Packet Analysis

Identifying suspicious network traffic packets

Some indicators of malicious stuff

1. Failed connection/login attempts (first TCP packet via TLS session)

2. RST = Reset   , indicates an error when trying to connect (not always nefarious, usually very common)

3. Low TTL's



The first TCP packet is the handshake (SYN) from Client > Server

 

Server SYN+ACK: after client SYN, server sends SYN+ACK to client.
o Server SYN to initiate server side of TCP stream

o Server ACK to acknowledge client’s SYN packet.

 Client ACK: finally, client acknowledges server SYN.

List all TCP streams with  tcp.stream eq 0


Analyze the "Client Hello" from the TLS sessions to look for any inconsistencies
Consider any differences in:
TLS Version
Cipher Suites
Extensions



Selecting one packet in the target TLS/SSL stream.
 Then: Analyze->Follow->SSL Stream.

 This should display the content of that stream in a pop-up dialog box. It will also automatically set a display filter such that only packets from that TLS/SSL stream will appear in Wireshark’s packet list window.

2015 PC Build

Finally picked out some decent parts for my next PC build, and I caught a sale on the case last week on NewEgg. I'm posting the prices I paid for the parts for anyone interested in rough estimate of this build. If I see a comparable product on sale I might just buy it, and will update this list accordingly.

Purchased:
Corsair Carbide Series Air 540 (White)      Got on sale on NewEgg @ $119 shipped

Phantek PH-F140SP 140mm fan (2x)


Planning to buy:
AMD FX-6350  @  $126

ASUS Sabertooth 990FX  @ $180

EVGA SuperNOVA 850w Gold/FullModular @ $155

Will update with fan selections soon, I am also cannibalizing my RAM, videocard, and HDD's from my previous build which will help save some cash.

Next Generation Identification - The FBI's new facial-recognition system

"To ensure that those who care for our most vulnerable, those charged with protecting our nation and its citizens, can be trusted."  -Lockheed Martin

As stated above by the creators of this controversial piece of technology, it is to ensure security, not compromise it. Anyone who has ever submitted to a background check, did so because they were applying for some type of sensitive position, or working with someone or something that needed protection. Wouldn't it make sense to continue to watch these people, to ensure they remain trustworthy and responsible? Is one single background check enough? Enough of the cries of "Big Brother!", this tool will help law enforcement do their jobs. I'm sure there are some ways & tools you could use to make your job easier aren't there? Maybe some you haven't even thought about yet. This one is here now, so let's make the best of it, let's learn about it, let's use it for good. A few bad people may get their hands on it, but does that mean we should stop innovating as a society? Remember WikiLeaks? Should we deprive all of humanity any new technology and any chance of progressing, just because we have an irrational fear that somewhere, someday, someone might use it against us? We never would have left the stone age. Let's stop being paranoid, suspicious, and cynical.

"The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology within the IAFIS environment." -FBI

• Project NGI has been in process since 2006 (The privacy threshold analysis was developed in 2006) 

Regardless of the EFF's claims (Electronic Frontier Foundation) of threats to privacy, the project has also been adhering to the Privacy Act. This is not just some amateur, rogue software someone developed in their basement without concern to others well-being. Let's also not forget that Facebook is using the same concept for no real philanthropic purpose at all.

• People with no criminal history could be impacted.

Let's define "Impacted" here....Impacted how? Their pictures are thrown into a pile of suspects just because they look like the actual criminal? Is that an impact? No, no impact there, their pictures are already in a database somewhere. That is a passive effect of this system. (I'm not saying they should be thrown into a pile of suspects, I'm saying you wouldn't know if that happened or not unless someone called you and told you.)
What if they're actually called into the police station and questioned about the crime based on their photo inclusion? Now we're talking. That's an impact. That would not be good, but there's no evidence of that happening. Where are the stories about computers wrongfully selecting a criminal and convicting them? I've heard of people convicting people, and witnesses lying or picking the wrong person, but haven't heard the one about a computer making the same mistake, though I'm open to studying it, after all, it's humans who build the computers and systems we're talking about.

• Snowden already gave us a heads-up this was happening.

Nobody seemed to care much or believe him, but as soon as the official announcement comes from the source, direct from the horse's mouth, everyone cries foul. Why? Why not spearhead an operation to counter-attack this, violent, unacceptable intrusion of our privacy?

Why don't we all simmer down and see how many criminals we can catch with this new system first.


Sources:

1. http://www.wptv.com/news/national/fbi-finishes-1b-facial-recognition-system
2. http://america.aljazeera.com/articles/2014/9/15/fbi-facial-recognition.html
3. http://america.aljazeera.com/articles/2014/6/1/nsa-facial-recognition.html
4. http://www.news.com.au/technology/science/fbis-facial-recognition-system-will-combine-faces-of-criminals-and-ordinary-citizens/story-fn5fsgyc-1227060756329
5. http://www.lockheedmartin.com/us/products/ngi.html
6. http://www.fbi.gov/about-us/cjis/fingerprints_biometrics/ngi

Google acquires Twitch.tv, Moisture Minder, Online Privacy (AGAIN?!?!)

Google Acquires Twitch.tv

Coming off last week's DOTA2 International Tournament 4 (TI4), we now know how big online PC gaming really is. Didn't think that many people were involved? Ha. Think again, and check the stats, noob! Google has now finally purchased one of the biggest game-streamers there is: Twitch.tv

They purchased it a little late in my opinion, the industry may be at its peak this year and in 2015. There's still room for profits, but if they didn't have the foresight to buy them out last year or the year before, I'm not sure they'll have the foresight to manage it, or get out in time to make that profit they're chasing. I'm sure they're not in it to help the gaming industry, considering Facebook beat them out over the Rift, and I haven't seen many investments in computer gaming recently. Anyway, I wish them luck, and hope to see them at TI5, at least they will draw bigger sponsors and vendors next year.

Moisture Minder Wally

One excuse I have for not blogging the past month is that my water heater failed, and started gushing water directly out of its side. I woke up to one of my small dogs lapping water in the bedroom. I thought to myself in a daze, "I don't remember bringing his water bowl in here, and the direction I'm hearing it from doesn't sound like he's drinking from the toilet, heck he's not even big enough to reach it. He must have peed and is drinking his own pee off the floor. Gross." As I rolled out of bed and set my feet on the tile, they submerged about 2 inches in water. Hot water. I still wasn't sure what was happening, as I stood up, I could hear a faint gushing of water. Sometimes I can hear my upstairs neighbors flush their toilet, or even taking a shower if I listened very carefully (which I don't often do, don't worry) but this was alot louder than those sounds. I walked toward the gushing sound, opened the utility closet, and saw the water rushing from the side of the tank at about the same rate as your shower faucet would be on full blast when filling the tub for a bath. It was that fast. Long story short, I cut the water feed, then I cut the breakers and electricity to the whole house, because to my horror, I saw a surge protector floating in the water with about 7 wires connected. The water covered the entire floor of every room in my 1,200 sqFt condo, I was moved into my parents house for the full month, and it took another 22 days to complete the full restoration of all the old formica cabinets (2 baths and kitchen). The dogs are okay and everything is back to normal.

The point of that story is to let everyone know about this product I read about that would have saved me from all of that crap: The Wally Moisture Minder

You connect a central hub unit to your Wifi, install the app, and then place the wireless sensors anywhere in your home that you are worried may leak one day. The sensors send signals to the app within 5 minutes of detection. It would have saved me alot of time and heartache if I had this product installed at the base of my water heater utility closet that morning. It would have gone off after about 5 minutes or less, and I may have mitigated the damage to only that closet, and been able to replace the water heater. Instead, I had to replace over $17,000 worth of cabinets, furniture, and flooring. I was also out of my home with construction and restoration workers in & out for over a month. Not the best experience. Like a carbon monoxide or smoke detector, everyone should have at least 1 or 2 of these things installed. Technical Papers for the Wally

Online Privacy 2014

Are we still talking about this? I hate to include this in this week's blog, but it's still all over the news. Can everyone just accept the fact that nobody will ever have true privacy? If you want privacy, move to your own island, get off the grid, stay off the internet. I've said it before and I'll say it again: As soon as you go "online", you're signing an invisible TOS that specifies you may fall victim to cybercrime, spammers, hackers, and any other type of electronic evil entity (EEE) you could imagine. Stop doing questionable things online, stop being paranoid. Remember the early 90's? When you would log on AOL 3.0 just to talk to your friends about your day? Join chatrooms to discuss hobbies or other cool stuff? I don't remember being concerned about privacy back then, do you? Why do we have so much to hide today? It's because we've volunteered all of our most secret, private information to go up "into the cloud". WE put it there. Nobody stole it from us. There's nobody to blame here. Would you stop trusting all the banks of the world because the one you used got robbed? No, you wouldn't, so stop crying about the entire internet being insecure. I'll try not to rant about this topic anymore but it just keeps popping up, so I thought I would address it again. If I change my opinion or some hacker/privacy invincibility software finally gets created, I'll post about it. Until then, get a VPN and be smart with your sensitive data. There's not much more we can do.

Google's Self-Driving Car & It's Ripple Effect On Traffic

   A recent article has pulled back the curtain surrounding some of the mystery of the Google self-driving car. Instead of processing road conditions and obstacles in real-time, as they happen, the Google car is following a pre-plotted virtual track that has been laid out for it on specified roads. The car still has to react to dynamic and spontaneous events, such as a pedestrian walking out in front of it, or even other human drivers, but I just wanted to help clear the air about what the technology is really capable of, including its limits. As of 2014, there are 2,000 miles "mapped" for Google Car to use, however they also boast that there have been 700,000 miles driven. This means that the same 2,000 mile route has been driven 350 times, it doesn't mean that you could send the Google car off for 700,000 miles alone and it would never crash. The technology of course is still very cutting-edge and impressive, but there's still a lot of work left before they "take over the roads" as everyone seems to be concerned about.

Some questions regarding laws that will be affected by the automated cars include:

Orange - Unanswered Questions

Red - New Problem Created

Green - Problems Solved

• Gas/maintenance/repair cost 

Who will be responsible for the fuel and maintenance of the vehicle? Will the manufacturer program the vehicle with alerts of low fuel and drive itself to the gas station and fill up? Will it be fully electric? Will the passenger be required to pay for the service to cover the cost of gas?

• Drunk driving

 Will people be allowed to enter the vehicle drunk? What if they abuse the controls in the vehicle (emergency stop, etc) Can they bring open containers into the vehicle? Why or why not?

• Distracted driving

 This issue would be eliminated entirely from society. Prove me wrong.

• Speeding

 Also would not be a problem anymore.

• Wreckless driving

 The car would always be following the same path, driving at the same speed. There would be no cases of a wildly swerving, out of control Google car flying through neighborhood streets. There would be a lot of wreckless driving though, because there wouldn't be any wrecks!

• Insurance

 Who would the insurance fall under? Would passengers have to pay for insurance while they're in transit? Would Google only be liable for the health of the passenger and damage to the car? WHat if someone with no other form of transportation wanted to commit a crime, and used the Google car as the getaway vehicle?

• Seniors

 Senior citizens who are unable to drive any longer would be able to have their freedom back. I live in South Florida so I see alot of really bad older drivers and I also see this as another point which would cut down on accident

• Young drivers

I counted this as a potential "problem" because younger people, who typically get to experience driving as young as 16, would not have a chance at learning how to drive. They would just sit in the car and go. Eventually we would be phasing out all skills and sense of awareness most of us only use while driving. We would always have video games, though.

• Accident faults

How could we prove a system malfunction in a Google car? What if two of them crashed? Who would defend or represent the Google car system in a court of law if something ever happened? I listed this as a problem and not a question because it creates the problem of figuring this out, and it is one of the most important problems that should have been solved long before this venture met the pavement.

• Parking/need for Parking Lots 

Solved with simple math and accounting for annual tourism numbers. The only problem with this plan is that people would have to be willing to carpool, and the Google cars would have to increase in size for mass transit. You wouldn't need parking lots because the car would stop at the curb to unload passengers, it wouldn't need to park anywhere other than its own car lot, or if there were some type of "Park & Wait" program built into this plan.

Future Considerations:

• Jurassic Park vehicles/Theme park transportation

Let's remember the cars from Jurassic Park. They were on physical tracks, but we're talking about the same thing. We could use these cars on tours (such as Lion Country Safari down here in Florida) or any other zoos or wild adventure setting (think African Safari tours, or other dangerous places). Taking driving out of the equation, you could focus on enjoying the ride and snapping pictures. You could use it for long distance applications also, a 5-hour trip to Key West? No problem. Not as much planning required, and you won't have to worry about missing that exit anymore either.

• Partial self-driving traffic

Let's say 50% of the population are manual drivers, the other 50% are automated Google cars. What problems would arise? Well, we've had a preview of the interaction, and the only accidents that have happened were because a human rear-ended the Google car. Things would still be somewhat inefficient because the 50% human drivers would still be a bottleneck to the system. Traffic would operate at full efficiency with 100% automated cars.

• Fully self-driving traffic

With 100% of the cars on the road being fully automated, there wouldn't be a purpose for traffic lights. Think about it, the lights are only to inform humans about what the other lanes are doing, because we can't know or calculate that sort of thing ourselves. But a Google car can. A Google car could see another one coming, and perform calculations (by adjusting speed) to avoid the other cars. In this way, traffic would constantly flow through each other without ever contacting one another (though it may come very close) Cars would only need to come to a full stop when they are dropping off their passengers, as traffic jams would be non-existent (or avoidable)

Hardware used:
Light Detection And Ranging (Lidar remote sensing/visual sonar)
Velodyne 64-beam laser (to generate 3D visual map)

Sources:

Why Google's self-driving car will fail

How does Google's self-driving car work?

Google's Official Blog Post from 2010

Google's Official Blog Post from 2014

Who gets the traffic ticket?

Mapping out tracks for Google cars 

Land Rover's Transparent Hood

One of the hot tech news articles that have been floating around online recently is that Land Rover was able to invent this Transparent Hood technology. However, for the rest of us who have been following tech, specifically cloaking and invisibility concepts, we already know that the military has been toying with things like this for years. It is still exciting that it has finally landed on the consumer market, and everyone who uses it will benefit from it. There are also some differences between traditional cloaking concepts, and what Land Rover has patented.

The traditional cloaking method I am referring to is known as Quantum Stealth Technology.
This method removes visual light, infrared light, thermal signatures, and the shadow cast by the target. This method is different from what land Rover has announced because this method does not use cameras, batteries, lights, or mirrors. This method works by bending the light waves around the target.

The Land Rover method uses cameras and a windshield projection system. It is also possible by using augmented reality. The cameras are located on the lower-front bumper of the vehicle, and the video is fed to a projector inside the car, and projected onto the inside of the windshield. The video feed is superimposed onto the hood of the vehicle, so it looks like the hood is transparent.

Now you can see that the Quantum Stealth method is far superior, as one can view the object from any angle, and never see the target, whereas Land Rover's method is only useful from inside the car. However, someday I am hopeful that the car manufacturers will start making hoods out of the Quantum Stealth material.

Here are two products you can use to build your own transparent hood system:

Car Rear Vehicle Backup View Camera (Waterproof)

Garmin Head-Up Display (HUD) Dashboard Mounted Windshield Projector

After the basic setup, you would need to tinker with the transparency settings on the projector to get it just right, possibly even digging into the software itself to customize the display output further. This setup probably wouldn't look exactly the same as the examples, and wouldn't include visuals of the tires as it's simply projecting the image onto the dashboard, but it's the same concept. To be perfect, you would also want a much wider reflector lens that spans the entire width of the windshield, and that means more tweaking of the display output. The project would require a ton of customization but the point is, it's not impossible to do on your own, so don't feel like you have to buy a Land Rover to get this type of technology. I'm sure we will see it on every make and model in the next few years.


Sources:  
http://www.businessinsider.com/land-rover-invented-a-disappearing-hood-2014-4
https://www.landrover.com/us/en/lr/
http://www.hyperstealth.com/Quantum-Stealth/
https://www.youtube.com/watch?v=1Nj0vCSBFT8
http://www.occupycorporatism.com/home/scientists-perfect-nano-tech-develop-invisibility-cloak/

Building a Raspberry Pi Cluster

Slow internets got you down? Keep getting pwnd in-game because of choppy video rendering? Thinking about a new computer? Should you buy one or just build a quick fast setup?
I had the same questions 3 years ago and I ended up just building a cheap setup with the fastest components at the time, also was able to salvage some leftovers from a previous purchase.
I ended up with the following items for about $300 shipped from Newegg:

PowerColor AX4650 1GBK3-H Radeon HD 4650 1GB 128-Bit DDR3 PCI Express 2.0 x16

PNY Optima 8GB (4 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10666)

RAIDMAX Tornado ATX-238B Black SECC ATX Mid Tower Case 

AMD Athlon II X2 245 Regor 2.9GHz Socket AM3 65W

BIOSTAR A770E3 AM3 AMD 770 ATX AMD Motherboard

Western Digital Caviar SE RFHWD3200JS 320GB 7200 RPM 8MB Cache SATA 3.0Gb/s 3.5"

Almost all of those items were refurbs or open-box discounted (2011) I already had a keyboard, mouse, monitor, and I was going to use it as a Linux box so I didn't need the extra $100 for an OS. This was an easy and cheap build to get online and do what I needed. Eventually I was able to upgrade the video card and even got to run Diablo 3, Starcraft 2, DOTA2, and other medium load games on it with low settings.

The motherboard and processor are the bottleneck on this system.
Anyway, the point is that you can build a decent computer very cheaply now if you have the main peripherals already. It's been this way for a while, but a new piece of hardware has emerged to help us build even cheaper than before: The Raspberry Pi

I'm a little late to the scene here but I'd like to write about it anyway, because I plan on building a small Pi cluster in the near future.
From my understanding of a simple Pi Cluster (let's say 5 nodes), you'll need:

5x Raspberry Pi = $210

Pi Power Hub = $30
Wi-Pi wifi dongle = $10
5x  Cat6A Ethernet Cables (1-Foot lengths) = $25 (this is one exception where you could go with quality-tested cables for a total of closer to $60)

Don't forget the typical desktop peripherals you'll need too: keyboard, mouse, monitor, ethernet cables, etc. (Think of this project as an extension of your existing desktop setup)

Items above are priced at MCMelectronics.com and BlueJeansCable.com
 
For a custom-built rack, sized to whatever specifications and dimensions you can think of, check out  Sheep Plastics, very affordable and very customizable pieces of acrylic to mount your Pi onto.
Heck, you could probably even build a full-size tower from them too.

---

Sources:

Blue Jeans Cables

MCMelectronics.com

A 32-node Pi cluster

How-To build a Raspberry Pi server cluster

40-core cluster with 20GB RAM & 5TB Storage

Mini-Cluster Setup

Small cluster from Southampton

Custom-cut acrylic

The Swallowable Pill-Cam

Introducing the Pill Cam! Brought to you by Given Imaging , this little bugger floats through your gastro system, taking snapshots of your intestines, and sending the images back to a device you can wear on your chest or belt, and turn in the device to your physician for further examination. This pill-cam is already in use in over 80 countries, and the FDA finally approved it for use here in the United States.

The hardware involved is:
Two Energizer 399 1.55V, 54-mAhr silver-oxide coin cells
One Aptina CMOS image sensor
Four LEDs on each end of the pill
One microelectricomechanical system switch 

The software involved is:
RAPID Reader v8

This is great technology because it's bridging the gap between macro-tech and nano-tech. We're able to ingest technology now, and send it through our digestive system. It's sort of like sending a satellite into outer space, or a submarine down into the depths of the Mariana's Trench. Sure we can observe and study our intestines with other methods, but this is right up close and personal. It gives us a much better perspective, it even allows us to visually experience the path that food or medication might take through our system. We might be able to discover more unknown behaviors of the human body this way than in studying static images and data.

Future applications for this technology could include delivery of medication directly to the site of the problem, instead of putting the whole body through the stress of delivering the medication, and recruiting more organ systems than necessary. I imagine this same pill with a remotely controllable cap or delivery system. I imagine this pill technology getting smaller and smaller, to the nano level we've been dreaming of, and battling with cells of all types at the cellular level.

---

Sources:

http://www.engadget.com/2014/02/04/fda-approves-pillcam-colon-colonoscopy/

http://www.fda.gov/MedicalDevices/default.htm

Pillcam Colon 2 Technical Specs

http://en.wikipedia.org/wiki/RF_MEMS

PillCam Software 

Bitcoin

****Update 9/30/2019: Yes I realize I'm an idiot****

I originally had drafted a nice little entry about what bitcoins are, how they work, why it's so popular, etc. but I couldn't get excited enough about the topic, and I really thought bitcoin was going to just fade away like any other internet fad. Then I saw Google Trends this week, and it's still the top-searched subject. I can't and won't ignore the fact that bitcoin is hugely popular now, and will remain so for the foreseeable future. Since everyone still seems to be interested, I decided to post the entry after all. I'm still getting used to blogging, and realizing that I can't always pick and choose the topics, I need to go with what's popular, so I can reach the most people possible and help them out any way I can.
Hope you like it.

Simplest version of how Bitcoin works

More technical explanation

Some bitcoin terminology:

Block -A record that contains and confirms a waiting transaction

Chain - The public group of blocks (transactions) in chronological order

Double Spending - Spending the same bitcoin in 2 places at the same time, in hopes they will process before either transaction is confirmed.

Mining - A way for bitcoin users to earn bitcoins by using their hardware's processing power to confirm transactions in the block chain

Wallet - The virtual container for private keys & signatures

Signature -The mathematical algorithm used to prove ownership of a bitcoin

---

Steps to start working with bitcoin.

1. Get the software.

2. Get the wallet.

3. Start mining.

4. Start spending.

5. Monitor the economy.

---

My personal problems with Bitcoin, and why I won't invest until they're resolved: I have considered buying bitcoin just to reverse-engineer the system to learn how it works, but honestly after doing some research for this blog entry, that's not necessary. I know enough to steer clear of it. It may be great for short-term investment (if you're lucky) but here are the reasons I won't invest in Bitcoins for long-term:

1. Bitcoin is 100% dependent on technology and computer systems. You need it to create a bitcoin, send a bitcoin, and receive a bitcoin. What happens when our internet protocols change or evolve? What happens if a worldwide crisis (or local crisis) occurs where we lose connectivity? What happens when someone figures out how to counterfeit bitcoins? It's these reasons that make bitcoin unpredictable both long-term and short-term. This also cancels out the argument that people use regarding the "value of the U.S. dollar declining" because at least deflation is predictable. Bitcoins are not, there is no precedent for a digital economy of this scale, and there are no economic indicators to warn people when to sell or rumors that might benefit mass purchase. This tech dependency also precludes the poorer households or economies from buying bitcoins. This will expose contradictions in the people crying about government control and the 1% because not many people in the 99% will either afford or care about investing in bitcoin. The labor theory of value also comes into play here. Would the average person be willing to work as hard for 1.5% of one bitcoin as you would for $12 cash? No, they wouldn't.

2. Hard currency will always be better (more valuable to the most people) than a representation of the same currency (reserve notes, certificates, stock, bitcoin). Sure, you might not make $1,000 on an ounce of silver in 1 year, but guess what? You won't lose it either. There's less risk and more stability with hard currency, because the value is within the physical material itself, not the cost or risk of transferring that value to another form.

3. Most of you will scoff and stop reading after this sentence, but we need a government at some level. You can substitute "government" for whatever word you want here, but some system has to be in place for checks & balances. The control does not have to be as high and invasive as it currently is, but we do need a government in place to help guide and manage the economy. Alot of people are looking to bitcoin as the government end-all, or a government "work-around". Governments are meant to be social guardians. Not all of them in the world are, but in the United States, it is our social guardian. The fact is that even if we're able to build up bitcoin to become the primary economy, there will still be structure, control, and rules in place. Guess what those things are collectively known as? A Government. Some might say "No it's not, it's a self-governing system" well, you might be right, but there's that word again right in the middle of your rebuttal: Government. Until people stop crying about the government and start working together to solve problems, I'm not investing. Same with DOTA2.

4. There is no way to safeguard your bitcoins. Over $1M was stolen from a company in 2013 because someone was able to pull off some simple social networking people have been using since the early 90's to gain access to unauthorized areas online. If you have cash in your hand today, who do you depend on? Who do you have to trust? Yourself only. If you have bitcoins stored online who do you have to trust? You have to trust the company hosting your bitcoin wallet, and all of the people involved with that company, along with the company you're spending your bitcoin on. Sure there's risks with cash, but it's much easier to mitigate than the wild wild west of the internet. It's not as bad as it used to be, but there's still more problems online than offline.

Sources:

Bitcoin Guide from Instructables

Risk factors

Quantum Teleportation & Potential Role of the 3D Printer

Updated Article November 2014: http://www.naturalmachines.com/

Updated Article July 2014:  http://www.cnet.com/news/microsoft-explains-quantum-computing-so-even-you-can-understand/

Updated Article May 2014:  http://www.nytimes.com/2014/05/30/science/scientists-report-finding-reliable-way-to-teleport-data.html?_r=2

Updated Article * http://io9.com/physicists-say-energy-can-be-teleported-without-a-limi-1511624230

The basic idea of quantum teleportation is this:

1. Scan & disassemble an object (at the molecular/atomic level). Disassembly of the object is imperative here, otherwise it would only be a clone or copy.

2. Transport the disassembled "material" to another location (without traversing physical space). The disassembled object needs to be transported to another location. The object cannot be destroyed, that would mean the transported object is different than the original. The transportation method cannot use air, sound, light, or any other physical medium.

3. Reassemble the "material" at a target location, in the exact form it was broken down previously.

I had a fleeting through recently about 3D printers, and how they seemingly can create an object out of thin air, and I thought about teleportation, and whether the two would ever intersect. I realized that it's possible, but there are several giant problems currently keeping the two incompatible.

Today we have 3D printers, which are capable of performing the last step of teleportation: re-assembly. The reason we may not be able to utilize 3D printers for this experiment is because 3D printers are only able to create objects based on a blueprint or plan of some type. These printers can be used someday to manifest the object, however they will still need the core ability to "receive" the teleported item before printing it.

Will 3D printers have a role in teleportation at all?
Physicists at ETH Zurich performed teleportation successfully on a 7x7mm chip. They were able to do this without any type of re-assembler, the material simply appeared out of thin air. It may be that 3D printers have no role in teleportation at all, and will remain a neat piece of hardware with no potential contribution to the teleportation industry.

For example, there is a laboratory in North Carolina which is currently able to synthesize vaccines for a specific virus on-demand. A lab in California could report a virus at 1:00PM, and the lab in North Carolina could send them the digital "plans" (or blueprints) by 1:30PM. The lab in California could upload the digital data to the physical machine that is capable of synthesizing the vaccine, having it ready for injection by 2:00PM. 

1st Teleportation violation: The vaccine received & "re-assembled" is not the same material that was scanned at its origin source, it was simply cloned at another location using plans from somewhere else.

2nd Teleportation violation: The digital information traverses the physical space between the origin and the destination, via physical communication cables. Once again, the goal is to send the object directly to its destination, invisibly, without traversing physical space. Disappearing, reappearing.


In any case of quantum teleportation, there is no reassembler involved at all, the item just...... appears.  So what medium is used to transport the object? The answer lies in Quantum Entanglement, when two independent particles interact with each other in real-time, without physical connection, and with response times faster than the speed of light.

Once quantum teleportation is solidified and we can transport human beings consistently, without issue, there will be a few regulatory & practicality issues to contend with. First, we can't just have people teleporting whenever and wherever they want to. We would need a finite number of assigned teleport pads to receive and send people. What if the pad is taken?  Problems arise.
What would the energy cost or monetary cost be to the user?
What if two people tried to teleport to the same place at the same time?
What if the teleporter crashed or lost power during transmission?
Would there be a system in place to control who can go where?

At the end of the day, no, I don't believe 3D printers will ever have a role in teleporting objects.

Sources:

Realization of Deterministic Quantum Teleportation with Sold-State Qubits

Why don't we have teleportation? 

Facebook's Innovation

Let's examine why Facebook is leading the pack in the following areas of the web today:

• Hardware & Open Source Technologies
• Online Marketing & Social Networking
• Job Creation & Job Security

Hardware / Open Source Technology

Facebook has always been a pioneer for its own technologies and business strategies, including forming the Open Computer Project, and setting up data centers in the arctic circle.
Facebook uses ODMs (original design manufacturers) in Taiwan and China, rather than OEMs (original equipment manufacturers) like HP or Dell. This way, they are able to save themselves money by stripping out what they don't need. This saves the company approximately 24% during initial purchase phases, and 38% during overall operational maintenance costs.

Engineers at Facebook have also worked hard on finding ways to save the company money in maintenance and power costs, and they're not just hogging the ideas all to themselves, they're sharing the schematics with everyone. In this way, Facebook isn't only keeping the world connected (for free) but also enhancing and upgrading the experience for everyone at the same time. They're basically telling the world, this is how we're connecting everyone, and this is the set of tools and exact plans we're using to do it, go have fun. What other giant company can say that? Microsoft and Apple tend to bottleneck and pigeon-hole their customers into using specific products and following their own timeline and plan. They do have their own sets of development tools and share some of their technology with us, but it just isn't the same.

Networking / Marketing

Without going too far into the internet privacy debate, I would ask you what better option you have for a social network right now? A lot of people out there complain and cry about being spied on, or marketed to, but what else is there? When the marketing goes away, so will these types of tools, unless we step up and build them ourselves, with our own money, for free, and never ask for a dime. Facebook is the best social network available right now, and should be supported as far as possible until the next best rival appears, if ever.
One problem I do have, is with the inflated unique-user count. I would venture to say that at least 1/3 of all Facebook accounts are either alternate accounts, or created for fictional characters. For instance, one genuine user might have 2 additional accounts for their pets (like I do). I'm not saying it's wrong or bad, it just makes it harder to analyze the user base.

Job Creation & Job Security

Some voluntarily-submitted salary info from glassdoor show us why people love working there. It's a fun working environment coupled with a very healthy pay structure. Since Facebook is using cutting-edge technology and even creating its own in some cases, the company tends to attract younger graduates and more advanced engineers and technicians. This creates a desirable workplace for more serious professionals looking to push their careers to the next level. The company also has a very tight stranglehold on the above talking points, which ensures that the employees will be needed and utilized for more years to come.

Sources:

Oregon data center

Hardware

Shifting into ARM servers

Time Control Technology

I will be discussing concepts and methodologies of controlling objects in time. I am sourcing multiple sites to support the theories and proofs that it is possible. Everyone scoffs and laughs at the concept of Time Travel, but I don't hear many people discussing Time Control, which is why I wanted to outline some of the pros and cons of it here. Time control is the concept or method used to execute time travel, however in time travel we always think about the whole world being moved through time, instead of just a single object. What if we could control a small area of space, and control time only within that small area, placing objects in or out of that small, contained field? Guess what? We can!

Time reactors have been patented and spherical fields in which time can be slowed down or accelerated have already been created and repeated. This is no longer future technology, it's here, it just need more funding and acceptance into society.

For example, a spherical field, a "self-contained time-warped field" (about 1 foot diameter) can be generated with a very low energy level, in which time will move slower or faster inside the field than it does outside the field. Imagine placing one clock within the field, and another clock outside of the field, both set to the same times. After an hour, the clock within the field would be showing a time earlier or later than the outside clock, depending on the configuration of the field.

Expanding on this idea, if a human being were to sit in the field, and the time-warp was accelerated to 400x normal, the person would step out of the field after 2 days, and his environment around him would have aged over 2 full years. This could be considered "time travel" however not in the sense that Hollywood would have us believe. There would be no dramatic tunnel effect, no rocket ships or deloreans flying through space, you would simply have to remain within the affected field. Also, you would need to ensure that the field stays up and running for those 2 years outside of the field, or the warp would be interrupted.

• Frame-Dragging

 As stated by NASA - "Frame dragging is like what happens if a bowling ball spins in a thick fluid such as molasses. As the ball spins, it pulls the molasses around itself. Anything stuck in the molasses will also move around the ball. Similarly, as the Earth rotates, it pulls space-time in its vicinity around itself. This will shift the orbits of satellites near Earth."

Applications of this field technology include medical research and treatment. For instance, someone with cancer or a fast-growing tumor could enter a time-field chamber, and it would greatly extend their life by shortening the aging process. We could also study these things more carefully if we are able to slow them down to a rate we could test with.

Organ transplants would benefit because the fresh organ could be placed into the field, slowing down cellular death or environment effects on it during transportation to the new recipient.

Food could be placed in the field, keeping it fresher as it's transported to the market or selling point.

You could purchase a CD or invest in stocks, climb into the chamber, set it at 500x, climb out at the same age and with some extra money, and hopefully inflation and the government didn't take it all yet!


Sources:

The Anderson Institute

Time Control Technologies and Methodologies

David Lewis Anderson interview on Coast to Coast AM

Another interview with Dr. Anderson

Time Travel Paradoxes

OCR Technology

Optical Character Recognition is the conversion of scanned or photographic images into editable, machine-readable text that can be searched.

OCR works by submitting an image to an OCR engine. The engine works by matching pieces of the image provided to shapes it is instructed to recognize. For instance, if you were to make the letter "V" with your index and middle finger (also known as a 'peace sign') and submitted that photo to an OCR engine, the engine would identify that image as the letter "V", because the shape of your fingers best matches the letter "V", (assuming the engine is using the English alphabet.) The engine would then return the letter "V" as editable, plain text.

License plates can also be read using OCR technology

One major use of OCR technology can be found in any text-to-speech application, which are used by people with visual disabilities. They aren't able to read text from the screen, so the computer reads it out loud for them. The OCR engine goes through any given web page or document, converts the words into text, and runs it through another program as input, and then outputs the text as audible speech.

Some companies have also mastered the concept of OCR check deposits, allowing bank users to deposit checks into their accounts simply by taking a photo of the check with a cell phone, and uploading that image to the bank's server. As with the text-to-speech, there are two steps involved here, first is submitting the image of the check as input to the OCR engine, and then handing off the output of the engine as input into the bank's server where it can run the text against their internal database and handle the data like it normally would.

When filling out forms or entering secure areas online, you may have noticed those annoying confirmation boxes that force you to read something from an image and enter in the text as confirmation that you're a human being and not some type of web-bot. The reason these are in place is because of brute-force hacking. A brute-force hack, or multiple hack attempt would be someone setting up an automated macro process that repeatedly tries to log in to an area with a username thousands of times. It would have a dictionary with thousands of common passwords, and it would not stop until the list was depleted. Another reason is because there are automated "spiders" (or bots) patrolling the net for web pages to index. The confirmation box you see is called CAPTCHA, and it ensures that you are not a bot. By being able to read the text from the image with your eyes, and manually typing it into the box, you are essentially acting as a human OCR engine. You are converting an image into machine-readable text.

An example of a CAPTCHA

The annoying thing about them is that they are hard to read sometimes, and sometimes it takes multiple attempts to crack what should be an obvious entry code. They throw in symbols and break up the text to confuse bots that are OCR-capable, it's purpose is to confuse the engine and render the bot useless, forcing it to move onto another area.

Sources:

1. An Introduction to Optical Character Recognition

2. CAPTCHA

Happy New Year! Grapes and Hopes

Let's talk about genomics in 2014. Eric Schmidt mentioned in a recent interview, and a lot of us have been wondering about it for the last few years. What is it? What is its potential? Is it worth the time and resources?

Without going into a whole history lesson about what DNA is and how important it is to understand how the human body works, let's just agree on the fact that the human body is very complex, and took a long time to figure out, and even as it stands, we still don't have all the answers. This is where technology, serious technology, will finally merge into the medical domain.

A quick peek at medical tech: A 3,000 year old prosthetic toe was found on a mummy. Today, there are 3D printers capable of creating prosthetic toes, and even casts to help out with a broken arm. Prosthetics is a great solution to solve issues with aesthetics, or even functionality, but what about internal, life-threatening problems? This is where we will need more technical help in the future. This is the reason nanotechnology and cloning have always been at the forefront of these topics.



