Recent Comments


Note: new comments may take a few minutes to appear on this page.

July 28, 2017 1:38 AM

Thoth on Firing a Locked Smart Gun:

@all

No robust encryption of signal, no secure hopping tables for freqiencies, no multiple frequency fallback, no robust physical locking mechanism except a solenoid lock is really asking for trouble.

July 28, 2017 1:15 AM

Samuel Foulk on Luggage Hack:

This blog would help many to secure their luggage by the ideas and security products being advised. Now-a-days luggage usually goes missing, or someone steals our expensive things and we just can't do anything in it. Sometimes we have that data which we don't want anybody to see or open, like we have some important papers, documents or our important data in our laptops. So we want our data to be secure and no one opens it without our permission. Last week I had a talk to my friend, he handles big business, so has many important files in his laptop and no onw is allowed to see his laptop. So, for being on safer side. He purchased a Safe for securing his laptop from Hotel Room Safes . He was very happy after the purchase. He told that they also offer other type of safe as well.

July 27, 2017 11:25 PM

Clive Robinson on US Army Researching Bot Swarms:

@ albert,

I think we're talking past each other.

In a way. What you say is true and I've said similar in the past and will say similar in the future.

What is different on this occasion is "swarm", the implication of which is the same as "flocking". Which is multiple drones flying very close together but not in a fixed formation.

For swarming / flocking the drones would need to be not just fully autonomous, but also require quiet advanced sensor / AI systems.

Think of it with an analogy. We have had safe robot vehicles following tracks etc for years in factories and warehouses, yet we are not even close to having safe robot cars on the road that will cope with rush hour trafic on major roads.

It's the same difference, our current military drones are safe as individual vehicles but they can not fly in close formation, because of what they lack.

July 27, 2017 10:47 PM

Iggy on Firing a Locked Smart Gun:

Doug Coulter • July 27, 2017 3:05 PM said:

"I could go on about how it now takes two working adult to have a family (and why) which necessarily means lousy parenting, but...that's another topic."

You said it. Of course, super-consumerism could be eschewed for a more natural arrangement where the best nurturer/teacher stays home to nurture/teach and the best hunter/defender goes out and hunts/defends. That makes the Bezos's and Gates's of the world pucker their pants. LOL

Hey, I'm all for capitalism, just not for its own sake.

July 27, 2017 10:33 PM

Iggy on Firing a Locked Smart Gun:

Lawrence D’Oliveiro • July 27, 2017 9:16 PM said:

"“Gun safety” is an oxymoron. When a gun is causing injury, destruction and death, it is only working as designed, after all. All these attempts to tack on “safety” devices are just window-dressing."

Either you're trolling for the Ss & Gs or you're serious. Poe's Law.

Ss & Gs aside, 'cuz discussing that would just ruin it for all of us, but if you're serious, what other inanimate objects do you blame for your misdeeds? Usually, only primitives blames the coke bottle for the failure of his crops.

Asking for a friend.

July 27, 2017 10:29 PM

Clive Robinson on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

Making technical debt fun...

Most of us have heard of technical debt, and likewise the "Here be Dragons" and similar warnings. Some have experienced it and will show you their scars...

So you might think "uh oh no, I'm not going there" that is not going to be fun... But guess what, you do like a moth to a flame.

The question is why how did it happen, why do you now have scars?

The answer is because it's the path of least resistance and that is always seductive just like the "Sirens Song". And that's a problem because unless you are lucky you don't get to start realizing why untill your third or fourth spin in the "Hamsterwheel of Pain" that Technical Debt is.

There are many books on all sorts of disasters and how to survive them. In each one the first step is "realizing you are in trouble". They then generaly get dull and no fun to read (generaly because the author has to "fill a book").

So time for the short fun version, which will hopefully help keep you feet dry,

https://hackernoon.com/stop-building-car-boats-tech-debt-101-bc0b08312fa

July 27, 2017 10:00 PM

Flora rose on Clever Physical ATM Attack:

Hi am here to testify about how we use Lisa ATM black card to withdraw more than $5000 in any atm machine in a day, it's secure and safe when using the card, you can contact her today if you need the card email her on lisaatmcard@gmail.com

July 27, 2017 9:34 PM

Clive,Robinson on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

An OS for Smart Contracts

As most readers will probably know by now, the software for Ethereum Smart Contracts has caused the loss of tens of millions of dollars, due to fairly simple programing and design errors.

The Ethereum losses also showed that there are significant block chain issues, which generally do not exist in other value trading systems. Part of the problems with Ethereum was that something that was not even "beta test" ready went Prime Time without any checks or balances in place.

But sitting behind this is the issue of "Complexity", whilst conceptualy simple from a 30,000ft view, Smart Contracts are anything but simple in reality especially if they are ever going to work securely.

Think of it with the real world analogy of a safe or strong room. The 30,000ft view is "A box with a door and lock, to store things reasonably securely". The reality however is very complex systems that have more than half a millennium of development in them, and they are still not secure in any meaningful time frame, hence all the CCTV, alarms and guards that go with them.

Smart Contracts are supposed to work in what is a distributed hostile environment which does not need thus have any further security.

All the Ethereum fixes proposed involve heaping on more lines of code with rapidly increasing complexity... Which we know is probably the main fault with Ethereum.

So rather than looking to simplify the design such that it's properties can be evaliated not just effectively but securely. Someone instead has the idea of throwing on lots more complexity woth an Operating System for Smart Contracts,

https://blog.zeppelin.solutions/introducing-zeppelinos-the-operating-system-for-smart-contract-applications-82b042514aa8

Something tells me that this is not an idea that is even remotely close ti being "Ready for Prime Time". Unless of course you want to see many more millions of lost value for the entertainment value...

The "Elephant in the room" is that "Blockchains are cool/hot" at the moment. So there is the fizz and excitement of a new technology, and everybody is rushing to "add it's goodness" to their ideas. The problem is that fizz is a strong indicator of a hyped up "bubble market" and history tells us what usually happens...

My advice is by all means play with the technology and have fun, BUT as with all gambling, don't put in anything you don't want to lose.

July 27, 2017 9:16 PM

Lawrence D’Oliveiro on Firing a Locked Smart Gun:

“Gun safety” is an oxymoron. When a gun is causing injury, destruction and death, it is only working as designed, after all. All these attempts to tack on “safety” devices are just window-dressing.

July 27, 2017 8:35 PM

DanH on US Army Researching Bot Swarms:

@ab

You don't seem to reply that way when others like @Rachel spewed nothing but abject nonsense about the US military. Or @tyr who uttered more nonsense of the same thing.

Many times the CIA and NSA are brought up for no reason other than to utter anti-American diatribe.

I believe this site is a honeypot for many, not all, kooks who are just anti-US and the fact the FBI, CIA, and NSA find their way into a large percentage of posts kind of has some truth to it.

July 27, 2017 7:22 PM

ab praeceptis on US Army Researching Bot Swarms:

Dan H

As you seem to not yet have noticed it, I'll spell it out clearly: This blog is about *security* - not about nationalistic fanatism and certainly not about your utterly unrealistic wet dreams.

If you love your country, do something constructive; there is plenty of tasks. You could, for example, help to make all those high tech weapons systems that are ridiculous failures work. You could help rebuilding widely rotten infrastructure. You could help to resolve the utter divergence between "we are the lighthouse of democracy" and the fact that your countries agencies plainly sh*it on the law and the constitution and spy on anyone and anything.

