How To Build Your Own Airstrip

By | November 23, 2011
1 Comment

My favorite new gadget: the HeadLamp 6, known as the Pilot. It looks like a Bluetooth earpiece, the type you fit over an ear and appear to others as if you’re being attacked by a plastic mollusc. But it ain’t. It’s an LED light:

Headlamp

It delivers a relatively powerful, focused beam onto whatever you’re looking at. Great for reading in cars or on planes when you don’t want to disturb folk sitting next to you. Good for interrogating people too: By looking them in the eye you can appear quite intimidating, backed up by the focused LED beam. Or you could sell them at pop concerts, saving people the pain of burning their fingers holding their lighters aloft. Wear one on each ear and you could pretend you’re driving a car, even if you’re only riding a bicycle. Plus it has a social function too: Place it on the lunch table next to you and you can pretend you’ve got a cellphone even if you don’t.

That’s not all. There’s an undocumented feature which lets you set the lamp on blinking. I haven’t quite figured out what to use that for, but I guess if everyone at a concert has one and does it, it might create quite a funky effect. Or have a dozen people standing in a field, their IQ HL 6s set to blinking and pointing at the sky, and you’ve got yourself a homemade landing strip. The possibilities are endless.

I found one in a local hardware store, selling for about $10. The manufacturer, Hong Kong’s IQ, sells only to distributers and retailers and requires you to sign up before you can see what they’ve got for sale, so I’m not sure how you’d get hold of one.

How To Infect An Airport

By | November 23, 2011
1 Comment

Could it be possible to use Radio Frequency ID tags, or RFID, to transmit viruses? Some researchers reckon so. Unstrung reports that a paper presented at the Pervasive Computing and Communications Conference in Pisa, Italy, the researchers from Vrije Universiteit in Amsterdam, led by Andrew Tanenbaum, show just how susceptible radio-frequency tags may be to malware. “Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way,” the paper’s authors write. “Unfortunately, they are wrong.”

According to The New Scientist the Vrije Universiteit team found that compact malicious code could be written to RFID tags by replacing a tag’s normal identification code with a carefully written message. This could in turn exploit bugs in a computer connected to an RFID reader. This made it possible, the magazine says, to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

An RFID tag is small — roughly the size of a grain of rice, the New Scientist says, and contains a tiny chip and radio transmitter capable of sending a unique identification code over a short distance to a receiver and a connected computer. They are widely used in supermarkets, warehouses, pet tracking and toll collection. But it’s still in the early stages of development. Which leaves it vulnerable. Until now, however, it was thought the small internal memory would make it impossible to infect. Not so, say the researchers.

So what would happen, exactly? RFID virus would then find its way into the backend databases used by the RFID software. The paper, Unstrung says, outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

So how likely is this? Not very, Unstrung quotes Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries, as saying. “If you’re looking at an airport baggage system, for instance, you have to know what sort of tag’s being used, the structure of the data being collected, and what the scanners are set up to gather,” he explains. Red Herring quotes Kevin Ashton, vice president of marketing for ThingMagic, a Cambridge, Massachusetts-based designer of reading devices for RFID systems, as saying the paper was highly theoretical and the theoretical RFID viruses could be damaging only to an “incredibly badly designed system.” Hey, that sounds a bit like a PC.

But he does make a good point: because RFID systems are custom designed, a hacker would have to know a lot about the system to be able to infect it. But that doesn’t mean it can’t be done, and it doesn’t mean it won’t get easier to infect. As RFID becomes more widespread, off-the-shelf solutions are going to become more common. And besides, what will stop a disgruntled worker from infecting a system he is using? Or an attacker obtaining some tags and stealing a reader, say, and then reverse engineering the RFID target?

My instinct would be to take these guys seriously. As with Bluetooth security issues such as Bluesnarfing, the tendency is for the industry itself not to take security seriously until someone smarter than them comes along and shows them why they should do.

