Network Security Theatre

June 20, 2016 by Brian Benchoff 8 Comments

Summer is nearly here, and with that comes the preparations for the largest gathering of security researchers on the planet. In early August, researchers, geeks, nerds, and other extremely cool people will descend upon the high desert of Las Vegas, Nevada to discuss the vulnerabilities of software, the exploits of hardware, and the questionable activities of government entities. This is Black Hat and DEF CON, when taken together it’s the largest security conference on the planet.

These conferences serve a very important purpose. Unlike academia, security professionals don’t make a name for themselves by publishing in journals. The pecking order of the security world is determined at these talks. The best talks, and the best media coverage command higher consultancy fees. It’s an economy, and of course there will always be people ready to game the system.

Like academia, these talks are peer-reviewed. Press releases given before the talks are not, and between the knowledge of security researchers and the tech press is network security theatre. In this network security theatre, you don’t really need an interesting exploit, technique, or device, you just need to convince the right people you have one.

Continue reading “Network Security Theatre” →

How Did Pocket NC Survive And Thrive?

June 1, 2016 by Gerrit Coetzee 49 Comments

We had a chance to talk to Matthew Hertel of PocketNC at the Bay Area Maker Faire this year. During the conversation, he answered some questions I’d had about the project since I saw it on Kickstarter, and told a cool story while he was at it.

When the Pocket NC 5-axis Tabletop CNC Mill KickStarter came out, I immediately chocked it up as a failure out of the gate. I figured that there would never be a single delivered unit. It just seemed too impossible. The price was too low for a machine with that many large machined aluminum pieces. It had real linear guides. It had a real spindle and housed a beagle bone black running linuxCNC. It just couldn’t be that cheap. Ends up, I’m quite happy to be wrong. Pocket NC is doing well, delivering their first units, and taking new orders.

The CNC equivalent of a brag track on a hip-hop record.

It’s easy to get jaded with the Kickstarter and IndieGoGo scams that are out there. Or even the disappointing behavior of projects that could be legitimate. People often do failure analysis of companies, but it is also worth investigating what people did right when they are successful.

Continue reading “How Did Pocket NC Survive And Thrive?” →

The SEC Has A Thing For Crowdfunding

May 25, 2016 by Brian Benchoff 31 Comments

Kickstarter is not a store. Indiegogo is not a store. No matter what crowdfunding platform you’re on, you’re not in a store. This is an undeniable truth, and no matter how angry you are about not being able to bring a cooler with a blender to the beach this summer, you did not buy this cool cooler, you were merely giving someone money to develop this cooler.

This reality may seem strange for the most vocal Internet commenters out there, leading them to the conclusion their pledge for a crowdfunding campaign was an investment. Surely there must be some guarantee in a single pledge, and if it’s not exchanging money for some consumer goods, it is exchanging money for a stake in a company. If that were true, backers of the Oculus Rift would have received several thousand dollars each, instead of a $600 VR headset.

Crowdfunding is not a store, and according to Kickstarter and Indiegogo, it is not an investment, either. Last week, the Securities and Exchange Commission’s rules for “crowdfunded investing”, “Regulation Crowdfunding”, or “Title III Crowdfunding” kicked into gear. Is this the beginning of slack-jawed gawkers throwing their life savings into a pit of despair filled with idiotic consumer products that violate the laws of physics?

Continue reading “The SEC Has A Thing For Crowdfunding” →

Debunking The Drone Versus Plane Hysteria

May 2, 2016 by Jenny List 84 Comments

The mass media are funny in the way they deal with new technology. First it’s all “Wow, that’s Cool!”, then it’s “Ooh, that’s scary”, and finally it’s “BURN THE WITCH!”. Then a year or so later it’s part of normal life and they treat it as such. We’ve seen the same pattern repeated time and time again over the years.

