Notegraphy shutting down web services by June 30th

Notegraphy announced in a press release that as a result of “overhauling their technology platforms”, the web version of Notegraphy will be discontinued on June 30th.

If you have anything on Notegraphy you want to keep before the June 30th purge, you will need to…

  1. Login to www.notegraphy.com with your username and password
  2. Go to Settings
  3. Select Backup my notes
  4. Check your email for the link to download your notes to your PC or Mac

The company has a new app they are pushing (of course!), but to delete all of their user’s works in Notegraphy instead of automatically migrating them to the new app is a boneheaded executive decision. After all, if they are willing to eviscerate Notegraphy with one week’s notice and not offer a full migration path to its’ supposed successor, what’s to stop them from doing the same with any of their future products?

Congress’ basic guidelines for automated vehicles miss the potential problems

In a recent article on Government Tech’s website, Congress announced they have already come up with six basic guidelines to regulate the future of autonomous vehicles.

The six legislative principles that have been defined are…

  • Prioritize safety
  • Promote continued innovation and reduce existing roadblocks
  • Remain tech neutral
  • Reinforce separate federal and state roles
  • Strengthen cybersecurity
  • Educate the public to encourage responsible adoption of self-driving vehicles

While the government is starting off some very generic principles to regulate the industry and have some other concerns they are starting to look into, I see a few very significant problems that must be addressed before fully autonomous vehicles become the nationwide standard.

  1. Since non-automated vehicles as stated in the article are already responsible for “94 percent of crashes” due to “human error or decision”, ownership of a non-connected vehicle will eventually be vilified (if not seen as an outright criminal liability). This issue may play out through a heavy “tax” and/or insurance levy on those individuals who wish to retain their non-automated vehicles, or an outright ban on the manufacture of “human driven” vehicles after a certain date. Will automated vehicles and “human driven” vehicles be allowed to co-exist? Or will there be a mandatory phase-out period in the coming decade?
  2. Navigating any city using an outdated GPS system is already a problem with “human driven” vehicles. What will happen if an automated vehicle is allowed to operate with an outdated GPS system? To avoid a potentially lethal outcome, I expect the government to create an oversight agency to mandate all autonomous vehicles have the most recent firmware and software updates at specific intervals. This may play out through updates as infrequently as every “state inspection”, or be more strict via mandatory updates at every refueling (with the option to penalize or completely restrict owners who continue to use a vehicle with outdated software). This, by proxy, also brings up the issue of standardization of GPS systems. While the government has so far been hesitant to declare a standard for automated vehicles to use, this could soon be a pressing safety issue that will not wait for a consumer verdict.
  3. When automated vehicles can be sent home at any time, as stated in the article, “this could create significantly more vehicle-miles traveled, ultimately causing worse congestion. People could potentially send their car home rather than paying for expensive parking in an urban core.” Cities would lose income on previously reliable parking garage and meter fees and will also have to address the sudden glut of unused parking buildings across their downtown areas. I don’t expect any city to gracefully accept this loss of income, and will instead create toll lanes on previously “free” roads as well as a new universal “miles usage” tax for increased “wear and tear” on the roads. Will the federal government allow this?
  4. When automated vehicles become the majority, what is to stop overreach from non-traffic related issues once vehicles become fully interconnected? If you owe the IRS, a court judgement, have overdue child support payments, or even a late credit card payment, what is to stop a restriction from being placed on a connected vehicle’s use since it will be readily available online? Is driving still a privilege and not a right in the coming era of automated vehicles?
  5. Uber is already a nightmare for city taxi services. What is to stop Uber (or a similar company) from purchasing several automated buses that pick up and drop off passengers at designated areas defined by the users themselves? Instead of losing their bus/subway/transport base (IE: income), I expect a hard push back on Uber-style companies through city-based lawsuits and insurance bribes concerns on the safety of a peer-controlled company with no external oversight.

While self-driving cars sound like a futuristic utopia we might actually see in our lifetimes, once the industry makes it to the “real world”, I think the early winners won’t be the consumers, but the attorneys who will be litigating every step of the way.

How to make a “thread” (or “tweetstorm”) on Twitter

If you’ve been on Twitter recently, you might have noticed more and more people have a topic they want to discuss that takes far more than the 140 character limit per Tweet allowed. When they have a long topic to discuss, they create a “thread” on Twitter you can read all at once.

