From: Michael G Schwern Date: 09:09 on 19 Sep 2007 Subject: iAlertU iAlertU is actually an awesome piece of software. It's a *software* alarm for Mac laptops. It uses, amongst other things, the built-in Sudden Motion Sensor to detect if the laptop has moved, it can notice if the AC adaptor has been pulled, the keyboard typed on, the touch pad touched or the screen closed. Once it's been armed, if it detects any of that, it takes a picture with the built-in camera and mails it out. It then sets off a wailing alarm. This is all very handy as it solves the conundrum of working at a coffee shop and have to go to the bathroom. Do I take the laptop with me and look like a dork or do I risk it being stolen? And the coolest part of all? You can arm and disarm it with the remote control that comes with your Mac. Well, that remote is really small and easily lost. What if you don't have it with you? That's ok, you can arm it via a menu option. But to disarm it you need that remote. Whoops.
From: Chris Devers Date: 10:28 on 19 Sep 2007 Subject: Re: iAlertU On Sep 19, 2007, at 4:09 AM, Michael G Schwern <schwern@xxxxx.xxx> wrote: > iAlertU is actually an awesome piece of software. It's a *software* > alarm for > Mac laptops. [...] > > [...] You can arm and disarm it with the remote > control that comes with your Mac. Well, that remote is really small > and > easily lost. What if you don't have it with you? That's ok, you > can arm it > via a menu option. > > But to disarm it you need that remote. > > Whoops. Surely, having an easy way to disarm it without the remote would greatly diminish its usefulness as an alarm, no? The whole point is to draw attention to itself if it gets tampered with while armed. I suppose it could ask for some kind of override password, but that could be eavesdropped; requiring the Remote does seem like amore robust approach to making it tamper-resistant. If all else fails, can't you just kill the PID from Terminal, or force a reboot?
From: Yossi Kreinin Date: 10:48 on 19 Sep 2007 Subject: Re: iAlertU Chris Devers wrote: > On Sep 19, 2007, at 4:09 AM, Michael G Schwern <schwern@xxxxx.xxx> wrote: > >> >> But to disarm it you need that remote. >> >> Whoops. > > > Surely, having an easy way to disarm it without the remote would > greatly diminish its usefulness as an alarm, no? > Maybe it would (although maybe something requiring a password could help). However, having an easy way to *arm* it without the remote doesn't seem to be great, either. Because this way, if you don't have the remote with you, you are quite likely to find that out after arming the alarm. Which is suboptimal.
From: Michael G Schwern Date: 11:58 on 19 Sep 2007 Subject: Re: iAlertU Yossi Kreinin wrote: > Chris Devers wrote: >>> But to disarm it you need that remote. >>> >>> Whoops. >> >> >> Surely, having an easy way to disarm it without the remote would >> greatly diminish its usefulness as an alarm, no? >> > > Maybe it would (although maybe something requiring a password could > help). However, having an easy way to *arm* it without the remote > doesn't seem to be great, either. Because this way, if you don't have > the remote with you, you are quite likely to find that out after arming > the alarm. Which is suboptimal. He gets it!
From: Peter da Silva Date: 13:43 on 19 Sep 2007 Subject: Re: iAlertU You know, I was thinking there was something funky about this... I looked at iAlertU a few months back and didn't immediately think "damn, that's hateful", so I figured I ought to have a check. According to the docs: Click and hold the "menu" button on the Apple remote OR select "Arm" from the pull down menu bar on your status bar to arm iAlertU. Click and hold the "menu" button on the Apple remote OR enter your password with the keyboard to disarm iAlertU. You must have set your password in the preference panel in order to arm iAlertU from the status bar menu. You don't need the remote to disarm. You can just enter the password. Having to enter the same password to arm it, though, is hateful. You should be able to "cock" it or use a different password, so someone can't shoulder-surf the password.
