Chinese Company Recalls Webcams, Other Products After DDoS Attack
A Chinese electronics company called Hangzhou Xiongmai Technology is recalling webcams and other devices that were targeted in a distributed denial of service (DDoS) attack on Friday. The attack, which hit the domain name system services company Dyn, prevented millions of users from accessing websites and apps including Twitter and WhatsApp.
Washington Post Reports Huge Surge in Secret Electronic Surveillance Requests
According to new data published Monday by the Washington Post, secret law enforcement requests for electronic surveillance have increased significantly in federal courts in the last decade—but only 1 in 1,000 of those these requests has become publicly available.
The Washington Post’s data looked at two federal courts—one in Northern Virginia and one for the District of Columbia. According to the Post’s report, these two courts are some of the most active in the country and are the only ones to disclose any surveillance information.
Even the Thought of Uber’s Traffic-Taunting Drones Is Too Much
AI “Judge” Can Predict Rulings in Human Rights Cases
Researchers from University College London have developed an artificial intelligence algorithm that predicted the outcome of cases that came before the European Court of Human Rights with 79 percent accuracy.
How Low-G Coffee Cups Could Help Get Us to Mars
If you’re a coffee lover, there’s nothing quite as enjoyable as sitting by a window and watching the sunrise, hot mug of java in hand. But until recently, caffeine-loving astronauts have had to check their hot beverage sipping habits at the airlock. Despite the installation of an espresso maker on the International Space Station, and what is arguably the greatest window view in the solar system, the ISS crew has been stuck sipping beverages from a pouch. Floating spheres of scalding hot liquid are an operational hazard.
That may change with the invention of a new coffee cup by mechanical engineering professor Mark Weislogel and his team at Portland State University. In this video from NASA, Weislogel describes how the unique geometry of the cup—it looks like the offspring of a demitasse and a gravy boat after a topological deformation—takes advantage of surface tension to keep hot liquids from floating free. Normally overwhelmed and masked by gravity on Earth, Weislogel says surface tension and capillary forces create a gradient such that when astronauts puts their lips to the cup, the liquid inside is driven into their mouths. ISS crew members are seen passing cups filled with hot coffee to one another, the vessels tumbling through the air without losing a drop.
Although it cannot be denied they contribute to crew morale, space lattes are really just a proof of concept prototype. There are real challenges to designing fluid systems—such as refrigeration, or waste and fuel management—that will work when you cannot count on gravity to direct the fluid, Weislogel says. By studying how geometry can stand in for gravity and control liquids in microgravity, Weislogel and his team hope to create more reliable, passive systems necessary for long term space flight. A failure in your potable water system on the ISS means no espresso for a while—but on a voyage to Mars, it could be fatal.
The Unexpected Beauty of Burning Steel Wool
Normally, oxidation is boring: You leave a wet steel wool scrubbing pad on your sink and a few days later you wind up with a rusty pad and a stain on your counter. But speed the oxidation up a bit—say, with a blowtorch—and you get a light show to rival the best fireworks display.
In this video, the folks at Macro Room turn their highly focused attention on the burning tendrils of clumps of steel wool—as well as a few choice props. Iconic Pokémon Pikachu sits in the midst of a cloud of electric spark, while a wooden figure holds a cloud of orange-hot traces of incandescent steel. A wicker man miniature in hi-def. There are moments where the burning metal seems almost alive, the sparkling lights the synapses of some strange brain.
In the final scene, a clump of steel wool is attached to a small motor, ignited, and spun to creating a burning ring of fire spitting orange sparks in every direction. Some (rather brave) people attempt a similar trick with large clumps of burning steel wool spun like fire poir at the end of a rope, making for some incredible still photography. This video shows these fiery metal filaments might well be their most beautiful seen through the aperture of a macro lens.
For almost 10 years, Google promised to protect users’ privacy from advertisers by keeping personally identifiable information about its users, gleaned from Gmail accounts and other Google services, separate from its subsidiary DoubleClick’s database of web-browsing records.
