Slashdot Mirror

MIDI was introduced at the 1983 NAMM show as a means to connect various electronic instruments together. Since then, our favorite five-pin DIN has been stuffed into Radio Shack keyboards, MPCs, synths, eurorack modules, and DAWs. The standard basically hasn't changed. Now, ahead of the 2019 NAMM show, the MIDI Manufacturers Association (MMA) in conjunction with AMEI, Japan's MIDI Association, are announcing MIDI 2.0. From a report: The new features include, "auto-configuration, new DAW/web integrations, extended resolution, increased expressiveness, and tighter timing." It will retain backwards-compatibility with MIDI 1.0 devices. The new initiative, like the release of the first MIDI spec, is a joint venture between manufacturers of musical instruments. The company lineup on this press release is as follows: Ableton/Cycling '74, Art+Logic, Bome Software, Google, imitone, Native Instruments, Roland, ROLI, Steinberg, TouchKeys, and Yamaha.

Hackaday's Tom Nardi writes about the Federal Aviation Administration's push to repeal Section 336, which states that small remote-controlled aircraft as used for hobby and educational purposes aren't under FAA jurisdiction. "Despite assurances that the FAA will work towards implementing waivers for hobbyists, critics worry that in the worst case the repeal of Section 336 might mean that remote control pilots and their craft may be held to the same standards as their human-carrying counterparts," writes Nardi. From the report: Section 336 has already been used to shoot down the FAA's ill-conceived attempt to get RC pilots to register themselves and their craft, so it's little surprise they're eager to get rid of it. But they aren't alone. The Commercial Drone Alliance, a non-profit association dedicated to supporting enterprise use of Unmanned Aerial Systems (UAS), expressed their support for repealing Section 336 in a June press release: "Basic 'rules of the road' are needed to manage all this new air traffic. That is why the Commercial Drone Alliance is today calling on Congress to repeal Section 336 of the FAA Modernization and Reform Act of 2012, and include new language in the 2018 FAA Reauthorization Act to enable the FAA to regulate UAS and the National Airspace in a common sense way."

The 2018 FAA Reauthorization Act does not simply repeal Section 336, it also details the new rules the agency would impose on unmanned aircraft and their operators. Under these proposed rules, all unmanned aircraft would be limited to an altitude of 400 feet unless they have specific authorization to exceed that ceiling. They must also be operated within line of sight at all times, effectively ending long-range First Person View (FPV) flying. There's also language in the Reauthorization Act about studying the effects of flying unmanned aircraft at night, or over groups of people. It also states that drones, just like traditional aircraft, must be registered and marked. It even authorizes the FAA to investigate methods of remote identification for drones and their operators, meaning it's not unreasonable to conclude that RC aircraft may be required to carry transponders at some point in the future. To many in the hobby this seems like an unreasonable burden, especially in the absence of clear limits on what type of small aircraft would be excluded (if any). The report also notes that the 2018 FAA Reauthorization Act will require drone operators to have to pass an "aeronautical knowledge and safety test," and to show proof of their passing to any law enforcement if questioned. Also with the repeal of Section 336, "young people might actually be excluded from flying remote-controlled aircraft," Nardi writes. "While many RC planes and quadcopters are marketed as children's toys, in the absence of Section 336, it's not clear that a child could legally operate one. The FAA requires a person to be 16 years of age to obtain a pilot's license, and if unmanned aircraft are truly expected to obey the same 'rules of the road,' it's not unreasonable to assume that age requirement will remain in effect."

An anonymous reader writes: Hackaday recently engaged in a bit of urban exploration, taking a look inside of a recently purchased Toys "R" Us location that has been boarded up since the once giant toy store chain folded in June. Inside they found plenty of hardware left behind, from point-of-sale systems to the Cisco networking gear in the server room. But the most interesting find was on paper.

In a back office, they found "several boxes" of personal information about the store's employees, from their medical records to photocopies of their driver's licenses and Social Security cards [and also tax forms]. A video included with the article gives the viewer an impression of just how large a collection of files were left behind.

The author wonders if the situation in this particular store was a fluke, or if the other [800] Toys "R" Us locations were left in a similar state.
The article calls it "a very surprising look at what get's left behind when the money runs out and the employees simply give up...."

"We saw the great lengths the company went to protect customer information, so to see how little regard they had for their own people was honestly infuriating."

An anonymous reader shares a report: Over on the EEVblog, someone noticed an interesting chip that's been apparently flying under our radar for a while. This is an ARM processor capable of running Linux. It's hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3. If you do it right, this will get you into the territory of a BeagleBone or a Raspberry Pi Zero, on a board that's whatever form factor you can imagine. Here's the best part: you can get this part for $1 USD in large-ish quantities. A cursory glance at the usual online retailers tells me you can get this part in quantity one for under $3. This is interesting, to say the least.

The chip in question, the Allwinner A13, is a 1GHz ARM Cortex-A8 processor. While it's not much, it is a chip that can run Linux in a hand-solderable package. There is no HDMI support, you'll need to add some more chips (that are probably in a BGA package), but, hey, it's only a dollar. If you'd like to prototype with this chip, the best options right now are a few boards from Olimex, and a System on Module from the same company. That SoM is an interesting bit of kit, allowing anyone to connect a power supply, load an SD card, and get this chip doing something. Currently, there aren't really any good solutions for a cheap Linux system you can build at home, with hand-solderable chips.

szczys writes: Even tiny slowdowns have major ramifications on automated stock trading. To put the computing power as close to the markets as possible, microwave links (point-to-point links via dedicated microwave dishes) connect Wall Street to server installations in New Jersey. Hot weather, especially when accompanied by high humidity, slows those links down enough to make an impact on trading. From a report via Hackaday: "For short-haul links around the financial centers in New York, though, dedicated network links are favored for low-latency connections. Rather than trusting their trades to the vagaries of the internet and risk an unfavorable routing path or a cable severed by an errant backhoe, high-frequency trading firms often rely on microwave links to exchange information. [...] As it turns out, those microwave connections are the weak link in the system. During the early July heatwave, the links were experiencing slight delays in transmission times over that 16-mile path and throwing off the timing of the trading algorithms. The delay was minuscule -- on the order of 10 microseconds -- but in a business where millions are made and lost in seconds, that's substantial." Last month, Bloomberg reported that high humidity was impeding radio transmissions among three New Jersey data centers where U.S. stocks trade. According to a note Nasdaq sent customers, it took about 8 microseconds longer to send info from the stock exchange's facility in Carteret to the New York Stock Exchange data center in Mahwah, and an extra 2 microseconds to send data to Cboe Global Markets' exchange in Secaucus.

You asked questions, we've got the answers!

Christine Peterson is a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986. One of her favorite tasks has been contacting the winners of the institute's annual Feynman Prize in Nanotechnology, but she also coined the term "Open Source software" for that famous promotion strategy meeting in 1998.

Christine took some time to answer questions from Slashdot readers.
What exactly happened in 1998?
by Anonymous Coward

Prior to 1998, had you heard anyone using the phrase "open source" before? Or was it something you came up with on your own as the only logical set of words to describe source code which is openly shared.

