Category: Technical

Considering Threats to Your Hardware

Most of the security write-ups you see online deal with software. It’s true that you’re far more likely to encounter some sort of software-based security threat than any of the hardware threats to date. However, ignoring hardware threats can be problematic. Unlike the vast majority of software threats that you can clean up, hardware threats often damage a system so that it becomes unusable. You literally have to buy a new system because repair isn’t feasible (at least, for a reasonable price).

The threats are becoming more ingenious too. Consider the USB flash drive threat called USB Killer. In this case, inserting the wrong thumb drive into your system can cause the system to completely malfunction. The attack is ingenious in that your system continues to work as normal until that final moment when it’s too late to do anything about the threat. Your system is fried by high voltage sent to it by the thumb drive. Of course, avoiding the problem means using only thumb drives that you can verify are clean. You really can’t even trust the thumb drive provided by friends because they could have obtained the thumb drive from a contaminated source. The result of such an attack is lost data, lost time, and lost hardware—potentially making the attack far more expensive than a software attack on your system.

Some of the hardware-based threats are more insidious. For example, the Rowhammer vulnerability makes it possible for someone to escalate their privileges by accessing the DRAM on your system in a specific way. The technical details aren’t quite as important as the fact that it can be done in this case because even with repairs, memory will continue to be vulnerable to attack in various ways. The problem is that memory has become so small that protections that used to work well no longer work at all. In addition, hardware vendors often use the least expensive memory available to keep prices low, rather than use higher end (and more expensive) memory.

It’s almost certain that you’ll start to see more hardware threats on the horizon because of the way in which people work with electronics today. All these new revelations remind me of the floppy disk viruses of days past. People would pass viruses back and forth by trading floppies with each other. Some of these viruses would infect the boot sector of the system hard drive, making it nearly impossible to remove. As people start using thumb drives and other removable media to exchange data in various ways, you can expect to see a resurgence of this sort of attack.

The potential for hardware-based attacks continues to increase as the computing environment becomes more and more commoditized and people’s use of devices continues to change. It’s the reason I wrote Does Your Hardware Spy On You? and the reason I’m alerting you to the potential for hardware-based attacks in this post. You need to be careful how you interact with others when exchanging bits of seemingly innocent hardware. Let me know your thoughts about hardware-based attacks at [email protected].

 

No Assembly Required

A problem with many robots today is that they’re bulky. Transporting the robot can be a problem because it takes up a lot of space. Unfortunately, some scenarios require that the robot arrive at its destination fully assembled. For example, there isn’t anyone on Mars to put a robot that lands there together. I’ve been following a number of stories about robots that self-assemble or transform in some way, but the story Engineers Built an Origami Robot That Can Fold and Crawl Without Human Intervention provides a great overview of what’s happening with robotic science today.

The idea that a robot can fold itself up into a form that’s akin to a sheet of paper and then unfold itself into a useful shape is phenomenal. According to The Guardian, the robot could see use on the battlefield or in space. The accompanying video is pretty impressive. The feeling is one of an autonomous machine that can almost think its way through some basic problems. The robot need not actually start out flat though. A recent InfoWorld story tells of a robot that can transform between an I shape and a 3 shape. This robot is being used to explore the crippled Fukushima Dai-Ichi nuclear power plant and the shape changes are necessary for the robot to move freely. An update to the story on ComputerWorld, tells that the robot still has a ways to go before the shape shifting works without problem.

Of course, these machines are thinking in a way. A Wired article helps you understand the thinking that goes into the design of the origami robot. (The details of the transforming robot aren’t available at this time, but it does have a tether to allow outside interaction—something the origami robot doesn’t need.) Luca’s and my upcoming book, Python for Data Science for Dummies, can help you understand the science and programming behind the artificial intelligence in these robots to an even greater degree. The point is that the origami robot demonstrates that software and good engineering are working together to turn an inexpensive 2D technology into a viable robot that could perform a wide variety of tasks. The point of the Wired article is that the technology is both cheap and easy—it doesn’t rely on anything exotic to make it work. Meanwhile, the transforming robot shows that these devices can work in extremely hazardous conditions that humans could never tolerate.

