E-Scribe News : a programmer’s blog

About Me

PBX I'm Paul Bissex. I build web applications using open source software, especially Django. In the '90s I did graphic design for newspapers and magazines. Then I wrote technology commentary and reviews for Wired, Salon.com, Chicago Tribune, and lots of little places you've never heard of. Then I taught photographers how to create good websites. I co-wrote a book along the way. Now I am helping turn a giant media corporation into a digital enterprise. Feel free to email me.

Book

I'm co-author of "Python Web Development with Django", an excellent guide to my favorite web framework. Published by Addison-Wesley, it is available from Amazon and your favorite technical bookstore as well.

Colophon

Built using Django, served by Apache and mod_wsgi. The database is SQLite. The operating system is FreeBSD, on a VPS hosted at Johncompanies.com. Comment-spam protection by Akismet. Vintage topo imagery from the Maptech archive. The markup engine is Markdown.

Pile o'Tags

ajax apple blogs browsers business design django ebay fp fun google hardware haskell intellectual property iphone javascript linux media mercurial mobile open source os x oscon oscon2007 palm php programming python rails rants reading risks ruby site spam textmate the well tips tools unix vcs web development web frameworks webservers wmassdevs writing

Stuff I Use

Akismet, bitbucket, del.icio.us, Django, Emacs, FreeBSD, Git, jQuery, LaunchBar, Markdown, Mercurial, OS X, Postfix, Python, Review Board, S3, SQLite, TextMate, Ubuntu Linux

Spam Report

At least 185365 pieces of comment spam killed since January 2008, mostly via Akismet.

MacBook wireless security exploit fracas primer

In case you haven't been following this mini-saga -- about two security researchers, an alleged MacBook wireless security vulnerability, and a writer from the Washington Post -- here's your study guide.

The original story at blog.washingtonpost.com (does the "blog" part mean we should lower our journalistic expectations?) has the unassuming title of "Hijacking a MacBook in 60 Seconds." An alternate, more descriptive title is "Hijacking a MacBook via a Third-Party Wireless Card that Nobody Would Ever Use, in 60 Seconds, and Also Allegedly Hijacking it via the Built-In Card that Everybody Uses, But Wait, Maybe Not, Sorry, We Can't Talk About That." You can see why they went with the shorter title.

Then there was a follow-up, followed by an update to the follow-up, followed by the release of the verbatim transcript of the original interview. Much heat, not much light.

Then John Gruber got sick of all this and issued an open challenge -- offering a brand-new MacBook in exchange for a demonstration of the alleged exploit against a stock machine. No takers. Then an update to the challenge. Still no takers.

What's interesting is that while my gut -- based on the behavior of the key participants, not on technical details -- says that there is actually no exploit that works against the stock MacBook, I'm not nearly as positive as Gruber is. I look forward to learning the truth, which is scheduled for delivery Real Soon Now.

By the way, don't read any of the contentious comment threads attached to the various blog postings. You'll just feel dirtier and more confused.

More as the situation develops.

Wednesday, September 6th, 2006
+

Some related posts: RapidWeaver spamming vulnerabilityThe dawn of OS X malwareDangerous installers

Post a comment

Thanks for reading! Please note: Your comment will not appear until approved, which may take a few hours or more. Spammers will be torpedoed.


(Will not be shared)

(Optional)