E-Scribe : a programmer’s blog

About Me

PBX I'm Paul Bissex. I build web applications using open source software, especially Django. Backstory: In the 1990s I did graphic design for newspapers and magazines. Then I wrote technology commentary and reviews for Wired, Salon.com, Chicago Tribune, and lots of little places you've never heard of. Then I taught photographers how to create good websites. I co-wrote a book (see below) along the way. Current story: I am helping turn a giant media corporation into a digital enterprise. Feel free to email me.

Book

I'm co-author of "Python Web Development with Django", an excellent guide to my favorite web framework. Published by Addison-Wesley, it is available from Amazon and your favorite technical bookstore as well.

Colophon

Built using Django, served with gunicorn and nginx. The database is SQLite. Hosted on a FreeBSD VPS at Johncompanies.com. Comment-spam protection by Akismet.

Pile o'Tags

Stuff I Use

bitbucket, Django, Emacs, FreeBSD, Git, jQuery, LaunchBar, Markdown, Mercurial, OS X, Python, Review Board, S3, SQLite, Sublime Text, Ubuntu Linux

Spam Report

At least 230669 pieces of comment spam killed since 2008, mostly via Akismet.

MacBook wireless security exploit fracas primer

In case you haven't been following this mini-saga -- about two security researchers, an alleged MacBook wireless security vulnerability, and a writer from the Washington Post -- here's your study guide.

The original story at blog.washingtonpost.com (does the "blog" part mean we should lower our journalistic expectations?) has the unassuming title of "Hijacking a MacBook in 60 Seconds." An alternate, more descriptive title is "Hijacking a MacBook via a Third-Party Wireless Card that Nobody Would Ever Use, in 60 Seconds, and Also Allegedly Hijacking it via the Built-In Card that Everybody Uses, But Wait, Maybe Not, Sorry, We Can't Talk About That." You can see why they went with the shorter title.

Then there was a follow-up, followed by an update to the follow-up, followed by the release of the verbatim transcript of the original interview. Much heat, not much light.

Then John Gruber got sick of all this and issued an open challenge -- offering a brand-new MacBook in exchange for a demonstration of the alleged exploit against a stock machine. No takers. Then an update to the challenge. Still no takers.

What's interesting is that while my gut -- based on the behavior of the key participants, not on technical details -- says that there is actually no exploit that works against the stock MacBook, I'm not nearly as positive as Gruber is. I look forward to learning the truth, which is scheduled for delivery Real Soon Now.

By the way, don't read any of the contentious comment threads attached to the various blog postings. You'll just feel dirtier and more confused.

More as the situation develops.

Wednesday, September 6th, 2006
+

Comments are closed for this post.