The sexy view of robots in the movies is full fledged human looking devices or monster construction machines of the sort found in I, Robot. The fact of the matter is that we may very well produce robots of that sort (we’re building them at this moment to act as caregivers), but we’ll also produce a great many robots of other types, such as these origami and transforming robots. Think more along the lines of Blade Runner, which contains a wide variety of robot types. Consider how robots might be used in the real world to perform mundane tasks. For example, the Roomba looks nothing like a robot. It sort of looks like a really big hockey puck.

How do you think the introduction of robots into society will go? Will we continue to see a vast assortment of odd looking robots or will they begin to take on more human characteristics? The future looks truly amazing, but I’d like to hear your point of view today. Talk to me about robotics at [email protected].

 

Does Your Hardware Spy On You?

Every once in a while I encounter an article that talks about government intrusion into private organizations through means that seem more like a James Bond movie plot than reality. The latest such story appeared in ComputerWorld, “To avoid NSA, Cisco delivers gear to strange addresses.” These articles lead me to wonder whether the authors have an overdeveloped persecution complex or government agencies are really spying on the public in such overtly secretive (and potentially illegal) ways. The fact that some companies apparently believe the threat enough to ship their equipment to odd addresses is frightening. Consider the ramifications of the actions—is it even possible to feel safe ordering hardware you haven’t built yourself (or are the individual components bugged too)?

Obviously, government organizations do require some means of tracking bad guys out there. Of course, the term bad guys is pretty loose and subject to great deal of interpretation. In addition, just how much tracking is too much tracking? Would enough tracking prevent another terrorist attack or the loss of income caused by crooked company executives? There are many questions that remain unanswered in my mind (and obviously in the minds of others) over the use of various tracking technologies.

The topic of government spying, it’s legitimate and illegitimate uses, and just who the bad guy is demands a lot more attention than anyone is giving it. So, how do you feel about government tracking of everything and anything it sets its mind to spy on? Do you feel there should be limits? What do you feel about shipping things to odd addresses to avoid notice and circumvent the system (partly because the system is broken)? I’d love to hear your point of view about the use of modified computer equipment as a tool for spying on the private sector at [email protected].

 

Fooling the Eye

I’m intensely interested in all sorts of accessibility issues, including things that people don’t normally associate with accessibility, even though they are. For example, I was recently amused when I read Explained! Why People Can’t Agree on the Color of that Dress. Yes, the article is one of those sorts of optical illusion discussions that some people find fascinating, but many others don’t. However, it does point to something really interesting for everyone. How we perceive color depends on a lot of factors, not just the actual color. In this case, the factor is backlighting. It’s an interesting article because it points out that under the right conditions, we really can’t be sure that the color we’re seeing is the correct one.

The practical application of all this is that it’s important to understand that our perceptions of the world around us are often based on context. So, whether you’re trying to discover the color of a really wretched dress or that blotch on a piece of fruit, you need to consider the context of whatever you’re seeing. The ability to see color well could be trumped by a whole array of other factors, such as lighting or simply the time off day. Color perception can even be affect by state of mind or tiredness. In short, it isn’t absurd to think that your color vision will sometimes fail to produce the desired result.

The lesson on perception and the use of senses extends far beyond color vision. For example, people’s hearing is often fooled by environmental factors. The senses of taste and touch are equally susceptible to problems with environment or other factors that you might not consider worth thinking about. When something seems a bit too odd for serious consideration, perhaps your senses are simply being fooled. It’s an interesting and important element of the human condition to think about. Tell me about your favorite “Fool the Eye” experience at [email protected].

