Slashdot Mirror
Expanding Vulnerability of the Net
Rei asks: "The recent article by Jane's left me contemplative. The recent commercial trend seems to be to put everything online - from cellular phones to refrigerators to toasters. These devices have their software typically non-upgradable. An increased number of systems in a particular location, with increasingly diverse operating systems, with real-world effects, places an increased danger from crackers in the future. Imagine the effects of a script kiddie finding a way to extinguish a pilot light in a heater, or to cause a fire in a device like a toaster or coffee maker. And do sysadmins really have the time to do a firmware upgrade in all the air conditioners or elevators in a building, let alone virtually every mechanical device which industry sees fit to give an IP? Before the greatest physical damage that could be done was to flash a BIOS so the machine wouldn't boot. But now we have oncoming the capacity for much, much more. How will the world deal with it?" This has worried me for a while. More often than not, the drive to commercialize a new tecnology always comes before we've accurately predicted how it will effect us. So how will millions of potential network security holes affect us in future when everything is networked?
I think no technology that has so many dangers will be adopted in the form it is. People will wait till it matures or is safe. I really dont think I am about to wire up my tubelight to the internet till I am sure that it is safe from someone using my home network to toast my house.
O this learning! What a thing it is - William Shakespeare
Mhhhhhhh........
Reminds me of that prophesies of armageddon show some cable station keeps showing every quarter where the machines go berzerk and attack everyone. Yeah, embed all this IT in everything. Have waffle irons jump up in your face. Okay, far fetched but along the same lines. I'm not happy about everything being on line. I mean, do I want a database that knows how I like my toast? Is that necessary?
If what I said is nonsense,
I'm making a point with it.
If what I said makes perfect sense,
you obviously missed the point.
We will meet this the same way we protect our Windows Boxen from the mass of lame exploits: Firewalls.
...
Firewalls allow us the option to only maintain a single choke point, instead of having harden everything with an IP in a network.
Now the question is how the average home user will setup a firewall
-- trolld
When every toaster has an IP address, every home with a toaster will have a masquerading firewall machine to protect the toaster. The script kiddies will do some damage, sure; their main targets will be folks like the CEO of MegaNetToasterInc which will tend to ensure solutions.
Which isn't to say that your concerns aren't valid, I think the MicroSloth Fridge v3.1 will make the one from Ghostbusters look tame after it's been cracked by everybody from BOFHen to kiddies for the fun of it.
My concern is privacy. What happens to your health insurance when your HMO knows you live on buttered poptarts and Coors?
Most chips nowadays are in-system programmable, meaning someone just has to hook something up to them and upload the new program, software, whatever. If the machines are all wired together (most likely not wired, but wirelessly connected) then theoretically it should be easy to upload new information to them. Just like updating drivers on your sound card.
9 93.html
:).
There's been discussion of this movement before, some people have dubbed it "Ubiquitous Computing." I know that Xerox's PARC facility is doing something with this, and we just had a building here at Caltech dedicated to the idea of Ubiquitous computing. http://www.caltech.edu/~media/Press_Releases/PR11
It's going to be cool. They're talking about putting a large transceiver on top of our largest building, giving palmtops to every student, and having wireless internet access to anyone with a direct line of site to the transceiver. We do this, then move on to toasters
Everyone seems to assume that indeed everything will indeed have an IP address. The issue at hand is that it really isn't all the easy nor necesary to get everything online... Why? Just think about it, for something to be online (and thus possibly exploitable by script kiddies) the device, be it a toaster, pilot light, etc. etc. wil have to be connected somehow or other. Wireless, ethernet, modem, but somehow connected. Somehow I don't see it likely that toaster ovens nor heaters will ever ship w/ modem or whatnot allowing the to "come online".
Sure cellular phones might have access to the internet, but the non-permanent state of them being online and the limited damage that one could do to a cell phone represent an almost built in security for those (disregarding the saftey and privacy issues).
It seems to me that perhaps the biggest problem in internet and LAN security will be the emergence of Cable and DSL as ways to connect to the internet. Now we have many people permanently connected to the internet. Script kiddies or any malicous hacker could probably find a way to monitor ones traffic especially w/ static ip's becoming more and more common, especially after the introduction of the new IP address scheme. So now you have the average user, mom, dad or sister or whatever connected permanently to a network with not always friendly people on it. And if Liunx is to become mainstream, it will present an ever greater problem. While windows may not be the ideal operating system, just because of it's lack of remote administration tools makes it a hell of a lot safer than an average redhat install. And let's face it, if Linux becomes the OS of choice, you will have many people installing Red Hat or whatnot without knowing what half of the daemons are that will be running. So Joe Blow will be permanently connected to the net, perhaps running telnetd ftpd sendmail and god knows what else. And the idea of keeping those services and packages up to date is probably beyond most average people's comprehension. So this seems to be a much larger problem than worrying about weather or not some damn 14 year old is gonna burn my toast.
Cheers,
Steve
S.t.e.v.e.
>So how will millions of potential network security holes affect us in future when everything is networked?
Simple - people won't use it. If my fridge can get hacked, I won't buy it. The average consumer may be a moron, but s/he is also pretty demanding. Furnaces that can be hacked simply won't sell unless a model is worked out so that they _aren't_ hacked.
LL
"If you are falling, dive." -Joseph Campbell
The simple fact is this whole embedded appliance thing is a toy idea. Briefly interesting, of limited usefulness, and ultimately will be discarded as embedded devices start crashing left and right, or screwing up in a variety of entertaining and lethal ways.
The only people making money in net-enabled appliances will be, IMO, the early entries marketing to those rampaging toy-driven geeks who'll pay top buck... although IANAEAM (I Am Not An Embedded Appliance Marketer).
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
i wonder what the legal implications are of having your house burn down. would this kinda thing be covered by peoples insurance? if not, i wonder how receptive an insurance company would be to offering policies covering such things. heh. It'd suck if people start wiping the bios of my appliances... with 500 dollar deductables insurance would be useless to replace such things... that would be really annoying. you'd have to make self defending toasters that try to attack in retribution or something. hehe :) the next generation of security appliances :)
Toasters are not typically even on timers right now...but currently we use timers on stoves. I'd be surprised to see toasters with IP's, since automatic startup/shutdown is useless. But ovens/stoves would be common.
So extend it further. You can hook your electric oven/stove up to your home computer network and control it turning on and off. This is course is so that roast you stuck in it will cook for 4 hours while you are not paying attention. You control everything from your handy PC that you got prepackaged from a store.
So it's Windows NT (the computer) and the stove is on embedded linux. Someone has broken into your computer (due to bad security ACL's and user stupidity--let's say a trojan is installed). (Insert another operating system in place if you like, and change trojan to "race condition" for example).
Now the stove might have all sorts of safeguards. But let's say that your computer is connected to the internet (cable modem) and a second network card connects to your home network. Now that the attacker is into your network, he can send stuff to your stove. But the built-in safeguards prevent problems (i.e. high temperature override shutdown, etc).
Now after he's had access for a few weeks, let's say a linux problem is found. Some psychopath goes over his list of compromised home networks, and looks for everyone with a Stove running some particular variant of linux (or whatever). Now he goes and sets them all on permanent self-clean mode. If you are not home, and don't notice it, your house eventually catches on fire.
Of course this is exaggerated. Any properly designed appliance will have thermal fuses and stuff not subject to computer control. Just don't get complacent and assume that computer controlled sensors and controls can replace these.
Well, with electronic devices becoming more and more disposable (see This one two articles down), who cares about the software they run.
I can see it now:
- Toaster burn down the kitchen?
- Refrigerator froze your cat?
- Coffee machine spitting fire again?
Well, throw that old misbehaving device into that landfill over there and pick up New Device v2.0! Now with %20 less catastrophies!Seriously, the lifespan of all of these little do-hickeys is becoming shorter and shorter - causing more and more of them to end up in a big trash heap. Somehow, this doesn't seem very intelligent - yet, there's this little voice whispering in my ear Don't worry, we'll just dig a bigger hole. I think it's the Taco Bell dog...
Culture is more than commerce
At work, our whole heating an cooling system (probably about 100 themostats) are on a network. Facilities can easily monitor an control many aspects of the building envirnment through a console very similar to Cisco's CiscoWorks, which we use on our network.
I think it is great to see things like that start to catch up with where networking technology is today. It would be great to be able to have my TV download new OS software with new features, and have a microwave where the "autosensor" is able to be upgraded as they improve the technology...as long as security is controlled. Just think about what you could do with a web browser interface to some of your appliances. Not having to be limited to a small control panel on the front could greatly increase what they are able to do for you!
-PD
Consider that most home networks set up by novices are trivially breakable, and now multiply the number of devices by 10-100 with them all on the net. Admittedly, many of these devices should be simple and we can hope that to some extent that they are failsafe, i.e. overheat shutoff on toasters, safety ranges (40 F to 90 F) on furnaces, etc, but this still doesn't solve the problem.
It's not even enough that these devices be safe from changing of settings, though. Even the reading settings must be strictly controlled. For instance, your furnace programming might make a perfect day schedule for a burglar looking for a score. Hell, even the time you have your toast every day might be used by marketing bozos.
So, we need strict access control and authentication, but make it easy. Smart cards or similar tokens are probably part of the answer, but there is still a long way to go before this is viable.