Alternatively, find a us of a fanclub and apply as trumpet.

*Here* it's about security. Try to grasp and respect that.

July 27, 2017 7:14 PM

DanH on US Army Researching Bot Swarms:

@tyr
Go ahead and mock the United States Marine Corps.

Do you know your history?

During WWI the Russians left the war because of their revolution, which allowed Germany to shift men to the western front. Although Belleau Wood was only about 30 miles from Paris it hadn't seen much fighting. That changed.

The French were retreating from the German advance and to the US Marines they should turn back too. They would not, and although it was a great cost to the US and Marines, they beat back the Germans.

July 27, 2017 7:01 PM

DanH on US Army Researching Bot Swarms:

@Dave Dave

You do realize the US is the world leader in science, technology and medical innovation? Not to mention providing food to the world.

People all over the world come to the US for education in our colleges and universities and obtain graduate degrees.

Also, the US provides the most foreign aid of all countries.

The US pays the most to support the United Nations. Speaking of the UN, although many nations were involved in the Korean War, the United States bore the brunt of most of the fighting. In WWII, during the D-Day invasion it was the US landings that bore the most brutal fighting. The US helped the European nations fight Germany while we also fought, almost single handily, the Japanese in the Pacific.

NATO needed US reconnaissance and surveillance during the Libyan campaign foistered by Hillaryous and Barry.

Nobody can see what the world would look like today without the US, but I'd imagine it wouldn't be as good.

Sorry to disappoint you, but America is indeed awesome!

July 27, 2017 6:38 PM

DanH on US Army Researching Bot Swarms:

@tyr Another one. LMAO

@dick Not that it is any of your business, but my unit was in Saudi Arabia and Kuwait for the first Persian Gulf War.

July 27, 2017 6:34 PM

DustBuffalo on Roombas will Spy on You:

My Roomba is holding my bitcoins for ransom.

It's obvious, you need a treecam to watch your Roomba. Police state the police state. Fight back. You don't know what Roomba does when you're gone or sleeping.

Oh.. and... stop buying IoT devices. It's materialistic waste. I don't need a special watch to tell me how fat I am and send my gps tracking to complete strangers. Don't use security cams with half-baked opensource projects like gSOAP.

July 27, 2017 6:21 PM

Dirk Praet on Roombas will Spy on You:

@ albert

292 million is only 4% of 7.3 billion.

It was initially more, but got watered down due to powerful lobbying by the usual suspects. But let's not forget that it's 4% on revenue, not on profits, and that it can grow significantly more as a result of additional law suits brought forth by corporate and/or private data subjects. Which means that the total amount due in fines and punitive damages may still end up being so huge that no board can possibly justify it to its shareholders.

July 27, 2017 4:06 PM

Foam the runway on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@JG4, thanks very much for that heads-up to

http://www.fcpablog.com/blog/2017/7/26/rogers-and-todorov-new-uk-law-creates-liability-for-gross-hu.html

Since illegal mass evictions are a gross violation of human rights -

http://www.ohchr.org/Documents/Publications/FactSheet25en.pdf

- this bill could sic the lawyers on Barclays and RBS, and slice our pound of flesh off before Brexit finishes them off.

July 27, 2017 4:05 PM

Matt from CT on Firing a Locked Smart Gun:

>, I thought the NRA kept these options away from people,

No, they certainly don't encourage such silliness though.

New Jersey, in passing a law mandating that once a single manufacturer begins retail sales of "smart weapons" that only sales of smart guns will be allowed inadvertently destroyed the commercial viability of the concept.

The grass roots response of gun owners was loud and clear -- they will not do business with any company that introduces them.

And gun companies by and large make their profits on the civilian, and not government, markets. Government sales, going to the lowest bidder, are used to keep the unit volume up to achieve efficiencies of scale; efficiencies that then become profits on civilian weapons.

You do not have a right to a gun to hunt or shoot targets. You have a right to a gun for self defense; compromising that role with electronics prone to failure undermines the entire purpose.

So the major gun companies are left with a business decision:

1) Make "smart guns" that the police will not buy due to reliability concerns, and that few if any civilians will buy either their smart guns due to their undependability nor their reliable firearms as a political statement...and thus go out of business

2) Don't pursue "smart guns" and continue being profitable.

July 27, 2017 4:05 PM

Sevesteen on Firing a Locked Smart Gun:

will the fact that the "Smart" gun feature doesn't work as advertised mean that NRA will now endorse the Armatix gun

The problem isn't that these guns exist as an option--the problem is state laws that said once these guns are sold commercially all other guns become illegal to sell. (IIRC, the "smart gun only" law has been repealed or overturned)

July 27, 2017 3:54 PM

Bong-Smoking Primitive Monkey-Brained Spook on Roombas will Spy on You:

@ neill,

in the end you'll have to trust someone, be it cisco, juniper...

Come again? Have you heard of this or this or or or? Granted, you do have some control, but is it exclusive control or do you have an invisible partner?

July 27, 2017 3:48 PM

Sheepdog on Firing a Locked Smart Gun:

On a side note, will the fact that the "Smart" gun feature doesn't work as advertised mean that NRA will now endorse the Armatix gun?

July 27, 2017 3:43 PM

neill on Roombas will Spy on You:

@clive, @bong

unfortunately we (as a security weary minority) can not control anymore (ha - did we ever?) what kind of devices are being pushed onto consumers, we will be forced to 'live with it' (or 'live with IoT')

so unless you go back to wax candles and no electricity in your home you're screwed

but we still have (some) control over our networks ... in the end you'll have to trust someone, be it cisco, juniper or dd-wrt ... you can still setup your own firewall and airsnort to check

(i know even that can be manipulated)

July 27, 2017 3:07 PM

JasonR on Firing a Locked Smart Gun:

@ John

Working-level police universally abhor this "feature". It will only result in making police work riskier than it already is.

--

What's wrong with that? If you're running for mayor in Minneappolis you try to get folks to drink that sort of Kool-Aid and make the Police keep their guns locked in the squad car when they go on calls. If you can't fix the problem (police over-reaction), just nuke it, right?

http://www.startribune.com/police-reform-debate-surges-in-minneapolis-mayoral-race-after-justine-damond-shooting/436615103/

July 27, 2017 3:05 PM

Doug Coulter on Firing a Locked Smart Gun:

I'm with Iggy here all the way. Tech "solutions" to sociological problems failing has been covered here as a fail by Bruce and others.
To this old guy, it seems parenting has gotten worse over the years very dramatically...I was raised at a time when not only were there not phones and pads, there wasn't TV to babysit, and my parents had to, you know, actually raise me.

I could go on about how it now takes two working adult to have a family (and why) which necessarily means lousy parenting, but...that's another topic.

July 27, 2017 1:44 PM

Jeremy on Firing a Locked Smart Gun:

So conceptually, they've divided the "gun" into two pieces, and made it so that you need to have both pieces in order to fire?

I have a new secure gun that can only be fired by someone who possesses compatible ammo.

Even if this worked perfectly, I can only see it theoretically helping in a couple scenarios, and they both seem a bit fanciful:

1) Security by obscurity--the bad guy doesn't realize that he needs to take the watch

2) The bad guy tries to take the gun from you *while* you are trying to use it--snatching both the gun AND the watch is presumably harder than snatching just the gun

Admittedly, I do not use guns, and do not know anyone who does, so maybe these scenarios are more prevalent than I would guess?