 

Creating Effective Passwords

It’s like a recurring nightmare-the whole issue of passwords simply won’t go away. People continue to use really awful passwords like secret and password because they’re easy to remember and they view passwords as a pain. A user will rely on the same password for everything, so once a hacker figures the password out, every resource the user can access is wide open. To make sure everyone can access the user’s account, the password often appears on post-it notes and in other obvious places. Of course, the user never, ever changes the password so once a hacker gains access, the accounts will remain open forever. This is just the tip of the password complaint iceberg.

Microsoft and other vendors are trying to remedy the situation by using biometric data or smart cards. The problems with smart cards are that they’re easily copied and even easier to lose. A lot of organizations have tried smart cards and found them to be less than ideal. Biometric data is just as bad and requires Biometric Authentication in order to check the security of your system. There are ways of easily thwarting fingerprint scanners today. Of course, once a fingerprint is hacked, you can’t change it. Fingerprints are unique, but using just a fingerprint means that everyplace you log in effectively uses the same password. So, once someone does hack your fingerprint, they can access absolutely everything you can. To overcome the issues with a single biometric, some researchers are now suggesting the use of a Multi-Biometric Authentication System (MBAS), which is also called a Multimodal Biometric Authentication System. So, how you have a really expensive, overly complex system that is bound to have a high failure rate.

The problem with all the various lines of thought out there now is what I call the magic bullet syndrome. Someone thinks that there is a solution that will somehow thwart the bad guys. Unfortunately, history proves that the bad guys always come up with a way to storm the gates and that any wall you build will prove too low at some point. I’ve advocated the passphase system for years because you can create passwords that are both strong and easy to remember. Passphrases can be quite long, complex, and still make it easy for someone to enter correctly nearly every time. In addition, you can change passphrases with the same ease that you can a password. Changing your password or passphrase relatively often means that even if hacker does gain access to an account, it’s unlikely to remain open to them. Still, no solution is perfect, which is why security monitoring is an essential part of any security solution.

Of course, whether you use a password or a passphrase, you need to know that it’s strong enough to keep hackers at bay, at least for a while. Therein lies another problem. According a recent ComputerWorld article, many of the password strength meters out there are giving users a false sense of security. They really don’t tell you that your password or passphrase is strong enough to withstand easy attack. When creating a password or passphrase, avoid using words that are spelled precisely the same as they are in the dictionary. For example, you could replace the letter E with the number 3. Make sure the passphrase is relatively long and complex. It should include spaces (when allowed) and special characters (such as the ampersand, &). Use a combination of uppercase and lowercase letters. Include numbers. Misspell a word or two, such as “MiG00dPassphras3”. The point is that you want to make things hard on your attacker, but still easy to remember.

When all is said and done, your best defense against hackers is vigilance. It doesn’t matter whether you use passwords, passphrases, smart cards, or biometrics. If someone really wants to gain access to your account, you have to assume they’ll be successful. Don’t believe in magic bullet solutions because they really don’t exist no matter what someone might try to tell you. Make sure you change your login information on a regular basis and keep an eye on the resources you use. Report any suspicious activities that you find. In short, don’t assume that you’re safe because you really aren’t. Let me know your thoughts about passwords, passphrases, smart cards, and biometrics at [email protected].

 

 

Cloud Computing and Privacy Rights

A number of the science fiction books on my shelf view the earth as having a single government. Countries no longer exist. Of course, we have still have countries. In fact, if anything, we have more countries today than we did thirty years ago. However, the Internet has reduced the impact of borders. The presence of global trade and other globe girdling changes have reduce the impact of borders even more. Still, countries exist partly because tradition demands it and partly because different groups have their own ideas of what a country should look like.

Most of my book shy away from any sort of legal discussion, mostly because I’m not a lawyer, but also the discussion of technology doesn’t apply to any particular country or its laws. When readers write to me, it doesn’t matter what country the reader is from, I can usually answer the question in precisely the same way. Variables work the same in Germany as they do in Spain, Japan, and America. It doesn’t mean that I’m unaware of potential legal issues surrounding technology. For example, I’ve written about privacy (or the lack thereof) a number of times.

