Origami robot doesn’t need a human to assemble itself and start working

Folding robots are nothing new, but scientists from Harvard and MIT have taken it to the next level, by designing one that assembles itself and walks away to do its job with zero human input. The robots start out as a flat sheet of paper and polystyrene plastic (which you most likely know as Shrinky Dinks) etched with strategically placed hinges. Since those materials aren’t enough to make a full-fledged robot, the scientists also placed a flexible circuit board in the middle (with circuits extending to every hinge), two motors, a microcontroller and two batteries. It’s the microcontroller that’s in charge of activating the circuits to produce heat on command, which then leads to the flat sheet folding itself like an origami. When the hinges cool after a few minutes and the polystyrene hardens, the microcontroller commands the robot to scuttle away and do its thing.

The same team of scientists created a foldable robot worm and a robot lamp in the past years, but this is their first creation that’s capable of performing a function after it builds itself. It’s far from being perfect, though, and still has a ways to go before anyone can use it for a particular purpose. For instance, the assembly process is triggered by slotting a battery in, but the researchers plan to modify the robot so that it starts folding itself based on environmental cues like changes in pressure or temperature. Also, the mechanical critters could use a different polymer other than polystyrene, one that requires less heat to start folding. At this point in time, the prototypes are prone to bursting into flames, since they use so much energy — in fact, just the assembly itself depletes a whole AA battery.

In the future, the team believes the robot can be used not only for search and rescue missions, but also for other far-out applications. They believe their design could be used to make flat satellites that assemble themselves in space, for one. The team also dreams of the day when people can rent origami robots for any reason they please, whether it’s just to help them sweep the lawn or to detect gas leaks.

Why you shouldn’t be scared by the ‘largest data breach’ ever

Experts say the reported heist of 1.2 billion account credentials is legit, but caution that for most people there’s little they can do — or should be worried about.


LAS VEGAS — There’s a good chance that one of your email accounts is among the 1.2 billion accounts compromised in what appears to be the largest credential heist ever.

But experts have two words for you: Don’t panic.

The database of credentials stolen by the criminal organization CyberVor and discovered by security firm Hold Security covers an enormous number of records. Some 1.2 billion username and password combinations and 542 million unique email accounts were lifted from 420,000 compromised domains, according to The New York Times.

“In the latest development, Hold Security’s Deep Web Monitoring practice in conjunction with our Credential Integrity Services discovered what could be arguably the largest data breach known to date,” Alex Holden, founder of Hold Security, said in a statement on the company’s blog.

While 1.2 billion purloined credentials sounds scary, security experts who gathered in Las Vegas for the annual Black Hat hacker conference this week say that there’s little cause for concern.

“There’s nothing to see here, move along,” said CrowdStrike president and chief security officer Shawn Henry. A former executive assistant director of the Federal Bureau of Investigation with extensive experience in the world of cyberattacks and geopolitics, Henry added that he was surprised that people were shocked by the news.

“This is the aggregate of lots of breaches, an example of fragility of the online world in which we operate,” Henry said.

Research analyst Andrew Conway, who works for the Web and messaging security analysis firm CloudMark, also expressed skepticism at the perceived severity of the report.

“My take is that everything in the story is true,” said Conway. However, he added, “It was presented in the most alarmist possible way. The big misconception is comparing this with something like the Target breach. There’s no evidence that any financial data was involved.”

Retail chain store Target was attacked by hackers over the holiday shopping season last year, making off with not only username and passwords but credit card information affecting 110 million people.

There’ve been several high-profile database hijacks in the past year, including ones at eBay, comic book reader and marketplace Comixology, Web standards consortium W3C, Michael’s craft stores, andAdobe, which Hold Security helped uncover.

How to protect yourself

While it’s possible that CyberVor’s database does include financial data, it hasn’t been disclosed. Given that it affects around 420,000 domains, it could take months before that gets confirmed. Most US states have laws that mandate that they notify their customers when user information is stolen in an attack.

While you can pay Hold Security for a monitoring service that takes the bizarre step of asking for your passwords, it’s better to just change them. Using password management tools like LastPass, RoboForm, or 1Password can make that easier. It’s also a good idea to turn on two-factor authenticationfor all your mission-critical accounts, such as your primary email account.

Conway said that he sees around 100,000 compromised domains every six months, but they’re not all newly compromised, as it can take months or years for companies to realize that they have an untended website being used for nefarious purposes.

Decades-old problem

The real issue at hand isn’t the records in the database, Conway said. More than a billion records may sound like a lot, but when you consider that many people have more than one email account, the chances of the breach affecting 50 percent of global Internet users, estimated at around 2.5 billion people, drops significantly.

