I know that many others have already written about the technical inaccuracies in CBS' new show scorpion, but I felt that I had to get my critique out there as well.
For anyone who hasn't seen the promos, the show, or anything else - Scorpion is a new Fall 2014 show about the exploits of a group of geniuses supposedly based on the real-life of "world-class genius". The main characters include a math whiz, a mechanical genius, a world-class hacker and a psychologist who acts more like a con artists (and stalker - but that's a whole different show).
The first episode's plot line centered around the catastrophic failure of a software upgrade that only affected 3 airports in/around LAX. I guess patch testing isn't part of the SOPs for California airports in this TV reality. The Feds finds this group of elite geniuses and recruits them to save the lives of all the passengers on the flights that could not be diverted to other airports for landing because they were on final approach and out of coms range.
Wait a minute - - these planes that could not be diverted have been circling airports for 40 minutes waiting for landing instructions. After about 20 minutes, wouldn't you think to go somewhere else? Or the wireless network on most planes these days? And aren't there back-up communications in planes?
So now our team of plucky hackers set off in the obligatory black SUVs to drive to the nearest airport to save the day. But, plot twist - the traffic on the highway is terrible and they won't be able to get to LAX before the planes run out of fuel and start to fall out of the sky. No explanation of why the other 2 airports affected by this bad software update aren't usable. It's the Feds can't they find an alternate route or use the emergency lanes? One of the characters does suggest a helicopter, but those are all grounded because of the air traffic issue.
So, our main hacker hero comes to the rescue with his brilliant idea that he could hack into the airport using a wireless network - it just has to be completely stable. And, as luck would have it - he was just at a diner fixing their wireless network so it is now the most stable connection available.
Why wireless? Wouldn't you be better off with a wired network that you could lock the rest of city out of instead of an open wireless network run from a diner? Doesn't Homeland Security have secure networks? I suppose we need to understand the true genius of our hero who can make sure a wireless connection is the most stable in the world and doesn't ever drop packets.
On to our hacking scene - within moments, the airport's physical security network has been compromised (we know this because the hacker needs the cameras to show what the people in air traffic control are doing). Why he must watch people type into computers is left ass an exercise for the viewer.
Get the Air traffic control supervisor on the phone and instruct him to find the original installation disc for the software. Angry supervisor who doesn't believe this guy on the phone points out that the software is 15 years old and the company who made it doesn't even exist anymore!
Wow! Who is sending you software updates again? Do you just install anything from anyone without testing the software or having a recovery plane. Not that I haven't seen companies that would do this - but still!
Now we will start with the stereotypes - grumpy supervisor is computer illiterate and unable to type. So look for the white, nerdy guy with glasses since he must be a coder. *sigh*
So, here were are: planes are going to start falling out of the sky any minute, we have no base install for this highly critical software, and the company who makes it no longer exists (they just send out ghost updates). But wait! We have an automated backup system. The day is saved.
Next plot twist - backups are overwritten every 12 hours! And we only have 20 minutes before the next one happens! (I guess they haven't heard of backup rotation schedules yet - its only 2014). Can you really get anywhere in LA in 20 minutes?
So, we could go ahead and cancel the backup, or disconnect the airport system from the network so the next backup doesn't happen or, connect to the backup network ourselves to get a copy of yesterday's software , or call the backup vendor - but where's the fun in that? Lets race to the backup center to find the 1 tape that has a good copy of the software. Miraculously, the traffic has cleared at this point - so we arrive with 6 minutes to spare. But wait - since we didn't call the backup vendor, we show up to find that the "data center" is in what looks to be a self storage facility (no front doors, no reception, no security) is closed on Sunday and the entry door is locked with an electronic keypad that our mechanical expert can't break in time.
We're all doomed. Arm the fighter jest, blow those planes out of the sky! Of course, our main hacker genius will save the day. If you send a power surge to the keypad it will blow the lock and open the doors. Wait, what? A power surge will cause all the doors in a secure storage facility to open?
We're saved - find the drive in the server farm (did you notice none of the server cages are locked? Someone might need to review the security guidelines for that data center). Now it's a race back to the diner to hand over the drive because they couldn't connect it to a computer at the facility, or one of the laptops they have been using to hack and copy the data - only the diner will do.
Arrive back at the diner, with the backup drive (the one that was yanked out of a server - no problem there!) find the file, and start the transfer! Uh oh - data corruption? What happened? Well, our unwitting psychologist put the drive in the side pocket of the SUV for safe keeping - didn't he know that speakers in a car will erase data storage? Next….
All the planes have a copy of the air traffic software! Just copy it from one of those. But only the ones that have been in the air for a long time (i.e. an international flight from Australia), because everyone else has been corrupted!
