[MUSIC PLAYING]
[VIDEO PLAYBACK]
-First thing we're going to
need is a lot of pictures.
Unfortunately, Harvard doesn't keep
a public, centralized face book,
so I'm going to have to get all the
images from the individual houses
that people are in.
Let the hacking begin.
First off is Kirkland.
They keep everything open and allow
indexes in their Apache configuration,
so little Wget magic is all
that's necessary to download
the entire Kirkland
face book, good stuff.
Next is Elliot.
They're also open but
with no indexes on Apache.
I can run and empty search,
and it returns all the images
in the database in a single page.
And I can save the page, and Mozilla
will save all the images for me.
Lowell has some security.
They require a username/password combo.
And I'm going to go ahead and
say, they don't have access
to the main FAS database.
So they have no way of
detecting an intrusion.
Adams has no security but limits
the number of results to 20 a page.
All I have to do is break out the same
script I used on Lowell, and we're set.
Dunster is intense.
Not only is there no public directory,
but there's no directory at all.
You have to do searches.
[END VIDEO PLAYBACK]
DAVID J. MALAN: Hello, world.
This is CS50LIVE.
And boy, do we have a
good show for you today.
That, of course, was acclaimed
film, The Social network.
And that, of course, was
my acclaimed colleague,
CS50's own Ramon Galvan, who
you may recall from such films
as season zero, episode five.
Now, whether or not you
knew it, all these years,
you've been doing what's called
two-dimensional printing,
using an inkjet or laserjet printer.
It turns out though, that
all the rage these days
is a new technology known as 3D
printing, whereby you can actually
print three-dimensional objects.
There are any number of
technologies, by which you
can print in three dimensions,
one which is called FDM.
And we've recently sat down
this CS50's own Ansel Duff,
to talk about how we in
CS50's production team
could solve an actual problem.
Let's take a look.
ANSEL DUFF: Hi, my name is Ansel.
So I'm a senior in
mechanical engineering
here at Harvard School of
Engineering and Applied Sciences.
And I'm a member of CS50's team.
So 3D printing is a
rapid prototyping method
that allows us to design a part in a CAD
modeling program and then print it out,
painlessly and very rapidly.
There are a few different
3D printing methods
that we often use,
stereolithography being one of them
and FDM being another one.
FDM stands for Fused
Deposition Modeling,
which is just a fancy way of saying
that the printer extrudes some molten
material, often plastic,
onto a plate in layers.
So when we design a part,
like a cube, for example,
the printer will just
put it layer by layer,
until it's completed the structure.
Oftentimes, we'll design
the part to be solid.
But printing a solid part is both
time and material inefficient.
So there's some algorithm
in the 3D printer
that creates a honeycomb internally
that maintains the part's rigidity,
but doesn't use a ton of
time and a ton of material.
Here's one of the cameras
that we use at CS50.
And you'll notice that there's this
massive lens attached to the end of it.
If we just let this lens be supported
only at the attachment point
to the camera, it's a big cantilever.
And it puts a lot of
stress on this joint.
So what we'll often do is
use a support like this.
So this support, as you can
tell, has two holes in it,
and it's designed to
slide onto these rails.
And there's a support slider, I
guess, that just pops up and attaches
to the bottom of this camera.
Because this camera is a little
bit taller than we're used to,
this support is too short.
And it won't actually meet the lens.
So if I were to slide it
onto the rails, there's
a big gap between the top of the
support and the bottom of the lens.
So this is a perfect opportunity
for something like a 3D printed part
to mate the lens and the support
We can design it pretty easily,
take a couple of
measurements t the camera
and then print out a part that
will adapt our support to our lens.
So here's a modified support
piece that I printed.
And I just simply designed
this black support structure
that has these crosses in it,
to screw onto our support that
came with the camera and then mate
the lens with this curved structure
at the top here.
So we can slide this on and then
move this piece up and down,
until it supports the lens completely.
It's a pretty simple solution
to a pretty simple problem.
And we were able to
make it very rapidly.
This part took under an hour to print,
and it took maybe 10 minutes to CAD up,
so pretty easy solution.
If this part were machined out
of maybe aluminum or steel,
it would've taken several hours
of kind of tedious machining
for a part that would end up
being ultimately over built
and kind of overkill for the problem.
So here's a great example
of how 3D printing works.
DAVID J. MALAN: And
now for a new segment
we like to call--
[LAUGHING] Yes, indeed.
Samsung and other
manufacturers have been
producing of late something
called Smart TVs, which generally
mean that they have an
internet connection, so
that they can download
TV Guide information
and other interactive content.
Unfortunately, it also
means that these TVs
tend to have other hardware as
well, including microphones,
so that you can, upon hitting
a button on the remote
or speaking some spoken
command, trigger your TV
to start listening to you, at which
point, it uploads your words to Samsung
servers, analyzes them, and
then responds accordingly
on the TV to your voice commands.
In other words, if you're sitting at
home watching TV in your living room
or you're lying in bed, watching TV
in bed, Samsung is there with you.
Now, it turns out that
recently came to light
is this clause here from
Samsung's own privacy policy.
"Please be aware that if
you're spoken words include
personal or other sensitive
information, that information
will be among the account here
and transmitted to a third party,"
in this case, Samsung.
Now thankfully, a day later, Samsung
responded with this reassurance,
on February 6.
"Samsung takes consumer
privacy very seriously.
In all of our Smart TVs, we employ
industry standar security safeguards
and practices, including
data encryption,
to secure consumers'
personal information
and prevent unauthorized
collection or use."
In fact, what Samsung
has been doing is this,
as came to light a few days later.
All of those voice commands that you
might be speaking into your Smart TV
are being transmitted to this
address here-- nuancemobility.net,
and thankfully, at
least at first glance,
they're being transmitted
on TCP port 443, which
generally indicates that the connection
is secure, because it's using HTTPS.
