Quotulatiousness

April 7, 2014

US government data security failures

Filed under: Bureaucracy,Government,Technology — Tags: , , , , — Nicholas @ 09:02

David Gewirtz says that the press has totally mis-reported the scale of government security breaches:

Summary: This is one of those articles that spoils your faith in mankind. Not only are government security incidents fully into holy-cow territory, the press is reporting numbers three magnitudes too low because someone misread a chart and everyone else copied that report.

You might think this was an April Fool’s gag, except it was published on April 2nd, not April 1st.

According to testimony given by Gregory C. Wilshusen [PDF], Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, “most major federal agencies had weaknesses in major categories of information security controls.”

In other words, some government agency data security functions more like a sieve than a lockbox.

Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There’s also a story inside this story, which I’ll discuss later in the article. Almost all of the press reporting on this testimony got the magnitude of the breach wrong. Most reported that government security incidents numbered in the thousands, when, in fact, they numbered in the millions.

Emphasis mine. Here are the actual numbers:

Incidents involving personal identifying information grew from about 10.5 million in 2009 to over 25 million last year. By the way, some press reports on this misread the GAO’s charts. For example, the Washington Free Beacon wrote about this, claiming “25,566 incidents of lost taxpayer data, Social Security numbers, patient health information.” What they missed was the little notation on the chart that says “in thousands,” so when they reported 25,566 incidents, what that really reads as is 25,566 x 1000 incidents.

2014 GAO analysis of security breaches

This is an example of how the Internet echo chamber can get information very, very wrong. The Chicago Tribune, via Reuters reported the same incorrect statistic. So did InformationWeek. So did FierceHealthIT. Business Insider picked up the Reuters report and happily repeated the same statistic — which was three orders of magnitude incorrect.

This is why I always try to go to the original source material [PDF] and not just repeat the crap other writers are parroting. It’s more work, but it means the difference between reporting 25 thousand government breaches and 25 million government breaches. 25 thousand is disturbing. 25 million is horrifying.

March 16, 2014

Defining hackers and hacker culture

Filed under: History,Technology — Tags: , , , — Nicholas @ 09:49

ESR put this together as a backgrounder for a documentary film maker:

In its original and still most correct sense, the word “hacker” describes a member of a tribe of expert and playful programmers with roots in 1960s and 1970s computer-science academia, the early microcomputer experimenters, and several other contributory cultures including science-fiction fandom.

Through a historical process I could explain in as much detail as you like, this hacker culture became the architects of today’s Internet and evolved into the open-source software movement. (I had a significant role in this process as historian and activist, which is why my friends recommended that you talk to me.)

People outside this culture sometimes refer to it as “old-school hackers” or “white-hat hackers” (the latter term also has some more specific shades of meaning). People inside it (including me) insist that we are just “hackers” and using that term for anyone else is misleading and disrespectful.

Within this culture, “hacker” applied to an individual is understood to be a title of honor which it is arrogant to claim for yourself. It has to be conferred by people who are already insiders. You earn it by building things, by a combination of work and cleverness and the right attitude. Nowadays “building things” centers on open-source software and hardware, and on the support services for open-source projects.

There are — seriously — people in the hacker culture who refuse to describe themselves individually as hackers because they think they haven’t earned the title yet — they haven’t built enough stuff. One of the social functions of tribal elders like myself is to be seen to be conferring the title, a certification that is taken quite seriously; it’s like being knighted.

[…]

There is a cluster of geek subcultures within which the term “hacker” has very high prestige. If you think about my earlier description it should be clear why. Building stuff is cool, it’s an achievement.

There is a tendency for members of those other subcultures to try to appropriate hacker status for themselves, and to emulate various hacker behaviors — sometimes superficially, sometimes deeply and genuinely.

Imitative behavior creates a sort of gray zone around the hacker culture proper. Some people in that zone are mere posers. Some are genuinely trying to act out hacker values as they (incompletely) understand them. Some are ‘hacktivists’ with Internet-related political agendas but who don’t write code. Some are outright criminals exploiting journalistic confusion about what “hacker” means. Some are ambiguous mixtures of several of these types.

March 10, 2014

When we do it, it’s “intelligence gathering”, when they do it, it’s “cyberwar”

Filed under: China,Technology,USA — Tags: , , , , — Nicholas @ 10:48

Bruce Schneier on the odd linguistic tic of how we describe an act depending on who the actor is:

Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyber-attacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war.