A bigger concern to Conway is that SQL injection attacks are still being used at all. SQL injection attacks occur when a short, malicious script is inserted into a database that feeds information to the Web site.

“This is nothing sexy. Of the 5,000 people at the [Black Hat] keynote speech [Wednesday morning], every single one of them could’ve put together a SQL injection,” he said.

Chris Eng, vice president of research at application security company Veracode, agreed that lax security practices by website and domain owners contributed greatly to the problem.

“It’s one of the simplest coding vulnerabilities to fix,” said Eng, who first began public presentations on SQL attacks 15 years ago. “In 99 percent of the cases, it’s a two-line fix, and we haven’t been able to eradicate it.”

The New York Times report on the database has been heavily criticized. Some people have complained that the timing of the news is suspect, published the day before Black Hat, even though that’s a common publicity tool for security firms to build interest in their reports.

Others have criticized Hold Security and Holden for refusing to divulge which companies’ domains were included in the database, but offering to sell a monitoring service for $120 a month.

Holden did not respond to a CNET request for comment.

The New York Times told CNET it stands by its story.

“Our story was meticulously reported and completely transparent about the financial incentives of Hold Security,” a Times spokeswoman said, but some experts said more details are needed.

A key fact missing from the Times’ report, said Kurt Stammberger of the Internet attack research and analysis firm Norse, was how long CyberVor took to build the database.

“If this was done in past three months, that’s impressive and scary,” he said. It’s far less so, he said, “if it was slowly gleaned from armies of bots [automated hacking networks] over 5 years.”

From Russia, without love

Other people have suggested that because Holden is originally from the Ukraine and fluent in Ukrainian and Russian that he’s somehow connected to the Russian hackers who stole the information in the database. Independent security reporter Brian Krebs, who serves in an unpaid capacity on Hold Security’s advisory board, defended Holden as an “honest guy” whose research has been “central” to his own reporting.

There’s also been speculation that the database is somehow connected to the ongoing conflict between Russia and the Ukraine.

“It’s probably not related,” said Mikko Hypponen, the chief technology officer at F-Secure who has monitored cyberattacks and geopolitical confrontations for more than two decades. “For all the skills in the region, I expected to see more.”

On-the-ground conflicts contribute to cyberattacks because law enforcement agencies, the traditional enforcers of anti-cybercrime law, are reluctant to get involved when there are armies at play, said Kenneth Geers, who up until recently was a senior global threat analyst at FireEye and moved to the Ukraine last month.

CrowdStrike’s Shawn Henry said that these kinds of cyberattacks, whether simple SQL injections or more advanced attacks, will continue until Russia starts taking cybercrime seriously. He noted that Romania used to be such a hotbed of cybercrime that eBay and other tech giants blocked all connections from Romanian IP addresses until the Romanian government passed new laws and actively enforced them.

“If we had a host government, Russia in this case, that was actively and aggressively pursuing adversaries who are engaged in illegal activity, we’d be in a stronger place,” Henry said.

“This is not a US problem, this is a global problem” that requires “economic, diplomatic, and civil actions. This is a long term problem with no short term solution,” he said.


IBM’s TrueNorth processor mimics the human brain

Big Blue’s cognitive computing chip could enable wide-ranging applications that take advantage of massive performance while using no more power than a hearing aid.

IBM today unveiled what it’s calling the world’s first neurosynaptic computer chip, a processor that mimics the human brain’s computing abilities and power efficiency.

Known as TrueNorth, IBM’s chip could cram supercomputer-like powers into a microprocessor the size of a postage stamp. Rather than solving problems through brute-force mathematical calculations, like today’s processors, it was designed to understand its environment, handle ambiguity, and take action in real time and in context. Plus, it could be among the most power-efficient chips in the history of computing, enabling new types of mobile apps and computing services, IBM principal investigator and senior manager Dharmendra Modha said in an interview.

Modeled after the human brain, the TrueNorth chip incorporates 5.4 billion transistors, the most IBM has ever put on a chip. It also features 1 million programmable neurons and 256 million programmable synapses. That’s far lower than the 100 billion neurons and 100 trillion to 150 trillion synapses in the human brain — but still enough, Modha said, to run devices that could, for example, proactively issue tsunami alerts, do oil-spill monitoring, or enforce shipping lane rules. And all that happens while consuming just 70 milliwatts of power, about the same as a hearing aid.

The TrueNorth chip is the core element of IBM’s cognitive computing program, which is known as SyNapse.

Other potential applications include powering small search-and-rescue robots; helping vision-impaired people move around safely; and automatically distinguishing between voices in a meeting and creating accurate transcripts for each speaker.

IBM revealed the technology in a paper in Science magazine.

