BMW *are* complying with the GPL

by @edent | # # # | 2 comments | Read ~33,946 times.

The good news follow-up rarely gets as much attention as the original bad-news story. Earlier this month I accidentally kicked off a minor kerfuffle over whether BMW was respecting the GPL. Their i3 car contains a huge amount of Open Source Software and there was some confusion as to BMW's compliance with the licence terms.…

Continue reading →

Designing a Home Network for Hostile Devices

by @edent | # # # | 16 comments | Read ~14,904 times.

I've written before about just how many Internet connected gadgets I have. I've also blogged about my dodgy WiFi lightswitches which send data back to China. Every IoT device you put in your home brings a certain level of risk to the other devices in your network. For example, my Smart TV and my Lifx…

Continue reading →

The Future Is About To Get Weird

by @edent | # | Read ~290 times.

Imagine, just for a moment, you could tell someone's most intimate secrets just by looking at them. Many year ago, when I was very young and you were even younger, I saw an advert in the back pages of some cheap comic. The implication was clear - SEE GIRLS NAKED! The reality was somewhat more…

Continue reading →

Meet Maslow - The UK's Answer to Tesla's PowerWall

by @edent | # # # # # # | 15 comments | Read ~9,724 times.

Even in the depths of British winter my solar panels'll still happily convert what little sunlight we get into delicious, free-range, organic electrons. Nice! Most of our domestic energy use is in the evening. So, when I'm out at work I can schedule the tumble dryer, robot vacuum cleaner, and WiFi rice-cooker to consume energy…

Continue reading →

Fire up your Raspberry Pi with Cayenne

by @edent | # # # | 3 comments | Read ~2,887 times.

I've got three Raspberry Pis around my house. Well... at least... I think I do. I can certainly ping three of them. I know the physical location of two of them... It's a testament to the success of the Raspberry Pi. Anyone with £30 to spare can pick one up and start hacking. Want to…

Continue reading →

This isn't your question to answer.

by @edent | # | Read ~239 times.
Some giant question marks standing in a field.

Just because I ask a question - doesn't mean I'm asking you a question! There's a certain class of Internet user who troubles me. He - and it is usually a he - will strive to answer any technical question he sees asked, no matter his lack of expertise. Here are the symptoms: Sometimes he…

Continue reading →

BMW and the GPL

by @edent | # # # # # | 7 comments | Read ~10,253 times.

I accidentally caused a little brouhaha last week - for which I would like to apologise. In my blog post about BMW's unencrypted software updates, I said: Judging from the files, it would appear that the infotainment system is made by Magneti Marelli with components by Wind River, AutoSAR, and Nvidia Tegra. Looking at the…

Continue reading →

Minimum Viable XSS

by @edent | # # # | Read ~2,722 times.

Here's a fun little game for all the family! What is the minimum number of characters required to perform a successful XSS attack? Let's take an entirely theoretical example - suppose we have a site which echos back user input without sanitising it. So a search for " <em>" turns the whole page italic. *ahem*…

Continue reading →

Counting Invisible Strings

by @edent | Read ~109 times.

When is a string not a string? When it's a series of control characters! Not a particularly funny riddle, but one I've been wrestling with recently. Imagine we want to write a program which displays a Twitter user's name. Not their @ handle, but their "real" name. For example, instead of @POTUS, display "President Obama".…

Continue reading →

I'm in an RFC!

by @edent | # # # | 1 comment | Read ~639 times.

Friends, allow me to wallow in a little boasting! Four years ago, I made a modest proposal for a new HTTP Code to indicate censorship. A few days ago, RFC 7725: An HTTP Status Code to Report Legal Obstacles became an approved standard by the Internet Engineering Task Force. This allows a website, proxy, or…

Continue reading →