Here’s an example of a “thread” that was recently posted by Twitter…

Example of a Twitter thread

The way to create a “thread” like the one above was outlined in a recent Twitter Business post.

The process is very simple…

  1. Create a “first” tweet
  2. Reply to your own “first” Tweet
  3. If your @name appears in the Tweet compose field, delete it. The reply you type will nest under your first Tweet automatically.
  4. Continue replying to the newest / most recent Tweet in your thread until your narrative is complete.

That’s it!

For clarification, multiple posts in a row on the same topic are sometimes also referred to as “tweetstorms”, especially if they carry on for awhile.

If you want to create a “tweetstorm” with a numeric tally at the beginning of each tweet so your followers know how long the post will be (EX: A prefix of 1/12, then 2/12, then 3/12, etc…) there’s a freemium web service called WriteRack that will do that for you. You just paste your entire topic to their website (after you authorize WriteRack to access Twitter), and their service will break up your topic and post it for you with the appropriate sequence.

WriteRack’s free version limits you to 15 tweets in a “thread” and does not allow you to post images or space the postings out in a specified timeframe. Their premium service ($19.95 annually) allows for 100 tweets in a “thread” and removes the restrictions from the “free” version.

Be careful with all the other online apps that offer to post threads / tweetstorms for you. Some “need” to update your profile and add followers to your account as well as access your contacts. Choose another service if you see those requirements when connecting the app to Twitter.

FOSCAM cameras compromised. Affected models should be disconnected.

In a press release yesterday afternoon, Foscam officially announced their branded cameras manufactured by China-based Shenzhen Foscam have severe security vulnerabilities “which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network.”

Foscam recommends “disconnecting your current Foscam branded cameras from the internet until these issues have been resolved”

The models affected are:

  • Foscam R2
  • Foscam C1
  • Foscam C1 Lite
  • Foscam C2
  • Foscam FI9800
  • Foscam FI9826P
  • Foscam FI9828P
  • Foscam FI9851P
  • Foscam FI9853EP
  • Foscam FI9901EP
  • Foscam FI9903P
  • Foscam FI9928P

“The vulnerabilities affect “Foscam” branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.”

There is a damning report by FSecure [.pdf download] on the exact vulnerabilities found on the affected Foscam cameras. For starters, there’s hidden Telnet functionality, hidden hard-coded credentials for the web user interface, the FTP server account to the cameras have a hard-coded password, and the configuration back-up file is protected by hard-coded credentials. Any one of those is a very bad thing, but for all of those hard-coded backdoors to be on every camera system and on all models coming from one location? “Suspicious” would be a kind word.

Like I ranted about master passwords and again on master backdoors, hardware and software with embedded hard coded and/or universal master passwords are a big problem. Regardless of the original intent of having a master password and/or backdoor, once that “core” password gets out, that product is now fair game for anyone for any purpose anywhere anytime.

Good thing everyone on the internet is kind and rational. Oh, wait, that was just that one day back in 1989. Nevermind.

One Login password manager hacked

If you use One Login for your password storage, get ready for a bad weekend. The company announced their services have been hacked.

In an article on Ars Technica, the company said hackers compromised “customer data… including the ability to decypt encrypted data”.

If you have used One Login to save your passwords, you need to go through what you saved with them and change your password for all accounts they have.

On a side rant, using an online password manager is always a bad idea. Sure, it is convenient, but that also makes it a much bigger target for the bad guys. Thousands of unique bank accounts, account passwords and “real world” information like social security numbers and home security codes all in one place? I recommend using a local offline password manager instead.

What the iPhone 7 could have done to be different

The iPhone 7 is a definite “meh”. Same look, same system, same Apple repackaging of last year’s tech.

Apple keeps missing opportunities to innovate, and if they keep this trend going, more and more Apple fanatics are going to jump ship.

