Earth is the Hackerspaces Planet

December 03, 2016

CrashSpace

One Thing To Do Today: VPNs beyond the hype.

TL;DR: A VPN is a narrow tool. Use them accordingly.

Virtual Private Networks evolved to connect remote workers into their organization’s network in a way that can’t be easily snooped. If that’s your organizations situation, run, don’t walk, to set up a VPN. It should have clever, well paid administrators and hardware under your companies control. This is what VPNs were designed for. Make it happen.

However, the concern I have is watching a number of folks touting VPN services as a “privacy” solution for individuals. People are being sold an acronym, not a solution. Properly configured VPNs create a secure connection between a remote user and secure network that already trust each other.  VPN protocols in and of themselves afford no privacy from the parent network.  If the host network is being used as a tunnel instead of a destination this is a clever hack use for VPNs, but not their original design. There is neither privacy nor security once the traffic leaves the host network on the far side. To understand how to determine if a digital tool provides the service you expect, read up on the distinctions between anonymity, privacy, security . Yael Grauer breaks down the problem in his article “The impossible task of creating a “Best VPNs” list today.”  The take away quote comes from Kenneth White, “You’re getting a pinky promise as a service.”

Now for the twist. In spite of all that grumpy-cat complaining, I actually do use VPNs. They work great as a narrow tool for specific scenarios.

If those sound like common situations, then going through the trouble of vetting a VPN service might actually be useful.  TorrentFreak has a list of providers that have answered their questionnaire.  BoingBoing published a shorter list with a decent comment section that I found helpful.  LifeHacker has a 5 Best list with more discussed below. The options on the list from digitaltrends.com seemed credible as well. Cross referencing the lists, and requiring a mention in TorrentFreak’s:

Also frequently mentioned is AirVPN, who offer free services to activists in human rights hostile regions. So that’s cool. It’s worth searching for the name of the service your considering into VPN reddit community. Folks seems pretty polite and knowledgeable.

So go forth, choose a VPN, just remember its part of a suite of tools and the company chosen needs to be checked on regularly.

 

by carlyn at December 03, 2016 08:53 PM

One Thing To Do Today: Amuse yourself, then toughen up your browser.

I have a new friend. It’s the scripted voice on clickclickclick.click, a website keeping me company as I write this post. As I type I’m still hearing hilarious commentary about my (lack of) behavior by a male slightly accented voice. It’s perfect. I have 54% of the achievements. I want them all. It’s like a pet.  Or is it me that’s the pet? It’s already guessed that I’m female.

“Go on subject, you were doing so great!”

The result of a collaboration between VPRO Medialab, Moniker, Studio Pukey and We Are Dataclickclickclick.click makes fun of the creepy. I’ll admit, the overwhelming amount of information required in order to really protect ones rights in the digital realm risks swamping my brain some days. I’ve been buoyed by the little bit of a smile this website has brought to my day. After amusement comes action.

Clickclickclick.click works because the my computer and the internet server it collected the webpage from maintain their own little backchannels. Servers suck down and aggregate tons of information via cookies, cachesplugin user data, quiet little javaScripts, and by noting configuration. If you want more granular details both PanoptoclickWhat’s My Browser or Webkay will enumerate the hard facts. Analytics companies (and others) use mouse movements to analyze design, but also make guesses about demographic information (PDF) and identity.

Browser developers have conflicting masters sometimes, which make it against the parent company’s best interest to help individuals deflect prying behavior. Extensions help, but they also create big giant security holes. And ones that start out good can turn bad.  Be careful. If the permissions seem excessive, back away. GigaOhm and LifeHacker have decent run downs. Some safer bets from them and my own experience:

  • Block Plugins: Chrome, FireFox and others have a option called “Click to Play” that prevents plugins from loading automatically. No extension required. Enable that.
  • Broad Blocking of Tracking: Privacy Badger blocks “nonconsensual trackers” and is supported by the EFF.  It’s designed to be permissive to trackers with manners. Ghostery  and Disconnect are comercial players in the blocking game that let the user be more aggressive. uBlock Origin, a well regarded open source project, falls into this category as well.
  • Classic AdBlocking: An extension from the above category might make a specific ad-blocker unnecessary. Ad Block is a by-donation project that took its inspiration from an older FireFox plugin.  This is different than Ad Block Plus seems to have taken over the market, perhaps out of confusion. ABP has a model where they extract money from the the less egregious advertisers, although not flawlessly. While ABP business model might give you pause, the money lets it win lawsuits.
  • Block Javascript: ScriptSafe, an open source plugin that makes it easier to toggle on and off Javascript for given pages. It’s akin to NoScript for FireFox.
  • HTTPS-Everywhere, as mentioned previously.

Don’t be discouraged if having all these plugins turned up to the max makes web browsing hard.  Being educated about what’s happening behind the scenes makes it easier to advocate for real change. Consider mimicking an old fashioned swear-jar by dropping a dime in a jar every time some misbehaving website gets you to give it a free pass by promising adorable otters. You’re only human after all. Absolution will come in donating the money to the EFF.

by carlyn at December 03, 2016 12:35 AM

December 01, 2016

CrashSpace

One Thing To Do Today: Turn off image loading for email

Let’s do something super simple today. Turn off default image loading in your email client or settings. HTML emails can conceal tiny little tracking images. The act of opening the email loads the image which informs the server it’s loading from:

  • That you opened the email.
  • The time you opened the email.
  • The IP address you opened it from, potentially traceable to a physical location.
  • The amount of time between that image loading and any click through behavior on your part.
  • The type of computer and software that loaded it (Safari bowser, Outlook, etc)
  • Whether you “deleted it, forwarded it, printed it

This information will be collected every time the same email gets loaded. So if that’s done from work, home, a phone, etc. that represents a lot of location and behavior information adding up in the databases of bulk email analytics providers with contracts across multiple clients and industries.

Screen shot of HTML source code

Tiny image reference that tells the email sender that I’ve loaded the image, from where, and at what time.

Let’s use me as case in point. Checking out the source code of an email from the local garden center chain revels an image set to rendered as 1 pixel wide by 1 pixel high. The super long hexadecimal number set identifies that it was me that loaded it. That’s a heck of a spacer gif. Notice also the image isn’t being sent to my email client via HTTPs. That’s incredibly rude.

Email marketers go to a lot of trouble to get the most from their campaigns. They want to know what subject lines convince people to open the emails.  What offers get the most click throughs? What time of day are people checking their email? How long after it gets sent will people see the message? They are tuning their behavior to game yours.  Sales people can be informed that an email was recently opened and move to call “while the pitch is fresh.”

As if sales motivations weren’t annoying enough, company HR departments use these techniques to track employee engagement on internal communications as well. (Why don’t you read the newsletter, Janice? That’s a star off your performance review…)

Some folks I admire and trust have turned to email newsletters. TinyLetter seems to be the service of choice, and their privacy policy is the same doozy as everyone else. MailChimp corporate has quite the profile on me. Let me tell ya.

In my career I’ve used email campaign software several times and I found the metrics very helpful. As a result, some of this tracking I’ve manually opted-in to because I thought I was choosing to support the newsletter author. After writing this article I’m going to re-opt out. I’ve been reminded that the data these services collect does not get encrypted and reserved for the exclusive use of those authors.

Let’s put the people I’ve actually invited into my inbox aside for a moment because the bigger threat comes from SPAM and other unsolicited emails, filled to the gills with invisible trackers. If I open one by mistake I don’t want it getting back to the mothership that they’ve got a live one. No thank you.

Moving a bit into what might feel like tinfoil hat territory, but another reminder email itself is not a secure protocol. I don’t check the source of every email I receive. If there is no cryptographic checksum, who knows what’s showing up from even trusted senders. Image loading turned off by default helps avoid surprises.

Compared to some of the other things we’ve done, this might seem like a tiny little act. The tiny little acts matter. Right now the average consumer has been compressed to the bottom of the information food chain. Turning off auto image loading takes back just a bit more personal dignity. Don’t give up a drop of that for free.

 

 

by carlyn at December 01, 2016 06:44 PM

November 30, 2016

CrashSpace

One Thing To Do Today: Insist on HTTPs

TL; DR Install the EFF sponsored chrome extension HTTPs Everywhere or look into a browser like Brave.

The letters HTTP stand for Hyper(T)ext Transfer Protocol. Transfer protocols handle the movement of data between one computer and another.  The internet isn’t comprised exclusively of webpages, but when computers around the world serve up webpages they use this Hyper Text Transfer Protocol to transmit the Hyper Text Mark-up Language scaffold and the ornaments we hang on it.  One web, one protocol. We haveTim Berners-Lee to thank for that. We still have him to thank.

As the web foamed out of CERN to spread information between scientists, little thought was being given to security. Why make something secure if the point was open sharing? HTML docs were supposed to be as simple as possible, to make information easy to index and share.

Well, things haven’t stayed simple. Back in 2004 at ITP I watched Dedi Hubbard and Joe Versoza build their Ptooie project, a robot flower whose state of health reflected the security of information being passed on the network. Ptooie found passwords being passed “in the clear” and shouted them out, wilting with deepening sadness the more insecurity it found.  Handing around passwords was something relatively new that web pages were being asked to do, and many web developers weren’t implementing it well. Those who attend DEF CON will recognize the connection to the long running Wall of Sheep. It still runs, and it still catches people.

HTTPs, “HyperText Transfer Protocol, Secure” helps keep what’s being passed between your web browser and the sever between your browser and that server.  It’s obvious why that would be necessary on pages with passwords and financial data, but why on random sites that don’t seem to “do” anything?

  • If the default state of the web is insecure traffic, it’s too easy for content that’s supposed to be secure to be pushed out with a largely insecure page. The reverse is also true, insecure content can run (I’m looking at you ad networks) in pages that are supposed to be secure, causing vulnerabilities. This is called “mixed content.”
  • Libraries can tell you the importance of keeping what you’re browsing private. Right now anyone on the coffeeshop WiFi can tell who just asked webmd.com about that rash (clearly for a friend). I kid you not. Sitting with your back to the wall doesn’t cut it. The network sees all.

The good news, starting in 2017 Google will be using its market share to push back on companies that don’t care about your security.  If you can’t wait, you can set up a Chrome warning now. Another recommended install, the EFF sponsored chrome extension HTTPs Everywhere. Also look into the Brave browser, a high speed, high privacy browser that enables payments for content creators. (Thanks Dedi/@kweerious)

For those managing a website, Let’s Encrypt makes it easier, and free, to get the necessary certificates to switch to HTTPs. Internet Security Research Group (ISRG) provides this service to further their mission to “reduce financial, technological, and education barriers to secure communication over the Internet.” Google has posted a handy page on the move from HTTP to HTTPs as well. If a beloved site seems to be struggling with the switch, maybe it’s a chance to get involved!

Like all other security measures HTTPs isn’t perfect, but its certainly an improvement. I love the Ptooie project and the Wall of Sheep for making HTTP’s lack of security visceral. This has been a known problem for a long time. I hope theses projects inspire folks to start requiring HTTPs from websites at last.

by carlyn at November 30, 2016 08:37 PM

Hive76

Use 3D printed fixtures to avoid support material

If you are familiar with 3D printing, you may know of one of the most frustrating constraints in the process: overhangs. For those new to the tech, Material Extrusion machines like the RepRap and Ultimaker extrude molten plastic into air to produce 3D objects. But molten plastic is subject to gravity, so each bit of plastic needs to be supported by a previously printed layer.

bottom view of soap dish model

Bottom view of soap dish model

There are a lot of solutions for this constraint. Designing an object not to have overhangs is one approach. Most 3D printers also use one or more materials to print supporting scaffolds for overhanging features. But removing the printed scaffold can sometimes be a mess. Take the example show here of a soap dish:

This model will print really well with the large flat surface placed on the build plate, but the four feet shown in red project below that surface. To print this as is, you would need support structure underneath the entire print with just the feet touching the print bed. Support scaffolding can be a mess, but I have a new method that can avoid support material altogether: flip the print over and print on the nice flat surface. With this approach, the trick is holding the model in place upside down while the feet are printed. The molten plastic will bond to the previously printed part, and the feet will become a permanent part of the soap dish.

