Monday, March 28, 2016

Old Story - Worth Reading - How Hackable is Your Car?

If you drive a recent model car, you may wonder if your car is as hackable as some of the cars hacked during research to provide a proof of concept. In videos widely distributed, hackers were able to take control of cars remotely. Click the YouTube logo to see a sampling or watch the video below.

YouTube-Logo-2016-03-28-07-49.jpg

While we should not freak out yet, it is clear that there are weaknesses in the design of these automobiles. Conspiracy theories have flooded the net, but I would not worry too much. That being said, it is good to know what’s up.

Enjoy your week!

Friday, March 25, 2016

How JavaScript Got Broke!

Just outside of the last 7 days of March 2016, a crazy thing happened with JavaScript. A package manager tool called npm used by a majority of JavaScript developers for developing, testing and releasing their code stopped working. Oddly enough, the source of this broken tool was a tiny little function in GitHub called “left-pad” used for padding strings on the left side with other characters. This little component was a short 11 line file, so when the developer took it off GitHub, npm began to fail to work across the globe.

What’s GitHub?

GitHub is a popular web-based source control management (SCM) and version distribution tool. Since 2008 the platform has provided a place for developers across the planet to store source code for their applications, with support for all programming languages and additional features like issue tracking (bug reporting/management), application wikis, email notifications, Photoshop (PSD) storage and version comparison, project documentation storage and presentation and commit history. Users can request a “pull” from a project in order to split off open source projects to add their own code updates to the repository.

About npm

npm is the default package manager for Node.js, a popular JavaScript runtime environment.

Because npm is the packagers’ packager, and it is intended to encourage reuse of other software, the developers made use of the left-pad source code. As explained in this article over at the Verge, functions like left-pad are typically provided by the language authors, companies like Microsoft with C# and its full Visual Studio environment, and Apple with Objective-C and Swift, so the reliance on a simple string padding function from an individual is an oddity.

As npm has been widely adopted by developers everywhere because of the convenience it provides. Any user can publish their work via npm and you can add that work to your own apps. Likewise, if you write a clever routine and want to share it, all you do is upload to GitHub and publish it on npm for anyone else to include in their own projects.

What Happened

According to the Verge article, more than 2.5 million installs of left-pad occurred in the previous month! Developer Azer Koçulu of left-pad has written and published many sets of code to npm, which allows name allocation on a first-come, first-served basis. One project, named Kik, attracted attention recently when a lawyer for the company Kik (or a patent - troll? - agent according to that company) contacted Azer requesting the Kik package be removed immediately. When Azer failed to comply, Kik’s representatives reached out to npm and npm transferred ownership of the package name “Kik” to the Kik company.

Due to this, Azer decided he was not going to use npm any longer. Azer tells the story of “liberating” his modules in this post on Medium. In his post he states that he had to take a stand, removing all of his packages from npm, and that in the long run there will be an alternative developed by the open source community that doesn’t bend immediately to requests like what happened with his Kik package. He apologies to users of his code and tells them where to repoint their projects so they will run again.

With over 250 packages, Azer’s removal of the code will surely impact many developers (and users); however, it has already made a huge impact because of npm and a package called Babel, currently the most popular way to write in the language ES6 (the version of JavaScript created in 2015) to run on most of the latest browsers. Otherwise, the incomplete nature of browsers’ implementations of JavaScript would make using the newest features of JavaScript a difficult if not nearly impossible task.

Learn more at the Verge article and comment below - what do you think of this situation and how it shook the open source community in just a few hours?

Saturday, March 19, 2016

Android Danger: Stagefright Exploit Reliably Attacks Affected Phones

The Stagefright security flaw (link is Wikipedia), first reported July 2015, was largely resolved by Google by the release of Android 5.1 (“Lollipop”), but there are still plenty of smartphones in play that have the weakness. In fact, unlike iOS users, many owners of Android-based smartphones never (or very slowly) update the operating systems of their devices. Worse still, some phones, especially those targeted at low entry prices in the market, are not capable of updating. Here’s the kicker: not all versions of Lollipop have the fix. Unfortunately, manufacturers customize the operating systems for their own hardware and needs, with a large number of 5.1 smartphones subject to this exploit.

In the video below, researchers demonstrate a real-world implementation of the exploit called Metaphor.

This work was done by NorthBit, a software research company. A technical paper is available by clicking the Metaphor Stagefright exploit PDF link. If your smartphone is running an operating system version before 5.1, you may still be able to limit the impact of the issue with changes to your settings, or check this link to see if the Google patches released will work for you.

Holoportation - Coming Soon to a Location Not Near You

Teleportation. It’s a fantasy superpower right up there with flying, x-ray vision and invulnerability. Back as a child, reading the X-Men, I dreamed of what it would be like to BAMF into new locations as Nightcrawler does. Marvel’s comic book universe has so many characters with some type of teleportation power that Wikipedia lists 91 separate character pages with the ability. Shows like Heroes on TV and other comic publishers like DC comics have also prominently featured teleportation.

Microsoft’s Holoportation isn’t a superpower, but it is a great step forward in both augmented reality (AR) and virtual reality (VR) that gives users the visual experience of interacting with people and objects at a remove site. Using a unique camera configuration as shown in the video below, two users can interact in near real time with each other, seeing the “holoported” person in 3D via the VR display in their goggles.

How Does It Work?

Holoportation is made possible by Microsoft HoloLens, built on the Windows Holographic platform. This device, an AR/VR display inside a headset, is expected for release this week to developers at a cost of $3000. No timeline for consumer availability has been announced so far, but as kits like Google Cardboard have made the entry point for VR so low (you can build it for free using Google’s instructions), we now know that many current smartphones can provide enough processing power to smoothly render streaming 3D images. If the processing of the cameras is handled by a separate desktop (or laptop) computer, users might be able to use any phone capable of streaming Netflix movies. This means the technology required to achieve holoportation is many years old at this point and, depending on how Microsoft approaches it, could already be in the pockets and purses of a majority of smartphone users.

Learn more about holoportation by visiting the links below:

  1. Microsoft Holoportation
  2. Escapist Magazine
  3. HBO's Silicon Valley

What do you think? Is holoportation something you will find useful? If so, will it be more useful for your personal life or in your everyday professional experience?

 

Thursday, March 10, 2016

Official Relaunch of Tek Highlights!

Welcome back to the land of the living, right?

Please come back often for updates on your favorite technology topics including new (and upcoming) hardware/software, consumer electronics and even big deals so you can save on your Tek addiction!

For now, check out the cool products available at Amazon Launchpad, their incubator-like listing service that features products from such crowdfunding sites as Kickstarter.

amazon_launchpad_logo-head-2016-03-10-04-59.jpg

Thanks again for reading!