Category: Technology

3D Printing a Better Future

3D printers are moving towards a world where goods can be readily manufactured at home instead of relying on centralized supply chains. A lot of people in the first world don’t understand the ramifications of this technology but in the third world the advantages of 3D printers are becoming quite obvious:

A growing number of people are bringing the maker spirit to off-the-grid and underdeveloped regions across the globe. It’s part of an effort to create technologically self-sufficient communities, while bringing a little economic uplift in the process.

Nonprofit organizations like Field Ready and for-profit businesses such as re3D have already brought 3D printers to underdeveloped economies. In Haiti, Field Ready’s Eric James and Dara Dotz are working on 3D printing on-demand birthing kits, including umbilical clamps. As Dotz told me, Field Ready is also encouraging small scale manufacturing of agricultural tools via 3D printing.

“We’re working on printing simple things like oxygen splitters for oxygen tanks, which link the tank to the patient,” Dotz said. “Small clinics just can’t get [these] medical products and equipment, which bigger hospitals can buy in bulk at a discount. You can also wait six months to three years to get your equipment, and then there can be a lot of corruption with that as well.”

3D printers have two advantages that I really cherish. First they decentralize manufacturing, which makes controlling can and can’t be manufactured difficult for the state. Second they allow people to store raw resources and use them to make needed tools when (or near when) they’re needed. Keeping a stock of every tool you may need is generally more difficult than keeping stock of spools of plastic wire.

The first world probably won’t see these advantages in action for some time but the third world, as is often the case, is seeing the effects of innovation in the present.

Obama Urges FCC to Allow ISPs to Charge by the Byte

Net neutrality is back in the limelight again thanks to one idiotic senator and one idiotic president. First there is Ted Cruz, who seems entirely unaware of how the Internet currently works:

Cruz spokeswoman Amanda Carpenter echoed the senator in her own tweet, writing, “Net neutrality puts gov’t in charge of determining pricing, terms of service, and what products can be delivered. Sound like Obamacare much?”

The Internet in this country already moves at the speed of government thanks to the regulatory atmosphere that gives a handful of Internet Service Providers (ISP) a practical monopoly on providing Internet access. And Cruz’s spokeswoman isn’t much smarter since net neutrality doesn’t put the government in charge of pricing, terms of service, or what products can be offered. It’s just a fancy term for the status quo, which is all traffic being treated with equal priority. What would give the government control over such matters is if we went with what the government considers net neutrality, which is an even more heavily regulated market than the one that already exists.

But the Republicans weren’t the only ones to field an idiot to speak about the Internet this week. The Democrats fielded none other than Obama:

President Obama today urged the Federal Communications Commission (FCC) to reclassify broadband service as a utility and to impose rules that prevent Internet service providers from blocking and throttling traffic or prioritizing Web services in exchange for payment. Obama also said utility rules should apply both to home Internet service and mobile broadband.

Treat the Internet like a utility? That’s just urging ISPs to charge customers by the byte instead of charging by access speed. Furthermore it would give local governments more power to further monopolize Internet access. Many municipalities already grant one or two companies control over utilities such as water and electricity. Case in point, the government of Minneapolis has granted monopoly electricity contracts to Xcel Energy and monopoly natural gas contracts to Centerpoint Energy. Imagine if the Internet becomes a utility. Then municipal governments such as Minneapolis could grant monopoly contracts to the likes of Comcast. Not only would you potentially be paying by the byte but you probably wouldn’t even have the almost nonexistent choice between ISPs that you have today.

So long as rely on the state to solve this problem we’re going to get fucked hard. The only long-term solution is to decentralize Internet access provision. That’s why I’ve been working on mesh networking initiatives. Mesh networks provide a decentralized network that would be very difficult for the state to regulate if designed correctly. I’m sure other options exist for decoupling the Internet from the state and I would love to hear about them.

Here’s Some Compromise

Most people have probably heard that Apple is no long able to bypass a device’s encryption and Google has announced the same feature will appear in the next release of Android. Anybody with a modicum of intelligence is glad to hear this but there are a few dipships who think this is a bad feature. Take this fool for example:

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law.