The mass media tech story cycle. Our apologies to Gartner. Curve image: Jeremykemp [ CC BY-SA 3.0 ], via Wikimedia Commons

Seasoned readers may remember silly stories in the papers claiming that the Soviets could somehow use the technology in Western 8-bit home computers for nefarious purposes, since then a myriad breathless exclusives have predicted a youth meltdown which never materialised as the inevitable result of computer gaming, and more recently groundless panics have erupted over 3D printing of gun parts. There might be a British flavour to the examples in this piece because that’s where it is being written, but it’s a universal phenomenon wherever in the world technologically clueless journalists are required to fill column inches on technical stories.

The latest piece of technology to feel the heat in this way is the multirotor. Popularly referred to as the drone, you will probably be most familiar with them as model-sized aircraft usually with four rotors. We have been fed a continuous stream of stories involving tales of near-misses between commercial aircraft and drones, and there is a subtext in the air that Something Must Be Done.

The catalyst for this piece is the recent story of a collision with a British Airways plane 1700ft over West London approaching London Heathrow. The ever-hyperbolic Daily Mail sets the tabloid tone for the story as a drone strike, while the BBC’s coverage is more measured and holds a handy list of links to near-miss reports from other recent incidents. This incident is notable in particular because a Government minister announced that it is now believed to have been caused by a plastic bag, and since there is already appropriate legislation there was little need for more. A rare piece of sense on a drone story from a politician. The multirotor community is awash with plastic bag jokes but this important twist did not seem to receive the same level of media attention as the original collision.

Are multirotors unfairly being given bad press? It certainly seems that way as the common thread among all the stories is a complete and utter lack of proof. But before we rush to their defence it’s worth taking a look at the recent stories and examining their credibility. After all if there really are a set of irresponsible owners flying into commercial aircraft then they should rightly be bought to book and it would do us no favours to defend them. So let’s examine each of those incident reports from that BBC story.

Continue reading “Debunking The Drone Versus Plane Hysteria” →

Ethics In Engineering: Volkswagen’s Diesel Fiasco

September 23, 2015 by Brian Benchoff 360 Comments

Every so often – and usually not under the best of circumstance – the field of engineering as a whole is presented with a teaching moment. Volkswagen is currently embroiled in a huge scandal involving emissions testing of 11 Million diesel cars sold in recent years. It’s a problem that could cost VW dearly, to the tune of eighteen Billion dollars in the US alone, and will, without a doubt, end the careers of more than a few Volkswagen employees. In terms of automotive scandals, this is bigger than Unsafe at Any Speed. This is a bigger scandal than the Ford Pinto’s proclivity to explode. This is engineering history in the making, and an enormously teachable moment for ethics in engineering.

Continue reading “Ethics In Engineering: Volkswagen’s Diesel Fiasco” →

9th Grader Arrested, Searched For Building A Clock

September 15, 2015 by Adam Fabio 493 Comments

A 14-year-old in Dallas, Texas has been arrested for bringing a clock to his school. [Ahmed Mohamed] could be any one of us. He’s a tinkerer, pulling apart scrap appliances and building projects from the parts. He was a member of the his middle school robotics team. The clock was built from a standard four digit seven segment display and a circuit board. [Ahmed] built the circuit inside a Vaultz hard pencil case like this one. He then did what every other experimenter, inventor, hacker, or maker before him has done: He showed off his creation.

Unfortunately for [Ahmed] one of his teachers immediately leapt to the conclusion that this electronic project was a “hoax bomb” of some sort. The police were called, [Ahmed] was pulled out of class and arrested. He was then brought to a detention center where he and his possessions were searched. [Ahmed] is now serving a three-day suspension from school. His clock is considered evidence to be used in a possible criminal case against him.

If this situation doesn’t get your blood boiling, then we don’t know what does. Not only is there a glaring racial issue here, but also an issue of allowing kids to bring their projects to school. We hope you’ll join us in expressing outrage at this whole debacle, as well as supporting [Ahmed] in any way you can. Let’s join together as a community to make sure a few small-minded individuals don’t break the spirit of this budding hardware hacker.