Off the top of my head, here some things I would like Apple to do with their iPhone line…

  • Move the top camera behind the front screen so selfies and Facetime chats are “centered” and not focused on someone’s chin or forehead. The camera would “read” the colors in front of it (whatever pixels are on the display) and correct (ie: remove) them in the output. The camera would be invisible to the user and there would be no “black dots” on the screen. Video chats would finally look like they do in the movies where people look at the screen and not at the camera four inches over it.
  • Open a mid-level API so advanced developers could make “high end” apps for the iPhone. Nothing that would tweak the core iOS, but things like real system theme changes, control over zooming and scaling, changing the mail fetch interval, reading tower signal strength, etc. All the new apps that use the mid-level API would be in an “advanced” section of the app store. If any of the apps caused problems, mid-level apps could be disabled in SETTINGS.
  • Offer a battery enhanced model of all iPhones. They would be thicker than the “normal” versions, but with 300% more battery life. Bonus points if the battery could be hot-swapped for a “new” battery and a smaller internal battery would keep the iPhone working during the switch.
  • On a related note, wireless charging for “standard” iPhones would be a long-overdue addition, but also add charging transfer for the battery enhanced iPhones to “standard” iPhones. Imagine being able to transfer power from one fully charged iPhone to another iPhone if they were touching back to back.
  • Keep the existing microphone on the bottom of the iPhone, but add one microphone on the top to allow for “stereo” recordings. Put a built-in app that shows “left channel/right channel” sound editing for extra credit.
  • Add a micro SD card port for storage and photo/file transfers already.
  • Boost iCloud’s storage to half the iPhone’s current capacity. By default, 128s would get 64 gigs of cloud storage, 64s would get 32 gigs of storage and 16s would get 8 gigs of storage.
  • Color changing LEDs have been around for awhile, so why not have the LED on the back of the phone that’s just a “white flash” change color too? Blue, yellow, soft white, etc. Add intensity control and the ability to specify color changes in the camera as the photo is being taken and Instagrammers will go bananas.
  • Open AirDrop to all phone manufacturers so it becomes the standard for phone-to-phone wireless exchanges.
  • Finally, a minor tweak to the iTunes store – allow for apps, movies and music purchased online to be completely transferred to another account once every five years.

Like I said, just off the top of my head, there’s a lot of things Apple can do to keep their iPhones popular and far ahead of their competitors. Releasing the same design with trivial changes isn’t going to be a sustainable business model no matter how much liquid cash they have in reserve.

Concern over headphone based DRM on the iPhone 7

To paraphrase Han Solo, “I’m away for awhile and everybody gets delusions of grandeur.”

Apple just announced a new iPhone, and instead of being excited, I’m kind of worried. By removing the old fashioned headphone jack in the new iPhone 7 and making all audio go through their DRM enabled lightning jack, Apple has placed a HUGE hardware audio lock on all consumers.

Putting it in a really simple way, standard headphone jacks don’t have a guard at the exit door. Any sound can come out. Lightning jacks on the iPhone 7 DO have a guard at the door who can decide what sounds get to leave and what sounds can’t. The new guard may not let some sounds out unless there’s a specific ride waiting for them.

As for the sounds themselves, if the sound has to call home every time it wants to exit and play, if their home doesn’t answer or if their home says “you’re not supposed to be there”, the guard won’t let them out. 

Sounds that play already should be ok, but with this new guard at the door, more “homes” concerned with making money and keeping their sounds safe might demand calls home all the time. 

There’s no legal way to circumvent the guard, and since the guard is part of the hardware, he’s not going to move without a major undertaking.

This is a huge loss of consumer control. Apple can now lock out headphones, speakers and even audio formats if they haven’t paid the appropriate bribe to Apple in advance.

Did I say bribe? I meant licensing fee.

The really sad thing is that since Apple has set this as their new normal and Apple fans typically buy new iPhones in record numbers, other phone manufacturers will pick up on this new source of income and run with it.

This just might wind up in a class action lawsuit in a few years.

In other news, my world has changed for tremendously better, and this blog might maybe spin slightly in a new direction. It’s all good, though. Happiness is infectious!

Don’t use your 3D printer for secret projects without the radio blasting

If you’re using a 3D printer to prototype your awesome ideas, you better have the radio blasting nearby before the plastic starts flowing.

According to an article on GCN, an amazing discovery by the University of California showed that a basic smartphone could “record the acoustic signals coming from a 3-D printer’s nozzle and reverse-engineer the object being printed.”

The article says the main problem is that “once the process (or 3D printing) starts, emissions produced by the printer create acoustic signals that contain information that can indicate the location of the nozzle” on the printer.