What I'm afraid of is that the industry will pull another SNMP nightmare. SNMP was in a huge demand and so it was rushed out the standards door with no real security. After that, it took two tries to get it even close to right and that assumes the v3.0 is actually good. And get this, SNMP let's you configure and view information on your network infrastructure! The very first thing of interest to an attacker!
If everything in the house wired is going to be a good thing, we need a nice standard for a cryptographic token and its use over an open network. It has to provide for lightweight servers (appliances) and be easy enough that Joe normal can use it. Finally, we need some sort of standard about how these devices come configured: for instance, a default safe mode where the user actually has to work to shoot himself in the foot.
Nuff ranting for now,
Tom
The possible vulnerabilities could be far more subtle than 'making the fridge catch fire'. When all the appliances in one's home are networked and controllable, there could arise opportunity for two or more devices to collaborate and cause disaster (by which I mean both devices are controlled by some malicious outsider).
A contrived scenario: You're in the bathroom. The fire control sprinklers suddenly start, as do all your electrical appliances, electrocuting you to death...
I don't intend the above as a particularly realistic scene, but I hope you see my point. If applicances are open to attack, an attacker can cause you trouble. But, for each extra device which might also be used, the number of options an attacker has increases tremendously.
Fat Man and Little Boy
as foretold by Mary Shelly
and quite a few before that
Science has little room for ethics until
after the fact.
Does this strike anyone else as alarmingly similar to the origin of dataspheres? Remember, they were depicted as a consensual reality based on the fact that just about everything on the planet was connected to at least one other thing. And look what the 'spheres bred: The Technocore, a collection of AIs (true AIs) which embodied the principle of parastitism to the extreme. *shrugs* probably off-topic. BoneShintai
Interesting problem though, although privacy would be my biggest concern, especially if you've got netcam's for home security, HDTV pay-per-view decoders, some banking functionaility where your home "house-computer" interfaces with the Bank's computer to reconcile bills and other items (a next generation quickbooks), your eating patterns via the "frig" talking to Safeway's Mainframe regarding the restocking of Vanilla Chocolate Chip Ice Cream and Tombstone Pizzas (tm) cuz your currently low, etc. etc... This could be a pretty tricky firewall configuration task. :)
One interesting problem might be if a person breaks into your "house-computer" and learns your habits over a series of weeks. S/He knows when you get up in the morning (the time the lights go on, the time the water heater comes on due to you taking a shower/bath, and the time the coffee machine starts brewing). S/he knows when you leave via the garage door opener, and the lights turning off. S/he will know when you get back from work using the signs mentioned above.
Virtually everything about you could be gleaned from the comfort of a chair anywhere in the world when someone "roots" your "house-computer".
Now that's scary (assuming a very paranoid view of the future)... Also, I would think there would be some type of AI "Centurion" (sic?) Network Daemon protecting your home network from trouble makers, by reconfiguring the firewall on-the-fly.
Surely 'net connectivity will remain an advanced feature for the typical home appliance for some time. Most people will be protected by being too (clueless||apathetic) to connect their toaster to the Internet in the first place. By the time people figure out this 'feature', I'd like to believe it will no longer be an issue. Anyone elses parents have a VCR flashing 12:00?
Some people have a way with words, and some people, um, thingy.
Flashy future-fade sequence
A husband and wife are sitting at their dinner table, eating a nice computer-cooked meal when this conversation pops up on their monitors...
Husband: "Honey, did you remote admin that lamp over there?"
Wife: "No, dear, I didn't... why?"
Husband: "Well, it looks like someone changed the lampshade... Oh no!"
Wife: "What is it? Did the computer undercook the food? .."
Husband: "No! Some stupid scriptkiddie defaced our lampshade! Now it's an ugly orange... but our carpets are blue! Argh. Curse those lamers. Computer?"
Main Computer: "Yes?"
Wife: "Nevermind him. He just doesn't have a sense of style."
Husband: "Style? What's STYLE got to do with it? Computer, change the lampshade back the way it was before."
Wife: "But, dear, you never back up ANYTHING. Remember, the Hou$eOS is just the default install? Things like backing-up aren't part of the package."
Husband: "Argh. Curse those H$ people. Curse them for owning a monopoly on all the houses of America."
End preview of future
Ok, it's a little skewed, but you get the idea.. I think it's a scary idea -- putting EVERYTHING on the net.. and quite possibly deadly one...
But to avoid things like this -- simply DON'T put your stuff on the net. :P If you don't want a scriptkiddie to deface your lamp, don't put it on the lamp. Don't let the companies FORCE you to put it on the net, either.
If, for some reason, you need to put your lamp on the net, make sure you do a CUSTOM installation.. don't let the factory just install the defaults. :P
Fight the man. Don't let H$ 0wn your h0use..
pr3s3nt d4y... pr3s3nt t1m3.... hahahahahahahahahaa
present day... present time... hahahaha...
Those network hard drives are great. No PC required. Just plug it into your ethernet and it's nfs shared or samba shared. And when the Software Police raid your house and confiscate your PC, all the incriminating data is stafely stored on the network drive which is hidden inside the wall behind the plaster. Since the network cable runs through the walls anyway, why not to have an HD in there, nice and safe when your hardware is siezed. Better yer... air-LAN to the network drive hidden in your neighbor's attic (without his knowledge). Muhahahahah!
Not an issue -- Come Jan 1, 2000, the WIPO (digital millenium act) will be in effect, making it a $1000 fine in the United States to discuss security holes.
Instead of getting an IP for each appliance in your household, why not just set up an X-10 system? I have one set up in my Manhattan apt run by a 10 year-old Mac SE/30 using Thinking Home Software. It monitors motion detectors, light detectors, outdoor weather station and runs lamps, an air conditioner, air filters and a coffee maker. I can communicate with it securely over the Internet (try to do that with a 10 year-old 286 PC running a GUI) and either turn on/turn off lights, etc. or be informed if someone has walked in -- complete with a Connectix QuickCam picture.
As for ease, I think an X-10 system is much better than trying to rig every freaking household appliance with an IP. This also sounds like another excuse for big corps to sell us more stuff we don't need anyways. X-10 allows you to existing electrical appliances.
Instead of just accepting new technologies as good, the Amish evalutae a technology's effect on their society before accepting it. I saw on TV once where an Amish community had accepted cell phones. Seems like more often, we evaluate a technology in terms of entertainment value without much regard for its effect on society or the environment. Here in Colorado, there's a fuss about restricting mechanical access to the nat'l forrests because they'ree getting torn up. The snowmobilers are getting upset and then it gets turned into a tourism revenue thing. Are we just selfish? see http://www.loyola.edu/dept/philosophy/techne/sharp .html
I think there's an even bigger danger from elsewhere. Imagine how much they'll be able to figure out from your harddrives when you store what you want for breakfast, and to wear, and everything else in addition to all the media you take in. Unless the tide of commercialism changes, it isn't going to be pretty. Imagine the amount of advertising that we'll have to filter out! It's not going to be a good thing, especially if the government takes over MS and becomes the first superpower with an OS...
Here is the correct address:Thinking Home
Sorry about that...
what you seem to be forgetting (or perhaps everybody is) is the need for a networked infrastructure for all these online devices. simply having a network accessible device is good and all as a toy, but it doesn't do it any good unless it can talk to your other networked devices for planning and coordination needs.
:)
presumeably this infrastructure (whether it be jini-like, or hive-like) has to have the ability to manage all the devices on the local network. and once you have a way to adminstrate all the devices, think of an AutoRPM system or something similar to what RedHat now has for registered users -- let your infrastructure automatically update your applicances.
of course, this all assumes you buy upgradeable devices, whether it be in software or with FPGAs or something. i don't understand why anybody would by non-upgradeable devices if they had the choice anyway. in the worst case, if there is a bug in your "coffee machine", let your infrastructure take it off the network until a fix has become available.
networking everything is the way that we are moving. networking coffee machines, or microwaves is an interesting concept as toys, but the more interesting things happen when you network your whole house and have it have all these independant devices work together to form some emergent behavior (oh yeah - this had better not have a bug in it -- think of a house that is out of control and out to get you
sorry about rambling..........
Most sys admins are vigilant in checking systems for signs of cracking attempts. However whenever you find evidence of an attack in your logfiles, isn't it frustrating that the people responsible are almost never caught or even identified?
What is the best form of deterrence against these attacks?
Since we cannot eradicate insecure systems globally, we could at least make the process of identifying these people more certain and reliable. One idea would be to have a central website where registered sys admins could report the IP addresses of attackers, at least in cases where this information is available from the logfiles. If enough people were to do this, it would be possible to trace through the chain of compromised hosts used by the attacker(s) to hide their origins right back to the source host(s) -- the original hosts used by the attackers.
There are several potential problems with this approach, not least finding websites willing to host the attack tracing service. Firstly, not all computing environments would favour the idea of admitting publicly that a system had been compromised. In such cases, the only publishable information might be the attackers' IP addresses and approximated dates of attacks. This would still be useful. Secondly, the logfiles might have been deleted by the attacker(s), although in practice it seems this rarely happens and would be impossible in cases where backup records are kept securely and non-electronically e.g. on paper.
Does anyone have any examples of successfully using a tracing approach to find attackers?