So a police back door is undesirable but Apple and Google could perhaps implement a police back door. Idiot. Do you know what I think about that idea? This is what I think about that idea:

fuck-you

That’s right, fuck this guy and his idea. There is no magical security mechanism that can allow only legitimate bypasses. If there is a back door then it can, as a matter of fact, be abused. Even if malicious third parties were unable to access the system it would still be ripe for abuse by law enforcement agents, which have a notable history of abusing power.

Here’s my idea for a compromise. Apple and Google should not implement any back door and in return law enforcement agents can deal with the fact that they can’t access our personal data on our devices. How’s that for a compromise?

Shell Shock Exploit

Can you guess what I was doing last night? If you guessed upgrading my servers you’re correct. The hits just keep on coming this year. Earlier there was a nasty exploit in the OpenSSL library, which a huge amount of software relies on, that allowed attackers to read arbitrary chunks of memory from a targeted server. Now a vulnerability in the Bourne Again Shell (Bash) has tossed a monkey wrench into the works as it allows the remote execute of commands:

Let me start with the CVE from NIST vulnerability database because it gives a good sense of the severity (highlight mine):

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

They go on to rate it a “10 out of 10” for severity or in other words, as bad as it gets. This is compounded by the fact that it’s easy to execute the attack (access complexity is low) and perhaps most significantly, there is no authentication required when exploiting Bash via CGI scripts. The summary above is a little convoluted though so let’s boil it down to the mechanics of the bug.

In the industry that is what we call bad news. So who’s vulnerable? Anybody using a system with a vulnerable version of Bash installed. Since Bash is an extremely popular shell amongst UNIX systems, including being the default shell in many Linux distributions and Apple OS X, there’s a lot of exploitable systems out there. But Microsoft users get to sit this one out.

If you run Linux updates Bash immediately. Apple hasn’t released a fix for this exploit yet but if you have Xcode installed you can compile a patched version of Bash or you can use Homebrew or Macports to install a newer version of Bash. And if you run a UNIX server and haven’t upgraded your system yet you better get your ass in gear.

Another Problem Easily Avoided By Not Wearing Skinny Jeans

Apple made a major design oversight with its latest iPhone. It seems that the phone does not get along with skinny jeans:

It was only a matter of time before the monstrosity known as the iPhone 6 Plus started causing problems. Today, word is getting out that the 5.5-inch phone may be vulnerable to unplanned situational curvature.

In other words, the phones are bending, and they’re not supposed to bend. They bend because people are putting them in their pockets, then sitting down, which is a reasonable thing to do. Call it Apple’s #Bendghazi, if you will. Or #Bendgate

This entire fiasco is pretty funny to me because I wear tactical mall ninja pants. My pockets are literally large enough to stuff .308 magazines into. There’s so much extra room in most of my pockets that I can sit down comfortably with .308 magazines stuffed into them. Nothing presses tightly against my skin and therefore isn’t likely to bend. But the trend today seems to be tighter and tighter pants with vestigial pockets that, like the front limbs on a Tyrannosaurs Rex, are technically there but functionally useless.

OK, I’m half joking there. I’m sure many of the iPhone 6s that have been bent weren’t left half hanging out of a vestigial pocket on a pair of skinny jeans. The real problem here is that people got exactly what they wished for. That is to say people have been demanding thinner phones with larger displays. While this sounds like a great combination you run into the real structural limitations. Namely the materials that make up a phone; glass, plastic, and aluminum; aren’t flexible but if you make them too thin they also aren’t strong enough to resist much force. Combine that with a larger surface area to exert force against and you have the recipe for a pretty flimsy piece of shit.

Be careful what you wish for because you may just get it.

Removing that God Awful U2 Album from iTunes and iOS

Last week Apple unveiled its new phone, payment service, and smartwatch. In addition to those three products Apple also did something despicable. When I opened the Music app on my iPhone to listen to songs from my carefully curated list of awesome fucking music I noticed something. That something stunk up my music list like a dead bloated corpse floating down an otherwise pristine river. That thing was U2’s Songs of Innocence album. Fortunately I disabled automatic downloads on my devices so what was stinking up my music list was just a link to download the album, not the actual songs themselves. But the damage was done. My phone was violated. Even though I attempted to console my phone with a continuous stream of Iron Maiden and Manowar I could tell that it wasn’t helping.

