Archive for the 'Notable Posts' Category

How 3D Printing Will Change the World

Sunday, November 11th, 2012

Printer3D printers have been called a “disruptive technology”, and I’m not the only one who thinks they’ll change the world. So this post is a collection of related articles that I’ve found over the last 6 months or so. Before you read further, however, check out this Dilbert cartoon about 3D printers.

For all the copyright problems with digital music, videos, and books, 3D printing is going to be even worse. Say you need a new part for your car. Do you buy it from an auto parts store, or do you print it yourself at home? Or will the mechanic print it out at the garage? Will we have a reasonable system where we pay to download original designs to our printer, or will there be rampant piracy like we have now with digital entertainment? I hope lawmakers will be proactive in this area, rather than reactive.

3D printing will make some existing laws unenforceable, much like what the Internet has done to anti-pornography laws. Michael Guslick, an amateur gunsmith, created the lower receiver of an AR-15 assault rifle with a 3D printer. He used a non-printed “upper”, barrel, etc., all legally available for purchase, and made a working .22 rifle. How effective will gun laws be when you can print one at home, especially once we get the ability to easily print the metal parts?

With recent news about creating drugs with 3D printers, I suspect it won’t be long before we can use a printer to dial up some cocaine. All that crime associated with drug creation and distribution… gone.

And what about the manufacturing sector? My uncle owns a steel fabrication company. Right now that means lots of cutting, welding, and machining. Much of the operation is computerized, but it wouldn’t surprise me to see 3D printers take over a big part of what they do. One article goes even further, speculating on the engineering possibilities now that 3D printers can print using both biological and traditional (metal, ceramic, plastic) materials.

Think about logistics. Many businesses have gone to a “just in time” supply model where they keep a minimal supply of parts on hand and order them right before they need them. With 3D printing, they could go to an “exactly when needed” model. Military operations wouldn’t need to be so heavy on logistics either—front line troops could print what they need, provided the printers and raw materials were supplied via conventional means.

3D printers have come down in price to where the average person can afford them (I have a coworker who owns one). And they’re also getting smaller. Will we soon see the day where there’s one in every home? I believe so.

Thanks to Josh, Slashdot (1,2), and Kim Komando for these articles.

Update (1/12/2013): Did I call it or what?

Wiping Solid-state Drives

Monday, November 7th, 2011

Hard DriveThere are well-defined procedures for permanently erasing data from a traditional hard drive. But for solid-state drives (SSDs), which use Flash memory instead of magnetic platters, things are quite different. The problem stems from two peculiarities of SSDs: “they can only erase data in larger chunks than they can write it, and their storage cells can only be written a certain number of times (10,000 is standard) before they start to fail.” Because of these, SSD firmware does a lot of behind-the-scenes manipulations when writing data to the drive.

Researchers at UCSD have determined the following:

  1. Built-in erase commands are effective, but are sometimes implemented incorrectly.
  2. Overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.
  3. None of the existing techniques for individual file sanitization are effective on SSDs.

That being said, law enforcement agencies are finding that it’s hard to do forensics on SSDs because the drive automatically wipes a significant percentage of deleted data without any intervention by the user. This may seem like a direct contradiction to what the UCSD team determined, but the difficulty there was with the purposeful sanitization of data as well as with the erasure of individual files. So while it’s difficult to wipe everything, it’s also hard to prevent some amount of deleted data from being wiped automatically.

The Ars Technica article (link #3 below) briefly discusses the article in link #1, and then goes on to mention other erasure techniques that are coming down the pipeline. For right now, however, they suggest encrypting the drive as a good way to keep private data secure.

Link #1: http://www.usenix.org/…
(via Slashdot)

Link #2: http://news.techworld.com/…
(via Slashdot)

Link #3: http://arstechnica.com/…

Enter the Evercookie

Friday, October 22nd, 2010

Computer SecurityYou don’t have to be a hard-core geek to know how some websites use cookies to identify your computer and track your internet browsing habits. But it’s just too easy to disable and/or delete browser cookies, so the organizations involved have been looking for better methods. The goal is to save information across page visits and browser sessions, and there are quite a few ways to accomplish this. Flash cookies use the local storage capabilities of the Adobe Flash Player. These have given rise to zombie cookies, where a deleted browser cookie is recreated from the Flash cookie. HTML 5 has a client-side database storage capability that makes me wonder just what they were thinking when they developed the standard. And finally there’s the Evercookie, which uses every trick in the book and is quite hard to remove. My favorite is how it encodes the cookie data as an image file, which is stored in the browser’s cache to be later read back and decoded.

