Category

News

Badge life: The story behind DEFCON’s hackable crystal electronic badge

By | News | No Comments

Badge life: The story behind DEFCON’s hackable crystal electronic badge originally published on Ars Technica

The unadorned "human" badge from DEFCON 27: hackable jewelry.
Enlarge / The unadorned “human” badge from DEFCON 27: hackable jewelry.

Joe Grand/ DEFCON

LAS VEGAS—There are many things that make the DEFCON conference stand above all other hacking conferences. It’s the largest, of course, with over 30,000 attendees, sprawling over four hotels in Las Vegas this year. And there are the Villages, each of them conferences unto themselves appealing to specific security and hacking communities. But the most visible, unifying part of DEFCON is its badges.

The DEFCON electronic badges—which for a time were used every other year because of the effort and budget that went into them—are typically the delivery vehicle for a unifying game. Last year’s badge was a sophisticated puzzle challenge that included a social element and even a built-in text-based adventure. This year’s badges, however, were both deceptively simple and cunningly complex, designed to get DEFCON attendees to interact with each other and explore the whole of the conference rather than falling too deeply into a badge rabbit hole.

Joe Grand, (AKA “Kingpin”), the designer of DEFCON’s very first electronic, hackable badges (used for DEFCONs 14 through 18) returned to the task for this year’s 27th edition of the event at the request of DEFCON founder Jeff Moss (“Dark Tangent”). Just before DEFCON kicked off, Grand spoke with Ars about this year’s badge design and the effort required to put together a real-world electronic quest for about 30,000 friends.

Badged for life

King said Moss “called me out of the blue at the end of December [2018] and he’s like, ‘Hey, do you want to do the DEFCON badge?’ Well, it was a decent amount of time… it would’ve been better to be like the day after last DEFCON.”

King agreed, as he had spent much of 2018 traveling to speak and teach, “and I wanted to stay at home… like this would be a great opportunity to stay at home, work on a project, I can see my family more, I won’t be on the road. Of course, that shows that I’d forgotten the difficulty of actually designing badges.” King acknowledged.

The task of turning out the DEFCON badge “is a full-time effort,” Grand said. “That’s why they call it ‘badge life’.”

Grand told Moss that he wanted to do something simple “that can appeal to as many people as possible, because the puzzles that have been done are amazing, but I didn’t want to exclude people. I kind of put myself in that mindset of like, what if I was attending DEFCON for the first time? What would that feel like?”

Delivery of the badges required for DEFCON 27 came down to the wire, and Grand had to push manufacturing straight from first working prototype to full production. It’s a minor technological miracle that the badges had a relatively low failure rate at the conference—and many of those failures were a result of the hacks performed by attendees.

Grand originally started off designing DEFCON badges as part of an effort “to bring awareness of hardware and hardware hacking to DEFCON,” he said. “In the beginning, we didn’t know how people would respond, so we did a simple kind of artistic badge. And people really liked it.”

After DEFCON 14, electronic badges began to gradually take on a life of their own. “Little by little, you’d see other badges starting to come up, with people creating their own for their parties,” Grand recalled. “And it really was exciting to see this growth. Then every year, I’d always compete with myself. I’m like, ‘what can I do better, what technique can I try, what new art thing can I try?’ And my design aesthetic has always been, even with professional products that I do, just very simple, effective things. Like I’m not a puzzle, my brain doesn’t work like a puzzle master.”

After his fifth year, as “badge life” blossomed in full, “I said I was never going do it again because I… had [already] spoken my mind, right? I had done the artwork that I wanted to do and shared that side of me with other people and whatever. But I’d always said if Jeff ever asked to me again to do it then I’ll do it.”

Magical crystals

The image that served as the foundation for DEFCON 27's theme.
Enlarge /

The image that served as the foundation for DEFCON 27’s theme.

“Jeff sent me a picture of the theme for the conference, for his idea of the theme of ‘Technology’s Promise’,” Grand said. “And it was all pastel colors and clouds and a woman holding a laptop. It was an ad from the ’70s about like the future of technology—the good side of technology. Instead of technology owning you, it’s if technology helped you. And I saw that picture and I was just like, something was just like crystals. I don’t know, it seemed sort of new age-y.”

Moss later posted the image through DEFCON’s Twitter account.

The theme was the flip-side of DEFCON 26’s “1983” tone—the “the inflection point between disorder and dystopia,” as Moss had put it in a Twitter post. The DEFCON 27 theme, Moss said, would be about “a major-key, blue-sky thoughtscape…a future where we have tamed some of the demons that plague us now, and tech supports and inspires instead of controlling and surveilling.”

That idea of crystals resulted in the deceptively simple design of the DEFCON 27 badge collection: a printed circuit board, itself a work of digital art, joined to a piece of hand-cut and hand-polished Brazilian quartz. For speaker, artist, press, and other “colored” badges, the quartz was dyed; rose quartz squares were used for the red “goon” (volunteer) badges. “Every single one of the 28,500 pieces that we’ve made is unique because it’s hand-cut crystal,” Grand said. “The quartz is going to vary in translucency or transparency. And so we put graphics behind it so you can sometimes see it.”

  • The circuit board that powered the DEFCON 27 badge game included parts never used for short manufacturing run electronic devices before, let alone badges.

  • The full array of badges, with the “goon” badge at the top.

  • All lit up: the LEDs on the badges as seen through the quartz crystals mounted on the front of them.

It was the badge as jewelry—the badges could be worn on a wristband sold in DEFCON’s “swag shop,” or as a headband, or (as I wore it) as a bolo tie. The badge lanyard could be pulled through “straps” that are “actually high current jumpers for industrial electronics” made in Japan, Grand explained. (Some attendees who clipped their badges to their lanyards with the provided metal hooks managed to short their badges out as a result.)