July 27, 2017 1:40 PM

albert on US Army Researching Bot Swarms:

@Clive,

I think we're talking past each other. The efficacy of small surveillance drones is well known. Sensors are less than gram weights, and AI is just software. 'Swarms' don't make sense in military situations (too easy to shoot down), but large numbers of small drones do. One needs to distinguish between classes of drones. You'll need big ones for ordnance, but surveillance is easier with small ones. VTOL drones use a lot of power, but airfoil types do not. Drones made with glider-type wings(long, thin, and transparent:) can stay aloft for hours. Autogyros don't even need wings:)*. My favorite would be a LTA drone, or one with helium assisted lift.

Lots of possibilities...
-------
* A good camo technique uses active illumination of the wing that matches the background skylight. If they could pass images through, that would be cool. A flying wing design would work now that we have advanced digital FCS.

. .. . .. --- ....

July 27, 2017 1:22 PM

MikeA on Firing a Locked Smart Gun:

@parabarbarian

Just a data point... I wear my watch (If I wear one at all) on my right wrist, and I'm right-handed. Long story which even I forget.

But my point is that a large number of security issues arise because some designer is using the threat model: "Everybody acts and thinks exactly like I do". At one job, we had a guy (still a friend 40 years later) who was an absolute treasure, with the ability to trigger "unanticipated behavior" in systems, whose designers were then predictably likely to ask "Who the heck would do that?". Well, Owen would, and did, and odds are he is not the only person among all humanity who would"

July 27, 2017 1:16 PM

Richmond2000 on Firing a Locked Smart Gun:

the lock pin in this gun IMHO is it was designed that the electromagnet coil positions the pin 1/2 way through its travel and like a lock tumbler if over traveled would relock the gun would make the magnet trick a LOT harder to do as the external magnet would pull the pin all the way NOT to the position required to unlock the gun

but my concern would be the reliability of the weapon when used "properly" in a struggle/defensive environment as all the thief has to do is rip the watch off my wrist and then the GUN is useless

July 27, 2017 1:10 PM

albert on Roombas will Spy on You:

@Dirk,
292 million is only 4% of 7.3 billion. Greedy as they are, that still amounts to a slap on the wrist. How much do they make selling the ill-gotten data? That's what I'd like to know. Nonetheless, I hope the laws work. They are sorely needed.
..
Samsung is marketing a new refrigerator with a large screen that lets you enter your shopping list, then read it on your smartphone when you're shopping. Easy peasey. I literally LOL'd when I first saw the TV commercial.
..
Many years ago (ca 1992), I received a new model razor in the mail. It was a 2-blade version being marketed at the time. I had been using the old double-edged blades in a 1940's razor. All brand G______ needed was my address (credit card) and data from the store (my shaving purchases) and bingo, I was a possible convert to the new tech. Best marketing ploy I've ever seen.
..
. .. . .. --- ....

July 27, 2017 1:01 PM

Iggy on Firing a Locked Smart Gun:

What everyone is missing in this latest detour in the search for the Holy Grail of gun safety is that properly raised and trained humans are the best safety for any gun. The longer we avoid the responsibility of doing that, trying to rely on external goo-gahs, the more avoidable gun deaths there will be.

We need to stop demanding artificial contraptions fix our failures to raise competent, responsible, poised and wise citizens. Notice I didn't say "wise consumers."

July 27, 2017 12:59 PM

Tatütata on Firing a Locked Smart Gun:

when you strip all the chrome and other flash technology

Speaking of Flash, Google already stripped the Flash from Chrome. But the news is: Adobe is finally pulling the plug, sort of. (1, 2).

(It's mildly OT, but I couldn't resist to digress).

July 27, 2017 12:58 PM

Ted on Firing a Locked Smart Gun:

The challenge of creating a "smart" gun requires a marriage of very strange bedfellows, the firearms industry along with hardware and software engineers. Guns are generally designed to be a simple as possible. The Glock has been successful at least in some part because of the simplicity of its mechanics and the minimal number of components. The fundamental design goal of any firearm has been that it always goes "bang" when the trigger is pulled. And more recently doesn't go "bang" if the trigger is not pulled. Anything that adds complexity almost inherently reduces the odds of successful discharge. There are simply more things to go wrong. The ideal smart gun would need a fiendishly simple and secure mechanism to ensure it was reliable. One odd duality of the design imperative for a smart gun is that the "fail safe" state of the weapon depends on your perspective. If the priority is preventing unintended/unauthorized discharges the mechanism must "fail" into an inoperative state. However, if the priority is maintaining the ability to neutralize a target the mechanism must "fail" into an operable state.

A thorny problem to be sure. And sadly one that I don't think the right players will be working on for a long time.

July 27, 2017 12:43 PM

Dirk Praet on Firing a Locked Smart Gun:

@ John

Working-level police universally abhor this "feature". It will only result in making police work riskier than it already is.

Getting attacked or even shot could be considered somewhat of an occupational hazard when serving as a police officer in a country with very liberal gun laws. Getting shot in pajamas by a freaked out cop while reporting in a possible sexual assault most definitely is not. I kinda get that this is the sort of control the average US LEO is definitely not waiting for, but it could probably have a positive net effect on the number of innocent and unarmed civilians shot by trigger-happy cops every year.

As to the design of the Armatix IP1's "security" feature, it's back to the drawing board.

July 27, 2017 12:09 PM

Clive Robinson on Firing a Locked Smart Gun:

@ Anura,

Only a gun safe that is too heavy for a thief to easily carry is an effective deterrent against theft.

You forgot to mention, that it should also not be openable by a three year old rattling the door lock...

Somebody I know indirectly purchased an old High Street Bank to convert into a house. With it came a "walk in safe". They also shoot competitively and have both shot guns and rifles (you are nolonger allowed hand guns in the UK). So they thought the safe would be an ideal place to keep them and installed some gun cases.

Anyway the UK fire arms regs require you to have a police officer come around and inspect where not just the guns but the amunition will be stored. The police officer who inspected the premises for his private firearms ticket decided that the gun cases were not secure enough to be used, and did not accept that the fact they were in a walk in safe was sufficient security.

However another police officer who visited the property because he had decided to become a gun dealer, decided that the walk in safe was fine.

So OK to store a large number of guns to sell but not OK for a small number of guns for private use...

As the saying has it "Go figure".

July 27, 2017 11:51 AM

Clive Robinson on Roombas will Spy on You:

@ Adam,

If a vacuum cleaner needs internet access for any reason then it's time to think of buying one that doesn't.

That is true for virtually every type of electronic device you have in your home. Especially the security stuff like CCTV and locks and alarm pannels...

Back in the early 1980's I was at a conferance about Domestic Wide Area Networking, where a question came up about the extension of what we would now call "The Internet coffee pot". A discussion developed about what a boon it would be to housewives --I kid you not-- and how they could get a recipie at the touch of a button where it would be based on all the food you had in the larder and fridge...

What we've got is worse, 50" plasma displays that watch you watching your p0rn, or pouring the beer or natchoes all over the floor because you had forgotton yould put them down by your feet befor you lumbered up to go use the facilities...

July 27, 2017 11:43 AM

Chris on Firing a Locked Smart Gun:

That story reminds me of the elevator we had in my high school decades ago. You needed a key to call it and of course only teachers had those keys. It took a few days after the elevator had been installed for some student to figure out that holding a magnet to the panel was just as good as a key. But, then, that was just an elevator. Not sure why decades later anyone would make the same mistake when designing a firearm...

