Author Archives: josh

Innocent civillians

Can anyone think of circumstance where the media’s fixation on this term isn’t tautological?

Medion MD 86162 Media Player remote codes

I’ve got a Medion MD 86162 Media Player (AKA e85015, or MD86162) and I couldn’t find the remote codes anywhere on the Internet. I cobbled up some hardware and discovered that it uses the NEC protocol when I coaxed these codes out of my dying infrared remote control, and I got the following IR codes for it:

Continue reading

Retroactive HECS fees

I think it’s about time we introduced HECS fees for all those people who obtained degrees without contributing to the cost of those degrees.

The argument is that educating tertiary students costs the taxpayer money, and what’s in it for the taxpayers – why ought they fund some snotty kid’s education?  By the same argument, those who got those free educations between 1974 and 1989 ought to cough up and return the same portion of the cost of that education back to the people of Australia.

Winter 2014 starts

So I’m trying to declare Winter. I’m going to try something like Summer, but with a 16 degree ceiling, which we just hit here in Melbourne.

Monday    16 June             Max 16    Rain at times, easing.
Tuesday   17 June    Min 10   Max 16    Partly cloudy.
Wednesday 18 June    Min 8    Max 16    Mostly cloudy.
Thursday  19 June    Min 8    Max 16    Partly cloudy.
Friday    20 June    Min 10   Max 15    Shower or two developing.
Saturday  21 June    Min 9    Max 15    Morning shower or two.
Sunday    22 June    Min 9    Max 16    Partly cloudy.

I also offer the observation that you know it’s Winter when it doesn’t feel cold anymore.

Note: The 15 degree ceiling was hit on Friday 4 July 2014, 14 degree on Wednesday 9 July..

Disable PayPass or PayWave RFID with a light globe, a pen and a drill bit

I got a new credit card in the mail, and I noticed the PayPass logo in the top right corner.  I’m no fan of RFID, especially with so many documented weaknesses. Also troubling is the loss of two-factor authentification that we’ve had for decades in Australia; both Visa and Mastercard require only the presence of the card for EMV transactions under $100. I like my credit card, I don’t like that other people can spend my money with it.  I thought about trying to convince my bank to give me one that wasn’t PayPass enabled, but Mastercard won’t issue cards without PayPass, so it seems I need to make my new credit card compliant with my privacy and security policies.

Admittedly, all the exploits for RFID enabled cards seem to affect cards in the USA, whose banking system (as best I can tell) is run by a bunch of morons. I assume that the cards in Australia leak no information other than an identifying card number… but even that. RFID can allow unintended transactions, so I’d prefer my transactions to be intentional. I considered killing the whole chip in the microwave, but there’s a risk that would affect the mag-stripe.  You don’t need a radiographer to lend you an xray machine to locate the RFID antenna.  Turns out that a light globe is plenty bright enough to spot the antenna tracks, or the sun (if you can spot it at this time of year).

I lay my card on a horizontal compact fluorescent light globe, and look what I could see:

Disable drill-point marked on a credit card
Just drill out the point where the tracks narrow down, and the antenna is toast

I dutifully marked the point where the antenna traces all converged on the one location, then drilled that point out with a hole made with a 3mm drill bit.  I took it off to my local Kmart, and it worked.  However, it failed at the Coles, and every subsequent retailer (dozens) I’ve tried using it.  Apart from that one Kmart (others haven’t worked) the PayPass functionality is now turned off.

I’ll update here if I make additional modifications that are successful.

Test Driven Bug-cases

What if every bug report, valid or invalid, required a test case, per Test Driven Development?

Summer 2014 ends

Four days before the start of Winter, I’ve declared the end (our second) Summer:

Wednesday 28 May              Max 18    Shower or two.
Thursday  29 May    Min 10    Max 19    Partly cloudy.
Friday    30 May    Min 10    Max 19    Partly cloudy.
Saturday  31 May    Min 10    Max 19    A little rain developing.
Sunday     1 June   Min 10    Max 17    A few showers.
Monday     2 June   Min 12    Max 17    Shower or two.
Tuesday    3 June   Min 10    Max 18    Morning shower or two.

Tap and Go causes crime: duh

Ken Lay says that in the last year in Victoria, 11500 extra crimes caused by Tap and Go cards have meant that the crime rate in Victoria has gone up (5%) rather than down.  These additional “crimes of deception” and are apparently tying up police.

