Google Titan key security problem?

I was sure I tooted/tweet a thank you to the Google team in Berlin’s Re:publica conference. But it looks like it never quite happened due to connectivity issues with the wifi at certain points of the day.

So first of all I want to say thanks for giving me a titan security key for spending time listening to what changes Google had made to their security as announced in Google IO 2019.

I was surprised to see Google there with all the ill feeling about the 5 stacks, their monopoly and business practice.

But before I could get home try the key/system, I saw a bunch of problems with the key.

Google Titan Bluetooth Security Key Can Be Used to Hack Paired Devices

Titan-ic disaster: Bluetooth blunder sinks Google’s 2FA keys, free replacements offered

Obviously I was a little concerned, although I had not added the titan key to my google 2 factor auth yet.

After a bunch of reading, it seems its not completely flawed. The Google security blog confirms my research.

The problem is with the Bluetooth fob which to be honest is super convenient wasn’t the most secure idea in the world. The bluetooth stack is limited in its range but because of that, its not got as much security as most things on the net.

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key — within approximately 30 feet — to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.

Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This all being a big mistake, Google has offered a replacement key. However because my key hasn’t been added to my account yet, I get a message saying no action is required but a email to override this. However after double checking my key is a type T3 meaning it wasn’t effected.

Good work Google…

Media Molecule allows you to Dream?

A few people have mentioned Dreams to me especially in respect to interactive experiences and creating your own.

I don’t own a PlayStation 4 (although I just ordered the Playstation Classic) but ever since I saw Little Big Planet’s creation mode, been blown away by the possibilities. So I was impressed they doubled down on this feature in Dreams.

However there is something which bugs me…

Imagine putting all that work into your dream/world (as such), because some of them look incredible. Who owns the dream?

I’m wondering if there is a export mode for the dreams? If there was, how would it be exported? A flatten video wouldn’t cut it. You almost need something like Google Stadia, but thats also a unknown entity too (although maybe this is what the Microsoft and Sony thing is all about?). Ultimately I’d hate to spend hours/days/weeks working on something incredible and for it to be stuck in a world which could die in the next generation of the console or if the game doesn’t sell well enough? I won’t even mention ip challenges of the dreams…

Maybe it was time for a exportable descriptive language for interactive narratives which is platform neutral?

Just a thought…

The best technology can be used for good and for bad

Plex

I was very much reminded of this when reading about a user abusing Plex’s share.

Earlier this week the man in question informed fellow Plex users on Tweakers that he was approached by local anti-piracy group BREIN, which had become aware that he was running a Plex share with 5,700 movies and 10,000 TV-shows.

 

Youtube isn’t the place it use to be?

Will smith is a youtuber now

I had the absolute joy of attending the 12th Thinking Digital Conference. One of the speakers Chris Stokel-Walker so called YouTube Investigator, raised a number of interesting points about the evolution of youtube from its history as place for cat vdeos, pirate videos and silly antics; to a place with 1.9 billion monthly views, algorithmic bias and massive hollywood stars (Will Smith is on Youtube, bloody heck?!)

Chris made the point “youtube grew up faster than hollywood” alongside the fact its one of the most desirable career paths for young people currently and the vast amount of video being uploaded is unthinkable now. 4 months of youtube uploads will have you watching till the year 8096!

Youtube litteracy

He’s right, our media literacy around this all is seriously lacking, and its very clear while reading theverge piece I recently read.

Updated Sunday 19th May…

Weirdly enough I was reading a piece titled The Instagram Aesthetic Is Over, which I felt was very fitting. As it almost felt like while Youtube was becoming less authetic, Instagram with its super glossy unnatrual filter was shaking that off. They seem to be going in opposite directions?

“Everyone is trying to be more authentic,” says Lexie Carbone, a content marketer at Later, a social-media marketing firm. “People are writing longer captions. They are sharing how much money they make … I think it all goes back to, you don’t want to see a girl standing in front of a wall that you’ve seen thousands of times. We need something new.”