I knew that the only way to help my phone overcome this traumatic experience was to completely remove Songs of Innocence from it. As it turned out removing that piece of shit wasn’t doable. The best I could do was go into my Music app settings and turn off the Show All Songs option. But sweeping something under the rug isn’t the same as getting rid of it. The corpse may have been under the floorboards but the stench still crept into the room.

I wasn’t the only one made unhappy by Apple foisting shitty music from a shitty band onto my device (U2 is shitty, if you disagree then you’re wrong). A lot of people, many of my friends included, were upset to see that their devices had been violated. They too sought a way to purge the memory of U2 from their devices only to find out that no such way existed. Thankfully, not even a week after the announcement, Apple has finally created a way for its customers to completely purge Songs of Innocence from their iCloud account:

The US tech firm is now providing a one-click removal button.

“Some customers asked for the ability to delete ‘Songs of Innocence’ from their library, so we set up itunes.com/soi-remove to let them easily do so. Any customer that needs additional help should contact AppleCare,” spokesman Adam Howorth told the BBC.

Users who remove the album and do not download it again before 13 October will be charged for the 11 tracks if they subsequently try to add them again.

So if you have iTunes or an iOS device and hate shitty music feel free to click the link, log into your iTunes account, and have Songs of Innocence sent to the sewer where it belongs.

In the off chance that somebody from Apple is reading this I have a message for you: don’t ever let this happen again. If you want to give your customers’ something just give them credit to download whatever album they desire.

Yesterday’s Apple Announcement

There isn’t much else worth writing about so I’ll fill some space by giving a quick summary of yesterday’s Apple announcements.

First Apple introduced us to the new iPhone 6. It’s thinner and faster, just like every other iPhone. But here’s the twist, there are two screen sizes. The first, dubbed the iPhone 6, is slightly larger than the current iPhone. But Apple saved the best for last because the company has finally released a phone that is big enough to be impractical to carry around and it’s calling it the iPhone 6 Plus. Now Apple users can experience the joy of a phone that’s too big to fit in most pockets but too small to be a useful tablet.

Next Apple announced Apple Pay. I think the name explains it quite well, it’s Apple’s new payment system. This looks interesting simply because current credit and debit card security in this country is a joke. When it can be used everywhere credit cards are accepted I will probably take a bigger interest.

Finally Apple’s big announcement, the Apple Watch, made everybody at the event euphoric. Basically it’s the ugliest device Apple has released since I started using the company’s products. Seriously. It’s really fucking ugly. On the upside it does pack a lot of features into its hideous shell. The watchband is easily removed and replaced with other Apple Watch compatible bands because using standard watchbands would be too much to ask for. As expected it uses inductive charging, contains a heartbeat monitor, and a gyroscope. You interface with the watch via the crown, which scrolls shit when you turn it and dumps you back to the home screen when you press it in. There’s also another button on the side that brings up your contacts. Oh, I almost forgot, it also has a touchscreen, which renders all of the hardware controls pretty pointless. One of the big questions with any smartwatch is how long the battery lasts. Well Apple totally didn’t mention that so we have no idea. But come 2015 you will be able to get your hands on one for the low price of $349.00. Or for just a little bit more you could buy a Hamilton Khaki Field watch, which nets you a nice looking piece with a mechanical movement. Your choice.

After the Apple Watch announcement I began to suspect that Apple was trolling everybody at the event. My suspicions were confirmed when Apple subjected every poor son of a bitch at the event to U2. Talk about adding insult to injury. Oh, and U2 announced another shitty album. But it seems that the band finally realizes that its music is shitty because you can get it free on iTunes, which is too high of a price if you ask me.

Comcast Continues Its Quest to be The Most Dickish Company Ever

Comcast has a mission. That mission is to be the single most dickish company in the world. Between it’s horrible customer service, attempts to convince people it supports net neutrality through shady marketing, and continued attempts to regulate competition out of existence Comcast gotten far in realizing its goal. But all of this still isn’t enough to win the crown of dickishness so Comcast is now injecting advertisements into webpages served by its publicly accessible Wi-Fi access points:

Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast’s decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.

A Comcast spokesman told Ars the program began months ago. One facet of it is designed to alert consumers that they are connected to Comcast’s Xfinity service. Other ads remind Web surfers to download Xfinity apps, Comcast spokesman Charlie Douglas told Ars in telephone interviews.