If You Still Don’t Get How Global Warming Will Alter Everything, Read Some Climate Fiction
Earth is hotter in 2016 than it has been in 115,000 years, according to a (not yet peer-reviewed) paper from climate change pioneer and former NASA scientist James Hansen and an international team of colleagues, published Oct. 4.
Colossal numbers like this are certainly alarming. But the bombshells that should motivate us to start making big changes immediately often fall into a familiar trap of troubling climate change news. Climate change is a gradual force, a creeping calamity. The roughly half of us who believe it’s caused by human activity say, “We’ve got to do something about this, and quick.” But it’s abstract. The signal of a changing climate is too easily lost in the noise of fluctuating weather patterns and the usual daily catastrophes of the 24-hours news cycle. Other divisive issues, like abortion rights, are more tangible, and they come with human protagonists and antagonists. As Phil Plait put it: “Part of the problem … is the scope and scale of climate change itself coupled with our puny brains trying to deal with it.”
This is where climate fiction can help out. A genre of speculative storytelling dedicated to exploring the effects of climate change on humans and Earth, climate fiction is an increasingly recognizable part of the literary landscape, with entries in 2015 alone ranging from Paolo Bacigalupi’s hardboiled thriller The Water Knife to Claire Vaye Watkins’ dreamy Gold Fame Citrus. Climate fiction makes climate change a stage for playing out compelling human dramas: fractured families, political intrigue, bitter arguments. It’s flexible enough to accommodate thrilling stories about geoengineering and water wars, but also more reflective, elegiac narratives (like Barbara Kingsolver’s Flight Behavior) about people’s frustration or wistful nostalgia for a world and a way of life being wiped away.
Like a lot of good literature, climate fiction can help us to empathize with people whose lives are utterly different from our own. When I talked with Bacigalupi about this last fall, he said that fostering empathy is fiction’s “superpower.” In The Water Knife, he unfolds a story of a climate change-powered megadrought in the U.S. Southwest through the eyes of a jaded hired gun, a climate refugee forced into sex work for subsistence, and a fatally persistent investigative journalist. Each character illuminates different aspects of the climate crisis, helping us to construct a holistic picture of the messy human consequences of drastic environmental transformation.
Presenting a diversity of perspectives is important, because climate change looks dramatically different depending on where you are and who you are. In Everything Change—a new, free anthology of climate fiction I co-edited—our stories take place in locations including Tibet, Madagascar, Venice, Malaysia, and rural New England. In some of these places, the stories show climate change leading to catastrophic flooding or extreme storm systems, while in others, it ignites ethnic tensions, kills coral reefs, destroys local crops and indigenous cuisines, fuels catastrophic wildfires, or turns a sturdy umbrella into a rare and expensive treasure. And in almost every story in the book, climate change sets off deep conversations, vexing arguments, and frustrated hopes and ambitions within friendships, families, romantic relationships, and small, close-knit communities. (Everything Change is published by Arizona State University’s Imagination and Climate Futures Initiative; Future Tense is a partnership of Slate, ASU, and New America.)
Climate fiction can help us see how a rapidly changing planet affects people in a host of geographically specific ways. The challenges are very different in coastal regions than in landlocked cities. Changes in the planet’s temperature might create floods, fires, or food shortages, as we’ve all heard, but also rampant xenophobia and other surprising manifestations. Our stories highlight how the disruptions caused by climate change will likely exacerbate existing inequalities based on race, ethnicity, social class, gender, religion, and more. In Everything Change, for elites, climate change might be an occasion for an unexpected political realignment, or the establishment of secret mountain oases where privileged people rebuild the world with the help of advanced science. For marginalized people, it often spells displacement, deprivation, unsafe food and water, and increased scrutiny from law enforcement and military forces. Climate fiction makes these nuances emotionally immediate. Intellectually, sure, we know that a changing climate matters differently in different geographic locations. But the right story can help make those distinctions feel real and urgent. It broadens the scope of our personal experience of climate change beyond the vagaries of the weather.
