About eli sowash

technology guy and recovering workaholic

This is a blog post about a toilet.

Specifically, this blog post is about a smart toilet, the LIXIL Satis. Recently, this little commode made headlines because security researcher Daniel Crowley, of Trustwave SpiderLabs, published a security advisory related to it. Crowley’s advisory calls out the fact that the Satis uses a bluetooth passcode of ‘0000’ which is hardcoded into the device, and cannot be changed. The media have scooped up this little story and run mad with it. It’s everywhere. Everyone’s reporting this because they think it’s sensational.

I think they’re all wrong.

Lots of bluetooth devices use a hardcoded passcode of ‘0000.’ That doesn’t mean they’re all hackable. I will concede, using a passcode of ‘0000’ is pretty weak security, but just because this toilet uses it, doesn’t mean anyone can take control of it from outside the bathroom door.

Bluetooth devices need to be bonded before they will exchange data, and devices are bonded through a process called ‘pairing.’ Based on the advisory, the Satis would be classified as Limited Input device.

In the interest of full disclosure, I have not been able to put my hands on an instruction manual for the Satis, and I do not own one myself. I am assuming, at this point, that the toliet is NOT automatically in pairing mode, and that in order to bond it with your smartphone, you need physical access to both. If the above assumption is incorrect, and the Satis will pair with any nearby bluetooth device, I submit that THERE is the vulnerability, not the weak passcode.

The author’s position is that an attacker can pair their phone with the Satis and download the app, and once bonded, they can control the toilet and make someone’s life miserable. That’s hardly a hack, though – if you leave your phone with your kid while you’re in the bathroom, or your spouse is just plain evil, they can do exactly the same thing.

The luxury toilet community may breathe a sigh of relief, your throne is not as hackable as the Internet may lead you to believe. 

 

http://en.wikipedia.org/wiki/Bluetooth#Pairing_and_bonding

Traffic

Last night, we got a little wintery mix, which ruined traffic in Baltimore this morning. But that’s not important. Traffic in Baltimore is a normal occurrence. If you get on or near the beltway, you’re going to hit some traffic – it’s been this way since I could drive, and by all accounts, long before too. So, you think I’d be used to it.

Well I’m not.

My wife observed once, that when I approach a red light where there’s a driver ahead of me in my lane, but the next lane over is empty, I will ALWAYS change lanes. It doesn’t matter if I have to be in my original lane to make a turn, or if it ends on the other side of the light, I always shift over. She said “You really don’t like being in line, do you?”

It’s true, I hate waiting in line. If I’m in a queue longer than one other person in the grocery store, I seethe until it’s my turn. Then, I’m surly towards the cashier. If there’s someone ahead of me repacking their briefcase at the x-ray at work, I’ll go around them. The DMV makes me crazy, because no one ever seems bothered by the fact that there’s a lot of people doing NOTHING but WAITING.

So, why is it that queuing enrages me so? I don’t think that I’m more important than everyone else, that I should for some reason receive preferential treatment. I don’t want to cut to the head of the line, I want the line not to exist.

I see a queue is a result of a system not performing optimally. Either it’s too many drivers on the road at one time, or someone’s had a crash and everyone else is rubbernecking. Or, not enough cash registers open. Or lazy state employees.  Somewhere, somehow, someone hasn’t done what they are supposed to, and now there’s a queue, and that’s a problem. The system is broken. I’m compelled to fix problems, and I can’t, and I think that’s the source of my frustration.

My thoughts on Penn State

Penn State means a lot to me. The city of State College, and the University have been a part of my family for years. I was born in State College, and both my parents attended PSU. My Grandfather, another PSU grad, retired as a mechanical engineer from the Office Physical Plant. I’ve been accepted to Penn State’s MIS program, so starting this fall, I’ll be attending PSU in pursuit of a Master’s degree.

I’ve read every word in the Freeh report, and have reached the following personal conclusions. Please keep in mind these are my own opinions….

