Category: Technology

Turn It Off And On Again

A small update to my initial thoughts on the Apple Watch. The abysmal battery life and crashing apps problem appears to have been corrected after I rebooted the watch. After that it notified me that an update to WatchOS was available. I’m not sure if rebooting or the firmware update ultimately fixed the problem but things are working much better than they were.

Apply firmware updates to watches? The future is weird. But it’ll get a lot weirder when we have to apply firmware updates to our batteries.

Cyberfailure At The Cyberdepartment Of Cybersecurity

Do you ever get the idea China’s ability to breach United States’ networks isn’t so much due to their skill as to their adversary’s incompetency? After the breach of the Office of Personnel Management’s (OPM) network it was revealed that government networks are woefully out of date. In fact China was focusing its efforts of non-milistary federal agencies. But even though other federal agency’s network security is lackluster we were told time and again that the Department of Defense (DoD) is held to a higher standard. That wasn’t true either:

The United States Department of Defense is still issuing SHA-1 signed certificates for use by military agencies, despite this practice being banned by NIST for security reasons nearly two years ago. These certificates are used to protect sensitive communication across the public internet, keeping the transmitted information secret from eavesdroppers and impersonators. The security level provided by these DoD certificates is now below the standard Google considers acceptable for consumer use on the web.

Few things amuse me more than when one federal agency, in this case the DoD, fails to abide by the recommendations issued by another federal agency, in this case the National Institute of Standards and Technology (NIST). This shouldn’t be surprising though, the DoD’s e-mail servers don’t even support STARTTLS so any e-mails traveling between their servers are being sent in the clear. If the DoD can’t even take basic measures like that why would anybody assume they would utilize secure certificates?

We keep hearing about the coming cyberwar. When that finally comes the United States is going to be taken out in the initial volley. Every bit of news we hear indicates the computer security capabilities of the entire federal government are nonexistent.

Need Your Friend’s Wi-Fi Password? Ask Their Kettle!

A lot of companies are making a big deal out of the Internet of things. The Internet of things is just a fancy phrase for adding Internet connectivity to everything from lightbulbs to tea kettles. Theoretically this could enable some pretty neat functionality but it also means every device in your home could become an attack vector for malicious hackers. Not surprisingly the security record of current Internet of things manufacturers leaves a lot to be desired:

Following our recent demonstration at the Infosecurity Show and with Rory Cellan-Jones on the BBC here’s a write up and more technical detail on the Smarter iKettle hack.

[…]

For those of you who haven’t seen the demo in person, here’s how it works.

The brief version:

De-auth kettle from its usual access point. Use aireplay-ng
Create fake AP with same SSID
Kettle joins
Connect to telnet service, authenticate using default PIN of ‘000000’
Enter ‘AT-KEY’
Plaintext WPA PSK is then disclosed
Yes, it’s that easy

Oy vey! For some reasons each market appears dead set on learning the hard lessons the hard way. Software developers learned the mistakes of not taking security seriously. Automobile manufacturers are now learning that lesson. Manufacturers that produce Internet enabled devices will probably be the next in line to learn this lesson.

My advice for everybody is to wait a bit before diving too far into this Internet of things. Let the early adopters suffer the pain and misery of immature products. Then, when the time is right, move in and thank all those poor souls for their sacrifice.

Who Does The Work During A Labor Shortage

Neophobes always whine about automation taking jobs but what happens when there’s nobody around willing to do a job? That’s what Komatsu was asked when it became clear that there wasn’t enough laborers in Japan willing to fulfill the demands of building the 2020 Olympics facilities. Its answer? Automation, of course:

As Japan ramps up new construction in preparation for hosting the 2020 Olympics, experts believe it will face a serious obstacle. “The labor shortage in the construction industry could reach a crisis level in the next few years,” Martin Schulz, an economist at Fujitsu Research Institute in Tokyo, told Bloomberg.

To get around this problem, Komatsu has begun creating a new service it calls Smart Construction. A team of robotic vehicles scoops rock and pushes dirt without a human behind the wheel. They are guided in their work by a fleet of drones, which map the area in three dimensions and update the data in real time to track how the massive volumes of soil and cement are moving around the site.

There’s no reason why you need humans to operate earthmoving equipment. You can just as easily have the equipment operated remotely or autonomously. Komatsu’s solution appears to rely on autonomous earthmoving equipment that is guided by information provided by ariel unmanned craft. The unmanned ariel craft, which is operated by a human, scans the area and tells the earthmoving equipment what it needs to do to change the undesirable landscape into something desirable.

In addition to alleviating the labor shortage this solution is also much safer since no humans have to be directly involved in potentially dangerous work. I can’t help but reiterate that this future we live in is awesome.

Microsoft Hit It Out Of The Park Yesterday

As an Apple user I tend to pay far more attention to Apple’s products than Microsoft’s. Truth be told, with the exception of the Xbox line, Microsoft just hasn’t had anything that really piques my interest… until now. Yesterday Microsoft unveiled a number of new products and, damn, were those announcements sweet.

