Sunday Links: Hackers, Hot Dogs and Rhinos

A scary story, a funny video and an interesting photo for your Sunday afternoon pleasure.

Scary story.
Hackernoon contributor writes a very plausible story about how a bad actor might go about injecting password/credit card stealing code into any number of websites. In a way that would be extremely undetectable. Spoiler alter: It relies on NPM.

Looking back on these golden years, I can’t believe people spend so much time messing around with cross-site scripting to get code into a single site. It’s so easy to ship malicious code to thousands of websites, with a little help from my web developer friends.

I’m harvesting credit card numbers and passwords from your site. Here’s how. by David Gilbertson.

Video.

I’m not really int to prank videos, but this one is supremely funny and so innocent.

Picture.

Elasmotherium

A giant unicorn rhinoceros named Elasmotherium roamed the plains of Siberia 29,000 years ago. In many ways, I find these prehistoric animals much more interesting than  dinosaurs. (I couldn’t track down the original source of this photo unfortunately)

2017 Podcast Picks

I haven’t done one of these lists in a few years, looking back through my archives I found my first list from 2008. Many of those podcasts have faded out of existence and I no longer listen to any of the others — with the exception of Daily Tech News Show, a spiritual successor to Buzz Out Loud. If you’re curious, here are my lists from: 2009, 2011 and 2012.

I subscribe to a lot of podcast, so I’ll just highlight a few shows I added to my subscriptions in the past year or two.

99% Invisible

Hosted by smooth voiced Roman Mars, this weekly show is ostensibly about architecture and design. Almost every week I find myself learning a bit of trivial or a little behind-the-scenes information that changes how I think about the way the world is constructed.

Website
Wikipedia

Episodes to check out:

Oyster-techture — Surprising importance of Oyster’s in NYC’s past and future.
Coal Hogs Work Safe — How stickers promote workplace safety in mining.
Half Measures — The history of metrification in the USA.

Reply All

Reply All is kind of like a cross between “behind-the-music” and Encyclopedia Brown for the internet. I previously highlighted their episode covering the history of Livejournal in Russia and the real possibility that it’s now an FSB spy tool.

Website
Wikipedia

Episodes to check out:

Long Distance – Part I & Part II — Host Alex Goldman receives a call from a telephone scammer, befriends him and travels to India to investigate their operation.
Antifa Supersolider Spectacular — Hosts discuss the origin of “Milkshake Duck” and other twitter weirdness.
The Case of the Phantom Caller — A woman in New Jersey is getting strange phone calls to her office from unknown numbers. The hosts investigate and uncover an interesting scam.

Stuff You Should Know

This show has been around since 2008, I’m really surprised I have not heard of it until this year. Twice per week the hosts spend about 45 minutes doing a deep dive on a pretty-much-random topic. I’m not sure how else to describe it.

Website
Wikipedia

 

Episodes to check out:

Cake: So Great. So, So Great — The history of cake is more interesting than I would have guessed.
Who Committed the 1912 Villisca Ax Murders — A murder mystery from 1912 and possibly the origin of the Ax murder trope.
How Multiple Sclerosis Works — The title says it all.

My week with Alexa

For Christmas, Santa brought me an Amazon Echo Plus, a gift I didn’t know I wanted. Over the holiday break I’ve been taking a deep dive into most of its features – including dabbling with writing an app skill.

It’s a great device, here are the highlights.

Privacy & Security

Even though I’ve become accustom to carrying a powerful listening and tracking device in my pocket 24/7, the idea of an always-on microphone in my home listening to my family’s conversations makes me extremely nervous.

The Echo’s “drop-in” feature amps up my paranoia even more though. With this feature enabled, approved contacts can listen-in and talk via the Echo’s microphone and speakers. Kind of like an intercom… across the internet. A cool feature no doubt, but it’s not much of a leap to think that Amazon/NSA/other bad actors might be able to turn this feature on silently.

When you bring a device like this into the home you’re making a decision to trust Amazon with the most private data. It’s important to step back and think about this for a moment. Do I trust Amazon to keep my data private? Yes, until I’m given a reason not to. Amazon even recently took steps to protect their customer’s privacy in a murder trial. They’re off on the right foot in my opinion. Should I be more paranoid? Maybe.

