jm + iot   23

Why People With Brain Implants Are Afraid to Go Through Automatic Doors
In 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off.

Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”
internet-of-things  iot  best-buy  implants  parkinsons-disease  emi  healthcare  devices  interference 
16 days ago by jm
AWS Greengrass
AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud.

AWS Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With Greengrass, you can use familiar languages and programming models to create and test your device software in the cloud, and then deploy it to your devices. AWS Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud. AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT’s security and access management capabilities. This way data is never exchanged between devices when they communicate with each other and the cloud without proven identity.
aws  cloud  iot  lambda  devices  offline  synchronization  architecture 
12 weeks ago by jm
mjg59 | Fixing the IoT isn't going to be easy
We can't easily fix the already broken devices, we can't easily stop more broken devices from being shipped and we can't easily guarantee that we can fix future devices that end up broken. The only solution I see working at all is to require ISPs to cut people off, and that's going to involve a great deal of pain. The harsh reality is that this is almost certainly just the tip of the iceberg, and things are going to get much worse before they get any better.
iot  security  internet  isps  devices 
october 2016 by jm
Brian Krebs - The Democratization of Censorship
Events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach. More than 20 years after Gilmore first coined [his] turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity.
brian-krebs  censorship  ddos  internet  web  politics  crime  security  iot 
september 2016 by jm
Nest Reminds Customers That Ownership Isn't What It Used to Be
EFF weigh in on the internet of shit:
Customers likely didn't expect that, 18 months after the last Revolv Hubs were sold, instead of getting more upgrades, the device would be intentionally, permanently, and completely disabled. ....
Nest Labs and Google are both subsidiaries of Alphabet, Inc., and bricking the Hub sets a terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person’s livelihood or physical safety.
nest  legal  tech  google  alphabet  internetofshit  iot  law 
april 2016 by jm
Is anyone concerned about the future of Nest?
wow, looks like Nest is fucked:
As a Nest engineer, I won't say any numbers that aren't public, but this company is already on deathwatch. Once that happens, most people will quickly have shiny paperweights because it's a constant firefight keeping these systems up. We have $340M in revenue, not profit, against a ~$500M budget. No new products since the purchase, and sales/growth numbers are dire. Our budget deal expires soon, and all the good engineers on my teams have discreetly indicated they are going to flee once their golden handcuffs unlock (many have already left despite sacrificing a lot of money to do so).
Tony and his goons demand crazy timelines so much that "crunch time" has basically lost meaning. Just when your labor bears fruit, they swoop in, 180 the specs you just delivered on, then have the gall to call your team "incompetent" for not reading their mind and delivering on these brand-new specs. I waste most of my time in pointless meetings, or defending my teams so they don't flip their desks and walk out. People fall asleep in corners and cry in the bathrooms, health and marriages are suffering. Already the churn is insane, close to half the company if not more. Skilled engineers can tell the environment is toxic, so we're filling vacancies with mostly sub-par talent.
nest  google  business  dotcoms  churn  iot 
april 2016 by jm
'Devastating' bug pops secure doors at airports, hospitals
"A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call," Lawshae says.


:facepalm:
security  iot  funny  fail  linux  unix  backticks  system  udp  hid  vertx  edge 
april 2016 by jm
Google's Nest killing off old devices
Google is making customers' existing devices useless, less than 2 years after the devices were available for sale, with only 2 months warning. This is one of the reasons I won't spend money on the Internet Of Things shitshow.

