The products presented here were designed and produced using an alternative design and development method that frees a designer to pursue creative expressions, realize them as industrially repeatable products and have the ability to globally distribute design.

Open Design is a personal attempt to close a creativity gap between product design and other fields (music, graphic design, animation and photography), Which found their creative output in phase with the realities of information technology and economics.
The Open Design method is based on the principles of the already successful Open Source method that revolutionized the software industry, and gave birth to a social movement that is cooperative, community-minded and seeks legitimate ways of sharing creativity.

Hello Ronen Kadushin. via Daniel Charny.

San Diego, CA, October 30, 2008–UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.

“We built our key duplication software system to show people that their keys are not inherently secret,” said Stefan Savage, the computer science professor from UC San Diego’s Jacobs School of Engineering who led the student-run project. “Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing.”

Keys Can be Copied From Afar, Jacobs School Computer Scientists Show [Jacobs School of Engineering: News & Events]

The Shipyard Returns: ”
By Dale Dougherty
Last May, I wrote about the City of Berkeley closing down The Shipyard. A communal workspace for artists and alternative techies, The Shipyard was organized by Jim Mason; it was built as stacks of shipping containers. After the shutdown notice came, members of The Shipyard dispersed to other locations in the East Bay.

Now, after months and months of negotiations with the city, and various changes to the site, Jim has announced the re-opening The Shipyard on March 1st. He’s calling it ‘The Shipyard, Version 2.0′ with a ‘creative diy power hacking agenda.’ Jim re-envisions the Shipyard as a center for art and energy.’ He asks: ‘What, in short, would power look like if it was art?’

In an email to Shipyard supporters, Jim writes:

I am interested in what happens when the arena of exploration for
creative work and play is not ‘art’ in its traditional forms, but
rather the broad and loosely defined particulars of power generation
and conversion. What if the point of interacting with energy
machinery and processes is not solely for maximum efficiency and
minimum price, but rather to contend other needs and desires, as well
as other systems of valuation.

Jim welcomes input and ideas as he begins to shape ‘this little industrial shangri-la.’ If you’re reading this on Saturday, stop by The Shipyard for a BBQ at 2pm.

Photograph courtesy of Jess Hobbs.”

(Via O’Reilly Radar.)

Via Patrice Riemens on the Net Time Mailinglist:

From 2600 magazine, Winter issue – #4, 2007
(http://www.2600.com)

What it means to be a hacker
by Rop Gonggrijp

My most recent confrontation with what it means to be a hacker started
in March of 2006, after I went to vote for the local council of
Amsterdam. At the polling station, I had to use a brand-new electronic
voting machine that the city was renting from a company called Sdu.
In fact, Amsterdam had contracted the entire election as a turnkey
service, Sdu was even training the poll-workers. This “voting machine”
was in fact a computer with a touch screen running Windows. To make
maters worse: inside each computer was a GPRS wireless modem that sent
the election results to Sdu, which in turn told the city. I had not
been blind to the problems of electronic voting before, but now I was
having my face rubbed in it, and it hurt.

Perhaps I should quickly introduce myself. My name is Rop Gonggrijp
and I’m a dutch national that lives in Amsterdam, The Netherlands.
Some of you will know me as I have been mentioned in this magazine as
well as been a regular guest on Off the Hook for almost as long as the
show exists. I’m one of the main organizers for these Dutch hacker
events. Between 1989 and 1993 I published Hack-Tic, a magazine not
unlike 2600 except that it was written in Dutch. During the late Hack-
Tic years I co-founded XS4ALL, which still is one of the larger ISPs
in The Netherlands.

I guess I became part of the hacker community sometime during the
early 1980s while playing with my fathers 300 baud acoustic modem,
although arguably I was hacking before when I was soldering FM-
transmitters together with a friend at age 12. But after reading
Steven Levy’s book ‘Hackers, heroes of the computer revolution’, I
knew what I was and that I was to be part of a global community, even
if I could only knew a few other hackers around me. Imagine my relief
when I went to Hamburg for the 1988 Chaos Communication Congress to
find a few hundred other hackers. After that I was hooked, and by 1989
I was one of the organizers of the first European hacker event: the
Galactic Hacker Party. Long and formative years of exploration, mayhem
and mischief followed, during which, among many other things, we found
and shared many new and interesting ways of making free phone calls.
And when we got our hands on the keys to the nuclear bunkers that
underlied some subway stations in Amsterdam, we promptly organized
tours there for all our friends and their friends. But even behind the
greatest mischief was the motivation to educate, to sharpen the minds
of fellow hackers and of the population at large.

