1 00:00:00,000 --> 00:00:02,580 SPEAKER 1: Follow us for the funky behavior. 2 00:00:02,580 --> 00:00:05,070 Make a note on the record we gave you. 3 00:00:05,070 --> 00:00:07,560 Feel free, drop your pants, check your hair. 4 00:00:07,560 --> 00:00:10,080 Do you like the garments that we wear? 5 00:00:10,080 --> 00:00:15,030 I instruct you to be the obeyer, a rhythm recipe that you savor. 6 00:00:15,030 --> 00:00:19,860 Doesn't matter if you're minor or major, just to try of the game with a player. 7 00:00:19,860 --> 00:00:21,693 And you Inhale like a breath of fresh air. 8 00:00:21,693 --> 00:00:24,360 SPEAKER 2: First thing we're going to need is a lot of pictures. 9 00:00:24,360 --> 00:00:26,790 Unfortunately, Harvard doesn't keep a public centralized Facebook, 10 00:00:26,790 --> 00:00:29,665 so I'm going to have to get all the images from the individual houses 11 00:00:29,665 --> 00:00:31,510 that people are in. 12 00:00:31,510 --> 00:00:32,770 Let the hacking begin. 13 00:00:32,770 --> 00:00:35,770 First off is Kirkland, they keep everything open and allow indexes 14 00:00:35,770 --> 00:00:38,020 in their Apache configuration so a little Wget 15 00:00:38,020 --> 00:00:41,710 magic is all that's necessary to download the entire Kirkland Facebook. 16 00:00:41,710 --> 00:00:42,220 Kids' stuff. 17 00:00:42,220 --> 00:00:45,298 Next is Elliot, they're also open but with no indexes on Apache. 18 00:00:45,298 --> 00:00:47,590 I can run an empty search and it returns all the images 19 00:00:47,590 --> 00:00:48,997 in the database in a single page. 20 00:00:48,997 --> 00:00:51,830 And I can save the page and Mozilla will save all the images for me. 21 00:00:51,830 --> 00:00:54,790 Lowell has some security, they require a username and password combo. 22 00:00:54,790 --> 00:00:57,370 And I'm going to go ahead and say they don't have access to the main SAS user 23 00:00:57,370 --> 00:00:57,830 database. 24 00:00:57,830 --> 00:00:59,747 So they have no way of detecting an intrusion. 25 00:00:59,747 --> 00:01:02,612 Adams has no security but limits the number of results to 20 a page. 26 00:01:02,612 --> 00:01:05,820 All I need to do is break out the same script I used on Lowell and we're set. 27 00:01:05,820 --> 00:01:08,490 Dunster is intense, not only is there no public directory, 28 00:01:08,490 --> 00:01:10,020 but there's no directory at all. 29 00:01:10,020 --> 00:01:10,665 You have to do searches-- 30 00:01:10,665 --> 00:01:11,165 [YELLING] 31 00:01:11,165 --> 00:01:14,310 You search for things more-- 32 00:01:14,310 --> 00:01:15,840 DAVID MALAN: Hello, world. 33 00:01:15,840 --> 00:01:19,590 This is CS50 Live, and boy do we have a good show for you today. 34 00:01:19,590 --> 00:01:22,140 That of course was acclaimed film, The Social Network. 35 00:01:22,140 --> 00:01:24,360 And then of course, was my acclaimed colleague 36 00:01:24,360 --> 00:01:27,600 CS50 Zone, Ramon [? Galvan, ?] who you may recall from such films 37 00:01:27,600 --> 00:01:30,150 as season zero, episode five. 38 00:01:30,150 --> 00:01:32,400 Now, whether or not you knew it, all these years 39 00:01:32,400 --> 00:01:35,670 you've been doing what's called two dimensional printing using an Inkjet 40 00:01:35,670 --> 00:01:37,062 or Laserjet printer. 41 00:01:37,062 --> 00:01:39,270 It turns out, though, that all the rage these days is 42 00:01:39,270 --> 00:01:41,550 a new technology known as 3D printing. 43 00:01:41,550 --> 00:01:44,400 Whereby, you can actually print three dimensional objects. 