There was a post on Slashdot a while back listing IP addresses from an attack but there doesn't seem to be widespread use of IP address publication as a tool for deterring and identifying attackers. Should the big security sites like CERT expand their operations to provide a public tracing service?
Signed, 5fa1079617ec5584e8980fea39529b33
If you break into a system and cause damage: lethal injection.
That would make you think twice before doing something stupid if you ask me.
And, like most easy fixes, this one's utterly brain-damaged. I really hope you meant this as a joke, in which case I'm proud to have been trolled by you.
--
"HORSE."
"HORSE."
-Flaming Carrot
Seriously, who's going to have their toaster or whatever on their network? Sure, embed a chip in there with a thermostat that cuts off power to the coils if it gets too hot....a timer that turns 'em on in the morning, but networking it? Kinda reminds me of the guy in with sensors on his toilet to count the flushes. (The "net house")
/var/log/toaster_log
.004kW/hr, translate: $.003
Don't get me wrong. I wired my house when I built it with 10B-T, More coax than I need and a sweet X-10 capable security system, but the utility of stuff like this escapes me.
Some things, like your TV, VCR, your security system, etc. etc. would probably benefit from having a TCP/IP stack and an OS built into them. I'm surprised most don't already...Same with auto computers, why not have a 10B-T port with a teency OS with a teency web server to report fault-codes, and other fun statistics....
If anything would be useful, it'd probably be some short of short-range wireless network that reports back to a central hub somewhere in your house to report power usage, if it's nearing failure, stuff like that.
Imagine your log files (made up the numbers...smirk)
$cat
Nov 10 06:30:00 toaster01 (startup): Starting with preset 02, cycle #0032
Nov 10 06:32:47 toaster01 (popup): Toast cycle #0032 ended at 130F after 167 sec.
Nov 10 06:32:49 toaster01 (status): Total power usage
Nov 10 06:32:51 toaster01 (status): WARNING, coil subsystem nearing end of life cycle, repair recommended (8 cycles remaining.)
Blech. Signatures.
Whilst recently it has been the "in thing" to connect stranger and stranger devices to the Internet, I personally believe that the majority of these types of systems will be networked privately. (sortof like having ATMs connecting to banks in their own private network and not connecting them over the Internet)
Having Coke machines connected with webcams and such to the net may be a novel idea, but lacks a certain practicality that may be found in, say, having them connected in a private network to a local HQ for monitoring if the machine is damaged, supplies are low, or if it isn't even turned on, etc! A nice closed network make this a little more feasible by cutting out the script-kiddie crowd who'ld otherwise be portscanning the vending machines...
As for refrigerators, home security and air-conditioning etc., connecting them into your home network might make it nice to program everything...
Donny
I am one of those sorts that believes in putting everything on the network. Everything should have an IP. I plan to have the door to my room authenticate off of my linux server soon. As for security... just use camera flash memory for operating software... Its flashable and can be easily mounted by most operating systems.
If someone broke into Bill's house electronically, they might be able to do these nifty things:
Shouldn't be too hard to do. He's probably running NT as a server, and NT isn't exactly secure....
(Postscript: I had to type this in twice. The first time, Netscape and my Windows PC crashed so hard, I had to press Reset. Coincidence? Or did the words "Bill Gates" trigger a crash-and-burn subroutine in Windows?)
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
World's Smallest Webserver
article that appeared here on slashdot a while back, about using a PIC16C84 or some similar 8 bit el-cheapo (around $2) microcontroller with a little bit of e2prom to run as a web server. Some crazy motherfucker put a simple flash filesystem, httpd, tcp/ip stack, and SLIP protocol into less than 4k words of code space (Yikes! That beats the hell out of 4k basic...) for use in wired household devices. It wouldn't cost more than $5-$10 in a production situation (most of that would be some sort of a serial connecter) to put a toaster on a network. I am not sure i could see a use for a toaster, but some other things (if i could have a machine make my morning tea about half an hour before i get up so it's cooled enough to drink, that'd be nice...) The thing i see as most potentially useful for this technology is home security sort of things, if you were to have a low-res web-cam sort of thing, but have a lot of them posted around your place, along with motion sensors, etc... and timer lights... Have all this accessable only to a non conencted network, and then have a terminal to get at it by your bed, and one in your workshop... WHen the terminal bell starts going ape, you look and see what's up, and a nice web front end from the master program could provide links to individual devices and sensors to give you more detailed info... It'd be pretty neat =:-)
Props to the guys who put the server on a PIC chip. I've programmed for PIC chips (i was part of a project working on a 7 extension (16 mailbox) KSU/VoiceMail system on one, and i know how tedious it is and how evil the optimization is...
cheers...
---
Play Six Pack Man. I
I think that while script kiddies/hackers might present some danger, you'll probably still have 99% of houses burned down down because the human owner does something incredibly stupid, like leaving the Sun Microsystems java based(pun intended) coffee maker plugged in while he goes on vacation. Computers are just incapable of matching the powerful stupidity of the naked ape.
Do not attribute to malice that which can be attributed to stupidity
The networked appliances, as they currently exist, are not terribly useful. After all, they only save a little bit of time. Mostly they're just scheduling.
If I could say, "House, make me a salami on rye, with lettuce, tomato, and mayonaise. No wait, no mayo, just mustard." If I could say that, and it would happen, that would be useful. Who cares if I can tell my coffee maker to make coffee when it gets a message from my car that I'm almost home? That's not useful. If the house would also get the ingredients and put them in the coffee maker, then it becomes more useful.
I know that a lot of the Unix philosophy is "small tools that can be linked together to perform larger tasks". That's still possible, but it needs to integrate. Each device provides one function, and the central house logic hooks them all together to perform the given task.
Of course, this requires the house logic to understand the task, even if only in a very limited way. Most of this is very simple, though, at least for the majority of tasks. It 'knows' (from it's database of knowlege) that "Make me a salami on rye" is a request for a sandwhich, from the pattern. on . When it hears a word or pattern it doesn't understand, it asks for a definition. "What type of object is 'rye'?" "Rye is a type of bread, specifically rye bread."
In this way it could build up its database as needed. A large knowlege database would come preprogrammed in, and the rest would be learned.
This would require, as described, voice recognition. It could be done with the current handwriting recognition and PADDs, though. A PADD, for those who don't know, is a lot like a PDA with a wireless network link to a computer.
After that, it requires a fairly fast computer (to run the relational database) and a fair amount of storage, to remember all the devices and their functions and to remember all of the 'knowlege'.
All in all, a very large problem. But one that is, I think, almost possible today (excepting the voice recognition). It's just waiting for someone to implement it.
---
END OF LINE
Everybody is continually assuming that little dinks who mess around where they aren't supposed to be is a fact of life, that putting your toaster (to use the popular example) online means some pimply teenager is going to set it on high and burn a hole in your kitchen counter.
As the technology becomes more mainstream, 'script kiddies' aren't going to be tolerated. Look at it this way: right now a screen window in the summer is pretty awful security. Think about it. Anybody with a pen-knife can cut his way in and steal your toaster! Why doesn't that happen? Because people who do that get locked away reasonably fast. So people aren't afraid to sleep at night in the summer with a screened window open (in many localities). A few jail cells full of hackers will solve the problem. Kids (and overgrown kids in adult form) just need their hands slapped a little, and things pretty much correct themselves.
I've never understood why people think that technology renders morality obsolete. It doesn't.
That collective of ubergeekiness is actually here, not at the link above. Sorry about that.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
JINI.
Well thought-out, non-proprietary standards are a good thing. When I'm sober I'll tell you why I think something like JINI is the key (hint: do you really want (say) toshiba deciding to implement a microwave oven/ip interface based on (say) finger?).
Can you up-moderate the previous post which has a very relevant suggestion for how to deter these attacks from happening in the first place?
The death penalty seems a bit extreme.
But laws will be enforced (they already exist), and hackers will find themselves in deep trouble.
People have a way of figuring out what is right and wrong. The ones who don't, or won't... they had their chance. There will always be drudgery jobs that need to be filled. Obviously we don't need rocks broken up, but there's always road construction work, etc.
They'll be able to communicate with all those Coke machines that can raise the price if it's a hot day.
But seriously, folks, can you imagine how much more "interesting" things are going to be for the folks at Underwriters Laboratories.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
While it is true that I would not trust any of my home appliances to anything with the level of security that Windows offers, and indeed, I'm not even sure I would trust most of them to the level offered by Linux or even OpenBSD, we are rapidly improving our methods of hunting down and squashing bugs, especially bugs at the level that embedded operating systems run at, TCP stack and buffer overflow style events.
Protocols capable of managing large numbers of simple hosts are being deployed with increasing regularity around the 'net as administrators opt for simple slave/master distributed environments, and with that popularity comes increasing scrutiny by hoards of paranoid sysadmins and curious hackers.
I believe that the sheer danger that the net represents to the hosts on it has taught us lessons about computer stability and security we would never otherwise have learned, and on the condition (And its a biggy) that these lessons are properly attended to apon the creation of the embedded systems, and indeed all future systems, we will rapidly reach a point where particular, listed systems and configurations can be trusted just as much as the rather pathetic level of SSL encryption we currently use to hide our credit card details.
The increasing capability of users to handle the responsibilities of logins and passwords, and the burgeoning field of proactive defense (see Stackguard etc) give the potential for the role of script kiddies and crackers to be relegated to finding what they do mostly now, misconfigured, rather than fundementally broken, systems.