From: Michael G Schwern Date: 15:23 on 19 Sep 2007 Subject: Re: iAlertU Peter da Silva wrote: > You know, I was thinking there was something funky about this... > > I looked at iAlertU a few months back and didn't immediately think > "damn, that's hateful", so I figured I ought to have a check. > > According to the docs: There's documentation? Who reads that? > Click and hold the "menu" button on the Apple remote OR select "Arm" > from the pull down menu bar on your status bar to arm iAlertU. > > Click and hold the "menu" button on the Apple remote OR enter your > password with the keyboard to disarm iAlertU. You must have set your > password in the preference panel in order to arm iAlertU from the status > bar menu. > > You don't need the remote to disarm. You can just enter the password. Ahh, how OBVIOUS! I should know to type the arming password into a blank screen to disarm it! Password dialog? Pish-posh! Hate. (Thank you, Peter)
From: Michael G Schwern Date: 12:08 on 19 Sep 2007 Subject: Re: iAlertU Chris Devers wrote: >> iAlertU is actually an awesome piece of software. It's a *software* >> alarm for >> Mac laptops. [...] >> >> [...] You can arm and disarm it with the remote >> control that comes with your Mac. Well, that remote is really small and >> easily lost. What if you don't have it with you? That's ok, you can >> arm it >> via a menu option. >> >> But to disarm it you need that remote. >> >> Whoops. > > Surely, having an easy way to disarm it without the remote would greatly > diminish its usefulness as an alarm, no? No. > The whole point is to draw attention to itself if it gets tampered with > while armed. I suppose it could ask for some kind of override password, Seeing as how it requires a password to be armed via keyboard, that would be the idea. If xscreensaver can figure this out, you'd think iAlertU would, too. > but that could be eavesdropped; requiring the Remote does seem like > amore robust approach to making it tamper-resistant. Maybe that's how they do it in the movies, but I'm pretty sure I'm not being followed around by a gang of hip, young, charming hacker prodigies intent on stealing my sekret data so they can save the world. I just want to stop some jerk from walking off with my laptop in the minute it takes me to go to the bathroom or if I have to step outside for a phone call. A password will be fine, thanks. And those nifty remotes? I don't think they have any sort of unique ID. Last I checked any remote will work with any laptop. Here's something fun to do when you're bored; get an Apple remote and find some schmoe with a Mac laptop. Sit behind him, palm the remote and start turning his music on and off, bringing up Frontrow, changing songs, turning the volume up and down, etc... HI-LARITY! > If all else fails, can't you just kill the PID from Terminal, or force a > reboot? While this might be an acceptable work around for your average Windows user, I expect software that doesn't conspire to lock me out of my own computer.
From: Patrick Quinn-Graham Date: 12:30 on 19 Sep 2007 Subject: Re: iAlertU On 19-Sep-07, at 12:08 PM, Michael G Schwern wrote: > And those nifty remotes? I don't think they have any sort of > unique ID. Last > I checked any remote will work with any laptop. By default this is true, but as anyone with multiple apple devices in one place quickly learns you can pair the remote and a device, at which point it'll only listen to one. (In my case it's an Apple TV & a MacBook Pro... wouldn't want the laptop doing odd things every time I change stuff on the TV). At any rate I do this as a "first thing" on any mac/mac like device I own/take care of, simply to prevent such shenanigans. It's vaguely hateful that Apple doesn't, as part of the "Hi, you made a great decision in giving your money to apple, watch this animated video" welcome sequence, prompt you to pair the remote. The ability to pair, I believe, is only vaguely mentioned in the security preference pane... with an inactive "Unpair" button - the pairing sequence is initiated from the remote, but really, it should have a link to help there or something. > Here's something fun to do when you're bored; get an Apple remote > and find > some schmoe with a Mac laptop. Sit behind him, palm the remote and > start > turning his music on and off, bringing up Frontrow, changing songs, > turning > the volume up and down, etc... HI-LARITY! Wouldn't work on mine, but I can certainly see the attraction of such prankery. ~patrick
From: Peter da Silva Date: 12:55 on 19 Sep 2007 Subject: Re: iAlertU > Seeing as how it requires a password to be armed via keyboard, that > would be > the idea. If xscreensaver can figure this out, you'd think iAlertU > would, too. In fact, it shouldn't need a password to set (or at least it should be possible to 'cock' it with a password to enable passwordless setting in public places) and should be resettable with a password. > And those nifty remotes? I don't think they have any sort of > unique ID. Last > I checked any remote will work with any laptop. They do. The laptop normally doesn't care... but it can be set to only listen to a specific remote. Personally I'm kind of pissed that Apple didn't spend an extra 5c on the IR capability and make it two-way so I could sync my Clie via IR. Speaking of which, I suspect any PalmOS device with OmniRemote installed could sniff the code. No, the dependence of iAlertU on those little remotes is more gimmick than security.
From: Smylers Date: 14:32 on 19 Sep 2007 Subject: Re: iAlertU Michael G Schwern writes: > iAlertU ... Whoops. fUrthermorE, wHaT a cHarminG cApitalizatioN sChemE iTS nAmE hAS. sMylerS
Generated at 10:26 on 16 Apr 2008 by mariachi