July 27, 2017 11:24 AM

John on Firing a Locked Smart Gun:

Working-level police universally abhor this "feature". It will only result in making police work riskier than it already is.

July 27, 2017 10:51 AM

Anura on Firing a Locked Smart Gun:

@Bill

Usually only one part of the gun has a serial number and thus restricted sale; the rest of the parts can be bought online. For handguns, this is just the frame - the slide, barrel, trigger mechanism, hammer, springs, pins, magazine, etc. can all be bought online.

Removing a firing pin will not prevent the theft or use, just the immediate use until the part is replaced. Only a gun safe that is too heavy for a thief to easily carry is an effective deterrent against theft.

July 27, 2017 10:44 AM

Adam on Roombas will Spy on You:

I can't see any rational reason anyone would want this device that gathers a map of their home. It serves no benefit to them, it's intrusive and it's outrageous considering the purpose of the device and how much it costs.

If a vacuum cleaner needs internet access for any reason then it's time to think of buying one that doesn't.

July 27, 2017 10:43 AM

scot alexander on Roombas will Spy on You:

@Daniel

I'm in Oklahoma, one of the least-funded, most paranoid, bible-thumping, gun-toting states there is, and at least partial floor plans are certainly available here. For example, here's a house that I know is currently up for sale:

http://www.assessor.tulsacounty.org/assessor-property.php?account=R71040832710990&go=1

And here's a random house from Vermont, which is about as politically diametrically opposed as you can get: https://property.burlingtonvt.gov/PropertyDetails.aspx?a=580

I'm sure more detailed records are available if you go looking for building permits, previous sales listings, etc. Certainly enough to pinpoint, say, the master bedroom precisely enough to drop a weaponized drone into it.

July 27, 2017 10:39 AM

DustBuffalo on Roombas will Spy on You:

Haha, George Lucas never realized the first assassin droid would be a vacuum cleaner. IG-Roomba-88

I thought of some ideas, since cats love to ride a Roomba:
UV-C led antibacterial application (detects when no animals are in the room)

Roomba barista: serves drinks on a roving cooler or end table

If you have hardwoods or ceramic tile, this thing doesn't cut it. It would catch on fire from non-stop.

July 27, 2017 10:31 AM

Bill on Firing a Locked Smart Gun:

@Rob N:
"The whole point of a locked gun is that a thief can't steal it and use it (one common way guns get into the hands of criminals)"

All they need to do is disassemble it enough to remove the plug that blocks the firing pin.

July 27, 2017 10:13 AM

Chris F on Firing a Locked Smart Gun:

@Rob N

We're talking about common criminals here, they're not going to carry around miscellaneous pieces of electronics on the off chance that the next gun they encounter is a smart gun.

Either that or an organized group that did research into what the force they'll be going up against carries. If someone gets their hands on a smart gun and has a way to fire it you will typically no worse off than if you had a standard gun to begin with. Either you'll be able to see them holding something up to the gun and Should be suspicious or you'll lose sight of them and would be foolish to assume it's a non-firing gun. But if you go into a situation expecting a gun to fire and it doesn't that can go downhill much faster.

July 27, 2017 9:51 AM

parabarbarian on Firing a Locked Smart Gun:

@Bob

"No shit. We've been saying for years that we don't want to bank our lives on something with electronic failure built in."

Well, I am sure the police would like a way to shut down a firearm remotely. Think of all the good that will do when the criminals get ahold of the technology.

OTOH, how many people wear their watch on their right wrist? Criminal are not usually the brightest bulbs in the chandelier but they are not completely bereft of intelligence. The whole setup of the Armatix "smart" gun is a shoot-me-first advertisement. Not even Bruce could think that was security done right. Even if it worked perfectly.

July 27, 2017 9:51 AM

Clive Robinson on Firing a Locked Smart Gun:

@ Tatütata,

After all, gunsmiths and locksmiths were historically rather related trades.

In many ways they still are, and this device brings them closer together.

In all but a very few cases when you strip all the chrome and other flash technology off of either a gun or a lock, you end up with a simple mechanical lever and spring to activate them. In the case of a gun it's often a firing pin in a bolt at the rear of the chamber. In the case of a lock it's a latch that via the process of moving sprung loaded leavers or pins controles a latch.

In the case of a lock the "chrome" is where the security lies, as if you remove it all you need to do is "turn/pull the latch". In the case of old car locks it was screw in a slide hammer whack it back a couple of times which rips out the lock barrel the shove in a flat blade screwdriver to turn the latch.

In essence the same applies to a smart gun the lock does not change the basic firing mechanism, all it does is add extra unreliability in the form of an extra --Permisive Action-- link into the firing chain. Simply removing the link or replacing it will remove the smart functionality.

Once you realise that this link in the chain as with so many electronic locks is easily manipulated by a magnet, over comming it is just a matter of a little sideways thinking...

You can also use a little sideways thinking to defeat the use of a simple magnet. In essence you add a second locking link that is normaly left in the unlocked state. But if the permisive action link is drawn by an external magnetic field, this secondary locking link is drawn into the locked state.

Whilst not being a perfect security solution, the second link can make simple magnet attacks too difficult and fiddly to actually carry out reliably.

The problem, with the second link and it's a real one is any additional mechanic or electrical items will increase breakages as well as reducing the day to day reliability of a weapon.

July 27, 2017 9:44 AM

ab praeceptis on Roombas will Spy on You:

As nobody else presents that position, I will do it, albeit largely (but not exclusively) for the sake of balance.

We are living in a strange triangular world.

On one side there is politics telling us about all the wonderful rights we have, how hard each and every politician (except, of course, those from the other party) works to protect and even enhance the wonderful rights we have.

On the second side there is media, advertising, and pr. They tell us how wonderful we are, how smart, how individual, and how we are the center the unviverse.

Finally, there is the third side, reality. Reality is usually quite quiet but the only side that really counts.
Reality, when asked, tells us things like: "Rights? F*ck you! You have no rights vs. a government that wanton gags you with e.g. nsl. You have no rights vs. a large corp unless you are able to spend no less millions on lawyers than they do."

And, of course, is asked, reality would also tell us this: *You* have created a society whose only god is mammon and in which almost everyone would be just as criminal and ignorant as roomba if only you ever were in their shoes.
You *know* that there is a plethora of problems and pretty much security whatsoever in all those funny new devices - yet you buy them, you bring them into your house, you activate them.

Expecting that roomba will honour and protect your privacy is about as smart as telling a falling bomb about your rights.

July 27, 2017 9:38 AM

Dirk Praet on Roombas will Spy on You:

@ Who?

Do you have an estimation of how much of that fine will go to the customer whose right to be forgotten has been violated?

Zero percent. It will come on top of the earlier mentioned administrative fines payable to the supervising authority as data subjects will indeed have "the right to receive compensation" from either a data controller or data processor if they have "suffered material or immaterial damage as a result of an infringement of the Regulation". The level of punitive damages awarded to a data subject would of course depend on the nature and severity of the damage incurred and as demonstrated by his/her evil attorney(s) in a court of law. And yes, quite some EU countries have the equivalent of the US class action suit. It's gonna be B-E-A-U-T-I-F-U-L !