Of course, thats in a perfect world. In this world, the leading operating systems vendor doesn't know the meaning of the word "Secure" and hacking your friends video game console is about to become the new craze of the 21st century.
You can't win a fight.
I remember reading on usenet about a guy who wrote a virus that sent his x girlfriends phone number to the pc's com ports in case there was a modem there. He set it to call on their aniversary or something. There was also an urban legend about a virus like that one that called 911 over and over again. I suppose that with the increasing number of cable modems and DSL increasing among windows users, with Back Orifice, things could get real ugly in that respect. We need to pass a law that requires NO closed source systems to have access to a modem connected to the public telephone system.
I'm not worried about some script kiddie breaking into my internet appliance. I'm more worried about the corporations collecting info about me.
Then again, with the big bucks that CmdrTaco got there is gonna be a house in Michigan with an internet toliet. Crackers will probe a way to potentially wipe out a dangling problem.
I'm going to get me one of those PIC chips with a webserver and a wireless connection and stick it up my butt. I'll post the URL to Slashdot so I can be the first one to get his butt slashdotted. Maybe I'll stick some kind of speaker in it so that it will chirp every time that it serves up a page. Maybe I'll even have a gif of the actual butt in which the server is located.
OMG, I can't believe this even made it to Slashdot! Give me a break!
When will the urban legend of 'connecting your toaster to the net' die? Who makes this gear? Who would buy it? No one.
This is such a non-issue its almost funny that people worry about it. You've been reading too much William Gibson.
We can call it the "Maximum Overdrive Meme." or MOM.
"Looks like some hacker flushed the toilet when I was taking a shower again."
Hi!
Hasn't anybody here studied the history of technology? Nobody--none of us--have the slightest clue what the next twenty, or ten, years of technology will bring. Will every toaster and waffle iron have its own IPv6 address? Will every clueless end user have to remember the gateway IP address, and how to connect a new appliance to the household DHCP server?
Well, let's back up a hundred years. When Alexander Graham Bell invented the telephone he did not have the faintest notion of "phone tag", let alone "phone sex." The telephone instrument was placed in the front room of any house wealthy enough to own one. When exchange interconnection happened (so you could call from one exchange to another) newspapers worried that women wouldn't be able to deal with the complexity of remembering the exchange name and the phone number--chaos would reign. When long distance service began people used to dress in their best clothes before placing a long distance phone call.
The great-grandchildren of these people have no trouble with cell phones, digital cell phones, pagers, and fax machines. Many of them are capable of direct-dialing international calls (particularly if there is phone sex involved.) Several of them are capable of dealing with modems.
The same is true of automobiles, airplanes, trucks, and electricity.
Where we'd headed, IMHO, is a world with (from our perspective) infinite MIPS and infinite bandwidth. Where software is much more a product of interaction among agents, rather than the result of a single monolithic program. Those agents will give all the devices we use a dramatically different level of sophistication than we can fathom--and it will be relatively easy for those agents to establish trust relationships with other agents.
In less than 100 years we have gone from an era of hand-cranked phones to a time when people put you on hold because their other cell phone line needs to connect to the in-car fax machine. In the next 10 years we'll see business and home appliances go from X.10 to a world we simply can't imagine today.
Will there be bumps on the road? Yup. Will some script kiddies scare the daylights out of Gary North, Mike Hyatt, Ed Yourdon, and the rest of the Year 2000 Chicken Littles? Undoubtedly--they'll be wringing their hands in public about that by January (they've already started--all the Y2K remediation has just given foreign agents the ability to plant time bombs in our computer code!) Maybe you or I will make a fortune solving the problem.
But when we get there, we'll shake our heads in wonder at how much 2000 will seem to be just like the Stone Age. We'll tell our kids (or in my case, my grandchildren) about life today--and they won't believe a word we say.
Most appliances plug into the wall socket to suck the juice, right? So all the toaster company has to do is put an X10 device in the toaster, and boom it's communicating with every other X10-enabled appliance in your home. It's cheap and effective, and your desktop PC can act as a database server and/or an internet gateway (through cable modem or ADSL). In other words, connectivity is a solved problem.
-- Guges --
I think I read somewhere that everyone has some measurement of ADD. I have a bit of it I bet. I also tend to forget that I am doing something, which includes food in the oven, lights and the what. Dont' think of embeded devices as always being turned on.
They can be monitored for dangerous or wasteful usage (plugged in irons, turned on stoves, lights...). If the iron hasn't been moved for more than 5 minutes, shut it off. If the stove has been on for more than 2 minutes and the smoke detector is going off, shut off the stove. I say 2 since some foods generate smoke by. I left the water running overnite onetime. Leaving the water running for more than 30 minutes is a good reason to shut it off...
just some input...
---
-
ping -f 255.255.255.255 # if only
Best to keep things like this behind firewalls with restricted and authenticated access, indirectly, through a local master host(s) control program(s) addressing private IP's. This should keep the security problem at a manageable, or at least addressable, level, without imposing an additional administrative burden on the entire goddam internet, which does not nor should not need to give a rat's ass whether your (or my) stinkin' heater is running or not.
You're right though, it's asking for trouble to do this over a public internet. John and Mary Q. Public are going to demand absolute assurance of absolute safety, with no effort on their part, (notice I said "assurance", not actual safety per se. Someone to sue, at least.) never mind the cost to themselves or anyone else, giving regulators yet another imperative to weigh in and fuck things up for everybody. No problem for the clever, but it kinda screws the idea of the internet being a "free" medium, etc.
By the way, If ISP's won't turn loose IP's for dial-up users to run their own servers as it is, why the hell are they going to do so for your freakin' toaster, fer crying out loud?
Hopefully this is a non-issue, but of course I am daily amazed at the stupidity, sheer waste, and totally gratuitous human misery resulting from the abuse and misuse of technology at the hands of practical-minded business people, who of course know better than anyone else, obviously. Well, except maybe politicians, bureaucrats, cops, or judges.
Slippery Jim
In Chicago, you have to leave your faucets running just a little in the wintertime, or your pipes freeze and explode. Might an outsider be able to turn on or off appliances which use water (eg, a sprinkler system), causing them to fill with water, then stop, and let the nighttime cold freeze them?
-- Guges --
Me: "Excuse me, I have to go. I left a pie in the oven."
You: [typing...] "Well, www.your-oven.com/command.cgi?uptime says it hasn't been used since 3794562 seconds from Epoch.
Me: "Dammit!" [removing foot from mouth]
What startles me the most, and seems outright unnecessary and unusual is the desire to actually HAVE some of these things networked. Why do I need my fridge networked? Why? It's not networked now and my food stays cold. All the time. Every day when I come home and open my fridge, the stuff inside is cold. And the one time that it wasn't, it was due to a mechanical problem. And guess what... that would have happened even if it had wireless networking installed. The only difference is that I would have known sooner that I was going to lose $50 worth of groceries because my fridge would have emailed me when the temp. dropped a certain amount.
- ------------------
I want someone to please explain how networking every appliance in your house is going to improve life in a cost per effort scale. I wake up in the morning and spend 3 minutes preparing coffee before I start getting ready for work. Get beans out of fridge, grind beans, pour into filter, fill carafe with water, empty carafe into percolator, turn on percolator. Now, that's three minutes.
You could make the argument that a person salaried at $50k would save $1.20 per day by not making coffee manually, but guess what? Your employer doesn't pay you to NOT BE AT WORK! And I'm pretty sure that 90% of everyone in the world would use that extra 3 minutes of their time to hit the snooze button an additional 1/3 times. I'm in favor of progress, but I must object to the technologically absurd, if only from a pure fiscal standpoint. Networking your kitchen appliances will not make you happier, more efficient, or more productive. It will only ensure that you have less capital in your bank account.
---------------------------------------
This entire argument seems a bit premature to me. The tech/software field is still moving at a much faster pace than appliance makers. So my main point would be this: If IP enabled appliances rolled out the door tomorrow, how long before the acceptance grew? Sure, I'm as much of a geek as the next guy, but having to pay $15-20 more for a coffee pot that lets me regulate the burner temp doesn't sound like all that great an idea. And I would be willing to bet that the combo of NIC/FIRMWARE/SOFTWARE is going to add more than $15-20 to the price at least initially. Now lets figure in the impact of those who do not have a NIC in their home PC, a hub for attaching the toaster, etc...
/dev/hammer /dev/nailgun ; /dev/nails > /dev/nailgun ; ! /dev/nailgun' It could work..."
So the question comes back: How long until we really see these devices in use? A long time by my count.
My VCR has an RS-232 port, and I do use it to set up a recording schedule. How many of the "truly geeky" have done this? RS ports on VCR's are also about 3 years old. (Maybe older, I said 3 to be conservative.) Is my VCR hackable? Yes, but what true damage could be done? ($50 in fees for my tapes being "not rewound"! Darn you hax0rs!!!)
Why hasn't anyone hacked my VCR and forced me to record "Emmanuelle in Space" over my copy of "Titanic"? (Actually, why haven't they darn it! My IP is...) Because noone is looking for it. Why doesn't someone out there write Macro Viruses for Ami-Pro?? Because they would have too little of an effect. Linux is still short on viruses, but they're coming...