When Edward Snowden revealed that the NSA has been doing exactly the same thing as the Chinese to computer networks around the world, we used much more moderate language to describe U.S. actions: words like espionage, or intelligence gathering, or spying. We stressed that it’s a peacetime activity, and that everyone does it.

The reality is somewhere in the middle, and the problem is that our intuitions are based on history.

Electronic espionage is different today than it was in the pre-Internet days of the Cold War. Eavesdropping isn’t passive anymore. It’s not the electronic equivalent of sitting close to someone and overhearing a conversation. It’s not passively monitoring a communications circuit. It’s more likely to involve actively breaking into an adversary’s computer network — be it Chinese, Brazilian, or Belgian — and installing malicious software designed to take over that network.

In other words, it’s hacking. Cyber-espionage is a form of cyber-attack. It’s an offensive action. It violates the sovereignty of another country, and we’re doing it with far too little consideration of its diplomatic and geopolitical costs.

March 3, 2014

The origins of hacking and the myth of a lost Eden of open source code

Filed under: History,Technology — Tags: , , , — Nicholas @ 09:40

Gather round you kids, ’cause Uncle Eric is going to tell you about the dim, distant days of hacking before open source:

I was a historian before I was an activist, and I’ve been reminded recently that a lot of younger hackers have a simplified and somewhat mythologized view of how our culture evolved, one which tends to back-project today’s conditions onto the past.

In particular, many of us never knew – or are in the process of forgetting – how dependent we used to be on proprietary software. I think by failing to remember that past we are risking that we will misunderstand the present and mispredict the future, so I’m going to do what I can to set the record straight.

[…]

Without the Unix-spawned framework of concepts and technologies, having source code simply didn’t help very much. This is hard for younger hackers to realize, because they have no experience of the software world before retargetable compilers and code portability became relatively common. It’s hard for a lot of older hackers to remember because we mostly cut our teeth on Unix environments that were a few crucial years ahead of the curve.

But we shouldn’t forget. One very good reason is that believing a myth of the fall obscures the remarkable rise that we actually accomplished, bootstrapping ourselves up through a series of technological and social inventions to where open source on everyone’s desk and in everyone’s phone and ubiquitous in the Internet infrastructure is now taken for granted.

We didn’t get here because we failed in our duty to protect a prelapsarian software commons, but because we succeeded in creating one. That is worth remembering.

Update: In a follow-up post, ESR talks about closed source “sharecroppers” and Unix “nomads”.

Like the communities around SHARE (IBM mainframe users) and DECUS (DEC minicomputers) in the 1960s and 1970s, whatever community existed around ESPOL was radically limited by its utter dependence on the permissions and APIs that a single vendor was willing to provide. The ESPOL compiler was not retargetable. Whatever community developed around it could neither develop any autonomy nor survive the death of its hardware platform; the contributors had no place to retreat to in the event of predictable single-point failures.

I’ll call this sort of community “sharecroppers”. That term is a reference to SHARE, the oldest such user group. It also roughly expresses the relationship between these user groups and contributors, on the one hand, and the vendor on the other. The implied power relationship was pretty totally asymmetrical.

Contrast this with early Unix development. The key difference is that Unix-hosted code could survive the death of not just original hardware platforms but entire product lines and vendors, and contributors could develop a portable skillset and toolkits. The enabling technology – retargetable C compilers – made them not sharecroppers but nomads, able to evade vendor control by leaving for platforms that were less locked down and taking their tools with them.

I understand that it’s sentimentally appealing to retrospectively sweep all the early sharecropper communities into “open source”. But I think it’s a mistake, because it blurs the importance of retargetability, the ability to resist or evade vendor lock-in, and portable tools that you can take away with you.

Without those things you cannot have anything like the individual mental habits or collective scale of contributions that I think is required before saying “an open-source culture” is really meaningful.

February 9, 2014

“A car is a mini network … and right now there’s no security implemented”

Filed under: Technology — Tags: , , , — Nicholas @ 11:48

Driving your car anywhere soon? Got anti-hacking gear installed?

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car’s controls while it’s on the road.

The device, which will be shown off at next month’s Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

“A car is a mini network,” security researcher Alberto Garcia Illera told Forbes. “And right now there’s no security implemented.”

Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.

The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.

