The Problems With the Internet of Things

As more and more Internet of Things (IoT) devices are bought and set up, there is a growing concern for what they can do, in addition to their normal purpose.  The security researcher, Brian Krebs, had his website brought down by a Distributed Denial of Service (DDoS) attack.  The company who formerly hosted Krebs and his security, Akamai, said that the attack was brought on by hundreds of hacked IoT devices (he has since started using Google’s protective services).  This didn’t use reflection or replication attacks, either; it used traditional methods of denial of service, by flooding his site for requests.  Akamai says that this is the largest DDoS they have ever seen.  This brings me to the question: how can we prevent and/or mitigate these sort of attacks?

This attack was brought on mainly by unsecured, un-maintained IoT devices.  More recently, these devices have been manufactured, released, and not updated.  The average consumer of these IoT devices know that the features of the device make it such that one can easily control it from afar, often times with one’s mobile phone.  What they do not realize is that hackers can also break into these devices and use them, too.  Often, the manufacturer will throw in a free OS (such as GNU/Linux), add on their thin, proprietary layer, and sell it.  They do not realize the problem they are creating, as exemplified in the attack on Krebs’ website.

It is true that there is a cost to updating and maintaining these devices.  Which company wants to have a costly developer staff just to update the software on their line of light bulbs?  Then again, which company wants to be known for the product which aided in bringing down Google’s servers?  Either way, there’s going to have to be a way for these devices to get updated.

Usually what a user will find on these IoT devices is an embedded OS like GNU/Linux.  So why not develop a distribution that utilizes open standards and receives regular update?  Similar to Android, yet with stricter guidelines.  A company could, for instance, set up a distribution with safety, compatibility, and interoperability in mind.  They could work with the IoT device manufacturers in making products that work together, and can be updated regularly.  Though let’s not just talk about the manufacturers; the consumer also has a responsibility, too.  (It’s worth noting that there is an embedded GNU/Linux distribution that can be easily built and configured for IoT devices.)

The average consumer of IoT devices will have to learn about the extended benefits of these IoT devices, and they must realize that they come with a much greater risk.  Indeed, one cannot put a simple toaster in the same category as a light bulb which one can control with a mobile phone.  They must be made aware that an attacker can take control of their IoT devices and used for malicious purposes.  This doesn’t mean that they need to be scared into acting, though, because actions made in fear are, often times, poor choices.  They should be informed that it’s possible for this to occur, and that there are forces in place which are trying to counter these attacks.

Going forward, companies that make IoT devices, and consumers of IoT devices, must be more safety conscious, for there are malicious forces in the world who are ready and able to make use of these devices for their own nefarious purposes.

So I wrote a cute screensaver

A few months ago, I found a GIF of Kirby (or rather a bunch of Kirbys) dancing. I thought, This would be even cooler if it was set to music. So I set about writing a simple, little HTML5 screensaver.

In the Cinnamon Desktop for Linux Mint, you can write screensavers in HTML5 (technically, it uses Webkit, but we all know that’s a fancier version of KHTML). So I wrote this, chose some dance music, and had it play said dance music randomly every time the computer screen is locked.

If you wish to see a video of it in action, here it is:

My attempts at watching a video on job hunting

For the past couple of days, I have put off watching this video called “5 Fast Ways to Make Yourself More Hireable”, which was put out by the The Society for Collegiate Leadership and Achievement. When I finally sat down to watch the thing, I couldn’t view it.

I don’t know why I couldn’t view it. Maybe it was my web browser (Firefox for life!), or maybe it was the add-ons that I have active. Even when turning them off, I still couldn’t watch the video. Now, I’m not one to be deterred by a simple browser error. That’s when I looked into the sources of the page.

In the sources of the page was a bunch of Javascript code. Perusing the code, I easily found code snippets (which were nicely marked) that were meant for outside services. I know it’s been a while since I’ve written anything related to HTML and Javascript, but boy was this code obfuscated. I could barely read this stuff.

Anyway, after digging through the muck, I found the actual source of the video: an embedded iFrame. Boy, I didn’t think sites still used those. Still, I was able to watch the video. And hopefully after that, I’ll be able to find the job I want.

Thoughts on Green Finance as well as climate change

I was reading the BBC website last week (like I normally do each day) when I happened upon this article on Green Finance being a big opportunity.  One of the points the author first makes is that capital flows from one advanced country to another, growing economy, with which I can agree.  There is emerging so-called “Green Bonds”.  These bonds are being used to finance projects which are trying to find renewable energy sources or reduce carbon emissions.  The article warns that, when the Green Bonds actually do become more popular, it may be too late, and the projects will not be able to reverse the effects of climate change (the man interviewed in the article, the Bank of England Governor Mark Carney, said that Green Bonds only represent 1% of global financial institutions, so growth is going to take a while).  What’s stranger, though, is that he makes the comment that they shouldn’t grow too fast, that it could “materially damage financial stability.” I take this to mean that, even though these countries really need to cut their carbon emissions, the change to renewable sources may be too costly.  The cost of this change could be in researching how to better implement these new sources of energy (or other renewable resources), or the cost could also be in time, as setting up these sources and integrating them into a manufacturer’s processes will take time.  And machines the size of whole countries move slowly.

The article also talks about Carney urging businesses to disclose the risks that climate change pose to their businesses.  This part makes me ask: how does one exactly do that?  While a business can chart the rising cost of fossil fuels (due to the rising expense of drilling and refining oil), how does one exactly measure the impact of smog or carbon emissions?  It’s true that there’s a health risk to smog, and green house gases are leading to higher sea levels.  But how does this impact business?  Could they show how the change in weather affects their business?  One might be able to calculate the damage severe weather poses to their factories, e.g. flood damage, hail damage, and hurricane damage.  Another way could be to simulate how smog affects the company’s workers in a dirty city.  But will the numbers they calculate be close to reality?  Or will they have to give a qualitative answer to the problem?  From what I’ve read, some organizations and governments have been able to calculate how much climate can cost.

In any case, climate change is going to be very expensive for businesses in the future, and it’s about time we started investing in a plan to mitigate this disaster that’s waiting to happen.