Netgear: Bad Default Security
Alright so I decided to get my girlfriend hooked up with a wireless router. Ended up getting a simple Netgear wireless-g router, perfect for someone who just needs to get online and doesn't need much in the way of fancy stuff. All set to install, which is when I started to wonder if Netgear's router installation process is well thought out...
- Okay so there's no paper documentation to do a manual setup. I just want the default IP, username and password. I can set the rest up myself. WHy won't you give me that, Netgear?
- Fine, I'll use the fucking 'wizard'.
- Alright wizard is working pretty well. Even asking me what sort of security I want on the wireless.
- Wait... shouldn't it ask me to change the router's default admin password?
- Shouldn't it at least tell me what the default admin password is so I can, you know, log into the damn thing?
- Alright, time to dig through the documentation ont eh CD and there it is... page two of the "manual setup" section contains the default router username and password.
- I finally am able to login to the router and change the default password for the admin account.
That entire time, the router was insecure. If someone going through the install declines to set up WPA or WEP security on the wireless access, taking over the router and seriously fucking things up would be child's play. Even a retarded "1337 hax0r" could do it.
And I wondered why so many wireless access points I run across are unsecured and using default passwords. One of the major players doesn't even prompt users to change the password!
if you use or buy Netgear routers, make sure to change your password. Apparently they don't think it's all that important.
Software Quality Assurance & Firefox 3
ArsTechnica has an excellent article about the recent Firefox 3 "blocking bugs" hubub, and the resulting response from the Firefox community. I will say that this article and this issue really sums up some of the difficulties of the software QA process - especially at the end of a cycle near release. Everyone (testers and developers) views their bugs, their issues, their code as the most important. This is difficult to overcome at times in a corporate software environment, so I can't imagine how hard it is in an open source software environment. It's one of the key challenges to QA: prioritizing bugs near release and determining which ones truly are blocking issues, which ones are incorrectly defined as blocking and which ones can be shipped and put off until an early service pack or hotfix.
The inflated number of blockers doesn't reflect problems with the Firefox development process or the program itself. Rather, it indicates that Firefox community members who actively participate in bug reporting and triaging are having trouble prioritizing the bugs properly. This is a very common problem that often emerges in large open source development projects towards the end of the release cycle.
Exactly. Hell, even corporate software development faces the same issue at times.
Asking maintainers to reevaluate bug priority is a way for Mozilla to refocus development on the most important issues so that the software is as robust and usable as possible by the release date. Reclassifying less-significant blockers is a necessary QA strategy that will actually lead to a better Firefox 3 release. No software will ever be released completely bug-free, and problems that can be fixed in updates after the Firefox 3 release can and should be reclassified at this stage so that they don't hold up more important development efforts.
This is very, very important for QA no matter who you are working for - an open source community or a corporation. End-of-cycle bug prioritizing can make or break a release. Leave too many as deferred can make users hate you. Try and fix too many and you'll be indefinitely postponing your release (and users will hate you). You need skilled QA and Development managers to be able to identify the stuff that absolutely MUST be fixed, the stuff that sucks but we can live with for a few weeks before a hotfix, and the stuff that just doesn't truly matter.
Speaking of hotfixes, this is something that the Ars article doesn't really go into but I'm sure (I hope) that the Forefox development community is already working in this fashion: branch your code even before release into a hotfix project. This project will be your first round of bug fixes for your product post-release. Even before the product is shipped start deferring the "sucks but we can live with it for a few weeks" bugs to that code branch. Put developers who are not needed for the release and bug cleanup process onto the hotfix. This way you have a head start on the hotfix that will make the (hopefully few) users who are unhappy about the shipped bugs happy.
In summary, "these are not the bugs you are looking for" and I think Firefox 3 is going to be just fine. Someone at the NYT should have done more research into software QA before writing that article or at least interviewed someone involved in QA management. By the looks of it they just reworked some press releases and added a dash of OMG!!WTFXORZ!!!700BUGZ!
Link Dump
so once again I've been gathering tabbed links in my browser with the idea of posting about them but it hasn't happened. So that means another Link Dump! You are excited, I can tell.
- Apparently crime really isn't as bad as people perceive it. Maybe people will calm the fuck down about all this panic over a "crime asploshun!!" in Indianapolis that really isn't. Although I doubt it. Because even though The Star carried this story, it won't stop them from sensationalizing crime themselves and contributing to the problem.
- I think I got about 100 IQ points dumber reading about the Scientific Proof For The Existence Of God!!!111eleventomgbbq!!. Really, if you have any sort of logical reasoning skills at all it's easy to decimate this thing into a million pieces. but I value my sanity FAR too much to actually read it again and do that in blog form. The best part is probably the uranium part. jeebus.
- A great find, CJ notes the appearance of Indianapolis in a new Marvel comic! Too bad they based the art on an old picture of the circle with the now non-existent Market Square Arena visible. Oops.