That’s just nuts. You spend months working on a project designing it to perfect spec and finally get to the production stage, only to get it swiped by someone nearby with a open phone line as it prints!

The researchers say professional 3D printers need to “think about ways to jam the acoustic signals, such as a white-noise device”, but for my money, a big speaker blasting industrial music near the 3D printers should be good enough security.

Who knew Ministry and Nine Inch Nails were good for corporate security?

Much ado about nothing : why no law enforcement agency needs a “master backdoor”

The FBI has made no secret recently about their “need” to get into a recent terrorists’ iPhone, and have currently demanded the source code for the entire iPhone system in order to access a particular device as part of their investigation.

Here’s the problem. There’s already a legal system in place for problems like this.

When a law enforcement agency has a warrant, they get the right to obtain the stated information from that specific individual or group that is listed in the warrant. For example, if there is a warrant for John Doe to open the safe in his home, John Doe has to to open the safe in his home. If John Doe refuses to act on a legally served warrant. he is jailed until he does surrender the information and fully complies with the warrant.

There’s no onus on the safe company to provide a master key. There’s no mandate for all homes to have a master key on their deadbolt so warrants can be served. It is the legal obligation of the individual(s) named in the warrant to surrender the specifically stated information to law enforcement or face severe criminal consequences.

Think about how many times you have heard about reporters being jailed for refusing to disclose their sources. How many times informants are jailed for refusing to disclose their sources. There is no trial or judge for these people, and there is no release for them until they disclose what is specifically stated in the warrant. It is a perpetual prison for the individuals that does not end without compliance or a complete overturn of the original warrant.

If the FBI has a warrant to search the terrorist’s phones and they have refused to disclose their password, then the FBI can indefinitely hold the terrorists until they disclose the password needed to access their devices.

So what’s the problem here? Wasn’t that the original intent? Jail these vermin and wait them out.

The problem is too many politicians and knee-jerk reactionaries haven’t thought the reasons a “master password” or “law enforcement backdoor” is like putting a master key for all home deadbolts in place. Sure, a master key will give you the ability to get into any door you want, but then the “oh no, Godzilla!” part is if that master key gets out, it can be used by ANYONE. Anywhere. Anytime. You can’t control who copies it. You can kiss EVERYTHING that master key is attached to goodbye forever.

Like I ranted earlier, there’s no resetting a embedded backdoor and/or “master password” software on systems without “hands on” access. Once it’s out, there’s no way to erase it, no way to change it and no way to block it. Once a master password is out in the open, it’s fair game. To everyone.

Even if the government manages to keep a master password on a For-Your-Eyes-Only-Roger-Moore level, look how often the government itself gets hacked. The IRS. The FBI. Take your pick. Target A-1 is going to be that master password, and whatever hacker finds it will gain peer immortality.

A master password on a mass-produced consumer device is a critical national security risk. This idea needs to die right now.

 

“AFTER THE POST” EDIT: For argument’s sake, let’s say a master password / backdoor does get installed in the iPhone system to “keep us safe”.

  • Does every law enforcement agency get the master password / backdoor? All the way down to the local two-officer town level?
  • Who is to judge the need of an investigation to get the master password / backdoor? Will it be for all investigations? Or just ones of a certain type?
  • How can the use of this master password / backdoor be tied to properly issued warrants and not abused as part of a “fishing” investigation?
  • What happens when a law enforcement individual leaves their employer and enters the private sector? Does their knowledge of this master password / backdoor cease to exist for them? What restrictions could possibly be put in place to ensure they do not use the master password / backdoor for their own benefit?
  • Will this master password / backdoor be shared with foreign countries? If so, how?
  • Can the use of a master password / backdoor to obtain information in a criminal case be used in a civil case?

Spectorsoft is changing their name to VERIATO

Spectorsoft just announced in an email to all their corporate users they are changing their name to VERIATO. 

According to the FAQ on the Spectorsoft website “The company has not been acquired, and there has been no change in control… You will not need to repurchase your software… You will not need to reinstall your software… Your agreement with us does not change once we become Veriato. It is a name change; the legal entity you are doing business with has not changed.”

Looking at their trademark filing history, this has been in the works since July 2015.

 I wonder if this is a re-org to expand services like Google’s recent switch, or if this is a re-classification of business to deal with some international law restricting their software’s service/purpose.