Moving beyond von Neumann

The chip is still in the research phase, with Thursday’s announcement describing the second generation of the design. IBM rolled out the first generation a year ago. While the chip is still in the prototype stage, it could be just two or three years from its first commercial use. Experts believe an innovation like SyNapse’s TrueNorth could help overcome the performance limits of the von Neumann architecture, the mathematics-based system at the core of almost every computer built since 1948.

“It is a remarkable achievement in terms of scalability and low power consumption,” said Horst Simon, the director of the US Department of Energy’s Berkeley Lab and an expert on computer science. “The IBM SyNapse project is an indicator of that change that will happen in the next 10 years.”

For eight years, Modha has led the development of the SyNapse project, with $53.5 million in funding from DARPA, the US Defense Advanced Research Projects Agency. IBM expects the chip to one day help “transform science, technology, business, government, and society by enabling vision, audition, and multi-sensory applications.”

‘A really big deal’

IBM’s announcement is “a really big deal,” said Richard Doherty, the research director at the Envisioneering Group, a technology assessment and research firm. The company’s decision to publish its findings in Science rather than a hard-core technology outlet like IEEE Spectrum is a sign that IBM considers this is a major scientific and technological breakthrough, he said.

TrueNorth could fundamentally change computing because its main utility is being able to autonomously figure things out in much the same way a person or animal would, said Doherty, whose firm does not do business with IBM.

Doherty lauded the non-von Neumann nature of the new architecture, in particular because it does not require the heavy computational load needed for complex operations in traditional systems. For example, if a robot run with today’s microprocessors was walking toward a pillar, it would depend on image processing and huge computing resources and power to avoid a collision. By comparison, a robot using a synaptic chip would steer clear of the danger by sensing the pillar, much as a person would.

“We wouldn’t be able to navigate through our world without senses,” Doherty said. “These devices [could one day] see the world around us through vision, smell…sight, and sound, [just] the way we get around the world.”

IBM hopes to make available the TrueNorth ecosystem — which includes a custom programming language — first to universities and later to business customers, Modha said. Given DARPA’s investment in the project, Doherty also imagines the government using the technology in new types of systems meant to evaluate possible incoming dangers.


In the future, Doherty expects that the technology could be integrated into robots that help power autonomous vehicles, work in Amazon warehouses, and ensure home security.

This is just one of the major computing projects that IBM, which spends $6 billion a year on research and development, has launched in the past few years. In 2011, its Watson supercomputer beat the world’s best “Jeopardy” players, an impressive demonstration of computing power since “Jeopardy” is about parsing massive amounts of vague or ambiguous information.

Watson is the best example of a powerful von Neumann machine, but it requires “more electricity than any home I know of,” Doherty said.

Yet for all that computing power, even Watson struggled to solve a question about airports in Chicago. “The category was US Cities, and the [question] was: ‘Its largest airport was named for a World War II hero; its second largest, for a World War II battle,'” IBM wrote at the time on its own blog. “The two human contestants wrote ‘What is Chicago?’ for its O’Hare and Midway [airports], but Watson’s response was a lame ‘What is Toronto???'”

A synaptic chip ideally would have little problem recognizing that the question had to do with airports, or what city was queried, Doherty said.

Another essential element of the SyNapse program is IBM’s decision to make the new architecture available to anyone. “The real miracle,” Doherty said, “is that this will be open for the next generation of [Microsoft co-founder Bill] Gateses and [Apple co-founder Steve] Wozniaks.”

There are questions as to whether IBM will ever be able to bring its new chip to market. But Doherty believes TrueNorth will deliver on its promise. “This is the second generation,” he said. “This is not a Hail Mary.”

You can’t smoke on planes, but Boeing’s burning tobacco to fly


Lighting up a cigarette whilst in flight has been banned for quite a long time, but that doesn’t mean Boeing won’t be burning tobacco on its planes in the future. The company has teamed up with South African Airways and aviation innovation outfit SkyNRG to create biofuel from tobacco plants. Solaris, a hybrid variety of the agriculture product, will be used to make sustainable jet fuel and give farmers another crop option. The plants contain almost no nicotine, and at the start, oil from its seeds will be transformed into a renewable way to power plane engines. Eventually, Boeing sees more of the plant being used in the process once “emerging technologies” allow. Of course, this gives farmers in South Africa’s rural areas an economic opportunity in addition to cleaning up the environment a bit.

4G LTE showdown: How fast is your carrier?

To get a glimpse of how speedy AT&T, Verizon, Sprint, and T-Mobile’s 4G LTE networks are, CNET carried out real-world data tests across these carriers using the LG G3 smartphone.