Update: Ars Technica tells us that it’s technically possible to kill the Evercookie.

The Benefits of Internet Proxies

Monday, March 22nd, 2010

InternetIn Internet-speak, a proxy is a server that takes your request, sends it to a destination server as if it were coming from the proxy itself, and then sends the response back to you. It acts as a proxy in much the same way that you can use a lawyer as an intermediary or designate someone else to cast your vote at a stockholder meeting. Internet proxies can be used for a variety of purposes, one of which is anonymous browsing.

An anonymous proxy keeps no permanent record of which users have connected to which websites. And since the page request comes from the proxy itself, there is no easy way to track who is actually making the request. (In reality the use of multiple, chained proxies is recommended.) This anonymity is quite beneficial for whistle blowers and victims of political oppression, as well as the privacy- and security-conscious. But it also works for organized crime, terrorists, and other criminals.

Another popular use of proxies (not necessarily anonymous ones) is to circumvent corporate/government filters. The destination website may be blocked, but the proxy server is not—thus allowing the user to view prohibited websites.

Here are additional resources:

Thanks to Josh for this topic and the links.

3D Coming to Your Living Room

Thursday, March 18th, 2010

3D GlassesAt last January’s Consumer Electronics Show, consumer 3D television technology was a major presence. Expect to see actual products for sale later this year.

The good news is that the various industry players appear to be standardizing on active shutter glasses. The secret of 3D technology is that a slightly different picture is presented to each eye. Carefully crafted images can thus fool the brain into perceiving depth. With the old red and blue glasses, pictures for one eye were in red and the other in blue. The red lens would only be able to see the blue picture, and the blue lens would only be able to see the red picture. Thus each eye saw different images. The newer 3D systems in theaters use polarization. Two slightly different “movies” are displayed at the same time. The movie for one eye is polarized a certain way, and the movie for the other eye is polarized at (I assume) 90 degrees to the first. The glasses contain polarized lens that only allow the appropriate movie to be seen by the correct eye, thus showing a different movie to each eye. With active shutter glasses, rather than projecting both movies at the same time, the television quickly alternates between the movie for each eye, first showing the frame for the left eye, then the frame for the right, and so on. The glasses alternate at the same frequency, first leaving the left eye transparent and the right eye opaque, then vice-versa. This happens quickly enough that we don’t consciously notice the change. But the brain does, and it perceives the movie as being in 3D.

To actually watch a 3D movie at home, you’ll need a compatible television. Expect satellite and cable TV companies to start broadcasting some channels in 3D, but I believe the primary use will be with Blu-ray. For this, you’ll need a player that supports both HDMI 1.4 High Speed HDMI and the new Blu-ray 3D spec. The Sony PS3, of course, will upgrade with no problem. But for those of you encumbered with an “old” Blu-ray player, time to junk it and buy a newer model (or at least check and see if it’s possible to update the firmware).

I personally dislike 3D movies because putting the glasses over my prescription frames is awkward and annoying. But if active shutter technology becomes ubiquitous, then perhaps opticians will start offering prescription versions, like they currently do with sunglasses, ski goggles, and dive masks.

Removing Personal Information From the Internet

Monday, December 1st, 2008

InternetThe linked article addresses the question of how to remove embarrassing or career-impacting personal information from the internet. It turns out there are a lot of things that seemed like good ideas at the time but later turn negative—I think the most obvious are drunken/risqué pictures. The short answer is that it’s really difficult to remove things from the internet, and the best way is to make sure they never get there in the first place.

I’m at the point where I think carefully about what I write in website comments, to the point of the Digg comments on which I click the “thumbs up” icon. That information is stored somewhere, and even though some of it isn’t currently available for general viewing, it may not remain that way. Here on Chad’s News I have total control and can change anything. Yet there’s The WayBackMachine, the Google cache, The Coral Content Distribution Network, and other caching or archiving services. Those are much more difficult to modify.

