Hospital Hacking (Bloomberg) — interesting for both lax regulation (“The FDA seems to literally be waiting for someone to be killed before they can say, ‘OK, yeah, this is something we need to worry about,’ ” Rios says.) and the extent of the problem (Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. […] After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.). It may take a Vice President’s defibrillator being hacked for things to change. Or would anybody notice?
Amazon Launchpad — a showcase for new hardware startups, who might well be worried about Amazon’s “watch what sells and sell a generic version of it” business model.
Challenges to Adopting Stronger Consistency at Scale (PDF) — It is not obvious that a system that trades stronger consistency for increased latency or reduced availability would be a net benefit to people using Facebook, especially when compared against a weakly consistent system that resolves many inconsistencies with ad hoc mechanisms.
The White House’s Alpha Geeks — Megan Smith for President. I realize now there’s two things we techies should do — one is go where there are lots of us, like MIT or Silicon Valley or whatever, because you can move really fast and do extraordinary things. The other is, go where you’re rare. … It’s almost like you’re a frog in boiling water; you don’t really realize how un-diverse it is until you’re in a normal diverse American innovative community like the President’s team. And then you go back and you’re like, wow. You feel, “Man, this industry is so awesome and yet we’re missing all of this talent.”
ReWalk Robotics Exoskeleton — first exoskeleton for the paralyzed to receive regulatory approval; 66 bought so far, 11 with reimbursement from insurance. The software upgrades for the ReWalk 6.0 provide a smoother walking gait (with less of a soldier-like marching step), an easier stopping mechanism, and a much-improved mode for ascending and descending stairs. The user wears a wristwatch-like controller to switch the suit between sit, stand, walk, and stair modes. How long until a cheaper version hits the market, but you don’t always get to control where it takes you if there’s a sale on featuring brands you love? (via IEEE)
The Declarative Imperative (Morning Paper) — on Dataflow. …a large class of recursive programs – all of basic Datalog – can be parallelized without any need for coordination. As a side note, this insight appears to have eluded the MapReduce community, where join is necessarily a blocking operator.
Consensual Reality (Alistair Croll) — Among other things we discussed what Inbar calls his three rules for augmented reality design: 1. The content you see has to emerge from the real world and relate to it. 2. Should not distract you from the real world; must add to it. 3. Don’t use it when you don’t need it. If a film is better on the TV watch the TV.
X-Rays Behaving Badly — According to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets. Among the revelations contained in the report: A malware infection at a TrapX customer site spread from a unmonitored PACS system to a key nurse’s workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL) and were not detected by existing cyber defense software, so TrapX said it is unsure how many records may have been stolen.
The Online Privacy Lie is Unraveling (TechCrunch) — The report authors’ argue it’s this sense of resignation that is resulting in data tradeoffs taking place — rather than consumers performing careful cost-benefit analysis to weigh up the pros and cons of giving up their data (as marketers try to claim). They also found that where consumers were most informed about marketing practices they were also more likely to be resigned to not being able to do anything to prevent their data being harvested. Something that didn’t make me regret clicking on a TechCrunch link.
UK Government to Sell Its Students’ Data (Wired UK) — The National Pupil Database (NPD) contains detailed information about pupils in schools and colleges in England, including test and exam results, progression at each key stage, gender, ethnicity, pupil absence and exclusions, special educational needs, first language. The UK is becoming patient zero for national data self-harm.
It’s Insanely Easy to Hack Hospital Equipment (Wired) — Erven won’t identify specific product brands that are vulnerable because he’s still trying to get some of the problems fixed. But he said a wide cross-section of devices shared a handful of common security holes, including lack of authentication to access or manipulate the equipment; weak passwords or default and hardcoded vendor passwords like “admin” or “1234″; and embedded web servers and administrative interfaces that make it easy to identify and manipulate devices once an attacker finds them on a network.
4043-byte 8086 Emulator — manages to implement most of the hardware in a 1980’s era IBM-PC using a few hundred fewer bits than the total number of transistors used to implement the original 8086 CPU. Entry in the obfuscated C contest.
Hacking the CES Scavenger Hunt — At which point—now you have your own iBeacon hardware—you can just go ahead and set the UUID, Major and Minor numbers of your beacon to each of the CES scavenger hunt beacon identities in turn, and then bring your beacon into range of your cell phone running which should be running the CES mobile app. Once you’ve shown the app all of the beacons, you’ll have “finished” the scavenger hunt and can claim your prize. Of course doing that isn’t legal. It’s called fraud and will probably land you in serious trouble. iBeacons have great possibilities, but with great possibilities come easy hacks when they’re misused.
Filtering: Seven Principles — JP Rangaswami laying down some basic principles on which filters should be built. 1. Filters should be built such that they are selectable by subscriber, not publisher. I think the basic is: 0: Customers should be able to run their own filters across the information you’re showing them.
Tremor-Correcting Steadicam — brilliant use of technology. Sensors + microcontrollers + actuators = a genuinely better life. Beats figuring out better algorithms to pimp eyeballs to Brands You Love. (via BoingBoing)
Projects and Priorities Without Managers (Ryan Carson) — love what he’s doing with Treehouse. Very Googley. The more I read about these low-touch systems, the more obviously important self-reporting is. It is vital that everyone posts daily updates on what they’re working on or this whole idea will fall down.
Smokio Electronic Cigarette — the quantified cigarette (not yet announced) for measuring your (electronic) cigarette consumption and uploading the data (natch) to your smartphone. Soon your cigarette will have an IPv6 address, a bluetooth connection, and firmware to be pwned.
Using Silk Road — exploring the transactions, probability of being busted, and more. Had me at the heading Silk Road as Cyphernomicon’s black markets. Estimates of risk of participating in the underground economy.
Travis CI — a hosted continuous integration service for the open source community. It is integrated with GitHub.
$250 Arduino-Powered Hand Made by a Teen — the third version of his robotic hand. The hand is primarily made with 3D printing, with the exception of motors, gears, and other hardware. The control system is activated by flexing a pre-chosen muscle, such as curling your toes, then the movement is chosen and controlled by a series of eyeblinks and an EEG headset to measure brainwaves. The most remarkable part is that the hand costs a mere $250.
Tridium Niagara (Wired) — A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. cf the SANS SCADA conference.