Huh? Only the ones still that have been flying for hours are good? What about all the planes that you diverted to land at other airports? What about the ones that are in for maintenance? Heck, what about all the other airports in the country? You really expect me to believe that every airport facility has their own special version of software and all the planes have copies of every one?
Now that we have our solution, how to get the software from the plane back to air traffic center, then pushed back out to all the other planes? (I don't remember why the Wi-Fi on the plane doesn't work - but that's a no go). In comes our psychologist - he will find the one person on the plane who has a cell phone that still works. On to profiling - has to be someone over 50 because they are the ones with the old phones, can't have lots of money (again - old phone). Somehow, we have full access to the flight manifest and find the older salesman who has left his phone on. And somehow, even after a 15 hour transcontinental flight, still has power. (I've accidentally left my phone on during a flight, and have no battery after about 3 hours - I need that guy's phone!)
Lets give him a call so we can talk to the pilot. But wait, if we can talk to pilots - couldn't we just direct them to land? Never mind - too logical.
Off to the airport in the diner waitress's car (why use Fed cars with lights/sirens/horsepower?) this time using magic hacker skills to change all the traffic lights as we race through the city. At least they did show that changing the lights doesn't mean all the traffic instantly stops. Just to add a little more drama though, one light can't be changed (no explanation of why - it just doesn't).
At the airport - the Wi-Fi (somehow it works now) is too far away/too fast to get the one file that we need. Not sure what wireless network this is - maybe there's a wireless network that only works within the plane & the replicate the internet for all of us who connect and pay $$ for connectivity when we travel.
Let's steal a car that just happens to be parked on the tarmac and race under the plane while the co-pilot strings out a network cable down through the wheel bay to connect to the laptop our waitress is holding. Who knew that all airplanes came equipped with 200ft network cables!
I will probably still watch the show, partly so I can throw fake bricks at the TV (does any one else remember those??) As an IT/Cyber Security person I will watch it as a spoof on what my job really is, it's entertaining! But maybe, they could get an IT/Cyber Security consultant on the show to remove some of the more ridiculous twists?
Monday, October 6, 2014
Thursday, September 8, 2011
Cars tweeting, posting on facebook?
According to this article, cars are being equipped with all kinds of computer systems to allow: "Automobiles are getting smarter as carmakers put in computers that can help drivers parallel park and add Internet connectivity to post Facebook or Twitter updates"
I can see why a computer that parallel parks would be awesome -- I hate parallel parking, so I avoid it any way possible. But if I could just push a button and the car does it for me, it could open up a whole new world of parking options for me! I wonder if this would change my insurance rates? I would assume that the car would be less likely to hit another car while it was auto-parking.
But twitter and facebook posts? What is my car going to tweet -- it's location every time I stop? That would be nice for the creepy stalker types out there, but not so great for me.
Am I going to get a facebook message from the car telling me it wants premium gas instead of the regular that I fill up with most of the time? Will it start accepting friend requests from other cars?
To be fair, they might have meant that the cars would have a way for me to tweet or post, but in my coffee-less morning state, that's not how I read the quote. And even if it is a way for the driver/passengers to tweet... again, why? Isn't there enough other distractions on the road now (radio, eating, smart phones) without adding one more way to get into a wreck!!
The article then goes on to discuss the security implications of all these computers in cars. It seems, yet again, no one has learned from past mistakes and security is being added (if at all) as an afterthought.
I can see why a computer that parallel parks would be awesome -- I hate parallel parking, so I avoid it any way possible. But if I could just push a button and the car does it for me, it could open up a whole new world of parking options for me! I wonder if this would change my insurance rates? I would assume that the car would be less likely to hit another car while it was auto-parking.
But twitter and facebook posts? What is my car going to tweet -- it's location every time I stop? That would be nice for the creepy stalker types out there, but not so great for me.
Am I going to get a facebook message from the car telling me it wants premium gas instead of the regular that I fill up with most of the time? Will it start accepting friend requests from other cars?
To be fair, they might have meant that the cars would have a way for me to tweet or post, but in my coffee-less morning state, that's not how I read the quote. And even if it is a way for the driver/passengers to tweet... again, why? Isn't there enough other distractions on the road now (radio, eating, smart phones) without adding one more way to get into a wreck!!
The article then goes on to discuss the security implications of all these computers in cars. It seems, yet again, no one has learned from past mistakes and security is being added (if at all) as an afterthought.
Friday, May 20, 2011
Google fixes Android vulnerability
Google is rolling out a fix for a vulnerability in Android that could leak data from Google calendar and contacts. Android phone users were at risk when they are connected to unsecured wireless network. Android OS versions 2.3.3 and lower are affected by this.
The Google spokesperson quoted in this article says that the fix will be rolled out to all android phones over the next few days. Android phone users do not have to do anything - the fix is supposed to install silently to all versions of Android.