There was method to this madness. “There’s a bunch of badges everywhere,” Grand explained, “so [Moss] and I were like, well what if we move up the stack a little bit so the DEFCON badge has a single one and this fits onto the lanyard? So it will be kind of slide it through, and now your badge is up the lanyard so it’s more visible.”

Some of the components are fairly uncommon or had never been used in hackable badges before. “I tried to use some pretty ridiculous complex components,” Grand said.

Researchers are creepily close to predicting when you’re going to die

By | News | No Comments

Researchers are creepily close to predicting when you’re going to die originally published on Ars Technica

Closeup photograph of test tubes filled with blood.
Enlarge / Samples of donated blood in Vacutainer test tubes with yellow tops.

If death is in the cards, it may also be in your blood.

Measurements of 14 metabolic substances in blood were pretty good at predicting whether people were likely to die in the next five to 10 years. The data was published this week in Nature Communications.

A team of researchers led by data scientists in the Netherlands came up with the fateful 14 based on data from 44,168 people, aged 18 to 109. The data included death records and measurements of 226 different substances in blood. Of the 44,168 people, 5,512 died during follow-up periods of nearly 17 years.

The researchers then put their death panel to the test. They used the 14 blood measurements to try to predict deaths in a cohort of 7,603 Finnish people who were surveyed in 1997. Of those Finns, 1,213 died during follow-up. Together, the 14 blood measurements were about 83% accurate at predicting the deaths that occurred within both five years and 10 years. The accuracy dropped to about 72% when predicting deaths for people over 60 years old, though.

The lineup of apparent markers of doom are perhaps not entirely surprising. Some are already known to signal deadly conditions, such as heart disease, cancers, and diabetes—all leading causes of death in Europe and the United States. The culprits include blood sugar; factors linked to “bad” cholesterol; glycoprotein acetyls and polyunsaturated fatty acids, which are linked to inflammation; and albumin, which can indicate kidney and liver problems. Still, some others, such as acetoacetate, aren’t as clearly linked to mortality and require some follow-up research, the authors say.

Nevertheless, “[i]n combination, these biomarkers clearly improve risk prediction of 5- and 10-year mortality as compared to conventional risk factors across all ages,” the authors conclude. “These results suggest that metabolic biomarker profiling could potentially be used to guide patient care, if further validated in relevant clinical settings.”

Knowing whether someone is likely to kick the bucket in the near future may help determine if a patient is, say, too far gone for an invasive surgery. On the other hand, learning of impending doom may also help motivate patients to work on improving their health through lifestyle changes to stall that fate. In line with that, mortality predictions could perhaps one day help determine if modern medicine has found a way to cheat death with new treatments or interventions.

At the moment, researchers are a long way from that. The markers have to be validated in clinical settings—not just cohort datasets. Moreover, all the data in the study came from people of European decent, meaning it may not be applicable to other groups.

Nature Communications, 2019. DOI: 10.1038/s41467-019-11311-9  (About DOIs).

Porsche to Include Apple Music App in Its Electric Taycan Electric Sports Car

By | News | No Comments

Porsche to Include Apple Music App in Its Electric Taycan Electric Sports Car originally published on MacStories

Yesterday, Porsche announced that it’s partnering with Apple to integrate Apple Music directly with the in-car entertainment system of the Taycan, which is debuting in September.

The streaming service will be available in Porsche’s fully-electric Taycan first and later, in other models. According to TechCrunch’s Kirsten Korosec who spoke to Porsche’s North American CEO Claus Zellmer:

The integration means more than an Apple Music app icon popping up on the Taycan’s digital touchscreen. The company wanted the experience to be seamless, meaning no wonky sign-ins, phone pairing or separate accounts. Instead, Porsche is linking an owner’s Apple ID with their Porsche Taycan ID. Apple Music content in the Taycan will be identical to what’s on the user’s iPhone app.

System-level integration with Apple Music will allow Taycan owners to enjoy the service regardless of whether they have an iPhone with them because the Taycan comes with in-car Internet service. The car company announced that it will offer a six-month free trial of Apple Music with the Taycan and incorporate CarPlay support into its in-car entertainment system too.

Direct integration of Apple Music with Porsche’s in-car system, plus six months of free service sounds an awful lot like what satellite radio company SiriusXM offers with many new cars. The move has the advantage of ensuring that Apple’s service will always be available onscreen where it can compete directly with other services. Of course, the downside is that because Apple doesn’t control the hardware its app runs on, it will undoubtedly be subject to the whims of Porsche if it wants to update it, which is part of why CarPlay exists in the first place. Fortunately, regardless of how Porsche handles updates, CarPlay will be available to Taycan owners too. It will be interesting to see whether Apple Music and perhaps other Apple apps make their way into additional manufacturers’ automobiles in the future or if this is a one-off deal.


Support MacStories Directly

Club MacStories offers exclusive access to extra MacStories content, delivered every week; it’s also a way to support us directly.

Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, it’s made in Italy.
Join Now

A Fungus Could Wipe Out the Banana Forever

By | News | No Comments

A Fungus Could Wipe Out the Banana Forever originally published on Wired

The banana—or at least the fruit as we know it—is facing an existential crisis. A deadly fungus that has decimated banana plantations in southeast Asia for 30 years has finally done what scientists have long been fearing, and made its way to Latin America—the heart of the global banana export market.

Wired UK

This story originally appeared on WIRED UK.

On August 8 the Colombian Agricultural Institute announced that it had confirmed that the fungus—a strain of Fusarium oxysporum called Tropical Race 4 (TR4)—had been found in plantations in the north of the country. The country declared a national state of emergency, destroying crops and quarantining plantations in an attempt to avert the spread of the fungus.

