Saturday, April 14, 2007

Candian Cell Phone Companies are about on par with Gas Stations

What the Hell???!!??

I just reimaged my work laptop, so I was sitting here on a Sat morning trying to get things back to normal. Since there's not really anything good on tv, and I my mythbox is sort of out of commision, I was watching tbs when a cell phone commercial comes on. Unlimited phone minutes, data, text and whatever, all for 50 bucks. 50 BUCKS!!! And no contract, to top it all off. 50 BUCKS!!! I just went through the hassle of switching from a Treo to a BlackBerry. I am currently on a voice plan that gives me unlimited evening and weekends and 200 day time minutes for 25 bucks. That was a good deal too. While trying to figure out whether to switched handsets or switch providers for my cell phone I had the company that I'm currently with price out something similar to what I have now for voice (data is somewhat unimportant since I was just using a standard data plan that hadn't changed much). The pricing for the basic same plan as I have now (it had 100 minutes during the day more than what I have now), is now 50 bucks. So I could pay 50 bucks a month here in canada for a voice plan that gives me 300 minutes of voice time during the day and unlimited calling (starting 6) during evenings and unlimited calling during the weekend. In the states I could be paying 50 bucks a month (with now contract) and get unlimited everything. EVERYTHING.

All the time you hear people complaining about gas prices. How the gas stations and companies are all in it together so they can all raise prices and not have anyone undercut their price points so they don't really have to worry about competition, but you almost never hear people complain about the cell phone companies. In this day and age of eletronic toys and being in constant contact, cell phones seem to be as necessary as gas. I know that I'm guilty of complaining when people don't have a cell phone.

I remember a time when Canadian broadband intenet plans where miles a head of the States. We were getting plans with more bandwidth for much cheaper than anywhere in the States. Why are we so far behind in the cell phone battle. It's not like the players are different here in Canada. but maybe that's the problem. When it comes right down to it, it's really only the big monopoly players in other telecom industries that have moved into the cell phone market. The only other exception might be Telus, but I haven't really gone out and done the research to figure out if the majority shareholders are actually different from the other Telcos. Even though the choice is limited, why are we putting up with this? Why are we letting these big corporation push us around. Yes I realize that it's not that simple to change these kind of things. Those e-mails you see going around about boycotting a certain Gas company for a day aren't going to really help, unless you can get an extremely large percentage of the population using that type of gas station to stop using that gas station. Of course that doesn't really change the fact the gas is still there, and you might see a small dip in prices, but that's not going to change the long term problem. It's similar to what the record labels are going through right now, but that's a different rant.

Tuesday, September 19, 2006

Ubuntu Security

I had a nice somewhat poetic post about why I hadn't been posting at all (I wanted to say much, but that's a lie really), and the reasons why I'd be posting more often now. The reason I haven't been posting is because I haven't been making time for it, and the reasons that I would be posting really are just excuses that wouldn't hold enough water to drink from, so I'll skip that.

I think the real reason I haven't been posting is because I never really decided what I wanted this to be. I knew what it couldn't be. It couldn't be a real journal: it's too public and I'm too private. I've seen the stupidity of trying to make a personal journal public, and although that seems to be a value people seem to give to blogs, I don't believe that's where their value lies. I sort of thought that this would be a security blog, and while I see the value in that, I think there two problems I would face. I'm too know to the industry to be able to write long thoughful posts on the subject, and I don't want this to just become a link fest to all the other security blogs out there. Unfortunately these problems actually hold for just about any subject that I might possibly choose to write about in a blog. I have no particular expertise in any one area, and I see no point in creating just another link blog.

My solution? I think I'm probably going to try a hybrid. I do feel that it would be useful for people who are not security inclined and have no interested in subscribing to bugtrac and the like to find information about security issues and vulnerablilities that might pertain to them in one place, so I will try that. I'm also interested in just about any other topic under the sun, and have been trying to use blogs that are written by experts to get as much exposure to as many subjects as I can. I feel that in this age where information is so easy to come by, our sudden urges to specialize into only one area of expertise seems not only foolish, but wasteful as well. Yes, the argument can be made that there is more to know in each subject as they grow, but I don't feel that it justifies studying one area in exvclusion of everything else. In my mind, there is no argument that convince me that it is useless to know something about math, science, history, and any other aubject, even though I am just as guilty as most others at ignoring other areas of study.

I do know that I tend to go on a little, so I've decided that I will employ simple HTML to aide those who are interested in certain section of a post and who would rather not wade through my ramblings on unrelated things. My plan is to include a "table of contents" at the begning of my posts and link the sections through there. I know that the other option is to just make multiple posts, but there's nothing more annoying than visiting a blog, or opening your rss reader to find that someone has posted 10+ new posts in the last half hour and each is a couple of lines long. I will still not be posting from work.

Ubunutu vulnerabilitys
For thos of you using Ubuntu/Kubuntu there have been a couple of vulnerablilities that have been found. At the moment I'm not sure where the CVE's link to, so I'll try to add thos in the future.

There was a vulnerability found in gzip. It did not verify the authenticity of the packages that it unpacks, and so arbirary code can be executed at the users privilege level.
CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,

The second is a kernel vulnerability. The kernels in question can be DOS'd by using a special value, when opening SCTP sockets. The ELF loader did not verify the memory layout allowing for the possibility for an attacker to crash the kernel.
linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities
CVE-2006-4535, CVE-2006-4538

The last is a Gnutils vulerability."
The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key."
gnutls11, gnutls12 vulnerability

To be honest, most of this is above my head at my current Linux knowledge, but at some point maybe I'll be able to better explain this stuff.