44 00:01:44,400 --> 00:01:46,500 There's any number of technologies via which 45 00:01:46,500 --> 00:01:49,440 you can print in three dimensions, one of which is called FDM. 46 00:01:49,440 --> 00:01:52,110 And we recently sat down with CS50 Zone and sealed off 47 00:01:52,110 --> 00:01:54,870 to talk about how we in CS50's production team 48 00:01:54,870 --> 00:01:56,980 could solve an actual problem. 49 00:01:56,980 --> 00:01:58,018 Let's take a look. 50 00:01:58,018 --> 00:02:00,810 ANSEL: Hi, my name is Ansel, I'm a senior in mechanical engineering 51 00:02:00,810 --> 00:02:03,227 here at Harvard School of Engineering and Applied Sciences 52 00:02:03,227 --> 00:02:05,280 and I'm a member of CS50's team. 53 00:02:05,280 --> 00:02:08,250 So 3D printing is a rapid prototyping method 54 00:02:08,250 --> 00:02:11,009 that allows us to design a part in a CAD modeling program 55 00:02:11,009 --> 00:02:14,050 and then print it out painlessly and very rapidly. 56 00:02:14,050 --> 00:02:16,770 There are a few different 3D printing methods that we often use. 57 00:02:16,770 --> 00:02:20,040 Stereolithography being one of them and FDM being another one. 58 00:02:20,040 --> 00:02:22,990 FDM stands for fused deposition modeling, 59 00:02:22,990 --> 00:02:26,460 which is just a fancy way of saying that the printer extrudes some molten 60 00:02:26,460 --> 00:02:30,040 material, often plastic, onto a plate in layers. 61 00:02:30,040 --> 00:02:32,670 So when we design a part like a cube, for example, 62 00:02:32,670 --> 00:02:34,770 the printer will just print it layer by layer 63 00:02:34,770 --> 00:02:36,480 until it's completed the structure. 64 00:02:36,480 --> 00:02:40,650 Oftentimes, we'll design the part to be solid, but printing a solid part 65 00:02:40,650 --> 00:02:43,390 is both time and material inefficient. 66 00:02:43,390 --> 00:02:46,050 So there's some algorithm within 3D printer 67 00:02:46,050 --> 00:02:49,800 that creates a honeycomb internally that maintains the parts' rigidity 68 00:02:49,800 --> 00:02:52,503 but doesn't use a ton of time and a ton of material. 69 00:02:52,503 --> 00:02:54,420 Here's one of the cameras that we use at CS50. 70 00:02:54,420 --> 00:02:57,545 And you'll notice that there's this massive lens attached to the end of it. 71 00:02:57,545 --> 00:03:01,080 If we just let this lens be supported only at the attachment point 72 00:03:01,080 --> 00:03:04,570 to the camera, it's a big cantilever and it puts a lot of stress on this joint. 73 00:03:04,570 --> 00:03:08,530 So what we will often do is use a support like this. 74 00:03:08,530 --> 00:03:11,350 So this support, as you can tell, has two holes in it. 75 00:03:11,350 --> 00:03:13,350 And it's designed to slide onto these rails 76 00:03:13,350 --> 00:03:16,860 and there's a support slider, I guess, that just pops up and attaches 77 00:03:16,860 --> 00:03:18,208 to the bottom of this camera. 78 00:03:18,208 --> 00:03:21,000 Because this camera is a little bit taller than what we're used to, 79 00:03:21,000 --> 00:03:23,980 this support is too short and it won't actually meet the lens. 80 00:03:23,980 --> 00:03:26,100 So if I were to slide it onto the rails, there's 81 00:03:26,100 --> 00:03:29,350 a big gap between the top of the support and the bottom of the lens. 82 00:03:29,350 --> 00:03:33,210 So this is a perfect opportunity for something like a 3D printed part 83 00:03:33,210 --> 00:03:35,730 to mate the lens and the support. 84 00:03:35,730 --> 00:03:39,120 We can design it pretty easily, take a couple of measurements from the camera, 85 00:03:39,120 --> 00:03:42,450 and then print out a part that will adapt our support to our lens. 86 00:03:42,450 --> 00:03:45,450 So here's a modified support piece that I printed and I had just 87 00:03:45,450 --> 00:03:48,420 simply designed this black support structure that 88 00:03:48,420 --> 00:03:52,290 has these crosses in it to screw on to our support that came with the camera 89 00:03:52,290 --> 00:03:55,600 and then mate the lens with this curved structure at the top here. 90 00:03:55,600 --> 00:03:58,380 So we can slide this on and then move this piece up and down 91 00:03:58,380 --> 00:04:00,480 until it supports the lens completely. 