XS4ALL, the Internet provider, was much more a political statement
than anything else. The Internet back then would never make any money:
way too difficult and freaky for the general population. I left XS4ALL
in 1997 and started a computer security consultancy, and then after
that a company that builds voice encrypting mobile phones, but I kept
going to hacker events and co-organizing our own event every four
years.

Fast forward to 2006 and the local elections. I was angry because I
felt my election had been stolen: there was no way to observe a count,
one just had to believe that this wireless-equipped black-box Windows
machine was counting honestly. I knew a little bit too much about the
risks associated with computer technology to go along with that. I
wasn’t the only one that was angry: my longtime friend Barry came home
from that March 2006 election with the exact same story that I had
come home with: trying to reason with poll-workers that clearly felt
that only the medically paranoid would distrust such a wonderful shiny
box. When we met later that day we vowed to not only get mad, but to
do something about it.

Which wasn’t going to be all that easy. By the time Amsterdam had
gotten electronic voting, it was pretty late in the game: Amsterdam
(pop. ~750k) was the last city in The Netherlands (pop. 16.5M) to
get electronic voting. Some cities were renting the same system as
Amsterdam, but the vast majority was using an older system made by
a company called Nedap. While I studied the legal requirements for
electronic voting, I became even more convinced that all of these
‘machines’ (that were all in fact computers) needed to go if we were
to have transparent and verifiable elections. The regulations treated
these systems as if they were indeed mere ‘machines’: they worried
about the amounts of humidity and vibration they could withstand and
they made sure nobody would get shocked from touching one. Computer
security wasn’t even mentioned. But the biggest problem wasn’t the
lack of security, it was the lack of transparency. We got together a
small group of like-minded people and started planning a campaign.

There had been previous attempts to raise the question trustworthiness
in relation to voting machines, but the ministry of the interior was
used to painting the opponents of electronic voting as technophobe
luddites. Given that half our group consisted of hi-tech-loving
hackers this was an approach that wasn’t going to work this time.
During the next year and a half we managed to get the attention of the
media. We claimed that the Nedap ‘machines’ were computers and not
‘dedicated hardware’ (as the manufacturer claimed) and that they could
just as easily be taught to play chess or lie about election results.
The person selling these computers in the Netherlands wrote wonderful
long rants on his website, and in reaction to our claim he said he did
not believe his ‘machines’ could play chess.

So we caused a true media frenzy when we got hold of a Nedap voting
computer and made it play chess. (We also made it lie about election
results.) There was a debate in parliament, during which the
responsible minister promised to appoint two committees. That next
election, an international election observation mission studied the
problems with electronic voting in the country which until then had
always been the example country for uncontroversial e-Voting. In their
report, they advised that this type of voting computers “should be
phased out” and the two committees also wrote very harsh reports about
how these ‘machines’ came about and how they should not be used in
the future. A lot more happened: we threatened to take the government
to court on several occasions, and we even won a case in which the
Nedap approval was nullified. But by then the ministry had already
decided to throw in the towel, retracting the legislation that allows
electronic voting. The next elections in The Netherlands will be held
using pencils and paper. (Which is really quite OK since over here
we’ve only got one race per election, so counting by hand isn’t all
that hard.)

One of the things that struck me about this campaign is that in order
to win, we’ve needed almost every hacker-skill imaginable. Imagine
all the stuff you can learn from this magazine, or from going to (or
helping organize) a hacker convention. From general skills such as
dealing with the media or writing press-releases to social engineering
(getting hold of the system), lockpicking (showing the mechanical
locks were bogus, the same 1 Euro key was used all over the country),
reverse engineering (modifying their 68000 code without access to
source) and system administration (website). Having published a hacker
magazine and done the ISP, I was no stranger to conflict: at XS4ALL we
had had serious issues with the infamous ‘church’ of Scientology as
well as with the German government. Also the international contacts
I got from growing up in the hacker community paid off: the hack was
very much a Dutch-German project, and we’re still working together
tightly to also get rid of these same ‘machines’ in Germany. At
certain moments I had the funny feeling that somehow this was the
project that I had been in training for all these years.