The advertisements may appear about every seven minutes or so, he said, and they last for just seconds before trailing away. Douglas said the advertising campaign only applies to Xfinity’s publicly available Wi-Fi hot spots that dot the landscape. Comcast customers connected to their own Xfinity Wi-Fi routers when they’re at home are not affected, he said.

Now that’s some dickish behavior! Injecting code into a page without the permission of the page owner is something mostly attributed to malicious software. Granted Comcast is pretty malicious so I believe calling its injected ads malware isn’t dishonest. But this story also makes another very important point:

One way to prevent this from happening, he said, is for websites to encrypt and serve over HTTPS. But many sites do not do that.

There’s no reason this day and age for a website to have an unsecured connection available. Companies like StartSSL will provide free Transport Layer Security (TLS) certificates for personal use and change a very reasonable fee for commercial use. Almost every (I’m not actually aware of any exceptions) personal computer, tablet, and smartphone made in the last decade is capable of communicating via secured connections. If you’re running a website get a TLS certificate, load it on your server, and force the unsecured connection to redirect to the secured connection (that’s what I do on this site). For those of you who are using a hosting service that doesn’t give you the option of enabling TLS demand that they offer that capability or provide the certificates and enable TLS for you. Allowing only TLS connections not only prevents third parties from eavesdropping but it also prevents third parties from altering pages in transit. We’re at a point (and have been for a long time) where the benefits of TLS far outweigh the negatives.

Real Heroes

Tor is a great tool for those in need of anonymity online. But online anonymity is something spy agencies don’t like because it makes their job much harder. Therefore it seems highly probable that agents within the National Security Agency (NSA) are actively investing resources into compromising Tor. In fact all evidence indicates the agency, and other spy agencies, are doing exactly that. Thankfully evidence also indicates that there are real heroes working within those agencies to undermine such efforts:

British and American intelligence agents attempting to hack the “dark web” are being deliberately undermined by colleagues, it has been alleged.

Spies from both countries have been working on finding flaws in Tor, a popular way of anonymously accessing “hidden” sites.

But the team behind Tor says other spies are tipping them off, allowing them to quickly fix any vulnerabilities.

While the leviathan that is government is powerful it is also composed of people, many of whom have a conscience. Because of this many of the government’s nefarious acts are undermined by people within itself. If the NSA is attempting to compromise Tor then it’s very likely some of its agents are anonymously tipping off Tor’s developers, which renders the NSA’s overall efforts futile.

These are real heroes who should be celebrated. They actively put themselves at risk to fight against the illegal government activities and therefore make the world a better, and safer, place.

Tesla Taking Car Security Seriously

One of the neat and odd things I saw in the Defcon vendor area was a Tesla car. This is especially true when talks about hacking cars are given regularly:

The guys in that video are awesome presenters by the way. As it turns out Tesla was at Defcon preciously because it doesn’t want to be featured in one of these videos:

Tesla is one of the only household corporate names with an official presence this year at Def Con, an annual security conference held in Las Vegas, where attendees try to hack the hotel elevators and press room. The company is here courting hackers who can help it find holes in the software that controls its cars. It’s looking to hire 20 to 30 security researchers from Def Con alone, Ms. Paget says. Moreover, hackers who report bugs to Tesla get a platinum-colored “challenge coin.” If they show up at a Tesla factory and give the security team a heads-up, they get a free tour.

This is something I’m happy to read about. Computer security in the automotive industry, like the medical industry, is seldom considered. I’m not surprised by this fact since security costs time and money, which means it’s only considered after products have been fallen to widespread exploitation. Your computer and smartphone are only as security as they are (which isn’t to say they’re very secure but they are veritable fortresses compared to systems from earlier days) is because corporate and personal computers have been the targets of an almost uncountable number of exploits. Each industry seems destined to experience these same mistakes instead of learning from other industries that have already done so. Tesla, on the other hand, is acting more like a smartphone company in this regard by taking security seriously enough to hire people dedicated to ensuring its cars’ computers are at least somewhat secure.

This will pay off in the long run for Tesla. As vehicles become more integrated with technology they are going to become bigger targets for malicious attackers. If automotive manufacturers don’t nip this in the bud now they’re going to suffer many years of lawsuits related to their lack of on-board computer security.