This is a significant setback for industry lawyers who often use illegal discovery techniques and have been criticized for using overly-litigious legal strategies to force defendants to settle. Sadly though, the payout only covers [Andersen]‘s legal fees and doesn’t offer any compensation for damages, but a counter-suit filed in Portland, Oregon seeks exactly that. Here’s hoping her lawyers [Lory Lybeck] and [Ben Justus] continue to set favorable legal precedents for defendants of these lawsuits.
As far as the technical side of the discovery methods go, there are many ways to keep the RIAA off your back. The simplest is to disable your P2P client’s available file listing or turning off outbound traffic altogether. Other ways are to use encryption (although this is usually to get around ISP blocks) or download to an offsite machine. Hopefully, though, this judgment and eventual payout will make the recording companies reconsider the amount of lawsuits they file and to use less aggressive legal tactics.
Opto-Isolator is an interesting art installation that was on display at the Bitforms Gallery in NYC. This single movement-tracking eye creates a statement about how we view art and is a response to the question “what if art could view us?”. The somewhat creepy display not only follows the person viewing it, but mimics blinks a second later and averts its gaze if eye contact is kept up for too long. Its creators [Golan Levin] and [Greg Baltus] have done a great job mimicking human behavior with such a simple element and the social implications of it are truly fascinating.
If they wanted to, [Levin] and [Baltus] could possibly crank up the spook factor by adding facial recognition and programming it to remember how certain people interact with it, then tailor its behavior to wink at different rates or become more shy or bold, depending on the personality of the person watching it. Of course, that would require that someone goes back to it more than once…
Stanford’s autonomous helicopter group has made some impressive advancements in the field of autonomous helicopter control, including inverted hovering and performing aerobatic stunts. The group uses reinforcement learning to teach its control system various maneuvers and has been very successful in doing so. One of their latest achievements was teaching the bot the emergency landing technique autorotation. Autorotation is used when a helicopter’s engine fails or is disengaged and works by changing the collective pitch to use the airflow from descent to rotate the blades. The group has more flight demonstrations on their YouTube channel.
It might not be as elegant or technologically-advanced as a Segway or a motorized unicycle, but this easily constructed 2-wheeled robot might be a fun project for a free afternoon. The heart of the balancing mechanism is an SPDT switch with a button cell attached that reverses the motor when the robot begins to tip in one direction. It’s not controllable and it tends to fall over quite a bit, but it’s a good starting point and could be refined by lowering the center of gravity or figuring out a simple way to change the motor speed based on how far the robot has tipped over. There are no accelerometers or tilt switches so the components could be sourced from a parts bin, and its simple design definitely leaves a lot of room for improvement.
It’s been a few weeks since [Dan Kaminsky] announced the nature of the DNS vulnerability and allowed 30 days of non-disclosure for patches to be applied before details of the exploit went public. Unfortunately, the details were leaked early and it didn’t take long for a functional exploit to be released into the wild. Since then, many ISPs have taken steps to prevent their users from falling victim to the attack, and BIND, the widely-used DNS protocol implementation, was updated to minimize the threat. Even then, there were reports of a version of the attack being actively used on AT&T’s DNS servers.
Mac OSX uses a BIND implementation but as of yet, Apple has not released a patch updating the system (Microsoft, on the other hand, patched this up on July 8). As a result, machines running OSX are at risk of being exploited. Individual users are less likely to be targeted, since the attacks are directed towards servers, but it’s not a smart idea to leave this vulnerability open. [Glenn Fleishman] has published a way to update BIND on OSX manually, rather than waiting on Apple to patch it themselves. It requires Xcode and a bit of terminal work, but it’s a relatively painless update. When we tried it, the “make test” step skipped a few tests and told us to run “bin/tests/system/ifconfig.sh up”. That allowed us to re-run the tests and continue the update without further interruption. [Fleischman] warns that people who manually update BIND may break the official update, but he will update his instructions when it happens with any possible workarounds. Unfortunately, this fix only works for 10.5 but alternative, yet less effective methods may work for 10.4 and earlier.
If you’d like to know if your preferred DNS servers are vulnerable or not, you can use the DNS checker tool from Doxpara. As an alternative to your ISP’s DNS servers, you can use OpenDNS, which many prefer for its security features and configuration options.
Back in May we mentioned AcidMods’ spitfire mod that enabled rapid fire (amongst other things) and was undetectable by Xbox Live. The parts list was quite low, needing just a PIC16F84A and a few other components, which led to third parties selling controller mod kits on eBay. The AcidMods team has figured out a new way to enable rapid fire using just a momentary switch and the necessary wire to hook it up. All you need to do is wire in the switch between the ground on the controller LED and the middle pin on the trigger. The only caveat is that because it’s hardwired to the LED, you can only use the mod on the particular port you’re using the controller on.
The reason it’s so simple is because the Xbox 360 controller uses pulse width modulation to “dim” the LED on the controller, creating a rapid high/low signal. When the momentary button is depressed, it routes this rapid high/low signal to the trigger input on the controller, which is then input to the Xbox 360. Hit the read link for a couple more videos explaining this hack.
While this modification is undetectable by Xbox Live, it does create an unfair advantage in multiplayer gaming and could result in your account being banned.
Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.
Traditional lock picking has employed the use of picksets, like the credit card sized setgiven out sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.