Starting earlier, our non-profit, Foresight Institute, had been holding a series of small invitational meetings at our office in Los Altos, focused on our free software project and the field in general. One topic of discussion that came up now and then was the problem of the name free software and how it confused newcomers into thinking that the main point was the price because, sadly, in English our word for "free as in freedom" and "free as in price" are the same. (In Spanish they wisely use different words for these two concepts.) But nothing had yet been suggested that seemed good enough to catch on.

Sometime after that the term "open source software" popped into my mind, and my immediate thought was "that's good enough." Not ideal, not great, but good enough to solve the problem. I ran it by a few friends including Mark Miller and Eric Drexler, and they agreed it was probably good enough. One other friend, who worked in PR, thought that "open" had already been overused in the software field, which was true, but it seemed appropriate in this context so I decided to go ahead with the idea anyway.

Eric Raymond came to visit Silicon Valley in connection with the transition of the Netscape code from proprietary to publicly available, so we met again to discuss these new developments. While there Eric took a call from two people from Netscape, and when he was done I asked to speak to them, a man and a woman (possibly Mitchell Baker?). I mentioned the name problem and they agreed, but none of us then had a better term to suggest.

When Eric Raymond visited again, he needed to have other local meetings and doesn't drive, so I offered to drive him around. That's when I found myself sitting in on the meeting at VA Research that included Larry Augustin, Sam Ockman, and "maddog" by phone; I wasn't invited to it. Probably the others thought I was Eric's chauffeur or even his girlfriend. Prior to the meeting I had discussed the "open source software" idea with Todd Anderson, who was also at this meeting, but not with Eric himself, whom I didn't know as well at this point. Being a non-programmer, I had pretty much zero status at this meeting, except with the two who already knew me, so I didn't feel it would work to just say "Hey, here's why you guys all need to use my terminology for your field." The meeting was primarily on broader free software topics anyway, so I just listened and didn't see an opening. Fortunately, Todd was on the ball and tried an interesting tactic: he just used the term casually, not introducing it formally but just throwing it out there in another context. Of course then I perked up and started paying closer attention to see what would happen, if anything. A few minutes later someone else, who hadn't been informed in advance, spontaneously used it, again in a context unrelated to a change in terminology. Todd and I looked at each other and smiled: the meme had jumped successfully!

Later in the meeting, as a rather minor matter compared to the rest of it, the group had a brief discussion and agreed that open source software would be a useful term. No attention was paid then to who suggested it originally, which was fine with me. Later on, Eric even briefly thought it was he himself who came up with it (which would be quite a plausible thing for him to do), but Todd took the initiative to let him know that it was me, and immediately Eric was super gracious about correcting the record on that.

At the time, Todd told me that someday I would be glad to have credit for this, and he was quite right about that. So thank you Todd, wherever you are (and please get in touch).

I don't recall hearing the phrase before it popped into my head, though I found out later that it has long been widely used in the "intelligence" (i.e., spy) field to refer to publicly available information content, so the usage is similar enough to not be a problem. Since the recent coverage of the 20th anniversary, a couple of previous uses in a software context have turned up also. But since I was neither in software nor in intelligence, I probably did not see any of these uses.

I've seen a couple of commenters suggesting that I should defend a claim to having coined the term. Fortunately for me, I don't need to do this, because that decision is not based on my current input or comments. It's an open source community decision based on past experiences, and as a non-programmer I don't even get a vote on this. I just have to accept whatever the community decides, which is why I waited twenty years to let things settle out before publishing my own account.

For a more of the history, see my longer version at Opensource.com. (The OSI history page lists Michael Tiemann also at the VA Research meeting, which is probably correct though I don't recall it. It also has the meeting dated two days earlier than my notes indicate; sadly my calendar data from those days is not accessible format-wise anymore.)

What was it like in 1998?
by DevNull127

As someone who worked closely with Eric Raymond (and had interactions with Jon "maddog" Hall), what were they like in 1998? I'm curious what the whole "mood" of the development community was like in 1998 at that historic meeting. Maybe you could also talk about how things changed -- what they were like before the Open Source movement revved into high gear, and what they were like after.

And how does it all compare to when you first joined the tech scene in the 1980s?

CP: When I arrived in Silicon Valley in 1985, we were still in the early days of the personal computer. Most people did not have an email address or even a fax machine. Only visionaries like Ted Nelson and Doug Engelbart were talking about hypertext and the future of online personal computing. At that time, working on Nelson's Xanadu Hypertext Project was one of the few ways available to move toward that future, and it was through that project that I met many very smart software people including Mark S. Miller and Dean Tribble (who have just started a new company, Agoric, to advance secure smart contracts). It was an exciting time in terms of knowing the potential, but frustrating because the underlying chips were still slow, with little memory or graphics functionality, and online communications were done over regular phone lines using modems, painfully slow.

I vividly recall when Martin Haeberli came to the Foresight office to show us an early MOSAIC browser. It wasn't super impressive at that time, but he explained that this was the start of what would become a world of online hypertext, and he was right. The early days of the World Wide Web were extremely exciting to those of us who had been inspired by Nelson's and Engelbart's visions of hypertext. FINALLY we got to make links! But also they had an undercurrent of intense frustration, because so many of the visionary features were missing, such as automatic micropayments to authors for their original publications and even their quotes used elsewhere online. But the term micropayment was seen by many as anathema, because "information should be free." Even back then, some of us knew that there was no such thing as a free lunch, and that expenses must be paid somehow. It's this lack of micropayments to content providers that has led to today's ubiquitous business model of selling users' personal information and manipulating them using highly-targeted ads, and the negative effects of that on society.

At the time, the open-sourcing of Netscape was seen as yet another innovative Silicon Valley company succumbing to unfair pressure by the all-powerful behemoth Microsoft. This sad situation had the silver lining of bringing an exciting browser project into the free software world. But the small startups trying to do support for free software were having a heck of a time explaining to customers why they should have to pay anything at all to use "free software". (And of course they don't, if they are good enough at dealing with code...which most people, including me, are not.) This awkwardness is what led to the addition of "open source software" to the original -- and still useful -- name "free software".

I did not get to know maddog, but in 1998 Eric Raymond was the one who was most active in doing public outreach, especially media, on behalf of open source. He worked very hard for months or years, unpaid to my knowledge, to promote these ideas and the community. There were many others of course, including Bruce Perens who with Eric co-founded Open Source Initiative to defend the ideas and approve licenses that met the new Open Source Criteria they wrote. Tim O'Reilly played a key role by convening and hosting the community in meetings to make group decisions. And of course we should remember Richard Stallman and the Free Software Foundation, which had been and still are doing similar work under the original term.

To me as a relative outsider, it seemed that there was a big change when the new term was introduced, which happened very close in time to the Netscape open-sourcing. I had been reading Slashdot occasionally, mainly to admire the way it was designed and enabled users to interact much more effectively that other systems I'd seen. But when the new term arrived, it seemed that suddenly there was a fast ramp-up of attention and especially media coverage of the field. For a while it seemed like every day there was a new exciting development in "open source", which often appeared in quotes because it was so new. And these were appearing in non-programmer publications, ultimately in mainstream news media. Reading Slashdot became a daily necessity, especially for me, since I was getting some kind of thrilling brain chemistry surge every time I saw the term used. I still do, but it's smaller now: a nano surge.

Nanotech Prognosis / Open Source Utopia
by qaute

What's the current outlook for nanotechnology? Technically speaking, do we get Star Trek replicators soon, or is that still a 25+ year thing?

The ultimate dream in nanotechnology is a molecular assembler (atomic 3D printer) on every desktop, with a widespread community of hardware designers/developers analogous to open source software today. You'll be able to, say, download files to build a new car from GitHub. Hackaday has a good writeup. Suppose that someone finally figures out how to build such a molecular assembler. Chances are it'll be patent-encumbered and NDA'd. How can we [get] from here to there...? Politically, how do regulations, industry, and patents look?

Socially, is it generally viewed as positive or negative these days?

CP: Let's say that the goal is an open-source molecular 3D printer able to construct molecular machinery, plus a large library of open-source designs to use with the device. Let's divide this into the hardware components and software components.

It's taken decades and billions of dollars investment to get us where we are today in conventional hardware chips. That kind of investment has not been made yet in molecular machinery. I think eventually we would get there using human chemists, but it appears that instead there will be a shortcut. Progress in artificial intelligence is moving faster now, and I expect that instead of human chemists and human designers of molecular machinery and associated construction pathways, this work will be done faster via AI. We do not need AGI (artificial general intelligence) to do this. Targeted knowledge of chemistry and design engineering are what is needed, and that's coming sooner than AGI. So it could well be sooner than 25+ years depending on AI progress, but (and here's the catch) if that happens, the world will be changing in many other ways also, both positive and negative, to the extent that we may have other issues to deal with instead of having the opportunity of focusing on writing open source code for atomically-precise manufacturing.

Regarding regulations and patents: there's no particular regulatory focus on molecular machinery just now, and there probably won't be much until an actual problem crops up. As an example, consider the recent hearings on Facebook: the US legislators are not educated enough on those issues to grapple effectively with them. Patents seem likely to continue to be used whenever a company does the work, unless it sees a strategic advantage to open-sourcing the work.

I don't think that nanotech or atomically-precise manufacturing is on the public radar these days, either positive or negative. The nanotech term itself has become a marketing term for anything with at least one nanoscale dimension, so the average person who hears it probably thinks that we already have nanotech and therefore it's not a big deal. But it's not clear that we need or want the average person to be paying attention to atomically-precise manufacturing just now anyway, so maybe that's just as well.

Open source or free software
by Jim Hall

Some people prefer one term over the other. I'm curious: all these years later, do you still prefer the term open source software or are you more aligned to Free software?

CP: I use both terms, depending on context. When I'm with longtime hackers such as John Gilmore who naturally use the earlier term, I use it too. And of course if one is at a meeting of the Free Software Foundation, it's polite to use their preferred terminology.

However in dealing with non-software people or young people, I believe that the open source term is much clearer and therefore more useful. I tried doing a search on the two terms, and they are both in active use, but I found more "open source software" than "free software" usages. (This is a very crude measure and may be wrong, of course.)

Probably in Spanish-speaking countries, where they have the words gratis and libre to distinguish our two meanings for the English word free, there is less reason to use the new term. Someone could do a PhD dissertation comparing how the new term spread in the English-speaking world vs. the Spanish-speaking world. That would enable us to tease apart how much the newer term spread due to the free/free confusion problem vs. any more intrinsic value it may have, e.g., implying that the source code is open to public view.

Open source and medicine
by AmiMoJo

How can we get more open source medical software? Given that medical devices are so heavily regulated it seems like it will be hard to get, say, an open source pacemaker system that users can hack, or at least audit.

Radio software seems to be in a similar state - cellular modems, wifi chipsets etc. are all heavily regulated and closed source, with signed code required for updates.

CP: As far as I can tell, the Internet of Things world is still using the "security through obscurity" model. Given that, regulators are naturally going to favor closed source code, since that seems to be a way to reduce the likelihood of attacks.

If we want regulators to approve open source software for important devices, we need to show that it's as secure, or preferably more secure, than closed source code.

Although I am not a programmer, I have paid enough attention to this general issue to be intrigued with object capabilities (ocaps) as a path forward toward more secure code, whether closed and open source.

Currently the most serious effort I'm aware of in this area is Agoric.

There are (at least) two problems that ocaps does not solve. Social engineering will continue to be an issue, though my understanding is that ocaps reduces the damage that these can cause. Finally, there is the problem of compromised hardware: deliberate back doors designed into our computer chips; this is a huge problem with only very expensive solutions; see the hardware question below for more on this.

For more on security, see the paper Cyber, Nano, and AGI Risks: Decentralized Approaches to Reducing Risks, by myself, Mark S. Miller, and Allison Duettmann, from the proceedings of UCLA's First International Colloquium on Catastrophic and Existential Risk (2017).

Pollution
by lhowaf

Nano-materials, in general, seem to be becoming a significant source of hard-to-cleanup pollution. Do you see nano-tech heading in the same direction?

CP: The long-term goal of atomically-precise nanotech is the complete control of the structure of matter (to the extent we care about that structure). This would include extremely advanced abilities to clean up the natural environment. The question is what the pathway looks like to get there, and how clean can we make that pathway? This last question is a matter of what we decide to do. If society decides that preventing nanoscale pollution is a priority, then we'll do much better than if we don't try. It's at least possible to consider how to make this happen commercially, through traditional regulatory mechanisms. The more difficult challenge is military use, and use in regions which don't prioritize environmental values. No easy answers here. But the ultimate goal, at least, is a very clean environment, and it should be achievable eventually. It was this prospect that drew me into trying to advance this field in the first place.

How to deal with nanotech hype problem?
by Goldsmith

I am a nanotechnologist. I've done great academic research, worked for the government, managed a few grants, and started a few companies. It's very easy to hype the potential of nanotechnology. On the other hand, it's very hard to get attention put on results from serious commercial efforts. Granting agencies and our community are not good at supporting companies that do what we all tell each other needs to get done (i.e. NanoIntegris). We are great at supporting academic research groups that have a patina of commercial application (i.e. IBM).

As a field we've missed celebrating a number of major commercialization milestones. CNT and graphene electronics are available commercially! Who knew? For five years or so, you could find commercial graphene electronics in cell phone screens in Shenzhen. For the last two years, you could find commercial graphene biosensors at many big pharma companies. For the last year, you could buy CNT based high power RF electronics.

If we were interested in showing the real potential of the field, wouldn't the leaders want to show everyone that it IS working? We have actually met the NNI timeline for commercialization set in the 1990s. The goals we set out with 20 years ago seem to mean nothing to the hype machine we've created.

Simply put, how do we deal with the addiction to hype in nanotechnology, and focus a bit more on substantive accomplishment?

CP: I'm speaking here from a US perspective. This problem is not unique to nanotechnology, or even to technology in general. It's part of a general decline that has at least two sources, the decline in education standards and the decline of serious journalism, resulting in a hype culture with hype consumers who cannot tell the difference among exciting current technologies, valid engineering prospects, and complete nonsense.

It takes substantial science background to understand why nanotech and atomically-precise manufacturing are interesting, and few in our society today have that background. Our K-12 system is largely broken. Many of our colleges and universities now optimize for student entertainment and enjoyment, rather than the hard road of learning science and engineering.