So, until a hax0r sees the likelyhood of being able to hack your toaster, and figures it's likely that you have an IP enabled toaster, he/she will probably spend most of his/her time writing Office Macros that make your paperclip sing "I'm the only one".
I firmly believe that we will se a proliferation of TIVO and similar devices long before we see the CompuToaster (TM).
So, back to our original premise, IP enabled devices today. Plan on at least 3-5 years before there is enough market saturation to matter, and another 2 years for acceptance.
Where will the computer industry be in 5-7 years? What steps will be taken by M$, Linux, etc. in that time frame? Ask anybody that was using Linux 7 years ago if Linux has "changed".
It is becoming inevitable that within the next 3-5 years a competent firewall will be a part of every major operating system simply as a side effect of cable modems and the like. Believe me, the OS that does not have this feature will soon add it when the kids down the street decide it's best to hack your computer for practice. I recall that not too long ago there was no Virus protection on Windows. Along came MSAV, and you basically can't buy a computer without AV software installed nowadays. The market responds to new challenges.
Also, TCP/IP would be too much of a networking protocol to use for a toaster. There will probably be an updated version of NetBios, NetBeui, or SMB that will be used.
Debating a technology that is so far off into the future without considering the impact of a similar timeframe of advances in other fields is fruitless. As an earlier poster commented, "...will have safety precautions built in, like a temp control for the stove..." The hardware will not debut until the software is ready, and so on. In a country where you can sue someone for serving you coffee that is "too-hot", I must assume that the companies involved will make sure that they are protected from liability. Leaving a security hole in a program that in turn causes your Braun Shaver to shave the sofa and set it on fire would probably stand up in court as negligence.
********Paranoia Starts Here***********
Here's the real kicker. GE enters into an agreement with some monolithic OS maker and makes the CompuToaster (TM) a proprietary "OS 2000" only product. Sure, write your own interface, but we ain't responsable when you have a burnt loaf of wonderbread... Better yet, the makers of "OS 2000" decide that a "partnership" is in order, so that GE develops the toaster and firmware, and OSsoft develops the interface. It takes a level of responsability from both parties, as they can blame software/hardware (whichever side they didn't design) for any and all problems that occur. Sure, you could still sue the companies, but which one?? This would be great for both sides of the bargain, and as usual screw the guy in the middle. Just something to think about.
Will Bill control the destiny of your toaster??
~Jason Maggard
"If all you have is a hammer, try 'ln -s
I'm thinking from a centralized home server/refigerator unit (hey, you can overclock like crazy!). If the house server is able to control everything in you house through the network, then it can also serve as a firewall. That way, all you have to worry about securing is that one server. All the appliances would still work without the server, but for that bonus network feature, you need the server.
Now, I understand the worry then would be that if someone got root on your machine, they could really mess stuff up. But why have all the appliances require their own passwords so that if you wanted to start your oven over the internet, you would need a special password. If you need to start your oven from the other end of the house, you wouldn't need such a password.
Sure, it may be more of a hassel to type in a password every time you want to start your oven or record a show, but that's a lot less of a hassle then what you currently have to do. Plus, if you didn't care about security, then you could turn it off. I guess my question is: if you have secure passwords for all of your appliances and you never send those unencrypted (ssh!), then what's the big problem?
Got HTML? Want LaTeX? Try html2latex
Umm, don't people realize that the "networked toaster" idea was just a joke? Someone was just playing around with the concept of "internet appliances" and it wasn't really meant to be taken seriously. Even the (previously somewhat common) internet coke machines and coffee makers were intended only as cheesy hacks... Does anyone even maintain those things anymore?
You know you have a serious problem when you wake up in the morning, check your email and you have one with the subject: 'h4r h4r I r3wt3d y3r t04st3r fo0! Bw4h4h4h4hh4!!!' thats when you gotta worry, forget your house burning down. your fridge eating your cat, needless to say those are bad things, but after all that is said and done one thing comes to mind...got root?
.' Windows 98 crashed I am the blue screen of death no one hears your screams... `.
...unless you want Unisys hauling your ass into court!
Free music from Jack Merlot.
Who says your toaster has to be "networked" to remember that you like burnt toast every third wednesday when the moon is full? Having intelligent devices is one thing, but I don't want them networked so that big brother can use his 'back door' or download my data for the "free firmware upgrade service" via the internet. Hands off my toaster, freakazoids. If you want ultimate networking, why dont we all carry a small electronic device that continually emenates our accumulated preferences and when we walk in, their system picks up on it and knows that I always drink water when I eat out. Thats damn scary too. Whats wrong with a little personal interaction? Do we just want robotic "HERE IS YOUR USUAL SIR" service? I'd rather flirt with the cute waitress.
MY KITCHEN JUST CRASHED
~~~~~~~~~~~~~~~~~~~~~~~~~
TCI, The nation's largest cable television company, is in talks to launch a
unique pilot project in conjunction with Pacific Gas & Electric Co. &
Microsoft Corporation to design a "smart home". The home automation industry
is expected to triple in size, from $1.7 billion this year to more than
$5.1 billion by the year 2000.
NOVENBER 28, 1995 - Moved in at last. Finally, we live in the smartest house
in the neighborhood. Everything's networked. The cable TV is connected to our
phone, whitch is connected to my PC, whitch is connected to the power lines,
all the appliances and security system. Everything runs off a universal
remote with the freindliest interface I've ever used. Programming is a snap.
I'm like totally wired.
NOVEMBER 30 - Hot stuff! Programmed my VCR from the office, turned up the
thermostat and switched on the lights with the car phone, remotely tweaked
the oven a few degrees for my pizza. Everythings nice and cozy when I arrived.
Maybe I should have the universal remote surgically attached.
DECEMBER 3 - Yesterday, the kitchen crashed. Freak event. As I opened the
refridgerator door, the light blew. Immediately, everything else electrical
shut down - lights, microwave, coffee maker - everything! Carefully,
I unplugged and plaugged all the appliances back in. Nothing called the cable
company (but not from the kitchen phone). The utility insists the problem was
in the software. So the software company runs some remote telediagnostics via
my house processor. Their expert system claims it has to be the utility's
fault. I dont care. I just want my kitchen back. More remote diagnostics.
Turns out the problem was "unanticipated failure mode". The network had never
seen a refridgerator bulb failure while the door was open.
So the fuzzy logic interpreted the burnout as a power surge and shut down the
entire kitchen. But because sensor memory confirmed that there hadn't actually
been a power surge, the kitchen's logic sequence was confused so it couldn't
do a standard restart. The utility guy swears this had never happened.
Rebooting the kitchen took over an hour.
DECEMBER 7 - The police are not happy. Our house keeps calling them for help.
We discover that whenever we play the TV or stereo above 25 desibels, it
creates patterns of micro-vibrations that get amplified when they hit the
window. When these vibrations mix with with a gust of wind, the security
sensors are activated and the police computer concludes that someone is trying
to break in. Go figure... Another glitch: whenever the basement is in
self-diagnostic mode, the universal remote won't let me change the channels
on my TV. That means I actually have to get up off the couch and change the
TV channels by hand. The software and the utility people say this flaw will be
fixed in the upgrade - Smarthouse 2.1 but it's not ready yet.
DECEMBER 12 - This is a nightmare! Theres a virus in the house. My PC caught
it while browsing the public access network. I come home and the living room
is a sauna, the bedroom windows are covered with ice, and the reffridgerator
has defrosted. The washing machine has flooded the basement, the garage door
is cycling up and down, and the TV is stuck on the Home Shopping Channel.
Throughout the house, lights flicker like strobescopes until they explode
from the strain. Broken glass is everywhere. Of course the security sensors
detect nothing. I look at the message slowly throbbing on my PC screen:
"Welcome to Homewrecker!!! Now the fun begins. Be at ever so humble, Theres
no virus like Homewrecker..." I get out of the house, FAST!
DECEMBER 18 - They think Iv'e digtally disinfected the house but the place is
in shambles. Pipes have bursts and we're not completely sure we've got that
part of the virus that attacks toilets. Nevertheless, The Exorcists - as
the anti-virus SWAT members like to call themselves - are confident the
worst is over. "Homewrecker is pretty bad," one tells me, "but consider
yourself lucky you didn't get Poltergiest. That one is really evil".
DECEMBER 19 - apparently, our house isn't insured for viruses, "Fires and
mud slides yes," says the claims adjuster, "Viruses, no". My agreement with
the Smarthouse poeple explicitly states that all claims warranties are null,
and void if any appliances or computer in my house networks in any way, shape,
or form with a non-certified on-line services. Everybody's very sorry but they
can't be axpected to anticipate every virus that may be created. We call our
lawyer. He laughs. He's excited.
DECEMBER 21 - I get a call from a Smarthouse sales rep. As a special holiday
offer, we get the free oppertunity to become a beta site for the company's
new Smarthouse 2.1 upgrade. He say's I'll be able to meet the programmers
personally. "SURE!!!" I tell him.....
---aurthor unknown
1000 SlashDot sigs
Hmm. The "Socal" contract. As I remember it, Alan Sokal (sp?) was the guy who played that joke on the sociology magazine "Social Text" in which he submitted an article of unmitigated nonsense to see if they could see that it was a joke (of course, they didn't). Are you referring to this? ;-)
few things for me would be nice.