92 00:04:00,480 --> 00:04:03,540 It's a pretty simple solution to a pretty simple problem, 93 00:04:03,540 --> 00:04:05,430 and we were able to make it very rapidly. 94 00:04:05,430 --> 00:04:08,610 This part took under an hour to print and it took maybe 10 minutes 95 00:04:08,610 --> 00:04:11,370 to cat up, so pretty easy solution. 96 00:04:11,370 --> 00:04:14,190 If this part were machined out of maybe aluminum or steel, 97 00:04:14,190 --> 00:04:17,490 it would have taken several hours of tedious machining 98 00:04:17,490 --> 00:04:20,130 for a part that would end up being ultimately 99 00:04:20,130 --> 00:04:22,570 overbuilt and overkill for the problem. 100 00:04:22,570 --> 00:04:25,170 So here's a great example of how 3D printing works 101 00:04:25,170 --> 00:04:28,365 DAVID MALAN: And now for a new segment, we like to call-- 102 00:04:28,365 --> 00:04:31,620 [LOUD BANGING] 103 00:04:31,620 --> 00:04:32,550 104 00:04:32,550 --> 00:04:34,090 Yes, indeed. 105 00:04:34,090 --> 00:04:36,310 Samsung and other manufacturers have been 106 00:04:36,310 --> 00:04:38,953 producing of late something called smart TVs, which generally 107 00:04:38,953 --> 00:04:40,870 mean that they have an internet connection, so 108 00:04:40,870 --> 00:04:42,790 that they can download TV guide information 109 00:04:42,790 --> 00:04:44,740 and other interactive content. 110 00:04:44,740 --> 00:04:46,990 Unfortunately, it also means that these TVs 111 00:04:46,990 --> 00:04:49,930 tend to have other hardware as well, including microphones 112 00:04:49,930 --> 00:04:53,440 so that you can upon hitting a button on the remote or speaking some 113 00:04:53,440 --> 00:04:57,160 spoken command trigger your TV to start listening to you at which point 114 00:04:57,160 --> 00:04:59,290 it uploads your words to Samsung servers, 115 00:04:59,290 --> 00:05:01,840 analyzes them, and then responds accordingly 116 00:05:01,840 --> 00:05:04,280 on the TV to your voice commands. 117 00:05:04,280 --> 00:05:07,990 In other words, if you're sitting at home watching TV in your living room 118 00:05:07,990 --> 00:05:13,330 or if you're lying in bed watching TV in bed, Samsung is there with you. 119 00:05:13,330 --> 00:05:15,700 Now, it turns out that recently came to light 120 00:05:15,700 --> 00:05:19,330 is this clause here from Samsung's own privacy policy. 121 00:05:19,330 --> 00:05:21,580 Please be aware that if your spoken words include 122 00:05:21,580 --> 00:05:24,670 personal or other sensitive information, that information 123 00:05:24,670 --> 00:05:28,330 will be among the data captured and transmitted to a third party, 124 00:05:28,330 --> 00:05:29,740 in this case Samsung. 125 00:05:29,740 --> 00:05:33,580 Now thankfully a day later, Samsung responded with this reassurance 126 00:05:33,580 --> 00:05:34,810 on February 6th. 127 00:05:34,810 --> 00:05:38,080 Samsung takes consumer privacy very seriously. 128 00:05:38,080 --> 00:05:42,640 In all of our smart TVs, we employ industry standard security safeguards 129 00:05:42,640 --> 00:05:47,020 and practices, including data encryption to secure 130 00:05:47,020 --> 00:05:51,280 consumers' personal information and prevent unauthorized collection or use, 131 00:05:51,280 --> 00:05:52,540 whew. 132 00:05:52,540 --> 00:05:56,758 In fact, what Samsung has been doing is this as came to light a few days later, 133 00:05:56,758 --> 00:05:59,800 all of those voice commands that you might be speaking into your smart TV 134 00:05:59,800 --> 00:06:03,130 are being transmitted to this address here, nuancemobility.net. 135 00:06:03,130 --> 00:06:05,530 And thankfully, at least at first glance, 136 00:06:05,530 --> 00:06:09,100 they're being transmitted on TCP port 443, which 137 00:06:09,100 --> 00:06:13,420 generally indicates that the connection is secure because it's using HTTPS. 