Serious journalism has been decimated -- worse than decimated, including science and technology journalism. Consumers want all their information for free, and in many cases, you get what you pay for in this area as in others. Could micropayments help? Perhaps something built into the browser sending pennies or fraction of pennies to content originators? I am not sure. It seems worth a try. It could at least help with the privacy problem.

As for the education problem: we need to admit the disaster and try some major experiments. For example, some blame the decline of university standards on deceptively easy loans to students who don't realize what they are getting into. Glenn Reynolds has written books worth reading on this general problem of educational decline in the US, and I would look to him for ideas on solutions.

To me, compared to earlier decades, US society overall seems kind of decadent, cynical, in a cultural decline. I hope we can turn this around somehow. People like Slashdot readers give me hope. And there are still many, many people truly working to make the world a better place, including here in Silicon Valley. My view of Silicon Valley has a positive bias because I meet people through Foresight Institute, which helps select for good folks. I invite you all to join our email list (use blue button on this page) and come to our events. Some are research workshops (e.g., application form for Atomic Precision for Longevity workshop) and some are more accessible, such as our salons and Vision Weekend (videos). If you like what you see, consider donating; we are entirely supported by individual donations from great folks like the open source community.

Why Nanotechnology, for Laypeople
by qaute

Integrated circuits, solar panels, and GMOs are some pretty big results in nanotech these days. What are some future benefits we can look forward to that help justify further research to non-techies?

CP: My own focus is on the long term, very advanced applications such as molecular repair of the human body, ending disease and even aging itself. To me this is highly motivating! That's on top of the original goal of restoring the environment that drew me in originally.

Coming up with near- and intermediate-term applications is harder. This is why venture capitalists make lots of money, when they do their job well. Picking winning new applications is so challenging, especially in getting the timing right.

I can say this: amazing new catalysts and filtration technologies are on the way. Sound boring? It is totally not. Huge energy savings, cheap clean water for everyone (this would even help prevent wars), even blood filtration to take out all the stuff that should not be there.

________________________________________________________________________________
Nanotech threat landscape
by bjorng

How concerned should we be about nanotechnology equivalents of the software threats we see today? I would hate to have my circulatory system held hostage for bitcoin.

The Nanotechnology Corollary to Metsploit
by Anonymous Coward

The Internet of Things (IoT) seems to be a ramp-up to Micro-Electromechanical Machines (MEMs), which, in turn, will prime another ramp into atomic-scale nanotechnology. But already, security is atrocious. Worse than Windows XP's exploitation, endless automatic updates and a constant avalanche of zero-day patches.

What will a metasploit framework and CVE database for IoT, MEMs and smaller systems look like? How will biomedical bug bounties, vulnerabilities, exploits and weaponized payloads play themselves out?
________________________________________________________________________________

CP: We should be very concerned and more important, very vigilant. We need to solve today's Internet of Insecure Things as soon as possible, before even more of our world is controlled by software. As mentioned above, I am placing my hope in Agoric and object capabilities in general. There are also suggestions for how to address the insecure chip problem, though they are expensive and have performance costs as well; see the question from AmiMoJo below.

Recent improvements in physical security
by AmiMoJo

Recently big gains have been made in physical security. Many phones are encrypted by default and relatively difficult for unauthorized persons to unlock. Encrypted storage is increasingly common for computers too, although open source support for technologies like OPALv2 seems to be lagging behind closed source systems. In 2017 AMD introduced encrypted RAM.

All of these rely on special hardware to protect encryption keys and perform encryption functions at speeds fast enough to avoid any significant performance loss. It seems like hardware is necessary for very high levels of physical security anyway, e.g. tamper-proof boot ROMs.

How can open source provide this level of security when high end hardware is increasingly difficult for individuals to fabricate? Should we be thinking about how we can fabricate our own security processors and key storage, or is there another way to achieve high levels of physical security?

CP: My understanding from Mark S. Miller is that yes, we need to be thinking about fabricating our own chips, if we want to get around the problem of deliberately-installed backdoors.

In the paper cited above we write, "In the near term one can imagine a technology example that can be secure against those risks: a good open source processor design for which there is a proof of security comparable to the proof of security of the seL4 software. There are many open source processor designs that are sufficiently high performance that, when run on a field-programmable gate array (FPGA), can run fast enough to be practical for many applications. By combining these well-designed processors with a layout algorithm that randomizes layout decisions, the processor could be randomly laid out for each individual hardware instance. Given this randomized layout, there is no feasible corruption of the FPGA hardware that can escape notice under electron microscopes and that would also be able to successfully corrupt most instances of the processor."

UPDATE: After writing the above, I met with Mark and he explained that another approach has been found to the problem of insecure chips. At the recent Zcon0 conference, a method was described using zkSnarks and/or Coda. It's not financially practical yet, and doesn't fix leakage of data, but addresses the integrity issue. This is way outside my area of expertise. Eventually, the Agoric website will have many relevant documents on these topics, but not yet.

50 years ahead
by EngineeringStudent

I heard a myth a few decades ago, that top-secret work in most fields is at least 50 years ahead of the current published state of the art. I can't begin to imagine what that would look like here. What sorts of things do you think are solidly plausible within the next 50 years of work in the field of nano-technology, and how would we detect them "in the field" today, if we were to look for them...?

I know there were published discussions about silicon based listening and transmitting devices, bugs, that were smaller than grains of salt. I also know that there was great published fervor over single-pixel cameras, and, in my personal opinion, I have seen a surprising gap in entangled non-return imaging. I expect "they" have working, single-photon, non-return-imaging cameras on grains of silicon too small for the eye to work with, so perhaps nano drone swarms used for data gathering/surveillance, where each drone is less than 0.1mm across?

When I look at robo-cat, and the alleged robo-squirrels or robo-insects, I think they have such swarms that can be ingested/injected/otherwise-implanted inside animals that don't realize they have become "listening posts". What would you do with a fully-functional jet-engine that was only a few microns across? I remember sub-cellular size bar-codes made by shooting proton based cylindrical holes in silicon, then lithographing layers of gold or other stuff to make the code, then removing the silicon substrate. Could we put markers into people to inform future medical reconstruction such as "non-invasive" 3d printing of organs in-vivo? How would we detect sub-cell-size tagging, or fabrication? I like the idea of nanotech-driven bio-energy harvesting. Why can't we turn trees into solar panels by hacking into their organic photosynthesis?

CP: These areas are above my pay grade, but for inspiration on what could be possible in 50 years I would look at high-quality hard science fiction. Some of those writers pay close attention to physical limits. Yes, the surveillance technology should be amazingly good (or bad, depending on one's point of view). I'm not sure we would need advance markers in the body in order to do great 3D printing of organs in vivo, but I could be wrong on that. Eventually I expect we will come up with physical barriers that only allow understood molecular structures to pass though, to avoid having to detect sub-cell size tagging inside our bodies, when it's harder to find. But that's very long-term and ambitious.

Is physical security a political problem?
by Anonymous Coward

How to defend against molecule-sized machines is a question, but there is a meta-question there: will we be subject to constant false flag attacks and entrapment? Year 2030: Great Leader or Deep State accuses you of carrying a nanotech attack. You and perhaps people of your supporting network get disappeared into high security facilities, solitary confinement and all. Can we disprove the authorities' lies? Will people be able to know... Will there be anyone left to speak for you?