- God I hate the Pacers anymore. And not just because of horrible management decisions and blundered personnel. No, also because they still refuse to have any redheads on the dance team. Heathens!
- Schadenfreude, thy name is Ted Stevens Getting Raided By The FBI. I really hope they showed up in a BIG TRUCK! In honor of this amazing news, I went back and found the Ted Stevens internet speech techno remix.
- Nerds + Showbiz Pizza + The Rockafire Explosion + New Ms. Booty = AWESOME.
- This REALLLLY deserves its own post but damn if I have the time right now. So Thanks Mitch! Because you caved to the property tax whiners (of whom so many are people who have been paying far under what they should have been for years - I'm looking at you Meridian Kessler District) and put off the new tax evaluations Marion County is going to have a $52 million shortfall. Don't worry, Indianapolis is only the economic engine for the state you pretend to represent completely (but in the end you just end up representing road construction companies and people who believe your fake accent). A big ol' hearty middle finger to Mitchie Rich The Amazing Midget Governor.
- I've been posting more on CWAMB lately. I have a big post eventually planned for a what-if solution for the NBA: a 50-60 team league with three divisions and European-style relegation. Keep an eye out for it.
- Couldn't agree more with this at Tapped. The way our politics work, the short sighted politician who only spends money in time of disaster instead of spending money when there is no disaster gets rewarded. The latter just gets yelled at for spending tax money and *gasp* maybe raising taxes. Heavens to Betsy, noooo!
- This is horrifying. Dear Oklahoma, I enjoyed my time there for a national high school student council convention in 1995, but you are now dead to me.
- Mega-Kudos to FCC Commissioner Michael Copps. You couldn't be more right about the absolutely TERRIBLE broadband policy in this country. Making the link between this and the rampant media consolidation in the US is very nicely done.
I think that's it? I hope?
Netflix
Finally signed up for netflix. Doing the one at a time unlimited per month plan. Figure that's enough for me. Anyway, who all has Netflix? Wanna be my Netflix friend?
Clickity here if you have Netflix and wanna be my friend. 
Update: ohhh very cool. Netflix's "Watch Now" feature combined with my desktop taht's hooked up to my big screen means I can instantly watch some movies. not in fulll full screen, but enough to watch a movie now and then if I don't need it to be in the best quality. Sweet. I'm trying it out now to see how it goes.
H1B Visas, Layoffs and Gaming the Job Market
A very interest article by way of Ars Technica:
Senators: Companies with "mass layoffs" shouldn't hire more foreign workers
US companies that lay off large numbers of workers shouldn't be allowed to hire workers with H1B visas if they're planning a large layoff that will reduce their total number of US workers, according to two senators. Bernie Sanders (I-VT) and Chuck Grassley (R-IA) have introduced an amendment to the Senate's immigration reform bill that would not only restrict H-1B hires from companies that have had "mass layoffs" within the last year but would also require companies that are planning to announce mass layoffs to cut their foreign workers as well. If the company has already received approval to hire new H-1B workers but plans to make layoffs soon, it must inform the foreign workers that their visas will expire within 60 days.
The purpose of the bill is to ensure that US companies are not exploiting the H-1B system by essentially replacing US workers with cheaper foreign talent.
Basically what you've got here is the current system allows companies to use foreign tech workers under a limited number of H1B visas at below the market 'price', so they can pay equally skilled tech workers less money than their American counterparts. The idea of this visa type is to fill tech jobs that are not being filled by American workers (the infamous "US tech worker shortage").
But what if this "shortage" is bunk? CJ and I had a good IM going about this.
[14:38] CJ: The so called US tech worker shortage is one of the biggest myths around, one large corporations exploit to drive down wages.
[14:38] CJ: By bringing in H1Bs to fill this infamous "shortage" for less pay.
[14:38] me: definitely. go to any Borders or Circuit City in San Jose to dispel that myth, I'm sure.
[14:39] CJ: Most tech workers I know have jobs, but quite a few are what I would call underemployed, working at jobs far below their knowledge level.
[14:39] Me: or how many people with solid CS degrees or other equal experience are working below their qualifications in tech support or something
There isn't a shortage. There is an underemployment of tech workers. The use of (and drive by big tech companies like Microsoft and Google to increase) H1B Visas is merely a way to game the employment market. By bringing in foreign workers for under market value they are able to depress the wages the market will bear for these jobs.
To quote more CJ in IM:
I normally don't buy into arguments of the form "the damn foreigners are stealing our jobs"... But the specific defined purpose of H1B visas are to bring in workers from overseas to fill jobs that supposedly aren't being filled by citizens. Which is fine if that's true, but it's clearly not. H1B workers are tied to their company and paid below market rate, that's why companies like them.
