Slider

4973 Articles

Botnet Recall Of Things

October 26, 2016 by 33 Comments

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Death To The 3.5mm Audio Jack, Long Live Wireless

October 25, 2016 by 361 Comments

There’s been a lot of fuss over Apple’s move to ditch the traditional audio jack. As for me, I hope I never have to plug in another headphone cable. This may come off as gleeful dancing on the gravesite of my enemy before the hole has even been dug; it kind of is. The jack has always been a pain point in my devices. Maybe I’ve just been unlucky. Money was tight growing up. I would save up for a nice set of headphones or an mp3 player only to have the jack go out. It was a clear betrayal and ever since I’ve regarded them with suspicion. Is this the best we could do?

I can’t think of a single good reason not to immediately start dumping the headphone jack. Sure it’s one of the few global standards. Sure it’s simple, but I’m willing to take bets that very few people will miss the era of the 3.5mm audio jack once it’s over. It’s a global episode of the sunk cost fallacy.

In the usual way hindsight is 20/20, the 3.5mm audio jack can be looked at as a workaround, a stop over until we didn’t need it.  It appears to be an historic kludge of hack upon hack until something better comes along. When was the last time it was common to hook an Ethernet cable into a laptop? Who would do this when we can get all the bandwidth we want reliably over a wireless connection. Plus, it’s not like most Ethernet cables even meet a spec well enough to meet the speeds they promise. How could anyone reasonably expect the infinitely more subjective and variable headphone and amplifier set to do better?

But rather than just idly trash it, I’d like to make a case against it and paint a possible painless and aurally better future.

Continue reading “Death To The 3.5mm Audio Jack, Long Live Wireless”

Engage Tinfoil Hat: Samsung Note 7 Battery Theory

October 24, 2016 by 144 Comments

For the most part I believe things are as they seem. But every once in a while I begin to look at notable technology happenings from a different angle. What if things are not like they seem? This is conspiracy theory territory, and I want to be very clear about this: what follows is completely fictitious and not based on fact. At least, I haven’t tried to base it on facts surrounding the current events. But perhaps you can. What if there’s more to the battery fires in Samsung’s Galaxy Note 7 phones?

I have a plausible theory, won’t you don your tinfoil hat and follow me down this rabbit hole?

Continue reading “Engage Tinfoil Hat: Samsung Note 7 Battery Theory”

Should You Outsource Manufacturing? A Handy Guide

October 24, 2016 by 64 Comments

A lot of people assume that the product development cycle involves R&D, outsourcing to a Chinese manufacturer, and then selling the finished product. It’s almost ingrained in our heads that once a prototype has been developed, the next step involves a visa and airplane tickets. Here is a guide that will explore a few other options, and why outsourcing may not be appropriate for everyone.

First, let’s talk about goals. We’ll assume you’re not a large company, and that you don’t have a huge budget, and that you’re just getting started with your product and don’t have big volumes; a startup trying to sell a kit or breakout board, or a consumer electronics product. Your goals are the following:

  1. Validate your product in the market. Build a minimum viable product and get it in the hands of lots of users
  2. Get the most bang for your limited bucks. All money should go towards getting products out the door
  3. Reduce risk to your company so that any single failure doesn’t crater the whole operation and you can safely grow.

With that in mind, what are your options?

Continue reading “Should You Outsource Manufacturing? A Handy Guide”

Umbrella drone jellyfish

Umbrella Drones — Jellyfish Of The Sky

October 24, 2016 by 41 Comments

Mount an umbrella to a drone and there you go, you have a flying umbrella. When [Alan Kwan] tried to do just that he found it wasn’t quite so simple. The result, once he’d worked it out though, is haunting. You get an uneasy feeling like you’re underwater watching jellyfish floating around you.