But Latin America has been in this situation before. Until the 1950s, the most commonly exported banana variety was the Gros Michel, which was almost totally wiped out by a different strain of the Fusarium fungus. The modern export banana—the Cavendish—took Gros Michel’s place because it was resistant to that early Fusarium strain. Now 99 percent of all exported bananas are Cavendish—with almost all of them grown in Latin America.

“What we’re having is an almost apocalyptic scenario where we’ll probably lose Cavendish as well,” says Sarah Gurr, Exeter University’s chair in food security. Initially discovered in Taiwan in 1989, TR4 is rife throughout southeast Asia and has since been found in Lebanon, Israel, India, and Australia. But until now, Latin America had avoided the pathogen altogether.

“Once it’s in a country it’s very hard to get rid of it,” says Dan Bebber, a senior lecturer in biosciences also at Exeter University. TR4 lives in the soil and can be transmitted on unclean tires or boots, or spread from banana plants when they are replanted in different farms. Once present in soil, it can stay dormant for years before infecting banana plants through their roots, spreading to the water- and nutrient-conducting tissue and starving them of nourishment.

Now that it’s in Latin America—and is likely more widespread than is currently understood—it’s a matter of controlling the spread of the fungus, says Bebber. Making sure any plantation employees or visitors disinfect boots and tires before entering or leaving the site helps, as will trying to maintain the health of the soil, but no countries have managed to successfully contain TR4. In 1997, TR4 was detected in Australia’s Northern Territory, but vigorous quarantine efforts couldn’t prevent the pathogen from spreading to north Queensland in 2015.

“We would expect a pretty rapid spread [in Latin America]” says Bebber. In the extremely low-margin banana industry, relatively little funding is directed toward research into new banana varieties that might be resistant to the disease. Over the past decade, the price of bananas in the UK has stayed steady at £0.94 ($1.13) per kilogram. In the same time period, the price of apples went from £1.51 ($1.82) to £2.08 ($2.51) per kilogram—an increase of nearly 40 percent.

This relentless demand for extremely cheap fruit produced thousands of miles away has driven the industry to concentrate on only a single banana crop, as that allows for more standardized, and thus cheaper, farming and transportation. But growing only a single variety of banana has serious drawbacks. “Monocultures are divine feeding grounds for pathogens,” says Gurr. When a pathogen arrives that infects a certain variety, such as the Cavendish, there is no reprieve in sight.

While things in Latin America look dire, there is a little hope on the horizon. Work is already underway to use Crispr gene-editing to create Cavendish bananas that are resistant to TR4. In 2018, the plant biologist James Dale demonstrated that it’s possible to modify the Cavendish genome using Crispr, and in Norwich a firm called Tropic Biosciences is also experimenting with using Crispr to engineer resistant bananas.

SUBSCRIBE

Subscribe to WIRED and stay smart with more of your favorite writers.

It also might be possible to cross-breed other banana varieties in the hope of creating offspring that are TR4-resistant and tasty enough to sell to consumers. All of these efforts are still a while away from showing promising results, however, and in July 2018 the European Court of Justice threw the future of gene-edited bananas into doubt after clarifying that Crispr-edited crops would not be exempt from regulations that limit the sale of genetically modified organisms.

UPS has been quietly delivering cargo using self-driving trucks

By | News | No Comments

UPS has been quietly delivering cargo using self-driving trucks originally published on The Verge


UPS has had autonomous trucking startup TuSimple hauling cargo for it between Phoenix and Tucson, Arizona, since May as part of a newly publicized partnership between the two companies. The delivery giant made the announcement today alongside the news that its venture arm is taking a minority stake in TuSimple. Terms of the deal were not disclosed.

TuSimple had previously run a partnership with the United States Postal Service in May, where the startup’s trucks carried mail on the 1,000-mile stretch between the USPS’s Phoenix, Arizona, and Dallas, Texas, distribution centers. That pilot has since ended, though the two sides are discussing “next steps,” according to a TuSimple spokesperson.

Founded in 2015, TuSimple uses Navistar trucks outfitted with the startup’s own self-driving tech, which sees the world largely through nine cameras. While each truck is outfitted with a pair of LIDAR sensors as well, the startup is focused on developing a vision-based autonomous system — similar to what Tesla uses in its cars. The startup is already backed by Nvidia and Chinese technology company Sina, and it has a headquarters in San Diego, California, and another in Beijing.

TuSimple says it has been helping UPS “better understand the requirements for Level 4 Autonomous trucking in its network” — a reference to the Society of Automotive Engineers’ scale for self-driving vehicles, where Level 4 refers to full autonomy that’s locked to a designated geographic location. The trucks in use still have a safety driver and an engineer on board who monitor the system, like many of the other self-driving pilot programs currently running in the United States.

There are a number of startups and established companies working on autonomous trucking, from Kodiak and Einride to Waymo and even Daimler. (Uber shuttered its program last summer after one of its self-driving SUV test vehicles killed a pedestrian.) TuSimple is one of the few hauling actual commercial cargo, albeit in a limited capacity on just a few routes.

The partnership with (and stake in) TuSimple is just the latest sign of UPS’s ambition to future-proof its business, especially as Amazon builds out its own delivery infrastructure. UPS is working on a drone delivery service, and it has electric trucks in the works, all while matching key Amazon features. Rival FedEx recently announced that it didn’t renew its contract with Amazon, though UPS is still working with the tech conglomerate for now.

The Bonkers Tech That Detects Lightning 6,000 Miles Away

By | News | No Comments

The Bonkers Tech That Detects Lightning 6,000 Miles Away originally published on Wired

If lightning strikes a few hundred miles from the North Pole, and no one is around to hear it, does it make a sound? Yes, because there’s a global array of sensors that’s always listening, pinpointing lightning strikes in time and space from as far away as 6,000 miles.

