Posts Tagged ‘corporates’

Cypherpunk’s Wet Dream meta-entry

I once said that this blog would eventually reach a point where any possible entry could be expressed as a sum of references to previous entries. In this case, it’s this one, this one and this one.

I have maintained that a point will be reached where plain old ordinary Web sites will be forced to turn on SSL encryption by default, or otherwise resort to client-side validation to ensure the page content hasn’t been tampered with during transit. Not because they are running online shops or otherwise dealing with sensitive information – to ensure their users view the original site as it was meant to be seen, protect their users against malware injected by man-in-the-middle attacks, protect/ensure their ad sales, and protect themselves from liability (lost sales from angry customers, frivolous ADA/etc. lawsuits, computer repair bills) arising from unauthorized third-party “enhancements” to their site. And I figured the detonator for all of this (besides Comcast’s broken BitTorrent filter) would be local-yokel small-town ISPs, where bored and too-clever midnight admins sit, Perl Cookbook in hand, trying to make a few bucks on the side by replacing random Web sites’ ads with their own, or injecting other forms of malware into customer HTTP streams to gather saleable profiling data.

Nope. It’s the big boys. Among them: Charter Communications, one of the world’s largest ISPs, and British Telecom have secretly tested, or intend to test (respectively) technologies against their paying customers which do exactly that. According to an internal British Telecom memo (fulltext PDF via Wikileaks), the company partnered with online marketing company Phorm, which specializes in consumer profiling and delivery of targeted advertising. According to Wired,

“From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT’s customers. Phorm installed boxes on BT’s network that redirected web requests through their proxy server.

Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user.”

The report goes on to detail the ability of the Phorm proxy box to intercept requested pages and replace the site’s advertising with its own, based on the collected profile for that customer. The report also indicates several deleterious side-effects of this injection, such as flickering problems on some Web pages (which led users to believe their PCs were infected with spyware), frequent browser crashes, and insertion of the rogue code when users tried to post to Web forums. However, they concluded that the test was “successful” since no user was able to successfully pin the blame on BT/Phorm:

“The operation of the system does have noticeable side effects, which included web-page tag insertion and navigation bar flutter.

From the postings, no user correctly determined the source of these effects and users did not post that the system was causing poor performance.

However all postings suspected that their machines had a virus, a malware or a spyware infection.”

*sigh* Remember kids, you (probably) heard it here first. Let’s hope that in the brave new world of encrypt-everything-to-avoid-getting-fucked-by-ISPs, Firefox 4 doesn’t continue to perform that tired 5-warning song and dance every time you visit a non-corporate Web site.

Petty Joule Thief

You might be familiar with the original Joule Thief, a simple, homebrewable step-up converter often used to drive LEDs (with Vf of several volts) from a single 1.5V battery, or extract the last remaining juice from a battery that’s too dead for use in most real-world gadgets. The basic Joule Thief can suck power from low voltage sources where reasonable current is still available, but what if you want to go even lower? What if you want to suck juice from your neighbor’s WiFi signal originating just on the other side of the wall? RFID or other sensitive inductive-powering mutual-inductance shenanigans? Harvest power from a Peltier device across a relatively small thermal gradient? Solar-power a gadget on even the cloudiest of days? How about scavenging useful power from those annoying radio broadcasters who can find nothing better to talk about than celebrity gossip and which sports mogul was caught with steroids this week?

Recently I discovered a copycat energy-harvesting company trying to claim trademarks on the term “Joule Thief”, which, having been a staple of DIY electronics for about the last decade, cannot stand. So here’s a variation on the classic which a) timestamps the first use of another clever circuit name, and b) genericides the crap out of the bogus mark. So, without further crap, here is the Petty Joule Thief(r)(tm)(c)(processed cheese food):

This one, based on a monolithic IC designed for bootstrapping bigger step-up converters (Seiko S-882Z series), will start-up on voltage sources as little as 300mV, and continue boosting at even lower voltages, stepping it up to 2.4V – enough to drive most LEDs and a good many low-power microcontrollers these days. The circuit is not exactly innovative either (the off-the-shelf chip and a couple caps; basically right from the datasheet), but hey, 300mV guaranteed start! Unfortunately, actually laying hands on these chips is nontrivial for the average hobbyist; they’re not available on Digikey, or indeed any direct-sales establishment in quantities less than 300 units. You might get lucky if you call up your nearest Seiko sales rep and beg really, really nicely for samples (an office at an engineering company and a big mahogany conference table might help). So really this is more of an excuse to get the funny name out there while we wait for these guys to grow a clue and sell on Digikey, or someone like Sparkfun to buy a reel and start selling them by the each.

Unlike the real Joule Thief circuit, this chip implements a switched-capacitor charge pump scheme rather than an inductive one. Both require converting a DC source to AC using a low-power oscillator, but the similarity ends there. Imagine wiring a 1.5V AA battery to a breadboard and placing a capacitor across it, which of course then charges up to 1.5V. Now yank the charged capacitor out and plug it back in so that the pin that was on the battery’s “-” terminal is now on the “+” terminal, and the one that was on the + terminal is now tied to your load. The 1.5 of the battery is now in series with the 1.5V on the cap, so there is now 3V at the load.

The capacitor on the input (10uF or so should be plenty) is for power supply bypass; this may be helpful where the input source is low-current as well as low voltage. For simple constant loads like an LED, the output capacitor should be maybe just a few uF or could possibly be omitted entirely (I haven’t tested this). For “bursty” loads (e.g. intermittently-running sensor / microcontroller), the output capacitor should be sized large enough so that the load can get its business done before the voltage drops below a usable level. You could do some math, but experimentation is more fun. The chip’s output will automatically switch ON when the large output cap is full (2.4V), and OFF again when the voltage drops to about 1.8V.

The efficiency of boosting power from 0.3V to 2+V is not great, but it does allow you to use many extremely low-voltage sources (maybe at low duty-cycles, like a once-per-hour wireless sensor/transmitter) that otherwise wouldn’t be usable at all. Consider the possibilities…

Crap to non-crap generator. Patent pending! (yeah right) And no, this is not a very efficient way to harvest radio waves, but it shows the concept.

Bank of America(R) Doesn’t Like your Lifestyle

Via LJ::pervygeekfancy

Geek dating site opens, accepts most comers, including all gay/bi/lez/mixed/poly preferences which are somewhat heavily represented in geekdom. Bank of America(R) signs on as merchant account support. Bank of America(R) isn’t cool with poly. Poly users get their profiles kicked off the dating site with a polite, but unambiguous letter essentially saying, “our sponsor doesn’t accept your type, so out the door you go.

I guess the real crux of it is that they’re anti-swinger and can’t (or won’t) distinguish between polys and swingers, but there ya go. Three jeers to BofA for pushing the policy, and to for bowing to it rather than sign a merchant account elsewhere.