Top Tech Stories of 2013
This past year saw a lot of interesting developments in the tech sphere. I decided to compile a list of the stories that I felt were most important to me, but also affected the public at large. Here they are, in no particular order.
Ruby/Rails Security Problems Found
2013 opened up with a slew of security vulnerabilities with Ruby on Rails and its ecosystem. Two bugs were found that let attackers execute any code they want into a Rails app. Shortly after, another bug was found in the JSON parser that allowed arbitrary code execution. Then RubyGems.org, the de facto repository for the community’s gems, was compromised using one of these vulnerabilities.
It was a bit surprising to have Rails, which claims to manage all the security stuff magically, fall prey to such basic, sweeping attacks. But in the end, I think the Ruby community became more cognizant of security issues: security disclosure pages were created, rubyonrails.org added a security announcement banner, companies realized they needed to keep their websites up-to-date, and calls were renewed for signed gems.
Aaron Swartz Commits Suicide
Also early in the year, Aaron Swartz, a young hacker and activist, killed himself. He struggled with depression in his past, and close friends and family believe that the overreaching charges against him for civil disobedience drove him to suicide. (Swartz downloaded documents from the JSTOR academic database, leading to action from JSTOR, MIT, and the Massachusetts Attorney General, which then snowballed into a massive federal computer fraud case.)
After the public outcry, Congress investigated the overzealous prosecution from the US Attorney, and MIT furiously backpedaled as it tried to distance itself. In the end, some good came out of the whole sad situation: the effects of depression was discussed, reforms to computer fraud laws were proposed, the effort to liberate federal court records expanded, Swartz’s whistleblowing platform launched, and a documentary about his life was made.
BlackBerry Resurges, Then Collapses
The state of BlackBerry phones was looking pretty grim at the beginning of 2013. Android, iPhone, and even Windows Phone was seeing better market share and newer models, while the phone line from RIM was stale. There was a feeling that BlackBerry was going the way of Symbian or Maemo/MeeGo.
It was a little surprising, then, to see the BlackBerry 10 devices released to generally good reviews, with decent consumer interest. Unfortunately, the effort seems to have been too late. Failing to gain significant market share, RIM (now renamed to BlackBerry) posted huge losses, cut almost 40% of its workforce, sold $1B of debt to a private buyers, and fired senior executives. So far, the company is still hanging in there, despite the dismal situation.
It’s a shame to see smartphones reduced to basically two options (Android and iPhone), but that may be the nature of the phone market. Firefox OS and Ubuntu Touch look interesting, but we’ll have to wait and see if they shake up the industry and survive beyond 2014.
Opera Switches to WebKit; Google Forks It
In something of a surprise move, Opera announced this year the technology running their browser would switch from their in-house engine (Presto) to WebKit+V8, the popular platform that powers Safari and other browsers. Although they put a lot of work into their engine over the years, this lets them focus their efforts on user experience, web standards, the mobile market, and improving WebKit.
This generated a lot of controversy, mainly over the possibility of a browser monoculture. Although I understand the concern, I’m not sure it will have such a terrible effect. I think John Siracusa, Paul Irish, and John Resig make some good arguments why this is not a problem. Also, in the last few years, I’ve noticed that the differences between Opera and other browsers has gotten smaller, as Chrome and Firefox and even IE improve their web standards support. Sadly, the biggest counterargument may be that Opera never had a big market share (outside of phones and some Asian regions). For me, the biggest disappointment will be the nostalgia of Opera as the good but “little guy” browser.
In a weird bit of karma, Google later announced that they were forking the WebKit project to create their own version (called Blink), so that they could innovate the engine faster and not worry about supporting multiple architectures. Although it is very similar to WebKit, it may placate those who were worried about “one less browser engine”. :) Opera now uses this engine for their browser.
Google Glass Released
This year Google announced Glass, a set of glasses-like frames that act as a wearable interface for Google’s services. With voice recognition, the Glass can take pictures, search the web, give directions, and basically do anything your smartphone can do. They also opened up some of the platform for hacking.
Some critics were effusive in their praise; others dismissed it as dorky. Many were cautiously optimistic, which is the camp I fall in. Despite whether it is long-lasting or not, I like to see companies with the money putting it into these ambitious “moon shot” projects. At the moment Glass is expensive, has some technical kinks, and raises social questions, but that is typical for innovative products. Unlike some projects, like the Segway, I can see them as actually transforming our technology world. It’s possible that these projects are dead ends, but it’s absolutely true that we won’t know if they are never manufactured and used, and it fosters competition.