In the case of the recent IT scandal in Sweden, it would mean that pretty much every Swede could sue both IBM and the Swedish government.

July 27, 2017 9:24 AM

Rob N on Firing a Locked Smart Gun:

The ranger extension and jamming parts aren't too useful. The whole point of a locked gun is that a thief can't steal it and use it (one common way guns get into the hands of criminals), or in a break-in or fight, the gun can't be used against you. We're talking about common criminals here, they're not going to carry around miscellaneous pieces of electronics on the off chance that the next gun they encounter is a smart gun. What is the point of the range extender anyway? You still need something next to the gun and something next to the watch, that gains nothing in practical terms. If you know already where the watch is, just take that too.

You have to weigh the level of security vs. the capability of the people you're protecting against.

Which makes the magnet attack is a bit more serious. It might look a bit goofy, but I can see a gangster duct-taping magnets on the gun. It certainly wouldn't be a desired gun on the street (couldn't be hidden in a waistband), but it would be usable.

Side note, I thought the NRA kept these options away from people, it's nice to see something like this on the market for people who want it. This is better than the trigger locks in my mind, even with the security flaws.

July 27, 2017 9:13 AM

Ergo Sum on Firing a Locked Smart Gun:

Quote from the article:

And most disturbingly, he can mechanically disable the gun's locking mechanism by placing some cheap magnets alongside its barrel, firing the gun at will even when the watch is completely absent.

As the video shows, the magnet is not against the barrel, it'll do no good there. It is held against the firing mechanism at the back end of the slide. Presumably, it's a weak electromagnet that blocks the firing pin from being moved forward by the hammer/cock. The actual magnet just neutralizes the electromagnet that allows firing the "smart gun".

Principally, I am not against smart guns, even if they can be bypassed under certain circumstances, as long as there's zero failure, if and when I'd need to use it. I just don't see how a fully mechanical device could integrate electronic component that cannot be circumvented and won't fail.

July 27, 2017 9:10 AM

vas pup on Firing a Locked Smart Gun:

I guess that is directly related to the subject:
http://www.bbc.com/news/technology-40671089

"The security industry needs to worry less about technology and more about people, said Facebook's security boss.
He said there was too much focus on technically complex "stunt" hacks and not enough on finding ways to help the mass of people stay safe. The problem would only worsen if the industry did not become more diverse and exhibit more empathy, he said.
…often security experts had little interest in or empathy for people, he said. This attitude was exemplified by the thought he often heard security pros express that there would be fewer breaches and less data lost if people were perfect, he added.

Instead, Mr Stamos said, it would be better if the industry tried to work with those imperfections by giving people tools and services that were more straight-forward to use.
!!!Facebook had set up initiatives that sought to make its workforce more balanced and which encouraged people with non-technical backgrounds to get involved in developing secure systems, products and features."
Do you remember 'Scorpion' on TV (CBS)when team of nerds incorporated as a member female with non-technical background bringing human angle to their activities and success as result?

July 27, 2017 8:56 AM

Tatütata on Firing a Locked Smart Gun:

The gun manufacturer should have watched all those videos about hacking expensive snake-oil electronic padlocks, where someone turns the motor's rotor with the deft motion of a magnet. After all, gunsmiths and locksmiths were historically rather related trades.

A more useful piece of techno-gimmickry would be to condition the firing of the gun to the body camera being enabled... No video, no firing.

July 27, 2017 8:50 AM

Ergo_Sum on Roombas will Spy on You:

@Wael...

The more interesting question is: Would it make you feel better [...] if you are a share holder, or would you dump the stocks?

That would be interesting, if I'd have Roomba stocks, but I don't. In my view, there's a correlation between stock prices and telemetry collection, at least in the case of Microsoft and probably others as well. I am looking at you Google...

MSFT stock price hovered around mid-thirty bucks from mid-2000 to early 2014, when the preview version of Windows 10, had became available with its extensive telemetry that had been retrofitted to Windows 7 and 8.x. Ever since then the stock price shows relatively steep upward trend, currently at $74.04. Not too bad for about three years time frame, after being stagnant for over a decade.

Certainly, there are other aspects that contributed to doubling the stock price, in addition to the extensive telemetry collection from the desktop with the largest market share. And no, I don't own Microsoft, Google, Apple and other software/service companies. On the other hand I do own IT hardware manufacturers stocks....

July 27, 2017 8:31 AM

Bob on Firing a Locked Smart Gun:

@bickerdyke

"The jamming attack is far more serious"

No shit. We've been saying for years that we don't want to bank our lives on something with electronic failure built in.

July 27, 2017 7:39 AM

Who? on Roombas will Spy on You:

@ Dirk Praet

Do you have an estimation of how much of that fine will go to the customer whose right to be forgotten has been violated?

July 27, 2017 7:07 AM

JG4 on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:


@most everyone - Thanks for the great ideas and discourse.

@Clive - hope that you are feeling better. If I had been clever, I would have asked yesterday how much magnetic shielding is required to block sidechannels. I know that the short answer is "it depends..." The reason that I suggested silicon steel is that it is dirt cheap by comparison to mu metal and widely used in one of the most important types of magnetic circuits on your planet. For a portable application like a smart card where size and weight are important, mu metal might be preferred. For a fixed installation, the less expensive material is preferred. In fact, hot rolled steel is even cheaper than silicon steel and hysteresis losses are an advantage. Cast iron might even been a good choice, although the inclusions increase the resistance. Would you please illuminate the distinction between serf and peasant? I particularly like the exchange about serfs and tenants, which reminds of the crofters and other important post-medieval history in Scotland, Ireland, Wales and elsewhere. You may have noted my use of the term peasant some days ago. I think that I prefer serf, although both convey some truth about the circumstances of the common man.

Lee was the evil genius who picked Dan. Lee died of a brain tumour, almost certainly because he was a heavy cell phone user in the 1980's.

http://www.nakedcapitalism.com/2017/07/links-72717.html
...
EU Commission sets deadline for Facebook, Twitter, Google unfair terms and conditions New Europe (Micael)

...[fascinating - parallels to microprocessors running tainted code]
Did antidepressants help make this man a mass-murderer? BBC

...
Rogers and Todorov: New UK law creates liability for gross human rights abuses FCPA Blog

...
Big Brother is Watching You Watch

Feds Crack Trump Protesters’ Phones to Charge Them With Felony Rioting Daily Beast (Chuck L)

Every Swedish car owners’ details may have leaked in explosive IT failure ZDNet (Chuck L)

Sweden leaks details of almost all of its citizens in move that could bring down government Independent (Brian C)

These cheap phones come at a price — your privacy CNET (Chuck L)

...["do you have probable cause to believe that a crime has been committed?]
Teen allegedly harassed by police for mowing lawns in affluent neighborhood Fox23 (resilc)

Kill Me Now

Clinton book to double down on Russia, Comey message The Hill. Let us not forget that her last book was mainly pulped…but we’ll be unable to avoid encountering headlines of reviews.

...[still have not had time to dig into the Phreesia scam. I've been practicing "I do not consent to the use of electronic forms"]
Amazon has a secret health care team called 1492 focused on medical records, virtual doc visits CNBC

July 27, 2017 6:47 AM

bickerdyke on Firing a Locked Smart Gun:

Well, it's the old case of secure against WHAT.

I'd guess the main reason for the "smart" safety is preventing being shot with your own gun, either by accident, the gun being grabbed by kids or wrestled from you in a close combat situation.