So I guess what I’m saying is that if you are a hacker, if you’re
going to hacker conventions, if you like figuring stuff out or if you
are building your own projects…. Please realize that, possibly by
accident, you may also possess some truly powerful skills that can
help bring about political change, and that these skills will become
more and more important as technology becomes a bigger part of ever
more political debates. So if you don’t like the news: go out and make
some of your own!

iPods won’t crash your pacemaker says the FDA: “

It turns out that 17-year-olds probably aren’t that good at studying electrical interference — and its effect on pacemakers — created by iPods. Unlike the data presented to the Heart Rhythm Society last year by a high-school student, which demonstrated the music player’s ability to interfere with heart-regulating devices, the FDA now says that the gadgets are completely safe for use. Researchers measured magnetic fields produced by four different models of Apple’s ubiquitous device, and found no reason why your grandmother can’t keep jamming to her South of Heaven reissue. Said FDA researcher Howard Bassen, ‘Based on the observations of our in-vitro study we conclude that no interference effects can occur in pacemakers exposed to the iPods we tested.’ We hope the FDA will follow this up with a definitive study on the effects of boomboxes on hip implants.

‘

Read | Permalink | Email this | Comments

“

(Via Engadget.)

Snap: “

Recently at Web Directions North, I introduced Snap, the syndicated next action pattern. It’s a way to get all those little interactions out of websites, and all in the same place: your newsreader. You can watch and read the presentation here.

In this post, I want to expand on those slides to introduce Snap and show it working.

What kind of ‘next actions’?

There are loads of small next actions. For example:

• Taking a new bug in a tracker, and accepting it, allocating it, completing it, or marking it as a duplicate
• For an email or weblog comment in a moderation queue, accepting or deleting it
• Clicking through and perhaps purchasing a recommended book

It’s tedious to move around the Web to do these actions. It would be better if they were all in the same place. We had this same problem with weblogs and other media, and RSS was invented to syndicate new entries to the desktop.

What I’ve previously suggested is that we need a kind of RSS for interactions-and you can see a mockup here. At the time, the concept got some attention.

Conceptually, each ‘object’ that requires interaction is a feed entry. The actions are shown as an HTML form, and using the form sends data to the website which updates that object. The feed is then updated, changing the original entry to show the new object state. The original object state is no longer visible. This requires the newsreader to allow HTML forms and respond sensibly when feed entries change.

I’ve been working together with Tom Armitage on a proof of concept (of which more in a minute), and the headline is this:

Feed entries can indeed represent interactions, and update to show new states. The user never needs to leave the newsreader.

This is the pattern I’m calling Snap. It works, and we have a demo.

Demo: Dentrassi

For the proof of concept, we created Dentrassi (Tom did the heavy lifting), a desktop todo list manager which can be run entirely through a newsreader.

Watch a screencast and transcript of Dentrassi in use.

The app demonstrates a number of ideas:

• There is an admin feed which has persistent entries. One entry includes a form, which is used to add new tasks
• New tasks appear in the inbox feed, until they are allocated to projects
• New project feeds are created dynamically: users can subscribe to a project feed from another persistent entry in the admin feed
• Every task feed entry is smart: each includes a form to show the available interactions, so tagging, task completion and editing all happen inside the newsreader
• Tasks move from feed to feed so you can focus on different lists of next actions at different times

Tasks only appear in feeds if they require actions. This means there’s a single place you look to find what to do next.

One interesting feature, not in the demo above, is the idea of the deferred task: a task can be pushed into the future by some day – a day, a week or a month – and it then disappears from the feeds, only to reappear when it’s valid again.

Dentrassi possibilities

Imagine having your todo list manager – whether it’s iCal or TaskPaper – expose a Snap interface, so you can use it entirely from your newsreader.

Tasks could then be mixed with interactions from all your other sources – like email moderation or bug tracking – and even tasks from other people in your company. Perhaps tasks from other people would be read-only, or maybe you could collaborate.

