- Popular Chinese Android Smartphone Backdoored By Manufacturer — Coolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
- USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
- Physical Data Visualisations — a chronological list of physical visualizations and related artifacts. (via Flowing Data)
- Dissent — an anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.
In this O'Reilly Data Show Podcast: Sarah Meiklejohn on analytic applications for blockchain and cryptocurrency technology.
Editor’s note: we’ll explore present and future applications of cryptocurrency and blockchain technologies at our upcoming Radar Summit: Bitcoin & the Blockchain on Jan. 27, 2015, in San Francisco.
A few data scientists are starting to play around with cryptocurrency data, and as bitcoin and related technologies start gaining traction, I expect more to wade in. As the space matures, there will be many interesting applications based on analytics over the transaction data produced by these technologies. The blockchain — the distributed ledger that contains all bitcoin transactions — is publicly available, and the underlying data set is of modest size. Data scientists can work with this data once it’s loaded into familiar data structures, but producing insights requires some domain knowledge and expertise.
I recently spoke with Sarah Meiklejohn, a lecturer at UCL, and an expert on computer security and cryptocurrencies. She was part of an academic research team that studied pseudo-anonymity (“pseudonymity”) in bitcoin. In particular, they used transaction data to compare “potential” anonymity to the “actual” anonymity achieved by users. A bitcoin user can use many different public keys, but careful research led to a few heuristics that allowed them to cluster addresses belonging to the same user:
“In theory, a user can go by many different pseudonyms. If that user is careful and keeps the activity of those different pseudonyms separate, completely distinct from one another, then they can really maintain a level of, maybe not anonymity, but again, cryptographically it’s called pseudo-anonymity. So, if they are a legitimate businessman on the one hand, they can use a certain set of pseudonyms for that activity, and then if they are dealing drugs on Silk Road, they might use a completely different set of pseudonyms for that, and you wouldn’t be able to tell that that’s the same user.
Core competencies and essential reading from hardware, software, manufacturing, and the IoT.
As I noted in “Physical and virtual are blurring together,” we now have hardware that acts like software, and software that’s capable of dealing with the complex subtleties of the physical world. So, what must the innovator, the creator, the executive, the researcher, and the artist do to embrace this convergence of hardware and software?
At its core, this is about a shift from discipline toward intent. Individuals and institutions — whether they’re huge enterprises, small start-ups, or nonprofits — must be competent in several disciplines that increasingly overlap, and should be prepared to solve problems by working fluidly across disciplines.
To use Joi Ito’s example, someone who wants to develop a synthetic eye might begin to approach the problem with biology, or electronics, or software, or (most likely) all three together. Many problems can be solved somewhere in a large multidimensional envelope that trades off design, mechanics, electronics, software, biology, and business models. Experts might still do the best work in each discipline, but everyone needs to know enough about all of them to know where to position a project between them.
Below you’ll find the core competencies in the intersection between software and the physical world, and our favorite books and resources for each one.
Electronics for physical-digital applications
- Practical Electronics, by John M. Hughes: To know what’s possible and where to start, it’s essential to understand both the analog and digital sides of electronics. This is O’Reilly’s authoritative introduction to both analog and digital electronics, with information on circuit design, common parts and techniques, and microcontrollers.
- Raspberry Pi Cookbook, by Simon Monk: The Raspberry Pi is rapidly becoming the standard embedded computing platform for prototyping and experimentation, with enough computing power to run familiar interpreted programming languages and widely supported operating systems.
- Arduino Cookbook, by Michael Margolis: The Arduino microcontroller offers a fluid interface between digital and physical; it’s highly extensible and accessible to people with no prior experience in either electronics or code.
Our biggest opportunities as designers and product creators lie in a context-driven approach to designing user experiences.
Editor’s note: This is an excerpt from our recent book Designing Multi-Device Experiences, by Michal Levin. This excerpt is included in our curated collection of chapters from the O’Reilly Design library. Download a free copy of the Experience Design ebook here.We have entered a world of multi-device experiences. Our lives have become a series of interactions with multiple digital devices, enabling each of us to learn, buy, compare, search, navigate, connect, and manage every aspect of modern life.