Gerald Sandusky does not deserve to breathe the same air the rest of us do, and for his abuses, deserves everything the legal system and court of public opinion can and will do to him. Part of me doesn’t want to see him alive; but part of me feels like the gas chamber or lethal injection is to humane of a punishment.

Graham Spanier and Gary Schultz should be similarly punished for their efforts to cover up the activity. They had multiple opportunities to inform the Trustees of the incidents, and chose instead to allow Sandusky to retire with honor and dignity, and most regrettably, let him retain all the tools he needed to continue to abuse children – whether they thought he would or not.

Joe Paterno is guilty of not being properly equipped to handle the situation, and while he could have done more, I don’t believe he intentionally covered up Sandusky’s activity. From page 77 of the Freeh report: “I didn’t know exactly how to handle it and I was afraid to do something that might jeopardize what the university procedure was,” he said. “So I backed away and turned it over to some other people, people I thought would have a little more expertise than I did. It didn’t work out that way.” Paterno added, “In hindsight, I wish I had done more” and regretted that he did not. Being the face of the football program, his involvement cannot be discounted, but I do not believe he deliberately covered up Sandusky’s activity. Remember, according to the Freeh report, the investigation in 1998 found that Sandusky had not done anything illegal, and no charges against him were filed.

Fining the football program and placing the funds into an endowment for child abuse prevention programs is a just and suitable punishment for the University. I agree with and support the NCAA’s ruling here.

Dismantling the statue and monument to Joe Paterno will help to move past the issue and look forward, and because it’s become symbolic of the controversy, is a demonstration on the part of the university that it recognizes the failure of the face of the football program to do everything he could to educating and nurturing the young people his university influences.

Taking away the wins from 1988 to 2011 punishes a lot of people who didn’t have any knowledge or involvement in the incidents. This just smears the legacy of the football program, but doesn’t do anything to help the victims or prevent future abuses from taking place.

Halving the scholarships for the next four years and excluding from the bowl games will certainly ‘take the football program down a peg’ and put education in front of athletics, but also punishes a lot of people who don’t deserve it. State College will suffer without the football season to support it. It’s a college town through and through, and a lot of local business depends on the tourism the football brings.

Again, echoing the Freeh report: “The most saddening finding … is the total and consistent disregard by the most senior leaders at Penn State for the safety and welfare of Sandusky’s child victims.” And echoing NCAA President Mark Emmert… “No matter what we do here today, there is no action that we can take that will remove their pain and anguish.”

3 Laws Safe

I’ve been thinking about Isaac Asimov a lot lately.

Read the wikipedia entry for the long version, but here are the highlights: Born in Russia in the first quarter of the 20th century, started writing sci-fi in in the late 30’s, and introduced the words positronic, psychohistory, and robotics to the English language. In his career, he wrote hundreds of short stories and books, and you can find his writing in all 10 of the major categories of the Dewey Decimal System.

In popular culture, he’s probably most recognized for the movie adaptation of some of his stories: I, Robot. The book of the same name is actually a collection of his short stories, and aside from some of the character names and minor plot points from several works, bears little resemblance to the screenplay.

I’ve read a fair amount of his short sci-fi works, and my opinion is that he used the genre simply as a hook on which to teach some very valuable moral lessons.

Take “The Last Question” for example. The story follows 6 characters who all turn to a machine with the same thought: How can the the total entropy of the universe be reversed? Can the second law of thermodynamics be undone? The story jumps forward in time as man and computer both become increasingly complex and the universe increases in entropy…until at last, the question can be answered.

And, Bicentennial Man – which moved me to tears when I read it, and again when I saw the movie. In this short story, Andew (a robot) is consumed with the overwhelming desire to be human, and over his lifetime, works through the legal and moral implications of his desire on his tireless quest to do so.

Asimov died in 1992, just before the personal computer revolution. I think he would not at all be surprised by the relationship man has developed with the machines of their creation. His stories may have been sci-fi in subject matter, but I think underneath, they were about humanity.