Lessons learned for Snap

We learned a lot from Dentrassi. Some points:

• Stale items: once you act on a feed entry, the entry is stale until the feed is refreshed. Problems are avoided, in Dentrassi, by giving each object a serial number which increments on updates, and refusing to accept updates from forms which don’t pass in the current serial. This isn’t great from a interaction design perspective. Instead each feed item should query the server when it’s viewed, showing a ’stale’ badge if a refresh is required. If the user is offline, an ‘unknown’ badge should be shown instead.
• Disappearing entries: an entry will often disappear from a feed once it’s actioned. It’s important that a newsreader allows the entry to vanish, and doesn’t keep its old state as a duplicate entry (GUIDs help here).
• Keeping interaction in the newsreader: when the follow-up to submitting a form is a success or failure, Dentrassi shows a badge. It would be good to have a standard way of reporting status. But sometimes the follow-up to a form is another form, and that’s tough: the interaction has to move to a website. Using Ajax inside the feed entry will help.
• Subscribing to feeds from within the newsreader: inside feed entries, new feeds URL should be prefixed with ‘feed:’ to make sure the newsreader handles them directly, instead of opening a Web browser.
• Working offline: there is currently no way to work offline. It would be good to have the newsreader cache the form data to send… although this may pose a problem if Javascript is being used.

One point to look further at is how to improve newsreader support for this usage. Maybe there could be a Snap profile for Atom, in the same way podcasting is supported by enclosures? If forms were ‘enclosed’ in feed entries, they could be shown separated from the main body – more like a dialog box – and it would be clearer how to use them. This was the look that seemed to make most sense in Dentrassi. In my original mock-up, which just used the straight HTML, the forms look confusing.

Other possibilities

I’ve mentioned a number of possibilities for Snap in general:

• Mixing together multiple ‘next action’ feeds from different sources
• Having several feeds representing different states of a process, for example different Snap feeds for the different states of a bug in a tracker
• Desktop applications exposing a Snap interface, for local use. And using the location of the feed request to show full feeds or read-only feeds, for collaboration
• Having multiple people work on the same applications, each using a different mix of feeds

These are rather abstract, so here are some systems that use these patterns:

• Multi-player turn-based games, like Risk, or Scrabulous
• An editorial work-flow for a CMS, where each article goes through a number of states, dealt with by journalists, subeditors, editors and other sign-off parties. The documents could be links to the Web, or included as enclosures. A persistent item would allow the upload of new documents
• Similarly, an HR system. Employees would use a website or persistent feed item to submit a form, and then track its process using a single feed. The HR team would have an interactive version of the feed
• iPhoto exposing a Snap feed of all untagged photos, to encourage me to categorise them
• A blog feed which has all posts, and a comments feed which only shows comments from posts the reader is following. A reader follows and unfollows posts by using a persistent entry in the comments feed
• The Facebook activity steam, except each entry carries with is contextual interactions: see more/less of this type of item; add this person as a friend; join this group; enlarge this photo; add a comment
• Feed pipes, slim applications which take a single object through a number of steps in different applications. For example, the same feed entry could represent an untagged photo in iPhoto, then the same photo uploaded to Flickr, which then becomes an object which can be commented on
• A feed of ‘travellers you might know’ from Dopplr, each having a form to either share trips or ignore for a month

Snap as part of the Web

RSS/Atom is simple human interface to website content. A REST API is a simple machine interface to website functionality. Jabber/XMPP is gaining attention for being a machine interface to website events. Snap sits in this same constellation: Snap is a simple human interface to common actions, on a website or desktop application.

All of these are ways for websites to get blurry edges and mingle into one another. They offer ways for website to be recombinant, so that each can build on the functionality of others. They also offer ways for websites and applications to be more humane-to let us build around the tasks and experiences of people, rather than the features list of an individual website.

Snap isn’t a technology. Snap is an interaction pattern which works right now, and I’m convinced makes the experience of using websites better. I’m hoping you’ll give it a try.

Next action!

So, what’s next?

Go read Tom’s post on Snap, about building the proof of concept and the interaction design learnings that came out of it-in particular how the big tick is useful for hitting flow states. That’s first.

Second, if you have a web app, it’d be great to see Snap happening. Feel free to drop a mail if you want to bounce ideas around (and I’m sure Tom would be happy to speak with you about it too).

Thanks

Thanks again to Tom Armitage, WDN08 for giving me the opportunity to think about this, and Ben Hammersley for hosting the session which led to this, way back in 2004. (Also…)

“

(Via Pulse Laser.)