Unfortunately, this is just a convention
that encrypted data is generally
sent on port 443.
You can send any data you
want, and indeed, Samsung
is taking advantage of that opportunity.
It turns out that some security
researchers at a company
called Pen Test Partners, using open
source software called Wireshark,
listened to the traffic that was being
sent from one of their Samsung Smart
TVs to Samsung's servers.
And what they discovered was this.
A bit cryptic, to be
sure, at first glance,
but it is nonetheless clear text.
This is a markup language not unlike
HTML called XML, inside of which
is some encoded audio data.
And sure enough, these
same researchers were
able to decode that audio
data, ultimately revealing
their own spoken words being sent in the
clear, over the internet, to Samsung.
Indeed, their conclusion was this.
"So it does kinda spy on you,
but then leaks the spy data out
onto the public internet."
Now, thankfully, Samsung
has responded as follows.
"Samsung takes consumer
privacy very seriously,
and our products are designed
with privacy in mind.
Our latest Smart TV models are
equipped with data encryption.
And software update will soon
be available for download
on the other models."
And now for another stressor.
It turns out the computer manufacturer
Lenovo has been doing the following.
Pre-installed, for
quite some months, has
been software called
Superfish, which ostensibly
is designed to inject additional search
results into images that you might
be searching for on something
like Google Images or the like,
thereby providing you effectively
with some advertisements
or links to related information.
Unfortunately, Superfish has been
doing this by breaking how HTTPS works.
In other words, if you normally visit
a website that is encrypted with HTTPS,
you'd hope to see a URL bar like this.
This, for instance, is a US
bank called bankofamerica.com.
And indeed, that green URL bar and
the fact that it starts with HTTPS
is generally a good
thing, because it means
you have an encrypted connection between
you and bankofamerica.com's websites.
And if you were to look at
this SSL certificate being
used for this encryption by some
sequence of commands in your browser,
you would hopefully see a
window, not unlike this.
And if you focus in there on who issued
the so-called security certificate,
you'd hopefully see a
reputable party, like Verisign,
who signs many of these so-called
SSL certificates in the world.
Unfortunately, if you own a Lenovo
computer, as this researcher here
did, and with his camera phone,
took a photo of what he saw,
he saw this window
here, which if we focus
in on that same line-- the
security certificate being issued
by Bank of America that he received was
apparently issued by Superfish, Inc.
In other words, the software that's
being pre-installed on these Lenovo
computers is effectively pretending
to be bankofamerica.com, gmail.com,
facebook.com, any number of websites
that normally have their own security
certificates.
But no, Superfish is
instead masquerading
as a so-called man in the middle,
presenting its own security
certificates, as though they belong
to Bank of America and the like.
Indeed, if you start poking
around in the so-called root
certificates on your
Windows computer, you
might see a line like this,
which indeed indicates
that one of the root certificates--
the most powerful in a computer--
was in fact installed
as Superfish's own.
So not only is this bad in the context
of the software on your own computer
potentially spying on your
otherwise encrypted traffic,
it also means that so can anyone
else nearby you, in Starbucks
or an airport or the like,
where there's some Wi-Fi.
Because every Lenovo computer
that has this Superfish software
also has the same
public and private key,
which means even if some other Lenovo
computer is in fact encrypting data,
albeit with Superfish's
certificate, then that data
is being sent over the Wi-Fi encrypted.
But so can anyone else
on that connection
decrypt that same data, because
they, of course, have the same key.
Now thankfully, Lenovo has
since responded as follows.
"Superfish was previously included on
some consumer notebook products shipped
between September, 2014
and now, February, 2015,
to assist customers with
discovering products
similar to what they're viewing.
However, user feedback was not
positive," to say the least.
And you can confirm as much
yourself, with a bit of Googling.
"And we responded
quickly and decisively."
And indeed, they have begun
to remove and provided users
with instructions for
removing this software.
And if you'd like to learn more
because you own a Lenovo laptop,
do take a look at this URL here.
And now for something
a lot less stressful.
Our good friend John Oliver recently
took a look at an amazing new product
called a salmon cannon.
And we thought we'd take a look.
Salmon famously have to fight
their way upstream to spawn.
But thanks to hydroelectric dams,
that's become increasingly difficult.
But don't worry.
Because as we found out
recently, America is on it.
BEN TRACY: I'm Ben Tracy
in Washington state,
where we're going to introduce you
to a pretty sweet piece of technology
known as the salmon cannon.
That's coming up on "CBS This Morning."
JON OLIVER: Let me tell you how
much I love the salmon cannon.
I love it so much, we made
our own canon this week.
So this thing is pretty powerful.
So who wants to give this puppy a go.
Let's see where this salmon ends up.
JOHN STEWART: Of course, situation
in the Mideast only getting more
complicated.
The US has been bombing pretty--
JON OLIVER: OK, OK.
So we know it works.
We know it works.
Let's try firing two
fish somewhere else.
JIMMY FALLON: Thank you,
spatulas, for if I have to cook--
JON OLIVER: Very nice.
Let's try something a
little more difficult.
SPEAKER 1: Picture-- and this
is what it looks like in--
JON OLIVER: Clearly, this is the
greatest object has ever been invented.
So I am emptying this bucket.
And let us see how big
we can go on this thing.
SPEAKER 2: Before we get
started with revealing the clue,
what we really want to
do is reveal-- All right.
SPEAKER 3: In this volume,
we're going to want to--
DAVID J. MALAN: That's it for CS50LIVE.
Thanks so much to the whole
team behind the camera.
Thanks so much to you for tuning in.
This was CS50.
[MUSIC PLAYING]