The Web Grows as a Platform
2013 saw web technologies really develop into a strong platform for apps and games. One of the highest-profile announcements was the porting of Unreal Engine 3, but there were many advancements:
- Further development of HTML5 APIs and other web technologies for accessing native device capabilities;
- JS compilers or compiler targets, such as asm.js and Emscripten, allowing for easy porting from other languages;
- More platforms and OSes (Windows Metro, Firefox OS, even cars) supporting web technologies for native development;
- Development wrappers such as PhoneGap became more popular;
- Spread of WebGL for realtime 3D graphics using a standard API;
- An explosion of JS game frameworks, such as ImpactJS;
- Adoption by large companies and migration away from Flash/Java/Silverlight/etc.
Many of these efforts started before 2013, but this year it felt like the web platform — HTML5, JS, Canvas, etc — came into its own and really made the case for being the premier platform for apps. Web tech is not a silver bullet; there are still many instances where native apps are better, but I think this gap will narrow as the technology matures and improves.
Unlocking Phones Becomes Illegal
First: the DMCA is a terrible piece of legislation enacted in 1998 that prevents consumers from modifying the devices they bought. But there was an exemption that allowed consumers to unlock their cell phones. Early this year, the Library of Congress removed this exemption, making it permanently illegal for you to modify the phone you bought.
After a public outcry and a petition, the White House, FCC, and even Congress responded in support of unlocking. Unfortunately, there doesn’t seem to have been a lot of real action. The DMCA is still around, the FCC has an application to reinstate unlocking, but an international trade treaty could prevent it, and the do-nothing Congress can’t pass legislation. At least some telecoms are feeling enough pressure from consumers and the FCC to voluntarily allow unlocking.
Cyberattacks Expand and Become More Sophisticated
Hacking into computer systems and networks is nothing new, but this year saw cyberattacks widen in scope, from bigger attackers to bigger targets. Among the companies that were hacked this year: the New York Times, Washington Post, Apple, Facebook, Microsoft, Spamhaus, and the Department of Energy. Cyberattacks have become a big business in some circles.
State-sponsored attacks are also becoming popular, as nations realize that cyberattacks against industrial and political targets can be effective and offer plausible deniability. China seems to have a strong hacking force, and of course the United States has been doing its own cyberattacks, with Stuxnet in 2010 and now the NSA revelations (see below). Even smaller countries like South Korea and Finland have been attacked.
Of course, you don’t have to be a government or military organization to be targeted by big players, as Google and the New York Times has learned. Then there is a country’s infrastructure, such as the power grid and financial systems.
It will be interesting to see how cyberwarfare gets integrated into normal warfare and intel/espionage efforts. Will it continue to operate in the shadows, or will there be some sort of international conventions (formalized or not)? It is already being discussed regarding law enforcement.
Also, although there seems to be a lot investment in offensive capabilities, the defense against cyberattacks seems to be almost nonexistent. Companies and governments are not keeping pace: electrical systems, cargo ships, the emergency broadcast system, and federal agencies have all been found to be open to exploits. These attacks are also forcing engineers to find ways to prevent them from saturating and breaking the internet for the rest of us.
Adobe and Sun Continue to Be Awful
Adobe and Sun (now part of Oracle) have a long history of creating terrible software — specifically, the Flash and Java plugins for web browsers — with horrible security records.
For a period in 2013, there was a zero-day exploit in Flash or Java every week. It was so common that joke websites were created. The security has gotten so bad that browser vendors, OS vendors, and company IT departments are blacklisting them. These companies are incapable of fixing their products, prompting security researchers to warn of their critical flaws (again). And to top it off, last year Adobe’s corporate network was hacked and their customers’ data was stolen, revealing that they didn’t even follow basic security practices. If this doesn’t prove that you should stay as far away from these companies as possible, I don’t know what does.
High-Speed Internet Service Expands
2013 saw some notable rollouts or plans for gigabit internet in the US. (Gigabit speeds are about 100 times faster than standard high-speed cable, and 10,000 times faster than dial-up.) Google Fiber was already being deployed in Kansas City, but this year they announced that they would be expanding to Austin and taking over Provo’s existing fiber network. Seattle, Los Angeles, and many others have or plan to have fiber networks; here in Iowa, gigabit speeds became available in Cedar Falls.
