Rubénerd!

Here's an article from the Australian ABC. Tell me if you can spot the problem.

A fully-marked New South Wales police highway patrol car has been stolen. Police say highway patrol officers stopped a car on the M7 near the Richmond Road off-ramp in western Sydney at around midday. Officers say there was an altercation and the driver of the car struggled with police before breaking free and stealing their fully-marked highway patrol car. The driver, identified as Arthur Partsch, was last seen travelling north in the light blue Holden Commodore sedan. Officers have warned anyone who sees the car not to approach it, but to contact Triple-0.

Did you catch it?

We're being warned to call the police if we see a patrol car. I wonder how many calls they must have got from people spotting all the hundreds of cars on active duty?

I avoid Australian terrestrial television like the plague, but fortunately I was tweeted that Channel 9 informed us of the licence plate of the specific patrol car in question. Georgina even went one step further and (shock!) told me what it was!

So a lesson for reporters appealing for information from the public: give us the specifics as well. I wouldn't want to sick the SOS-Dan force on you.

From USA Today, even though it came out yesterday:

Instead of shoehorning the electric powerplant into a conventional GM compact-car platform, the next Volt will be purpose-built. That will allow the ability to better package the batteries and other specialized components, says Mark Reuss, president of GM North America.

Shows my ignorance, I thought it was purpose-built. The Honda Civic Hybrid isn't purpose-built, and it doesn't come with a premium price tag.

To me, this reads like a book coming out in hardcover for the people who really want it, then releasing the paperback for everyone else.

And now I've exhausted all my car knowledge, and have lost my train of thought.

An interesting (or at least, I thought it was interesting!) report from the Guardian:

The Bundesbank plans to bring back to Germany some of its 1,500 tons of gold stored in the vaults of the Federal Reserve in New York, and the 450 tons stashed with the Bank of France in Paris, reported the German newspaper Handelsblatt.

Economics aside, why was it all there?

Most of Germany’s gold reserves have been stored overseas since the cold war amid fears of a Soviet invasion.

While a fascinating idea, the official press release from the Bundesbank website makes no mention of the cold war or the Soviet Union as a reason.

The image above is of the Deutsche Bundesbank building in Frankfurt, by MBisanz on Wikimedia Commons. A classic Brutalist design. The building in the photo, not the photographer. You're weird. KRQRG636ED2W

From Skype's The Big Blog. I've seen bigger.

Skype for Windows 8 is almost here and we are incredibly excited by this important new version of Skype. This is our big step forward together with Microsoft to introduce a completely new Skype experience, which is designed to be always on, immersive, effortless and fun to use.

To be fair, there are things in Windows 8 you can't do on other platforms, just as there are things in iOS you can't do on Windows 8. Still, prioritising one platform for a multi-platform client is what we feared when Microsoft bought Skype.

I used the word platform four times in this post. Please mind the gap.

Just a quick tip of the hat to NetBSD for their 6.0 release. I use Fedora Linux on my laptop and Mac OS X on the desktop, but I'd prefer to be using NetBSD. As far as I'm concerned, it's the cleanest, most elegant operating system I've ever used.

I also made some My-HiME desktop backgrounds for NetBSD back in 2008. She was predominately orange, and so is NetBSD. I was in the zone.

NetBSD in an Australian VPS, now that'd be awesome. I wonder if they exist?

Over the weekend, a subdomain at the University of Technology Sydney was defaced, and with it the names and passwords of several staff members. What isn't being talked about much is: it was bound to happen.

Image of computers in UTS Building 10 taken by me in 2011.

Well, bother

According to Michael Lee of ZDNet Australia, the breach affected an older content management system (CMS) backend used to deliver news. Once the system was compromised, the information of staff members was published including their names, email addresses and their passwords as plaintext.

The site also had an ASCII art picture of Zoidberg from Futurama added, performing his trademark roar of exasperation. I see what they did there.

The good news is this breach did not affect the primary site, though it exposes a far larger issue.

The claws of the problem

When I first enrolled at UTS, I was surprised at how easy it was to choose subjects, set up my timetable and get started. Some of my fellow students may scoff at this, but having studied in several places, UTSs system is far superior. They may use Blackboard for everything else, but at least they had the common sense to keep clear of it for enrollment. But I digress.