I thought I saw a new IE 0-day attack but I've used up the time I set myself before I went to bed, so I'll try to look into that tomorrow. Hopefully my posting will be more consistent, but hey, if not, it won't kill you.

Monday, May 08, 2006

I'm not dead yet....

Okay, so this isn't really a good start to my whole blogging routine. That break was far too long (especially having made only one post so far). To some degree I had an excuse (heh, pardon the pun). To clarify I was in the process of finishing my degree. All of the course work is now done, but do to a clerical disagreement, the registrar thinks that I didn't apply to graduate, so I will be getting my diploma in November. Not that it makes a huge deal, but it would have been nice to get it this spring.

I seem to have this mental block that makes me think I should only be blogging at the end of the day, kind of like a summary. I suppose it all depends on what I'd like this blog to turn into. I do know that I won't be blogging while at work (I have issues with that sort of thing), but there's not really anything stopping me from writing entries before or after work. I do have a feeling that most of my posts will be long and on occasion rambly (me, ramble?.. never), and as much as I don't want to become just another link blog, I will probably be posting them from time to time. Actually probabaly every blog. I guess that sort of presupposes that people are going to be reading this blog (in fact this whole entry seems to be based on that assumption). On of the reasons that I avoided blogging for so long was that I don't see it as being able to entail everything that a true personal journal can. There are some thoughts that are meant to be private, some ideas or inner mental workings that people are not supposed to share, and those can't be expressed in blogs. This is where I face my conundrum. I'm not convinced that I have anything new to express other than my opinions, and, since everyone has their own set, what would make mine so appealing as to draw others to them? Is it arrogance that makes me assume that people would read this? Unlike one of my favorite blogs, written by Guy Kawasaki (, that provides useful advise and great tips for startups (among other topics), I have no such experience to draw on, at least, not yet. So what purpose does a personal blog server if it's not being used for marketing, or knowledge transfer. I guess it's one of the only ways we can "see" into each other's minds. I know people who are attracted to those that they can't figure out. It becomes like a puzzle to them, but then it leads to the question why, when there is so much to learn about ourselves, so many hidden secrets locked in our own minds, do we as a race of people obsess about understanding others. It is said that on the temple of the Oracle of Apollo, the phrase "Gnothi se auton" (Know thyself) was enscribed, and much of ancient philosophy seemed to use that as a compass. Of course, it ended up terribly off course, as philosophical discussions are wont to do (not that tha's a bad thing in any sense), but it seems like one of the best starting points. People seem to decide much of the course of thier lives based on what they can and cannot do, but if you don't know yourself, how do you know that you can't do something? How do you know that you can, for that matter? Sometimes, finding out you can't do something is ever better than finding out you can. It can be a catalyst. I've been trying out for a C2 Men's soccer team over the last couple of weeks. The try-outs were with an under 21 team that the coach is also, well, coaching, and I've been getting my butt handed to my up and down the field by these 20 year olds (I'm 24) for the last couple of weeks. It culminated in an exhibition game, which took place yesterday. We didn't even have a full 11 players show up, so I, being in terrible conditioning, was forced to play the full 90 minutes. Yes, I know it sounds like a lot of whining, but by midway through the first half, ir felt like I almost couldn't walk. The drive to make this team was so great, that I finished the game, and actually had a better second half than I did the first. But it hasn't ended there. It also forced me to realize that my body wasn't going to be able to handle what I was putting it through with what I was feeding it. Today was the first day that I really got up and made a real dinner on a week night. I don't order out very often, I just don't tend to eat dinner. Well, tonight I had a healthy full rounded meal (let's hope my cooking is more consistent than my blogging). Whether or not I make this team, I'm going to be better off for having tried; for having pushed myself to see if I could make this team.

Wow, that was far more text that I was expecting. I would apologize, but this is what tends to happen when I'm given an open invitation to the floor (hmm.. I think that as a mixed metaphor, but I'm lucky to have been able to spell metaphor). Unfortunately (or fortunately if you can stomach my ramblings) this will probably be par for the course for my blog, although, I'm hoping the frequency increases.

Wednesday, April 26, 2006

And so it begins

Huh. Well that was easy to set up. Too easy.

I could start in about who I am and all that, but the only people who are going to be looking at this are going to be people who know me (well to start anyway), and that's only if I'm lucky.

Today started off at a pretty crappy day. It was one of those days where no matter what I did, I was late. It did how ever turn out to be a very good day women watching wise. Very cute girl on the elevator in the building I live in, two cute girls walking to the same bus stop as I was, at least one cute girl on each of the buses I have to take, and one of the receptionists at the medical clinic I was at was really hot. Did I do anything about it? Of course not. It's not kosher to hit on women while they're working, at least from the perspective that I see things.

The result of the trip to the clinic was that the doctor thinks I have a Repetitive Stress Injury causing the pad of my right thumb to swell and the thumb itself to be rather painful. Repetitive Stress Injury.. .me? I'm not hard on my hands at all. I mean I only rock climb, box.. okay fine. On the up side I can still get my ass handed to me on the soccer field on Friday at the try-outs. Consequences of this injury?

a)I have to wear a wrist splint that imobilizes my thumb for 2-3 weeks
b) I'm yet again going to have to take a break from boxing.

All I have to say is that this had better not take away from my fooze ball game.

Enough of my ramblings for now though. My food should be here soon, and I should actually be working on my Honours Project seeing as how I have a meeting tomorrow and it's due in a week.

Okay, I have to say this lay-out needs some work, but that's going to have to wait a week or so. So is me starting to proof read these things.