So far, it looks like fiber has to be spearheaded by municipalities and utilities and internet-based ISPs. Traditional telecoms have shown little interest in increasing speeds, and when they do, they aren’t at gigabit speeds and are very expensive. Luckily, with more competition and pressure from consumers, they are starting to take notice.
Sadly, gigabit fiber, and even broadband, is still out of reach for much of the US, and expensive. There is still lots of growing to do, as the country collectively tries to solve the “last mile” problem. But I think it’s worth it, as better internet service benefits the residents, businesses, and government of a community.
Bitcoin Enters Public Consciousness
Bitcoin, a virtual currency independent from any bank or government, enjoyed some modest popularity among the tech/hacker community in the last few years. But this year, it literally entered the mainstream lexicon. Although Bitcoin was always popular with black or gray markets such as illegal drugs and gambling, or simple tax avoidance, it gained a bit more legitimacy this year as more companies began using it.
This surge in popularity has spawned new Bitcoin-related companies, and many of them are little more than tech startups with questionable security and competence. In May, the largest exchange was investigated for transmitting money without a license, and a Chinese exchange disappeared completely. Virtual bank robbery is also now a reality, and because these currencies are not fully regulated yet, and are not insured by the FDIC, if they lose your money, you probably won’t be getting it back. Accidentally throw away your Bitcoin keys? Sorry, the money is gone.
And despite Bitcoin’s goal of independence, a federal judge ruled that it could be regulated, and some companies that handle Bitcoin transactions were investigated. In Germany, Bitcoin was determined to be subject to capital gains tax, while China banned financial institutions from using it altogether.
I haven’t used Bitcoin myself. The most interesting side to me is its engineering — its peer-to-peer protocol, its anonymity (or lack thereof), and its cryptography. (The mystery behind its founder, Satoshi Nakamoto, is also fun.) Its long-term stability and usefulness, however, has yet to be decided. Right now, investing in Bitcoin is roughly equal to investing in gold or other commodities (i.e., it’s very risky).
Valve Unveils Steam Machines
I’m a fan of Valve Software, from their awesome games to their company values and culture. This year they extended the success they built with their Steam digital distribution platform by spinning it into a gaming device, complete with a new operating system and controller. At the moment it’s only a prototype/beta, but as a PC gamer, I’m excited to see what is basically a PC-turned-console. The OS is based on Linux, which could improve that OS’s market share and visibility. The hardware is also open, so other manufacturers (or you yourself) can build compatible machines.
Edward Snowden Exposes Vast NSA Surveillance
This easily wins the “biggest story of the year” award. Snowden, a government contractor, revealed that the National Security Agency has been spying on phone and internet activity, both in the US and abroad. The Guardian has been writing about it since June, when Snowden began working with journalist Glenn Greenwald. Even though there have been new revelations on a weekly basis for the last 7 months, the Guardian says they have only published 1% of the leaked documents. The highlights:
- The NSA collects worldwide records of most phone activity with US carriers, including phone numbers and locations.
- The NSA collects worldwide records of most email activity with US companies.
- The NSA collects contacts from email accounts and instant messaging apps.
- The NSA has direct access to the data of large tech companies, including Google, Microsoft, Yahoo, Apple, and Facebook, either with their “cooperation” or by infiltrating their private networks.
- The NSA has tapped into internet traffic coming from large telecom companies across the world.
- The NSA infected computer networks and devices across the world with malicious software.
- The NSA worked with the GCHQ, the UK’s spying agency, to extend spying to UK residents.
- The NSA and GCHQ spies on government allies, aid groups, and corporations in Europe and around the world.
- It is suspected that the NSA deliberately weakened certain crytographic standards so that it could have a backdoor into secure communications.
- The NSA can easily eavesdrop on phone calls and texts.
- The NSA and GCHQ infiltrated online games and game services to… well, we’re not quite sure why they did that.
- Journalists and activists involved, and their allies, and even foreign dignitaries who have spoken out against the surveillance, have subsequently been smeared, harassed, and intimidated by government agencies and apologists.
Such activity from the NSA is not entirely surprising. The Patriot Act set the stage for such abuses, and the federal government has had easier availability to records and communications since 9/11. It was revealed in 2006 that the NSA had direct access to an AT&T internet traffic hub. Information about the data collection was further revealed in 2012 by NSA whistleblower William Binney and Wired magazine (in independent accounts). However, most people were surprised to learn about the scope and ease that the NSA has to our communication and computers.