If it takes 5 minutes to set up the rig to allow shooting with a gun that should be locked, there would be time to set up a non-smart gun.

So I don't see any danger from unauthorized firing, as in these situations shots could be fired from any other gun. (Which in the US could be assumed as present everywhere anyhow)

The jamming attack is far more serious

July 27, 2017 6:39 AM

Dirk Praet on Roombas will Spy on You:

Under the new EU GDPR, not only will collection, processing and further distribution of any such data be subject to explicit user consent, the user will also at any time have the right to revoke his consent as well as consult, modify and even delete such data ("right to be forgotten"). Maximum fines for non-compliance range from 4% of the company’s annual global revenue, or €20 million, whichever is higher.

I am currently looking into teaming up with a local law firm to offer both GDPR-compliance consultancy services (legal, HR, IT, and business processes), as well as a legal service to sue out of existence any IoT or other non-compliant mofos on behalf of customers whose privacy and data protection rights are being violated. It's gonna be easy money, and beats the hell out of real work 8-)

Just a small example: consumer electronics product developer Vizio was recently fined $2.2 million after the US consumer watchdog found that it had been using content recognition software to track users without obtaining their permission. Under the GDPR, Vizio (now part of LeEco, a Chinese company worth $7.3 billion revenue) risks similar privacy issues and as from May 28th 2018 will be exposed to a fine of $292 million.

July 27, 2017 6:24 AM

Who? on Roombas will Spy on You:

@ Clive Robinson

One strange idea is to have the router in your house also act as a "Public WiFi Hot Spot" for their mobile customers and even some smart meters. That is they take the bandwidth that you are paying for and share it with whoever of their customers can access the router in your home behind your back...

Yup so you might be paying for 20MbS but they share it with their customers not you. This way they get to provision their global mobile network for free off of the paying residential customers.

In my country it happens the same. I guess the lucky customer whose router is being "shared" with some wrongdoers will receive a friendly visit from police.

July 27, 2017 5:32 AM

Wael on Roombas will Spy on You:

@Ergo Sum,

Would it make you feel better...

No!

The more interesting question is: Would it make you feel better [...] if you are a share holder, or would you dump the stocks?

July 27, 2017 5:11 AM

Ergo Sum on Roombas will Spy on You:

@Clive...

In the UK a number of Internet Service Providers (ISPs)have done some very strange things with their routers.

I wonder if the UK copied how it's done in the US, it's the other way around, or both of them came up with this horrible idea. Maybe this was suggested by the LEOs for monitoring customers on the go and not just at home.

In the US, all major ISPs have "Public WiFi Hot Spot" that isn't really public. Accessing it requires UID/PWD and generally the bandwidth is limited via QoS.

This only works, if the customer opts for the ISP provided, free broadband WiFi router. I almost fell for this, when my Juniper SMB router with no support had became flaky. Picked up one of these free broadband router at the nearby service center that was the same brand and model # that was the candidate for replacement. It had become quite clear that I have no control of the router at all, it is only the tech support, that can make configuration changes. Two hours later, the free router was back at the service center.

I've purchased a router that supports open-source software and never looked back...

July 27, 2017 5:07 AM

Thelonious on Alternatives to Government-Mandated Encryption Backdoors:

Wannacry is only the begining. History will teach us in the future many valuable lessons about theses issues that are just now emerging, for instance when large amount of personal data held by a coorporation or a goverment is used to target a particular group of civilians in a war context. Or when AI engines attack networks and terminals using goverment enabled backdoors and weaken networks. Snowden revelations only confirms that the first aim of any form of goverment, even democratic ones, is to reach omnipotent control of population by any means. Computer power and compromised digital networks are the means of that control, and these means evolve at exponential rates, which is a key point IMO. Soon goverment will have real time surveillance of any public space and will use that as evidence against anybody, anytime. Our old laws are not made to confront this powerful mass surveillance tools. The only lines of defense we have are anonymity, noise and encryption. Only when personal data held under encryption is considered as an extension of our personal thoughts, then this debate starts to make some sense.

July 27, 2017 4:43 AM

Ergo Sum on Roombas will Spy on You:

@all...

Would it make you feel better, if Roomba plans to roll out telemetry for performance improvement and quietly sell the collected telemetry data for anyone willing to pay for it?

You know, like how all applications, operating systems, IoT/WiFi enabled devices and even cars with SIM cards work. Most, if not all of them have cameras nowadays. Like computers, refrigerators, TVs, cars, etc. These cameras already monitor us to improve device performance in tandem with other collected data. And this telemetry data quietly makes its way to data brokers, or LEOs, without you knowing about the data sharing, a.k.a, selling. Yes, this data is anonymous and it is just coincidence, that you are receiving targeted and relevant ads via different means, such as snail-mail, email, websites, etc.

At least Roomba had been up front about selling this data. Thank you, but I'll keep my canister vacuum...

July 27, 2017 4:23 AM

Clive Robinson on Roombas will Spy on You:

@ neil, Bong_SPMBS,

unless you assume that all wifi routers have a secret 'talk to each other and route data' mode builtin

It depends on,

1, The router.
2, The networks it has access to.

In the UK a number of Internet Service Providers (ISPs)have done some very strange things with their routers.

Amongst the moronic such as having a "help desk configuration port" with a default password on the Internet side of the routers they insist you use. They have some even stranger ideas which accounts for why they insist you use their router with the configuration back door.

One strange idea is to have the router in your house also act as a "Public WiFi Hot Spot" for their mobile customers and even some smart meters. That is they take the bandwidth that you are paying for and share it with whoever of their customers can access the router in your home behind your back...

Yup so you might be paying for 20MbS but they share it with their customers not you. This way they get to provision their global mobile network for free off of the paying residential customers.

So yes I would be cautious of just what your IoT can get upto if your neighbour has service through such an ISP.... You might think it's issolated but you may need to think again...

July 27, 2017 4:21 AM

Dirk Praet on US Army Researching Bot Swarms:

@ Clive

What ever we do we are almost certain to end up with a mess

In an interconnected world it is pretty much futile to try and stop the distribution of extremist propaganda, but you can trace down its origin and sponsors. Which are in fact quite well known, be it that our spineless leaders lack the courage to hold accountable those behind it. After all, we need them for their cheap oil and to sell our arms to.

Another common fallacy is that integration and assimilation of millions of immigrants with entirely different ethnic, cultural and religious backgrounds can just sort itself. Even if by an act of $DEITY racism and intolerance were to disappear overnight and a permanently booming economy would provide the countless billions needed for education, training, employment and integration programs, there will always be a significant part that for a variety of reasons will be unwilling or unable to adapt to their new host society, eventually becoming vulnerable to grooming by radical elements. And that is a best case scenario.

The only logical move for those host societies is thus to make immigration and citizenship status dependent on informed and signed acceptance of its core values, demonstrable rejection of which equals forfeiture of any previously acquired residence rights. Although adoption and strict enforcement of such a policy would indeed prove both a practical and legal mess, it is the prime duty of any state to protect itself and its citizens against enemies both foreign and domestic, especially against those who hide behind the very rights and freedoms they seek to destroy and replace with a pre-medieval society under an untouchable clergy and despotic leaders by the grace of $DEITY.

@ tyr

I imagine like the Catholic protestant clashes they will finally get tired of smashing things and try to build something useful again.

I see nothing useful coming out of a global caliphate under sharia law.