CP: Yes, this is a meta question and not about nanotech per se. If government is so dysfunctional and corrupt that the scenario above can take place, we have already lost. Our goal has to be to prevent that level of corruption from taking hold. Edmund Burke wrote, "The only thing necessary for the triumph of evil is for good men to do nothing." To take a US perspective, there have been various times in our country's history when the smartest and most civic-minded people have turned their attention to political matters, to get them straightened out for their own generation and those to come. Jefferson wrote, "We will be soldiers, so our sons may be farmers, so their sons may be artists." Sadly, it's looking like it's time to turn from being artists to being soldiers -- not physical soldiers, but soldiers in the fight for freedom, openness, and other values the open source community cares about.

An anonymous reader writes about "a little-known problem plaguing many newer vehicles from the likes of Honda, Toyota, and Kia." The car makers used soy-insulated wiring to cut costs and "Go Green", but owners in rural areas are finding the local wildlife finds the wiring irresistible; thousands of dollars in damage has been done by rats and other critters eating wiring harnesses. Hackaday is asking their community to brainstorm solutions to this unique problem, as owners of affected vehicles have had to resort to sprinkling their driveway with coyote urine and putting rat traps on the wheels.
Hackaday reports that "It isn't just one or two cases either, it's enough of a problem that some car manufacturers are getting hit with class-action lawsuits." Back in 2010 Slashdot reported that rabbits had already discovered the joys of eating soy-insulated wires, and were turning the parking lot at the Denver International Airport into their own personal buffet.

There's even a web site called HowToPreventRatsFromEatingCarWires.com, which reports that Honda has already manufactured a special wire-wrapping tape that's infused with the active ingredient from chili peppers.

Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."

"MakerBot just announced a new Open Source initiative called 'MakerBot Labs'," writes Slashdot reader szczys. "It is a small move, centering around some new APIs and a new extruder which is listed as experimental and not covered by their normal warranty. Largely they missed the mark on making a meaningful move toward openness, but with a new CEO at the helm as of January this could be the first change of the rudder in a larger effort to turn the ship around."

Makerbot's history is "an example of how you absolutely should not operate an open source company," argues Hackaday, saying it's left them skeptical of Makerbot's latest move: It reads like a company making a last ditch effort to win back the users they were so sure they didn't need just a few years ago... The wheels of progress turn slowly in any large organization, and perhaps doubly so in one that has gone through so much turmoil in a relatively short amount of time. It could be that it's taken Goshen these last nine months to start crafting a plan to get MakerBot back into the community's good graces.
From MakerBot's press release: "After setting high industry standards for what makes a quality and reliable 3D printing experience, we're introducing this new, more open platform as a direct response to our advanced users calling for greater freedom with materials and software."

Two-factor authentication "protects from an attacker listening in right now," writes Slashdot reader szczys, "but in many case a database breach will negate the protections of two-factor." Hackaday reports: To fake an app-based 2FA query, someone has to know your TOTP password. That's all, and that's relatively easy. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone's TOTP keys.

How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. The secret key was stored in the dongle's flash memory, and the device was shipped with it installed. This was pretty plausibly "something you had" even though it was based on a secret number embedded in silicon. (More like "something you don't know?") The app authenticators are doing something very similar, even though it's all on your computer and the secret is stored somewhere on your hard drive or in your cell phone. The ease of finding this secret pushes it across the plausibility border into "something I know", at least for me. The original submission calls two-factor authentication "an enhancement to password security, but good password practices are far and away still the most important of security protocols." (Meaning complex and frequently-changed passwords.)

When it comes to artificial intelligence, "companies have been overselling the concept and otherwise normal people are taking the bait," writes Hackaday: Not to pick on Amazon, but all of the home assistants like Alexa and Google Now tout themselves as AI. By the most classic definition, that's true. AI techniques include matching natural language to predefined templates. That's really all these devices are doing today. Granted the neural nets that allow for great speech recognition and reproduction are impressive. But they aren't true intelligence nor are they even necessarily direct analogs of a human brain... The danger is that people are now getting spun up that the robot revolution is right around the corner...

[N]othing in the state of the art of AI today is going to wake up and decide to kill the human masters. Despite appearances, the computers are not thinking. You might argue that neural networks could become big enough to emulate a brain. Maybe, but keep in mind that the brain has about 100 billion neurons and almost 10 to the 15th power interconnections. Worse still, there isn't a clear consensus that the neural net made up of the cells in your brain is actually what is responsible for conscious thought. There's some thought that the neurons are just control systems and the real thinking happens in a biological quantum computer... Besides, it seems to me if you build an electronic brain that works like a human brain, it is going to have all the problems a human brain has (years of teaching, distraction, mental illness, and a propensity for error).
Citing the dire predictions of Elon Musk and Bill Gates, the article argues that "We are a relatively small group of people who have a disproportionate influence on what our friends, families, and co-workers think... We need to spread some sense into the conversation."

Reader szczys writes: Intel just killed off its last "maker movement" hardware offering without fanfare by quietly releasing a Product Change Notification PDF. The Arduino 101 is halting production on September 17th. This microcontroller board is built around the Intel Curie module around which Intel bankrolled a television series called America's Greatest Makers. News on the end of life for the Arduino 101 board follows the recent cancellations of their Joule, Galileo, and Edison boards. This is the entirety of Intel's maker offerings and seems to signal their exit from entry-level embedded hardware.

Reader szczys writes: Intel just killed off its last "maker movement" hardware offering without fanfare by quietly releasing a Product Change Notification PDF. The Arduino 101 is halting production on September 17th. This microcontroller board is built around the Intel Curie module around which Intel bankrolled a television series called America's Greatest Makers. News on the end of life for the Arduino 101 board follows the recent cancellations of their Joule, Galileo, and Edison boards. This is the entirety of Intel's maker offerings and seems to signal their exit from entry-level embedded hardware.

Freshly Exhumed quotes Hackaday: The famous HAARP antenna array is to be brought back into service for experiments by the University of Alaska. Built in the 1990s for the US Air Force's High Frequency Active Auroral Research Program, the array is a 40-acre site containing a phased array of 180 high-frequency antennas and their associated high-power transmitters. Its purpose is to conduct research on charged particles in the upper atmosphere, but that hasn't stopped an array of bizarre conspiracy theories.
A university space physics researcher will actually create an artificial aurora starting Sunday (and continuing through Wednesday) to study how yjr atmosphere affects satellite-to-ground communications, and "observers throughout Alaska will have an opportunity to photograph the phenomenon," according to the University. "Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio."

Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster."

And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld: At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...

The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.