The Surface Book is everything the iPad Pro should have been. It’s a full laptop that converts into a tablet. Unlike previous computers that did so, the Surface Book doesn’t have a stupid hinge design. In fact the hinge design is really neat. If you’ve used old Windows tablets you’ve experienced the terrible world of monitors that flip around and fold down over the keyboard. None of that bullshit is present with the Surface Book. Instead the monitor bends around the body of the laptop to lay behind it. The weakest point of tablet computers, the rotating hinge the monitor sat on, has been replaced by something that looks pretty robust.

More interesting to me though was the new line of phones. Specifically the Display Dock. Microsoft has delivered what Ubuntu has been promising with its phone line and has yet to deliver, the ability to plug the phone into a dock and have it work as a full computer. This is something I’ve wanted since smartphones became a thing and nobody has delivered it until now. The Display Dock is the big payoff for Microsoft’s unifying strategy with its operating system. If Windows only had the software I need I would actually consider a Windows-based phone now. One device to do it all, or at least do most of it all, really appeals to me.

Getting rid of the old guard was the right strategy for Microsoft. It seems the company is no longer willing to rest on its laurels while companies like Apple eat its lunch. Due to that the market again has another decent competitor.

Embrace The Mesh

Mesh networks are wonderful for many reasons. My primary interest in them is their ability to decentralize Internet connectivity but they also offer a major advantage for those living in areas not currently services by high-speed Internet providers: a more cost effective means of obtaining Internet connectivity.

A lot of people complain that the Internet service providers (ISP) in their area don’t offer high-speed connectivity to their home but offer it to homes only a block or two away. In almost all cases ISPs will connect your home up but they’ll put the cost of expanding their infrastructure on you:

When Cole Marshall decided to buy an empty lot and build a house, one of his top priorities was getting fast and reliable Internet service.

Marshall says he received assurances from Charter, the local cable company, that he could get Internet access to his home in Wisconsin. There was also a promise of relatively fast DSL, with telco Frontier Communications telling him it could provide 24Mbps download speeds, he told Ars.

As it turned out, neither company could deliver. Once the house was built, Charter would only offer service if he paid $117,000 to cover the cost of extending its network to his new home. Frontier does provide DSL Internet, but only at slower speeds of up to 3Mbps downstream and 1Mbps upstream.

Marshall, who works at home as a Web developer, subscribed to Frontier and struggles with his Internet connection daily.

“Cable was always available everywhere I lived, and I never thought moving just a little bit out of the city would mean I’d get hardly anything,” Marshall said.

Whether Charter and Frontier provided those assurances is a case of he said, she said. But the core problem, Marshall wanting access to faster Internet connectivity, exists regardless. In this case Charter isn’t unwilling to provide him cable Internet but it does expect him to pay for expanding its infrastructure to him. The price isn’t surprising since acquiring permits, digging up ground, burying fiber, and covering it back up isn’t cheap. But Marshall also isn’t without choices.

Wireless Internet connectivity is nice because it doesn’t require building a lot of physical infrastructure. You only need two radios to span a gap. And based on the story Marshall isn’t that far from Charter customers with cable Internet service:

Marshall has been told that his home was about 3,200 feet from Charter’s network, or about 6/10 of a mile. But a Charter spokesperson told Ars that an inspection determined it could not build to Marshall’s home from the nearest facilities.

Spanning approximately one kilometer is easily doable with affordable radios. The directional NanoStations we used at AgoraFest can span five times that distance and cost about $40 to $50 per radio. Here is where Marshall could make use of a mesh network.

Were he to offer to pay one of Charter’s customers it’s likely they would have no issue providing him Internet access via wireless radio. After all, most people buy more bandwidth than they need and are happy to receive a little undeclared income. If other people in his housing development made similar deals it would be trivial for his neighborhood to have access to fast Internet connectivity for a very modest price. And because of how mesh networks operate the Internet connectivity could be maintained even if one of the Charter customers canceled a deal.

Establishing Reputations

Reputations are a tool we use everyday. Most people will warn their friends and family members about unsavory sorts and recommend reputable individuals. When looking for a new restaurant it’s not that uncommon this day and age to check for reviews on sites like Yelp. Successful businesses can find themselves in bankruptcy if their reputation becomes tarnished. Hell, I just bought a new shaver from the manufacturer of my old shaver specifically because of the positive reputation that company has established with me. With how important reputations are to most us of I am having a difficult time understand the outrage over this app:

You can already rate restaurants, hotels, movies, college classes, government agencies and bowel movements online.

So the most surprising thing about Peeple — basically Yelp, but for humans — may be the fact that no one has yet had the gall to launch something like it.

When the app does launch, probably in late November, you will be able to assign reviews and one- to five-star ratings to everyone you know: your exes, your co-workers, the old guy who lives next door. You can’t opt out — once someone puts your name in the Peeple system, it’s there unless you violate the site’s terms of service. And you can’t delete bad or biased reviews — that would defeat the whole purpose.