And more from the Ars article
"According to the Bureau of Labor Statistics, over the next decade, 2 million jobs will be created in mathematics, engineering, computer science, and physical science. That equates to about 200,000 jobs a year times 10 equals 2 million jobs," said Sanders on the Senate floor in May. "Under this legislation, the number of H-1B visas would increase to as many as 180,000 a year. That means virtually every job, about 90 percent that will be created in the high-tech sector over the next 10 years, could conceivably be taken by a H-1B visa holder."
Those companies as well as others continue to push for more foreign workers, however. The H-1B cap for 2007—65,000 workers—was filled almost instantly before the fiscal year even started, and prominent companies like Microsoft and now Google claim that without the allowance of more foreign workers, they are left unable to fill gaps in talent.
Is Google, MS, IBM etc trying to tell me that there will be a 1.8 million worker shortage in the tech industry over the next 10 years? I think not. Again, this is just large corporations at work gaming the job market so they can pay less. And if there really is a shortage, why not spend their massive lobbying dollars on math and science education programs for our primary and secondary schools? Fund more scholarships in the tech fields.
Get rid of H1B visas and open up the jobs to anyone. If there really is a shortage, foreign workers will fill in the gaps no problem at an actual REAL market value.
Funny how corporations cry for a free market when it suits their needs but wants to rig the market when it can be done in their favor.
And the irony of techies and technolibertarian types working in software and other tech fields supporting an amendment co-sponsored by an admitted Socialist is not lost on me. This is possibly up for the Unintentional Irony Of The Year award.
Apologies to CJ for liberal use of our IM conversation. This just means you need to write your own post on this which will invariably be better sourced and more intellectually reasoned than mine
Update: Libertarianism is Anarchy for rich people. heh
Anyone have Remote Desktop problems with Comcast Internet?
Maybe all the nerds in the house can assist on this one.
I recently switched from SBC DSL to Comcast Internet. In the process my remote desktop has ceased connecting to work. The only things that really changed in my home network setup (same Linksys Wireless B router)
- There is now no login for the connection, it just gets IP automatically
- Router now spoofs the MAC address of my desktop computer
The only thing I can think of is it has something to do with the MAC address thing. I'm going to try and call Comcast to see if they register a MAC address and if I can change it to my laptop's MAC and reclone it. Maybe that would do it?
I have tried opening the RD port both in my laptop's Windows Firewall and on the router to no avail.
Update: Well it's not the MAC address thing. I got the MAC reset just fine and still no dice. Even worse, RD is working fine on my desktop computer so it's SOMETHING about this laptop and this network that is just not playing nice. Maybe the good ol' "reboot your computer" solution will work.
What error code? What. What? Exactly.
I just want to share the joy of working in software. Something that The Kids can look forward to when they are in a cubicle 40+ hours a week. Posted this at Worse Than Failure but figured some of my readers might get a kick out of it as well...
---------------------------------------------------------------------- ---------
Error: Enable Job
Warning: Number: -2147467259
Error: ########### Error -112: Client Error -- What
---------------------------------------------------------------------- ---------Product name redacted.
I feel like I'm working inside of some Abbott and Costello sketch.
Tester: What's this error code?
Developer: What.
Tester: What?
Developer: Exactly!
Tester: I'm confused. What is this error?
Developer: Yes
Tester: Yes? Yes isn't an error.
Developer: No.... what.
Tester: I said yes isn't an error.
Developer: What is the error.
Tester: That's what I'm trying to find out!!!!
<Tester collapses in a heap. Developer kicks him while he is down.>
Last.fm bought by CBS
Crossposted at my last.fm journal.
So apparently Last.fm was bought by CBS.
Marvelous. I have predictions.
- It will start off good with a cash infusion for some dream features the creators have been wanting to do for awhile
- CBS will start to get antsy and want a return on investment
- last.fm will try to bridge the gap between a vibrant Web 2.0 community and making money for its new corporate masters. The old users will stick around but will start feeling the changes and looking for alternatives.
- after a year or two of trying a best of both worlds approach, CBS will demand changes to make them more money. The old users will start leaving and the users left will be new and know nothing of the community standards.
- The users that are left (mayeb higher numbers but less buy in and attachment to the community) will turn the social aspect into a wasteland of stupid comments, bickering and flamewars. Last.fm will slowly wither on the vine as the site transitions from community driven and vibrant web 2.0 to yet another corporate attempt at vibrant web 2.0 that fails miserably
Ah well.
For those curious, Flickr is currently somewhere between steps 3 and 4 after their purchance by Yahoo.
Update: MySpace is most defintiely a 5+ on the above timeline.
I Run A Green Website
Now this is quite cool. My awesome webhost, Dreamhost, is now Carbon Neutral. that means that the websites I run are carbon neutral.
As if you needed another reason to use Dreamhost for your websites.