For anyone out there who would like to support [Ahmed]’s education even when his school won’t, [Anil Dash] is will be in contact with the family later today. We’re offering a gift card for the hackaday store and we would assume other contributions would also be welcome. -Ed.

Continue reading “9th Grader Arrested, Searched For Building A Clock” →

Let Skynet Become Self-Aware!

September 14, 2015 by Mike Szczys 89 Comments

Not so long ago, it was hard to fly. Forget actual manned aircraft and pilots licenses; even flying model aircraft required hours of practice, often under the tutelage of a master at a flying field. But along with that training came an education in the rules of safe flight, including flying at a designated airfield and watching out for obstacles.

We accidentally messed that up. We in the drone industry made aircraft super easy to fly — perhaps too easy to fly. Thanks to smart autopilots and GPS, you can open a box, download an app and press “take off”. The copter will dutifully rise into the air and wait there for further instructions — no skill required. And it will do this even if you happen to be in an NFL football stadium in the middle of a big game. Or near an airport. Or in the midst of a forest fire.

The problem is that along with taking training out of the process of flying a drone, we inadvertently also took out the education process of learning about safe and responsible flight. Sure, we drone manufacturers include all sorts of warning and advisories in our instructions manual (which people don’t read) and our apps (which they swipe past), and companies such as DJI and my own 3DR include basic “geofencing” restrictions to try to keep operators below 400 feet and within “visual line of sight”. But it’s not enough.

Every day there are more reports of drone operators getting past these restrictions and flying near jetliners, crashing into stadiums, and interfering with first responders. So far it hasn’t ended in tragedy, but the way things are going it eventually will. And in the meantime, it’s making drones increasingly controversial and even feared. I call this epidemic of (mostly inadvertent) bad behavior “mass jackassery”. As drones go mass market, the odds of people doing dumb things with them reach the singularity of certainty.

We’ve got to do something about this before governments do it for us, with restrictions that catch the many good uses of drones in the crossfire. The reality is that most drone operators who get in trouble aren’t malicious and may not even know that what they’re doing is irresponsible or even illegal. Who can blame them? It’s devilishly hard to understand the patchwork quilt of federal, state and local regulations and guidelines, which change by the day and even the hour based on “airspace deconfliction” rules and FAA alerts written for licensed pilots and air traffic control. Many drone owners don’t even know that such rules exist.

Drones Themselves Should Know Rules of Each Area

Fortunately, they don’t have to. Our drones can be even smarter — smart enough to know where they should and shouldn’t fly. Because modern drones are connected to phones, they’re also connected to the cloud. Every time you open their app, that app can check online to find appropriate rules for flight where you are, right then and there.

Here’s how it works. The app sends four data fields to a cloud service: Who (operator identifier), What (aircraft identifier), Where (GPS and altitude position) and When (either right now or a scheduled time in the case of autonomous missions). The cloud service then returns a “red light” (flight not allowed), a “green light” (flight allowed, with basic restrictions such as a 400 feet altitude ceiling), or “yellow light” (additional restrictions or warnings, which can be explained to the operator in context and at the point of use).

Right now industry groups such as the Dronecode Foundation, the Small UAV Coalition (I help lead both of them, but this essay just reflects my own personal views) and individual manufacturers such as 3DR and DJI are working on these “safe flight” standards and APIs. Meanwhile, a number of companies such as Airmap and Skyward are building the cloud services to provide the up-to-date third-party data layer that any manufacturer can use. It will start with static no-fly zone data such as proximity to airports, US national parks and other banned airspace such as Washington DC. But it will quickly add dynamic data, too, such as forest fires, public events, and proximity to other aircraft.

(For more on this, you can read a white paper from one of the Dronecode working groups here and higher level description here.)

