When the US Federal Aviation Administration (FAA) began requiring registration of quadcopters (“drones”) in the US, it took a number of hobbyists by surprise. After all, the FAA regulates real 747s, not model airplanes. [John Taylor], an RC hobbyist, has done what you do when faced with a law that you believe is unjust: he’s filed a lawsuit in the DC District Court, claiming that the FAA has overstepped their mandate.
The lawsuit will hinge (as legal battles often do) on the interpretation of words. The FAA’s interpretation of quadcopters to be “aircraft” rather than toys is at the center of the dispute. Putting hobbyists into a catch-22, the FAA also requires recreational RC pilots to stay under a height of 400 feet, while requiring “aircraft” to stay above 500 feet except for emergencies, take-off, or landing. Which do they mean?
The editorial staff at Hackaday is divided about whether the FAA ruling makes no sense at all or is simply making hobbyists “sign their EULA“. This writer has spent enough time inside the Beltway to know an expanse of a mandate when he sees it, and no matter which body of the US government is to blame, regulating toy planes and helicopters as if they were commercial aircraft is an over-reach. Even if the intentions are benign, it’s a poorly thought-out ruling and should be revisited.
If you agree, you now have the chance to put your money where your mouth is. The DC Area Drone User Group is putting together a legal defense fund to push [Taylor]’s case. Nobody would be cynical enough to suggest that one can buy the legal system in the US, but, paraphrasing Diamond Dave, it sure as heck can buy a good enough lawyer to get the law changed.
Brace yourselves. The rest of the media is going to be calling this an “IoT DDOS” and the hype will spin out of control. Hype aside, the facts on the ground make it look like an extremely large distributed denial-of-service attack (DDOS) was just carried out using mostly household appliances (145,607 of them!) rather than grandma’s old Win XP system running on Pentiums.
We can argue all day about whether a digital video recorder (DVR) or an IP webcam is an “IoT” device and whether this DDOS attack is the biggest to date or merely among them, but the class of devices exploited certainly are not traditional computers, and this is a big hit. Most of these devices run firmware out of flash, and it’s up to the end user (who is not a sysadmin) to keep it up to date or face the wrath of hackers. And it’s certainly the case that as more Internet-facing devices get deployed, the hacker’s attack surface will grow.
Why did the DDOS network use these particular devices? We’re speculating, but we’d guess it’s a combination of difficult-to-update firmware and user “convenience” features like uPnP. To quote the FBI “The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication.” You can see how this would be good for both the non-tech-savvy and hostile attackers, right? (Turn off UPnP on your router now.)
We alternate between Jekyll and Hyde on the IoT. On one hand, we love having everything in our own home hooked up to our local WiFi network and running on Python scripts. On the other hand, connecting each and every device up to the broader Internet and keeping it secure would be a system administration headache. Average users want the convenience of the latter without having to pay the setup and know-how costs of the former. Right now, they’re left out in the cold. And their toasters are taking down ISPs.
We remember going to grandfather’s garage. There he would be, his tobacco pipe clenched between his teeth, wisps of smoke trailing into the air around him as he focused, bent over another of his creations. Inside of a simple glass bottle was something impossible. Carefully, ever so carefully, he would use his custom tools to twist wire. He would carefully place each lead. Eventually when the time was right he would solder. Finally he’d place it on the shelf next to the others, an LED matrix in a bottle.
Well, maybe not, but [Mariko Kosaka]’s father [Kimio Kosaka] has done it. In order to build the matrix, he needed tools that could reach inside the mouth of the bottle without taking up too much space to allow for precise movement. To do this he bent, brazed, twisted, and filed piano wire into tools that are quite beautiful by themselves. These were used to carefully bend and position the LEDs, wires, and other components inside the bottle.
Once the part was ready, he used a modified Hakko soldering iron to do the final combination. We wonder if he even had to be careful to solder quickly so as not to build up a residue on the inside of the bottle? The electronics are all contained inside the bottle. One of the bottles contained another impressive creation of his: an entire Arduino with only wire, dubbed the Arduino Skeleton. Batteries are attached to the cork so when the power runs low it can be removed and replaced without disturbing the creation.
It’s a ridiculous labor of love, and naturally, we love it. There’s a video of it in operation as well as one with him showing how it was done which is visible after the break. He showed them off at the Tokyo Maker Faire where they were surely a hit.
Every year, the Journal of Improbable Research issues its prizes for the craziest (published) scientific research: the Ig Nobel Prize. The ceremony took place a couple nights ago, and if you want to see what you missed, we’ve embedded the (long) video below. (Trigger warning: Actual Nobel laureates being goofy.)
It’s hard to pick the best of freaky research, and the committee did a stellar job this year. The trick is that they don’t give the prize away to quacks — you won’t ever get one with your perpetual motion machine, for instance. Nope, the Ig Nobels go to the kookiest science that could actually end up being useful. So we get projects like the effect of wearing polyester on the sexual activity of rodents in “reproduction” and a study on the perceived personalities of different rocks for marketing purposes in “economics”.