'"Which hardware will Google choose to intentionally brick next?" asks Arlo Gilbert. "If they stop supporting Android will they decide that the day after warranty expires that your phone will go dark? Is your Nexus device safe? What about your Nest fire alarm? What about your Dropcam? What about your Chromecast device?"'
iot  fail  google  alphabet  nest  revolv  home  shutdown 
april 2016 by jm
This is Why People Fear the ‘Internet of Things’
Ugh. This is a security nightmare. Nice work Foscam...
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide. The best part? It’s all plug-and-play, no configuration necessary!
foscam  cameras  iot  security  networking  p2p 
february 2016 by jm
The price of the Internet of Things will be a vague dread of a malicious world
So the fact is that our experience of the world will increasingly come to reflect our experience of our computers and of the internet itself (not surprisingly, as it’ll be infused with both). Just as any user feels their computer to be a fairly unpredictable device full of programs they’ve never installed doing unknown things to which they’ve never agreed to benefit companies they’ve never heard of, inefficiently at best and actively malignant at worst (but how would you now?), cars, street lights, and even buildings will behave in the same vaguely suspicious way. Is your self-driving car deliberately slowing down to give priority to the higher-priced models? Is your green A/C really less efficient with a thermostat from a different company, or it’s just not trying as hard? And your tv is supposed to only use its camera to follow your gestural commands, but it’s a bit suspicious how it always offers Disney downloads when your children are sitting in front of it. None of those things are likely to be legal, but they are going to be profitable, and, with objects working actively to hide them from the government, not to mention from you, they’ll be hard to catch.
culture  bots  criticism  ieet  iot  internet-of-things  law  regulation  open-source  appliances 
september 2015 by jm
Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks
Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.


The Internet of Insecure Things strikes again.
iot  security  fridges  samsung  fail  mitm  ssl  tls  google  papers  defcon 
september 2015 by jm
Internet of 404's
"An archive of the former Internet of Things"
archive  iot  things  internet  nabaztag  startups  acquisitions  tumblr  gadgets  history 
may 2015 by jm
In the privacy of your own home
I didn't know about this:
Last spring, as 41,000 runners made their way through the streets of Dublin in the city’s Women’s Mini Marathon, an unassuming redheaded man by the name of Candid Wueest stood on the sidelines with a scanner. He had built it in a couple of hours with $75 worth of parts, and he was using it to surreptitiously pick up data from activity trackers worn on the runners’ wrists. During the race, Wueest managed to collect personal info from 563 racers, including their names, addresses, and passwords, as well as the unique IDs of the devices they were carrying.
dublin  candid-wueest  privacy  data  marathon  running  iot  activity-trackers 
may 2015 by jm
Ask the Decoder: Did I sign up for a global sleep study?
How meaningful is this corporate data science, anyway? Given the tech-savvy people in the Bay Area, Jawbone likely had a very dense sample of Jawbone wearers to draw from for its Napa earthquake analysis. That allowed it to look at proximity to the epicenter of the earthquake from location information.

Jawbone boasts its sample population of roughly “1 million Up wearers who track their sleep using Up by Jawbone.” But when looking into patterns county by county in the U.S., Jawbone states, it takes certain statistical liberties to show granularity while accounting for places where there may not be many Jawbone users.

So while Jawbone data can show us interesting things about sleep patterns across a very large population, we have to remember how selective that population is. Jawbone wearers are people who can afford a $129 wearable fitness gadget and the smartphone or computer to interact with the output from the device.

Jawbone is sharing what it learns with the public, but think of all the public health interests or other third parties that might be interested in other research questions from a large scale data set. Yet this data is not collected with scientific processes and controls and is not treated with the rigor and scrutiny that a scientific study requires.

Jawbone and other fitness trackers don’t give us the option to use their devices while opting out of contributing to the anonymous data sets they publish. Maybe that ought to change.
jawbone  privacy  data-protection  anonymization  aggregation  data  medicine  health  earthquakes  statistics  iot  wearables 
march 2015 by jm
Japan's Robot Dogs Get Funerals as Sony Looks Away
in July 2014, [Sony's] repairs [of Aibo robot dogs] stopped and owners were left to look elsewhere for help. The Sony stiff has led not only to the formation of support groups--where Aibo enthusiasts can share tips and help each other with repairs--but has fed the bionic pet vet industry.

“The people who have them feel their presence and personality,” Nobuyuki Narimatsu, director of A-Fun, a repair company for robot dogs, told AFP. “So we think that somehow, they really have souls.” While concerted repair efforts have kept many an Aibo alive, a shortage of spare parts means that some of their lives have come to an end.
sony  aibo  robots  japan  dogs  pets  weird  future  badiotday  iot  gadgets 
march 2015 by jm
Can HTTP/2 Replace MQTT?
MQTT definitely has a smaller size on the wire. It’s also simpler to parse (let’s face it, Huffman isn’t that easy to implement) and provides guaranteed delivery to cater to shaky wireless networks. On the other hand, it’s also not terribly extensible. There aren’t a whole lot of headers and options available, and there’s no way to make custom ones without touching the payload of the message.