The good thing is that Google is rolling the fix out to all versions - so you will not have to wait months (or years) for your carrier to update your phone's OS version.
The Google spokesperson quoted in this article says that the fix will be rolled out to all android phones over the next few days. Android phone users do not have to do anything - the fix is supposed to install silently to all versions of Android.
The good thing is that Google is rolling the fix out to all versions - so you will not have to wait months (or years) for your carrier to update your phone's OS version.
Thursday, May 19, 2011
Folding displays becoming a reality
Researchers at Samsung Advanced Institute of Technology have built a prototype for a foldable display. They tested the prototype to see if folding/unfolding would cause a visible degradation in the fold point. In their tests, after 100,000 fold/unfolds there was a 6% degradation. If you check out the koala picture in this article, the only reason I could tell that it was a foldable display at all was the caption!
The one they built simply folded in half. Maybe future ones would have more foldability (is that really a word?) -- then I could take my 32'' monitor with me when I travel. Once you get to your destination you would need some kind of holder, or maybe it could just attach to a wall somehow. This would make work travel so much nicer! I would have a real display instead of working with the too-small laptop screen. Or think of connecting this to your smart phone while you are stuck waiting somewhere and watching a movie with a real screen! No more squinting to see what was happening.
The one they built simply folded in half. Maybe future ones would have more foldability (is that really a word?) -- then I could take my 32'' monitor with me when I travel. Once you get to your destination you would need some kind of holder, or maybe it could just attach to a wall somehow. This would make work travel so much nicer! I would have a real display instead of working with the too-small laptop screen. Or think of connecting this to your smart phone while you are stuck waiting somewhere and watching a movie with a real screen! No more squinting to see what was happening.
Friday, May 13, 2011
The cost of motherhood
Shine posted an article today discussing a study that tried to quantify the cost of motherhood... how much earning potential did women lose because they choose to have children.
Shockingly (at least to me) is that after 10 years there is a 24% gap between the high-skilled* women who had children and there counterparts... ouch!
It almost makes you think women would be better off not having children (other than the whole end-of-the-species thing).... but the study also found that high skilled women who have children later (after 30) also tend to earn more than high skilled childless women. For some reason, the high-skilled women who chose to have children make more money before having children than those women who don't have children. So wanting to be a mother appears to pay off -- right up until the point that women actually have the child!
Some other stats from the study:
- Low-skilled women don’t get very big raises, and having kids does little to change that
- For high-skilled women, kids spell the end of raises.
- Becoming a parent seems to have no effect on men’s wages
I couldn't find the research paper itself posted online, but if you wanted to read the whole thing, you can buy it here: http://www.nber.org/papers/w16582
the study used the Armed Forces Qualification Test to determine high-skill vs low-skill.
Shockingly (at least to me) is that after 10 years there is a 24% gap between the high-skilled* women who had children and there counterparts... ouch!
It almost makes you think women would be better off not having children (other than the whole end-of-the-species thing).... but the study also found that high skilled women who have children later (after 30) also tend to earn more than high skilled childless women. For some reason, the high-skilled women who chose to have children make more money before having children than those women who don't have children. So wanting to be a mother appears to pay off -- right up until the point that women actually have the child!
Some other stats from the study:
- Low-skilled women don’t get very big raises, and having kids does little to change that
- For high-skilled women, kids spell the end of raises.
- Becoming a parent seems to have no effect on men’s wages
I couldn't find the research paper itself posted online, but if you wanted to read the whole thing, you can buy it here: http://www.nber.org/papers/w16582
the study used the Armed Forces Qualification Test to determine high-skill vs low-skill.
Wednesday, May 11, 2011
Facebook password exposure - what's it really mean?
In case you haven't heard yet, Symantec found that Facebook applications could have been leaking 'user access tokens' (what lets an application access pictures, post messages, etc) to 3rd parties. Just to be clear, the applications do not have your password, nor did they leak passwords.
When you install an application, you have give that app permissions... when you do this, the application gets what Symantec has called a spare-key. This is the token that lets the app do things like post messages on your wall, send requests to friends - stuff like that. Some applications were written that told FB to send the token in the URL, and he application might also use the token in URLs sent to advertisers.
Facebook has since fixed the issue that let this happen, but they can't go out and find all the places the tokens might be stored or used.
what can you do? change you password! and of course, you all know to use a strong password.
This works a bit like re-keying a lock... the old spare-keys that we leaked out with URLs (and possibly stored in logs or by advertisers) will no longer work. The applications will still work - they will get a new spare key, but the issue that let them leak the info has been fixed.
if you want the full gory details, check out the Symantec post
When you install an application, you have give that app permissions... when you do this, the application gets what Symantec has called a spare-key. This is the token that lets the app do things like post messages on your wall, send requests to friends - stuff like that. Some applications were written that told FB to send the token in the URL, and he application might also use the token in URLs sent to advertisers.
