BMW *are* complying with the GPL


The good news follow-up rarely gets as much attention as the original bad-news story. Earlier this month I accidentally kicked off a minor kerfuffle over whether BMW was respecting the GPL. Their i3 car contains a huge amount of Open Source Software and there was some confusion as to BMW's compliance with the licence terms. […] Read More

Designing a Home Network for Hostile Devices


I've written before about just how many Internet connected gadgets I have. I've also blogged about my dodgy WiFi lightswitches which send data back to China. Every IoT device you put in your home brings a certain level of risk to the other devices in your network. For example, my Smart TV and my Lifx […] Read More

The Future Is About To Get Weird


Imagine, just for a moment, you could tell someone's most intimate secrets just by looking at them. Many year ago, when I was very young and you were even younger, I saw an advert in the back pages of some cheap comic. The implication was clear - SEE GIRLS NAKED! The reality was somewhat more […] Read More

Meet Maslow - The UK's Answer to Tesla's PowerWall


Even in the depths of British winter my solar panels'll still happily convert what little sunlight we get into delicious, free-range, organic electrons. Nice! Most of our domestic energy use is in the evening. So, when I'm out at work I can schedule the tumble dryer, robot vacuum cleaner, and WiFi rice-cooker to consume energy […] Read More

Fire up your Raspberry Pi with Cayenne


I've got three Raspberry Pis around my house. Well... at least... I think I do. I can certainly ping three of them. I know the physical location of two of them... It's a testament to the success of the Raspberry Pi. Anyone with £30 to spare can pick one up and start hacking. Want to […] Read More

This isn't your question to answer.


Just because I ask a question - doesn't mean I'm asking you a question! There's a certain class of Internet user who troubles me. He - and it is usually a he - will strive to answer any technical question he sees asked, no matter his lack of expertise. Here are the symptoms: Sometimes he […] Read More

BMW and the GPL


I accidentally caused a little brouhaha last week - for which I would like to apologise. In my blog post about BMW's unencrypted software updates, I said: Judging from the files, it would appear that the infotainment system is made by Magneti Marelli with components by Wind River, AutoSAR, and Nvidia Tegra. Looking at the […] Read More

Minimum Viable XSS


Here's a fun little game for all the family! What is the minimum number of characters required to perform a successful XSS attack? Let's take an entirely theoretical example - suppose we have a site which echos back user input without sanitising it. So a search for " <em>" turns the whole page italic. *ahem* […] Read More

Counting Invisible Strings


When is a string not a string? When it's a series of control characters! Not a particularly funny riddle, but one I've been wrestling with recently. Imagine we want to write a program which displays a Twitter user's name. Not their @ handle, but their "real" name. For example, instead of @POTUS, display "President Obama". […] Read More

I'm in an RFC!


Friends, allow me to wallow in a little boasting! Four years ago, I made a modest proposal for a new HTTP Code to indicate censorship. A few days ago, RFC 7725: An HTTP Status Code to Report Legal Obstacles became an approved standard by the Internet Engineering Task Force. This allows a website, proxy, or […] Read More