Legal requirements, privacy needs, and the problems with borders are about to become more and more important because of one current technology and likely a host of others at some point. Storing data in the cloud means that users could create a situation where even the smallest company is in for a nasty surprise should the user work with data in other countries. Actually, the mere storage of data in the cloud could cause problems. Let’s say that the user in America chooses a storage facility in Mexico because it provides the least expensive service. Theoretically, the user’s data is subject to the laws of both Mexico (because that’s where the data is located) and America (because that’s where the user is located). If the user then travels to another country, such as Iraq, the data becomes subject (at least in theory) to the laws of Iraq as well.

In reading the views of several industry pundits on the topic, I can see where the legal issues could become quite vexing indeed—taxing even the best lawyer’s ability to untie the Gordian knot of legal consequences. So far, I can’t find anyone really trying to apply these multiple jurisdictions to a single user’s data, but I imagine it’s only a matter of time. As more and more technologies become global, however, and we begin to explore the stars with a greater sense of urgency, I begin to wonder just how long countries will continue to exist. It makes me wonder whether there will be a point at which the legal burden alone will make it a lot easier to have a single set of laws worldwide.

A number of people I’ve approached on the topic have presented perfectly valid arguments against a one world government. The most reasonable argument is that administering a single country is hard—trying to administer the entire world from a single place might well prove impossible. Still, I see more and more arguments about this whole issue of legal requirements, porous borders, global economies, and the like and it does make me wonder.

How do you feel about the legal issues regarding cloud computing? Is this simply the beginning of a much larger trend where legal requirements start to eat away at the need for countries? Does our future really involve a single world government? Let me know your thoughts on the issue at [email protected].

 

Contemplating the Future of Prosthetic Devices

I keep up with the technology used to help people live fuller lives when they have a special need in as much as is possible. Of course, even if I devoted full time to the task, keeping up with every innovation would be impossible. Still, I try to find articles and other resources that go along with some of the concepts I originally discussed as part of Accessibility for Everybody: Understanding the Section 508 Accessibility Requirements. I recently read a Smithsonian article that helped me better understand precisely where prosthetic technology will be going in the future. Hugh Herr has turned a terrible life experience into something incredibly positive by creating prosthetic devices that work more like the flesh and blood counterparts they’re designed to replace.

The technology described in the article is simply amazing. However, the article also underscores some of the underlying issues that anyone with a special need faces. People automatically think that anyone with a special need is somehow deficient or requires special treatment. Given the resources, training, and devices available today, most special needs people can live as if they don’t have a special need. In fact, as far as they’re concerned, they don’t have one. So, while the article does describe really cool technology and tells of the heroic battle fought by several people to live normal lives, it also tells of a society that just isn’t ready to understand how technology can level the playing field and what a desirable response to special needs people should be.

Which brings me back to my book. When readers write me about my book, they often miss the point. Yes, my book is designed to help developers create really cool applications. It’s also designed to help people understand their legal and moral responsibilities in helping people with special needs. A few readers even get the idea that they’re likely to require special aids at some point in their lives. However, almost everyone misses the the point that I wrote my book to help people, all people, feel acceptance for who they are—no matter who they might be or what their requirements are.

Forward thinking people like Hugh Herr really are important today because technology such as bionics have the potential to change how we view humans as a species. A recent MIT Technology Review article highlights where Dr. Herr is going and where he wants to take us. If he can realize his vision, the things we’ll be able to do boggles the imagination. More importantly, the loss of a limb will no longer be an impediment to doing anything at all. Perhaps the makers of The Six Million Dollar Man had it right all along.

Where do you think we’re going with technology designed to overcome special needs in a way that makes them all but invisible? More importantly, what do you feel are the changes society needs to make with regard to treatment of special needs people? Let me know your thoughts at [email protected].