On the security front, the Echo hardware itself is likely very secure. Amazon’s online store and their cloud hosting services have a great security track record (to my knowledge). Securing hardware and software from viruses, hackers and breaches is one of Amazon’s core competencies. I’m confident that the echo will remain free of security issues.

Voice Assistant

Alexa’s ability to do basic voice assistant tasks like taking down lists, setting alarms and reminders, playing music, etc is on par with Siri (the only other assistant I have experience with). Where Alexa really excels is in finding answers to random facts and sort of… spontaneous responses. For example, “Alexa, good morning,” will be met with a random bit of trivia or other information. Alexa’s weather and precipitation reports are much more thorough — though neither Alexa nor Siri seems to know about windchill factor.

The Echo’s voice recognition also seems slightly better, especially with my kids, who Siri cannot understand at all.  This positive is counter-balanced by need to say commands more  precisely. Alexa is more like a voice controlled computer than an AI.

Perhaps it goes without saying, but I’ll mention it anyways. Actually ordering items from Amazon.ca via Alexa is flawless. Alexa lists the full price including taxes and shipping, with an expected arrival date. If you make a mistake, you can cancel anytime before it actually ships. I can only imagine how cool this would be in cities with 1 hour delivery.

I have been using Siri on my iPhone since day one and by comparison Amazon Echo doesn’t really add a lot functionality that Siri isn’t able to do. Yet the fact that the Echo sits in a stationary location with a microphone that’s able to pick up normal conversation from across the room, has lead to a mental shift in the way I use it. I don’t have to pull anything out of my pocket, or yell and wonder if my phone is charged. And our house has been full of music, not having to futz with anything makes music streaming a breeze.

Skills & Flash Briefings

“Skill” is what Amazon calls the voice apps that run on the Echo and it’s one only area of the ecosystem that could use major improvement.

Invoking is skill is extremely clunky, you have to include the name of the skill + the precise action you want to perform. For example, “Alexa, ask the weather network for the current temperature”. I think the reason for this is because Amazon has opted for a simple development model (more on that later) that involves zero AI.

Secondly, the skill marketplace is pretty lacking, most of the available apps seem useless or boring. I assume this is because the Echo has just entered the Canadian market place. Some of the US players like Domino’s and Uber still don’t have skills for Canada and I’d love to see a Skip The Dishes skill.

Flash briefings are pre-recorded news snippets that play when you ask Alexa about the news. Sort of like podcasts short, timely podcast. They’re exactly the type of on-demand news I’ve been looking for. I presently have Daily Tech News show, my local Winnipeg CBC radio and Alexa’s weather report in my flash briefing queue. My only complaint is that already listened briefings are repeated throughout the day. Since CBC updates hourly, but DTNS is only daily, I end up having to skip DNTS if I check the news more than once per day.

Smart Home

Santa brought me the Echo Plus, which means it is also a smart home hub. So far I’ve only set up one Hue light strip to replace dang hallway lighting. It’s definitely neat, but at the same time it feels like a gimmick. I wonder if smart home might not be a fad that dies off in a few years. I mean, when exactly did we collectively decide that flipping light switches was too much work? And normal white-ish lights were too boring?

I’m still waiting for a few items to be delivered so I may have some more thoughts on this in a few weeks.

Building a Skill

If you’re interesting in building Alexa Skills, I recommend taking a look at Alexa’s Fact Skill github repo. It’s one of the simplest type of skill, took me about 30 minutes to get rolling.  Skills are pretty cool and very simple. Basically node.js functions that run on AWS Lambda.

Once I started digging in to the development environment, I understood why talking to Alexa can be so clunky. When developing a skill you are required to assign precise phrases to a specific function. So you sort of have to think of every possible permutation of things someone might say when addressing your skill. This leads to a robotic/binary interaction where users have to say precise commands.

Hopefully in the future Amazon is able to wrap skills in AI or something clever. For the time being, it’s a good choice that really lowers the barrier to entry for developers.

Surprise: Amazon Calling

Amazon allows you to call any North American phone, for free! This feature flew completely under my radar and has just totally obviated the need to ever have a home phone, period.

Conclusion

Watching Star Trek: The Next Generation growing up, I was consciously aware that a lot of the technological advances depicted in the Star Trek universe were bound to be come into existence much sooner than the 24th century.  We’ve seen cell phones effectively mimic Star Fleet communicators, tablets are basically PADDs and we have ubiquitous flat screen displays; Amazon Echo combined with smart home gizmos brings us one more step closer to living on the Enterprise. Hell, you can even change Alexa’s wake word to “computer.” With an IFTT rule and a smart tea pot, I bet it’s possible to set up a response to “Computer, earl grey, hot.” We truly are living in the future.

I think Amazon should also be commended for a great Canadian tech roll out. Maybe the best I’ve ever seen. We’re often second class citizens when it comes to tech releases and it’s nice to see full support for Canada in The Echo. Kudos.

Is shadow work ruining the job market?

A recent episode of the Every Little Thing podcast discusses the rise of self-checkout machines. It’s a fascinating tale, one that I would have never guessed started over 100 years ago with the opening of the Piggly Wiggly chain.

Self-checkout is a commonly used example of the impending threat of automation. I know I personally worry that robots in the form of advanced self-checkout machines are robbing my kids of the future first jobs they’ll be searching for in the next 5 or so years.

Well the episode ends with an interview with author Craig Lambert who has a totally unique take on the self-checkout process. He believes that the self-service economy is a system wherein we are performing unpaid work.

When we use a self-checkout, robots haven’t replaced a worker, we are replacing the workers ourselves. He’s completely correct! A self-checkout at the grocery store is effectively a complicated cash register, it doesn’t do much more than a regular cash register would do. As the self-checkers, we do all the work ourselves. We scan. We bag. We move the money.

It’s incredible, my mind has been blown!

I’ve embedded the episode here:

The show full show is here.

 

Reconsidering Net Neutrality

When Net Neutrality concerns started to rise up 5 – 10 years ago, it seemed like an open and shut case. Obviously we want the net to remain neutral, but at what cost?

The Internet is humanity’s most powerful instrument of free speech and commerce, legislation that has power over the content of internet traffic has the potential to impact our speech and pretty much everything we do.

It is extremely important that we are extremely sure we want governments to have legislative power over content. Maybe we should get down from our soap boxes to really make sure we’re getting behind the right cause here and we’re not pushing for something we’re going to regret.

In the beginning…

The original hysteria surrounding net neutrality in the mid-to-late-00s was a reaction to throttling and network management practices ISPs were implementing at the time. Bittorrent  and video streaming were gaining momentum, eating up larger and larger heaps of bandwidth and ISPs weren’t having it. They enacted network policies to throttle certain types of packets, limiting our ability access content.

Us nerds weren’t having it! We believed we should be able to access anything on the internet we damn well pleased. We cried chicken little.

If Comcast was throttling bittorrent, what was going to stop them from slowing down competing video content when they bought NBC? What would stop them from charging a new startup for the fastest access to their customers?

We demanded the government step in to regulate this impending problem! We demanded a neutral network! “All bits are equal!” we proclaimed.

For the sake of innovation and progress, the internet should be a level playing field for all. Reddit and the New York Time should get the same treatment over the network. Bittorrent and Bitcoin should both flow easily.

All of this is perfectly reasonable and I’m not about to argue against it. But I question whether net neutrality actually accomplishes the level playing field we desire.

Level Playing Field

The history of the internet has shown that reliable (fast, unencumbered) access to a popular service is not a key factor to their success. Every success app or service has gone through a growth period when servers constantly grind to a halt and access becomes difficult. We put up with fail whales for years! Years before Twitter, I distinctly recall when Livejournal was facing such growth pressure that they charged a small fee for access to premium servers guaranteed to be faster and more reliable. Even tonight HQ Trivia Live continues to have major server lag while hundreds of thousands of people compete for prizes. Hell, the horrendously throttled bittorent that we all complained about in 2010 is as popular as ever.

If history continues to repeat itself, then reliable, fast connections will continue to play only a minor role in the popularity of an internet service.

An unregulated network could lead to artificial and long term connectivity issues for young and/or competing services. But, corporations have a much simpler, old school tool at their disposal. A tool that is completely legal, completely out of scope of the net neutrality discussion. Marketing and cooperative agreements.

Here are just a few real wold examples of business practices that are currently happening:

These are just a few examples from Canada, where we have some semblance of Net Neutrality. Promotions like this have a huge impact on which players win and lose in the marketplace.

Stop The Presses

Imagine it’s the 19th century and you run a number of printing presses. Imagine you have discovered a magical supply of parchment, ink, and a mechanism that magically runs the presses automatically, pumping copies of any newspaper, handbill or pamphlet you feed in. It’s neutral.

You have the capacity to produce more paper every month than could be read by the world’s population. You’re presses are in high demand and you have contracts with your clients to provide them unlimited printing services.

Once your business has been running for a while, you start to inspect some of the documents your clients have been printing. You discover that some of them are advertising a service that competes with your brother-in-law, get rich schemes, pages full of one word “spam” (whatever that is) and other complete and utter garbage. You can’t print this stuff!

But you know that if you completely refuse to print your client’s publication, they will be quite upset, they might even leave for that other supplier. Instead, you decide to print their copies slightly slower and hope they don’t notice the bundle is a little smaller the next time the picks up a shipment.

When your clients eventually catch on, they are furious! Freedom of the Press has been a thing for quite some time now and they believe their rights are being violated.

Imagine your country is governed by a reasonable king, who rightly agrees, your clients freedom of the press is being violated. A new law is passed demanding that all presses print whatever papers they are handed, regardless of content, under penalty of death.

This is a good thing! Trolls and merchants alike rejoice in the streets!

A couple of years pass and the law has come up for review. In this time the king’s advisors have caught wind that these printing presses have been used print all manner of nonsense that the King would find displeasing: somehow has smuggled out his prized book collection and is making copies for anyone to read! A clever foreigner has devised a scheme whereby the presses themselves act as a sort of currency, nobody is able to explain exactly how it works, but it’s become quite valuable.

The King is very unhappy. At the stroke of midnight as the law is about to expire, a small little clause to the law “*Under the discretion of His Royal Highness.”

Is this still a good thing?

Slippery Slopes

The premise of Net Neutrality is based on a slippery slope that imagines a worst case scenario where ISPs:

  • provide preferential “fast-lanes” for favorable service and/or throttle
  • charge differing access fees for different sites
  • outright block competing services
  • all of the above
  • something even worse that I’ve totally missed.

I’m not so sure this slippery slope is plausible.

As I understand it – from the years 2005 – 2015 US ISPs operated within a framework where they had a lot of leeway to discriminate over packets. There are numerous examples of ISPs (ahem Comcast) attempting bandwidth throttling schemes during this period. Everytime they eventually caved to consumer pressure… despite very poor competition.

So, history leads me to believe that with a vigilent group of watchers and a small amount of competition, we can successfully keep this worst case scenario at bay.

In the future, I wonder if net neutrality becomes less and less of an issue as bandwidth capacity continues to increase year-over-year. An ISP has little incentive to throttle bandwidth when even the slowest of slow speeds are fast enough to serve content with minimal network impact. I think it might be happening already. For example, my ISP (kudos Shaw) which previously had soft bandwidth caps and various levels of throttling, now just have totally unlimited access. For no reason, they have no real competition, there was no market pressure.

Re-evaluating the equation

By definition, net neutrality legislation gives the government oversight over the content of bits traveling across the internet. A best case scenario, blanket law that said “All packets are to be treated equal, no blocking, no throttling. Peroid. No questions asked.” is a judgement call. It is a call in our favour, but it is also a framework whereby the government will discuss and attach future internet freedom related issues. It is a slippery slope into the danger zone of internet censorship.

The real debate should not be surrounding whether or not we want a neutral internet.  Of course we do.

The real debate should be about which slippery slope we consider more dangerous:

  • Cooperate interests shutting down the free and open internet in favour a closed toll-way of terror.

Or

  • Current and future governments using internet legislation as a stepping stone to hamper our freedoms.

In this bloggers opinion, history has shown us that voting with your wallet is much more effective than… actual voting.