James Nord, the CEO of Fohr, an influencer-management platform, says he sees this shift play out in his clients’ numbers every day. “What worked for people before doesn’t work anymore,” he says. “For the first time, influencers are coming up against this problem of, How do I continue to grow as tastes change?” A year ago, an influencer could post a shot with manicured hands on a coffee cup and rake in the likes—but now, people will unfollow. According to Fohr, 60 percent of influencers in his network with more than 100,000 followers are actually losing followers month over month. “It’s pretty staggering,” he says. “If you’re an influencer [in 2019] who is still standing in front of Instagram walls, it’s hard.”

My Motiv activity ring

My Motiv ring on my hand

Finally the Motiv ring came

Motiv Ring pack

Nicely packaged and simple to setup although I did find the pairing with my Google Pixel 2 took a long time. I hooked it up to Google Fit but haven’t setup 2 factor auth yet but I just need to get the barcodes for some of my services and create my gesture. Kept meaning to save the barcodes in my password manager.

I did also pair it with my Ubuntu laptop but I’m unsure how to do anything with it except using Bluetooth unlock. The fit is good and the ring feels super light to me.

Motiv USB power charger

My only worry is I can’t seem to find another USB power unit for it, as I’d like to have one at home and one I can carry with me when away. I checked Amazon but I can’t find similar. Also not sure I can get another one separately unless I buy the USB Magnetic Charging Dock Keychain and Charging Dock?

So far so good…

If you are using whatsapp… update now and consider swapping to Signal!

Whatsapp on a mobile phone

Whatsapp, never used it never will. But I know many many of my friends do – please do update! Or even better dump it and use Signal messenger.

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on.

The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

The knights of the old republic mix

Nice little mix of tunes including some Old Skool/Rave classics and even some Dubstep. I forgot how much I love Mogusa laser beams, so I used it twice. I recorded the mix during a delayed flight from Berlin to Manchester via Amsterdam. My pacemaker device needs a new battery installed but I can easily charge and use it with a external USB battery pack.

I’m sure I came up with a better name for the mix but after experiencing Re:publica for the first time, it seemed apt.

Enjoy the mix!

  1. Altern8 – Infiltrate 202
  2. Miki Lutvak & Ido Ophir – Shnorkel
  3. Leftfield – Open up
  4. Tomcraft – Happiness and Loneness
  5. RAM – Grotesque (Alex MORPH & RAM mix)
  6. Mogusa – Laser Beams
  7. Blaze – My Beat (Jan Driver mix)
  8. Moogwai – The Labyrinth (part one)
  9. The Prodigy – Charly
  10. Sander van Doorn – Ninety
  11. Jon Mangan – Cuckoo
  12. Kevin Saunderson and Joey Beltram – DJ Culture (Joey Beltram mix)
  13. Khomha – The Dark Knight
  14. Mogusa – Laser Beams
  15. Frequency – Kiss the Sky

Where are all the Electric Maxi-scooters?

What is a maxi-scooter

I do enjoy my Honda Silverwing scooter but I keep thinking its time for a Electric vehicle. Especially seeing how it currently wouldn’t pass the new London ultra low emission zone and frankly its time for more environmental focus.

The problem I see is there are two extremes when it comes to electric motorcycles/scooters.

At one end you have your electric scooters (don’t look up electric scooters, as you get something very different and questions of where to ride them). I remember looking at scooters to hire in Berlin, thinking where the disc breaks and will car drivers actually see you on such a small thing? But at the other end there are electric motorcycles like the new Harley Davison livewire. But theres little in between.

What is needed is maxi-scooters which are electric powered surely? However I have had such a hard time finding them.

The closest I can find is the BMW Cevolution

 

What do the general public think about the internet?

https://vimeo.com/331179758

We (BBC R&D) helped NESTA to explore what the general public think about the internet. It was during a bitterly cold day but me, Rhia and Vicky took to the streets of Manchester to ask the public in a series of vox-pox interviews.

The results surprised me, as it was clear most were concerned and have serious but diverse reasons. Some gave short and some in-depth detailed experiences. The video only scratches the surface.

Over the past few decades, the internet has become the most important infrastructure of our time, radically rewiring how our societies work and how we interact. We asked the BBC to find out how ordinary people feel about these changes – watch their varied answers in the video below.