The folks at SiFive have offered Brian Benchoff from Hackaday a look at the HiFive 1, the first hands-on with the first Open Hardware microcontroller. From the report: The design files for the HiFive 1 were made with Altium, a proprietary and non-Free software. Basically, the HiFive 1 is the SiFive FE310 microcontroller packaged in an Arduino Uno form factor. The pin spacing is just as stupid as it's always been, and there is support for a few Adafruit shields sitting around in the SDK. There are no analog pins, but there are two more PWM pins compared to the standard Arduino chip. The Arduino Uno and Leonardo have 32 kilobytes of Flash, while the HiFive 1 has sixteen Megabytes of Flash on an external SOIC chip. The HiFive 1 supports 3.3 and 5V I/O, thanks to three voltage level translators. The support for 5V logic is huge in my opinion -- nearly every dev board manufacturer has already written off 5V I/O as a victim of technological progress. The HiFive doesn't, even though the FE310 microcontroller is itself only 3.3V tolerant. It should be noted the addition of the voltage level translators add at least a dollar or two to the BOM, and double that to the final cost of the board. It's a nice touch, but there's room for cost cutting here. Other than that, the only other chip of note on the board is the FTDI FT2232HL, a well-supported but most certainly not Free and Open Source USB to UART chip. This is a two-port chip that provides programming, serial, and debug connections simultaneously. The folks at SiFive realize documentation and SDKs are necessary to turn a chip into a development board. To that end, they have a bare-metal SDK and support for the Arduino IDE. The board itself comes with a bootloader, and when you plug the HiFive 1 into a USB you get the equivalent of the Blink sketch from the Arduino. Yes, you too can have Open Source blinkies. What a magical time to be alive. Right now there are two methods of programming the HiFive 1. The Freedom E SDK, and the Arduino IDE. The Arduino IDE appears to be dependent on the Freedom E SDK, so either way, you'll have to get the SDK running. Right now, the SDK only works under Linux (and OS X, and possibly Cygwin), but support for Windows is coming. For Linux users, the getting started guide is more than sufficient, although it will take quite a while (at least 30 minutes) to build all the tools. Once the Freedom E SDK is installed, support for the Arduino IDE pretty much falls into place. You'll have to futz around with the Boards Manager, but with a few clicks, you get something fantastic. You can blink an LED with Open Source Hardware.

An anonymous reader writes: Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user's Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account). The bug itself seems to be present in all Windows systems since Windows 95 / NT, although only Windows 8 and above are effectively compromised. To see if your machine is affected, you may want to check the public demonstration of the exploit, set up by the guys from [Perfect Privacy] and based on [VladikSS] original work. Basically, the default User Authentification Settings of Edge/Spartan (also Internet Explorer, Outlook) lets the browser connect to local network shares, but erroneously fail to block connections to remote shares. To exploit this, an attacker would simply set up a network share. An embedded image link that points to that network share is then sent to the victim, for example as part of an email or website. As soon as the prepped content is viewed inside a Microsoft product such as Edge/Spartan, Internet Explorer or Outlook, that software will try to connect to that share in order to download the image. Doing so, it will silently send the user's Windows login username in plaintext along with the NTLMv2 hash of the login password to the attacker's network share.

Slashdot reader jenningsthecat writes: From Hackaday comes news that the collected writings of Aaron Swartz, released as a watermarked eBook by publishing company Verso Books, has had its watermarking scheme cracked by The Institute for Biblio-Immunology, who also published a guide for removing the BooXtream watermarks.

The writings of Aaron Swartz, with DRM applied? Oh, the irony. Still, at least the DRM employed doesn't restrict a user from reading the book on any and all capable devices, so it's not a very intrusive form of DRM. But I somehow doubt that Mr. Swartz would take any comfort from that...

sproketboy shares this article about a computer graphic designer who spent two years building a real-world version of the classic videogame Pong, played on a full-sized coffee table using only mechanical parts. The project's team apparently used a hard drive platter for the real-world scroll wheels controlling the paddles, aided by some large Arduinos and other homemade electronics (along with rainbow LED lights to create the pixels for the score).

"We don't have any electronics, product design, or manufacturing background," Daniel Perdomo told one technology site. "All we knew for this was thanks to the Internet (Google, YouTube, forums). Today you can grab all the knowledge you want just a few clicks away!" He's now looking for a hardware incubator to transform his "Atari Pong Project" into a real consumer product. (Interestingly, another group of hobbyists built a similar electromechanical version of Pong back In 2004.)

Reader szczys writes (edited): Peachy Printer made it big on Kickstarter, raising over half a million dollars on the promise to build the first 3D printer and scanner costing $100. The company has now collapsed due to embezzlement (Editor's note: BBC's coverage is better) of those funds. The original investor stole around $350,000 of backer's money and funneled it into a new home. This was discovered about 18 months ago but became public only now as the company is unable to meet their already delayed delivery dates. Peachy Printer has posted a video admitting the screw-up. Sounds familiar?

szczys writes: Our global information networks are connected by many many fibre optic cables sitting on the the ocean floor. The precursor to this technology goes all the way back to 1858 when the first telegraph cable connecting North America and Europe was laid. The story of efforts to lay transatlantic cables is fascinating. First attempts were met with many failures including broken cable in the first few miles of installation, and even frying the first successful connection with 2000 volts within a month of completion. But the technology improved quickly and just a century later we laid the first voice cables that used — get this — vacuum tubes in the signal repeaters. This seems a good time to link to one of my favorite-ever pieces in Wired, about a more modern but similarly impressive cable install, as told by Neal Stephenson.

szczys writes: We are surely in the age of single-board computers as the words "Raspberry Pi" sneak into the ranks of [a] household name. Many would have thought this impossible, but for hardware enthusiasts it has wide-reaching benefits as others clamor to enter the market. The most formidable challenge made so far is by the Hardkernel Odroid C2 which bests the Pi 3 on hardware, but not everything. Odroid C2 has the same cores, running faster with more RAM. It swaps out gigabit Ethernet for the Pi 3's somewhat unimpressive Wi-Fi chip. And it includes onboard eMMC (useful for faster booting) as well as an SD card slot. Odroid C2's hardware is clearly a better offering than Pi 3 for just $5 more (as we saw from the benchmarks last week), but that's not the entire story. It's further down Linux stream for a less mature distro, and has nowhere near the community support that has opened the Pi [up] to just about everyone. But it is the hardware geek's SBC with the layman's price tag and that's a very interesting indicator of where we are with low-cost computing.

szczys writes: The RAM we use today is truly amazing in all respects: performance, reliability, price; all have been optimized to the point you can consider memory a solved problem. Equally fascinating is the meandering path that we've taken over the last half century to get here. Drums, tubes, mercury delay lines, dekatrons, and core memory. They're still as interesting as the day electrons first ran through their circuits. Perhaps most amazing is the cost and complexity, both of which make you wonder how they ever manage to be used in production machines. But here's the clincher: despite being difficult and costly to manufacture, they were all very reliable.

szczys writes: Google is building a 100kW transmitter at Spaceport America. As is becoming the regular source of early info, this comes via an FCC filing in which Google has asked the agency to keep the project secret. The signal strength itself isn't [groundbreaking] until you learn this is a directional antenna. Some of the most powerful FM radio transmitters get to 100kW, but those are omnidirectional. This is a highly focused directional antenna and that makes it sound like a big piece of Google's hushed Broadband Drone program.

szczys writes: The NTSC standard has effectively been replaced by newer digital standards, but most televisions still work with these signals. This can be done through a composite video connection, but more fun is to broadcast video directly to your television's analog tuner. This is what cnlohr has been working on, using a lowly ESP8266 module to generate and transmit the color TV signal. This board is a $3 Wi-Fi module. But the chip itself has a number of other powerful peripheral features, including I2S and DMA. This hardware makes it possible to push the TV broadcast out using hardware, taking up only about 10% of processor time. Even more impressive, cnlohr didn't want to recompile and flash (which is a relatively slow process) during prototyping so he used a web worker to implement browser-based development through the chip's Wi-Fi connection. Speaking of chip-abuse in the interest of hyperlocal signal propagation, reader fulldecent writes to point out a project on GitHub that "allows transmission of radio signals from a computer that is otherwise air gapped. Right now this could be useful for playing a quick tune or for pranks. But there are more nefarious uses as this could also be used to exfiltrate information from secure networks."

