release the government's interpretation. We've had problems with the TSA/DHS claiming things are law, and when asked for citations, they say it's secret. For example, the no-fly list. Easy to get on, pretty much impossible to get off.

I can understand that the government needs secrets: troop deployments/movements, weapon specifications, stealth technology, etc. But secret laws should not be permissible in a democratic republic.

http://www.wired.com/dangerroom/2011/05/secret-patriot-act/

Doctors and dentists trying to get patients to sign "mutual privacy agreements"

Basically it's an agreement that you won't write anything on Yelp or other review sites. An Ars Technica writer went to a dentist for some standard work, he found this particular doctor via Yelp. When he went in and started signing paperwork, he noticed one that would "transfer ownership of any public commentary I might write in the future to Dr. Cirka". He got into a discussion with the office manager who wouldn't let him talk to the doctor and ultimately he was shown the door.

Doctors are getting these forms from a company called Medical Template. According to the document, if you sign it, the doctor won't use a loophole in the HIPAA agreement that allegedly allows them to sell certain information to medical marketers. However, that particular loophole was closed, so the agreement actually offers nothing for the patient. It's arguable whether or not you can sign away your right to free speech and to complain about services received, so the document is on questionable grounds to start with. Plus, if someone doesn't go to the doctor and still posts negative reviews on review sites, the agreement can't do anything to prevent that because they never signed it in the first place.

Pretty stupid idea if you ask me.

Still, I wouldn't sign one and wouldn't use a doctor that required me to sign it as a condition of treatment (bringing into the question the point about signing under duress). I fired two doctors in Las Cruces over my treatment and though I haven't complained about them on Yelp or other such sites, I have considered it and may yet.

http://arstechnica.com/tech-policy/news/2011/05/all-your-reviews-are-belong-to-us-medical-justice-vs-patient-free-speech.ars

A non-contact fingerprint scanner that can read your prints from 6' away

Relatively speaking, it's a pretty simple device. It contains two cameras and emits polarized light, one camera picks up the vertically polarized light, the other horizontal. A computer merges them and produces almost a perfect print.

In less than a second.

http://www.technologyreview.com/printer_friendly_article.aspx?id=27052

Also in the article: Carnegie-Melon Labs is being funded to develop an iris scanner that can identify an iris at EIGHTEEN METERS.

How soon until it's a crime to wear gloves and polarized glasses or contacts?

*sigh* Just sent my iPod off to get it repaired

Well, I did it Friday, but I missed the outgoing truck, so it went out Saturday.

Stupid headphone jack needed replacing. It was rather odd in that it played well with my Toyota, but not with my wife's Subaru. I paid to have it expressed back, so I should have it before we head up to Colorado in 3 weeks.

It's an iPod Touch, only a little 8 gig. But it's an insanely useful device as I use it as a PDA+. I started using Palm Pilots probably 15+ years ago with a Palm III given to me by my best friend who had no interest in it. It was crazy love at first pen stroke. It became my alarm clock, address book, note pad, ebook reader, etc. I went from the III to a Vx, wore out the Vx and got a second, when that one died I bought a TX which was an utter piece of garbage. Replaced that with a Z22 (IIRC) and when that started flaking I bought a Dell WinCE PDA. Another utter piece of garbage.

Just over two years ago I heard about the applications available for the iPod Touch.

I can't say it's a perfect PDA, but it is pretty darn good. I have some specific gripes with their calendar program and the rather inflexible repeat date arrangement, plus you can't snooze alarms. I love it as an ebook reader, and recently found a notepad program that actually encrypts your entries, so now I feel better about having private information stored on it.

And now I'm without it for a week or so.

The thing is, it's a half hour drive to town or the observatory with pretty much no radio coverage, not that I'm too keen on local radio. It then occurred to me that my car stereo can play MP3 CD's....

I grabbed a box of CD-RW's at Walmart and started burning yesterday. I burned a couple of playlists that I tend to frequent, and learned that you can make playlists of podcasts in iTunes! Definite bonus, as I listen to lots of podcasts. So I make a podcast CD. And then I think about the 2,000 mile trip we're taking to Colorado, back to Santa Fe, over/down to Phoenix, then back to Cloudcroft. And I think about all those Onion podcasts sitting around...

So I make an Onion podcast playlist and copy all the unplayed podcasts into it. I plug in 8 months of podcasts, a total of 126 recordings for 3 hours taking 750 meg. Then I look at my podcast playlist: 14 podcasts, 6.5 hours, 200 meg. Huh. There must be something in the MP3 lossy compression that favors longer run times as a percentage of file compression. The Onion podcasts are between 30 seconds and 4 minutes whereas the other podcast playlist has two at 5 minutes and the rest between 15 and 60 minutes. I've always wanted to look in to how MP3 compression works, maybe one of these days I will.

One very important thing to remember when burning playlists to CD is to watch the sorting of the list before you click Burn. For podcasts, I prefer sorted by date so that I get them in pretty much the order that I downloaded them in. For music, I generally go alphabetical by song title so that I don't usually get the same artist back to back. And when doing this, make sure you use CD-RW so that they can be erased and re-recorded as you decide to make changes or add/remove podcasts.