It’s very worrying, for multiple reasons:
- Warrants are not required. Under the Foreign Intelligence Surveillance Act (FISA), the government is given an unlimited authority to obtain the data, in effectively unlimited quantity and scope.
- The NSA violated its own privacy procedures on domestic phone surveillance for 3 years. From 2006-2009, only 10% of phone numbers on its “alert list” met its standard for being tied to a terrorist group.
- The information can easily fall into the wrong hands. More than 4 million people have security clearances, and the quantity of data is huge. It has already been abused multiple times, from NSA employees spying on ex-partners, to the DEA illegally using it to build cases.
- There is no transparency. The extent of the wiretapping has been hidden until now, and the Foreign Intelligence Surveillance Court (FISC) that authorizes the surveillance operates in secrecy.
- There is no oversight. Obama denies he was fully briefed on the extent of the surveillance. The Privacy and Civil Liberties Oversight Board (PCLOB), created specifically for these issues, didn’t hold public meetings until 2012 and doesn’t have any authority.
- The (warrantless) wiretapped data is beginning to be used in federal criminal cases as evidence, and is setting a precedent for use in standard policing.
- Having a powerful government deliberately weaken the internet’s security hurts all of us, and we need all the help we can get from cyberattacks (see above).
- US tech and telecom companies are willing to (or pressured to) open up their records to the US government without just cause.
- The US is losing trust around the world. Countries are outraged and calling for less trade with us, and their residents are moving away from US companies. US institutions that manage technical standards and internet governance have been called into question.
- US companies that handle sensitive data have voluntarily shut down, rather than risk intrusion into their records and email.
If you’re still not convinced that this is a bad thing, read these posts:
- End the NSA Dragnet, Now
- Edward Snowden: Saving Us from the United Stasi of America
- If PRISM Is Good Policy, Why Stop With Terrorism?
- NSA and GCHQ: The flawed psychology of government mass surveillance
- We Should All Have Something To Hide
- You commit three felonies a day
- Surveillance is not about protecting us. It’s about control.
- U.S Government Surveillance: Bad for Silicon Valley, Bad for Democracy Around the World
On the plus side, the revelations have spawned some good developments. Transparency and data protection, such as that given by open source software, Tor, and SSL encryption, is now seen as more important than ever. Tech companies and organizations are reviewing their services, infrastructures, and protocols. Secure alternatives to standard email and instant messaging have been proposed. Google, Facebook, Apple, and other large tech firms have demanded transparency and reforms from the White House. Whistleblowers like Snowden and Chelsea Manning have been lauded by columnists and privacy advocates. Even Congress has gotten involved, with hearings and proposed legislation (albeit dubious). Most importantly, it has renewed public discourse on privacy, the Fourth Amendment, and freedom of speech. Mission accomplished.
Two federal judges have since argued that the surveillance is unconstitutional. Obama defended the spying, but a review panel he appointed agreed that the program is an invasion of privacy and needs an overhaul. In the meantime, you can follow the Guardian, the Electronic Frontier Foundation, and the ACLU, take action, and try to stay safe.
Obituary of Note: Douglas Englebart
Englebart, a technology pioneer, passed away in 2013. Although he is best known as the inventor of the mouse, he is better known as a person who worked to augment people by using computers to collaborate and work. Nowadays it often feels like the “next new thing” doesn’t actually do much to advance humankind. It’s nice to be reminded about innovators like Englebart, so that we can be inspired to make the world a better place.
- “Six strikes” law gets implemented by ISPs
- Chelsea (formerly Bradley) Manning convicted for leaking diplomatic cables and US military “Collateral Murder” vido, and sentenced to 35 years in jail
- W3C considers adding DRM to HTML
- Microsoft acquires Nokia’s phone business
- FAA and European regulators remove ban on electronic devices during take-offs and landings; FCC considers banning in-flight calling
- Google discontinues more services, like Reader, makes YouTube comments worse with Google+ integration
- First anti-patent-trolling legislation passes House of Representatives
- Best prank: Pirate Bay relocates to North Korea
- Best hack (and response): Serbian students play Space Invaders on Belgrade billboard
- Best bug report: Chrome wakes me up in the middle of the night, with monsters