From one-upping each other on shared data plans to helping customers pen breakup letters, competition among the US’ four major carriers — AT&T, Verizon, Sprint, and T-Mobile — is reaching new heights of aggression. But one thing we often hear from these mobile carriers is how “good” their 4G LTE networks are.

These companies either have the highest number of LTE users, the largest LTE footprint, or the most LTE devices on the market. For customers, though, the only thing that matters about LTE is how much it’s going to cost them, and how fast it’s going to be.

If you’re looking for guidance on the former, CNET’s Maggie Reardon has tons of helpful information about carrier plan pricing in her Ask Maggie advice column.

But for the latter, I recently conducted real-world data tests to get a snapshot of how fast these networks are performing. These tests were carried out in the same location, one where all carriers’ 4G LTE networks are active (San Jose, Calif.), on the same weekend, and during the same times throughout the days. I executed these tests five times to calculate a fair average on the same phone, the LG G3, with all four devices being wiped and reset beforehand, just like how you would receive them out of the box.

It’s important to keep in mind that these tests are not comprehensive or exhaustive. Although I took measures to be as fair and thorough as possible, these results offer just a glimpse of the carriers’ 4G LTE speeds in one place on the same device. If you’re thinking about switching carriers, be sure to research how well the others perform in your particular area.


How to sideload apps on the Amazon Fire Phone

Can’t find an app you’re looking for in Amazon’s Appstore? Then this post is for you.


Shortly before the Fire Phone was made official, Amazon announced that its Appstore had amassed over 240,000 apps and games. An impressive number, no doubt. Yet when you fire up your new phone the first time and start searching the Appstore, you’re bound to be disappointed by the lack of key apps.

Sure, Instagram, Facebook, Swarm, Uber, and the like are present. But notably lacking is Starbucks or any solid third-party Twitter application such as Robird.

For those who find the lack of apps maddening, rest assured knowing there is a solution: sideloading. I know, “sideload” is a weird term. Fret not, my friend. In essence, it means installing (loading) an app outside of the preferred method of the preinstalled Appstore.


You’ll need to change one setting before you’re able to sideload an app. Launch the Settings app on your Fire Phone, then tap on the “Applications & Parental Controls” listing. In the submenu that displays, find and select “Allow non-Amazon app installation.” By sliding the switch next to the first listing on the next page, you’ll allow apps to be installed from secondary sources. Once you enable this option, you’ll receive a stern warning about putting your personal data at risk due to sideloading. If you’re comfortable with taking responsibility for what you load on your device, tap OK.

As for finding Android apps (commonly referred to as an APK), well that part is a little tricky. For those with enough Google fu, it won’t take too long to figure out you can use a Chrome extension to download the APK for free apps directly to your desktop. From there, transfer the file over to your Fire Phone using Dropbox or the like and install the app by opening the APK file. FireOS will recognize the APK as an app and begin the installation process.

There’s a pretty big caveat to sideloading apps on the Fire Phone. Since Amazon heavily customized Android to fit its own needs, thus leaving out all Google services, some apps just won’t work. Starbucks and Foursquare both require Google Play Services, and thus don’t run on FireOS. Naturally, all Google apps (Gmail, Google Drive, Google+, and so on) won’t run. Despite the extra effort required to sideload an app, it’s well worth the time.

I/O 2014 app source code shows developers how it’s done

Last month, Google released its fancy new I/O 2014 app in preparation for its annual conference. Now it’s announcing that the source code for the app is now available from Google’s GitHub repository. While end-users might have no use for this, unless they happen to be knowledgeable about and/or like reading Java code, Google is inviting developers to take a look inside and learn about current best practices of creating an Android app and using Google’s API.

Aside from giving users a window into the world of Google I/O, the I/O 2014 app also showcases many of the staples of Android app development, whether it be components and featuers like Fragments, receivers, and notifications or design considerations like toolbars and themes. It also shows newer and better ways to use Google’s own services, like using Google Cloud Messaging (GSM) to keep devices up to date with the latest content and using Google Drive API to store users’ preferences and sync it with all connected devices. It even shows how to make an Android Wear companion app.

But aside from just hard, cold code, the app also gives developers a preview into Material Design. The app uses the design principles of tactile surfaces, animated feedback, colors, imagery, and the metaphor of paper, to give developers an idea how to theme their apps in preparation for Android L. The app also uses API found in the Android L Preview and has a separate APK for those already running it on their Nexus 5 or 7, or on the Android emulator. The video below, summarizes some of those key design points.

The source code for the I/O 2014 app is being released under an open source license. This means that more than just a reference, developers will be able to use code snippets to kickstart their own apps. Those interested in learning more about the different API and features in this app should keep tabs on the Android Developers Blog, source link below, as Google will be sharing more details about the app in the coming weeks.