138 00:06:13,420 --> 00:06:17,020 Unfortunately, this is just a convention that encrypted data is generally 139 00:06:17,020 --> 00:06:18,880 sent on port 443. 140 00:06:18,880 --> 00:06:21,550 You can send any data you want, and indeed, Samsung 141 00:06:21,550 --> 00:06:23,800 is taking advantage of that opportunity. 142 00:06:23,800 --> 00:06:26,380 It turns out that some security researchers at a company 143 00:06:26,380 --> 00:06:27,880 called Pen Test Partners. 144 00:06:27,880 --> 00:06:31,840 Using open source software called Wireshark, listen to the traffic 145 00:06:31,840 --> 00:06:35,500 that was being sent from one of their Samsung Smart TVs to Samsung's servers 146 00:06:35,500 --> 00:06:37,600 and what they discovered was this. 147 00:06:37,600 --> 00:06:39,640 A bit cryptic to be sure at first glance, 148 00:06:39,640 --> 00:06:41,810 but it is nonetheless clear text. 149 00:06:41,810 --> 00:06:44,530 This is a markup language, not unlike HTML, 150 00:06:44,530 --> 00:06:48,130 called XML inside of which is some encoded audio data. 151 00:06:48,130 --> 00:06:49,990 And sure enough, these same researchers were 152 00:06:49,990 --> 00:06:52,960 able to decode that audio data, ultimately 153 00:06:52,960 --> 00:06:57,610 revealing their own spoken words being sent in the clear over the internet 154 00:06:57,610 --> 00:06:58,600 to Samsung. 155 00:06:58,600 --> 00:07:02,470 Indeed their conclusion was this, so it does kind of spy on you, 156 00:07:02,470 --> 00:07:05,660 but then leaks the spy data out onto the public internet. 157 00:07:05,660 --> 00:07:08,230 Now thankfully, Samsung has responded as follows. 158 00:07:08,230 --> 00:07:11,050 Samsung takes consumer privacy very seriously 159 00:07:11,050 --> 00:07:14,140 and our products are designed with privacy in mind. 160 00:07:14,140 --> 00:07:19,810 Our latest smart TV models are equipped with data encryption and software 161 00:07:19,810 --> 00:07:23,920 update will soon be available for download on other models. 162 00:07:23,920 --> 00:07:27,490 And now for another stressor, it turns out the computer manufacturer 163 00:07:27,490 --> 00:07:29,770 Lenovo has been doing the following. 164 00:07:29,770 --> 00:07:33,070 Pre-installed for quite some months has been 165 00:07:33,070 --> 00:07:35,680 software called Superfish, which ostensibly 166 00:07:35,680 --> 00:07:39,550 is designed to inject additional search results into images that you 167 00:07:39,550 --> 00:07:42,760 might be searching for on something like Google images or the like. 168 00:07:42,760 --> 00:07:46,180 Thereby, providing you effectively with some advertisements or links 169 00:07:46,180 --> 00:07:47,650 to related information. 170 00:07:47,650 --> 00:07:53,720 Unfortunately, Superfish has been doing this by breaking how HTTPS works. 171 00:07:53,720 --> 00:07:57,880 In other words, if you normally visit a website that is encrypted with HTTPS, 172 00:07:57,880 --> 00:07:59,890 you'd hope to see a URL bar like this. 173 00:07:59,890 --> 00:08:03,100 This for instance is a US Bank called bankofamerica.com. 174 00:08:03,100 --> 00:08:07,570 And indeed, that green URL bar and the fact that it starts with HTTPS 175 00:08:07,570 --> 00:08:09,430 is generally a good thing, because it means 176 00:08:09,430 --> 00:08:13,900 you have an encrypted connection between you and bankofamerica.com's websites. 