I wouldn't mind wearing a headgear deal (given it wasn't toooo big... ya know? ) if it was capable of a few things.
Integrated with my whole house through voice command.
I would love to turn on the stereo and switch cd's from anywhere in the house.
Turn off the front porch light when I'm in the backyard with the
8" Telescope.
Talk to my circle of friends without having to go through the whole
phone/busy-signal/voic-mail junk.... (I have a few ideas on that one.)
See who's at the front door.... From work.
Re-route my HOUSE line through the head-gear.. (transparently)
Check my e-mail. Open doors. Change lights.
Set oven temp (no... I don't want auto cooked crap)
And of course cramming VR into it so I can handle e-mail, web-browsing,
site building, report genration, etc. etc. etc...
that would make it infinitely better.
Just my take is all.
Friends don't let friends buy Compaq's. (Dell/Gateway... same same) You want a good computer? Build it yourself.
There is a place for networking...the toaster is not one of them. Cell phone and other communications technology is another issue, but here I'm talking mainly about physical appliances with embedded controls.
I think I've seen this discussed here before. Lets face it, toasters are never going to have IP's. There is no point. Perhaps being able to control your lighting, and a few other things remotely would be nice. Stuff like this is available already (X10 type stuff) if you're willing to pay the price, albeit not with IP's. A lot of audio magazines cover this type of stuff, Home Theatre comes to mind.
Lets keep it real for a moment. Is it just me, or does the whole "give your toaster and everything else an IP" sound like something some dumb ass executive at GE would say? How soon will this be a real problem or a real market? Maybe 5 or 10 years down the road for the 1% of the population that can afford it? Frankly there isn't much in my house that I'd want to be able to control remotely other than my computer/data.
Any consumer with half a fuctioning brain will do a cost/benefit analysis and see that networking your entire house pretty much fails. High cost, and large security risks for minimal gains. How lazy do you really want to be? "Hey honey, I just warmed up the oven while sitting on the couch!" Yawn. Most of this stuff I'll leave for the rich who do it "because they can." Let Bill Gates get his house "owned" if he's actually dumb enough to connect it to the internet.
The person who asked the question on this topic also pointed out that most of these devices are not upgradeable. Indeed, any embedded system you buy most likely isn't How many appliance manufacturers would you trust on this point, especially since the average consumer has no idea what we're talking about here anyway? "Sir, this security is unbreakable. The food in your refridgerator will be safe." Where have I heard something like this before? Ah yes. Witness the recent events in DVD land. Even the suits were convinced that it would never be cracked. Yikes.
A lot of this stuff has important applications, for example in building control, for security systems, air conditioning, or whatever. But this already exists in a LAN environment. Changing this type of system to some sort of PC and TCP/IP environment is not a huge step (in the local or MAYBE WAN environment). As far as connecting all this to the internet only sets you up for disaster. So what if you can control all 10 of your building from one location...just pay a few extra people to work at all of the building and save the security risk.
So I'm not worried about this in general because:
The cost is too high.
Doesn't do much for you (mostly more couch potato stuff, at least in the home environment).
Only a small percentage of the population will be able to afford it.
Once these type of systems are cracked, the average consumer will reject them.
My old dorm (Random Hall at MIT) has long had it's washing machines and driers connected to the internet (http://spleen.mit.edu/LAUNDRY/index.html). Earlier this year we started connecting the bathrooms to the internet (http://bathroom.mit.edu/). We never had any problems.
Try to turn out the lights while someone's in the bathroom (without being to Random Hall. That would be cheating, Boris.) You won't suceed. (Taking down the server != Turning out lights in bathroom, so please don't. My friends use those computers.) Of course, the systems were designed by competant people so that there was no chance for any significant damage to be done. I suppose that can't be said for everything.
I personally would love well designed intelligent appliances, and I'm not a technogadget collector. I keep my notes on folded up sheets of paper, not the latest Color Palm VII/CX Plus Pro. But when was the last time your refrigerator froze your tomatos? The ice-cream was too hard to eat? You were out of coffee in the morning? The microwave broke and you weren't sure how to fix it? Intelligent appliances could take care of all of these things easily. Suppose I'm at work and I read on CNN's website that they have a special that afternoon that I want to record. Why can't I program my VCR from my computer over the internet? Why doesn't my alarm clock set itself when I turn it on? I'm not willing to pay much extra for all these little conveniences, but I am willing to pay something, and I'd wager that many others would too.
I also think that at some point power cables will have five prongs instead of two: the current three (to provide power) and two extra to provide a USB-style link. With open protocols for inter-device communications, even advanced appliances could require no setting up. You just plug them into the wall, they find the right place to get all the information needed to configure themselves, and off you go.
I am not particularly worried about people cracking my toaster oven, though. There are two reasons. First, my toaster oven will not have a worthwhile amount of processing power nor will it do anything that anyone cares about. (Maybe if some uberhacker develops a grudge against me I'll find my toast burnt one morning, but that's hardly a world-shattering threat.) Second, those appliances that can be dangerous should have isolated kill-switches that shut the thing down if it engages in dangerous behavior. If you can afford an entire embedded processing system in your networked toaster oven, you can avoid an extra sensor and circuit that kills the power before the cracker lights your toast on fire. If the system is both boring and harmless, there is little danger of intentional damage. Viruses may accidentally become a problem, in which case....
Obviously, there should be manual controls to disconnect both net access and maybe even kill switches, in the unlikely event that you *need* to light your toast on fire for some reason.
Besides, without every electric toothbrush connected to the net, what are we going to do with all the IPv6 addresses?
No, what I was most interested in was the comment appended to the story, which went like this:
"This has worried me for a while. More often than not, the drive to commercialize a new technology always comes before we've accurately predicted how it will effect us..."
Think about this line for a moment. Ignore its immediate silliness (OF COURSE people want to commercialize things before their effects are known... how else do we get to know their effects?!).
Imagine a world in which no technologies were permitted to enter the market unless someone (who? Slashdot? A Federal Bureau of Technology Approval? Bill Gates? Some committee with reps from all of the above?) approved it, presumably judging what its effects would be.
This is the technocratic fantasy, wherein nothing new is permitted unless it fits a particular "expert" vision. But who, really, CAN predict these things? Who could have predicted the creation and rise of Linux? Who could have predicted the Slashdot effect? Maybe some people did. But if those people had had to persuade everyone else, or at least a majority, that those effects were (a) likely to occur and (b) had benefits outweighing their costs, neither would have happened at all.
That is why the mentality embodied in that sort of offhand comment -- fear about unleashing some sort of technological monster upon an unwary public -- scares me, because it demonstrates an amazing level of arrogance about our own knowledge and predictive capabilities. If the capacity exists for a wired fridge, someone will try to market it, and it will succeed or it will fail. And it may produce effects and innovations that even we vaunted Slashdot readers could not have predicted. So when we express our healthy skepticism about a particular technology or product, let's try not to let it spill over into technocratic hubris, eh?
(note for readers: there is a rather good book on this subject entitled The Future And Its Enemies, by Virginia Postrel. Check it out if you are interested in a recent nontechnical defense of technology.)
-BBB
All this reliance on technology is going to come to a head and the results, I fear, could possibly be disasterous. See the DOCUMENTARY (definitely not the movie) called The Trigger Effect to see what I mean. --e!- ---
-------------------------------------------
-----------------------------------------------
Unix _is_ user friendly, it's just particular about who its friends
Doubt it. I'm sure they would take the DIVX approach to marketing these appliances. Sell the unit cheap, but keep them paying for the service. After a week of not checking in to the main server, a polite call from the company asking if there is a problem and would you like to add another year of service/features...
Oil for all the lamps in China. How many families don't have telephone, cable, internet or some other monthly service? It's getting to be a frightening world.
"I have a cunning plan..."
As we all know the current verision of IP simply sucks, and is being replaced by IPv6. Some of the more intresting configuration concepts of IPv6 are totally automatic, and have non of the attributes the /. posting indicates. Light switches, microwaves, airconditioners, etc. can exist without administration!! We are talking about things that are the ultimate replacement for ARP and BOOTP in one swift blow. Simply prefix the hardware MAC address in the 128bit IPv6 address. This reduces the overe all protocal stack, allows for device auto-config, and enhanced security. I think somebody posted on /. about the IETF draft proposals being a potetial privacy threat. I think what they mean to say is the people who intend to spoof packets to gain access to your local LAN will not be anonymous. This is a clear distinction i should point out before going on. Hackers will not be able to send packets that are routable over the internet to any sort of home appliance that participate on an IP network. IPv4 is old. I can't say that enough. I also say that many people seem to be locked into a old term of thinking when it comes to networking. The potential for networks to scale seems to be beyond many people current scope of thought. The IETF realize that in the future there WILL be IPv6 with its:(aheim.....I'll spare you the actual number)2^128 hosts address space. This is a HUGE increase of space, I mean its serrious!! This yields several billion host adress's avalible per square foot of space avalible on the planet Earth, and this includes the ocean(not just land)!! So this will allow every person born on the planet have their own IP. Every device ever made can participate on a network because the address space will be bigger while the bandwidth is getting faster, and cheaper. We have already seen other postings on /. about network cards with the IPv4 stack burned onto a chip on the ethernet card. Another recent article had to do with putting a TCP/IP stack, and web server on a tiny chip smaller than a coin. These type of things tell the IETF that we will need a way to manage vast amounts of devices that could potentially have "micro-networking circutry". These decives will simply turn on and instantly be able to to participate on a network. This will be possible with auto-configuration protocals being added on top of IPv6. After all, this level of home-network with micro-networking devices that will participat on the network are not projected to be at a consumer level until way after IPv4 in depleted. This means that IPv6 will be the protocal for this next generation of home appliances. I for one, don't think the current hardware, and protocal designers have missed anything. I think there are many more things that I can argue against the concept of hackers being able to break-into your home via the connected network. However, it is an iteresting concept. You could pull some funnny pranks on friends. Turn off their alarm clocks, change the chanel on their television, and whatever else that person would have wired to this imaginary network. For now I don't thik we will have to worry about people being able to overcome the future home networks. Sure there is always that unknown futur hack nobody knows about until it gets discovered, but hey...... what can I say to that. Only time will tell so for now lets just let the security get stronger, and the protocals get more eficient, and the hardware cheapper first.
