Day 6.

day 6.

so yesterday i decided to reblog some stuff because i was feeling fresh and funky and uh wow it has been ehm.. well it got waaaay more attention that I expected :D im glad people liked my little IoT explainer!!

im really enjoying this site ^.^ my only complaint is that there’s some stuff im interested in that doesn’t have fandoms on here, but aside from that im going to have to disagree with the “hell-site” classification. i get the feeling ill stick around for a good while at least :)

shut up its the trans train

And here’s the thing! It’s not only something that can cause you problems if you’re late to pay bills or have abusive partners/family or are doing something the government may not take kindly to!

Let’s say, hypothetically, you do literally nothing. Well, turns out there’s a bug in the fridge software that sets the temperature to 60 degrees when it receives some unexpected input from your fridge app. Or the manufacturer pushes out an involuntary fridge update and now, while the update is downloading, sorry! your the fridge doesn’t open until the update is done.

And these are only the issues that affect you. Generally, Smart Device manufacturers do not think for even one second about the security of their devices. So, this means that hackers will see well known and publicized security holes that have been easily available for literal years but the manufacturer is simply too lazy to fix, use those holes to get into devices, and use those devices as bots to attack whoever they please (and, as a bonus, it look like it’s coming from your home!)

You’d think that this sounds like something out of a horror movie but this is the reality we live in RIGHT NOW. Many of the largest botnets (e.g. the Mirai botnet) in the world consist largely of compromised smart/IoT (internet of things) devices.

So uh just give it some thought before you buy the SmartChair3000 -- it’s probably not as cool as it sounds :P

hell world hell world hell world

WHY DOES YOUR SOAP NEED INTERNET

a dinner date with rust

I’m a programmer and as a programmer I write code. There are a bunch of different programming “languages” that you can write code in, and one that I frequently find myself reaching for is called C. “Ok, cool, why do I care?” Well because C is monster that will eventually consume all of humanity. Created in the void from which all computing was born, it is The One Language that undergirds all the others. Rarely written but subtly permeating every crevice of our technology. It contains deep, dark secrets understood by only those steeped in the occult, the conduits to the souls of our computers, the systems programmers 🧙 (like me!)

oh and also pretty much every piece of software ever relies on it somehow ^.^ Don’t worry though everything is fine!

“Oh, that sounds Concerning!” you may say. Well, yes!  Yes it is. And so Rust was born. The sales pitch for Rust goes something like this: “Rust! Because C is Bad and is Literally The Bane Of Your Existence.” Which... well, they make a compelling case! As a C programmer, I was skeptical of a language that claimed to have all the same features without any of the downsides, but eventually I decided to give it a go.

“Mmmmm tasty!” I say, biting into some bounds-checked arrays. I take a sip of the mutability rules and exclaim “Wow! This really is something incredible!”. For desert, I decide to order some of their world renowned ownership/borrowing system. It arrives, piping hot, and I begin to dig in. “Hmmm, this is nice... I think?” Worry begins to slip into my voice. I think to myself, “this does seem useful, but it feels like there’s some trade off being made here”. The waiter tells me how this was made with the worlds finest data race protection and my worry begins to grow.

A brief tangent on data races:

You know the little people who live inside the computer and make everything work? A data race is when 2+ little people are trying to work on the same project at once without talking to each other or making a plan. Things Will Go Wrong.

Data races are generally very bad and Rust does it’s very best to make sure that having one is literally impossible. The problem with that is that sometimes, you can have a data race, but it can actually be safe and fine and good! And by sharing the work, the program can finish it’s work much more quickly! However Rust is very quick to put it’s foot down and say “No! That’s too risky! I can’t allow you to put yourself in danger like that!” whereas C would say “Yeah, sure, go ahead, good luck ;-)”

So, this is where my dinner date with Rust started to go downhill. One of the things I write a lot of in C are “highly concurrent” which means that they have lots of little computer people working on them at once. It’s tricky, but it’s something I have a lot of expertise in. And when I tried to replicate those programs in Rust was fighting me at every turn.

It’s odd because while Rust is very picky about this stuff, and it even provides ways to tell it “Yes, I know what I’m doing, I promise you can trust me.” But these ways are just a little too clunky for my liking and proved to be enough of a pain to manage it really soured my whole meal. And I was so eager about it too!

I still would like to try Rust from time-to-time on smaller projects, but it’s really unfortunate that it’s just so unergonomic in many of the ways that matter most to me. And while it isn’t a great fit for my use-cases, I’d highly recommend it to anyone who wants to make their first foray into systems programming. For nearly everything aside from my specific use-case it seems to be leaps and bounds ahead of C, and C is really the only thing like it.

Rust is cool, tasty, and elegant to C’s old, rickety, and ugly, and it’s a huge boon for the systems programming ecosystem. But I get the sense that Rust isn’t exactly the C-killer it was made out to be and that C still has a place in the ecosystem (and our hearts 💖)

You ever start using a tool for a project and the vibes are just sliiiiightly off? That’s how I feel about actix-web. It seems nice, but I get the impression there may be something more sinister under the surface.

Yes! This is also an excellent point! The issue here is not one inherent in smart devices, it’s created because of how they’re designed and built. It would be very possible (and in some ways easier) to build devices that did not suffer from these issues. If it’s not possible to connect to the device from outside your home network, there’s no way anyone else could get to it! I don’t do this kind of work personally, but my (semi-educated) guess is that the “phone-home” functionality is a substantive proportion of those devices software and it really doesn’t need to be (most of the time).

The issue is that it’s hard (on a technical level) to separate “bad” internet usage (i.e. to send usage data or to grant remote access) from “good” internet usage (i.e. sending a firmware update or re-ordering more soap). While there’s a certain degree that you can manage that on a personal level, at some point you simply have to trust the manufacturer to not be evil. Which... yeah they’re evil :(

So how do we fix this? Well, you can just not buy smart products (that’s what I do!), but what they’re huge quality of life improvements? Or maybe you just think they’re fun and want to play around without putting your privacy at risk.

The only really good solution to all these issues is that companies need to stop creating products that do these things. And the only way to force that to happen is through legislation. We need more legislation like the GDPR in the EU which explicitly describes your privacy rights on the internet (among many other excellent features).

So! Next time you see a call-to-action to “call your legislator” to “protect internet privacy” -- actually do it. It really does make a difference :)

hell world hell world hell world

WHY DOES YOUR SOAP NEED INTERNET