February 7, 2014

Hackers, “technologists”, … and girls

Filed under: Technology — Tags: , , , , — Nicholas @ 13:35

An interesting post by Susan Sons illustrating some of the reasons women do not become hackers in the same proportion that men do:

Looking around at the hackers I know, the great ones started before puberty. Even if they lacked computers, they were taking apart alarm clocks, repairing pencil sharpeners or tinkering with ham radios. Some of them built pumpkin launchers or LEGO trains. I started coding when I was six years old, sitting in my father’s basement office, on the machine he used to track inventory for his repair service. After a summer of determined trial and error, I’d managed to make some gorillas throw things other than exploding bananas. It felt like victory!

[…]

Twelve-year-old girls today don’t generally get to have the experiences that I did. Parents are warned to keep kids off the computer lest they get lured away by child molesters or worse — become fat! That goes doubly for girls, who then grow up to be liberal arts majors. Then, in their late teens or early twenties, someone who feels the gender skew in technology communities is a problem drags them to a LUG meeting or an IRC channel. Shockingly, this doesn’t turn the young women into hackers.

Why does anyone, anywhere, think this will work? Start with a young woman who’s already formed her identity. Dump her in a situation that operates on different social scripts than she’s accustomed to, full of people talking about a subject she doesn’t yet understand. Then tell her the community is hostile toward women and therefore doesn’t have enough of them, all while showing her off like a prize poodle so you can feel good about recruiting a female. This is a recipe for failure.

[…]

I’ve never had a problem with old-school hackers. These guys treat me like one of them, rather than “the woman in the group”, and many are old enough to remember when they worked on teams that were about one third women, and no one thought that strange. Of course, the key word here is “old” (sorry guys). Most of the programmers I like are closer to my father’s age than mine.

The new breed of open-source programmer isn’t like the old. They’ve changed the rules in ways that have put a spotlight on my sex for the first time in my 18 years in this community.

When we call a man a “technologist”, we mean he’s a programmer, system administrator, electrical engineer or something like that. The same used to be true when we called a woman a “technologist”. However, according to the new breed, a female technologist might also be a graphic designer or someone who tweets for a living. Now, I’m glad that there are social media people out there — it means I can ignore that end of things — but putting them next to programmers makes being a “woman in tech” feel a lot like the Programmer Special Olympics.

January 21, 2014

Coming soon – ShapeShifter’s “polymorphic” defence against malware

Filed under: Technology — Tags: , , , — Nicholas @ 11:11

In The Register, John Leyden discusses a new start-up’s plans for defending websites against hackers:

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks.

Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have created a network security appliance which takes a similar approach (dubbed real-time polymorphism) towards defending websites against breaches — by hobbling the capability of malware, bots, and other scripted attacks to interact with web applications.

Polymorphic code was originally used by malicious software to rewrite its own code every time a new machine was infected. Shape has invented patent-pending technology that is able to implement “real-time polymorphism” — or dynamically changing code — on any website. By doing this, it removes the static elements which botnets and malware depend on for their attacks.

January 20, 2014

XKCD on the problem with attempting to automate tasks

Filed under: Humour,Technology — Tags: , — Nicholas @ 09:47

xkcd_automation

I’m not a programmer, although I’ve spent much of my working life around programmers, which is why I recognize the pattern so well: I’ve seen it in action so often.

The few times I’ve needed to create a program to do something (usually a text transformation of one sort or another), this has been exactly the way the “labour-saving” automation has gone. My personal version of the chart would have an additional phase at the beginning: I have to begin by learning or re-learning the tool I need to use. I learn just enough of how to use a given tool to do the task at hand, then the knowledge atrophies from lack of use and the next time I need to do something similar, the first priority is figuring out the right tool and then learning the same basic tasks all over again.

I started out with REXX when I was a co-op student at IBM. Several years later, I needed to convert a large set of documents from one markup language to another on a Unix system and that meant learning (just enough) shell scripting, sed and awk. A few years after that the right tool seemed to be Perl. In every case, the knowledge doesn’t stick with me because I don’t need to do anything with the language after I’ve finished the immediate task. I remember being able to do it but I don’t recall exactly how to do it.

December 12, 2013

Paranoid? You’re probably not paranoid enough

Filed under: Technology — Tags: , , , , — Nicholas @ 09:26

Charles Stross has a few adrenaline shots for your paranoia gland this morning:

The internet of things may be coming to us all faster and harder than we’d like.

Reports coming out of Russia suggest that some Chinese domestic appliances, notably kettles, come kitted out with malware — in the shape of small embedded computers that leech off the mains power to the device. The covert computational passenger hunts for unsecured wifi networks, connects to them, and joins a spam and malware pushing botnet. The theory is that a home computer user might eventually twig if their PC is a zombie, but who looks inside the base of their electric kettle, or the casing of their toaster? We tend to forget that the Raspberry Pi is as powerful as an early 90s UNIX server or a late 90s desktop; it costs £25, is the size of a credit card, and runs off a 5 watt USB power source. And there are cheaper, less competent small computers out there. Building them into kettles is a stroke of genius for a budding crime lord looking to build a covert botnet.

But that’s not what I’m here to talk about.

[…]

I’m dozy and slow on the uptake: I should have been all over this years ago.

And it’s not just keyboards. It’s ebook readers. Flashlights. Not your smartphone, but the removable battery in your smartphone. (Have you noticed it running down just a little bit faster?) Your toaster and your kettle are just the start. Could your electric blanket be spying on you? Koomey’s law is going to keep pushing the power consumption of our devices down even after Moore’s law grinds to a halt: and once Moore’s law ends, the only way forward is to commoditize the product of those ultimate fab lines, and churn out chips for pennies. In another decade, we’ll have embedded computers running some flavour of Linux where today we have smart inventory control tags — any item in a shop that costs more than about £50, basically. Some of those inventory control tags will be watching and listening to us; and some of their siblings will, repurposed, be piggy-backing a ride home and casing the joint.

The possibilities are endless: it’s the dark side of the internet of things. If you’ll excuse me now, I’ve got to go wallpaper my apartment in tinfoil …

December 11, 2013

The legacy of id Software’s Doom

Filed under: Gaming,Technology — Tags: , , — Nicholas @ 09:10

Following up from yesterday’s post on the 20th anniversary, The Economist also sings the praises of Doom:

Yet for Babbage, the biggest innovation of Doom was something subtler. Video games, then and now, are mainly passive entertainment products, a bit like a more interactive television. You buy one and play it until you either beat it or get bored. But Doom was popular enough that eager users delved into its inner workings, hacking together programs that would let people build their own levels. Drawing something in what was, essentially, a rudimentary CAD program, and then running around inside your own creation, was an astonishing, liberating experience. Like almost everybody else, Babbage’s first custom level was an attempt to reconstruct his own house.

Other programs allowed you to play around with the game itself, changing how weapons worked, or how monsters behaved. For a 12-year-old who liked computers but was rather fuzzy about how they actually worked, being able to pull back the curtain like this was revelatory. Tinkering around with Doom was a wonderful introduction to the mysteries of computers and how their programs were put together. Rather than trying to stop this unauthorised meddling, id embraced it. Its next game, Quake, was designed to actively encourage it.

The modification, or “modding” movement that Doom and Quake inspired heavily influenced the growing games industry. Babbage knows people who got jobs in the industry off the back of their ability to remix others’ creations. (Tim Willits, id’s current creative director, was hired after impressing the firm with his home-brewed Doom maps.) Commercial products — even entire genres of games — exist that trace their roots back to a fascinated teenager playing around in his (or, more rarely, her) bedroom.

But it had more personal effects, too. Being able to alter the game transformed the player from a mere passive consumer of media into a producer in his own right, something that is much harder in most other kinds of media. Amateur filmmakers need expensive kit and a willing cast to indulge their passion. Mastering a musical instrument takes years of practice; starting a band requires like-minded friends. Writing a novel looks easy, until you try it. But creating your own Doom mod was easy enough that anyone could learn it in a day or two. With a bit of practice, it was possible to churn out professional-quality stuff. “User-generated content” was a big buzzword a few years back, but once again, Doom got there first.

November 14, 2013

If you like DRM in your computer, you’ll love it in your car

Filed under: Law,Technology,USA — Tags: , , , , , — Nicholas @ 09:05

The Electronic Frontier Foundation thinks that extending the DRM regime to cars (as in the latest vehicle from Renault) will drive consumers crazy:

Forget extra cupholders or power windows: the new Renault Zoe comes with a “feature” that absolutely nobody wants. Instead of selling consumers a complete car that they can use, repair, and upgrade as they see fit, Renault has opted to lock purchasers into a rental contract with a battery manufacturer and enforce that contract with digital rights management (DRM) restrictions that can remotely prevent the battery from charging at all.

We’ve long joined makers and tinkerers in warning that, as software becomes a part of more and more everyday devices, DRM and the legal restrictions on circumventing it will create hurdles to standard repairs and even operation. In the U.S., a car manufacturer who had wrapped its onboard software in technical restrictions could argue that attempts to get around those are in violation of the Digital Millennium Copyright Act (DMCA) — specifically section 1201, the notorious “anti-circumvention” provisions. These provisions make it illegal for users to circumvent DRM or help others do so, even if the purpose is perfectly legal otherwise. Similar laws exist around the world, and are even written into some international trade agreements — including, according to a recently leaked draft, the Trans-Pacific Partnership Agreement.

Since the DMCA became law in 1998, Section 1201 has resulted in countless unintended consequences. It has chilled innovation, stifled the speech of legitimate security researchers, and interfered with consumer rights. Section 1201 came under particular fire this year because it may prevent consumers from unlocking their own phones to use with different carriers. After a broadly popular petition raised the issue, the White House acknowledged that the restriction is out of line with common sense.

November 1, 2013

Let’s hope badBIOS is an elaborate Halloween hoax

Filed under: Technology — Tags: , , , , , — Nicholas @ 08:05

Dan Goodin posted a scary Halloween tale at Ars Technica yesterday … at least, I’m hoping it’s just a scary story for the season:

In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that’s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behavior would return. The most visible sign of contamination is a machine’s inability to boot off a CD, but other, more subtle behaviors can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations.

Another intriguing characteristic: in addition to jumping “airgaps” designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.

“We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”

Over the past two weeks, Ruiu has taken to Twitter, Facebook, and Google Plus to document his investigative odyssey and share a theory that has captured the attention of some of the world’s foremost security experts. The malware, Ruiu believes, is transmitted though USB drives to infect the lowest levels of computer hardware. With the ability to target a computer’s Basic Input/Output System (BIOS), Unified Extensible Firmware Interface (UEFI), and possibly other firmware standards, the malware can attack a wide variety of platforms, escape common forms of detection, and survive most attempts to eradicate it.

But the story gets stranger still. In posts here, here, and here, Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: “badBIOS,” as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

October 29, 2013

What happens when you challenge hackers to investigate you?

Filed under: Law,Technology — Tags: , , , , — Nicholas @ 09:13

Adam Penenberg had himself investigated in the late 1990s and wrote that up for Forbes. This time around, he asked Nick Percoco to do the same thing, and was quite weirded out by the experience:

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.

I’m being hacked — and only have myself to blame.

Two months earlier I challenged Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal “pen-test,” industry-speak for “penetration test.” The idea grew out of a cover story I wrote for Forbes some 14 years earlier, when I retained a private detective to investigate me, starting with just my byline. In a week he pulled up an astonishing amount of information, everything from my social security number and mother’s maiden name to long distance phone records, including who I called and for how long, my rent, bank accounts, stock holdings, and utility bills.

[…]

A decade and a half later, and given the recent Edward Snowden-fueled brouhaha over the National Security Agency’s snooping on Americans, I wondered how much had changed. Today, about 250 million Americans are on the Internet, and spend an average of 23 hours a week online and texting, with 27 percent of that engaged in social media. Like most people, I’m on the Internet, in some fashion, most of my waking hours, if not through a computer then via a tablet or smart phone.

With so much of my life reduced to microscopic bits and bytes bouncing around in a netherworld of digital data, how much could Nick Percoco and a determined team of hackers find out about me? Worse, how much damage could they potentially cause?

What I learned is that virtually all of us are vulnerable to electronic eavesdropping and are easy hack targets. Most of us have adopted the credo “security by obscurity,” but all it takes is a person or persons with enough patience and know-how to pierce anyone’s privacy — and, if they choose, to wreak havoc on your finances and destroy your reputation.

H/T to Terry Teachout for the link.

August 28, 2013

Home 3D printers are not quite plug-and-play yet

Filed under: Technology — Tags: , , — Nicholas @ 09:45

Ars Technica‘s Lee Hutchinson finds through actual hands-on experience that “home” 3D printers are still in the “tinkering” stage of development:

I volunteered to put the Printrbot through its paces from the perspective of someone who’s only vaguely aware of home 3D printing as a technology. Before getting my hands on the Printrbot Simple, I’d never even seen a home 3D printer before.

What I found as I dug in was a pit without a bottom — an absolute yawning Stygian abyss of options and tweaking and modifications and endless re-printing. To own and use a 3D printer is to become enmeshed in a constant stream of tinkering, tweaking, and upgrades. It feels a lot like owning a project car that you must continually wrench on to keep it running right. Almost from the moment I got the Printrbot out of the box and printing, I had to start the tweaking. And as a total 3D printing newb, it really soured me on the Printrbot and on the entire concept of low-cost 3D printing in general. “Surely,” I thought, “this frustration is because I’m cutting my teeth on a $299 3D printer intended for early adopters. Surely a higher-end 3D printer is easier!”

And so, in order to see how a higher-end home 3D printer works, I found myself in possession of a much more expensive, much more impressive-looking Makerbot Replicator 2. That device costs $2,200 as opposed to the Printrbot Simple’s $299. The first few things I printed out with the much more expensive device were amazing. It was like leaving the project car in the garage and driving the Lexus to work — you get in, press the button, and go. But then, after perhaps 20 hours of print time, the problems started. Filament would fail to feed. The printer would clog. The printer produced spaghetti instead of actual models, ruining overnight print jobs. I had to replace the plunger-based filament extruder with a new spring-loaded version to overcome a design flaw. I found myself re-leveling the build plate and disassembling and reassembling the extruder way more than I ever had to do with the little Printrbot. All of that was as fun as it sounds.

The Makerbot wasn’t turning out to be an expensive but reliable Lexus. It was turning out to be an expensive and you-better-own-two-because-one-will-always-be-broken 1970s-era Jaguar. It wasn’t just frustrating — it was actually enraging. If I had paid $2,200 out of my own pocket for the Makerbot, I would have been sorely tempted to drive up to New York and fling the thing through the windows of Makerbot’s office.

Update, 30 August: Another thing holding back widespread adoption of home 3D printing is that you need proper designs to use for your 3D printer, and most people are not familiar with CAD or CAD-like design programs. This will continue to be a hindrance for original designs, but MakerBot Digitizer can help you copy physical items:

The Digitizer is about the size of a portable 45 rpm record player — with a laser-shooting accessory attached to the back. MakerBot head honcho Bre Pettis debuted a prototype of the Digitizer at his SXSW keynote address back in March, and now the device is almost ready for sale. The MakerBot Digitizer starts shipping in October.

Here’s how it works. You start with a relatively small object — you’re limited to a maximum weight of 6.6 pounds, and the object has to be less than 8 inches wide and 8 inches tall. Put it on the Digitizer’s turntable, and the device scans it with two “eye-safe” lasers as the turntable spins. After the object has been fully scanned, the Digitizer outputs a 3-D design file. The entire scanning process takes about 12 minutes, according to the MakerBot website — there are 800 individual steps within a full 360-degree rotation.

Of course, this is just a surface scan: hollow objects or objects with interior voids will still need further design processing before you can hit “copy”.

August 14, 2013

The “Indie Web” is the very definition of a fringe project

Filed under: Media,Technology — Tags: , , , , , — Nicholas @ 08:55

Wired‘s Klint Finley wants you to meet the indie hackers who want to jailbreak the internet (among other things):

One guy is wearing his Google Glass. Another showed up in an HTML5 t-shirt. And then there’s the dude who looks like the Mad Hatter, decked out in a top hat with an enormous white flower tucked into the brim.

At first, they look like any other gaggle of tech geeks. But then you notice that one of them is Ward Cunningham, the man who invented the wiki, the tech that underpins Wikipedia. And there’s Kevin Marks, the former vice president of web services at British Telecom. Oh, and don’t miss Brad Fitzpatrick, creator of the seminal blogging site LiveJournal and, more recently, a coder who works in the engine room of Google’s online empire.

Packed into a small conference room, this rag-tag band of software developers has an outsized digital pedigree, and they have a mission to match. They hope to jailbreak the internet.

They call it the Indie Web movement, an effort to create a web that’s not so dependent on tech giants like Facebook, Twitter, and, yes, Google — a web that belongs not to one individual or one company, but to everyone. “I don’t trust myself,” says Fitzpatrick. “And I don’t trust companies.” The movement grew out of an egalitarian online project launched by Fitzpatrick, before he made the move to Google. And over the past few years, it has roped in about 100 other coders from around the world.

« Newer PostsOlder Posts »

Powered by WordPress