The video is a small part of NESTA’s Visions for the future internet work.

In March 2019, the World Wide Web turned thirty, and October will mark the fiftieth anniversary of the internet itself. These anniversaries offer us an important opportunity to reflect on the internet’s history, but also a chance to ponder its future.

Massive thanks to the people of Manchester who answered our questions even with the weather at close to zero degrees!

My 40th Birthday pacemaker mix

Its been a while but I put together a mix of quite a few of my favourite tunes for my 40th birthday. You will recognise some of the mixes from previous ones. Its a short mix and done while travelling between locations on the train.

Enjoy!

  1. Empty Cities, Dead Ghosts – Fictitious Riceboy
  2. Shnorkel – Miki Litvak & ido Ophir
  3. Night in Motion – Cubic 22
  4. Opium – Jerome Isma-Ae & Alastor
  5. Labyrinth (Paul Keyen remix) – Lee Cassells
  6. Opulence – Simon Patterson
  7. Brush Strokes – Simon Patterson
  8. We are one – Dave 202
  9. Surveillance – Jordan Suckley and Kutski
  10. Seven Cities (V-Ones living cities remix) – Solar Stone
  11. Seven Days and One Week (Club Mix) – Tomcraft
  12. Whites of her eyes – Simon Patterson
  13. Humming the lights – Armin van Buuren presents Gaia
  14. The Dark Knight – Khomha
  15. Tears (Protoculture remix) – Markus Schulz presents Dakota
  16. Orbion (Max Graham vs Protoculture remix) – Armin Van Buuren
  17. Anahera (Extended Mix) – Ferry Corsten

32 times for the love of Shambhala

Shambhala is a steel roller coaster located at PortAventura World, in Salou Spain. The ride opened to the public as Europe’s tallest roller coaster, taking guests up 76m (249ft) high before allowing them to plummet back towards the ground below. In this video we’ll explore the type of ride experience Shambhala offers, as well as its many statistics and developed theme.

Its certainly one of my favourite rides. With 32 rides in one day.

Climate disaster is just around the corner

I have nothing but respect for the people who are taking part in the Extinction Rebellion, its about time! I had hoped Al Gore’s inconvenient truth would be the start of this? But it wasn’t. You can blame the media, trump, etc but the fact is we are running out of time.

Extinction Rebellion - Rebel for life
Its unbelievable and downright scary to hear mainly older peoples views on “kids” truanting from school and blocking London. I understand the worry about legal and illegal protest, however each and everyone of them understand how much of a knife edge humanity is on.

I was listening to Episode 127 of TeamHuman “All Hands On Deck” Extinction Rebellion with Gail Bradbrook and Clare Farrell. Although I thought they were interesting its their pulling people together which is most important. Always reminded of Eric Nehrlich’s find the others post.

I found this cartoon quite powerful by the way.

 

Node volume 01 ebook

NODE VOL 01 is a new, independently created zine for the NODE community. It contains many of the subjects we talk about here; decentralization and P2P technologies, open source, do it yourself tutorials and hardware design, cutting edge technology and more.

This first volume is 150 pages long, and, it’s packed with features on P2P projects, such as Dat, Beaker Browser, Ricochet IM, Aether, and more. There are many tutorials showing projects like the new NODE Mini Server, how to 3D print long range wifi antennas, how to chat via packet radio, and how to do things like Libreboot the Thinkpad X200. There’s also a handy open source directory at the back, along with lots more.

I do like watching N-O-D-E, and its great to see all the episodes in one place to read through at our leisure, in the form of a freely downloadable ebook. If you don’t use DAT, theres a copy here. You can also get it in paper from the shop.

Savouring chocolate?

Attention do not eat chocolate but savour it
Attention do not eat chocolate but savour it. If you would like to be a chocolate connoisseur, you should not munch the chocolate, savour it by letting it melt

Little reminder of how to really eat chocolate.

Place the chocolate on your tongue and press it to the roof of your mouth. Within thirty seconds, the chocolate should slowly begin to melt around your tongue. Take a deep breath, aerating your palate as you stimulate your sense of smell through the back of your throat.

Try doing this with bog standard mass produced chocolate and you will get a very different taste.