3D printed fixtures are already a selling point and common practice in the professional additive manufacturing field, but I haven’t seen any examples of this among the DIYers and consumer 3D printer operators. A 3D printer has the ability to make any tool needed, even single use fixtures for a simple soap dish model. It only takes a bit of CAD to produce a working set of fixtures that will be printed and left installed on the print bed. Take a look at the embedded 3D model below and I will describe the process step-by-step.

  1. CAD your model. I use Fusion 360 because it is quite powerful, and free to use until I start making money.
  2. Create separate bodies for the fixtures and features that will be printed separately. Here the fixtures are in green, and the feet in red. They need to be separate bodies (not joined) so they can be exported separately.
  3. I created the fixtures for this soap dish by starting with a sketch that is in plane with the flat top of the soap dish. Then I extruded that sketch with the option “to object” so it would match the dish’s contour. I also included an offset. See that dialog box here:
    Extrude feature dialog box

    Extrude feature dialog box

     


  4. It helps that this model, the fixtures, and the feet are all symmetrical. The slicing software Slic3r will automatically center our parts in the printer, a feature we will rely on in this process.
  5. Create the additional features as separate bodies, see as red in the model above.
  6. Export 3 separate STLs: model, fixtures, additions. You can export STLs with multiple shells like the 2 fixtures or 4 feet with this trick.
  7. Slice and print your main model as normal.
  8. Slice the fixtures STL, but use the Brim setting to ensure really good bed adhesion.
  9. Edit the fixtures Gcode to remove your end.gcode and anything else that might turn off a heated build plate. Our fixtures need to stay stuck to the 3D printer. My first attempt failed because the print bed cooled down and the fixtures popped right off.
  10. Slice the additional features STL.
  11. Edit the additional fixtures Gcode to remove any start.gcode including homing commands.
  12. Add G92 Z0 to the top of this additional features Gcode. G92 will set the printer position to Z0.
  13. These two Gcode files will printed back to back with your intervention in the middle. Pay attention to the time.
  14. Print the fixtures Gcode. When it ends, place your model into the fixture. If it doesn’t have a snug fit, tweak the CAD to find the right geometry to hold your model. It doesn’t need to be clamped in, just secure enough that the nozzle won’t move your model.
  15. Now manually move the nozzle so that the tip is right at the flat “underside” of the model. Also home X and Y in case they shifted.
  16. Print the additional features Gcode.  Keep a finger on the power or reset button. My second attempt to print this failed because I forgot the G92 Z0 and smushed the nozzle into my print.
  17. If all goes according to plan, the printer will add your additional features directly to your existing model.

Check out a timelapse of my third and successful attempt at adding feet to my soap dish.3d print timelapse

This technique could be used to make more permanent fixtures that can be reattached to the printer. You could use this to 3D print customizations onto previously printed or mass produced items. It may require more plastic than support material, but could save the time and effort of removing stuck-on scaffolding. It’s always good to have multiple options to the same result.

If you do 3D print some fixtures, please share the process or results with me! Happy 3D printing!

p.s. I’m running a 3D printed gift exchange this holiday season. If you have the skills and the means, please join up and 3D print a gift for someone else! Join here.

by eagleapex at November 30, 2016 01:58 AM

November 29, 2016

CrashSpace

One Thing To Do Today: Tuesday Sweep, where are your backups?

TL:DR Sign up for Crashplan with the option of managing your own keys.

The SFMUNI was able to tell the folks who ransomed their system to go to hell. Why? Back-ups. There’s no reason not to wipe it all and start fresh if there is a back up. How liberating. Any backup plan has levels, multiple copies, etc. Ideally as automated as possible. Making sure all backup systems are up and running should be part of the Tuesday Sweep (link a work in progress). Keep strategies upto date to fight increasingly sophisticated ransomeware. Here are some of the items on my list to keep tabs on.

Password Manager Data

Backup the data file for your password manager. On a disk, to the cloud, somewhere. One of the criteria for selecting a password manager should be the ability to create secure backups. Check to make sure everything is synced up.

Active Files

GitHub, Dropbox, iCloud, Google Drive. Most of my work doesn’t require delicate handling. It’s probably headed towards being open source anyway. If I’m making a lot of changes on a file, my active copy gets synced regularly via one of these services. I’m making the conscious choice that losing the data would be more traumatizing than it getting out into the world.

It is possible to set up your own server to mimic some of these services, but I don’t want to maintain one.  I’m also not sure that random hosting companies have the same war chest to stand up for my privacy as Apple has been willing to do.  So my choice for handling data that requires more care would not be to roll my own cloud service, but to encrypt the files before either uploading or putting the files on a usb drive. (Although, not a USB drive I didn’t buy myself.)

Local boot drive

If all the urgent files live in the cloud, having a boot drive with just the operating system and some diagnostic tools might be enough to get back to productive under deadline. It won’t need to be updated all that often because it only has the basics.

Mac Advanced | Ubuntu directions for Windows | Official Windows Directions | Non-Official Windows Instructable (untested, but intriguing)

Searching Stack Exchange for the operating system you’re making the boot drive for with the name of the operating system you’re making the boot drive with, if different, will locate resources for your particular situation. Doing daily computing off boot drive is a topic for another day.

Full Local / Cloud backup

So this was going to be two separate sections, but the thing is, nobody really remembers to go to the trouble of manually backing up their computer to an external hard drive. Oh, and then to take the extra step of dropping it off at a safety deposit box or other offsite location? If your threat level feels that immanent you’ll have the motivation, but there are worthwhile steps to take that are less extreme.

The ideal setup is a software/service that will let you do both onsite and offsite one sweep. The Wire Cutter’s extensive review recommends Crashplan. I might switch. The free version allows you to backup locally, so if you want to do the sneaker-net offsite plan I poo-pooed above, you can do it. Getting two drives and alternating which one gets used will help prevent viruses of any type from reaching your data. The one-computer cloud backup plan is inline with others in the market at about $60/year. For $150/yr up to 10 computers can come under their care. They even have plans for small businesses.

The dealbreaker for a cloud storage should be the ability to manage your own encryption keys. Most will recommend against it because they don’t want someone willy-nilly choosing to do that without understand the gravity of the choice. If you manage your own keys, losing them means complete loss of data. There will be nothing they can do to help. That’s the right answer. However, if the threat of data loss makes you hesitate, please don’t. There is a perfectly valid half measure of letting them manage the keys for the main backup, but keeping personal information encrypted locally.

Having backups to revert to is protection against all sorts of malware and ransomeware attacks. No security will be full proof, so knowing what to do when the bad inevitably happens can make security preparations more relaxing. If this is all too much to put in place today, I nominate making sure that the password manager datafile has a secure second location and then signing up for Crashplan.  Baby steps. Next time you’ll do more.

Image Credit: Lisa Amin Gulezian
@LisaAminABC7, https://twitter.com/LisaAminABC7/status/802693810983579648/photo/1 via Mashable

by carlyn at November 29, 2016 11:05 PM

NYC Resistor

Internet of Dirt class this Saturday

Get a text message when your plants need watering!

There’s still room in our Internet of Dirt class this Saturday. We’ll talk about the Internet of Things as a general idea, what kinds of Internet-connected devices you might want to build, and how you can plan your own projects. You’ll learn how to connect your project to the Internet, send HTTP requests, and interact with sensors. We’ll set up a basic soil sensor and program it to message you when your plant needs watering!

Tickets are on Eventbrite.

img_0165

by Bonnie Eisenman at November 29, 2016 06:50 PM

CrashSpace

One Thing To Do Today: Know where you’re going when you click.

The text of a link is not always honest about it’s destination. On websites and when using a browser to check email having the status bar turned on will help catch misdirection. Although, with javascript enabled this tip is not full proof.  Some browsers (Safari) come with this the status bar turned off for a more “clean” experience (let’s not get me started).  The option to turn the status bar back on can be typically found in the “View” menu. The comparable feature on a mobile browser is to click and hold until a pop up screen shows up. The URL shows up in grey at the top of a window with the option to load the item into a new tab, etc.

My long history using a browser with a status bar makes clicking on link that’s gone through a link shortening service feel a bit like hopping into the back of a panel van with a blindfold on. Most services don’t do everything they could to protect against malicious links.  They can’t be trusted to ambiguate private URLs.  They also present a whole host of problems to the health of websites. In Chrome, it’s possible to install an extension to unpack them or go even further to  always show the IP address of the current page. Or you could not.  We all have to get an adrenaline rush somehow, I guess.

by carlyn at November 29, 2016 05:46 PM

One Thing To Do Today: Choose Open Source ( #opencybermonday )

In honor of #opencybermonday, it seems to be a good moment to point out that security minded folks tend to also be open source advocates. To sum up the problem, commercial product manufactures rely on “Trade Secrets”  to protect the IP of their lock design, this replaces actually making better locks.  Companies that hide their code can be more easily pressured into installing back doors. They may conceal vulnerabilities to avoid bad PR.  The Open Source Initiative has posted a nice nontechnical primer with a bank-safe analogy.

When designing a secure system, every secret that must be kept provides a point of weakness. Bruce Schneier makes that point well, and pretty much every article on this topic quotes him.   Let’s go straight to the source:

David Wheeler has maintained a website dedicated to teaching programmers how to write more securely since 1999. He comes down on the side of open source while acknowledging the issues. The Heartbleed bug scared many people off, but for the wrong reasons. Weaknesses in open source projects arise because people who use the code aren’t participating in maintenance, even thought there are good reasons to. Even if you don’t feel comfortable contributing code yourself, support the foundations that run big projects (via Hack-a-Day). If you’re in the market to buy a product, check to see if the company about to get your money supports the cause.

Don’t only require open source from your desktop operating system. Reach out to companies like car manufacturers with the reasons open source would be better for their products, and why that’s a shopping criteria for you. If you are a manufacture consider using a platform like IoTivity to underly your products. The Open Source Hardware Association has recently started a certification process.  You can use Crowdsupply to fund it. There are several open source laptop projects.  This open source hardware philosophy can be pushed down to the silicon.

To learn more, go ahead and check out #opencybermonday on twitter.

[updated]to add reference to Crowd Supply via BoingBoing in last paragraph.

by carlyn at November 29, 2016 03:13 PM

November 28, 2016

Hive76

MaD HaX and the Kensington Kinetic Sculpture Derby

215

At the Kensington Kinetic Sculpture Derby and Philly Tech Week (City Hall) This Summer.

4slack_for_ios_upload_1024

by ChrisTerrell at November 28, 2016 12:07 AM

November 27, 2016

CrashSpace

Urban Neighbors: The Biodiversity of Urban LA

On Saturday February 11th Samantha Sullivan will be sharing her presentation Urban Neighbors: The Biodiversity in Urban L.A. This discussion will cover the diverse and surprising wildlife which live right here in our own backyards, detailing their habitat and the critical roles they play in our unique ecosystem.  What are some of the serious threats local wildlife will face from the expansion of urban sprawl, and what can be expected with the predicted rise in human wildlife conflict?  How can we coexist with and protect other species, why does this matter, and how can we keep our cities as both biodiverse and enjoyable environments for generations to come?