 

Selecting a Computer Book

Readers contact me on a regular basis about selecting a computer book. I often think they want a precise recommendation from me (and some do ask me to provide a specific recommendation). However, I can’t choose a book for you or any other reader for a number of reasons. Most important of all, I don’t know how you learn. There are other issues too. For example, I can’t always guess from the e-mail precisely how you intend to use the book or what sort of information you need from it. In short, my best guess probably won’t be good enough.

Originally, I tried to handle the situation by providing a blog post entitled, “Techniques for Choosing a Technical Book.” The blog post worked well for a while, but it still doesn’t really answer reader needs. For example, readers would often act oddly if I didn’t recommend one of my own books, even though I knew from the reader query that my book would only solve part of their need and there was a better option out there. (Part of creating a book proposal is to look at the competition in depth and determine how your book will fill a niche that the competition doesn’t. I try to be honest with readers in this regard so that when they do buy a book, they’re happy with the purchase.) With this in mind, I wrote a series of three articles that examines the whole question of selecting a computer book in significantly more detail:

The goal of these three articles is to provide you with the best possible information about selecting and using a computer book. The thing I’ve noticed most often when I receive complaint e-mails is that even when a reader does select a truly usable computer book, sometimes they don’t get the most out of it. A purchase is only as good as the value you receive from it. These articles are designed to increase your satisfaction by helping you use the books more effectively.

Choosing and then using a computer book effectively will help you gain new marketable skills and insights into the computer industry. Overall, it’s my goal to help you earn more money or live a better life when I write a computer book. In other words, my goal is to help you gain something of value—something that you can later say improved your life in some way. Of course, I’m always refining my skills and choosing new techniques based on reader needs at any given time. That’s why I always want to hear from you at [email protected].

 

Self-driving Cars in the News

I remember reading about self-driving cars in science fiction novels. Science fiction has provided me with all sorts of interesting ideas to pursue as I’ve gotten older. Many things I thought would be impossible, have become reality over the years and things that I thought I’d never see five years ago, I’m seeing in reality today. People will start to look at how to sell junk car or their old car just so they can get their hands on a self-driving one, this pretty much looks like the future for us all. I discussed some of the technology behind self-driving cars in my Learning as a Human post. The article was fine as it went, but readers have taken me to task more than a few times for becoming enamored with the technology and not discussing the reality of the technology.

The fact of the matter is that self-driving cars are already here to some extent. Ford has introduced cars that can park themselves. The Ford view of cars is the one that most people can accept. It’s an anticipated next step in the evolution of driving. People tend to favor small changes in technology. Changes that are too large tend to shock them and aren’t readily accepted. People are always happy with small changes, they are more likely to buy a car if they see that it has been improved upon slightly (compared to the model that they already have). People find it so easy to buy a new car now, they don’t even need to worry about getting it either, as they can simply just get it delivered to their home by using a shipping company (you can find out more information here at this Cars Arrive Auto Relocation company). Which is great, but what’s so good about a new car that has one small change?

Google’s new self-driving car might be licensed in Nevada, but don’t plan on seeing it in your city anytime soon (unless you just happen to live in Nevada, of course). A more realistic approach to self-driving cars will probably come in the form of conveyances used in specific locations. For example, you might see self-driving cars used at theme parks and college campuses where the controlled environment will make it easier for them to navigate. More importantly, these strictly controlled situations will help people get used to the idea of seeing and using self-driven vehicles. The point is to build trust in them in a manner that people can accept.

Of course, the heart of the matter is what self-driving cars can actually provide in the way of a payback. According to a number of sources, they can actually reduce driving costs by $190 billion dollars per year in health and accident savings. That’s quite a savings. Money talks, but people have ignored monetary benefits in the past to ensure they remain independent. It will take time to discover whether the potential cost savings actually make people more inclined to use self-driving cars. My guess is that people will refuse to give up their cars unless there is something more than monetary and health benefits, as like non self-driving cars, they still need to be checked over every few years, they’re still susceptible to breaking down and needing new parts from online auto parts store TDC Automotive and others similar. So all in all, consumers won’t be jumping at the chance to buy one for the time being.