The reason we still need help with genomics, is because cancer still remains one of the main causes of mortality in our modern world. It's everyone's hope that we could just prevent, or even predict cancer.
The more details we can study about the human cell, the more chance we have of making a breakthrough discovery. No research is failed research, any progress helps, and the progress we make in the tech industry trickles down to other industries.

Genomics will get a huge boost in 2014 due to the increased demand for data management, and the relatively large advancement in data handling capabilities (larger and faster hard drives, etc). This will allow us to continue research at a faster rate, and create an environment where the discoveries of problems will outpace the ability to correct them. The Watson Computer could be used next year as well.

Last night I spent New Year's Eve with Colombians. Their tradition is to eat 12 grapes, right after midnight. Eating the 12 grapes ensures a year of prosperity, and wards away evil. As we ate our grapes and wished each other health and happiness, I appreciated that moment, and I appreciated everyone caring about each other. My hope is that someday, on New Year's Eve, we won't need to wish each other health & happiness, we will be able to leave out that pesky "health" part.....because we'll have it figured out, and we won't need to rely on wishes and luck to live a healthy life. All we'd need would be the grapes and the company. Happy New Year everyone!

Technology Stock Updates

I would like to reference a post I created back in December of 2011, with some updates:

December 16th, 2011
Zynga went public on Friday the 16th. Opened at $10, closed at $9.50
Groupon opened in November at $20 and closed at $26. (Up 30%)
LinkedIn opened at $45 and skyrocketed to $122 (Up 37%)

 Let's check out their current prices, and analyze some potential factors over the last 2 years that influenced them.

Zynga, (12/31/13) opened at $3.86 (-$6.14)

  
On October 4th of 2011, Zynga reported their full 2011 financial results, which apparently spooked alot of investors, because that's when they started jumping ship. It seems Zynga never fully recovered after that announcement, and remained hovering right around the $3 mark for the next 2 years.

Zynga Press Releases

Groupon (12/31/13) opened at $11.45 (-$8.55)

Groupon fared slightly better, however it also took a dive because of some public events discussing the financials and stocks. For instance, on 6/13/12, the CFO presented at the William Blair Growth Stock Conference. That's when Groupon took its first small nosedive. Shortly after, on 8/13/12, Groupon announced their 2nd Quarter 2012 results. The stock took a very slight upturn, but stayed low. It wasn't until the 4th quarter announcement and a leadership change that it began to recover.

 

GroupOn Press Releases

LinkedIn (12/31/13) opened at $215 (+$170)

 As we saw with both previous examples, a sudden decline or incline usually takes place during the same month that a quarterly financial result is provided. LinkedIn was no exception, as we can see during the release of the 3rd Quarter Financials on 11/1/12 and continued climbing through April of 2013. A sharp decline occurred in May, again coinciding with its 1st Quarter Financial results. This "decline" could actually be the stockholders simply refraining from trading, as the price increased again sharply soon after everyone had read the results and were confident in the company's future.

LinkedIn Press Releases

Firefox Tweaks

These collective tips can be considered an oldie but goodie, I have been using them for a while, and although I still feel like Chrome is much faster even against these tweaks, it still lets me use Firefox at a respectable speed, and keep all of the addons I use with it.
I still use the combination of IE, FF, and Chrome, but I spend most of my time on FireFox, as do most people according to recent analysis: w3schools Browser Usage

Onto the tweaks. To implement the following, simply open a FireFox browser window, and type the following as the URL:  about:config

A windows will appear warning you of a warranty void, click "I'll be careful, I promsie!" to proceed.

In the "Filter" textbox, enter the following: network.http.pipelining

FireFox by default is set to make only 1 request to a webpage at a time. When you enable pipelining, it allows the browser to make several requests at once.

For the following names, enter the following values (by double-clicking the name)

network.http.pipelining = true

network.http.pipelining.maxrequests = 10

Stop Online Piracy Act

GoDaddy lost over 21,000 domains last week in a matter of 2 days. There are people who think it directly relates to the fact that GoDaddy supports the Stop Online Piracy Act (SOPA).

SOPA was a bill introduced on October 26th of this year, and it gives U.S. law enforcement more freedom when investigating online trafficking, intellectual property theft, and other cybercrimes.

The fact that 21,000 people left GoDaddy in protest of them supporting this Act, shows us that there are alot of people who still believe that online piracy is a right granted to us in the First Amendment. Some people feel as though downloading music is a right we have, and copying the music is also a right.

Do alot of people download music for free illegally? Yes. Do alot get caught? Yes. Do alot get away with it? Yes. There are too many people to catch at this point. I feel as though the moment has passed, and a critical mass has been reached to the point where it is useless to try to stop it, apparently the House of Representatives does not.

This number doesn't show us all the people who disagree with SOPA and who are members of GoDaddy, it shows us most of the radical ones who fall into this overlapping demographic. For instance, I personally agree that people should be able to download anything for free, and I also own a GoDaddy domain, yet I am not so passionate or extreme that I would cancel my account and change my domain because of my own belief. I also know several people in the same boat as me who would not make such a drastic move, but it is interesting to see the ones who have done it, and to see the numbers like the ones we have seen in the news articles.

I am not surprised that people have been so polarized by this issue, but I am surprised at how long it has been going on, and I wonder how much longer this battle will continue. Laws have been established declaring downloading to be illegal, yet there are probably more people downloading illegally than buying legally. Does this mean there will be a "War on Downloads" as there has been a "War on Drugs"? How will it end? What will be the final solution? "Legalize it!" right? It's funny the way history repeats itself. Nobody learns, nothing changes except the environment and subject matter. The problems and solutions remain the same. Can we try to learn once, if even the hard way, and apply the solution to any subsequent issues that are even remotely related to it? Just to try? Or should we just rinse and repeat every single time?

Anyway, the purpose of today's blog was to point out the SOPA and it's purpose, and why it was put into place: to Stop online piracy.

To me, it sounds like the cyber-equivalent of the Freedom of Information Act, which gave the feds more freedom to investigate suspected terrorists. In this case, law enforcement is given more help investigating cyber-criminals. It scares me that so many people would disagree with helping law enforcement to the point that they would red-flag themselves and leave GoDaddy.