 

samantha-sullivan

About the speaker

Samantha Sullivan is a graduate student in pursuit of a Masters in Biology with an emphasis in wildlife conservation.  Currently, she works with communities both locally and internationally on assessing barriers and collaborating with locals and conservation organizations in the region to create solutions that work toward coexistence between wildlife and the community. She has worked with many conservation organizations including; Spectacled Bear Conservation Society in Peru, the Ara Project in Costa Rica, Primate Education Network in San Francisco and locally with Citizens for Los Angeles Wildlife. Her interests include being in nature, yoga and all things cat related.  Samantha has articles published with Earthwise Aware, a non-profit organization that addresses the ethics of conservation around the world, and is a conservation blogger on her website, openspacescoalition.com

by levisimons at November 27, 2016 07:18 PM

November 26, 2016

CrashSpace

One Thing to Do Today: Single-Factor Biometrics are the WORST. [Supergirl Spoilers]

So thanks to Supergirl Season 2 Episode 7 we’ve got a giant teachable moment on the security horror show of single factor authentication with biometrics. It’s not the shows best written episode, kinda crazy full of plot holes. To sum it up: season 2’s big bad kidnaps Supergirl, gets a hold of her blood, takes it up to the fortress of solitude, and voila – they’re in.  No additional passcode or amulet. Not even a second biometric, like face recognition. Talk about crap security, Kryptonians. I mean really, I won’t even enable the thumbprint ID on my phone. Here is some lessons our alien hero’s maybe should have picked up by now.

There are ways to mitigate some of the flaws (PDF warning, but excellent read) in biometrics, however none of them override the single truth, they should never ever ever be the only security being used.  It’s just bad writing.

by carlyn at November 26, 2016 11:43 PM

One Thing To Do Today: That IoT device on sale for Black Friday? Hold off.

Screenshot of a September 14th saying Das S in IoT steht für Security.

The original German? Translated. https://twitter.com/showthread/status/776089345069555713

There is a joke gaining popularity on the internet. “The S in IoT stands for security.”

The very first twitter reference I can find is in german from @lino, retweeted in english by @showthread.   In 2016 put a chip in it took the title from put a bird on it. IoT has pretty much become a joke to security experts. A bad joke with terrible consequences. Companies rushing to spend a around 1 trillion dollars churning out these devices don’t really understand the security they require.  Back in 2014 the Nest thermostat could be rooted in under a minute,  listening in on your heating habits to find out when you’re likely to be home.  This is entirely independent of concerns about that very same company simply shutting down the cloud services that its existing IoT devices depend on. Those cloud services are not secure, anyway.

Need even more help resisting the urge? Imagine the environmental impact of every random disposable thing requiring rare earth materials.  Rare earth materials mines are horrific places, frequently in destabilized regions of the world. Forget information security, think actual wars and death. Try making an image from one of these slideshows your desktop for CyberMonday. They’ve gotta be good for a little bit of impulse control.

I am not a luddite. I want us all to be able to have fun things that make our lives easier. If you feel like you just have to join the party now, keep yourself from having a Bad IoT Day by vetting purchases with the following questions.

  • Can the devices on my home network continue to do their jobs without a connection to the internet? How much functionality will I loose? What happens if cloud services go down permanently?
  • If data gets sent back up to the “mothership” is it encrypted? Can employees access it? Under what circumstances? Who outside the company gets to see it?
  • How will my IoT devices get firmware upgrades? How will I be notified one is required?
  • Is the software open source? At the very least is there open APIs for the clients? For the firmware?
  • Is the hardware open source? Does it use standard connectors?
  • Does the manufacturer have a recycling program?
  • Has the manufacturer pledged not to use conflict minerals?

For the products that fail these standards, call their customer service lines. Tell them why you didn’t buy.  Keep up consumer pressure. Have standards. You and your home are worth it.

 

 

by carlyn at November 26, 2016 05:11 PM

November 24, 2016

CrashSpace

One Thing To Do Today: Give Thanks

I’d like to say thank you to the many teachers I’ve had in my life.  You’ve made me who I am. To anyone who has put up with being a student of mine, I’ve certainly never taught without being taught. Thank you for your patience and your efforts.

I’d like to say thank you to the members at CRASH Space, past and present. I moved to LA knowing very few people and the gift of being connected to such a wonderful, curious, supportive community has been priceless.  I’d like to say thank you to the board members and officers, past and present, for making sure that the lights are on the internet flows. You are the best people ever, giving so generously of your time to make sure we keep on keeping on.

I’d like to say thank you to the folks on the internet, ya bunch of pajama wearing baby goats. To the people behind every link in every article I’ve ever written, every video in every playlist, every retweet, thank you. You’ve made me laugh. You’ve made me tear my hair out.  Which ever it was, you showed up. You gave a damn. You put things out there. Deeply, deeply, thank you.

I’d like to thank all the folks who laid all the wire and cable that makes up the power grid and internet infrastructure that makes all this possible. It’s freaking cold up on those lines.  From the rocket scientists who send up the satellites, to facilities contractors who take out the trash. None of this is possible without any of you.  To the call center folks who are working today, just in case. Y’all are the best for putting up with our surly know-it-all selves. I hope there is a warm plate of food waiting for you somewhere.  All my daily life I am surrounded by things that have been made or grown. To everyone who makes that possible, Thank You.

I’d like to thank my family – both blood and chosen. I don’t get to be with as many of you as I’d want today, but I’m so glad you’re alive and well. I am so very deeply thankful for the mathematical improbability that is my husband Tod, who many of you know. So many things. So many things.

So much of the information in this series could make a person want to crawl into bed and never leave. But, Thank You, to folks who are keeping us on our toes. To give us reasons to do better. To be better.  Never stop being curious about how things work and how to make them better.

So thank you humanity. For being such a mess. For trying. To putting what you’ve got out there. We don’t have things down yet, but we keep going forward, whatever that means.  To the almost 7.5 billion people out there – I’m so thankful you’re available to add your voice and your views.  We need all the ideas we can get.

With all my love,
— Carlyn

 

 

 

 

 

by carlyn at November 24, 2016 06:40 PM

November 23, 2016

CrashSpace

One Thing To Do Today: Enable Two Factor Authorization

TL;DR Yes, go enable two factor authorization, but it’s probably really fancy multistep verification. And email, still not encrypted

I’m very glad to see the buzz on the internet about two factor authorization. I’ve been slow about doing an article on it because I didn’t want to be the downer at the party. Yes, it is important advice to follow, but I just can’t get all excited about it. Enabling 2FA doesn’t make your email encrypted. From the way I see it being talked about on twitter, I’m worried that’s the impression folks are getting.

Two factor authorization reinforces logins. If you fall prey to a phishing attack, two factor authorization will make it harder to access your account because having just the password won’t be good enough. Companies love it because it means when they f*ck up properly securing their logins they’ll have less liability to contend with. Two factor authorization is NOT data encryption, it’s just a fancy front door. Better than not having a fancy front door, but it certainly doesn’t fix structural problems.

A while back many banks and email providers started to move to two step verification. Two step verification is not the same as two factor authorization. Two step verification typically asks for two remembered pieces of information in a row, a password followed by a challenge question or a code number, for example. Two factor authorization improves on this process by requiring verifiers to come from entirely independent classes of identification:

  • Something you know (password, street name where you grew up, a texted pin number)
  • Something you have (decoder ring, usb key)
  • Something you are (fingerprint, voice recognition, gait, all the biometrics)

Folks talking to beginners seem to mush 2FA and 2SV together for the sake of convenience. For example, my phones seem to be constantly sprouting codes in text messages. Despite being billed as such, this isn’t technically two factor authentication, it’s fancy multi-step verification. Those texts are simply providing a 1-time password, so still “something you know.” To top it off, it’s not like my phone number is all that secret or those text messages are encrypted.  Mobile phones also get lost or stolen all the time. This is where specialized USB fobs with rolling codes step up to the plate. They’re very cool, and I totally want one. Yet it seems a little extreme to go all “magic talisman” to protect data that isn’t encrypted on the back end, like say email or all those jottings in Evernote. Just saying.

Also, please, before enabling 2FA or 2SV review what, if any, recovery processes the company has put in place in case of loss of either or both required authorizers. We’ve gotten so used to having a phone call to customer service fix things. If the data was supposed to be encrypted with that 2FA “there is nothing I can do” is exactly the right answer.  Be prepared.

So, yes enable that two-step-facto-autho-veri-whatever being offered. It does help. It just isn’t the only help we’ll need.

by carlyn at November 23, 2016 08:22 PM

NYC Resistor

Happy Turkey Day!

There’s no Thursday Craft Night this week! Resistor will be closed for Thanksgiving.

by Bonnie Eisenman at November 23, 2016 03:00 PM

LVL1

Fifth Annual Free Thanksgiving Dinner

Free Thanksgiving dinner at your favorite place to make stuff! Don’t have a place to celebrate? Join us! Know someone who needs a place to get a meal? Send the our way! Want to avoid your racist uncle? Tell your family you’re volunteering at a charity dinner! We’re a 501c3 after all. Help clean up […]

by Ben Hibben at November 23, 2016 01:11 AM

November 22, 2016

CrashSpace

One Thing To Do Today: Add Self Review to Tuesday Checklist

It’s Tuesday Sweep Time on my calendar.  I’m trying to create a github-pages site that will be a nice little control panel to make this easier for me. The site is still super rough because I’m newish to Jekyll and the idiosyncrasies of the GitHub version, but feel free to clone it to make your own.  One of the pages is my security sweep checklist. I’ve put doing a self review right at the top to reinforce the “security is a process not a product” stuff.

  1. What did I do (or not do) that I knew better than to do (or not do)?
  2. Why did I slip up? What would have made it easier to do the right thing?
  3. Change: Make it, schedule making it, ask the community, drop a note to who can change it.

For example, this week while traveling in a rental car I plugged my phone into the rental car’s USB port. Not the smartest.

I slipped up because:

  • I fell asleep the night before without plugging in my phone.
  • Really wanted a charge so I could take pictures and in an emergency make phone calls. That felt more immediate than security fears.
  • My battery pack was in a bag in the trunk
  • The charger I’m using doesn’t work very well anymore anyway
  • It was super appealing to listen to my own tunes

Next time could be better if:

  • If I had a better bedtime routine. There was a plug right on the lamp.
  • I would have pulled the car over if I had been alone. Next time I could be less emotionally lazy about annoying travel companion to get bag out.
  • If I had a battery charger that was flatter and did better job of charging my phone I might be more likely to leave in my purse instead of computer bag.
  • For music: If I had put bluetooth speakers, an AUX cable, or an FM radio transmitter on travel packing list. Alternatively, could have looked up local radio stations. Could have at least tired. Might have been pleasantly surprised.

Actions I could take are (brainstorm):

  • Plug in my phone right now. A reminder to be better about being aware of phone charge level.
  • Bad bedtime hygiene, but set up the charger on nightstand to get used to having it there.
  • Actually write down a bed time routine so I can add things like this to it.
  • Talk to travel companion about how I didn’t ask. Ask him to remind me that I care if he sees me doing that in the future.
  • Add items to christmas/birthday list, but as really asking people to donate this year, so not reliable.
  • Find that packing list / travel routine I made that time. Update it.
  • Could I finally make that adapter that would just let power through? Wouldn’t that have been in the other bag, too?