This past weekend the North Pole played host to a rare thunderstorm, an event that may become less rare as climate change ramps up. And it would have gone entirely unnoticed by faraway humans if it weren’t for the assistance of a company called Vaisala, which operates the sensor network and uses it to triangulate a lightning strike, feeding the data to outfits like the National Weather Service. “This is a relatively new system, and so our ability to detect lightning that far north has drastically improved over the last 5 to 10 years,” says Alex Young, a meteorologist with the National Weather Service in Fairbanks, Alaska. “As opposed to: who knows if an event like this happened 30 years ago?”

Matt Simon covers cannabis, robots, and climate science for WIRED.

First we need to talk about how lightning forms. When the Sun heats the Earth’s surface, air and moisture rise and create water droplets. With enough solar energy, the warm, wet air keeps rising and rising, while the same time, cold air in the system is sinking—leading to a swirling mass called a deep convective cloud, which builds electrical charges that escalate into lightning. Usually Arctic air doesn’t hold enough heat to get all that convection. But in these times of climate change, nothing is normal anymore.

Luckily for Vaisala, lightning betrays itself in a number of ways. We humans know it by the flash of light and the deafening sound, but what our bodies don’t notice is that the massive electrical current of a lightning strike generates radio bursts. For a fleeting moment, a lightning bolt works like a giant, rambunctious radio tower. “If you have a lightning discharge that hits the ground, you might have a channel of charge that’s a few miles long,” says Ryan Said, a research scientist at Vaisala. “And that essentially acts as a temporary antenna in the sky.”

Still, if it weren’t for a quirk in our atmosphere, this signal would be difficult to detect. But the ionosphere—an ionized layer in Earth’s upper atmosphere—reflects a significant amount of the radio signal back to the ground for Vaisala’s devices to detect. Think of these like bigger, more sensitive versions of a loop antenna for receiving AM broadcasts. “If we have a sensitive enough receiver, we can detect these radio emissions at global distances,” says Said. “That’s how, with dozens of receivers around the world, we can monitor lightning anywhere, including up into the Arctic.” (See above for a visualization of strikes around the world.)

The trick lies in essentially triangulating the signal. “We measure the time at which these radio bursts reach the sensors and the direction,” notes Said. If a lightning bolt’s radio burst hits at least three sensors in Vaisala’s synchronized global network, the system can pinpoint when and where the signal originated. Vaisala can even translate the radio signal into sound for our human ears, which you can hear here. (Each pop is a single lightning strike.)

Not that this signal is easy to parse, mind you. You’ve got to account for the reflections off the ionosphere, for instance. So the bulk of the company’s effort, Said explains, “is devoted to properly interpreting those signals so that we can extract reliable information from them.”

Reliability is paramount, because it’s not just the National Weather Service that uses Vaisala’s data. Airports appreciate knowing if a thunderstorm is incoming to plan for delays or cease fueling operations. The system can even work on a forensic level too, perhaps to discern if a lightning strike may have started a wildfire.

So if lightning thinks it can just strike willy-nilly and still escape notice, it’s got another thing coming.


More Great WIRED Stories

Apple Puts the AR in ‘Art’ (and in ‘Transparent Sky-Being’)

By | News | No Comments

Apple Puts the AR in ‘Art’ (and in ‘Transparent Sky-Being’) originally published on Wired

Thanks to a hot desert air mass stalling over San Francisco, the sky was a fogless blue, which made the words stand out even more as they floated upwards past St. Patrick Church in downtown San Francisco. White and uppercase, they rose in perfectly justified blocks, the voice of artist and poet John Giorno intoning them in my headphones: “A vast dome of blue sky / and your mind / is an iron nail in between.” On and on, the uppermost words breaking up and floating away, a Star Wars crawl of Buddhist introspection.

It was breathtaking for its scale—each word was dozens of feet high—yet the lunchtime crowds in Yerba Buena Gardens didn’t even notice. The only people who seemed as rapt as I was, in fact, were the three who were pointing an iPhone XS Plus in the same direction I was and wearing Beats headphones identical to mine. All that Apple was no coincidence: Giorno’s piece, Now at the Dawn of My Life, was one of six pieces in the company’s [AR]T Walk, an augmented-reality public art walking tour that launched this week.

AR, in which virtual objects are integrated into your real-world surroundings, has been embraced by museums and artists (conventional and guerrilla) dating back nearly a decade, and AR- and VR-specific exhibits have been popping up with ever more regularity. Much of that is because AR is easier to build and implement than ever before: Android and iOS feature AR development toolkits that have improved significantly since their 2017 introductions, and Facebook turned its Camera Effects platform into a similar toolkit called Spark AR.

But while all three of those systems—along with wearables like Microsoft HoloLens and the Magic Leap One—have been used to create virtual art in real-world galleries, moving outside those confines and into public spaces has been a more difficult proposition, in no small part because of the challenge of presenting a consistent experience for all users. (More on that in a bit.) The two-hour [AR]T Walks, developed in partnership with the New Museum in New York City, may only be available at five of the more than 500 Apple Stores around the globe, but in scope and scale they’re wildly ambitious, a deployment of AR that’s all but unprecedented outside the world of games.

