It seems for years there have been many apparently damning articles (or at least the headline only) attempting to discredit the security of Bluetooth. The latest of such had recently been featured on digg. For those of you who did not watch the video (or simply read the headline), the guy pairs to a device that is inherently flawed. It is not bluetooth that is insecure, it is the device which apparently uses a guessable PIN and doesn't require a pairing sequence. The 'hacker' does not listen in on a phone conversation- he pairs to the device and listens to (and 'injects') arbitrary audio. This is not a hack, it is a remote pairing to a device that apparently breaks all published bluetooth spec's.
For those who are still worried about bluetooth security or eavesdropping, the only way for this to happen is:
(a) some severely under developed device such as the headset mentioned in this article,
(b) someone eavesdrops during a pairing procedure, which is most likely performed within the owners own home- which the only thing that would be discovered would be the pin- not the device info. Once the device had been paired, there would be no way to 'unpair it' which would present the risk of anyone with a bluetooth host to capture any device at random.
Why stop at headsets? Phones and even PC's have bluetooth functions. BlueBug is a blog which features articles about 'bugs' in bluetooth devices, which are more likely to be design flaws. I look at these problems and have come up with a good analogy: it is like having a sports car with a key that can never be copied and without it the car can never be operated, but the manufacturer decided to glue it in the ignition.
Wednesday, May 21, 2008
Wednesday, April 23, 2008
Downpayments
I have recently taken a couple downpayments for work, although my contract is still up in the air. I am concerned that taking and depositing the downpayment puts me in a position to deliver something that satisfies the client, and they are now completely in control to just 'walk away' if they are not happy. This worries me, because now I risk losing out on that work I have invested. Thankfully, the downpayment amount is good enough to get started- but it still makes me wonder, if I should hold out on depositing my downpayments until I have a signed contract, or if I should just move on as soon as I receive first payment.
Monday, April 21, 2008
Getting Started:
This past week I really got started on the RTNMS project. Today I plan to connect to some live data. To motivate myself on this project I decided it would be best to halve the timeline to get it done. So even though the project is to run 2 months, my goals to hit are for completion of hte core project (everything except importing old records) would be done by end of month, and the rest would be completed the following month. This way I give myeslf some breathing room to mess up and start over.
Monday, April 7, 2008
Support contract... finally?!
My free support for my PMS integration project should officially be over but I am still hearing support requests on an almost weekly basis. These have been a mix: either they are completely due to user error or network error or their is a small bug on the website. There has been one bug so far which took a few tries to quash but it should be good now.
I am concerned now because I am supposed to be negotiating a new contract for support. The problem here is that I am not too interested in the type of support that I have been doing for them so far- unless it is grossly over paid. I would feel most comfortable if all support is deferred to other people familiar with (or can become familiar with) the project and that the only support requests that I receive are the ones that are escalated. This would be good for a few reasons: a) my time is too valuable to spend half a day with some basic troubleshooting. I would rather someone come to me with actual good conclusions- and to be approached only after all else fails and b) going through the process first and then escalating and charging rediculous price for this would ensure that I won't be bothered with nonsense requests.
I think in negotiating the price for support I should simply ask for too much and not get the deal. This way when they do need support they will try all other means necessary before resorting to paying me. I think maybe the best way to approach this may be to say it: "I don't want to be bothered with this and you don't want to pay the price for me- I suggest you find some other means for support." I am just always afraid of souring future business.
I am concerned now because I am supposed to be negotiating a new contract for support. The problem here is that I am not too interested in the type of support that I have been doing for them so far- unless it is grossly over paid. I would feel most comfortable if all support is deferred to other people familiar with (or can become familiar with) the project and that the only support requests that I receive are the ones that are escalated. This would be good for a few reasons: a) my time is too valuable to spend half a day with some basic troubleshooting. I would rather someone come to me with actual good conclusions- and to be approached only after all else fails and b) going through the process first and then escalating and charging rediculous price for this would ensure that I won't be bothered with nonsense requests.
I think in negotiating the price for support I should simply ask for too much and not get the deal. This way when they do need support they will try all other means necessary before resorting to paying me. I think maybe the best way to approach this may be to say it: "I don't want to be bothered with this and you don't want to pay the price for me- I suggest you find some other means for support." I am just always afraid of souring future business.
The fun begins- new design for a new web application
I often find it frustrating to start a new project without financial incentive but thankfully that is no longer the case with my new project. This first phase of project is to replace their current online system and to implement the RTNMS as a means for tracking workflow in the system. The short term goals for this project are to build a base system for tracking this type of activity and to build a platform for tracking and managing users that create and accomplish tasks based on workflow. I have decided to go with a new design approach for the interfaces: The web developer I am working with will create a set of pages that use a web service by sending API calls to retrieve segments of HTML. To accomplish this, the web designer will be helping in the integration of the project by designing the XSL files that will lay out the content. He would then simply need to call the function with his xsl file name and other arguments to retrieve the page segments for the site. He will do this based on an ad-hoc xml document that we will develop on a per function basis. Once we have defined all the method calls and XML documents, I will then have a better starting and ending point for completion of the remaining database parts. The database will be relatively flat and not too complex. Stored procedures will be flat and not contain too many cross table joins or other fancy stuff. This is done for several reasons: by keeping the logic for the site as the API, all focus for how the site actually behaves in terms of workflow will be centered on what is exposed at the API rather than fitting the API to work with the database structure. This will allow me to first write what data I expect to receive and and respond with and then tailoring my queries based off of what I need. Considering this is a fairly small and low user site I am not too worried about optimizing the table structure at this time. Another purpose for this approach is that I am trying to push a friend to help with this project and them simple I can make his first project, the higher the chance for success. If I were to place too much into his hands all at once and expect optimization I am afraid he will become discouraged and decided not to participate.
After implementing on paper the first few set of pages and discussing with the web developer exactly how the pages should be laid out I am reasonably confident that the entire project will fit comfortably within the scope for delivery without any major concern.
After implementing on paper the first few set of pages and discussing with the web developer exactly how the pages should be laid out I am reasonably confident that the entire project will fit comfortably within the scope for delivery without any major concern.
Monday, March 17, 2008
When do I get paid for a support contract?
Past week or so I had to support the network of the PMS system we deployed. This wouldn't be so bad if (a) the client didn't already have a network team AND network consulting firm that should be handling this and (b) if I were paid for the work I put in. I am just a bit angry at myself for getting into the situation and trying to help them trouble shoot their network- because that led them to believe that somehow I was responsible. Thats the last time I offer to help without having it be my fault- or at least getting paid! Getting back to the post title: when do I get paid for this type or any type of support? Well I guess that's up to me- I think it is safe to say that the application is now 1000% operational- and that any correspondence they have better give clear indication that my application is not working, and that they have taken measure to support on their own. Also, regardless of what the support- I will need compensation moving forward but I feel its a tricky situation to be too agressive on that. If I demand payment and compensation for support and it ends up that the software had critical flaws- then how can I justify charging for that type of work?
Sunday, March 16, 2008
Electronics Madness
In the weeks I haven't posted I had purchased and played with a few electronics labs and a bunch of parts- making weird noise generators, a connection to my parallel port to display numbers on 7 segment display, and a bunch of fun DTMF fun with a basic stamp doing the tones and the timing. Besides just playing around I didn't really get much of anything accomplished- besides realize that I need more time and pats... unfortunately when it came time again to invest more parts or time I found myself knee deep back in my consulting projects. More to come on the electronics/playing with stuff part of my life- when I am free to do that again.
Subscribe to:
Posts (Atom)