Narrowed down actions I will actually do:

  • Find my phone, plug it in.
  • Talk to travel companion.
  • See if we have a different charger in the house that will already do a better job. Add a new one to shopping list if not.
  • Put “security projects brainstorm” to think of what fun hardware projects I want to do on the calendar. Maybe USB thing, maybe not.
  • Put “packing” into file search. If packing list is easy to find, update it.

That’s the drift. Try to figure out went wrong. Don’t get all guilty about it, just improve the process in the ways that can be delivered immediately.

by carlyn at November 22, 2016 11:07 PM

November 21, 2016

CrashSpace

One Thing To Do Today: Research Social-Engineering

TL;DR: Read the entire SmartFile article on 23 Social Engineering Attacks, or at the very least scroll to the end for their summary infographic.

The very first thing I told people to do was download Signal. It was fast and easy for beginners. But if I may say so myself, it’s really kind of pathetic advice – “Here download this app, to your phone, which has location services enabled, and Facebook, and a microphone, which your unconscious thumbprint can unlock…” While 5-things click-baity guides have useful tips, there is a reason that the second and third steps I wrote about were techniques to get and hold our own attention. We ourselves represent the biggest vulnerability to any and all security efforts we attempt.  Social engineering exploits convince people to give up their information, and feel good about doing it. A giant topic, all I can do is give a recommended reading/viewing list for non experts:

Some basic tips:

  • Put something in your eye line to remind you be curious and listen to your spidey-sense
  • Schedule a regular time to refine said spidey-sense
  • “The clock is ticking” is a common ploy. Buy time for your spidey-sense time to work. Ask questions. Don’t try to act smart if you didn’t understand the answer. Follow up. Why do you need that? Why do we need to do it this way? What does that $JARGON_WORD mean? Who did you say you were with? Never agree to expose networks or information without enough time to check the story.
  • Trust, but verify. If they say “so and so sent me,” for goodness sake check with “so and so.”
  • Be wary of links, phone numbers and email addresses.  Look up official channels directly.
  • Keep in mind that typically trustworthy folks can be fooled themselves, get as close to primary sources as you can.
  • Random downloads and external devices don’t belong anywhere near a secure machine.

To close on a personal note, I hate being the bearer of all this “don’t trust anyone or anything” news. It feels more negative about humanity than I actually am. The thing is, I’m a city girl. To expect someone to spend their time putting my best interests at the center of their day seems rude. Why should they? I don’t know what it takes to get through their night. The favor I can do my fellow humans is to not outsource my wellbeing to those who haven’t actively signed on to that deal. Humans survive as beautiful broken things. “Good people” participate in actual evil. “Bad people” have moments of grace.  I try not to assume which I’m dealing with. Caution, curiosity and compassion don’t have to be at odds.

by carlyn at November 21, 2016 08:12 PM

Call For Proposals: The Civic Engagement Survival Guide

This month, CRASH Space is launching the Civic Engagement Survival Guide: a series of talks and workshops focused on creating a community that is informed, organized, and engaged. Each month will feature 2-4 free events, led by a diverse group of speakers and teachers. This is a paid opportunity, and we want to hear from YOU about what ideas you’d like to come and speak
on. You can see our currently scheduled events here.

Please send proposals to info at crashspace dot org.

by at0mbxmb at November 21, 2016 06:00 PM

One Thing To Do Today: Watch Terms and Conditions May Apply

It’s been a long week. Maybe let’s just watch a movie. Try Terms and Conditions May Apply. Reviews on Rotten Tomatoes.

Streams available  from freedocumentaries.org or Amazon.

Admit it: you don’t really read the endless terms and conditions connected to every website you visit, phone call you make or app you download. But every day, billion-dollar corporations are learning more about your interests, your friends and family, your finances, and your secrets… and are not only selling the information to the highest bidder, but freely sharing it with the government. And you agreed to all of it. With fascinating examples and so-unbelievable-they’re-almost-funny facts, filmmaker Cullen Hoback exposes what governments and corporations are legally taking from you every day – turning the future of both privacy and civil liberties uncertain. From whistle blowers and investigative journalists to zombie fan clubs and Egyptian dissidents, this disquieting exposé demonstrates how every one of us has incrementally opted-in to a real-time surveillance state, click by click- and what, if anything, can be done about it.(c) Variance Films

by carlyn at November 21, 2016 06:00 PM

November 18, 2016

CrashSpace

One Thing To Do Today: The robots are listening and they understand what they hear.

TL;DR: Don’t invite AI enabled cloud listening devices or apps into your home. 

image of electret microphone next to ruler. It is only about a centimeter wide.

By Kae (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

Spoken natural language processing still takes a great deal of computing power. Manufacturers want to make their devices small and cheap so we’ll buy them. Wifi chips have plummeted in price.  The result is that Alexa on the Echo, and Siri on Mac catch when they’re called by constantly listening and sending that information to be processed to a server not under user control. Samsung SmartTVs, Google Home works the same way. No consumer protection laws or published third party audits shield end users.

While most companies swear up and down they make no recordings, Hello Barbie, while purportedly not always on, actually touts the fact that it records everything your child says to it. It comes with a seven page FAQ, btw.

Don’t forget about apps on phones and laptops. Shazaam doesn’t care that the fact it leaves the microphone always could be hacked.

Very concerning, even if you trust these companies, some legal scholars have posited that once a home is full of third party listening devices, that may jeopardize the expectation of privacy key to some 4th amendment protections.  “I’ve got nothing to hide” doesn’t mean nothing to fear.

I am no luddite.  I want the convenience that AI infused audio assistants provide. They’re so cool! People are running to buy them, which leaves zero market pressure for these companies to develop versions of their products that can run locally. I get it. Local home servers would require crazy hardware power, and the services would no longer accrue the insane dataset that drives the machine learning.  I don’t have a solution, but I do know Shazaam is off my phone. Siri is disabled. Alexa is not on my holiday gift list.

by carlyn at November 18, 2016 06:17 PM

One Thing To Do Today: What passwords do you have anyway?

TL;DR: Now actually start moving passwords into the software. Updating the weak, deleting accounts that are unnecessary. Take the time to delete from other places, especially from a browser.  

A drawing of an old key hanging from a stylized hook.

The British Library: Image taken from page 114 of ‘Real Sailor-Songs. Collected and edited by J. Ashton. Two hundred illustrations. [Reproductions of broadsheets.]’

So that was going to be it, down load the password manger and YAY! You’re secure! Nope. Buying the Sonicare and leaving it the box doesn’t get the teeth brushed. I have to relearn that every morning. Now we’ve got to go find all the passwords, put them in the manager, and DELETE THEM from places where they aren’t secure. That second step can be the more nerve wracking to me. I find having to reset passwords stressful and likely prevent me from ever finishing the task I was in the middle of. I’m going to choose to get over it.

This can be a slow and tedious process so break it to chunks. Have on some good tunes. Password maintenance will go into our every-Tuesday list.  So will preserving a backup of said password manager file, because that encrypted file should be the only place they are stored now.

Some notes: The password manager I use lets me switch between files.  I don’t have all my information in one file. There’s personal and then there is work.  If you have clients, maybe make one for each client. As you find new passwords, go ahead and delete accounts no longer needed. Update passwords that are weak or old.

  • Go ahead and find those bits of paper: It’s okay. No judgement. If you have them go get them, put them into the password manager. Eat the piece of paper. Just kidding… kinda. At least cross-cut shred it.
  • Web browsers: All of the ones installed on your computer.  The way browsers typically store passwords has vulnerabilities.  When I fist moved over to a password manager I installed the browser plugin and figured I would just start saving things as I logged in. Have I gone back and deleted the ones that are already saved? No, no I have not. I’ll be doing more every Tuesday. Don’t forget to turn off the setting to autosave passwords in the future.
  • Email present: Open your current email and search for the word “password” to remind you of any accounts you may have had from long ago. Update password manager then delete those emails. Now do the same with the words “account” and “order.”
  • Email Past: Try getting into that obsolete email account you’ve been putting off worrying about. Once in search for the words “password,” “account,” and “order” again.
  • Applications: Open your applications folder. Which of those require the internet to be of use or sync information to somewhere else?  This is a clue to make sure you have the passwords saved. This process should be repeated for every device you have.
  • The Operating System’s Password Manager: More secure than the browser or email. You can’t delete all of these, but do back them up to the password manager.
  • One’s hiding in other random System Preferences/Control Panels:  Networks, eMail accounts. If you need them 100% back them up to the password manager. We’ll be purging a bunch of these later.
  • Servers: If you manage a website you’ll have as shell account, possibly a separate ftp, the databases, the admin guis… etc. Many of these may be caught already, but don’t forget.

Now back up your password file. Many password managers will do that to the internet automatically. If so you’re set. If it’s encrypted properly that will be fine. Don’t make the perfect the enemy of the better-than-what-your-doing-today.   You’ll be keeping an eye out every Tuesday. If you are having a hard time letting go of the worries set up a Google alert for the name of the password manager you chose, maybe add the word “exploit” or “hacked” so you’ll be among the first to know.

by carlyn at November 18, 2016 06:13 PM

One Thing To Do Today – Get that password manager already

Keys on a keychain

By Omglia – Own work by uploader omglia.com, CC BY-SA 3.0, via wikimedia commons

Logins sit as the front door to online systems.  True, most systems have other vulnerabilities, but why make things easy for the casuals?

People still succumb to the ease of common passwords.  Unchanged default passwords gooey up the underbelly of networks in a way that anyone can poke.  That password emailed to you? Well, we’ve already covered how silly it is to think of email as super secret private.  Reusing that clever password neumontic or pattern works great until exactly one site gets p0wned.

As long as we’re using passwords, they’ve got to be long, random and unique. Password managers can have their vulnerabilities, but they’re better than the human brain at remembering random blurps of numbers and letters.   For a no-thought choice just go with LastPass the popular commercial product.  To get some help on how to distinguish between the many choices, these comparative reviews provide criteria to think about when deciding for yourself:

Password managers still need a password manager themselves, make it a safe one.

by carlyn at November 18, 2016 06:11 PM

One Thing To Do Today: Plan a way to give to the cause regularly

Calendar page with time scheduled to answer question on a mailing list.

Scheduling a time to think about OPP – other people’s problems.

I am very angry.  This new but old reality has seeped into my skin, tricking my mind to look for blame, to scorn allies, to ignore options. I  want to hide in a bathtub with a blanket over my head. I want to yell. I want to punch. I want my skin to grow spikes. I want my breath to radiate fire.  I want a quenching buffer of nothingness to pour from my soul and destroy my enemies…

…Aaaaaaand that’s too far…

Anger’s great.  Gets things moving. Keeps the brain clear.  Living in an inescapable chamber of rage, however, tends to go poorly. And not for the enemies. It certainly doesn’t get the firewall patched. So how to ride the line? Give. Give. Give. Give money, give time, give information, give resources. Not to normalize the outrageous, but because pacing means everything to the long game. Just the tiniest bit of generosity done regularly can keep the pressure valve clean.

I learned this trick from my terrible-should-never-be-mentioned-typically-culturally-appropriative flirtation with Buddhism. It’s a challenging practice, but luckily there are levels, making generosity accessible even in the grip of rage. The best focus will be different for everyone, but some InfoSec/Tech topical ideas exist.  Pick one thing to focus on at a time. Make sure it gets onto the calendar. Be honest about what’s realistic. Trying to be too nice too soon to too many people can go very very poorly. Relevant search terms to learn more about the actual buddhist mediation practice inspiring this list include “loving kindness meditation,” “Metta bhavana” and “Tonglen.”

Level 1: Give to yourself.

Keep up your Tuesday list:  Keep taking actions to care for your own technical security.  Embrace the internet with all its messiness, but with healthy boundaries.  You and your data have value and are worth protecting. Show yourself that love. Take the time.