Facebook has since fixed the issue that let this happen, but they can't go out and find all the places the tokens might be stored or used.
what can you do? change you password! and of course, you all know to use a strong password.
This works a bit like re-keying a lock... the old spare-keys that we leaked out with URLs (and possibly stored in logs or by advertisers) will no longer work. The applications will still work - they will get a new spare key, but the issue that let them leak the info has been fixed.
if you want the full gory details, check out the Symantec post
Friday, February 4, 2011
Sprint Airave
After I got that fancy new phone I have been playing with for almost 2 weeks now, the lack of cellular coverage in my house really started to get to me. I blame it on the radiant barrier that keeps the house energy efficient. basically, its like covering the house in tinfoil!
A friend was telling me that she had a Sprint TV app (when I was whining that I can't get the U-Verse app). But when I looked for it, couldn't find it. But - there's this Sprint concept of SprintIDs -- basically, its like having multiple identities on your phone with a set of bundled apps. The only way my phone can get the SprintTV app is by having the Sprint- SprintID. Unfortunately, you have to be on the cellular data network to get these things (won't work over the WiFi connection). Plus, once you get them some (i.e. Sprint TV) only work on the cell network as well.
What this means - I have to go outside to be able to use these nifty sprint apps. And right now, its below freezing in San Antonio - I don't want to sit outside just to load something on the phone. Add to that, sitting outside to talk on the phone is really not fun.
I had a cell booster for a while -- the problem with that was 1- 15 feet of vertical distance between the base station and the antenna (not so easy on a 1-story house without getting on the roof) and 2 - the cable to connect the outside antenna to the base station has to come into the house somehow and I just didn't want to drill the holes!
A friend told me that he had similar problems, called Sprint and they sent him this nifty device that would plug into the internet connection in the house and create a sort of personal cell tower inside. I called Sprint, and sure enough -- they sent one out! (Apparently you do have to talk to someone for this -- I tried the online chat thing and they said to call Account Service) It arrived today and I have now plugged it in and I'm waiting for the lights to stop flashing -- they say up to 2 hours for the device to identify all the stuff it needs and set itself up (?!?)
*update* after 30+ minutes, the GPS signal still wasn't working. You need the GPS to prove that you are not trying to use the Airave to scam cellular coverage in another country. The thing does come with a GPS antenna - so I've plugged that in and put the receiver end in the window of the office. Hopefully that will work -- I really don't want to deal with mounting an antenna outside again :)
*update2* so it really did take 2 hours -- but now my phone shows data connection and all bars! woo hoo! now I can answer the phone inside the house and expect to keep the call more than 5 minutes!
A friend was telling me that she had a Sprint TV app (when I was whining that I can't get the U-Verse app). But when I looked for it, couldn't find it. But - there's this Sprint concept of SprintIDs -- basically, its like having multiple identities on your phone with a set of bundled apps. The only way my phone can get the SprintTV app is by having the Sprint- SprintID. Unfortunately, you have to be on the cellular data network to get these things (won't work over the WiFi connection). Plus, once you get them some (i.e. Sprint TV) only work on the cell network as well.
What this means - I have to go outside to be able to use these nifty sprint apps. And right now, its below freezing in San Antonio - I don't want to sit outside just to load something on the phone. Add to that, sitting outside to talk on the phone is really not fun.
I had a cell booster for a while -- the problem with that was 1- 15 feet of vertical distance between the base station and the antenna (not so easy on a 1-story house without getting on the roof) and 2 - the cable to connect the outside antenna to the base station has to come into the house somehow and I just didn't want to drill the holes!
A friend told me that he had similar problems, called Sprint and they sent him this nifty device that would plug into the internet connection in the house and create a sort of personal cell tower inside. I called Sprint, and sure enough -- they sent one out! (Apparently you do have to talk to someone for this -- I tried the online chat thing and they said to call Account Service) It arrived today and I have now plugged it in and I'm waiting for the lights to stop flashing -- they say up to 2 hours for the device to identify all the stuff it needs and set itself up (?!?)
*update* after 30+ minutes, the GPS signal still wasn't working. You need the GPS to prove that you are not trying to use the Airave to scam cellular coverage in another country. The thing does come with a GPS antenna - so I've plugged that in and put the receiver end in the window of the office. Hopefully that will work -- I really don't want to deal with mounting an antenna outside again :)
*update2* so it really did take 2 hours -- but now my phone shows data connection and all bars! woo hoo! now I can answer the phone inside the house and expect to keep the call more than 5 minutes!
Subscribe to:
Comments (Atom)