If I were part of the team responsible for hunting down cyber-criminals and just handed this new freedom, the first people I would investigate to warm-up and practice using the SOPA, would be the list of people who left GoDaddy.

Sources: CNet - 21,000 Domains Transfer out of GoDaddy

Zynga, Groupon, LinkedIn Go Public

Zynga went public on Friday the 16th. Opened at $10, closed at $9.50
Groupon opened in November at $20 and closed at $26. (Up 30%)
LinkedIn opened at $45 and skyrocketed to $122 (Up 37%)

In my opinion, Zynga was lacking because it is too dependent on other things. FOr instance, Zynga is dependent on things like Facebook, or the entire mobile scene. They also priced their stock too high. Take cell phones out of the equation, where does Zynga fit in? Facebook. Take Facebook off the table, where does Zynga fit in? This is why LinkedIn and Groupon were able to hold their own during the opening day, and should remain solid as long as they dont become dependent on other things also.

Before I get too far off-track, I would like to mention that Zynga has done alot for the social gaming scene, however they will need to be innovative and keep people's interest if they want to be serious and remain in business. They won't be able to ride Facebook's coattails much longer if Facebook itself goes public and starts demanding more from Zynga. They've done a great job thus far, let's not get lazy.

Sources: CNet - Zynga Stock
CNet - LinkedIn Stock (November 2011)
CNet - Groupon (November 2011)

DDoS Attacks

If you haven't heard by now, there are a few groups out there making their rounds hacking some high-profile organizations including Sony and the CIA. Anonymous and LulzSec have done the most damage, even though the media hype is making it more than it really is. The threat and actual attacks themselves have not increased over time, just the public coverage and communication of it has.

Regardless of the statistics, almost all attacks upon large companies will include some form of Denial of Service attack.

Essentially, in a DDoS attack, the target computer is flooded with incoming packet requests. The actual process to achieve this, however, is much more complicated than that. It could take a very long time to properly set up for an attack of respectable size.

The hacker must first infiltrate and infect many computers, using them as zombies, and then controlling them to also carry out the attack. This exponentially increases the amount of packets being sent to the target, it's like recruiting an army of 100 to help you, instead of just upgrading one single person. Even if 99 of the 100 slave computers are old and slow, it's still more effective than trying to do it yourself, or even with 4 or 5 decent, upgraded servers running the latest technology. It's also harder to completely trace out all sources of the attack back to the same master.


In the recent case of 24-year old Kevin Poe (Connecticut), he had chosen the target of the band KISS. He chose them because Gene Simmons had spoken out against online piracy and encouraged other bands to take action against people illegally downloading their music.
Anyway, Kevin (of Anonymous) was caught because he did not completely conceal his tracks during his 5-day attack.

Even after using the most sophisticated and current efforts to hide their identity, he was still caught. The FBI was still able to weed through all other IPs and arrive at his own. It's long and tedious work, and takes the best forensics technology, but it is always possible.



Sources: Information Week - Anonymous Hacker Busted for DDoS Attack

Microsoft TechNet - DDoS Attacks

Ethical Hacking

Ethical Hacker? Sort of like an executioner. Is he considered a murderer? Is it okay because he has the permission of the state to do it?

Ethical Hacking rides a fine line on the internet. This is my problem with the whole "ethical hacking" description: At any point, a regular hacker could turn face and just say he's doing it to probe for exploits and security holes, and it would be very hard to know if he were telling the truth or not. An ethical hacker is only ethical up to the point where he makes the decision to do something malicious or not.

Companies hire security experts to audit and probe their systems, and they aren't called "Ethical Hackers". They're called Information Security Consultants.
The people who learn how to hack so they can test and probe their own systems aren't ethical hackers either, they're reverse-engineers. They study and disassemble systems for the sole purpose of understanding how it works, so they can implement things which will make the process more efficient or secure.


So is there any place for this term "Ethical Hacker"? There seems to be, in fact there's an official certification out there for anyone who wants to be recognized as one: EC-Council - Certified Ethical Hacker

I feel like maybe there wasn't enough interest in the previously mentioned job titles, so to appeal to the masses, they decided to throw in the word "Hacker" to attract more interest in the same field of study. I still feel like companies would shy away from the applicant with a Hacking certification, versus the one with an IT Security / Network Infrastructure certification, even though they may hold the same education and foundation regarding exploits within any given environment.

Anyway I chose this book over the Certified Ethical Hacking book because it seems to be more broad, and offer more updated concepts and scenarios that can be applied to any operating system. There is still alot to learn, even though most of the concepts and methods in this book have been used for decades:

I have been out of the loop for a long time. I got out of the scene because of some fears of being caught or targeted myself, but ever since this whole "Ethical Hacking" concept has appeared, I have felt the need to revisit security issues. It makes me feel like anyone can throw the word "Ethical" in front of something that could be considered illegal or controversial, and it would make it alright.
 This makes me feel like hackers who may have been hiding in the shadows are now able to be a little less careful, and even outright public about what they're doing.

My goal here is to explain to you that just because the book says it's Ethical, doesn't mean it is. These tips, tricks, and "procedures" are the same ones people have been using for years. There is no difference between the methods presented in this book, and the methods people have been using to bring down banks, steal credit cards, steal passwords, and the same methods which brought on identity theft and other hot topics in the IT world.

As I said earlier, even if you use these methods ethically, there are already terms, and job titles which exist, which define these methods (IT Security Analyst, IT Security Consultant, Hacker, Cracker, etc.) Ethical Hacking does not have a place in the online world, it is just something to hide behind in case you get caught.

I will post another update after I go through the book, and let you know if it addresses any specific ways that an Ethical Hacker might be different than an IT Security Consultant.

In the meantime, you don't have to know how to hack to secure your own system. Get a good, popular firewall (software & physical hardware). Get a good virus scanner. Use MalwareBytes. Change your passwords frequently (Obviously people have many passwords, in this case you may need a password manager.)

Don't forget, none of these security measures will matter if your system is compromised, if someone gains access to your password manager or is able to install a keylogger even in a window of 3 minutes, your whole system and all passwords are compromised.

You also need to ensure that all of these programs are updated regularly, with the newest virus definitions. If you are running a Windows operating system, use Security Essentials and update it as frequently as possible.