Give money to the Electronic Frontier Foundation: I’m trying to focus on time rather than money in this list but, if there are dimes to spare, the EFF is a good cause and they use the money well, like creating the Security Starter Pack referenced in the last post. I’m saying this is a “give to yourself” because they have amazing reward T-Shirts. Just saying.

Level 2: Give to people you can relate to

People who think like us. They’re easy.  They’re the mashed potatoes of giving a f*ck. And some days all you can eat are mashed potatoes.

Be a support-forum/discussion-list hero: Maybe leaving the house is too much. Specialized groups frequently have technical support forums or discussion lists. Being a n00b is no excuse. In fact, a new learner can be a much better explainer than an old hand. At the worst one of us curmudgeons gets pissed off and we’ll just have to correct you. That’s cool. The right answer is in now in the world! Good Work! If that’s too scary, upvoting or otherwise amplifying helpful answers curates the site. Contributing in 15 minutes or less from the couch. Score. CRASH Space has a list. People on the Arduino forum always need answers.

Show up at local interest/user group meetings: Lots of people find leaving the house to be too much, so it can be really challenging to be an event organizer. One tells people about the event, keeps fingers crossed, hopes people show up, hopes people enjoyed/found it useful it. They never tell. It’s stressful. Be nice to organizers. Go to their events. Tell them what you liked.  That can be your gift. Showing up. Libraries, craigslist, forums/reddit, associations, ask your tweeple, meetup.com. These are all places to find local groups. Shout out to my local Linux User Group SGVLUG,  they contribute volunteers to SCaLE, a fabulous open source conference here in SoCal.

Contribute to a local hackerspace:  Some of these local interest groups actually go insane and decide to sign a lease.  Each space is stamped with the personalities of the founders. Don’t be nervous, they shouldn’t have put their address on the internet if they didn’t want people to find it. If their website has an events calendar, that’s the engraved invitation folks. Every space is different, show up, sniff around.  Here is a hackerspaces map or alternatively a makerspaces map if the h-word still feels squicky. You do you.

On a self interested note, CRASH Space will 100% take your money, but we’d also really like your time.  We are a member owned and operated 501(c)3, and sometimes our heads are too deep up our projects to run it perfectly.  We always need people to throw more events, to help tidy up… endless list.

Level 3: Give to something neutral

Options that are past the hyperlocal, but still feel relatively noncontroversial.

Mentor a kid: Children are the future, blah, blah, blah. But seriously, children are the future and their minds are a lot more manipulatable- er, flexible. Boys and Girls Clubs and Big Brother, Big Sister have a large national reach in the US.  I’m a big fan of DIY girls and Black Girls Code. Getting children into STEM is super trendy right now. There is bound to be something near you.

Document your work and make it publicly available: Some people don’t document their work because they don’t think it’s good enough. Some people don’t document their work because they think to do so would be vain, or they don’t care,  or are lazy or just whatevs. Fight those feelings. Taking the time to document your work to the level that someone else could reproduce it serves as massive gift. Nor does it actually require talking to anyone.  Just throw up what you’ve got on github, on hackaday.io, on instructableswordpress, youtube, on freaking LiveJournal. So long as it gets search engine indexed, it’s all good.

Donate to the Internet Archive: The internet changes fast. Bad people may want to destroy the record of their words. If we don’t know our history we are doomed to repeat it.  The Internet Archive is a private foundation not a public charity, but I don’t know of anyone else doing exactly the same work. Their donate link is hard to find.

Level 4: Give to something you find difficult

There is a super pro level of this, giving to the people actually provoking the anger. I’m not ready yet. I’m sticking with ideas that bring up unspecified discomfort, but don’t make me actually spit.

Don’t give up entirely on government: All government is not Federal Government.  City and town governments provide so many vital services. There are lots of projects on Code for America that address these municipal needs.  If you don’t have the time or skills, they do take money.

With all it’s flaws, the rule of written law is one of the best human innovations.  Perhaps the most misunderstood lines from Shakespeare is “Let’s kill all the lawyers.” Causidicide was being suggested as a path to tyranny.    In addition to the EFF there is also a Harvard based group called the Berkman Klien Center and The Center for Internet and Society at Stanford.  If you are a lawyer there may be something you can do. (PS: Nerd-fist-bump to the Code of Hammurabi for having minimum wage statutes.)

Pay for News and Media: High quality information is expensive to produce.  Doing project documentation teaches that real fast. This post alone has taken me hours and there isn’t even any photography. At CRASH Space we try to do our best to provide what we can with as few barriers as possible, but we’re super small fry. Large investigative news stories take money.  Fact checking takes money. Public Radio and TV antennas require maintenance. All those awesome YouTube Creators and Twitchers, they have rent to pay. This is not a finger wag. A lot of people in this community learn paywall circumvention as a badge of honor. Okay. Learn how. Then choose not to.  We’re watching real time what poor quality information can do to a democracy. Fund what you can. If the “regular” news outlets are a step too far, schedule a regular poke around Patreon or documentaries on Kickstarter instead.

Support women, people of color and the LGBTQ community in tech: I so wish this was ready to go into the neutral or even relatable category, but apparently not.  That pushes the breath out of the lungs and doesn’t let it back in. Thank you for considering caring.  In the mean time please forgive that this is as educational as I can be on this topic today.

 

Level 5: Give to Everyone

People you like, people you don’t like. People doing good things. People doing bad things. Basic internet security is for everyone. Believing that and giving to that can be challenging work. Loved ones may not always understand. Do it anyway.

Open Source Projects Need You: If the code isn’t being publicly reviewed, it cannot be certified as secure. Crypto projects require a lot of skills, but anyone can learn how to participate in open source. It isn’t all code either. Documentation, QA testing, usability and human factors work, open source projects have the same needs as their closed counterparts. There is some training required to learn how to interface with them. OpenHatch has training missions to get folks started.  If learning git is the barrier, it only takes 15 minutes.

by carlyn at November 18, 2016 05:59 PM

One thing to do today: Download Signal

Screen showing Signal app. From whispersystems.org website.

Screen showing Signal app. From whispersystems.org website.

Let’s face it. We are primates. We need each other and we need to communicate. Sometimes we use our tools to set a wildfire that burns our values to the ground, sometimes we light the spark of inspiration.  One thing our monkey brains don’t naturally process is that our communications, once put on the internet in any way shape or form, live on. Wraiths in the machine. They can be found and visited by people we don’t know, and many of those will not have our best interests at heart.  That is fine and even charming when it is Uncle Bob’s pie recipe. That weird immortality can sing to our hopes that we can be more than we are. But if the wrong person finds the wrong digital finger print in the wrong place, lives end.

I want you alive. Your Facebook memorial page will not be good enough for me.  I want when I give you the secrets to my soul, that intimacy is ours.  I don’t want some cavalier child-programmer at some silicon valley startup that just learned they have access to the database to amuse themselves over their lunch break with our shared plans. It may be just that we are going for coffee on Wednesday, but my connection to you is precious. And tenuous. And hard fought. And must be tended to to maintain. It is not a commodity for two people to connect, it’s a miracle.

So step 1, just one thing we can do today: Let’s start using Signal.

  • When you send me a victory project selfie because the motor finally works, use Signal.
  • When I text you that I am tired and sad today, I’ll use Signal.
  • When friends from out of town check in to hear my voice because it’s been ages, I’m asking them to use Signal.

There are other options, but since we already have each other’s number we can transition seamlessly.  The choice to use to begin this process of learning to use encryption together is not about anger or fear. It’s because you matter to me.

When I hold your hand, I want it to be your hand.

I’ll see you tomorrow.

by carlyn at November 18, 2016 05:41 PM

NYC Resistor

Join us for a Pop-Ups Make-Along on Sunday!

Did you know we have a professional pop-up artist as one of our members? Shelby Arnold works along-side the legendary Robert Sabuda and this month she’ll teach you how to make things pop, spin, twist, all with the power of opening a piece of paper. Get your tickets from Eventbrite.

popups

Make-Alongs are self-guided craft workshops where participants learn new skills, explore new materials, and make great things! We’ll see you on Sunday. 🙂

by Bonnie Eisenman at November 18, 2016 03:53 PM

November 17, 2016

Nottinghack

Join the Nottinghack Crapathon on Saturday, 3 December!

It’s time again for the annual…

NOTTINGHAM HACKSPACE CRAPATHON!

Saturday, 3 December!

JOIN THE CRAPATHON

Conceptualise and create projects with no value whatsoever!

  1. Create a problem no one has!
  2. Design a solution!
  3. Build it!
  4. Demo it!
  5. Win a crap award!

Rough schedule will be:

  • 12:00PM – It starts! There’s a spiel! You can use things! Go!
  • 7:00PM – You’re done! Stop making stuff! Eat food!
  • 8:00PM – Demos! Voting! Awards! Socialise! (Bring a bottle)
  • Late: GO HOME!

Stuck for ideas? Some of the Crapathon 2015 entries were:

  • Suggestions box that automatically shreds and files all submissions
  • Robot that badly plays the Theremin so you don’t have to
  • Automatic face-recognising laser blinder
  • An extended hand
  • Rocket salad launcher
  • A box for THE ONE TRUE GOD
  • A skin conductivity meter to measure your Scientology levels
  • A box of fucks (surprisingly empty)

This is FREE and OPEN TO THE PUBLIC.

Work individually or in teams. Spectators also welcome!

by Kate at November 17, 2016 12:59 PM

Build an Electro-magnetic Field Detector!

Electro-magnetic fields are all around us, but are usually invisible and silent. In this workshop on Thursday, 1 December, you can make your own detector to hear them.

The EMF Detector

This detector uses two inductors to give a stereo audio output of the noise created by electro-magnetic fields. This is useful for investigating electronic circuits, checking power supplies, and investigating the unseen world around us.

At this workshop, you’ll build your own electronic circuit to detect changes in local electro-magnetic fields. The kit includes all components, PCB, headphones, and enclosure.

Along with building the kit, you’ll also learn how to solder and how to get the kit working.

This evening workshop is on Thursday, 1 December, from 7:30 until 10:00. Tickets are £12 and now available on EventBrite.

Don’t miss this chance to hear the unseen world!

by Kate at November 17, 2016 12:50 PM

November 14, 2016

KwartzLab Makerspace

Repair Cafe this Sunday!

Repair Cafe

It’s that time again for another Repair Cafe! In partnership with TransitionKW, we’re hosting another event this Sunday, November 20th from noon until 4pm.

DON’T THROW YOUR BROKEN STUFF AWAY! Bring in your busted items and we’ll try and help you fix it (FOR FREE)! In the past we’ve done electronics, appliances, furniture, toys, clothing and more. Free coffee and munchies will be provided!

Register for Repairs!

If you’ve got something you’d like us to have a look at, please fill out a reservation using the Eventbrite link below:

RESERVE YOUR REPAIR SLOT

By registering ahead of time, we can ensure someone will be on hand to help you with your item!

Volunteers needed!

We’re also looking for volunteers to help fix stuff, so if you’d like to spend an afternoon helping others in the community, please check out the link below:

SIGN UP AS A REPAIR VOLUNTEER

by Ben at November 14, 2016 07:42 PM

November 12, 2016

KwartzLab Makerspace

James is a goddamn hero

Our laser cutter is dead. It has been dying for a while now. Parts have burnt out and been replaced. More parts have stopped working, or were working intermittently. Stopgap measures were taken to fix what could be fixed easily.

file_000

For the select few who truly understood how the laser operated it was obvious what was happening, and an even smaller subset had an understanding of what needed to change to fix it. And then there is James.