The one part of the process that gave me pause was when I was prompted for a password. I proceeded to type in a unique passphrase that I'd be using for logging into UTS, only to be told it was too long.

Warning bells.

I've blogged at length about the risks of accessing sites with password character limits, and why they're technically unnecessary in a securely designed site. You can read about it here.

In a nutshell, passwords that are stored securely as a cryptographic hash have no technical reason to be limited in length. When a site informs you of a length limit, it's a fairly sure sign they're storing your password insecurely as plaintext, which means when there's a breach, your password is viewable. Like they were here.

UTS uses student passwords for administration, student email, the Blackboard Learn environment, WPA2 passwords for wireless access, Faculty of Engineering and IT access to student servers, login access to shared computers and many more places. I can appreciate the challenge of keeping all these the same, as students are unlikely to be willing to remember different passwords for each of these.

Still, for an institution of higher learning, I can't help but think they could solve this challenge securely. It dismays me when action is taken only as a result of a breach. I hope UTS uses this as an opportunity to revise their security policies.

John McDuling for the Australian Financial Review:

Optus and Vodafone Hutchison Australia have signed a deal to share and build critical infrastructure to boost coverage and bolster their networks for the launch of superfast mobile services. [..] Optus will be granted access to around 1000 additional sites [..]

My sister gets excellent coverage on Vodafone in Earlwood, but Optus is bad enough to be non-existent. Assuming this gets ACCC approval, this would be the quickest fix for our area! Something tells me I shouldn't get my hopes up too much though.

Granite pit a rock solid investment for owner
Jeff Starck, Wisconsin Rapids Tribune

MOSINEE -- Glenn Kafka was just another guy in central Wisconsin with a backhoe when he found his "dinosaur egg" while digging for rock in the 1980s.

According to their site banner, the paper is published by Gannett. That's almost too much.

I'm commenting on this news story exactly one year after my post about Dropbox. Freaky!

The story

So Google will be taking on Dropbox with their own cloud storage service, titled Google Drive. I thought Google Drive was when they drive around capturing home WiFi locations and data. Heh.

Whereas Dropbox comes with 2GB of storage, Google Drive will come with 5. Not sure whether that's 5GB or 5GiB (Mac OS X and Fedora 16 with Gnome 3 have made me even more acutely aware of these differences), but we'll wait and see.

Please no more client software!

From what I'm reading on the intertubes, some are comparing this move to Google releasing Gmail, with similar predictions of success. It's a cute idea, but Gmail offered an order of magnitude more capacity than competing email services at the time; 5GB is hardly a similar leap. 5TB, now there would be something!

Mostly though, I've resisted using the likes of Dropbox because I can't stand installing extra software, and wasn't going to go through the rigamarole of installing a Linux binary compatibility layer and test it to run on FreeBSD. If Google Drive allowed remote access through established protocols, FUSE mounts and the like, I'd be on it faster than you could say "data mine".

d3[[12rfqzfe;rwegg2x

Of course, as with all cloud storage services you'd want to observe some precautions. As I said about Dropbox on this day last year:

I don't understand the increasingly negative attitudes people are having towards services like Dropbox. People who don't encrypt their personal files before sending them off to a public, shared server clearly want their data to be read in the clear, so who cares?

Encrypting data before uploading would be an absolute must, any other use would obviously be reckless unless it was media you'd publish in public. Even then, you'd have to weigh up the utility you'd derive with Google knowing even more about your interests, and the legal ramifications of having your stuff hosted under United States jurisdiction, assuming that's where it ends up. Eh, just encrypt everything, play it safe!

I'll be following this story. If it turns out Google Drive is another of the company's now infamous me too! products that also requires client software just like Dropbox, nothing to see here, move on. If it doesn't require extra middleman software, is simple and has a web UI that's usable (unlike what they did to Google Reader, Gmail and the like), they might have a hit.

From TODAYOnline, a Singaporean news site:

The first 250 US Marines will arrive next month in northern Australia where a permanent joint training hub will be based. [..] In November, the United States and Australia announced plans to send more US military aircraft and to rotate up to 2,500 Marines through the northern city of Darwin to better protect American interests across Asia.

They're not evening hiding who this arrangement benefits any more.