Some of the most moving stories in our anthology are about resilience and mutual support: a Burning Man-style collective of geo-hackers working on the fringes of society to save the Florida Everglades, or a family of Venetian artisans safeguarding the traditions of gondola-building and glass-blowing even as the city itself is reclaimed by rising seas. In another story, two young climate refugees face a bleak future living rough on tiny boats tethered to a rocky island, but they find hope and exhilaration in the bespoke bicycles they build meticulously from salvaged scrap metal.
It’s too late to avoid the effects of climate change entirely; it’s already happening. Climate fiction is an affordable laboratory for ideas about how we can adapt in the face of change, and how we can respond in ways that are equitable and ensure livable lives for the most vulnerable populations.
The East Coast Cyberattack: What We Know Now
If you’re located in the Eastern United States, odds are good that you’ve noticed that the internet is a little ragged today. On Friday morning, a distributed denial of service attack against the company Dyn brought down websites and apps across the internet, temporarily barring access to Twitter, Pinterest, WhatsApp, and more for millions of users. While Dyn was able to stabilize the situation within a few hours, a second DDoS attack began in the early afternoon, again disrupting services across the web.
Dyn provides domain name system services, translating common internet addresses into machine-legible information that ensures you get to where you’re trying to go on the web. So every request you make for a website has to go through a DNS server. (If you want a more detailed explanation for how DNS works, here's one from Verisign, another company that works in this space.) As Lily Hay Newman explains in Wired, DDoS attacks against DNS services are effective because “an attacker can take out the entire Internet for any end user whose DNS requests route through a given server.” That is, they can bring down entire swaths of the internet, not just individual sites.
Some initial speculation (including ours here at Future Tense) suggested that the problems might have originated with an Amazon Web Services data center in Northern Virginia. That now appears to be only partly true. An early afternoon update to the AWS service health dashboard claimed that the problems had been resolved. Amazon did not directly point to Dyn, instead more ambiguously acknowledging, “The root cause was an availability event that occurred with one of our third party DNS service providers.” That provider is presumably Dyn.
In the same update, Amazon claims that it has resolved the incident, and asserts that “all security controls continued to operate normally” throughout. Despite that, it states, “Customers that independently utilize the third party DNS service provider may continue experiencing errors resolving DNS names hosted with that provider.” In other words, there may still be problems, but Amazon doesn’t take any responsibility for them.
Significantly, we don’t yet know who perpetrated the attacks against Dyn or why. While Reuters reports that both U.S. Homeland Security and the Federal Bureau of Investigation are looking into the situation, they don’t name any suspects or otherwise indicate who is being investigated.
The security researcher Brian Krebs brings up one possibility in a blog post.* Krebs notes that the initial attack unfolded “just hours after DYN researcher Doug Madory presented a talk on DDoS attacks.” (You can listen to that talk here, though it’s quite technical.) Notably, that talk tied back to earlier work by both Krebs and Madory on DDoS extortion. Krebs is careful to insist that we can’t confirm this connection with any certainty. For maybe the first time this year, though, criminal revenge seems just a little more likely than state-sponsored hackers.
We will update this post as more information becomes available.
Update, Oct. 21, 4:35 p.m.: While we still don't know who is behind the attacks, their methodology seems increasingly clear. Citing Flashpoint, a security intelligence firm, Forbes reports that the attackers appear to have used a Mirai botnet against Dyn.
Mirai botnets exploit Internet of Things devices, taking advantage their frequently low security to employ them in DDoS offensives. In late September, someone going by the handle Anna-senpai released Mirai's source code, and the number of attacks employing it have apparently risen in the subsequent weeks.
In an update to his initial blog post about the attacks, Krebs writes, “I have heard from a trusted source who’s been tracking this activity and saw chatter in the cybercrime underground yesterday discussing a plan to attack Dyn.”