A grad student in MIT’s ACT (Art, Culture and Technology) program, [Alan’s] idea was to produce a synesthesia-like result in the viewer by having an inanimate object, an umbrella, appear as an animate object, a floating jellyfish. He first tried simply attaching the umbrella to an off-the-shelf drone. Since electronics occupy the center of the drone, the umbrella had to be mounted off-center. But he discovered that drones want most of their mass in the center and so that didn’t work. With the help of a classmate and input from peers and faculty he made a new drone with carbon fiber and metal parts that allowed him to mount the umbrella in the center. To further help with stability, the batteries were attached to the very bottom of the umbrella’s pole.

In addition to just making them fly, [Alan] also wanted the umbrella to gently undulate like a jellyfish, slowly opening and closing a little. He tried mounting servo motors inside the umbrella for the task. These turned out to be too heavy, but also unnecessary. Once flying outside at just the right propeller speed, the umbrellas undulated on their own. Watch them doing this in the video below accompanied by haunting music that makes you feel you’re watching a scene from Blade Runner.

Continue reading “Umbrella Drones — Jellyfish Of The Sky”

Toyota’s Code Didn’t Meet Standards And Might Have Led To Death

October 24, 2016 by 190 Comments

We were initially skeptical of this article by [Aleksey Statsenko] as it read a bit conspiratorially. However, he proved the rule by citing his sources and we could easily check for ourselves and reach our own conclusions. There were fatal crashes in Toyota cars due to a sudden unexpected acceleration. The court thought that the code might be to blame, two engineers spent a long time looking at the code, and it did not meet common industry standards. Past that there’s not a definite public conclusion.

[Aleksey] has a tendency to imply that normal legal proceedings and recalls for design defects are a sign of a sinister and collaborative darker undercurrent in the world. However, this article does shine a light on an actual dark undercurrent. More and more things rely on software than ever before. Now, especially for safety critical code, there are some standards. NASA has one and in the pertinent case of cars, there is the Motor Industry Software Reliability Association C Standard (MISRA C). Are these standards any good? Are they realistic? If they are, can they even be met?

When two engineers sat down, rather dramatically in a secret hotel room, they looked through Toyota’s code and found that it didn’t even come close to meeting these standards. Toyota insisted that it met their internal standards, and further that the incidents were to be blamed on user error, not the car.

So the questions remain. If they didn’t meet the standard why didn’t Toyota get VW’d out of the market? Adherence to the MIRSA C standard entirely voluntary, but should common rules to ensure code quality be made mandatory? Is it a sign that people still don’t take software seriously? What does the future look like? Either way, browsing through [Aleksey]’s article and sources puts a fresh and very real perspective on the problem. When it’s NASA’s bajillion dollar firework exploding a satellite it’s one thing, when it’s a car any of us can own it becomes very real.

WarWalking With The ESP8266

October 23, 2016 by 29 Comments

[Steve] needed a tool to diagnose and fix his friend’s and family’s WiFi. A laptop would do, but WiFi modules and tiny OLED displays are cheap now. His solution was to build a War Walker, a tiny handheld device that would listen in WiFi access points, return the signal strength, and monitor the 2.4GHz environment around him.

The War Walker didn’t appear out of a vacuum. It’s based on the WarCollar Dope Scope, a tiny, portable device consisting of an off-the-shelf Chinese OLED display, an ESP8266 module, and a PCB that can charge batteries, provide a serial port, and ties the whole thing together with jellybean glue. The Dope Scope is a capable device, but it’s marketed towards the 1337 utilikilt-wearing, The Prodigy-blasting pentesters of the world. It is, therefore, a ripoff. [Steve] can build his version for $6 in materials.

The core of the build is an ESP-based carrier board built for NodeMCU. This board is available for $3.77 in quantity one, with free shipping. A $2 SPI OLED display is the user interface, and the rest of the circuit is just some perfboard and a few wires.

The software is based on platformio, and dumps all the WiFi info you could want over the serial port or displays it right on the OLED. It’s a brilliantly simple device for War Walking, and the addition of a small LiPo makes this a much better value than the same circuit with a larger pricetag.