It seems that HTTP/2 could definitely serve as a reasonable replacement for MQTT. It’s reasonably small, supports multiple paradigms (pub/sub & request/response) and is extensible. Its also supported by the IETF (whereas MQTT is hosted by OASIS). From conversations I’ve had with industry leaders in the embedded software and chip manufacturing, they only want to support standards from the IETF. Many of them are still planning to support MQTT, but they’re not happy about it.

I think MQTT is better at many of the things it was designed for, but I’m interested to see over time if those advantages are enough to outweigh the benefits of HTTP. Regardless, MQTT has been gaining a lot of traction in the past year or two, so you may be forced into using it while HTTP/2 catches up.
http2  mqtt  iot  pub-sub  protocols  ietf  embedded  push  http 
february 2015 by jm
Samsung's smart TVs are inserting unwanted ads into users' own movies
Amazingly shitty. Never buying a Samsung TV if this is what they think is acceptable
advertising  tv  samsung  smart-tvs  iot  horrible  ads 
february 2015 by jm
Cloudwash – Creating the Technical Prototype
This is a lovely demo of integrating modern IoT connectivity functionality (remote app control, etc.) with a washing machine using Bergcloud's hardware and backend, and a little logic-analyzer reverse engineering.
arduino  diy  washing-machines  iot  bergcloud  hacking  reversing  logic-analyzers  hardware 
august 2014 by jm
NTP's days are numbered for consumer devices
An accurate clock is required to negotiate SSL/TLS, so clock sync is important for internet-of-things usage. but:
Unfortunately for us, the traditional and most widespread method for clock synchronisation (NTP) has been caught up in a DDoS issue which has recently caused some ISPs to start blocking all NTP communication. [....] Because the DDoS attacks are so widespread, and the lack of obvious commercial pressure to fix the issue, it’s possible that the days of using NTP as a mechanism for setting clocks may well be numbered. Luckily for us there is a small but growing project that replaces it.

tlsdate was started by Jacob Appelbaum of the Tor project in 2012, making use of the SSL handshake in order to extract time from a remote server, and its usage is on the rise. [....] Since we started encountering these problems, we’ve incorporated tlsdate into an over-the-air update, and have successfully started using this in situations where NTP is blocked.
tlsdate  ntp  clocks  time  sync  iot  via:gwire  ddos  isps  internet  protocols  security 
august 2014 by jm
Moquette MQTT
a Java implementation of an MQTT 3.1 broker. Its code base is small. At its core, Moquette is an events processor; this lets the code base be simple, avoiding thread sharing issues. The Moquette broker is lightweight and easy to understand so it could be embedded in other projects.
mqtt  moquette  netty  messaging  queueing  push-notifications  iot  internet  push  eclipse 
may 2014 by jm

related tags

acquisitions  activity-trackers  ads  advertising  aggregation  aibo  alphabet  amazon  anonymization  apis  appliances  architecture  archive  arduino  aws  backticks  badiotday  bergcloud  best-buy  bots  brian-krebs  business  cameras  candid-wueest  censorship  churn  clocks  cloud  connected  crime  criticism  culture  data  data-protection  ddos  defcon  devices  dick-cheney  diy  dogs  dotcoms  dublin  earthquakes  eclipse  edge  embedded  emi  fail  foscam  fridges  funny  future  gadgets  garadget  google  hacking  hardware  health  healthcare  hid  history  home  horrible  http  http2  ieet  ietf  implants  interference  internet  internet-of-things  internetofshit  iot  isps  japan  jawbone  lambda  law  legal  linux  logic-analyzers  marathon  medicine  messaging  mitm  moquette  mqtt  nabaztag  nest  netty  networking  ntp  offline  open-source  p2p  pacemakers  papers  parkinsons-disease  pets  politics  privacy  protocols  pub-sub  push  push-notifications  queueing  regulation  reversing  reviews  revolv  robots  running  samsung  security  shutdown  smart-tvs  sony  ssl  startups  statistics  sync  synchronization  system  tech  things  time  tls  tlsdate  tumblr  tv  udp  unix  vertx  via:davebolger  via:gwire  via:jzdziarski  washing-machines  wearables  web  weird  wireless 

Copy this bookmark:



description:


tags: