Category Archives: Gear & Gadgets

Gear & Gadgets, metal, rosa labs, soylent

Watchdog group says Soylent’s cadmium and lead levels violate CA law

Late last week, non-profit environmental watchdog group As You Sow issued a press release indicating its intention to file suit against the makers of Soylent, the meal replacement product engineered by Silicon Valley entrepreneur Rob Rhinehart. As You Sow states that two separately tested samples of Soylent’s latest 1.5 formula contained “12 to 25 times” the amount of lead allowed under the “safe harbor for reproductive health” provisions of the state of California’s Safe Drinking Water and Toxic Enforcement Act of 1986 (commonly called “Proposition 65“). As You Sow also says it found cadmium levels at least four times higher than the safe harbor for reproductive health levels.

Soylent already displays a Proposition 65 notice on its web site—according to the information there, consuming a full day’s worth of Soylent 1.5 would indeed exceed both the Maximum Allowable Dose Levels (MADLs) and No Significant Risk Levels (NSRLs) for lead and cadmium.

California’s Proposition 65 guidelines for heavy metals are more strict than those used internationally by the World Health Organization. The MADL and NSRL numbers for lead and cadmium aren’t indicators of immediate harm; rather, they are limits below which no harm has been observed.

Read 5 remaining paragraphs | Comments

drones, fpv drone racing, Gear & Gadgets, quadcopter, The Multiverse, uk

The new, underground sport of first-person drone racing

If you hadn’t noticed, drones and quadcopters are rather popular right now. Hardly a day goes by without some kind of automated or remotely piloted aircraft somehow causing a ruckus, or providing a new way for militaries and cinematographers alike to get the shot they need. What you might not have noticed, however, is that there is an underground movement to turn drone flying into a sport.

Known as FPV (first-person view) drone racing, or sometimes FPV quadcopter racing, the sport involves building and modifying quadcopters for speed and manoeuvrability, adding a virtual reality-style headset with a live video feed from the drone, and then finding safe and legal places to fly. Racers compete in heats or time trials, speeding around courses at anything up to 60mph (100km/h)—and having a load of fun in the process. This sport, which seems to appeal to aspiring pilots, makers, and computer game fans alike, has all the adrenaline of flight, while also providing enough crashes, smashes, and collisions to keep even the most ardent sports fans happy.

For the past three months, I’ve been photographing the fledgling sport at various locations throughout the UK. I’ve found that there is much more to it than a bunch of geeks comparing voltage signals or PID settings in the woods on a Sunday.

Read 13 remaining paragraphs | Comments

Gear & Gadgets, Risk Assessment

Parrot drones easily taken down or hijacked, researchers demonstrate

In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company’s Bebop model, fall from the sky with a keystroke.

In a live demonstration at Def Con’s Internet of Things Village on August 8, Ryan Satterfield of the security consulting firm Planet Zuda demonstrated a takedown of a Parrot A.R.Drone by exploiting the drone’s built-in Wi-Fi and an open telnet port on the drone’s implementation of the  BusyBox real-time operating system. Connecting to the drone gave him root access to the controller, and he was able to kill the processes controlling flight—causing the drone to drop to the ground.

Ryan Satterfield reproduces the Parrot A.R.Drone 2.0 hack he demonstrated at DEF CON.

In a session at DEF CON on August 9, researcher Michael Robinson, a security analyst and adjunct professor at Stevenson University in Maryland and George Mason University in Northern Virginia, dove further into the vulnerabilities of Parrot’s drones, discussing his research on the Bebop drone in a session entitled, “Knocking My Neighbor’s Kid’s Cruddy Drone Offline.” Robinson noted that because of the Parrot’s open Wi-Fi connection, it would allow anyone with the free Parrot app on a mobile device to pair with the drone in-flight. Using a Wi-Fi “de-auth” attack, he was able to disconnect the control app on the operator’s device and take control with the app from another while the operator of the original controlling device attempted to re-establish a Wi-Fi connection. The new pilot could then simply fly the drone wherever he desired. Robinson warned anyone who planned to take over someone else’s Parrot drone that the mobile app left forensic artifacts on mobile devices—including the serial number of the drone.

Read 4 remaining paragraphs | Comments

gallery, Gear & Gadgets, Japan, The Multiverse

Gallery: A practical, low-tech Japan

When I was growing up, I was always told that we have so much to learn from Japan. I grew up during the rise of the Japanese auto industry, I was taught “Japanese” business tactics, and I watched movies like Gung Ho that portrayed discipline, perseverance, and efficiency.

On my first trip to Japan, though, I wanted to explore the weird and wacky high-tech world the media has portrayed so often. What I found was a place that isn’t as “high tech” as many westerners assume but rather a relatively “low tech” cornucopia of conveniences that could make many westerners jealous.

Jennifer Hahn

My Internet: $13/7-day sim from Amazon and Airbnb-provided portable Wi-Fi.

26 more images in gallery

The first thing I noticed was the lack of “open” Wi-Fi before leaving for Japan. My research found that in most places, free Wi-Fi had to be registered for before entering Japan; it’s not ubiquitous. Despite the airports or an occasional restaurant or tourist site offering free Wi-Fi, I found this to be true. Luckily, my Airbnb provided me with a free mobile access point, and my $13 sim for my unlocked Blu Android phone filled in the gaps.

Read 3 remaining paragraphs | Comments

Android, exploits, Gear & Gadgets, malware, Risk Assessment, Technology Lab, vulnerabilities

Android security on the ropes with one-two punch from researchers

Android security woes got worse on Thursday, with two separate reports of code defects that put millions of end users at risk.

The first involves the update Google released last week fixing a flaw that allowed attackers to execute malicious code on an estimated 950 million phones with nothing more than a maliciously crafted text message. Seven days later, security researchers are reporting that the patch, which has been in Google’s possession since April, is so flawed that attackers can exploit the vulnerability anyway.

“The patch is 4 lines of code and was (presumably) reviewed by Google engineers prior to shipping,” Jordan Gruskovnjak and Aaron Portnoy, who are researchers with security firm Exodus Intelligence, wrote in a blog post published Thursday. “The public at large believes the current patch protects them when it in fact does not.”

Read 6 remaining paragraphs | Comments

Gear & Gadgets, Infinite Loop, OS X, yosemite

Apple releases OS X 10.10.5 to squash Mail, Photos, and QuickTime bugs

Apple has just released OS X 10.10.5, the fifth (and likely last) major update to OS X Yosemite. It can be downloaded now through the Update tab in the Mac App Store, or you can look for standalone installers to hit Apple’s download page later in the day.

The update contains a fix for a bug that gives attackers unfettered root privileges, a feat that makes it easier to surreptitiously infect Macs with rootkits and other types of persistent malware. Shortly after the vulnerability was publicly disclosed, adware distributors started exploiting it in the wild so they could install potentially unwanted applications without requiring end users to enter system passwords.

The list of specific feature fixes is short: it improves Mail’s “compatibility with certain e-mail servers,” fixes a problem with GoPro camera imports into the Photos app, and a problem that kept Windows Media files from playing in QuickTime. The update also fixes an extensive list of security problems in Apache, Bluetooth, CloudKit, the OS kernel, and a handful of other apps and services—all of that information is available here.

Read 1 remaining paragraphs | Comments