szczys writes: Higher performance, lower power. One of the challenges with hitting both of those benchmarks is the need to adhere to established instruction sets like x86. One interesting development is the use of Variable Instruction Sets at the silicon level. The basic concept of translating established instructions to something more efficient for the specific architecture isn't new; this is what yielded the first low-power x86 processors at the beginning of the century. But those relied on the translation at the software level. A company called Soft Machine is paving the way for variable instructions in hardware. Think of it as an emulator for ARM, x86, and other architectures that is running on silicon for fast execution while sipping very little power.

szczys writes: The internal combustion engine is amazing, and it continues to evolve. Carburetors gave way to fuel injection, and a computer now monitors all kinds of sensors to ensure these engines operate at peak efficiency. But there is one thing that has remained largely unchanged: the cam shaft. This is a device responsible for mechanically timing the operation of the cylinders. It's possible to build an engine that uses digitally controlled actuators instead of a camshaft to decide when each cylinder should fire. These exist as prototypes — we have the technology, so why aren't we building with it? The answer is that change is hard, and as with the carburetor it could take an outside force (in that case mandatory efficiency benchmarks) to get automobile manufacturers to wager a bet on new technology.

szczys writes: Cuba is a wonderland of classic cars. These aren't sitting in showroom-like garages of wealthy collectors, they're on the road — about 60,000 of them. Most of these cards are 55-70 years old and it's amazing how people are keeping these automobiles running. After ties between Cuba and the United States were cut off in the 1960's, vehicles were brought in from the Eastern Bloc and the diesel engines from many of these ended up being retrofit into the American cars. But there are still many holdouts who have made their gas-burning vehicles more efficient rather than convert to the alternative fuel.

szczys writes: The Internet of Things is all the hype these days. On one side we have companies clamoring to sell you Internet-Connected-everything to replace all of the stuff you already have that is now considered "dumb." On the other side are security researchers screaming that we're installing remote access with little thought about securing it properly. The truth is a little of both is happening, and that this isn't a new thing. It's been around for years in industry, the new part is that it's much wider spread and much closer to your life. Al Williams walks through some real examples of the unintended consequences of IoT, including his experiences building and deploying devices, and some recent IoT gaffs like the NEST firmware upgrade that had some users waking up to an icy-cold home.

szczys writes: DSL is high-speed Internet that uses the same twisted pair of copper wire that still works with your Grandmother's wall-mounted telephone. How is that possible? The short answer is that the telephone company is cheating. But the long answer delves into the work of Claude Shannon, who figured out how much data could be reliably transferred using a given medium. His work, combined with that of Harry Nyquist and Ralph Hartley (pioneers of channel capacity and the role noise plays in these systems), brings the Internet Age to many homes on an infrastructure that has been in use for more than a hundred years.

szczys writes: The last time you replaced your smart phone, was the entire thing shot or had just one part gone bad? Pretty much every time it's one thing; the screen has cracked, or the WiFi stopped working predictably. But the other parts of the phone were fine. The same is true for laptops, or cars, or one-horse carriages. In fact this is a concept that has been recognized for well over one hundred years. The stuff we buy isn't meant to last forever, otherwise we wouldn't buy more of them. And for that matter, nothing lasts forever despite design. But what if everything was optimized to fail all at once? Instead of a single point of weakness, all parts wore equally and failed in the same time frame. Finding a balance between the One Hoss Shay model, and encouraging the return of user-serviceable parts would go a long way toward making sure that replacement is a choice and not a necessity. (And here's a nicely illustrated version of One Hoss Shay.)

szczys writes: VGA is going away. It has been for a long time but the final nails in the coffin are being driven home this year. It was the first standard for video, and is by far the longest-lived port on the PC. The extra pins made computers monitor-aware; allowing data about the screen type and resolution to be queried whenever a display was connected. But the connector is big and looks antiquated. There's no place for it in today's thin, design minded devices. It is also a mechanism for analog signaling in our world that has embraced high-speed digital for ever increasing pixels and integration of more data passing through one connection. Most motherboards no longer have the connector, and Intel's new Skylake processors have removed native VGA functionality. Even online retailers have stopped including it as a filter option when choosing hardware.

szczys writes: Reputations are earned. When a small group of hackers who were part of Anonymous learned they were being targeted for doxing (having their identities exposed) they went after the would-be doxxer's company, hard, taking down two of the company websites, the CEO's Facebook, Twitter, Yahoo, and even his World of Warcraft accounts. The process was fast, professional, and like nothing ever seen before. This was the foundation of Lulz Security and the birth of a reputation that makes LulzSec an important part of black hat history. Good companion piece and update to some of our earlier posts about the hack; that would-be doxxer was Aaron Barr.

szczys writes: Making change for $1.00 and getting $1.10 back. That's the premise of overunity, free energy, and perpetual motion experiments. Using money as the the analogy is fitting because these concepts are heavily aligned with scams trying to land a payday for their "research". But there is another branch of people working on them: tinkerers who believe they can actually solve the problem. Laws of thermodynamics say otherwise, but this isn't necessarily wasted time. Other breakthroughs are waiting to be discovered as these mad scientists try to remove all efficiency losses from their doomed systems. YouTube can be an interesting place to look for ideas on low-friction, high efficiency fabrication.

szczys writes: You've used many devices that have Intel's Management Engine built into them, even if you haven't heard of it before. This is the lowest level of security, built directly into the chips. But obscurity is part of its security and part of its weakness. Nobody knows exactly how ME works, yet it includes a wide range of features that would be frightening if exploited. The ME is always listening, able to receive packets even when the device is asleep. And it has the lowest level of access to every part of the computer system.

szczys writes: Rick Wesson has been working on a solution to identify the same piece of malware that has been altered through polymorphism (a common method of escaping detection). While the bits are scrambled from one example to the next, he has found that using a space filling curve makes it easy to cluster together polymorphically similar malware samples. Forming the fingerprint using these curves is computationally expensive. This is an Internet-scale problem which means he currently needs to inspect 300,000 new samples a day. Switching to a GPU to do the calculation proved four orders of magnitude efficiency over CPUs to reach about 200,000 samples a day. Rick has begun testing FPGA processing, aiming at a goal of processing 10 million samples in four hours using a machine drawing 4000 Watts.

szczys writes: You have the choice of buying a wrench made in the USA and one made in China. Which one should you buy? The question is not a straightforward one. Tools are judged by their ability to do the job repeatedly and without fail. To achieve this, only the best of design and manufacturing will do. But this is a high bar when you factor in price competition which often leads to outsourcing production. Gerrit Coetzee looks at this issue, comparing two instances of the same model of Crescent brand adjustable wrench; one a legacy manufactured in the USA, another outsourced for manufacture in China.