My previous employer checked me out on the web before hiring me, as did a woman I met on match.com. Fortunately I “passed” whatever tests they were giving me. This shows, however, how much my online presence can affect my life.

Link: http://www.computerworld.com/…
(via Lifehacker)

There is No Such Thing as Wireless Security

Saturday, November 1st, 2008

Computer SecurityChad’s News has previously discussed the use of graphics cards to solve problems that can be broken into pieces and processed in parallel. Elcomsoft has jumped on this wagon and added GPU processing to its Distributed Password Recovery software, specifically for the WPA and WPA2 wireless formats (among others). According to this article, using two high-end graphics cards will decrease the computation time by a factor of 100. The linked article doesn’t give actual times for breaking encryption, but it does imply that brute force attacks can be successful—the web site says, “Recover the most complex passwords and strong encryption keys in realistic timeframes.”

Home users probably do not need to worry about people hacking into their wireless networks with this tool, because it should take significant resources to successfully break the encryption. I see it being used for things like industrial espionage, government spying, homeland security, crime forensics, etc.

The core lesson of this article is that it’s getting easier for a determined attacker to discover passwords and encryption keys. So beware.

Link: http://www.elcomsoft.com/…
(via Engadget)

Update: Ars Technica has specific information on the actual amount of time required to crack a password. For eight-character, lowercase, non-dictionary words, we’re looking at about a week.

Web Applications Going Mainstream

Sunday, September 17th, 2006

InternetA web application is a program run over the internet via a browser. So, for example, Writely is a full-featured word processor accessible via the web. The advantage of Writely, as with all web applications, is that you can use the program and access your data from anywhere in the world and on any computer.

An early type of web application was web-based email. Yahoo! Mail, MSN Hotmail, and GMail are examples. But recently we’ve seen the advent of full office suites. In addition to Writely there are Thinkfree, Zoho Writer, Google Spreadsheets, Picasa Photo Editor, Google Calendar, and Google Base (among others). Microsoft, obviously a bit worried about this competition, is planning to make their Works office suite available via the web.

Web applications are catching on—even in the Chad’s News household. I’ve switched mail programs from Outlook Express to Gmail. I did it for the spam filtering, but it’s also nice to be able to check email whenever I’m out of town. I also switched RSS readers from Habari Xenu to Bloglines.

One of the big negatives for web applications is that you’re trusting precious data to a third party. Using Gmail, for example, I have no way of backing up my email data and I’m trusting Google to maintain it in perpetuity. I’m also trusting Google to not go out of business. (This can be a real issue. I have a friend who hosted digital photos in an online repository that went out of business with almost no notice. He happened to be offline for a few weeks, and by the time he got back online it was too late to retrieve his data.) There are also privacy concerns when using a web service for confidential data.

Another negative is that web applications rarely have all of the features found in a dedicated program. For most people this will not be a issue, but power users may run into problems.

Web applications are here to stay, and they’re gaining in popularity. Expect to see them used more frequently.

(Thanks to Josh for the idea behind this article.)
Copyright © 2006 by Chad Cloman

Net Neutrality: What You Need To Know

Monday, July 24th, 2006

InternetIf you’ve been keeping up with the news lately, you may have heard about net neutrality. As it was first explained to me, telecom companies didn’t think it was fair that bandwidth-hogging, content-providing web sites (think Google) didn’t have to pay for their traffic that travels over the telco infrastructure. So I pay Qwest, for example, to access Google. Google serves up the content through their connection to the internet, whatever that is, and the data travels through the internet, eventually arriving at Qwest’s network and then my PC. This is net neutrality. Some of the more vocal telecom companies, however, want to also charge Google for sending the content over their network. In essence, double-charging and wringing every bit of money possible out of their network infrastructure. It’s no wonder, then, that companies such as Google and Amazon are firmly opposed to this and have been pressuring Congress to pass a net neutrality bill that outlaws it.

Since this original explanation, however, net neutrality has undergone a transformation. Without a net neutrality law in place, the internet would become a two-tier network, where content providers have to pay for preferential treatment. Thus Google, paying for this privilege, would find its content served up in much the same way it is today. While Chad’s News, which cannot afford such extravagant services, would be relegated to a “slower” internet. The best explanation of this is in the linked video of Comedy Central’s The Daily Show. From the video, “The point is that with net neutrality all internet packets – whether they come from a big company or a single citizen – are treated in the exact same way.” (Note that there is some off-color humor in the clip, and the real meat of the issue starts about halfway through.)