177 00:08:13,900 --> 00:08:17,350 And if you were to look at the SSL certificate being 178 00:08:17,350 --> 00:08:20,980 used for this encryption by some sequence of commands in your browser, 179 00:08:20,980 --> 00:08:23,320 you would hopefully see a window not unlike this. 180 00:08:23,320 --> 00:08:26,770 And if you focus in on there on who issued the so-called security 181 00:08:26,770 --> 00:08:30,160 certificate, you would hopefully see a reputable party like VeriSign 182 00:08:30,160 --> 00:08:33,350 who signs many of these so-called SSL certificates in the world. 183 00:08:33,350 --> 00:08:35,919 Unfortunately, if you own a Lenovo computer as 184 00:08:35,919 --> 00:08:38,260 this researcher here did and with his camera phone 185 00:08:38,260 --> 00:08:40,130 took a photo of what he saw. 186 00:08:40,130 --> 00:08:43,659 He saw this window here, which if we focus in on that same line, 187 00:08:43,659 --> 00:08:48,010 the security certificate being issued by Bank of America that he received 188 00:08:48,010 --> 00:08:51,632 was apparently issued by Superfish Inc. In other words, 189 00:08:51,632 --> 00:08:54,340 the software that's being pre-installed on these Lenovo computers 190 00:08:54,340 --> 00:08:58,510 is effectively pretending to be bankofamerica.com, gmail.com, 191 00:08:58,510 --> 00:09:02,440 facebook.com, any number of websites that normally have their own security 192 00:09:02,440 --> 00:09:03,070 certificates. 193 00:09:03,070 --> 00:09:06,070 But no, Superfish is instead masquerading 194 00:09:06,070 --> 00:09:09,220 as a so-called man in the middle presenting its own security 195 00:09:09,220 --> 00:09:12,880 certificates as though they belong to Bank of America and the like. 196 00:09:12,880 --> 00:09:15,790 Indeed, if you start poking around the so-called root certificates 197 00:09:15,790 --> 00:09:17,890 on your Windows computer, you might see a line 198 00:09:17,890 --> 00:09:21,280 like this, which indeed indicates that one of the root certificates, the most 199 00:09:21,280 --> 00:09:25,970 powerful in a computer, it was in fact installed as Superfish's own. 200 00:09:25,970 --> 00:09:29,810 So not only is this bad in the context of this software on your own computer 201 00:09:29,810 --> 00:09:32,690 potentially spying on your otherwise encrypted traffic, 202 00:09:32,690 --> 00:09:36,860 it also means that so can anyone else nearby you in Starbucks 203 00:09:36,860 --> 00:09:40,190 or an airport alike where there's some Wi-Fi, because every Lenovo 204 00:09:40,190 --> 00:09:42,740 computer that has the Superfish software also 205 00:09:42,740 --> 00:09:47,000 has the same public and private key, which means even if some other Lenovo 206 00:09:47,000 --> 00:09:51,350 computer is in fact encrypting data, albeit with Superfish's certificate, 207 00:09:51,350 --> 00:09:55,460 then that data is being sent over the Wi-Fi encrypted. 208 00:09:55,460 --> 00:10:00,470 But so can anyone else on that connection, decrypt that same data 209 00:10:00,470 --> 00:10:02,450 because they of course, have the same key. 210 00:10:02,450 --> 00:10:06,050 Now thankfully, Lenovo has since responded as follows. 211 00:10:06,050 --> 00:10:09,680 Superfish was previously included on some consumer notebook 212 00:10:09,680 --> 00:10:14,330 products shipped between September 2014 and now February 2015 213 00:10:14,330 --> 00:10:16,220 to assist customers with discovering product 214 00:10:16,220 --> 00:10:17,870 similar to what they are viewing. 215 00:10:17,870 --> 00:10:21,580 However, user feedback was not positive to say the least 216 00:10:21,580 --> 00:10:24,080 and you can confirm as much yourself with a bit of Googling. 217 00:10:24,080 --> 00:10:26,630 And we responded quickly and decisively. 218 00:10:26,630 --> 00:10:29,630 And indeed, they have begun to remove and provided users 219 00:10:29,630 --> 00:10:31,550 with instructions for removing this software. 220 00:10:31,550 --> 00:10:34,610 And if you'd like to learn more because you own a Lenovo laptop, 221 00:10:34,610 --> 00:10:38,480 do take a look at this URL here. 222 00:10:38,480 --> 00:10:41,180 And now for something a lot less stressful. 223 00:10:41,180 --> 00:10:45,500 Our good friend John Oliver recently took a look at an amazing new product 224 00:10:45,500 --> 00:10:47,510 called a Salmon Cannon. 225 00:10:47,510 --> 00:10:49,700 And we thought we'd take a look. 226 00:10:49,700 --> 00:10:54,200 JOHN OLIVER: Salmon famously have to fight their way upstream to spawn. 227 00:10:54,200 --> 00:10:57,410 But thanks to hydroelectric dams, that's become increasingly difficult. 228 00:10:57,410 --> 00:11:02,807 But don't worry, because as we found out recently, America is on it. 229 00:11:02,807 --> 00:11:04,640 BEN TRACY: I'm Ben Tracy in Washington state 230 00:11:04,640 --> 00:11:08,060 where we're going to introduce you to a pretty sweet piece of technology 231 00:11:08,060 --> 00:11:11,490 known as the Salmon Cannon. 232 00:11:11,490 --> 00:11:14,565 That's coming up on CBS this morning. 233 00:11:14,565 --> 00:11:17,190 JOHN OLIVER: Let me tell you how much I love the Salmon Cannon. 234 00:11:17,190 --> 00:11:21,030 I love it so much, we made our own cannon this week. 235 00:11:21,030 --> 00:11:24,310 So this thing is pretty powerful. 236 00:11:24,310 --> 00:11:26,970 So who wants to give this puppy a go? 237 00:11:26,970 --> 00:11:30,295 Let's see where this salmon ends up. 238 00:11:30,295 --> 00:11:33,420 SPEAKER 3: Of course, situation the Mideast, only getting more complicated. 239 00:11:33,420 --> 00:11:34,753 The US has been bombing pretty-- 240 00:11:34,753 --> 00:11:36,450 [APPLAUSE] 241 00:11:36,450 --> 00:11:38,520 JOHN OLIVER: OK, OK. 242 00:11:38,520 --> 00:11:40,950 So we know it works, we know it works. 243 00:11:40,950 --> 00:11:44,310 Let's try firing two fish somewhere else. 244 00:11:44,310 --> 00:11:45,870 JIMMY FALLON: Thank you spatulas-- 245 00:11:45,870 --> 00:11:46,740 oh, it's a fish. 246 00:11:46,740 --> 00:11:50,065 [LAUGHTER AND APPLAUSE] 247 00:11:50,065 --> 00:11:53,870 248 00:11:53,870 --> 00:11:55,480 JOHN OLIVER: Very nice. 249 00:11:55,480 --> 00:11:58,760 Let's try something a little more difficult. 250 00:11:58,760 --> 00:12:02,240 SPEAKER 4: Picture, And this is what it looks like in-- 251 00:12:02,240 --> 00:12:05,120 JOHN OLIVER: Clearly, this is the greatest object that has ever been 252 00:12:05,120 --> 00:12:07,950 invented, so I am emptying this bucket. 253 00:12:07,950 --> 00:12:09,982 And let us see how big we can go on this thing. 254 00:12:09,982 --> 00:12:12,440 SPEAKER 5: Where we get started with revealing of the crew, 255 00:12:12,440 --> 00:12:13,970 what we really want to do is we'll-- 256 00:12:13,970 --> 00:12:17,393 [CHEERFUL MUSIC PLAYING] 257 00:12:17,393 --> 00:12:18,860 258 00:12:18,860 --> 00:12:20,780 SPEAKER 6: All right. 259 00:12:20,780 --> 00:12:24,140 SPEAKER 7: In this for loop, you're going to want to direct them-- 260 00:12:24,140 --> 00:12:25,700 DAVID MALAN: That's it for CS50 Live. 261 00:12:25,700 --> 00:12:27,825 Thanks so much to the whole team behind the camera, 262 00:12:27,825 --> 00:12:30,980 thanks so much to you for tuning in. 263 00:12:30,980 --> 00:12:33,830 This was CS50. 264 00:12:33,830 --> 00:12:41,080 [GUITAR MUSIC PLAYING] 265 00:12:41,080 --> 00:12:54,251