Each of the walks features the same six pieces, which artists developed with New Museum over the course of a year; the only difference is the cityscapes housing them. For the Walk leaving from San Francisco’s Union Square store, groups venture first down car-free Maiden Lane, where they experience a piece from Chicago artist Nick Cave. (No, not that Nick Cave.) Known for his wearable “soundsuits” that shroud their wearers’ identifying characteristics, Cave uses AR to refashion the idea completely. On the phone screen, you’re presented with a swirling virtual soundsuit that you follow down the street, tapping and swiping at it to see how it reacts. It’s cute, if not mindbending—until you reach the end of the street to find an enormous transparent being perched atop a building, hoovering up those soundsuits to clothe itself in their patterns.

The finale of Nick Cave’s Soundsuits, as seen from inside New York’s Central Park.

Apple

The result, as with the best of the pieces in the process, hinges on some painstaking procedural hygiene. Two employees from Apple’s in-store events staff—Today In Apple, as it’s known—lead each group. One carries an iPad that controls the private [AR]T Walk app on the Apple-furnished XS Pluses attendees use; the other acts as a behavioral model, demonstrating at each location exactly how to trigger the AR experience.

About that: If you’re going to create a good shared persistent AR experience—shared meaning it’s visible to anyone in that specific location, and persistent meaning it can be seen on multiple visits to that location—you need a coordinate system so that the AR elements always show up in the same place. Think of it as a three-dimensional version of the origin point in a Cartesian plane, where the X and Y axes cross. Once your phone registers that it’s looking at the anchor, it can then layer in all the AR elements in their proper places based on that starting position.

Even then, things can go wrong. Take this unrelated AR piece of the late Jeffrey Epstein hovering over the site of a President Trump rally in New Hampshire, which artist Nancy Baker Cahill unveiled this week.

As a piece of political trollery, it’s undeniable; as a convincing illusion, less so. It jitters visibly, and seems to have trouble staying anchored to the arena—both immersion-breakers of the highest order.

The [AR]T Walk largely avoids such pitfalls by relying on a preparatory dance at each location. You walk to a very specific area, hold up your phone while facing away from the anchor—usually a sign, which features enough unique high-contrast patterns to be quickly recognizable—and then rotate a full 180 degrees until you face the anchor. The whole thing feels very Apple: incredibly polished and incredibly stable, as long as you did things exactly the way Apple told you to.

The other pieces, distributed throughout three locations covering about a mile and a half of walking, range from the whimsical to the bleak. In Cao Fei’s Trade Eden, a labyrinthine series of conveyor belts ferrying unmarked boxes appears in a plaza, distilling global trade into a fantastical display of futility. Nathalie Djurberg and Hans Berg’s This Is It uses a series of midair speech balloons to beckon attendees through a grove of trees, until finally unveiling a cautionary tale seemingly hidden inside a tree.

Peter Rubin writes about media, culture, and virtual reality for WIRED.

Meanwhile, over the course of the walk, an entirely different form of art emerges. A half-dozen people walking through public places, clustering around seeming nothingness and staring at their phones? It might have been commonplace when Pokémon Go first swept the outdoors in 2016, but it still attracts attention. Apple has made no secret of its AR aspirations, but its slow-drip approach has always targeted users inside the home: placing furniture, playing with Legos. The [AR]T Walks are still a drip—small groups, close supervision, very few locations—but they’re also an unmistakeably public drip, one that’s much closer to a stream than ever before.

Besides, any new technology trying to catch a current into the mainstream needs to feel familiar, or at the very least not alienating—and part of that is acclimating people to unexpected new behaviors. Like selfies. Or taking phone calls in public on near-invisible earbuds. Or even walking through the midst of a crowded park during lunch hour, following a winding path no one else can see.

If you don’t happen to live in San Francisco—or New York, Tokyo, Hong Kong, or London, the other four cities with walks—you’re not totally ARsed. All Apple Stores are currently hosting an additional Nick Cave augmented-reality installation, Amass, as well as free sessions where you can learn to build AR experiences using an iPad app.


More Great WIRED Stories

Judge orders Georgia to switch to paper ballots for 2020 elections

By | News | No Comments

Judge orders Georgia to switch to paper ballots for 2020 elections originally published on Ars Technica

An election official holds an electronic voting machine memory card following the Georgia primary runoff elections at a polling location in Atlanta, Georgia, US, on Tuesday, July 24, 2018.
Enlarge / An election official holds an electronic voting machine memory card following the Georgia primary runoff elections at a polling location in Atlanta, Georgia, US, on Tuesday, July 24, 2018.

Elijah Nouvelage/Bloomberg via Getty Images

Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state’s argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then.

The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines. Georgia hopes to have the new machines in place in time for a presidential primary election in March 2020. In principle, that switch should address many of the critics’ concerns.

The danger, security advocates said, was that the schedule could slip and Georgia could then fall back on its old, insecure electronic machines in the March primary and possibly in the November 2020 general election as well. The new ruling by Judge Amy Totenberg slams the door shut on that possibility. If Georgia isn’t able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade.

Alex Halderman, a University of Michigan computer scientist who served as the plaintiffs’ star witness in the case, hailed the judge’s ruling.

“The court’s ruling recognizes that Georgia’s voting machines are so insecure, they’re unconstitutional,” Halderman said in an email to Ars. “That’s a huge win for election security that will reverberate across other states that have equally vulnerable systems.”

Georgia’s voting technology is deeply flawed

Totenberg’s ruling is 153 pages long because it presents a mountain of evidence that Georgia’s touchscreen voting machines—as well as back-office software the state uses to manage voter registrations, design ballots, and count votes—are outdated and insecure.

Georgia is still using Diebold Accuvote TSX touchscreen machines whose hardware and software date back to around 2005. In 2006 and 2007, security researchers discovered numerous security vulnerabilities in these machines—problems serious enough to cause California to decertify them from use in state elections.

After one 2006 report, Totenberg writes, “Diebold was forced to create a security patch for the vulnerable TSX software.” Yet incredibly, “there is no evidence that Georgia ever implemented the software patch or made any upgrades to protect the integrity of its DRE machines,” Totenberg says.