14991977_10206088463764326_4117812101392363742_n

Not only does James have a solid understanding of how the laser cutter works he understood how the laser cutter was being used by members. He understood the deficiencies in the original design, and how to optimise it’s operation. James formulated a thorough plan, created schematics, a bill of materials, and secured funding from the board not only to fix the laser cutter, but improve it immensely as well.

As Ryan put it, he is a goddamn hero.

Here’s to James

james

by jaymis at November 12, 2016 04:33 AM

November 11, 2016

CrashSpace

One thing to do today: Cover your camera with something pretty

Picture of doodled on post-it note covering the camera on a laptop

From my 2016 Camera Cozy Line – Be joyful in protecting yourself. You are worth it.

The people who create computer hardware can build respect into the metal, or they can not. Or they can try, and they can fail. Let’s take the camera on Apple laptops.  They tried. They did actually think of it and try to make sure that software running on the computer couldn’t turn on the camera without turning on the light. Some kid wanting to see a girl naked found a way around that.  I’ve seen nothing that verifies that modern laptops from Apple have fixed the exploit. Now imagine manufacturers that care even less. This is why I prefer to buy open source hardware products when I can. There are billions of people on this planet. Even if you are Apple, someone, probably more than one someone, is going to be smarter than the company’s engineers. Because, you know, titties. It’s better when we are all on the same side.

But we live in a world without a strong open source hardware culture, yet.  Teardowns done by sites like iFixit mitigate some worries. They have an x-ray machine and they use it.  “xray teardown $PRODUCT_IN_QUESTION” put into a search engine can kick things off for items that are more obscure. Also, patents have crazy amounts of information and google has built a wonderful engine to search patents exclusively.

But in the mean time, I’ve made myself something pretty.  Didn’t take much or take long. Grabbed a post-it-note, doodled on it, cut it down, put it on my laptop. Decided it wasn’t sticky enough, so used some Scotch restickable glue stick.  Of course once that magic is in the mix your camera cozy could be made from:

  • pretty craft paper
  • a page out of a magazine
  • a print out one of those circuit board x-rays
  • Endless.

Others may look at my computer decor and deem it “silly looking.” Yeah, it’s silly. Silly that we can’t put the structures in place to make it unnecessary. So the more ridiculous the better I say.

A pen for doodling, scissors, the post-it notes, restickable-adhesive glue stick.

All the items used to make this camera cozy.

You may be wondering why knowing all that I know it took me until today to cover my camera. Honestly, because: “Nobody cares about me.” “I’m not important enough.” “Whatever, I don’t do anything interesting.”

F*CK THAT NOISE. D*MN THAT SH*T TO H*LL.  I value me. Everyone matters, and I am part of everyone. There are differences to be made and I can make them. I do not get to be violated. I am worth fighting for. I am going to look at that weird purple camera cozy and it is going to keep my coals hot. Cause this is the long haul, baby, and I’m in all the way.

Even when others fail to love us, we can set boundaries that remind us of our worth.

* disclaimer. astrix-infusion curtesy of todbot. I’m feeling super NSFW today.

by carlyn at November 11, 2016 05:21 PM

November 10, 2016

NYC Resistor

Nov 19th: CryptoParty

Photo courtesy of the Whitney Museum of American Art.

Photo courtesy of the Whitney Museum of American Art.

CryptoParty returns to NYC Resistor on November 19th, 2016 for a night of learning about your digital defense in the age of mass surveillance from Fort Meade and Madison Ave. Stop by anytime between 3PM and 9:30PM and enjoy snacks and skills from a variety of online security practitioners and researchers. We’re hosting a full day mix of talks and hands-on-help.

If you’ve never been to Resistor before, check our Participate page for more info, including the Code of Conduct. Hope to see you there! If you’ve never been a CryptoParty before, please check out the CryptoParty Guiding Principles.

When:

November 19th, 2016 3:00PM – 9:30PM.

Where:

NYC Resistor (between Bergen and Dean)
87 3rd Ave. Floor 4 (use this OSM link if you’re Richard Stallman)
Brooklyn, NY 11217

by David Huerta at November 10, 2016 04:00 PM

November 09, 2016

NYC Resistor

Grado SR-325 Rebuild

Grado SR-325

This is a rebuild of a messed up pair of drivers I bought off eBay.

Thought I’d share. =P

by Matt at November 09, 2016 03:12 PM

November 03, 2016

Pumping Station: One

Wear a Circuit Workshop

2016-10-30-17-37-19

Participants with their finished circuit patches at Sunday’s Wear-A-Circuit workshop.

I make knitted circuit boards on my knitting machine. Sunday I brought in a stack of 3″ x 5″ knitted proto-boards for us to turn into wearable electronics.

2016-10-30-16-35-41

Soldering LEDs and batteries 2016-10-30-16-36-34img_20161030_174439_30604255612_o  colleen-circuit-highres_455653410

 

 

 

 

 

 

 

 

Doug attaches his to a hat

 

2016-10-30-16-36-52

 

 

Colleen used the four rows to make a zig zag pattern.

 

 

 

The event  attracted a number of spectators, curious about my original knitted circuit design.

Their discussion encouraged me to look into doing this again, perhaps using more complex, interactive projects.

So if you’re interested in participating, keep an eye out here for updates. And if you have suggestions/feedback on the future of these workshops, do get in touch!

by Jesse Seay at November 03, 2016 05:57 PM

November 02, 2016

CrashSpace

Game Developer Meetup (Beginner Friendly!)


WHO: Open to the public!

WHEN: Sunday, Nov 6, 4-7PM

HOW MUCH: Free!

Interested in getting involved in the indie gaming community? This Sunday, stop by CRASH Space to meet other future and current indie game devs. We’ll be sharing tutorials, showing off our games’ progress, and hanging out.

If you have a game you’re currently working on, bring it to show off! (A project will be available if you’d like to demo on the big screen.) If you’ve never made a game before but would love to know how, come hang out and bring a laptop if you’ve got one.

Note: This event does not have a hard start or stop. Feel free to come by any time between 4-7PM.

by at0mbxmb at November 02, 2016 05:00 PM

October 28, 2016

Pumping Station: One

Fare thee well, Tardis, until we meet again

20161023_112854

I first noticed PS:1 because of the sign on the door – the, “Yes we have a Tardis” message. I was intrigued enough to cross the street, look up and see, yep, there’s a Tardis up there. A freaking Tardis!

‘Clearly, this is the place for me,’ I thought.

Fast forward several years.  PS:1 has changed and grown, getting bigger and better, but sadly, the Tardis, has not weathered (pun intended) the years well. I have been on the roof several times over the years.  Each time I stopped to take a look at the Tardis, noting that maybe with some TLC, it could be restored to its former glory as a beacon for folks who wanted to find a place to be whimsical, playful, and creative.

Over the past year particularly, it became extremely obvious that it was suffering real damage, and if there was going to be any chance of saving it, the time had come to try. At best, I figured we could disassemble and rebuild it, and even possibly use it to hide the new dust collector. Upon investigation, we determined that the wood was rotted through, and that it was a real hazard to everyone and everything on Elston Ave. below.  A bad storm would likely have ripped off large chunks, sending them flying straight into a law suit.

So Ken, Andy, and I, with assistance from Kyle who happened to have a pickup truck with an empty bed, the disassembly and lowered the pieces to the street below. Most were lowered by some rope Andy just happened to have; some pieces we simply chucked overboard (always timed so nobody was anywhere near PS:1). Given how heavy some of the parts were, I’m quite impressed with the folks who got it up there in the first place!

After the large pieces came down, Kyle sent up some garbage bags and we cleaned up the rest, leaving little to indicate that anything had ever been up there. Mike Skilton was on hand to help unload Kyle’s truck and cut the chunks down to dumpster size.  As I write this, a fair number of the pieces are sitting on a pallet on the loading dock, waiting for the dumpster to be emptied so they can be thrown away.

This makes me sad.

The Tardis has been around since very early days. It can be seen on PS:1’s Flickr pool going back to the original space. The Tardis is an emblem of the spirit of the space, and demonstrates what can be done by a group of individuals with a common purpose: to make something awesome that makes others happy. Personally, I think of PS:1 not as a collection of tools and equipment, but of interesting people who want to make and do interesting things – and who can and do come together from time to time to make PS:1 itself better. PS:1 is the place it is because of people helping each other. To anyone who has installed something, volunteered for a committee, fixed equipment, or shared an idea to make the place better for everyone, I say this: you have made PS:1 more than just a random collection of tools. You have made it a community.
I propose that it is time for the community to come together once again to build Tardis 2.0. I whipped up a rough design that would use a steel skeleton clad in weatherproof paneling.  In addition to having its windows lit up, it could enclose a weather station and even a webcam.

 

I believe the PS:1 folks can bring their skills to replace the empty space on the roof with a better, more durable Tardis that will continue to elicit smiles and curiosity from passers-by (I can think of three separate times when people have shown up for the open house because they wanted to know what PS:1 was solely because they saw the Tardis on the roof) and hopefully will see it like I did: as an sign that this small beige building is a great community and space for people to have fun and be creative.


Last chance to see:

20161023_11473820161023_11475020161023_12194620161023_12320220161023_12353920161023_123954

 

 

by tachoknight at October 28, 2016 06:24 PM

October 27, 2016

Pumping Station: One

Wear-A-Circuit Workshop on Sunday

2016-10-27-3-patches-dark-13-32-00

2016-10-27-patches-on-13-35-11

Circuit Patches are wearable circuit boards made from knitted yarn and wire. I’m doing a workshop Sunday using these. Check it out!

I use a knitting machine to make the patches. Add snap buttons and  attach the circuits to anything you like.

Rapid prototyping for Wearables!

2016-10-27-13-26-38-self-portrait

 

I made these patches for my workshop this Sunday, 3-5pm. Participants will receive a 3″ x 5.5″ knitted proto-boards in black, pink, or teal. Solder LEDs and a battery on it, and you can add lights to your clothes, just in time for Halloween.

 

Of course, there’s lots of things beyond LEDs you could add– I’m hoping to do workshops for interactive circuits using the knitted protoboards in the future.

I’ve made a number of circuits with this method so far, often in black. For this workshop, we’re adding  fun colors: circuit-board-teal and… pink! I  couldn’t resist adding 10mm gumdrop LEDs to the pink protoboard pictured above.

We’ll have some of those jumbo LEDs for the workshop, but also smaller ones in blue, yellow, red, white. I’ve even got some color-change and flicker LEDs.

2016-10-27-patch-back-13-37-15

Power is supplied by a hidden battery pack.

If you’d like to participate, please RSVP. Hope to see you Sunday! (Bring a shirt or a hat or a bag so you can add snaps to mount your circuit on it.)

2016-10-27-snap-press-13-44-37

My new favorite machine: the snap press applies snap buttons without sewing.

by Jesse Seay at October 27, 2016 11:08 PM

October 26, 2016

LVL1

LVL1 Halloween 2016!

Halloween is here at LVL1… …and so are a ton of awesome events!  Stop by this weekend and join in the fun! Sumobot Tournament When: Saturday the 29th, 8PM Sumobots are adorable little robots meant to shove other sumo bots into a burning pit surrounding a sumo ring. Minus the burning pit. Details can be […]

by Danielle at October 26, 2016 03:42 AM

October 25, 2016

KwartzLab Makerspace

Thank-you to Clearpath Robotics for donating a Bridgeport Mill to Kwartzlab

Thanks to the concerted efforts of many of our members, our heavy lab has been going through some incredible growth and change lately. Aside from some pretty cool tools we’ve had for a little while now we have recently picked up a new sander, metal lathe, and now, most excitingly, we have a Bridgeport Mill:

img_0529

While actively searching for one for our little makerspace, an opportunity came up where Clearpath Robotics had a mill to give away. It was a generous opportunity to say the least, and there are more than a few members of the lab excited about it.

img_0536

It is a Bridgeport mill. You can tell because of the way it is. Neat!

img_0530

Rumour is Ravi is still making this face:

ravi

Again, Kwartzlab would like to thank Clearpath Robotics for the generous donation of this wonderful tool.