Even though no one has really talked about it much, self-driving cars have the potential to provide all sorts of other benefits. For example, because self-driving cars will obey the speed laws and run at the most efficient speeds possible in a given situation, cars will become more fuel efficient and produce less pollution. The software provided with the vehicle will probably allow the car to choose the most efficient route to a destination possible and provide the means for the car to automatically navigate around obstructions, such as accidents (which will be notably fewer). People could probably be more assured of getting to their destination on time because they won’t get lost either. Working on the way to work will allow people to spend more quality time with family. It’s the intangible benefits that will eventually make the self-driving car seem like a good way to do things.

The self-driving car is available today. It won’t be long and you’ll be able to buy one. You can already get a self-parking Ford, so the next step really isn’t that far away. The question is whether you really want to take that step. Some people may see self-driving cars as too much of a gamble, luckily we still have used car companies like Zemotor that we can buy our cars from and feeling secure about it. Let me know your thoughts on self-driving cars, their potential to save lives, reduce costs, create a cleaner environment, and make life generally more pleasant at [email protected].

Renewable Energy Inroads

I’m all for making the planet less dependent on fossil fuels, if for no other reason than they represent a finite resource. Renewable energy offers to replace the finite resources we use now with something we can harvest forever. The problem is that many renewable energy sources are really quite dirty. For example, the solar cell that adorns your roof may be killing people in China. In my opinion, we really don’t need to clean up our part of the planet by making China’s part of the planet even dirtier. In the long run, we won’t benefit by that strategy. Just think of all the really interesting poisoned toys China will send our way-toys poisoned by our own toxic waste. The toxins we generate in other countries tend to come back to haunt us.

It was with mixed feelings that I recently read that solar energy will become a major energy source within 15 years. The reasons for the increase in usage are many, but the basic reason is that solar is becoming less expensive to install and maintain.

Even if there is a possibility of solar still being relatively expensive to install, something known as the solar tax credit can ensure that people can claim a tax credit of up to 30% (depending on where you live) that can go towards the costs of your project. In many circumstances, this could persuade more people to incorporate solar energy within their homes or workplace.

There are even schools that are starting to use solar energy and other renewable energy sources now (more here). Often they do this under Act 32, which allows schools to exceed their revenue caps for energy-efficient improvements such as lighting, roofing, heating and air conditioning, energy conservation. Plus, now it’s easier than ever to contact a solar battery supplier and look into purchasing some solar batteries. Not only this but the costs of the solar panels and their installation has gone down considerably, so it’s possible that solar power might actually become less expensive than using fossil fuels at some point. Of course, the savings assume that you’re not storing excess power in batteries. Adding batteries to the picture greatly increases costs and makes solar quite expensive indeed.

There is one benefit to solar energy that many people don’t think about. If the solar panels appear on people’s rooftops in a decentralized configuration, the ability of terrorists to disrupt the electrical system is greatly diminished. A decentralized setup also reduces costs associated with power transmission and could actually do things like reduce cooling costs in summer. Of course, the utilities aren’t crazy about decentralized solar because it cuts into their profits, but the fact of the matter is that we need a better setup than the one we do now. Our system is so fragile right now that I’m often surprised a storm or other simply cause doesn’t knock out major sections of the country.

The bottom line for me is that we really do need to reduce our power usage and embrace renewable energy sources. However, we need non-polluting renewable energy sources or at least sources that pollute less than the ones we have now. I last tackled this topic in More People Noticing that Green Technology Really Isn’t. The fact is, nothing has changed in the technology, but the need to address the technology shortfalls has just become greater. Before a technology that pollutes our planet quite a lot becomes entrenched, we need to come up with answers to deal with the pollution-preferably a better technology.

What are your thoughts on renewable energy? What forms do you feel pollute the least and provide the greatest benefit to people as a whole? Do you see renewable energy becoming the only power source at some point? Let me know your thoughts on these and other energy concerns at [email protected].