The security problems found by those early researchers were serious. Not only can someone with physical access to the machine install vote-stealing malware, it’s also possible to deliver such malware using viruses that spread from machine to machine on the memory cards election workers use to load ballot information onto them. Hence, a malicious actor with a few minutes’ access to a single machine could potentially hack dozens or even hundreds of machines.

These concerns seemed somewhat theoretical when they were first raised around 2006. After all, who would want to hack an election? But they’ve been given added urgency after revelations that the Russian government actively probed state election systems—including in Georgia—in 2016.

Not actually air-gapped

Besides hacking voting machines directly, another way someone could compromise an election would be to first hack the office computers of election officials. Officials use these computers to create ballot definition files that are later transferred to voting machines via memory cards. Here too, there’s a risk that malware could ride along with the ballot files and infect machines.

Georgia election officials dismissed these concerns. In 2018 testimony before Judge Totenberg, official Michael Barnes insisted that the computers used to design electronic ballots were air-gapped from the Internet, making it impossible for remote attackers to compromise them. But subsequent testimony made it clear that this was wrong. In reality, Totenberg writes, ballots were designed “on public-facing internet-connected desktop computers of the individual ballot builders, then copied over from the public facing computer onto a ‘lockable’ USB drive for transfer to the ‘air-gapped’ system.”

In court testimony, Halderman pointed out that this setup isn’t actually secure. “Air-gapping” a computer does no good if people are regularly transferring files to it from Internet-connected computers.

It gets worse. In 2016, a Georgia-based security researcher discovered that Kennesaw State University’s Center for Election Systems, which has a contract to help Georgia manage its elections, had a massive cache of sensitive election-related documents—including private voter data and passwords for election systems—publicly available on its website for anyone to download. After being notified of the breach, it took officials months to remove the sensitive information from the website.

Many voters reported problems with the machines

Meanwhile, dozens of ordinary Georgia voters told the court that they had experienced problems with Georgia’s touchscreen machines. Totenberg describes one voter’s experience:

Teri Adams described that when she voted at the Bleckley County Courthouse and selected candidate Stacey Abrams for governor on the DRE screen, she noticed that her designated selection was listed as Brian Kemp on the review screen. She tried to vote for Abrams a second time, but the review screen again showed Kemp as her chosen candidate. Ms. Adams cast her ballot on the third try when her selection in the governor’s race remained Abrams. Adams reported her problems on “machine number 2” to the poll workers whose only response was “did it take your vote?”

Adams was hardly an isolated case. A number of voters reported that it took two or three tries to ensure that a voting machine was choosing their preferred candidate.

Is this evidence that hackers were tampering with the election? Probably not. It seems more likely that Georgia’s touchscreen machines are just old and poorly designed. Someone who hacked the machines in order to steal the election wouldn’t have any reason to alarm voters by showing the stolen vote on the screen—they could show the voter’s correct choice on the screen while recording a different result in the electronic record.

But the fact that so many voters have reported problems with the machines is a problem in its own right. A mis-recorded vote is a problem regardless of whether it was the result of hacking, malfunctioning equipment or just a badly designed user interface. And there’s now ample evidence that touchscreen machines are a less effective way to record voters’ choices than a traditional paper ballot.

Georgia must stop using its machines after 2019

Judge Totenberg had all of these problems in mind as she was deciding what to do with the lawsuit. She was convinced by the plaintiffs’ argument that Georgia’s current election system was fatally flawed and needed to be overhauled—and that a hand-marked paper ballot was the gold standard for secure and reliable voting.

At the same time, she took seriously warnings from the state of Georgia that an abrupt shift to paper ballots could cause more disruption than it was worth. The issue was complicated by the fact that Georgia’s legislature recently passed legislation directing that the state develop a new election system based on ballot-marking devices—electronic voting machines that print out a paper ballot the voter can examine.

Georgia has signed a contract with a vendor for these new machines and plans to start testing them in a few cities in this November’s elections. The state aims to start rolling the new system out statewide in time for next March’s presidential primary. Under that timeline, the state would stop using its current, insecure machines before the end of the year.

The problem, critics point out, is that the state may not be able to roll out the new system in time for next March’s election. Experts testified that Georgia has set an unusually aggressive timeline for standing up a completely new election system, and this creates a risk that the schedule could slip. In that case, Georgia’s most likely fallback would be to continue using its existing touchscreen machines for the spring primary election—and possibly even the November 2020 general election.

So Judge Totenberg decided to split the difference. She denied the plaintiffs’ request to force Georgia to begin using paper ballots in the November 2019 election. She accepted the state’s argument that it would be a waste of resources to set up a paper-based system that will only be used in a single election—and that such an order could distract from efforts to develop the new system for 2020.

However, she also ordered the state not to use its old touchscreen machines as a fallback for elections in 2020. If the new ballot-marking devices aren’t ready by March, the state will be required to use hand-marked paper ballots instead.

People are finally listening to computer scientists

The order is an important ruling for voters in Georgia, who won’t have to worry about outdated equipment failing to accurately record their vote in 2020. But the ruling is also an important milestone in the broader debate over voting machine security. Judge Totenberg’s ruling is a strong endorsement of the consensus of computer security experts about the dangers of computer-based voting. Princeton computer scientist Andrew Appel put it well in a report quoted by Totenberg:

All digital information—such as ballot definitions, voter choice records, vote tallies, or voter registration lists—is subject to malicious alteration; there is no technical mechanism currently available that can ensure that a computer application—such as one used to record or count votes—will produce accurate results; testing alone cannot ensure that systems have not been compromised; and any computer system used for elections—such as a voting machine or e-pollbook—can be rendered inoperable.

As a result of these arguments, most computer scientists favor voting via a hand-marked paper ballot. They believe that computerized optical scanners are a reasonable way to speed up the vote-counting process provided that a state also provides for routine post-election audits that hand count a random sample of ballots to verify the accuracy of the machine count.

Federal legislation to strengthen election security has been blocked by Senate Majority Leader Mitch McConnell. But that doesn’t preclude changes at the state level, with the courts spurring states along in the most egregious cases. Totenberg’s clear and thorough ruling will give opponents of electronic voting machines a bit of extra momentum as they race to decommission as many electronic voting machines as possible before the November 2020 presidential election.

Monthly Web Development Update 8/2019: Strong Teams And Ethical Data Sensemaking

By | News | No Comments

Monthly Web Development Update 8/2019: Strong Teams And Ethical Data Sensemaking originally published on Smashing Magazine

Monthly Web Development Update 8/2019: Strong Teams And Ethical Data Sensemaking

Anselm Hannemann



What’s more powerful than a star who knows everything? Well, a team not made of stars but of people who love what they do, stand behind their company’s vision and can work together, support each other. Like a galaxy made of stars — where not every star shines and also doesn’t need to. Everyone has their place, their own strength, their own weakness. Teams don’t consist only of stars, they consist of people, and the most important thing is that the work and life culture is great. So don’t do a moonshot if you’re hiring someone but try to look for someone who fits into your team and encourages, supports your team’s values and members.

In terms of your own life, take some time today to take a deep breath and recall what happened this week. Go through it day by day and appreciate the actions, the negative ones as well as the positive ones. Accept that negative things happen in our lives as well, otherwise we wouldn’t be able to feel good either. It’s a helpful exercise to balance your life, to have a way of invalidating the feeling of “I did nothing this week” or “I was quite unproductive.” It makes you understand why you might not have worked as much as you’re used to — but it feels fine because there’s a reason for it.

News

  • Three weeks ago we officially exhausted the Earth’s natural resources for the year — with four months left in 2019. Earth Overshoot Day is a good indicator of where we’re currently at in the fight against climate change and it’s a great initiative by people who try to give helpful advice on how we can move that date so one day in the (hopefully) near future we’ll reach overshoot day not before the end of the year or even in a new year.
  • Chrome 76 brings the prefers-color-scheme media query (e.g. for dark mode support) and multiple simplifications for PWA installation.

UI/UX

JavaScript

Web Performance

  • Some experiments sound silly but in reality, they’re not: Chris Ashton used the web for a day on a 50MB budget. In Zimbabwe, for example, where 1 GB costs an average of $75.20, ranging from $12.50 to $138.46, 50MB is incredibly expensive. So reducing your app bundle size, image size, and website cost are directly related to how happy your users are when they browse your site or use your service. If it costs them $3.76 (50MB) to access your new sports shoe teaser page, it’s unlikely that they will buy or recommend it.
  • BBC’s Toby Cox shares how they ditched iframes in favor of ShadowDOM to improve their site performance significantly. This is a good piece explaining the advantages and drawbacks of iframes and why adopting ShadowDOM takes time and still feels uncomfortable for most of us.
  • Craig Mod shares why people prefer to choose (and pay for) fast software. People are grateful for it and are easily annoyed if the app takes too much time to start or shows a laggy user interface.
  • Harry Roberts explains the details of the “time to first byte” metric and why it matters.

CSS

HTML & SVG

  • With Chrome 76 we get the loading attribute which allows for native lazy loading of images just with HTML. It’s great to have a handy article that explains how to use, debug, and test it on your website today.

Lazy loading images of cats
No more custom lazy-loading code or a separate JavaScript library needed: Chrome 76 comes with native lazy loading built in. (Image credit)

Accessibility

Security

  • Here’s a technical analysis of the Capital One hack. A good read for anyone who uses Cloud providers like AWS for their systems because it all comes down to configuring accounts correctly to prevent hackers from gaining access due to a misconfigured cloud service user role.

Privacy

Work & Life

  • For a long time I believed that a strong team is made of stars — extraordinary world-class individuals who can generate and execute ideas at a level no one else can. These days, I feel that a strong team is the one that feels more like a close family than a constellation of stars. A family where everybody has a sense of predictability, trust and respect for each other. A family which deeply embodies the values the company carries and reflects these values throughout their work. But also a family where everybody feels genuinely valued, happy and ignited to create,” said Vitaly Friedman in an update thought recently and I couldn’t agree more.
  • How do you justify a job in a company that has a significant influence on our world and our everyday lives and that not necessarily with the best intentions? Meredith Whittaker wrote up her story of starting at Google, having an amazing time there, and now leaving the company because she couldn’t justify it anymore that Google is using her work and technology to get involved in fossil energy business, healthcare, governance, and transportation business — and not always with the focus on improving everyone’s lives or making our environment a better place to live in but simply for profit.
  • Synchronous meetings are a problem in nearly every company. They take a lot of time from a lot of people and disrupt any schedule or focused work. So here’s how Buffer switched to asynchronous meetings, including great tips and insights into why many tools out there don’t work well.
  • Actionable advice is what we usually look for when reading an article. However, it’s not always possible or the best option to write actionable advice and certainly not always a good idea to follow actionable advice blindly. That’s because most of the time actionable advice also is opinionated, tailored, customized advice that doesn’t necessarily fit your purpose. Sharing experiences instead of actionable advice fosters creativity so everyone can find their own solution, their own advice.
  • Sam Clulow’s “Our Planet, Our Problem” is a great piece of writing that reminds us of who we are and what’s important for us and how we can live in a city and switch to a better, more thoughtful and natural life.
  • Climate change is a topic all around the world now and it seems that many people are concerned about it and want to take action. But then, last month we had the busiest air travel day ever in history. Airplanes are accountable for one of the biggest parts of climate active emissions, so it’s key to reduce air travel as much as possible from today on. Coincidentally, this was also the hottest week measured in Europe ever. We as individuals need to finally cut down on flights, regardless of how tempting that next $50-holiday-flight to a nice destination might be, regardless of if it’s an important business meeting. What do we have video conferencing solutions for? Why do people claim to work remotely if they then fly around the world dozens of times in their life? There are so many nice destinations nearby, reachable by train or, if needed, by car.