JavaScript Global Namespace Pollution: “

If you are reading this you are probably thinking what does this post has to do with security. Well, let me explain. One of the ways to detect JavaScript malware is to check for namespace pollutions symptoms. Simply put, if the JavaScript execution container contains more objects then the expected, something wrong is going on. This post will briefly walk through some ideas currently circulating in my head.

Namespace pollution checks are very trivial to perform. The check should be performed from a safer location such as outside of the execution sandbox or somewhere on the top before and after the user input is taken into consideration. The check is very simple really. All that needs to be done is to compare the list of registered objects with the expected list of objects. If they defer, the namespace has been polluted by something. The check can be performed by a function similar to the one discussed by the Atom database over here:

function walkJSON(j, c) {
    for (var i in j) {
        c(i, j[i]);

        if (j[i] instanceof Array || typeof(j[i]) == 'object') {
            arguments.callee(j[i], c);
        }
    }
}

The function is very simple as you can see, though you have to be careful when used from chrome privileged code. As you can see the if statement comparisons can be used in order to escalate access, something known as chrome execution attack. Never the less, the function is sufficient enough to walk any JavaScript object. You can even make it recursive if you want to go several levels down the tree. By using this function, we can compare the namespace before and after and as such detect and locate malicious code.

This is what I believe will be one of the techniques used by anti-malware software to prevent, but mostly to detect and locate, malicious code. Nevertheless, there are always methods that can be used to overcome namespace pollution problems. One of them is to use closures. Here is an example:

(function (window, document) {
    // [evil code here]
})(window, document);

This technique will safely execute malicious code without the need to worry about polluting the whichever namespace, as long as the evil code that is enclosed within the closure does not modify the window or the document objects. DOM manipulation is acceptable since no one is crazy enough to check for DOM changes. The document object is far more complicated and walking its is hard.

As you can see closures can be used to hide evil code. Another way for obscuring evil code is to make use of the prototype functionalities of the interpreter. The prototype object, and several other special objects, that are enclosed within every object instance can be used to hide facilities which cannot be easily spotted by JavaScript malware detection engines. Simply put, synthetic sugar, something JavaScript has plenty of, is a perfect place for storing evil code without polluting the namespace for triggering any other canary that might be there.

Take this post and put it aside until you need it.

“

(Via GNUCITIZEN.)

Half Million Private MySpace Photos Show Up in Massive BitTorrent Download: ”

“

(Via swissmiss.)

Android hacked to run on real hardware

Filed under: Cellphones, Handhelds

Google told us that we wouldn’t see any Android devices until the end of the year, but a funny thing happens when you put up the entire SDK and an emulator for a platform — all them crazy hackers start hacking. Apparently Android was natively booted on a Freescale-based dev board called the Armadillo 500 back in November, but the floodgates were really opened when a Hungarian group called Eu.Edge discovered that basically any device with an ARMv5TE chip could run Google’s baby. Armed (heh!) with that information, tinkerers around the world have gotten a variety of Sharp devices running Android: the SL-C760, C3000M, SL-C3000 series, and the SL-6000 have all been confirmed running the OS. Hopefully that means we’ll be seeing a lot more unofficial Android devices soon — check a couple videos after the break.

Read – Overview of Android hacks
Read – Instructions on booting the Sharp Zaurus SL-C760
Read – Instructions on booting the Sharp SL-C3000 series

Continue reading Android hacked to run on real hardware

Permalink | Email this | Comments

(Via Engadget.)

Hack Turns iPhone Camera Into HD Camcorder

An anonymous reader writes “Monsters and Friends has just released the beta of Drunknbass, a new iPhone hack that allows the unit’s camera to capture video. ‘While the iPhone’s 2.0 megapixel camera resolution may be mediocre for a still camera, it is excellent resolution for a consumer video camera.’ A standard definition Canon digital camcorder uses a 680K pixel sensor chip (because a standard definition TV’s resolution is only 520 x 360), while one of Canon’s HD camcorders uses a 2.9 megapixel sensor. The beta presently allows 5 second clips at 10 frames per second, but the finished version will soon allow infinite recording at 45 frames per second. Video of Drunknbass in action can be found on YouTube.”

Read more of this story at Slashdot.

(Via Slashdot: Apple.)