It isn't a lie if you belive it.
but doesn't this all revolve around being connected to the internet, at all times?? I don't know about you but I only connect when I want to
...the papercip pops up and asks, "can I watch?" and promptly pipes /dev/video to a streaming port on the webserver's homepage. Meanwhile, all those who view http://www.microsoft.com/billshome stare in slackjawed amazement. Its a tiny fscking paperclip.
"You mean it wasn't really IIS, but that 'fringe operating system?'"
It makes toast and has a wonderful little knob for setting the toastieness. (Uhoh! knobs are probably a patented user interface!)
And it was only $10 at Macys.
How can we predict the effects of a new technology accurately before it is introduced? By definition, effects follow on after an event. Timewise, this looks like:
Ev(ent) -> Eff(ects).
Sure, interesting thought experiments can give you some answers, but you are really deluding yourself, as all you get is:
Ps(eudo)Ev(ent) -> Ps(eudo)Eff(ects).
I bet the people at sun didn't realise the fact that Java would miserably flop for a bit, and then make a comeback, nor the maker of the transistor the evolution of computers. The effects of embedded computers is not necessarily an einstein coffee maker, but a chip that produces little heat for lots of processing power. There's also the miniturisation of networking components (such as smart mobiles (mobile phones).
Chief Prosecutor
Advocacy Department
No-one is seriously advocating connectiong actual toasters to the home network (I hope!) The idea is that network connections will become so ubiquitous that even reasonably simple appliances will eventually be network-enabled.
The ridiculous extreme to this is of course, the humble toaster - a device so incredibly simple that there can be no imaginable benefit to having it networked... but it is anyway.
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
OK so the toaster was a joke - I got it now hehe
But actually the same thing goes for a VCR. I would love to be able to remote program my VCR, since I always find out about films a want to tape too late. Now what good would a net-enabled VCR do me? "Sure dude I'll start recording channel 2 at 21:00" Wait, do I have a tape in? What's on it allready? Is there room for another film?
So before I replace the casette with a HD an IP adress is of no use to me. Then what do I have? A device with a cpu a network connection a hard disk a dvd and a display... Wait a minute havent I seen someting similar somewhere...
All opinions are my own - until criticized
Long time reader... first time poster. With that out of the way, as a recent college graduate I have learned to appreciate technological advances within the last decade. I can now blame a hard drive failure (spending too much time searching for porn and mp3's) or a system freeze (excessive QUAKE) as an excuse for a late term paper. I could even beg for a short extension because of a sudden printer failure (chatting to a 26 year old, 36DD, lesbian) or perhaps a software incompatibility (hammering a site to check if anyone has posted a reply to my statement determining which is a better race... Vulcans or Klingon?). However those are just some of the little benefits of the technological era. If I may digress from the subject about technological warfare, if we are seriously concerned about hacking and the destruction of the modern world by a determined fourteen year old, then we are in grave danger. What's more of a threat to our society are virii and biological warfare. (Nuclear warfare is as old as Communism.) One person carrying a vial of a deadly virus, can wipe out a city. Remember the Bubonic plague that affected Europe? That is why I would rate anthrax slightly over Melissa, based upon global risk. However, some people might think that an e-mail address is more important than life itself. With the approach to a new millennium and maybe 'Jetson'esque style of living, are SMART appliances going to hinder human progress? Will it be a debacle because my toaster was out of whack and burnt my fresh blueberry bagel? I don't think so. I'll go on, but I'll be upset. To brighten my day, I'd be happy to know that I can track my toaster from work through a global positioning satellite and determine that my toaster is still in the same place... right on my counter in the kitchen at 242 Oak Wood Drive. So what are some of the downfalls to the binary revolution? Other than people becoming more obese, finding more computer related illnesses such as arthritis and vision impairments, a larger population of anti-social techno geeks, and possibly financial ruin, I do NOT notice anything wrong with a networked environment. I believe technology can only improve and be secure. If SMART toasters appeared, or SMART refrigerators, or SMART coffee makers, or SMART TV's, or SMART air conditioning, or SMART toilets, etc. all you would have to do is point me to the nearest BEST BUY for me to purchase the whole SMART set. It might be expensive at first, but I would be the coolest neighbor on the block who yells "computer" instead of "YES". Finally, here's my story. At my college dorm that housed 200 students, I despised dragging three loads of laundry down four flights of stairs, on a weekend, to a room filled with only three washers and three dryers. After noticing that all the machines were in operation and I had no idea what cycle the washers were on, I decided to lug my laundry upstairs. I didn't want anyone to notice my Scooby Doo underwear. But that's beside the point. The point is, if there was a way for the washers and dryers to report to my networked computer that washer 'X' is one minute away from ending it's cycle, I would be in a state of nirvana. So here is my take home message: Get out of your seats. Get away from the monitor. Don't worry about hackers or the end of the the world. Go outside and smell the air. Then kick yourself in the butt and build me my networked washer and dryer. Who knows, I might send my kids to college.
Take the car for example - when it was invented it extended our possibilities but threatened our lives by creating a new danger called the car accident. Same goes for a lot of new technologies such as nuclear energy, genotherapy (think creating new viruses), cell phone etc. The problem we have in this world is that the people 'in charge' (companies, governments, any kind of regulatory body) of the new technology usualy wait for some kind of accident before starting to do something about the shortcomings of the technology. One interesting question is, will one of these new technologies (how about nanotech), spur a major catastrophy (in terms of deaths of millions) anytime soon?
I don't think this one (connecting everything to the net) will because it doesn't have the potential of creating the extreme damage without notice or warning signs that an artificial virus outbreak has. As everything won't get connected at once to the net, we'll be able to witness the problems on a small scale at first, wait till there's some kind of accident (that is bound to be minor) that reaches the media and then act to fix the problem. The problem will be fixed because it's a matter of equilibrium. If the technology is too dangerous it won't go mainstream.
However I am worrying about stuff like nanotech and artificial viruses.
because it's not useful. If we can create a TCP/IP stack on a chip and the chip costs about $5, then adding that chip will push the cost of the toaster up $20, just for the chip. The connector and the rest would probably cost as much as it does to produce the entire toaster.
So let's see: I can pay $30 for a toaster that I push the lever down on, or I can pay $80 for one which allows me to pop the toast down from an IP port from my Linux box. Of course the add-on to grab the toast and put it into my toaster is extra, as is the device that takes the toast and runs it down the garbage disposal. (Necessary as if I'm too damned lazy to get up and make my own toast, I'm probably too lazy to chew it and swallow.)
The only place where this sort of connectivity makes sense is in devices where someone is in charge of checking on it's status. Something like a cola vending machine, for example. Then, instead of having to make regular trips to a site to check on the cola machine's status, you can check over a wire. Same may go for larger office coffee machines, I suppose...
*ping* Coffee is low *ping* Coffee is low *ping*
Actually, do put your house on the net. And vote in a political representative not afraid to spend a few tax dollars on jail cells for criminals who engage in trespass.
Yeah, the US spends a couple of more tax dollars, and some Finish scriptkiddie cracks into your house. Hum.. I have a feeling the US laws and spendings don't apply there.
Of course Finland was a bad example. They would probably take action. But you get the idea.
Also, do you really think one would go straigt for the target? No. You bounce via various other compromised hosts, and of course - you try to cover your tracks after y ou've broken into something.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
Not an issue -- Come Jan 1, 2000, the WIPO (digital millenium act) will be in effect, making it a $1000 fine in the United States to discuss security holes.
I really, REALLY hope you're joking.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
We're gonna end up in a world where the stuff going on in Lawnmowerman 2 (If you haven't seen it, don't...) actually might become reality.
For those who've not seen it, or have blocked it mentally, I can say that Jobe crashes a helicopter into a house by accessing it from a public network (they never really SAY internet).
The thing is that when I saw it, I almost laughed my pants off. Today I realize that it's exactly the way we're heading.
I refuse to believe that they actually meant to make that poor excuse of a movie as a warning of what might happen, but_if_ they did, they thought about it before me.
====
saybeerspace?
Where the hell are all the moderators? I see less than 1 percent of post being moderated beyong 2 and -1.
I just missed a perfect oppertunity to say:
'You've got Toast'
sigh..
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
... and then came the Lions, and Tigers and Bears. Kwatz!
