AlexCrowley

TV's got them images, TV's got them all, nothing's shocking.

Thanks walt, that makes some sense. For bonus points: WTF is wrong with the people in the Gear forum? I feel like I walked into the twilight zone in there. TV's got them images, TV's got them all, nothing's shocking.

I'm sorry, did I wake up on a completely different f***** planet today!?!?! I wasnt saying they should, I used cars and rigs as an example earlier. A bunch of people missed the point and started discussing the legality of changing cars and rigs. TV's got them images, TV's got them all, nothing's shocking.

It depends, personally I'd want it targetted to as few people as possible - thats assuming I'd want to meddle with the hardware (which I DONT, for those of you incapable of keeping score) far less likely to be detected in the short term. Compromising the primary download is usually discovered very quickly if previous intrusions show anything. TV's got them images, TV's got them all, nothing's shocking.

It was a tit for tat response that you invited. I'm beginning to realize that you're not capable of discussing this. My comment wasnt an insult, it was a simple statement: you found the entire thing "ridiculous" and I pointed out why that was. I'm sorry if you felt I was being derogatory by making an assumption that you dont work in the same industry based on your reaction. I've also realized that this isnt the place to discuss this sort of stuff, which is a greater shame in my opinion, considering how many technical people frequent this forum and what a free flow of information might have resulted in. TV's got them images, TV's got them all, nothing's shocking.

I think it's safe to say we all agree to differ on the nature of god, religion and politics. But I also believe that there are some universal truths and universal mysteries that help us all, from all times and all pleces, come together in a spirit of understanding. That there are certain fundamental mysteries that help bring us closer together. Zen Buddhists use the koan, a small mental riddle to contemplate. My own personal koan for today, that I'd like to share with you all is: What exactly does Flava Flav DO in Public Enemy? He's not a rapper or an MC, he's just this little bouncy guy wearing a clock and saying 'Yeeeeeeeeeeeeah' a great deal. Vh-1 lists him as an 'ACTOR'. Truly, you have the power to either create harmony in answering this riddle or creating a divisive argument that could overwhelm even the 'Im a Christian and not very bright proud of it' topic. TV's got them images, TV's got them all, nothing's shocking.