Whilst like you and @Clive, I dream of a better society governed by the principles of liberty, equality and fraternity, we shouldn't close our eyes to the nightmare that is the Daesh antithesis to any free and open society, however imperfect it is in its current form.

July 27, 2017 3:51 AM

Clive Robinson on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@ Wael,

Eat a head of romaine lettuce ;)

It's now getting on for late morning --10AM-- and I've still not slept :-( Getting a head of romaine lettuce would only now be possible (shops can be like that in some hamlets). However I realy do not want the soporiphic effects to kick in and go to sleep during the day in what is vacation time in this part of the world...

July 27, 2017 12:51 AM

Bong-Smoking Primitive Monkey-Brained Spook on Roombas will Spy on You:

@ neill,

unless you assume that all wifi routers have a secret 'talk to each other and route data' mode builtin

Is that such a far-fetched assumption? We need to make sure that's not the case.

my point is as always that with some network trickery one can control the data (non-)flow quite effectively

True, with a condition: network devices must be trusted to function as advertised. In other words, genetically speaking: the primitive building blocks of your security solution must be trust-worthy. Otherwise you'll need to dig deep in this blog for discussions on how to operate when the hardware isn't trustworthy.

July 27, 2017 12:35 AM

neill on Roombas will Spy on You:

@Bong-Smoking Primitive Monkey-Brained Spook

it doesnt really matter what the device chatter will be, if there is NO physical connection to the internet ... unless you assume that all wifi routers have a secret 'talk to each other and route data' mode builtin

my point is as always that with some network trickery one can control the data (non-)flow quite effectively

July 26, 2017 11:36 PM

Wael on Roombas will Spy on You:

I got one a couple of years ago (I had six cats at the time, @Snarki, child of Loki) and found it to be pretty useless. I'm guessing the one I have isn't internet-impaired. I'm safe.

July 26, 2017 11:29 PM

Bong-Smoking Primitive Monkey-Brained Spook on Roombas will Spy on You:

@ neill,

second WiFi at home for all things IoT

We thought of that. The second WiFi is an IoT device, too! A customized (read subverted) device. Any questions?

July 26, 2017 11:19 PM

neill on Roombas will Spy on You:

one could easily setup a second WiFi at home for all things IoT, which is totally firewalled (or even completely offline)

you could use remote control while at home, but those devices would NOT be able to send any data outside the home (or only certain ones you'd like eg security cams)

July 26, 2017 11:19 PM

Wael on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@Clive Robinson,

So now even though I want to sleep

You and me both. Eat a head of romaine lettuce ;)

Now however age has wimpified me for the worse...

Age is just a number like I told name.withheld.for.obvious.reasons eons ago. But the older you get, the less sleep you get, which accelerates the aging process, especially the brain cells that regenerate during sleep. Positive feedback cycle!

July 26, 2017 10:51 PM

Clive Robinson on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@ Wael,

Good heavens, man! What are you doing up at this early hour of the morning? It's pushing 4:00AM! Mistress insomnia in town?

And now it's nearly 5AM...and I'm that little bit older but still not rested.

The problem, was not getting much sleep last night, thus being unable to stay awake in the afternoon and taking a short nap... So now even though I want to sleep, I find my mind wizzing around like a whirling dervish simultaneously giving me the equivalent of a "ten double espresso headache" and driving sleep.away :-(

This lack of sleep would not have caused problems as little as ten years ago, I would have "Manned it out" and just slept well over night. Now however age has wimpified me for the worse...

July 26, 2017 10:25 PM

Mathetes on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

Interesting crackdown by Russia and China this week

https://www.bleepingcomputer.com/news/government/russia-passes-bill-banning-proxies-tor-and-vpns/

https://www.bleepingcomputer.com/news/government/china-forces-muslim-minority-to-install-spyware-on-their-phones/

Not forgetting the previous news from China banning vpns by February 2018
some say only mobile services, with uncertainty about foreigners

https://www.theguardian.com/world/2017/jul/11/china-moves-to-block-internet-vpns-from-2018

Bloomberg and others have this also.

July 26, 2017 10:04 PM

Wael on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@Clive Robinson,

You might find this blog post on walking through a remote execution attack against Broadcom WiFi chips used in Android and Apple devices of interest,

Well written article. Educational as well, thanks for sharing! I suspect I'll revisit it in the near future.

if you only secure part of your system to a high level...

Something like: the weakest link...

Good heavens, man! What are you doing up at this early hour of the morning? It's pushing 4:00AM! Mistress insomnia in town?

July 26, 2017 9:38 PM

Clive Robinson on Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland:

@ Bruce and the usual suspects,

You might find this blog post on walking through a remote execution attack against Broadcom WiFi chips used in Android and Apple devices of interest,

https://blog.exodusintel.com/2017/07/26/broadpwn/

The point being, if you only secure part of your system to a high level, those parts at a lower level of security provide an attacker with a bridge head to attack the more secure parts...

July 26, 2017 9:19 PM

Clive Robinson on Roombas will Spy on You:

@ YearOfGlad, mserlgkj,

"You have NO IDEA how lazy people are."

He was not quite right, they are mostly "intentionaly lazy" and will show seriously risky behaviour just for a "quick fix".

But it gets worse, even when they know they are getting surveilled in intimate detail, they keep going for that "quick gratification" of the gimic. They think not about their longterm fate because "It's never going to happen" to them. Even when it has happened to somebody close to them, they are different or special thus immune.

They are the sort of people that will whilst getting every gadget they can run up hugh credit card bills and other debt. Because "they can handle it".

To say it is an addiction at least as bad as that to any drug is down playing it. Drug addiction carries a great deal of shame and self loathing. Going broke and loosing everything apparently does not for a great number of people.

They are the "Beads, baubles and gehaw today, bankruptcy, penury and destitution tommorow boom and busters". Going through cycle after cycle of boom and bust on easy credit, untill the credit stops and they develop another addiction through trying to deal with that.

It is just one of many self sacrificial behavious that we see. They however see it as "The Great American Way" or similar trope to excuse their excess.

July 26, 2017 8:39 PM

YearOfGlad on Roombas will Spy on You:

@mserlgkj

I have a good friend who is ~25 years old. When I talked with him about the silliness of IoT things like Nest, his response:

"You have NO IDEA how lazy people are."

So, no, people will not stop buying these things because many people are spoiled and lazy.

July 26, 2017 8:03 PM

OldFish on Roombas will Spy on You:

@Matteo
I ripped the iot thermostat out of the house precisely because it wanted to phone home.

There is decent gear out there if you look for it.

Try Control by Web.

July 26, 2017 6:58 PM

Clive Robinson on Roombas will Spy on You:

@ YouBetYourLife,

Meanwhile the military continues to develop and deploy their own version of IoTs that surveil entire populations from above and rain down terror wherever suspicion arises.

Lisa Ling (the whistleblower) is right that the way many drones are used is without doubt an act of terrorism[1]. It is also an extremely cowardly one as well, and worse it is in the main compleatly unnecessary for military or intelligence purposes[2].

Thus it is an act of quite deliberate terrorism against people who have no way to defend themselves from it. Thus morally it is as indefensible as what went on in Abu Ghraib[3].

Whilst those who do it in their cowardly way think there is no "comeback", there almost always is. Unfortunatly it is usually not they the MSM or the MIC that have to pay the price of their actions, but other innocent civilians or those at the bottom of the food chain.