So the push is on in Congress. The current efforts to get net neutrality passed as law have failed, but we can expect to see it come up again later this year.

http://www.youtube.com/…
(via The Consumerist)

Keystroke Logging and Physical Security

Sunday, April 23rd, 2006

Computer Security

Keystroke logging has become more of a concern in recent years, as more and more spyware programs install a software-based logger and send the results back to the creator—who then takes advantage of the password, bank account, and credit card information that may have been captured. In addition, there’s the problem with loggers installed on public computers (never enter sensitive information on a public computer—you’ve been warned).

With all this emphasis on software, however, it’s easy to forget about the hardware-based loggers. ThinkGeek has one for sale, at a mere $99. Simply unplug the keyboard, attach the Key Katcher, and plug it back in. Remove it later and you can browse up to 130,000 keystrokes. Very useful for checking up on a potentially-cheating significant other, or monitoring a child’s internet use. Or, for the creative, posing as cleaning staff and installing them on a bank’s computers. (The bank in question now super-glues keyboard cables to the computer, although there are other, less-expensive solutions.)

The gist of it all is that physical security is just as important as firewalls, anti-virus/spyware software, and network/internet security. Did you know, for example, that it’s quite easy to reset Windows passwords provided you have physical access to the computer? (Via the Linux disk or the login.scr trick.) And you can usually access the files themselves just by moving the hard drive to another machine that already has Windows installed—which is why really sensitive files should be encrypted.

It’s a dangerous world out there, in the land of computers, but knowing the potential risks is the first line of defense. I’m sure I haven’t covered them all, so feel free to leave comments with any additional information.

What Are Use Taxes and Why Should I Care?

Monday, April 17th, 2006

ShopperFor us netizens who reside in the United States, “use taxes” are starting to become an important topic. Essentially, a use tax is a sales tax on purchases for which you didn’t have to pay sales tax. I know that sounds confusing, so let me give an example:

I live in Denver, Colorado but travel to Oregon (which has no state sales tax) and purchase a car. When I return home, I am required to pay a use tax of 7.6%:

  • Colorado state: 2.9%
  • Denver city: 3.5%
  • Regional Transportation District: 1.0%
  • Scientific and Cultural Facilities District: 0.1%
  • Metropolitan Football Stadium District: 0.1%

This happens to be exactly the same amount I’d pay in sales tax had I bought the car in Denver. If the car were to be delivered to my location in Denver, then the seller should collect the use tax. Otherwise, it is my responsibility to pay the taxes to the appropriate authorities.

So why is this important? It’s all about the internet. When I purchase a “tax-free” product online and don’t pay the appropriate use tax, I’m breaking the law. As internet sales have become more popular, the states have begun to realize they’re losing use-tax revenues—so they’re cracking down. Some states, Colorado not among them, have put a line on the state tax form for honest citizens to declare any use taxes they owe. As the linked article states:

“If you’ve written zero or left [the use tax entry] blank, during the audit we’re going to make you produce your financial records, bank statements, credit card statements,‘ said Michael Bucci, a spokesman for the New York Department of Taxation and Finance.

Over the past few years I’ve heard various mutterings about the collection of use taxes for internet purchases, and I expect it to become more of an issue as time progresses.

http://news.com.com/…

Why Wireless Security Matters

Saturday, December 17th, 2005

Computer Security

Paramount is suing Russell Lee for more than $100,000, alleging that he obtained an illegal copy of a movie and subsequently uploaded it to a filesharing network. In defense, Mr. Lee claims the real perpetrator hijacked his (then unsecured) wireless network. The evidence is weak, and while Mr. Lee will probably be exonerated he will still have to pay legal costs and deal with the stress of a court case. This just underscores why wireless security is so important.

If you have a wifi network, here are the basic things you should do to secure it:

  • Change the router’s default admin password.
  • Change the SSID and disable SSID broadcast.
  • Enable WPA2 security. If your wireless router does not support WPA2, then get a router that does. WEP security is easily cracked, and WPA, although better, is still vulnerable.
  • Use MAC filtering.

These steps will not keep out a determined expert hacker, but the goal is to make it difficult enough that he/she will hijack someone else’s network.