Update, Oct. 22, 10:47 a.m.: In a new blog post published Friday night, Krebs laid out and further expanded on Flashpoint’s findings. Krebs writes that according to the firm, the majority of the compromised devices employed in the attack were digital video recorders and cameras produced by a Chinese company called XiongMai Technologies.
Many of these devices reportedly have passwords “hardcoded into the firmware,” according to Flashpoint research developer Zach Wikholm. Even if a user changes the default username and password on their purchase, these alternate access points persist. It can be difficult for the end user to even detect such vulnerabilities in a device—and may be all but impossible for an individual to correct them.
To put that plainly, the problem here probably wasn’t with personal cybersecurity. Instead, it’s that companies are manufacturing devices that weren’t secure in the first place and probably can’t be secured after the fact. As Krebs explains, this is all the more worrisome, because the compromised devices are simply out there. Short of a “global cleanup effort” to pull them out of circulation, we’ll likely see more attacks like the one against Dyn in the days and months ahead.
*Correction, Oct. 21, 2016: This post originally misspelled Brian Krebs’ last name.
Tesla Says Customers Can’t Use Its Self-Driving Cars for Uber
On Tuesday, Oct. 25, Future Tense will host an event in Washington, D.C., on how technology is changing the nature of ownership. For more information and to RSVP, visit the New America website.
It’s always in the fine print. When Tesla announced its upcoming models, the company said all of the cars could be used as driverless vehicles—but not, in some circumstances, for Uber-style activities outside of a service Tesla itself plans to announce.
“[U]sing a self-driving Tesla for car sharing and ride hailing for friends and family is fine, but doing so for revenue purposes will only be permissible on the Tesla Network, details of which will be released next year,” the company said on a webpage listing features and terms.
Tesla’s warning to future customers was only the latest demonstration of our emerging “you don’t own it, you’re just using it” world. It’s bad enough when we’re restricted in using media, games, and so many other things. It’s more than that when we start applying the notion to fundamental parts of our lives, such as our ability to get where we need to go.
This is why the seemingly unstoppable move toward autonomous vehicles—cars guided and controlled by a networked combination of internal and external sensors and computers—has implications far beyond proponents’ hoo-rah boosterism. Unquestionably, vehicles not controlled directly by humans would be a huge benefit in some ways.
But the word directly is important. Autonomous cars will still be controlled by humans, in a way. They’ll be controlled via algorithms—computer programs written by human computer programmers who design the systems for specific goals and outcomes.
The goals would mostly be laudable: more efficiency in using the roads, leading to lower construction costs; fewer accidents that cause death, injury, and damage to property; better options for people, such as the elderly, who shouldn’t be driving; among other things.
But if Tesla can prevent you from operating your car in a way it finds objectionable from a business standpoint, it—or Ford, GM, Toyota, or any other manufacturer—could make similar choices, choices that go well beyond ride-sharing. Cars controlled by centralized companies—and governments that will regulate them—will be a nightmare for privacy and liberty, especially the latter.
When a small group of large companies sells most of our cars, you can bet they’ll all insist on as much control as possible and as little for you as they can get away with. Even now, cars can be disabled remotely when a borrower falls behind on a car loan; imagine a day when the lender (often the car company) simply brings the vehicle back to the lot and invites the passenger to get out. Worse: We already have an opaque and unfair “no fly” list. Our “no drive” list is, essentially, people who don’t have licenses—an easily extensible notion with autonomous cars. But what happens when there’s a “no travel” list that prevents certain people from even riding in a car? It’s coming.
I admire Elon Musk’s vision and drive (pun intended). With Tesla and, more so, SpaceX, he and his colleagues are pushing us into a future that will take advantage of technology in often-disruptive but also valuable ways.
But Tesla’s upcoming restrictions are a part of the future that we need to prevent. It may be good business for Elon Musk and his shareholders to tell us what we may or may not do with the company’s very expensive cars. In fact, when it comes to how you will use a vehicle you purchase, it should be your business, as long as you’re not breaking the law, and no one else’s.