There’s Always a Catch

Of course, this system isn’t perfect. It’s only as good as the data it uses, which is still pretty patchy worldwide, and the ways that the manufacturers implement those restrictions. Some drone makers may choose to treat any area five miles from an airport as a hard ban and prohibit all flight in that zone, even at the cost of furious customers who had no idea they were five miles from an airport when they bought that toy at Wal-mart (nor do they think it should matter, since it’s just a “toy”). Other manufacturers may choose to make a more graduated restriction for the sake of user friendliness, adding a level of nuance that is not in the FAA regulation. They might ban, say, flight one mile from an airport, but only limit flight beyond that to something like 150ft of altitude (essentially backyard-level flying).

That’s a reasonable first step. But the ultimate safe flight system would go a lot further. It would essentially extend the international air traffic control system to millions of aircraft (there are already a million consumer drones in the air) flown by everything from children to Amazon. The only way to do that is to let the drones regulate themselves (yes, let Skynet become self-aware).

Peer-to-peer Air Traffic Control

There’s a precedent for such peer-to-peer air traffic control: WiFI. Back in the 1980s, the FCC released spectrum in the 2.4 Ghz band for unlicensed use. A decade later, the first 802.11 standards for Wifi were released, which was based on some principles that have application to drones, too.

The airspace used is not otherwise occupied by commercial operators
The potential for harm is low (in the case of WiFi, low transmission power. In the case of drones, low kinetic energy due to the weight restrictions of the “micro” category)
The technology has the capability to self-”deconflict” the airspace by observing what else is using it and picking a channel/path that avoids collisions.

That “open spectrum” sandbox that the FCC created also created a massive new industry around WiFi. It put wireless in the hands of everyone and routed around the previous monopoly owners of the spectrum, cellphone carriers and media companies. The rest was history.

We can do the same thing with drones. Let’s create an innovation “sandbox” with de minimus regulatory barriers for small UAVs flying within very constrained environments. The parameters of the sandbox could be almost anything, as long as they’re clear, but it should be kinetic energy and range based (a limit of 2kg and 20m/s at 100m altitude and 1,000m range within visual line of sight would be a good starting point).

As in the case of open spectrum, in relatively low risk applications, such as micro-drones, technology can be allowed to “self-deconflict the airspace” without the need for monopoly exclusions such as exclusive licences or regulatory permits. How? By letting the drones report their position using the same cellphone networks they used to get permission to fly in the first place. The FAA already has a standard for this, called ADS-B, which is based on transponders in each aircraft reporting their position. But those transponders are expensive and unnecessary for small drones, which already know their position and are connected to the cloud. Instead, they can use “virtual ADS-B” to report their position via their cell network connections, and that data can be injected into the same cloud data services they used to check if their flight was safe in the first place.

Once this works, we’ll have a revolution. What WiFi did the telecoms industry, autonomous, cloud-connected drones can do to the aerospace industry. We can occupy the skies, and do it safely. Technology can solve the problems it creates.

About the Author

Chris Anderson (@Chr1sa) is the CEO of 3D Robotics and founder of DIY Drones. From 2001 through 2012 he was the Editor in Chief of Wired Magazine. Before Wired he was with The Economist for seven years in London, Hong Kong and New York.

The author of the New York Times bestselling books The Long Tail and Free as well as the Makers: The New Industrial Revolution.

His background is in science, starting with studying physics and doing research at Los Alamos and culminating in six years at the two leading scientific journals, Nature and Science.

In his self-described misspent youth [Chris] was a bit player in the DC punk scene and amusingly, a band called REM. You can read more about that here.

Awards include: Editor of the Year by Ad Age (2005). Named to the “Time 100,” the newsmagazine’s list of the 100 most influential people in the world (2007). Loeb Award for Business Book of the Year (2007). Wired named Magazine of the Decade by AdWeek for his tenure (2009). Time Magazine’s Tech 40 — The Most Influential Minds In Technology (2013). Foreign Policy Magazine’s Top 100 Global Thinkers (2013).

Hackaday

Current Events