My question isn’t how a company could have the gall to release this but why it’s taken so long for something like this to be developed. The Internet has made it possible for people who have never met and have no common friends in real life to have meaningful relationships (be they friendship, business, or even romantic). As this trend continues to become more common a replacement for personal reputation recommendations needs to be developed. Will this app be it? Only time will tell. But it’s certainly a contender in a market with apparently few contenders.

Everything Is Made Easier Thanks To The Internet

In high school I took two semester of German and in college I took two semesters of Japanese. Unfortunately my knowledge of these languages has deteriorated to such a point where I can’t read, write, or speak anything intelligible in either. This is mostly because I’ve had no real means of maintaining that knowledge.

Some time ago a friend pointed me to Duolingo, a website that focuses on helping people learn languages. I’ve been playing with it for a few days and I must say that it has impressed me. Sadly Japanese isn’t available but German is so I’ve been relearning a bit of that.

I’ve also been working on Esperanto. Why would anybody learn a manufactured language? Because a surprising number of people in various anarchist communities, including the ones here in the Twin Cities, know it. And because I’m not terribly good with human languages because I lack an understanding of basic language concepts. My hope is a manufactured language that is consistent in its rules will help me learn the concepts enough to make learning other languages easier.

In both cases I’ve been surprised at how well Duolingo works. The fact that it gamifies language learning helps motivate me to keep with it (I’m a sucker for imaginary Internet points). But the fact that it has you translate phrases both ways and, in the case of German, speak some of it helps.

What amazes me is that it wasn’t that long ago that the only practical way to study a language was to enroll in a language class at a university. Now there is a website that offer the basics for free and gamifies it to motivate you to keep studying. I’m constantly in awe of this future we live in, especially in how it makes access to previously scarce information widely available.

Another Infected Ad Network, Another Reason To Use An Ad Blocker

As many website publishers whine about ad blockers destroying their revenue source we have yet another story demonstrating that ad blockers are actually security tools. Another ad network was exploited and the exploit lead to malware being distributed to visitors of the Drudge Report (which, in addition to delivering malware, also delivers brain cancer to visitors) and Wundergorund:

Millions of people visiting drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.

The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo’s ad network, exposing millions more people to the same drive-by attacks.

There are really two lessons to learn from this story. First, run an ad blocker. Second, uninstall Adobe Flash. But some people are unwilling to do the latter so they, even more than the rest of us, need to run a good ad blocker.

Personally I recommend using a tool such as NoScript to block all JavaScript from domains that haven’t been expressly white listed. But that’s a pain in the ass for many people and ad blockers act as a nice middle ground that blocks most of the crap but don’t require a lot of fine tuning to utilize.

Why I Generally Recommend iOS Over Android

As I’m sure many of you are, I’m the guy who friends and family come to when seeking advice on what electronic device to purchase. When somebody asks me whether they should get an iOS or Android device I generally point them towards iOS. It’s not because Android is bad, it’s a very good operating system. Unfortunately, in most cases, when you get an Android device you’re not so much dealing with Android as the manufacturer and carrier. Because of their meddling in an otherwise great operating system it’s difficult to know when or for how long you’ll get updates and that creates a security nightmare:

Now, though,Android has around 75-80 percent of the worldwide smartphone market—making it not just the world’s most popular mobile operating system but arguably the most popular operating system, period. As such, security has become a big issue. Android still uses a software update chain-of-command designed back when the Android ecosystem had zero devices to update, and it just doesn’t work. There are just too many cooks in the kitchen: Google releases Android to OEMs, OEMs can change things and release code to carriers, carriers can change things and release code to consumers. It’s been broken for years.

The Android ecosystem’s reaction to the “Stagefright” vulnerability is an example of how terrible things are. An estimated 95 percent of Android devices have a have a remote arbitrary code execution just by receiving malicious video MMS. Android has other protections in place to stop this vulnerability from running amok on your smartphone, but it’s still really scary. As you might expect, Google, Samsung, and LG have all pledged to “Take Security Seriously” and issue a fix as soon as possible.

Their “fix” is going to be to patch 2.6 percent of all active Android devices. Tops. That’s the percentage of Android devices that are running Android 5.1 today, nearly five months after the OS was released.

This isn’t a new problem. Manufacturers and carriers have been interfering with software updates for phones for ages. My first cell phone was a Palm Treo 700p running on Sprint’s network. Sprint, compared to other carriers who also had the 700p, would take forever to approve updates for the device and sometimes wouldn’t approve them at all. That meant I was stuck with unpatched software much of the time because Palm was at the mercy of Sprint.

Apple refused to allow carriers any control over iOS. Although this is likely part of why the iPhone was relegated to only being available on AT&T for a long time the decision paid off in the long run. When a vulnerability is discovered in iOS Apple can push out the patch and no carrier can interfere. Google, on the other hand, gave almost all control to manufacturers and carriers. Because of that it can’t push out Android updates to all of its users and that leaves many Android users with insecure devices.

I hope Google changes this and at least requires manufacturers to use Android’s official update channel in order to gain access to its proprietary apps (which is what most people use Android for anyways). The current situation is untenable, which is sad because Android really is a good operating system.