Update from a team member of what happened during the week and what he’s working on
The team at Buffer shares what worked and what didn’t work for them when they switched to asynchronous meetings. (Image credit)

Going Beyond…

  • Leo Babauta shares a tip on how to stop overthinking by cutting through indecision. We will never have the certainty we’d like to have in our lives so it’s quite good to have a strategy for dealing with uncertainty. As I’m struggling with this a lot, I found the article helpful.
  • The ethical practices that can serve as a code of conduct for data sensemaking professionals are built upon a single fundamental principle. It is the same principle that medical doctors swear as an oath before becoming licensed: Do no harm. Here’s “Ethical Data Sensemaking.”
  • Paul Hayes shares his experience from trying to live plastic-free for a month and why it’s hard to stick to it. It’s surprising how shopping habits need to be changed and why you need to spend your money in a totally different way and cannot rely on online stores anymore.
  • Oil powers the cars we drive and the flights we take, it heats many of our homes and offices. It is in the things we use every day and it plays an integral role across industries and economies. Yet it has become very clear that the relentless burning of fossil fuels cannot continue unabated. Can the world be less reliant on oil?
  • Uber and Lyft admit that they’re making traffic congestion worse in cities. Next time you use any of those new taxi apps, try to remind yourself that you’re making the situation worse for many people in the city.

Thank you for reading. If you like what I write, please consider supporting the Web Development Reading List.

—Anselm

Smashing Editorial
(cm)

Disney Is Finally Taking On Account Sharers

By | News | No Comments

Disney Is Finally Taking On Account Sharers originally published on Wired

Disney and Charter Communications are teaming up to fight account sharing in an attempt to prevent multiple people from using a single account to access streaming video services.

The battle against account sharing was announced as Disney and the nation’s second-biggest cable company struck a new distribution agreement involving Disney’s Hulu, ESPN+, and the forthcoming Disney+. Customers could still buy those online services directly from Disney, but the new deal would also let them make those purchases through Charter’s Spectrum TV service.

ARS TECHNICA

This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast.

If you buy a Disney service through Charter, be aware that the companies will work together to prevent you from sharing a login with friends. Disney and Charter said in their announcement Wednesday that they have “agreed to work together on piracy mitigation. The two companies will work together to implement business rules and techniques to address such issues as unauthorized access and password sharing.”

In addition to streaming services, the deal will let Charter continue carrying Disney-owned TV channels on its cable service. That includes ABC, the various Disney and ESPN channels, FX, National Geographic, and more.

“This agreement will allow Spectrum to continue delivering to its customers popular Disney content, makes possible future distribution by Spectrum of Disney streaming services, and will begin an important collaborative effort to address the significant issue of piracy mitigation,” Charter Executive VP Tom Montemagno said.

The announcement didn’t say exactly how the companies will fight account sharing. We asked Charter for technical details on how it’ll work and about whether this will result in more personal customer data being shared between Charter and Disney. Charter did not answer any of our questions, saying, “we don’t have details to share at this time.”

We sent the same questions to Disney and will update this article if we get any answers.

Charter CEO complained about account sharing

The crackdown could target people who use Charter TV account logins to sign into Disney services online. Charter CEO Tom Rutledge has complained about account sharing several times over the past few years while criticizing TV networks for not fully locking down their content.

“There’s lots of extra streams, there’s lots of extra passwords, there’s lots of people who could get free service,” Rutledge said at an industry conference in 2017. He argues that password sharing has helped people avoid buying cable TV. ESPN has also complained about account sharing, calling it piracy.

Another possibility is that Charter could monitor usage of its broadband network to help Disney fight account sharing. For example, Disney could track the IP addresses of users signing in to its services, and Charter could match those IP addresses to those of its broadband customers. Charter has plenty of leeway to share its customers’ private browsing data because the Republican-controlled Congress eliminated broadband privacy rules in 2017.

Customers could use VPN services to attempt to avoid detection, though.

Charter has 15.8 million residential TV customers nationwide, making it the second-biggest cable TV service after Comcast. But it lost 400,000 video customers in the past year. Charter’s broadband service has gone in the other direction, rising from 23.1 million to 24.2 million residential customers in the past year.

In contrast to Charter and Disney, Netflix and HBO haven’t cared as much about account sharing.

Netflix and HBO take less strict approach

Sharing a Netflix account “with individuals beyond your household” does violate Netflix’s terms of use, but the restriction isn’t heavily enforced. “Password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you sharing with your spouse, with your kids,” Netflix CEO Reed Hastings said in 2016.

Now-former HBO CEO Richard Plepler once said that password sharing is a “terrific marketing vehicle for the next generation of viewers” and that “we’re in the business of creating addicts.” (Plepler left HBO in February, less than a year after AT&T bought HBO owner Time Warner.)

Netflix, HBO, and the Disney-owned Hulu all limit the number of concurrent streams on each account, however. That doesn’t prevent account sharing entirely, but such a policy can make it inconvenient to share an account with a bunch of friends.

This story originally appeared on Ars Technica.


More Great WIRED Stories