But you need to see forward to where this is going to go, traditional terrorism, does not have to be one state terrorising the citizens of another state. No it applies equally as well to a state terrorising it's own citizens. Thus you have to ask where this is going, not just in the immediate future but the near future. We already know that the US Government is giving the civilian guard labour as much millitary equipment as it can via grants and other cover tactics. You have to ask when the LEOs are going to get not just the drones but the hellfire missiles as well... And as we know if you give boys new toys they will play with them sooner rather than later.

[1] Terrorism has had a changing definition over time and quite deliberatly so for political reasons. Originaly it was carried out by a state against civilians and it's purpose was the tyranical act of subjugation by violence and feer. In other words what you would expect of a tyrant, dictator or despot, through their guard labour be it the civilian law enforcment or military.

[2] Repeatadly killing civilians in large numbers because of "poor intelligence" is not exactly sensible or intelligent. Thus you have to assume either they are criminaly incompetent or the excuse of "poor intelligence" is a cover up. It is clear from what is known that the use of the drones is not covert but very much overt. Such deliberate behaviour is not of any intelligence value, because potential intelligence targets are warned, thus stay out of sight and do not use any surveillable method of communications. Leading to the conclusion that such overt behaviour is not for intelligence purposes, thus terrorism in the traditional sense is the next most likely conclusion.

[3] Modern examples from both sides would be what has been seen in Syria with helicoptors and barrel bombs which has drawn international condemnation. However the MSM fail to make clear the other side that by replacing the helicopter with a reaper drone, and the barrel with a hellfire missile it is not in reality any different. However in the MSM eyes some how it is magically different, because it's high tech with vast proffit to be made from tax dollars etc.

July 26, 2017 5:43 PM

CHERI on Roombas will Spy on You:

A big selling point of cable TV when it started was that it had no commercials. That didn't last long.

I see comments like this often, and don't understand where they're coming from. Cable television began as Community Antenna TeleVision (CATV) and was, conceptually, little more than a big antenna and a splitter. It didn't give you anything you couldn't get, in theory, for free—if you found a site not blocked by mountains etc. and set up an antenna. If the stations being captured and rebroadcast had commercials, the clients would get them too.

July 26, 2017 3:41 PM

YouBetYourLife on Roombas will Spy on You:

Yes let's distract ourselves with questions about relatively benign IoT devices that consumers choose to buy and turn loose in the privacy of their own homes.

Meanwhile the military continues to develop and deploy their own version of IoTs that surveil entire populations from above and rain down terror wherever suspicion arises.

https://arstechnica.com/video/2017/07/whistleblower-calls-out-problems-with-military-drone-accuracy-and-ethics/

July 26, 2017 3:22 PM

Daniel on Roombas will Spy on You:

@thunderbird

"I was trying to say that the argument "if something can be done somehow already, doing it another way is of no concern" is specious,"


You are correct: the logic is specious. So the hell what? No one care about logic. That was my point.

July 26, 2017 3:03 PM

Jeremy on Roombas will Spy on You:

@mark:

No, selling stuff to a criminal does NOT generally make you an accessory.

If you beat someone's head in with a hammer, the hardware store that sold you the hammer is not an accessory.

If you write a letter to someone in order to blackmail them, the guys who sold you the pen, paper, envelope, and stamp are in the clear.

You don't normally have a duty to police others or actively prevent their crimes.

Now, if someone provided you with some tools with the intention of helping you commit a crime, then they're probably culpable. The difference is the "mens rea" (guilty mind) of the person providing the stuff.

http://lawcomic.net/guide/?p=173

But if you're just selling stuff that might-or-might-not be used for a crime, that's generally fine.

July 26, 2017 2:51 PM

JDM on Roombas will Spy on You:

Sadly, simply paying for something doesn't make you not be the product."

A big selling point of cable TV when it started was that it had no commercials. That didn't last long.

July 26, 2017 2:43 PM

tyr on Roombas will Spy on You:


I wonder if I can get a free upgrade to
my ancient ROOMBA which lacks all the
fancy IoT tech. I'll have to remember
to give it a kick for allowing its
kids to violate security.

July 26, 2017 2:34 PM

tyr on US Army Researching Bot Swarms:

@Rachel

Some day I'll tell you the story of the
USMC (Uncle Sams Misguided Children) and
the officer who thought there were 380
degrees in a full circle while leading
a field exercise.

Patriotic pride should not become the basis
of idiotic behaviors that overlook very
real flaws. That kind of stupidity gets
your people killed for no reason. Like
George Patton said dying for your country
is stupid, the idea is to make the enemy
die for his country.

This isn't confined to military subjects
anyone who believes that their security
arrangements are perfected will get a rude
surprise later. The ugliest part is to
realize that you were warned about some
possibility and failed to act on that
knowledge before it became a disaster.

@Dirk Praet

I'd be willing to bet there are folks here
who can out acronym anyone after a long
career of dealing with DOD initials nuttery.

Every case is individual but anyone who has
gone abroad to fight for a cause is never
going to be model citizen of european or
any other culture. The streets of America
are full of broken and ruined veterans who
have been discarded by their government.
Civilians would like to support them but
have no clue as to how to do it.

I'm with Clive, a rising tide lifts all the
boats and better societies would fix a lot
of the worlds problems. My generation was
promised an opportunity to die on a nuclear
battlefield over ideology. I'm not sure that
a world turned to rubble by bronze age nut
cults is a better way to architect the future.
I imagine like the Catholic protestant clashes
they will finally get tired of smashing things
and try to build something useful again.

July 26, 2017 1:32 PM

aMacUser on Roombas will Spy on You:

Forget Roombas, get a Neato robotic vacuum ... they were the first to use SLAM when everyone else was using a "randomized wandering" approach and they do a meaningfully better job, having better designed suction, etc. Oh ... and they don't connect to the Internet.

Seriously, any "smart" device that enters my home (DVD player, TV, etc.) immediately gets assigned a specific IP address and that address is blocked by our pfSense router configuration. Just say "no, hell no" to iOT stuff.

July 26, 2017 1:22 PM

Chairman Mao on Alternatives to Government-Mandated Encryption Backdoors:

@ Clive , @ Campbell

I suspect what you mean is not "subjects" but the lower orders bound in tutelage by a feudal system, known as "serfs" they were in quite a number of respects considerably worse off than slaves.

Like "tenant" in a "Cloud" system.

Our host @Bruce has passed comment on this in the past. Others have noted how corporations are using political lobbying to get what is effectively "serfdom" by the "backdoor" by having various forms of unjustified "Rent seeking" activities enshrined in legislation in the pretence of "Rights holding on Intellectual Property (IP)". especially where the IP rights havr been obtained by coercion or cartel behaviour (see academic research publishing both in the forms of "research papers" and "books" as but one example).

Like "tenant" in an IBM, Google, Apple, or Microsoft Cloud:

1) Slaves have no right to withhold property from their owners.
2) Slaves have no right to privacy. (Encryption)
2) Slaves have no right to defend themselves. (Keep and bear arms).
3) And, in addition, "the rent" in Spanish legal system is called "rentistas." In English/American common law, it's known as "peonage."

Slaves don't pay rent. (Worse)

Slaves are not allowed to encrypt, either.

Slaveowners are legally allowed to enter their slaves' bedrooms whenever they want.

What we now have is the blending of slavery with peonage.


Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.