Check them out at Clearpath Robotics and their industrial division OTTO Motors.
Follow them on Twitter:
… and Facebook:

To quote Doug from a recent email he sent:

Thank you Anthony for talking to Clearpath for us; thank you Clearpath Robotics for donating the mill; thank you Ravi for organizing the move and becoming Mill Warden; thank you Neil, Bob, MikeR, Sonny, Drew and others for your hard work in making this happen.
I think this is a great example of what we can accomplish when we reach out to the community and work together.

by jaymis at October 25, 2016 03:43 AM

October 24, 2016

Milwaukee Makerspace

Mask Making

img_20161022_173523 img_20161022_171855205

Last Saturday Kathryn Hughett ran a class on faux leather mask making that attracted ~12 people.  It was a lot of fun. Kathy provided some templates and her know how. We especially liked learning how to work craft foam to make it look like leather – that will be great for costumes, etc. And we learned some new painting skills.
Michael A. Manske

by Carl Stevens at October 24, 2016 09:38 PM

October 21, 2016

Pumping Station: One

NERP^2 = Hardware: From Concept to Retail && PiAQ: Indoor Air Quality Sensor

PLEASE NOTE: NERP WILL GET UNDER WAY AT EXACTLY 7PM ON MONDAY!

Next Monday at NERP we’ll have a double feature. We’ll hear part 2, of Ste and Nicks’s story of adventure in bringing a successful consumer product to market. Part 1 was about technology, and part 2 is about the _business_ side of bootstrapping HD Retrovision (http://hdretrovision.com). Also on Monday, Dave Conroy will tell us about the PiAQ Open Source Indoor Air Quality Sensor for the Raspberry Pi (http://piaq.io).

hd_retrovision-1

About HD Retrovision:
Nick and Ste have been friends since 1999 and both share a passion for playing the (now retro) video game systems that they grew up on. Since then they’ve both studied Electrical Engineering at University, and are now business partners in a company called HD Retrovision that is dedicated to improving the modern day experience with retro consoles while making it accessible to as many people as possible. In this presentation, Ste and Nick will walk you through the ups, downs, and lessons learned while taking a college project and turning it into a profitable company. This talk will cover how they took the idea for HD Retrovision’s Genesis and SNES cables out of the lab, got it funded, and eventually mass-produced overseas.

piaq3-small
About the PiAQ: As an R&D Engineer for NAR’s Center for REALTOR® Technology & CRT Labs, Dave Conroy investigates emerging technologies, educates NAR members & the public through presentations, webinars, blogs and podcasts, and develops products for use by members. He’s presented to REALTORS® on the national, state and local levels. The PiAQ is an open hardware and software indoor air quality sensor developed by the National Association of REALTORS’ CRT Labs. The goal for this project is to make information about the air people are breathing more accessible.

http://piaq.io/

About NERP:

NERP is not exclusively Raspberry Pi, the small computer and embedded systems interest group at Pumping Station:One in Chicago. NERP meets every other Monday at 7pm at Pumping Station:One, 3519 N. Elston Ave. in Chicago. Find NERP and Pumping Station:One at
http:// www.meetup.com/NERP-Not-Exclusively-Raspberry-Pi/
and
http://pumpingstationone.org/

Doors open at 6:30pm. NERP is free and open to the public. Ed Bennett ed @ kinetics and electronics com Tags: electronics, embedded, NERP, Open Source, raspberry pi, hackerspace, Beagle Bone, Pumping Station One

by edbennett at October 21, 2016 05:15 PM

October 20, 2016

NYC Resistor

Intro to Soldering Class on October 23rd

Come join us for an intro to soldering class on October 23rd!

IMG_9458

In this hands-on introduction to through-hole soldering, you’ll learn how to use a soldering iron safely and effectively, and get plenty of practice with both soldering and desoldering techniques. We’ll be soldering up some Game of Life kits – LED tiles that generate nifty animations. Tickets are available on Eventbrite.

IMG_8887

by Bonnie Eisenman at October 20, 2016 06:55 PM

Bling Your Things: Arduino, LEDs, and Clothing Class on Nov 6

Do you want to have flashy clothing or accessories that blink and pulse with your life? Maybe some costume for a party or club attire? We’ve got a class for you, coming up on Nov 6!

15447016353_8a77189fe5_z

We will make a basic wearable LED enhanced accessory, either for your hair, a corsage or a wrist band. We will also work on adding LEDs to clothing and fabric and look at how to integrate sensors into the effect.

Tickets are available on Eventbrite now.

by Bonnie Eisenman at October 20, 2016 05:01 PM

October 19, 2016

Milwaukee Makerspace

Flying Halloween Skull – Update!

Last year, I put together a skull to fly around my yard (some Halloween folks will recognize this system as an “Axworthy Flying Ghost“). The system was comprised of two Adafruit Neopixel rings for eyes, attached to a styrofoam skull, which had been hollowed out. Inside it, was an Arduino Uno, Adafruit AudioFX board, a 314mhz receiver, a 3-watt Class-D amplifier, a custom-made interface board which tied all the previously-listed components together, and a LIPO battery.  The idea was that I could remotely trigger the skull to play one of four sound effects. However, all those parts sure weighed a lot, which when combined with the span between my pulleys, really made the skull sag down low.

This year, I decided to KISS.  I ripped out all the guts, except for the Neopixel eyes. I decided that this year, I’m not going to have sound in the skull. Instead of the Uno, I went with an Adafruit Trinket, and used a UBEC (Universal Battery Eliminator Circuit) to drop the LIPO voltage from 7.4V -> 5V that the Trinket and Neopixels run at. Shown below is how everything is connected together, prices, and sources if you’d like to make your own! And here’s a video of what the eyes look like (sorry about the VVS!!)!

flyingskull-partslist

by Chris Hemmerly at October 19, 2016 07:54 PM

NYC Resistor

Intro to Arduino on October 22nd

Our Arduino class is back on October 22nd. Learn to program an Arduino and interact with the physical world! In this class, we’ll cover an introduction to Arduino and learn how to manipulate outputs based on sensor inputs. All students will receive a basic electronics starter kit, which contains a starter pack of electronics components and sensors, including a breadboard, wires, light sensor, tilt sensor, LEDs, a motor, and more. Students will also receive an Arduino UNO.

Arduino_Uno_-_R3

No previous electronics experience necessary. Tickets are available via Eventbrite. This class usually sells out, so get your tickets ASAP!

by Bonnie Eisenman at October 19, 2016 06:52 PM

October 13, 2016

NYC Resistor

NYC Resistor HALLOWEEN PARTY/CRAFT NIGHT

halloween-party-fourNYC RESISTOR  HALLOWEEN PARTY!

7:30 to ? (oh yeah, QUESTION MARK!)
We’ll have snacks and some alcohol but in general B.Y.O.B.
FREE!

Come join us as our regular Craft Night is transformed into an Open to the Public Dance Party / Spooky Board Game Party / Werewolf Bar Mitzvah / NYC Resistor Halloween Party!

There will be crazy costumes! There will be food! There will be dancing! Not into dancing? Well, there will also be spooky inspired board games! Hate board games and dancing and food? WHO ARE YOU AND DO YOU NEED A HUG?

We’ll bring the party, food, a caldron o’ booze, music, and board games. You just bring the beer and your bad-ass self. Costumes are encouraged, but not required, though if you are looking for inspiration on an easy costume, the internet has got you covered. (http://www.instructables.com/howto/easy+costumes/ ) And you should feel free to come to any of our regular craft nights on Mondays and Thursdays before the party and we’ll help you make a Halloween costume to die for. Muahahaaha. See what I did there? Huh? Huh?

Come party like it’s 1886 and you died of some horrible ol’ timey disease! Ghosts, Ghouls, and Friends are all invited!

by Olivia Barr at October 13, 2016 02:13 PM

October 12, 2016

NYC Resistor

Pumpkin Hacking is Back on October 16th!

OMG, it’s almost Halloween. What better time for a pumpkin-hacking Make-Along?

dscn0072

BYOP (Bring Your Own Pumpkin) and we’ll help you trick it out with LEDs, some fancy carving techniques like using dremels and maybe even our laser. If you can think of it we can help you make it! Grab a ticket and we’ll see you on Oct 16.

by Bonnie Eisenman at October 12, 2016 05:50 PM

October 10, 2016

Pumping Station: One

NERP Tonite! Google Summer of Code students build BeagleBoard.org projects

Tonight at NERP, Drew Fustini will be sharing highlights from his presentation at Maker Faire New York 2016.

Drew explains How Open Source software and Open Source Hardware intersected in several BeagleBoard based projects done for the Google Summer of Code.  “Google Summer of Code is a global program that offers students stipends to write code for open source projects.”  These students’ projects demonstrate the synergy of devices and the code that makes them what they are.

NERP is not exclusively Raspberry Pi, the small computer and embedded systems interest group at Pumping Station:One in Chicago. NERP meets every other Monday at 7pm at Pumping Station:One, 3519 N. Elston Ave. in Chicago. Find NERP and Pumping Station:One at

www.meetup.com/NERP-Not-Exclusively-Raspberry-Pi/

and

http://pumpingstationone.org/

Doors open at 6:30pm. NERP is free and open to the public. Ed Bennett ed @ kinetics and electronics com Tags: electronics, embedded, NERP, Open Source, raspberry pi, hackerspace, Beagle Bone, Pumping Station One

by edbennett at October 10, 2016 09:54 PM

Milwaukee Makerspace

Bluth Family Stair Car – PPPRS

For the Power Racing Series event at Maker Faire Detroit we decided to rebuild Duck, which was rebuilt from Noah Way, into something new. We decided on the Bluth Family Stair Car because we love Arrested Development and because Jim added it to the list of cars that get extra Moxie points.

stair-car-01

The photo above served as our reference image when we were building the body for the car. We didn’t really make any modifications to the frame of the car, and it remained largely what it was when it raced a Make Faire Kansas City in June.

stair-car-02

This is what we ended up with. The entire body, paint job, etc. was done in about two nights right before we left for Detroit. (This is typical of build a PPPRS vehicle at Milwaukee Makerspace, and sometimes referred to as a “Rage Build”). Oh, while Ed, Kathy, and various other helpers worked on the car itself (electronics, mechanicals, etc.) I focused on the body, because I tend to fall back on my design skills when others jump into the areas they know way more about than I do…

stair-car-03

We started out with a bunch of Coroplast (aka “corrugated plastic”) sheets that Kathy brought in, and I created a “box” from which to cut away the unwanted parts, leaving us what would ultimately be the Stair Car. I also took this opportunity to learn all about pop rivets and how they work (and don’t work) and most of the body is held together with pop rivets, washers, and gaff tape.

stair-car-04

Pieces have been cut away, and it looks more Stair Car-ish, and started to get a paint job. I should note that Shane and Carl pitched in here with the body, and helped out tremendously.

stair-car-05

Meanwhile, over at the vinyl cutter… With a degree in Graphic Design, this is where I get nerdy, and try to replicate things exactly (as time allows) so yeah, I had to find the graphic, convert it to vector, cut the vinyl mask…

stair-car-06

…and cut the other vinyl mask, and get things ready for painting. Weeding vinyl is so much fun, why not do it twice!? Yeah, I ended up redoing the whole thing because I used paint that did not stick to plastic. Argh! No worries, practice makes perfect!

stair-car-07

I may have made a huge mistake, but it turned out fine in the end. I made another sign for the other side while Shane was making car door windows and a front grill with headlights.

stair-car-08

Oh yeah, at some point Ed added another motor so that the car now had front wheel drive via the bicycle hub motor, and one-side rear wheel drive from some motor and controller we had laying around the space.

stair-car-09

Some pieces ready for painting, and the soon-to-be Stair Car in the background, awaiting the Banana-worthy upgrade.

stair-car-10

Ready for Detroit! I mean, as ready as we could get it with just a few nights working on it until 3:15am or so. It still looks like a bike inside of a box but if you squint real hard… Stair Car!