Consider the hours we spend with devices every day — interacting with our smartphones, working on our laptops, engaging with our tablets, watching shows on television, playing with our video game consoles, and tracking steps on our fitness wristbands. For many of us, the following are true:
- We spend more time interacting with devices than with people.
- We often interact with more than one device at a time.
The number of connected devices has officially exceeded the seven-billion mark, outnumbering people (and toothbrushes) on the planet. By 2020, this number is expected to pass 24 billion. This inconceivable quantity not only attests to the growing role of these devices in our digital lives, but also signals an increasing number of devices per person. Many individuals now own multiple connected devices — PCs, smartphones, tablets, TVs, and more — and they are already using them together, switching between them, in order to accomplish their goals. Ninety percent of consumers use multiple devices to complete a task over time (PDF). For example, shopping for an item might entail (1) searching and exploring options at home on the PC, (2) checking product information and comparing prices in-store using your smartphone, and (3) writing product reviews on a tablet. Eighty-six percent of consumers use their smartphones while engaging with other devices and during other media consumption activities. Read more…
Andreas Antonopoulos urges the Canadian Senate to resist the temptation to centralize bitcoin.
Editor’s note: our O’Reilly Radar Summit: Bitcoin & the Blockchain will take place on January 27, 2015, at Fort Mason in San Francisco. Andreas Antonopoulos, Vitalik Buterin, Naval Ravikant, and Bill Janeway are but a few of the confirmed speakers for the event. Learn more about the event and reserve your ticket here.
We recently announced a Radar summit on present and future applications of cryptocurrencies and blockchain technologies. In a webcast presentation one of our program chairs, Kieren James-Lubin, observed that we’re very much in the early days of these technologies. He also noted that the technologies are complex enough that most users will rely on service providers (like wallets) to securely store, transfer, and receive cryptocurrencies.
As some of these service providers reach a certain scale, they will start coming under the scrutiny of regulators. Certain tenets are likely to remain: currencies require continuous liquidity and large financial institutions need access to the lender of last resort.
There are also cultural norms that take time to change. Take the example of notaries, whose services seem amenable to being replaced by blockchain technologies. Such a wholesale change would entail adjusting rules and norms across localities, which means going up against the lobbying efforts of established incumbents.
One way to sway regulators and skeptics is to point out that the decentralized nature of the (bitcoin) blockchain can unlock innovation in financial services and other industries. Mastering Bitcoin author Andreas Antonopoulos did a masterful job highlighting this in his recent testimony before the Canadian Senate:
“Traditional models for financial payment networks and banking rely on centralized control in order to provide security. The architecture of a traditional financial network is built around a central authority, such as a clearinghouse. As a result, security and authority have to be vested in that central actor. The resulting security model looks like a series of concentric circles with very limited access to the center and increasing access as we move farther away from the center. However, even the most outermost circle cannot afford open access.
Andrew “bunnie” Huang on understanding the interplay between software, hardware, and the existing supply chain.
Editor’s note: this interview with Andrew “bunnie” Huang is an excerpt from our recent report, When Hardware Meets Software, by Mike Barlow. The report looks into the new hardware movement, telling its story through the people who are building it. For more stories on the evolving relationship between software and hardware, download the free report.Andrew “bunnie” Huang has a Ph.D. in electrical engineering from MIT, but he is most famous for reverse engineering the Xbox, establishing his reputation as one of the world’s greatest hardware hackers. He sees an evolving relationship between hardware and software.
“It used to be that products were limited solely by the capability of their hardware. Early radios, for example, had mechanical buttons that acted directly on the physics of the receiver,” says Huang. “As hardware becomes more capable, the user experience of the hardware is more dictated by the software that runs on it. Now that hardware is ridiculously capable — you basically have supercomputers in your pockets that cost next to nothing — pretty much the entire user experience of the product is dictated by the software. The hardware simply serves as an elusive constraint on the user experience.”
Hardware is “a cage,” says Huang, and good software developers learn to work within the constraints of the hardware. “When I work with programmers on new products, I take the first prototype, put it on the desk and I say, ‘Welcome to your new cage.’ That’s the reality. There’s a hard wall. But we try to build the cage big enough so there are options for programmers. A quad core Android phone with a gigabyte of memory is a pretty big cage. Sometimes when programmers feel constrained, they’re just being lazy. There’s always more than one way to skin a cat in the software world.” Read more…