" Hmm, not very well informed on the workings of the Neptune and some misplaced allegations w.r.t Alti-2 IMO. " Absolutely, I've done nothing more than read the available documentation at this point. Perhaps you'd like to provide the information which you're obviously in possession of so we can discuss this as equals? "Yeah right, ask any car manufacturer for the protocol to mess with the engine management system..." So now you're saying that Alti-2 should adopt the attitude of General Motors? Yeah, as mentioned, there's major pressure on them to release that information to third party mechanics as it puts them out of work. The manufacturer is also encrypting the system which makes attempting to circumvent it illegal under the DMCA act. Talking about TSO's misses the point. You obviously think you're equipped to discuss this topic so why even argue from a point of view you know is irrelevent to the original point: that of ownership rights. I can understand the non-technical people using this example incorrectly, but please! The same with cars, people build kit cars themselves and do their own restoration - often outside of the original standards. It is clear that you completely misread or misunderstood my original examples, so lets simplify them: If you buy a electronic mouse trap and take it home you have the right to modify that mouse trap to make it work better (or worse). Was that simple enough for you? "And business reasons aren't valid reasons?" OF course they are, but Alti-2 never claimed business reasons. They stated outright that they can't release the protocol because it would allow the user to change the hardware. My god, I develop commercial applications! At least I have the balls to say 'no, Im not opening this up because it's MINE!' not some weak excuses that simply raise more questions. Did you actually read the original post I made or are you channelling my dead self from the future and I'm misquoting myself in the past? "This is a serious allegation to make where you suggest Alti-2 makes an unsafe product. " No, I said they made an INSECURE PRODUCT. Try paying attention, it'll be less frustrating for us both. "Well, just write a script that exports the data from Paralog to awk or whatever you fancy." No. You're once again missing the point. "BTW you don't regard it questionable to decompile and reuses someone elses intellectual property? " Hmmm no. It's done on a daily basis by companies all over the United States. It was bought up as a half serious remark in the interests of education. Reverse engineering for compatibility is legal and standard operating procedure. Taking paralog, rewriting it and rebranding it and reselling it - yeah, that's pretty unethical. Decompiling it, learning what I can from it and then writing my own application I have no issue with. Decompiling it, learning what I can from it, writing a specs document and giving it to a coder friend and then selling the finished product I dont find unethical either. "That is not what I read: it says that if you were using your own protocol, you could inadvertently change some settings which could have safety implications. " You're reading it wrong then. What THEY said was: "Neptune not only has the capability of downloading jump data, it is also an upgradeable device. In other words, it is possible to write new data to Neptune. On one hand this is a great feature which allows users to always have the latest version of code. On the other hand, Neptune code and/or user settings can be corrupted if misused, potentially creating a dangerous situation. For this reason the communication protocol is proprietary. " - paraphrased: Since our protocol allows you to change things within the neptune programming we cannot allow the end user to have information about it. (this is called 'security via obscurity' and NEVER works, ask Microsoft and numerous other commercial closed systems vendors). "Trivial? Probably. Just go ahead... I think you imagination has run a little wild here. The Neptune isn't wide open. You can't just go around zapping it. You'd need some physical intervention to update the settings and updating the firmware needs some more work. Tamperproof enough for me. " And no one will ever need more than 64k of RAM. Please explain to me why it's not wide open in detail, I'd love to hear it. I'm only basing what I said on Alti-2's own documentation. Sorry if you know more than I do. The fundamental flaw is the ability to upgrade the unit without the unit providing an integrity check or validation function (and as the owner of a neptune that died during a flash upgrade I know this to be true) leaves the unit open to abuse - albeit a small window. From what I can see crashing the unit requires initiating a data connection, getting through the handshake and then hitting it up with some invalid data. I remember seeing some guy getting attacked for talking about ways to sabotage rigs with exactly the same type of illmannered vehemence. Just because you think it unlikely doesnt mean it can't be done. Cracking hardware and software is as easy as cracking businesses. Just because you have issues comprehending why or how doesnt mean others have similar issues. " There is always the possibility that someone would take the trouble to place a doctored firmware on the Alti-2 server. " Ok, so you can imagine someone hacking the webserver but not the device itself? ok..... "Reverse engineer to your heart's content, but I fail to understand why you expect Alti-2 to make the comms API public" As you continue to miss the point in a way that leads me to believe that you're either misreading what I wrote, somewhat incompetant or completely out of your depth in this discussion - my statement contained no expectation, only an amicable solution that might be acceptable in a perfect world. Please feel free to PM me with any further "analysis" of my statements. You may also want to review this for next time. To those engineers, programmers, hackers and geeks that have contributed to the discussion and understood my intent, thank you. TV's got them images, TV's got them all, nothing's shocking.

Nice insult about my work, thanks. Look, I open a post with "because I looked into this myself, and Im bored and want to rant a little." It's not my fault that my post went over most peoples' heads. I'm sorry that you dont get it. I'm sorry that theoretical security exploits seem outlandish and silly to most of you. Feel free to not respond to my post, there are enough people who DID understand my intent and what I was talking about, your responses clearly indicate that you didnt. Rightly or wrongly people place trust in their equipment. Any weakness in that equipment should be discussed openly, and passionately. Hell there's 260+ posts in a discussion with many of them from people who thought that a cypres would magically know if a person was swooping or in freefall and want the company to admit that they screwed up. My mistake was not realizing that those outside of the technology mindset would misunderstand the content and context of my post and go on the defensive. TV's got them images, TV's got them all, nothing's shocking.

Wow, the only problem there is dividing time between jumping and hacking the hell out of that thing. Of course, some of us l33t h4ck3rs already pwn3d Alti-2's test servers. TV's got them images, TV's got them all, nothing's shocking.

Good idea but like I said, I really dont like Paralog. With the exception of the communication protocol there's no true overlap. TV's got them images, TV's got them all, nothing's shocking.

I already answered that point....... Sounds like a pretty easy get out of jail card to me. "But officer, I was just ASSUMING that the person in the chat room was a 30 year old supermodel posing as a minor. Despite the written record of where she said - "I am a minor"". That's even more nuts. Not written. Computers do not provide a concrete reality in the same way that writing letters to each other would. Computer data as evidence is still in it's infancy. As I mentioned earlier in the thread, there are good and bad to the situation. Back in the IRC days we'd reverse lookup who we were talking to and find their homepage, telephone number, mailing address - an easy case of mistaken identity. Since I'm already getting heat in one forum for suggesting various ways to exploit a system so I wont go on about it here. But simply: computers are fallible. Never used instant messenger and the other person has switched with a friend/sibling/parent in midconversation? Find a couple of friends and experiment with how it feels to mentally shift gears as you realize the screen name you were interacting with is no longer the same person. TV's got them images, TV's got them all, nothing's shocking.

Thanks for putting that in more patient and clear terms than I could. Its like building your own car from scratch. It'll cost more, it may not be as tidy or efficient as buying one from the lot, but it'll look like you want it to and do what you want it to. And getting to that point is most of the fun. Hacking isnt what we do, its who we are. It's the same reason I wipe the firmware on my wireless router and install some hotrodded custom software, or buy a toy car for my daughter and decide that it could work better if I just tweak this over here...... or take a cuecat barcode reader and modify a script to grab the barcode on my DVDs and catalog them via the IMDB. It's just what seems like fun, that we are able to get people to pay us during daylight hours to have fun is simply luck - I'd be doing what I do anyway. TV's got them images, TV's got them all, nothing's shocking.

It's tough. Worldwide the trend is similar. The majority of teens lose their virginity 15.5 - 16.5, the spike starts at around 14 and normalizes at 17.5. Thats seen in most countries, regardless of consent laws. It would seem logically to dictate that the age of consent is whenever the person feels ready, if they're already ignoring the laws of their respective society. I think it more important that protections are in place to stop predators (the 'position of authority' law and one that limits the age gap between partners until a certain age). This needs to go hand in hand with sex and social education issues in certain areas. In a country like the US the intolerance around sexual issues breeds a culture of abuse in both subtle and more typical ways. In most of Europe attitudes towards sex are more relaxed and open, without leading to the fall of western civilation or any measurable negative impacts. Perhaps the reverse is true. Alcohol abuse in the UK and US - two countries that prohibit drinking til 18 and 21 respectively - also have the problem of teen binge drinking, something you dont see in Europe with more relaxed drinking laws. Is it any wonder that the US spawned girls gone wild? Or that flickr is really popular? ;) TV's got them images, TV's got them all, nothing's shocking.

I often hope so, or there's no point in remaining a member of a community

Who's bitching? This is me generating self motivation? TV's got them images, TV's got them all, nothing's shocking.

I'm sorry you found it plain ridiculous, which is why I get paid to think about security and I'm assuming that you dont. "why would anyone do that?" Maybe it's easy for you to screw up the rig itself - which would seem to be far more likely to be caught in a thorough inspection than tampering with a device that most people take for granted. It's easier for me to write stuff that breaks things - although I was simply using that as a single example, I think messing with the alarms would be fun too. For more fun examples of plain ridiculousness you might want to check out www.securityfocus.com. Since you bring up security: Why is a 200+ posts about cypres misfires during a swoop acceptable - something that will only effect a very very small minority of skydivers, vs discussing the lack of security on another device which we entrust our lives with? Discussing ROI and cost of client software is missing my original point. TV's got them images, TV's got them all, nothing's shocking.

Right, so you're agreeing with me :) I'd also say that working near Silicon Valley is going to give you a slightly distorted perception of the average skydiver (not that Im any more able to give a clear an accurate picture but there's not many geeks at my last DZ and we're a minority at my current one). I'm also well aware it's a community, improving products is why I'm passionate about it. To me a vendor saying 'hands off' goes against the concept of open community involvement. If they can't afford software like they stated then open it up to the guys in CA and the rest of the geeks. Computer tech in skydiving is in it's infancy in real terms, it could learn from watching the development of home technology in other sectors, like watching the growth of the home computers in the 80s where the core technology community provided the motivation and innovation that led to mass adoption. Do the USPA release the demographic info they have? it would be interesting to see how many geeks are skydivers. When I have a few spare minutes I'll throw together that log book app. TV's got them images, TV's got them all, nothing's shocking.

yes. See the Samba project under linux, GAIM, and a multitude of open source projects that interoperate with commercial software packages and closed operating systems. Just dont do it by yourself if you're in the US. Use the clean-room method TV's got them images, TV's got them all, nothing's shocking.

I'm sorry, I thought discussing technology was allowed in a gear forum. That it's mixed with opinion, philosophy and legal issues is more indicative of the technology field in the 21st century than any burning desire I have to wax philosophical (outside of SC, anyway). I've spent the last 12 years being hired by technology companies to 'go there', it's habit. I personally feel that if a company is going to move into the technology space then they should understand what they're doing, even if the majority of their target audience doesn't. I realize that very few people give a damn about the issues I mentioned, and thats fine with me. I'll even take it into SC if discussing details beyond the absolute basics is too much for this forum, but my original post was in reaction to reading others reactions to what I felt was a necessary and totally run of the mill technical question. TV's got them images, TV's got them all, nothing's shocking.

I dont really worry about that stuff too much. We are all participants in a high risk sport. If a company can be held liable for negligence in the case of injury then I'd imagine that someone would have had to do something pretty freaking sloppy to be found guilty. Legal protections are important - we may all have a common bond and like to think of ourselves as a large extended insular family that takes care of their own, but that doesnt mean that there arent people who care more about $$$$ than safety out there willing to prey on people. TV's got them images, TV's got them all, nothing's shocking.

I really feel I have to say something here, because I looked into this myself, and Im bored and want to rant a little. "Since the communication protocol is proprietary, we needed software that would allow users to download their jump data without altering the functions of the device. The cost of developing such a package from a clean sheet of paper is significant and the resulting cost of software developed in-house would be high. We reviewed existing packages on the market and found Paralog to be a mature product with a price much lower than what we would have to charge for Alti-2 specific software. It soon became an obvious alternative to developing our own package." I'm going to talk in generalities and then vent my geekish spleen. 1. If I buy a car and I'm a mechanic I expect to be able to tinker with the engine of that car to make it perform better. 2. If I buy a rig and I'm a rigger I expect to be able to modify it to my own specs. As a geek I buy hardware and I'm told by the vendor that I'm not allowed to play with it? BULLSHIT! And please, there's no safety arguement there. I can remove the brakes from my car and my rig if I want to without the manufacturer or their retailers telling me how evil I am for doing so (I think the word used would be, justifiably, "stupid") One you remove the 'oh but it's dangerous', you're left with pure business reasons, which judging from the statement means 'we don't have much of a clue how to design software/firmware securely'. For client softare I dont like Paralog. Sorry, I just dont. Maybe because it's Java (BTW java decompilers are very good), maybe because I think the UI sucks, maybe because I'm a command line geek who doesnt want to have to launch a gui. Asking for an API is the polite way to do things, once you get the short sighted refusal you go away and reverse engineer the thing if you care to and you're motivated enough. Now, here's the far more disturbing situation, : alti-2 have said "Hey, this system is WIDE OPEN to ABUSE!". Seems pretty trivial to me to reverse the protocol then write a small script that say, sets ground level 500' below the ground. Walking around the DZ with a laptop (edit: laptop? silly me, I have my IR PDA, much easier to do without notice) isnt exactly unusual, sit there and zap a couple of Neptunes while people aren't paying attention? easy. Why? because if I can do it you can be damn sure that I'm not the only one, and at least I know why I'm doing it. Guess I'll be buying an additional Neptune. If anyone has a cracked one available I'm interested. As long as it's working I dont care about the case. So, there's really a few ways that alti-2 could respond: 1. Admit that there's a fundamental flaw in the current firmware that leaves every Neptune unit in the wild vulnerable to exploitation - no matter how small that risk is. 2. program the system to use secure signatures on each firmware upgrade so the unit can validate the authenticity of the software before flashing it to ROM - making tampering a non-trivial task. Security through obscurity never works and nearly always leads to Very Bad Things. By securing the Neptune Alti-2 could open up the comms API and interesting software could be developed for it. Any one else out there think of fun and exciting ways to hack their neptunes? Anyone interested in reverse engineering the neptune? I used to work for Palm and did a little work on their IR stuff. Here's a nice little tool portmon. Since Alti-2 have admitted that the system's totally open there's no danger of violating DMCA laws since the protocol isnt considered encrypted or a secured, and since we're reverse engineering for the sake of interoperability it's legal and protected under fair-use laws. PM me if your'e interested in pursuing this. My apologies for any redundancy

I think it's not so cut and dried as you'd imagine. the scenario you're talking about is going to be the most common. But like I said before, I've seen predators on both sides of the equation. A friend of mine has a 13 year old daughter, her best friend (a year or two ago) was a young girl who played up her sexuality around older men (like my friend and myself) to try and get her own way. Even if I werent a parent it would be very disquieting, as a parent it was both disturbing and also made me wonder how the kid was raised. The girl would also wander into the room and discuss the latest sex tips she'd read in cosmo - and none of the adults would be quite able to tell if she was aware of what she was saying. Taking that personality and seeing it online (as anyone who's spent any signficant amount of time on IRC can tell you) is a recipe for disaster. I've seen 15 year olds lie to 30 year olds for months about their age (or even their sex!) while they build a relationship. I've seen people who should know better think they're in love and throw caution to the wind, regardless of their age. The picture is complex. IT's not all about older men chasing underage girls for rape fantasies. Online interaction is incredibly complex. Coincidentally it's something that I've spent several years researching as part of my job - and recently paying more attention as I've been tasked to design build a successful online chat community to run alongside my companies main product. If it's anything you'd be interested in learning about PM me and I can give you many links to research groups online that handle this sort of thing. TV's got them images, TV's got them all, nothing's shocking.

Doubtful. The womens advocates have pushed hard enough that the entire system is distorted. For example: spousal abuse is split equally 50/50 when you analyze the numbers. However, women focused groups have effectively silenced and eradicated any discussion about female abusers. Society still caught up in a masculine/feminine stereotyping doesnt accept males in a vulnerable role. I'm lucky, in my seperation things were amicable enough - however I'm not stupid enough to try getting custody. I recently watched my friend go through hell. His wife, in a fit of pique, called the police citing spousal abuse. He was hauled out of his house (the arresting officers were aware it was a bullshit charge but had to act) and barred from seeing his kids. Visitation was monitored once every two weeks. The case came to court, the judge couldnt throw it out (for whatever reason) but found that he wasnt guilty of abuse (so no jail time), however he had to go to anger management training, and still had to be supervised with his kids! It's pretty sick. I work hard to not think too hard about it. TV's got them images, TV's got them all, nothing's shocking.

Beyond the specific situation here..... As someone with about 15 years worth of online chat experience, including administering those services, and working for a large variety of internet services including adult based entertainment - there's a lot of sick shit out there. The illusion of anonymity and the mental nature of interacting online promote fantasy - and up until such time that thought crimes are able to be prosecuted there will always be a weird cornocopia of behavior available to anyone who wants it on the internet. Sure, we can blame parents, but thats because each of us understands the medium better - we swim in this fish tank every day and know whats out there. To Ma and Pa it's just a box for Jr to do his homework on and chat with his friends. They're unable to get out of the library/telephone paradigm. With the exception of sensational news stories about porn and predators ("honey are you being safe online!?" "Yes Ma!" "ok then") it's just a box to play on. I've seen predators of both sexes on both sides of the equation. I'm also aware that there are different rules for guys online than girls - if ever you want an eye opening experience as a guy go hit a major network with a feminine screen name. The issues I see are those of fantasy/roleplay - of which there are many on topics which would make most of us blush or puke, and intent. In the same way that fake child pornography is not criminal it would seem that the "intent" argument is just as blurry if you're chatting to a police specialist with the screen name "suzy13". From a security point of view I'd take a view that you're using a plainttext transmission system, on a generally open system with a client that uses rudimentary logging facilities. There was a recent case in the wrestling world where a promoter was caught ina sting by some cyber justice crew - their evidence was based on logs, who's validity could not be proven. As a security professional the concept of being prosecuted based on computer forensics scares me: 1. It's easy to fake if you want to do it (see the wireless security thread and wep cracking discussion). 2. Most people dont understand the subject, so trying to explain to a jury how files can be altered without creating a paper trail, how sessions can be hijacked, how - if this was in the real world - you can alter reality and history to reflect what you wish. 3. If I was on the jury in a case like this I would always have reasonable doubts unless the experts in charge were doing a great job and they DID go into extreme details (which would seem unlikely given point 2). So for me this whole thing of intent, while sleazy and pretty gross, sits pretty close to the fake child porn. On a side note: a close friend of mine, 34 years old, has been dating his girlfriend for 4 years - she was 15 when they met originally. Sick? Well, I know they didnt date until she was 16 (age of consent in the UK), but having spent some time with her 1) she's an exceptional woman (now 19) 2) I can't imagine my friend with anyone but this girl. Age of consent is still a relatively new concept and statistically has never reflected the true reality of who's having sex. In the UK the laws changed the age of consent from 13 to 16 in 1885. In the US there was a similar trend around the same time. Today the age of consent is based in state law and starts at 16. Last year the youngest male to marry was 15, the youngest female was 13. I'm not saying this to defend any particular behavior, only that I find it interesting how attitudes have changed over a relatively short time period, a matter of 4 or 5 generations. I'm sure I had a point there somewhere. TV's got them images, TV's got them all, nothing's shocking.

Heh bad news. Did some testing. Netstumbler will show networks with SSID broadcasting disabled, it just wont scan for further info. In the display it's listed as the MAC. TV's got them images, TV's got them all, nothing's shocking.