Thursday, December 26, 2013

2014: The year of 3D printing?

I've had a chance to read Make's 2014 Ultimate Guide to 3D Printing, and if you have even a casual interest in the subject, you should buy a copy. Compared with last year's version, the 2014 edition has many more printers, a wider range of technologies (fused filament and optical resin printers, delta printers, and printers combined with CNC mills,) digitizers (to create 3D models for printing,) extruders (for making your own filament from plastic pellets,) and a wider range of plastics. Looking at the cover of Make's guide, you'd think that consumer 3D printers are "ready for prime time"--that is. until you look at the actual printers and read the reviews. Then, you see products that look like they were built with Tinkertoys and parts from an Erector set. Most printer beds need to be manually leveled to insure that parts print correctly. Some printers only use one kind of plastic, or need to be carefully cleaned when switching from one plastic to another. Some come with little or no documentation. Make doesn't discuss if they had any experiences with getting malfunctioning printers serviced, other than being assisted in fixing the problems themselves.

Make does point out some printers that it describes as having "just hit print" simplicity, but even those printers had problems: Poor print quality compared to competitors' models at a similar price, filament jams and overheating, and software problems. There's nothing on the market that compares to conventional laser printers for ease of installation and use. Even the simplest 3D printer requires significant skill and manual intervention to use. Nevertheless, at the end of 2013, it's easy to see that 3D printer manufacturers are improving their products by leaps and bounds. Prices are dropping--for example, the Printrbot Simple, a fully-assembled, fully-functional 3D printer that's a great entry into the world of 3D printing, costs only $399. Some 3D printers can turn out significantly bigger parts than they could last year. The "simple to use" models are indeed far simpler than the models from a year ago. Resin printers offer the potential of significantly higher-quality printing. Software is improving--in some cases, faster than the printers themselves.

Unless you're prepared to do a lot of the work yourself, I'd hesitate to buy any of the models available for sale today. However, there's enormous potential for the 3D printers in Make's 2015 guide to be faster, smarter, able to handle more materials and, most importantly, much easier to use than this year's models.

Sunday, December 22, 2013

NSA: The world's biggest hoarder?

It dawned on me this weekend that the NSA is exhibiting classic hoarder behavior. TV shows such as "Hoarders" and "Hoarding: Buried Alive" visit the homes and apartments of compulsive hoarders, which are inevitably stacked to the ceiling with everything you can imagine--magazines, books, cats and dogs, fingernail clippings, used pizza boxes, etc. The rationalization often given by compulsive hoarders is that they're keeping these things in case they need them someday.

That's exactly the same rationalization that the NSA has used for many of its data collection programs. The agency is running hundreds of programs under nondescript codenames, vacuuming up telephone call metadata, emails, texts, tweets, browser histories, etc., in the hope that they may be useful for stopping a terrorist plot. There are so many programs, operating under so many different sets of rules, that analysts at the NSA can't keep track of them all. Having run out of space to keep all the data in its existing data centers, the NSA is spending billions of dollars to build new data centers in Utah and Maryland. That's like a hoarder renting storage units when they have no more room in their house.

Last week, Judge Richard Leon ruled that the NSA's program of storing all the phone call metadata for every person in the country for five years is likely to be a violation of the Fourth Amendment. In his ruling, Judge Leon wrote that neither the NSA nor the Justice Department had presented any evidence that the NSA's massive, multi-year phone metadata collection program had contributed to thwarting or solving a single case of terrorism.

The NSA has explicitly argued that it needs to keep billions of phone records (and, by extension, everything else) for years because it wants to be able to go back through them if necessary. Judge Leon wrote that, to date, the NSA hasn't found anything useful in the phone records, and there's no justification for the agency's massive violations of the Fourth Amendment. That sounds an awful lot like compulsive hoarding behavior.

Would the NSA have been a lot more selective in its data collection if General Alexander wasn't running it? I suspect so...and given what he's done at the NSA, I wouldn't want to visit the General's house.

Saturday, December 21, 2013

Can we PLEASE do something about credit cards?

If you live in the U.S., you've probably heard about the theft of as many as 40 million credit and debit card numbers from Target customers between November 27th and December 15th. As with so many of these thefts, the first public disclosure came not from the merchant or card processor that lost the data, but from a third-party source. In Target's case, it was security researcher Brian Krebs who pieced together the story. Krebs buys credit and debit card numbers and other personal information from "darknet" sources on behalf of banks and other clients, and he noticed that a flood of numbers that apparently came from Target were available for sale. Theft of credit and debit card information has become a common occurrence in the U.S., and some researchers claim that as few as 5% of thefts ever get detected and disclosed publicly.

When I heard about the Target theft, I checked my banking records, and sure enough, I used my debit card there a couple of times during the period in question. So, yesterday, I drove over to my local bank branch, cancelled my debit card and got a new one. That was the third time in a little more than a year, and the second time in two months, that I had to cancel my debit card and get a new one. The first time was a scam at Barnes & Noble stores that involved replacement of point-of-sale credit card terminals in dozens of stores with hacked versions that sent complete transaction information, including PIN numbers, to hackers. The second time was due to the hack of Adobe's transaction processing system earlier this year, and now, it's Target for the trifecta.

Barnes & Noble, Adobe and Target are responsible for their security failures, but banks share some responsibility as well. These kinds of data losses are almost unheard of in Europe, where banks issue smart cards to their customers. Smart cards use two-factor authentication to insure that only the proper owner is using it, and encryption to keep anyone except the bank authorizing payment from either intercepting or saving the account information. Smart cards aren't in wide use in the U.S. because they're significantly more expensive than magnetic stripe cards, but, using me as an example, I have to believe that a single smart card has to be less expensive than six magnetic stripe cards (three temporary and three permanent replacements) plus the time of bank tellers, managers and phone customer service personnel spent processing and issuing those replacements. (Update, 12/22/13: According to Brian Krebs, reissuing a magnetic stripe credit or debit card costs from $3 to $5; Gemalto, one of the biggest smart card vendors, says that the average cost for a smart card with a microprocessor is $3.72. Even if that number is on the low side, it means that banks would be ahead of the game, or would at least break even, with smart cards vs. replacing mag stripe cards.)

Whether it's an encryption-based system or a "one-time pad" approach where the customer gives the merchant an account number issued by their financial institution that's good for only one transaction and is useless if anyone tries to use it again, the U.S. needs to move to a more secure and reliable method for credit and debit card transactions. The system we have now is no more secure than the weakest transaction system used by any merchant--which means that we have almost no security at all.