szczys writes: To say Richard Stallman had a profound effect on free software is not a bold enough statement. The power of the GPL, and his advocacy for software freedom have changed the world. But there is one frontier that has yet to hear this gospel. These days, no hardware is an island. Almost every type of electronics we use is running some type of code, and in almost every case some of that code is secret in more ways than one. From beefy processors to graphics controllers, boot ROMs and binary blobs run in the silicon we base our systems upon. The code is not published and in the rare case that you are able to view the source it is only under strict NDA. This represents one of the biggest barriers to true open hardware.

szczys writes: Deep in a gold mine in South Dakota, the Large Underground Xenon experiment waits in the darkness for a tiny flash of light that signals that dark matter actually exists. So far we theorize that it does exist, and have gone to great lengths to build hardware to detect dark matter. Very cold, very pure liquid xenon sits waiting for a dark matter particle to strike the nucleus of a xenon molecule, producing a distinct pattern of photons through scintillation. An array of photomultiplier tubes detect the photons, whose pattern is processed by FPGAs on custom boards connected using HDMI. The experiment has generated a list of properties not possessed by dark matter; running for several years no evidence of the particles interacting with the xenon have been found. But when the data collection concludes this year, a much larger version of the impressive hardware will be built.

szczys writes: "Hackers" — people who non-maliciously test the limits of technology — have a very different societal standing depending on the country they live in. To illustrate the concept, consider the history of hackers in the United States versus those in Germany. Both communities have their genesis with the telecom systems of the 1980's, when hackers were called Phone Phreakers and traded secrets on telephone system exploits. These groups were the earliest to test the security and vulnerability of the burgeoning Internet, but their paths diverged. Hackers in Germany formed political parties while in the US they were targeted by law enforcement. The result is two very different communities filled with highly skilled individuals, but one must fly under the radar while the other enjoys much wider open acceptance.

szczys writes: The FAA can regulate the skies, but they don't own the airspace inside of buildings. There are many ways to get your flying fix indoors. Perhaps the most obvious is flying tiny quadcopters (about 1 inch on each side) in your living room. But for years, hobby groups have formed relationships with schools and churches to have meetups in their gymnasiums. It's not limited to propeller-aircraft; ultralight rubberband power fixed-wing is a popular indoor option. And FPV enthusiasts can get competitive by setting up race courses in parking garages.

szczys writes: It's that time of year again, the Consumer Electronics Show leaks out of every media crevice. Although we've passed peak 3D Printing hype for the general public, the 3D Printer offerings being shown are notable in one way or another. Makerbot continues to flounder with questionable extruders, Lulzbot continues to excel with dual extrusion and by supporting a wide range of print materials, 3D Systems has an uber-expensive direct metal printer, but the entry level printer price floor keeps falling.

szczys writes: You take tape for granted, but it's truly an engineering wonder. For instance, Scotch Magic tape exhibits triboluminescence; it will generate a bit of bluish light when coming off the roll in a darkened room. It emits X-Rays if unrolled in a vacuum. But this common tape is just the tip of the iceberg. Nava Whiteford looks at lab uses of many different types of tape. Kapton tape is thermally stable and non-conductive. Carbon tape is conductive but resistive. That moves into the non-resistive and more niche tape types. There's a tape for every function. This instant and non-messy way to connect two things together has a lot of science behind it, as well as ahead of it in experimentation, manufacturing, and of course household use.

szczys writes: Arduino has driven a tidal wave of embedded development over the last decade. But last year a rift formed in the shape of two companies — Arduino LLC and Arduino SRL — who are suing each other over trademark. While that is ongoing, each company is trying to outdo the other in terms of new hardware. Arduino SRL is now focusing on producing connected boards and will soon have several new offerings available. The Uno WiFi is a traditional Arduino with an ESP8266 WiFi chip on board. The Tian has a MIPS processor with 2.4 & 5 GHz WiFi making it a Linux single board computer with support for low level pin driving. And the Lei is somewhere in between the other two and only for the Chinese market (it would need FCC certification to be sold in the US). From the user side the trademark dispute looks like a waste of energy, but if it drives the companies to produce more boards and fight for followers on price and quality that may be the silver lining.

szczys writes: We have reached a turning point in personal CNC Tools like mills and laser cutters. Up until now, your options were to drop some serious cash (businesses) or spend time to build them yourself (individuals) at moderate expense. But over the last year the number of companies making CNC tools and the software available for them has matured. Anyone looking for an entry level machine in the coming year will find that purchasing equipment has a better time/price value than building yourself. The best part is, these entry level tools have the precision you need if you still want to build your own high-end or extreme-spec machines.

szczys writes: One thing the human brain still does a lot better than computers is to recognize patterns within noise. That's why CAPTCHA uses distorted images to prove you're human, and random number generators are often inspected by visual representation. There is a technology that leverages this human knack for signal processing to make us part of the machine. The Hellschreiber is a communications device which has no idea whatsoever what the message actually is. It transfers a signal from one unit to the next, before being assembled into an image. A human looking at the image will see words, much like CAPTCHA. But even if the signal isn't perfect, our brains can often pick out the order within the madness, much like inspecting a PRNG for uniform distribution.

szczys writes: There is little to complain about when it comes to the new FAA rules regarding drones (unless perhaps you live in DC). The regulations are basically an End User Licensing Agreement and focus on educating responsible operators. Eight simple rules cover how to avoid doing dangerous things with Unmanned Aerial Systems. The FAA has even left alone the small toy drones, and the certification system for those above 55 lbs remains. The one aspect that is concerning is that of privacy; the drone database will be publicly searchable and contains names and addresses of drone owners. If the DMV keeps license plate data protected, the FAA should do the same.

szczys writes: It is surprising to learn how broken the JavaScript Random Number Generator has been for the past six years. The problem is compounded by the fact that Node.js uses the same broken Math.random() module. Learning about why this is broken is interesting, but perhaps even more interesting is how the bad code got there in the first place. It seems that a forum thread from way back in 1999 shared two versions of the code. If you read to the end of the thread you got the working version, if you didn't make it that far (perhaps the case with JavaScript devs) you got the bad version of the code whose fix is just now being rolled out.

szczys writes: The CRC Handbook is one great example of how access to information has changed over the years. Now, you open up Google and find your answers. In decades past, hard data needed to solve engineering problems was embodied in volumes of text known as Databooks. One of the best known was the Chemical Rubber Company Handbook. Don't let the name fool you, the CRC Handbook contained traits, properties, equations, and much more on all kinds of materials and techniques for using them. It's still around today and has one big advantage over our searchable digital lives: you know you can trust the accuracy of the information in those books at face value while online information requires validation.

szczys writes: New FAA rules about drone registration and operation are now in effect. So far the talk has centered around registering your aircraft, and about the weight restriction. But all of this may be moot since the US Congress made a law in 2012 prohibiting these types of rules: "The Administrator of the Federal Aviation Administration may not promulgate any rule or regulation regarding a model aircraft, or an aircraft being developed as a model aircraft." Even if the rules hold up under this law, it is not all doom and gloom for drones. The FAA rules could have been much more stringent, and in general they do make sense. Brian Benchoff walks through the regulation, comparing the new rules to the FAA's existing pilot rules, and juxtaposing the threat drones make to full-size aircraft in flight with those risks associated with bird strikes.