It’s slack. Totally slack. There’s no control over it. And what are we finding? There’s been a huge spike in different offences committed to facilitate it; cars being broken into, mail stolen, handbags grabbed, purely because of industry introducing a new practice without any regard to security.

We have taken the view we should be taking on industry over this because our concern is they’ve introduced new practices with no regard to the implications on security and there’s no prevention measures, which is at times bogging down our members in work and time that could be better spent on some really serious type of investigations or responding to critical issues.

Assistant Commissioner Stephen Fontana

And the ABA says “no ways!” and says that dollar value of fraud is down since chip-in-card (neglecting that this isn’t about that) but allowing that losses following theft are up 35% (to only $20m/year).  And ignores all the crime that would be associated with obtaining the cards.

Glitch

Unless it’s a transient, unrepeatable hardware fault, it’s not a glitch – it’s a bug. Glitch makes it sound like it’s nobody’s fault. And glitches don’t stop all banking transactions for a number of days, that’s a top-to-bottom fuck up – or bug, take your pick.

And for that matter, if legal restrictions prevent parties from being identified, it’s “mustn’t be named”, not can’t.

Summer 2014 starts

Given recent events pointed out by DavidC, I declare Summer 2014 has started. Our traditional, mid-year Summer.

Wednesday 14 May    Min 10    Max 21    Mostly sunny.
Thursday  15 May    Min 13    Max 22    Partly cloudy.
Friday    16 May    Min 14    Max 22    Mostly sunny.
Saturday  17 May    Min 13    Max 22    Mostly sunny.
Sunday    18 May    Min 12    Max 21    Partly cloudy.
Monday    19 May    Min 12    Max 21    Sunny.
Tuesday   20 May    Min 14    Max 21    Partly cloudy.

Good thing you guys voted in that Abbott government.

The upside of climate change is that I get to paint the house this week. Two weeks before the start of Winter.

Political donations are not the problem

Corrupt politicians have recently been in the Australian news.

It has been observed that money, in the form of political donations, is a corrupting influence. This causes hand-wringing, as banning donations is considered to hinder the freedom of political expression.

As a response to this demand for cash to finance political expression, suggestions are made that private funding of politics be replaced by public funding – basically an increase on the funding which parties already receive (something of the order of $2.48 per primary vote in lower house seats in the last federal election, for example). This grates those with a strong dislike of politicians and the political process. In addition, the current funding model of retrospective funding (based on votes received) disenfranchises new political views – it locks in the existing players by funding them, allowing them to campaign for votes that will fund them; those outside the system will not be able to break in.

To allow new entrants into the political system to be funded on an equitable basis, some kind of on-going polling could be done and a funding stream allocated on proportionate support in non-electoral polls.

However, switching to purely taxpayer-funded funding isn’t necessary, even if in effect the tax-deductibility of political donations makes them taxpayer subsidised.

Political donations are not the problem, the problem is that donors can be identified by the political party and and expectation of quid pro quo is raised. Beyond that, large donations from a single donor are also a problem – even if political party donations were anonymised and repudiable the donation’s existence could be inferred by the velocity of money flowing out of any anonymising system.

Let’s say you’re trying to run a corrupt political party under an annoymised donation system. Someone comes to you and says “I will give your corrupt party $10m, and I expect you to make this corrupt thing happen.” You’d then donate the $10m, and your donation would be pooled along with the hundreds of other donations made to the party. The Donor Anonymising Service (DAS) would then hand over a certain amount of money to the party, but it would not be $10m. It would be the stipend that the party had requested from the DAS, along with advice that the current amount held in reserve is enough to last at least X days, where X was the same number (give or take a couple of days) as it was yesterday. You don’t know if the $10m donation was actually made, all your party knows is that it’s got enough money to last X+2 days. You could up the rate of the stipend, but the DAS would scale back the reported window so that no extra information is revealed by the reported minimum duration the reserves will last. You’d limit the rate and number of times the stipend could be changed to discourage probing. Naturally, it would be illegal to make a political party aware of a donation or its amount.

Of course, then you have all the fun and games associated with loaning money to political parties, and with corrupt administration of a Donor Anonymising Service, but you get the gist of where we could go with this idea.