(At this point I should also note that while no number appears on the “real” Stair Car, the number 40 added to ours does use the font from the opening titles of the television show. Because again, I’m a design nerd.)

stair-car-11

The front view is less Stair Car-like, but luckily Karen at the space helped Kathy make an awesome Banana-helmet attachment that really cements the deal. Solid as a rock!

stair-car-12

I ran out of time (and steam, which is bad, because I’m powered by steam) and didn’t get to do anything excellent with the back of the car (like add a set of detachable stairs) so it just says “There’s Always Money in the Banana Stand” (though I should have changed “Money” to “Moxie”, oh well.)

stair-car-14

The side view is much better than the front or back, which makes sense, but that doesn’t stop race fans young and old from enjoying the Stair Car and shouting out “Go Banana Go!” when they see it pass the slowest cars on the track.

stair-car-13

Stay Tuned for the further adventures of Stair Car… With it placing 11th in the season standings for 2016 and one more race left it ain’t over yet!

by Pete Prodoehl at October 10, 2016 01:23 PM

October 09, 2016

Milwaukee Makerspace

Shelfs and Brackets

wrench-head

This project encompasses the two areas that I know the most here in our makerspace.  The Aluminium brackets were made in our metal shop while the Walnut and Ash shelfs where built in the Wood shop.  This project was my first attempt at making dove tail joints.  First the ash and walnut were plained to thickness and glued together.  Then I cut the glued up boards to length.  The longest step in the process was setting up the dove tail joint.  After watching hours of youtube videos between test cuts with the router and dovetail jig I managed to get a passable joint.

img_0705

Once the shelfs were made it was on to the metal shop to machine the brackets.  The aluminum block was first put in our lathe to make round.  Then each piece was cut up into the half moon pieces and milled on the Bridgeport.

finished-2-images

by Carl Stevens at October 09, 2016 02:00 PM

October 08, 2016

Pumping Station: One

My first project, upcoming Doctor Strange movie prop replica

Doctor Strange movie prop replica design pictures

Progress from preview to display of Doctor Strange movie prop replica.

Thanks to everyone who volunteers training and care for the laser cutter. My son and I will have a blast taking these to the opening night.

by photism at October 08, 2016 07:01 PM

October 05, 2016

Milwaukee Makerspace

Because wedding insanity is real

When my husband and I started planning our wedding earlier this year, we wanted to make sure we got to spend time with all of our family members who were traveling in from out of town, many from out of state.  It was one of our many reasons for trying to have a small guest list for our intimate wedding.

Oh, and also because the wedding industry is crazy.

When I saw that the veil I wanted to go with my dress was just as expensive as the dress, I decided it wasn’t that important to me.  I saw a lot of Pinterest boards with DIY wedding veil pictures and tutorials, so I figured I would give it a shot.  If it failed, no big deal.  So, this is the story of my $15 wedding veil.

268_amy_josh_mini

I started with some tulle that was donated to the Makerspace’s Craft Lab, and sorta followed a tutorial online.  The biggest pain was pinning the tulle folded in half, so that when I cut the rounded corners, it was even.  With Karen’s help, I used ol’ string-on-a-peg to make a partial circle cut line, which let the veil fall nicely around my head.

Using invisible thread I sewed the trim lace (bought via Etsy) to the edge of the veil.  If I were doing this again, I’d clean up the lace before sewing it on, but I did it at the end and it turned out okay.

20160714_17105220160714_18272220160714_183306

While working, I laid the veil on a very large piece of fleece material, and also folded it up inside the fleece to keep it from sticking together (the eyelashes on the lace liked to cling to the tulle).

20160717_13042720160717_130433

 

Take THAT, wedding industry people!!

by Amy Zee at October 05, 2016 12:37 AM

October 04, 2016

Milwaukee Makerspace

Maker Overkill

img_3128-copy img_3131

What is the most useless thing to make on our big fancy expensive Tormach CNC machine?  How about something that most people get for free.  Something that you can find in most garbage cans on garbage day.  An item you might use every day and never think about it.  A CLOTHES HANGER.  This is quite possibly the most over engineered device for hanging a shirt or pair of pants ever made.  The hangers are cut from a 1/4 inch piece of aluminum on our Tormach CNC with a 1/4 inch end mill.  From there they are wet sanded and polished then cleaned in preparation for anodizing.  The second arm of the hanger is shaped from Black Walnut and finished in Danish Oil.  This is version 1 of the hanger and version 2 is in the works.

by Carl Stevens at October 04, 2016 11:17 PM

Hive76

Make a keychain, learn about laser

img_20161002_170925135

New to the laser cutter? Want a quick intro on the basic workflow of taking a design and cutting/etching it? Want a neat little hive76 keychain? Stop by and see me (pete [the tall one]) during open house!

by pete at October 04, 2016 05:01 PM

October 01, 2016

CrashSpace

Letters to Chelsea

WHEN: 1:00-3:00PM Saturday, Oct 8
WHERE: CRASH Space
WHO: Open to the public
HOW MUCH: Free

Recently, whistle-blower Chelsea Manning was sentenced to 14 days in solitary confinement as punishment for her suicide attempt at Fort Leavenworth. This news comes after a multi-day hunger strike she embarked on in protest of her lack of medical treatment and lack of support for her rights as a transgender woman.

Join us on Saturday to discuss the current issues Chelsea is facing, and to write letters of support. We will have paper, envelopes, and stamps available.

by at0mbxmb at October 01, 2016 11:16 PM

September 28, 2016

NYC Resistor

Soft Robotics Talk at Maker Faire by NYCR Members Kari Love and Matthew Borgatti

walking_quadruped
Headed to Maker Faire? Come see our members Kari Love and Matthew Borgatti speaking about their soft robotics work and their company Super-Releaser. They’ll be presenting “Iterating on Soft Robots: Bringing the Maker Ethic to Emerging Technology” from 1:00 to 1:30pm on Sunday at the Maker to Market Pavillion.

Here’s the description of the talk from MAKE’s site:

The emerging field of soft robotics has experimentation at its heart. Roboticists from Super-Releaser will highlight how hands-on experience in materials and fabrication informs their research. Designing flexible things takes flexible thinking and the rapid hacking makers know so well.

by Matthew Borgatti at September 28, 2016 12:35 PM

September 27, 2016

Swindon Makerspace

Sustainable & Mezzanine Funding Drive!

It’s hard to believe that we’ve been open less than 6 months, and yet ahead of our expectations (and with much relief), our membership level has just tipped 32 taking us into sustainability!! A huge expansion from the founding group of just 5.

Reaching that incredibly significant milestone is extremely satisfying, and I think I’m safe in saying we’re all proud of the community we’re developing, but the rapid growth brings a new challenge – space. We’re already starting to a feel a bit cramped on busy evenings, particularly the Wednesday open evening, so it’s time to focus on our next objective – expansion!

Mezzanine

We’ve always known we needed a clear path for expansion, and having the room to expand with a mezzanine was a key priority in selecting a suitable property. This is by far the most cost effective way for us to expand, as we only pay rent on the ground floor area. Fortunately, our landlords approved this in principle back in Feb before we signed the lease.

So, let me take a break from prose and show you some concept visuals – first up is a simple overview of how we plan to insert the mezzanine:

floorplan-overview

Taking advantage of the high ceilings, we can gain a little under 600 sq ft replacing the current kitchenette/seating area with a wide staircase to the new floor. This also allows the remaining space above unit 34a (the inset unit) to continue to be used for storage (e.g. raw materials, WIP projects).

In terms of usage, the ground floor space can then be divided up into distinct metal/wood zones, with doors to contain dust/noise, leaving the whole of the upstairs for light crafts, socialising, etc. One option for fitting out the space is illustrated below – with green blocks indicating storage areas:

Mezz layout option

Similarly, here’s an option for dividing the ground floor into metal (left) and wood (right) zones, including room for a large format laser cutter (big pink block top-middle):

potential-gf-layout

Funding the Mezzanine

Funding this project is highly dependant on how we tackle the construction labour, but taking the same approach we used for the original space fit-out, we plan to do the majority of it ourselves! This keeps the cost to an absolute minimum – focused on raw materials, building control/engineering and some essential equipment.

We will also split the build into two phases:

  1. Minimum viable product (£3k) – just the basic structural work, lighting, electrics and associated engineering/approval fees
  2. Furnishings and aesthetics (£1.5k)

Phase 1 gets us a usable space for minimum spend, into which we can move a lot of our existing furnishing. We also have enough spare raw materials to perform a basic fit-out prior to funding phase 2.

Thus, the immediate focus is on funding the £3k required for phase 1, starting with finding a structural engineer to validate/refine the plans. Given the huge desire from our existing membership to make this happen, we’ve kicked off a pledge drive to raise the £3k as fast as possible.

Pledge Drive

Rather than use a crowd funding platform, we’re keeping it simple and asking for honour-bound pledges from our existing members, supporters, enthusiasts and anyone else who would like to help make this happen.

So… you may be wondering how strong the initial response has been? Well, fairly stunning – since the pledge drive started last Friday (the 24th Sep), we’ve already received £1,250 from existing members!! and that’s just from the small group that happened to be around on Friday 🙂

If you’d like to make a pledge, please get in contact with the directors via our normal email address: info@swindon-makerspace.org.

Other Funding Sources

Of course, pledges aren’t the only way to raise funds. We are also working to secure additional funding through grants, gifts (e.g. Swindon Soup) and sponsorship. As grants/gifts may take longer to secure, the plan is to progress those in parallel with the pledge drive and use them to fund phase 2.

More Info / Get Involved

There is a lot more detail and planning behind the brief introduction I’ve shared above – please get in touch if you’d like to know more or want to get hands on with the project.

Finally, we’re always grateful for any/all donations and until it’s funded, every penny will be put behind the mezzanine expansion:




%image_alt%

thanks
Damian

The post Sustainable & Mezzanine Funding Drive! appeared first on Swindon Makerspace.

by Swindon Makerspace at September 27, 2016 09:33 AM

September 26, 2016

NYC Resistor

TONIGHT, is it really a debate? i don’t know.

DEBATES tonight.  yep. we’ll be screening them.  if you want to work on a noisy project or chat the chatty chat the back room will be open, but the front room will be booming with the debate.  come hang out if you want.  byob, snacks, tissues.

by Olivia Barr at September 26, 2016 06:57 PM

September 25, 2016

LVL1

ECO Group 1st Meeting – Wednesday, September 28th @ 7:30pm

Interested in projects that are based around sustainability and/or are eco-friendly? Whether you want to build, have built, or are interested in learning about eco-friendly projects, then please join us at the 1st LVL1 ECO group meeting. We hope to see you there!

by Mike Revel at September 25, 2016 01:34 AM