However, the TechnoCore wasn't bred by the dataspheres, nor the farcasters, it's roots are on the Old Earth.
For those of you who havn't read it, I highly recommend Hyperion (and the sequels!).
OT as usual,
Boneshintai
This link was on UserFriendly this morning.. :)
http://www.furryspace.com/istapler.jpg
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Yep, another chapter of the apple saga, in which they prove that if you buiild a better mousetrap, you can still beat the world away from your door.
.]
It's not the net that's useful for connectivity, but the home. Let the computer cycle the lights when you're away. Turn on the coffee pot. Change the channel on the stereo. Turn off the light downstairs that you forgot about.
And why is this apple's screwup? Turn the clock back 11 years. Apple produces the Mac IIfx. Recall that every mac since day one was network capable. In the IIfx, the serial (network) ports were run by a special chip with a 6502, RAM, and ROM. Gee, one little chip, that apple could sell for about $20 to embed in everything . . . that could communicate around the house over the unused pair of wires in the phone lines (yes, appletalk ran on common phone wire). So how many did apple sell outside of the IIfx? [hint: it's the same number as North American coal exports in 1491 . .
Planning is one thing, but let me know when someone can hack your toaster... If simple everyday devices are put on the net for some reason they should be like every other computer, behind firewalls. Let's not start philosophy over things that might or could years from now.
If his coffee maker is online, I wanna know where go got it then.
the one they promised to post in thier free area, based on input from slashdot readers?
If its stupid but it works, its not stupid.
Why worry about your house program patterns giving the crackers your habits? Just add in programs to simulate your presence! My idea for current tech is a program that takes my average evening routine, and replays that every night while I'm away, making my house look the same even when I'm gone. Add in a standalone security system (hey, it's a SECURITY SYSTEM, so even a moron would think about making it crackproof), and you've got a fairly safe house.
Anybody left whose long-term memory hasn't been disrupted by cell-phones remembers the truckloads of people lining up on the streets awaiting to buy the wonferful Windows95(r)(tm)(etc) ?
Some of them didn't even own a computer!!
The thechlore has it that marketing people are idiots. They are not, they are evil and cunning, and they get most average joes who let their guard down.
+Raider of the lost BBS
Well there seems to be several opinions on this submission. So lets talk a walk shall we.
First is the original issues of security. Since before and after the Jane's article the concept of network, systems and device security has been an issue. Awareness is the key, not fear. I am finding a undercurrent in out communities of this sense of near apocalyptic doom saying. Yet some how we go on. The banks of Europe must have changed a lot of underwear when it was announced their 512K wire transfer encryption had been cracked. But I don't think the transfers have stopped. Nor will the advance of technology. There is no such thing as a bullet-proof system. If there were, it would be packaged, expensive, and we would not hear that the US government had been cyber-attack over 18000 times this year. The fact is, as the attackers offense creates new wholes the defenses will respond and get better. Besides according to the book Maximum Security, one of the top reasons for bad security is the user's failure to follow the proper security procedures.
Next is the issue of embedded devices. To sale that these will be fad devices may be off base. It depends on how consumers and business view them? How their lives will be impacted by this technology? We cannot dismiss these devices out of hand just gimick toys. The market could be bigger and have more long-term staying power than imagined. They very devices we are using to view this site, the PC, was not supposed to last, never need more than 640K of memory(thx Mr Gates for that one) and not need any more bandwidth than 9600 baud. So much for so called experts and the fad prediction.
This also ties into the security issue. Will either stop the proliferation of these devices, I personally don't think so. Are there devices that will bomb? Sure, there always are. However the market space is just getting started.
For instance, what are the benefits of a microwave that can utilize voice commands and download cooking instructions? Tons, imagine a microwave that can be password protected by voice or number to prevent accidents with children (never mind the family cat). The uses in the blind and elderly communities for devices of this nature just scratch the surface. To say a market is small or limited for devices like these maybe premature. How popular are gameboys still?
If perspective is needed I recommend a trip to one of the several site on the author, and social scientist, Marshall McLuhan. It is his observations on media and technology that are used as measures in the area of impact to culture. And the fact is, whatever the positive impact to our lives is where the market for these "toys" will go. And that includes the big players, not just early adopters.
Finally, who cares. Let them development the toys. Let others hack into them. In the coming years there is a shortage of technology personnel. Today there are over 400,000 open jobs, and a prediction of 2.5 million by 2002. This market only strengths our job security in the long-term.
Remember fear is a healthy thing now and again, but paranoia is crippling. Social and technological responsibilities are noble qualities to encourage. Job security is a wonderful thing.
PS. Here is a good starter site about Marshall McLuhan.
http://www.cios.org/encyclopedia/mcluhan/m/m.html
www.eff.org. This isn't a troll. Search with your favorite engine for "WIPO" and/or "Digital Millenium Copyright Act".
This will happen. I think it's premature to have your heater on the internet, but I wouldn't be supprised to know a few houses already had IP addresses hooked into some serious systems.
How about turning lights on and off 5 times a second until they burn out. Might only take a few days... And this is probably already possible with X-10 systems hooked up to the internet.
Oh, and companies will never do enough security research up-front. A few might, but--well we've all been there.
Legislation against hackers? Good luck, you'll never catch the best ones.
Solution? Get the hackers to work for you.
Someone should act as a go-between, approaching companies with an "Unhackable" seal if they offer a reward. The go-between then posts requirements and rewards from all these companies to hackers. If a hacker proves that he made it in to a system in the list and shows how he did it and that he did no damage he receives the reward.
This would save the companies a fortune! Not only knowing that they have a security force constantly testing their systems, but also that if someone makes it in they will want to pick up the reward more than do damage.
I would, in fact, make a tier structure. A small company might offer, say, 2000 a year. The first certification might say "Challange" and have a reward of $500. After a few months with no hacks, they could change the certification to "Difficult to hack" and offer 1000. A large company might go up to "Unhackable Gold" with a reward of $50,000.
This is along the lines of what Microsoft and PC labs have attempted lately, but it would have much less structure and be much longer term, allowing for real useful testing.
bk
...as long as all these other devices run an OS based on some good solid Microsoft code, what could possibly go wrong?
Interesting that we finnaly have said this in and open forum. Ive thought about this ever since I saw those laughable IBM comercials for Home.Net. I always thought what if that lady on the plane hit the wrong # key and started the furnace and burned her house down, or if she typed a 3 instead of a 4 and unlocked all the doors hehehe. Heres the prolem that has and will continue to face Humans into the next century. Everything we make is flawwed because we ourselves are flawwed. Sure dont get me wrong, Im no doomsday nahsayer, Im just stating the fact that I have yet to see any computer or system (except thoeretical) that is 100% perfect. Im not sure if I ever will, and unfortunatly if I do, it will probably be in the field of AI. And we wont open that cabinet because we ALL know what will happen if that occurs...... Crash
I like the type of torture devised by Tom Clancy in Without Remorse: Put the offender in a pressure chamber, slowly acclimate them to a very high pressure (say 4-5 atmospheres), the pull the plug and watch the results as it returns to one atmosphere. Lather, Rinse, Repeat.
Who am I?
Why am here?
Where is the chocolate?
What is your Slash Rating?
Maybe not as my decor, but I'm a student at Auburn University :)
Who am I?
Why am here?
Where is the chocolate?
What is your Slash Rating?
...right on topic. If you haven't seen it yet, rent or buy a copy of the movie.
Before the Internet was popular, I was recommending this movie to my younger friends in the computer industry, who were enthralled with the Internet's possibilities.
I believe there's a posting on lwn.net right now about a broadband antenna, designed with a Beowulf cluster. The purpose of that antenna is to *allow wireless network communication to become prolific*.
See the movie, if you haven't.
--------------Rev. C.C.Chips---------------- For the real truth, visit
actually, the University of Twente in the Netherlands (www.utwente.nl) is going to experiment with a wireless network for students and employees next year. currently what's available is a 100Mbit LAN for students and employees living on campus, and a dial-in connection for people outside campus. for people outside campus there are currently ongoing experiments with cable modem connection to the university network.
)O(
the Gods have a sense of humour,
Never underestimate the power of stupidity
To err is human, to moo bovine
Yes, thats how you should have read my post as a metaphor. Where is the market for people who want to attach appliances to computer networks?
Controling your lamps through your pc has been available for YEARS, yet you never see it. How often do you change the temp in your refig? Once a year? Why waste tech and $$$ to wire it? Why put a chip and a couple servos to flush your toilet for you.
Its an urban legend that such technologies exist or are being taken seriously. The bill gates house will never catch on. Why? Because housing will always be traditional. One, its expensive to build a home from scratch and most people buy/rent used. And new home buyers don't want to chance some untested technology for obvious reasons. "Hey for 3 grand we can make the oven take commands form Hawaii!"
Especially when radio shack sells light timers for next to nothing.
Practicaly, its of almost no use to wire your home to anything other than a small upgradable control box, like electonic thermostats today. Why would you want make it net accessible, on the off chance that your 2 weeks vacation every year comes at a time you can't find someone to feed the dog? Or you really need someone from Hawaii cook you a roast.
well, to make sure you don't get your IP logged, hack from your toaster, your hair curler, your neighbors christmas tree lights...
know why? cause there will be no consumer demand for this stuff only a few technofetishists will buy this junk