Plaxo Moves Into Macland

By | November 23, 2011
2 Comments

Plaxo, the software and service that lets you update your contact details with others — and lets them update theirs with you — automatically, is now available for Mac. A press release issued today (thanks, Joseph) says the move “represents a major step toward the company’s vision to offer the first truly universal personal contact management service, accessible on any platform, email client, browser, or mobile device.”

This is an interesting way of putting it. Plaxo has weathered the criticism about privacy concerns — some of them from this humble blog, despite my support for the service as a whole — to expand beyond Microsoft Outlook to America Online, Mozilla Thunderbird, and Outlook Express. Users can also import contacts from their Netscape, Palm, Yahoo! Mail, and Hotmail accounts.

Like a lot of folk I’m torn over a service like this. On the one hand I can see the obvious benefits: Who better to update the contacts in your address book than the contacts themselves? But on the other hand, how many of the contacts in your address book would be happy that the information is being stored on some company server somewhere, without their knowledge or consent? Then again, that last sentence looks less problematic than it did a year or so back. We’ve heard so many cautionary tales about private data getting lost, stolen or abused maybe we think this kind of thing isn’t important. Now, perhaps, we realise that Plaxo is not really the problem here. The problem lies in those companies deliberating collecting data on individuals, whether they’re ordinary Joes like you and me, or members of the CIA, as the Chicago Tribune recently discovered by searching a commercial online data service.

But I’m not sure that’s the case. The bottom line is complex: We should be as careful with other people’s data as we are with our own. If we don’t want a company to keep details of us we shouldn’t keep details of other people online. Of course, this refers as much to any web-based application or storage tool or networking site.

technorati tags: , ,

The Merits Of Online Publishing

By | November 23, 2011
0 Comment

Jason Fried of 37 Signals, the guys behind web applications like Basecamp and Tada List and Backpack , have published a book on how to build web apps. And they’ve proven a point — that publishing online can be the smart way to go. Jason tells me they’ve sold 4,000 downloadable digital copies of their new book Getting Real in the first week — at $19 a copy, or $49 for a site licence that allows users to make up to 10 copies for co-workers.

That’s $85,000 in pure profit, Jason says. Which I have to say is pretty good. I can’t imagine the same thing would happen, or does happen, for every tome. I asked Jason why he thought the numbers were so high. Here’s his response:

  • It’s easy. buy it now, get it now. you just download the PDF
  • we’ve been talking about our Getting Real process for a long time on our blog, and now people can get the whole thing in a $19 book
  • Lots of interest in how we work. How we’ve been able to build 5 products, write a book, and write Ruby on Rails in 2 years with only 7 people

Interesting. In other words, if a book really adds value to something that has already attracted a lot of interest, you have a ready audience. Even if you keep a blog, and tell everyone what you’re doing and how to do it, there will still be people interested enough to buy the book to read more. And $19 isn’t cheap: That’s a hardback book where I come from, but somehow online, being able to just grab it in PDF in a second, somehow makes the price seem reasonable. As Jason puts it:

I think there’s a big story here… The idea that authors with audiences don’t need publishers anymore. You can take your message direct to your audience. AND you own the rights to your work.

Phones As Emergency Tools

By | November 23, 2011
0 Comment

The excellent textually.org  carries a piece about a technology which would allow people to “receive emergency messages on their mobile phones via an audio system — even when networks are down or out of reach, such as when underground”. The signal would be embedded as “data in an audio signal which can be transmitted over a radio, TV or PA system and sent using an encoded link via SLS to mobiles in the vicinity.” 

It sounds like a good idea. I’d love to see the cellphone used more imaginatively as a way to reach and transmit emergency data — whether it’s information which may help the owner, or as a beacon for the owner to convey their location. After the London bombing I was thinking aloud about whether Bluetooth could in some way be used as a kind of panic button allowing people to pass on information even when existing networks were congested or down. But as I have as much technical knowledge as a penguin this idea may not have reached the powers that be.

Still, my own ignorance aside, I think the cellphone needs to be considered as a vital lifeline — the awful sadness of SMS messages being sent by schoolchildren trapped under landslides in the Philippines should be reminder enough that everyone has one of these things in their hand nowadays and make it seem such an obvious step to try to make them a more useful emergency device.