SPEAKER 1: Follow us for the funky behavior. Make a note on the record we gave you. Feel free, drop your pants, check your hair. Do you like the garments that we wear? I instruct you to be the obeyer, a rhythm recipe that you savor. Doesn't matter if you're minor or major, just to try of the game with a player. And you Inhale like a breath of fresh air. SPEAKER 2: First thing we're going to need is a lot of pictures. Unfortunately, Harvard doesn't keep a public centralized Facebook, so I'm going to have to get all the images from the individual houses that people are in. Let the hacking begin. First off is Kirkland, they keep everything open and allow indexes in their Apache configuration so a little Wget magic is all that's necessary to download the entire Kirkland Facebook. Kids' stuff. Next is Elliot, they're also open but with no indexes on Apache. I can run an empty search and it returns all the images in the database in a single page. And I can save the page and Mozilla will save all the images for me. Lowell has some security, they require a username and password combo. And I'm going to go ahead and say they don't have access to the main SAS user database. So they have no way of detecting an intrusion. Adams has no security but limits the number of results to 20 a page. All I need to do is break out the same script I used on Lowell and we're set. Dunster is intense, not only is there no public directory, but there's no directory at all. You have to do searches-- [YELLING] You search for things more-- DAVID MALAN: Hello, world. This is CS50 Live, and boy do we have a good show for you today. That of course was acclaimed film, The Social Network. And then of course, was my acclaimed colleague CS50 Zone, Ramon [? Galvan, ?] who you may recall from such films as season zero, episode five. Now, whether or not you knew it, all these years you've been doing what's called two dimensional printing using an Inkjet or Laserjet printer. It turns out, though, that all the rage these days is a new technology known as 3D printing. Whereby, you can actually print three dimensional objects. There's any number of technologies via which you can print in three dimensions, one of which is called FDM. And we recently sat down with CS50 Zone and sealed off to talk about how we in CS50's production team could solve an actual problem. Let's take a look. ANSEL: Hi, my name is Ansel, I'm a senior in mechanical engineering here at Harvard School of Engineering and Applied Sciences and I'm a member of CS50's team. So 3D printing is a rapid prototyping method that allows us to design a part in a CAD modeling program and then print it out painlessly and very rapidly. There are a few different 3D printing methods that we often use. Stereolithography being one of them and FDM being another one. FDM stands for fused deposition modeling, which is just a fancy way of saying that the printer extrudes some molten material, often plastic, onto a plate in layers. So when we design a part like a cube, for example, the printer will just print it layer by layer until it's completed the structure. Oftentimes, we'll design the part to be solid, but printing a solid part is both time and material inefficient. So there's some algorithm within 3D printer that creates a honeycomb internally that maintains the parts' rigidity but doesn't use a ton of time and a ton of material. Here's one of the cameras that we use at CS50. And you'll notice that there's this massive lens attached to the end of it. If we just let this lens be supported only at the attachment point to the camera, it's a big cantilever and it puts a lot of stress on this joint. So what we will often do is use a support like this. So this support, as you can tell, has two holes in it. And it's designed to slide onto these rails and there's a support slider, I guess, that just pops up and attaches to the bottom of this camera. Because this camera is a little bit taller than what we're used to, this support is too short and it won't actually meet the lens. So if I were to slide it onto the rails, there's a big gap between the top of the support and the bottom of the lens. So this is a perfect opportunity for something like a 3D printed part to mate the lens and the support. We can design it pretty easily, take a couple of measurements from the camera, and then print out a part that will adapt our support to our lens. So here's a modified support piece that I printed and I had just simply designed this black support structure that has these crosses in it to screw on to our support that came with the camera and then mate the lens with this curved structure at the top here. So we can slide this on and then move this piece up and down until it supports the lens completely. It's a pretty simple solution to a pretty simple problem, and we were able to make it very rapidly. This part took under an hour to print and it took maybe 10 minutes to cat up, so pretty easy solution. If this part were machined out of maybe aluminum or steel, it would have taken several hours of tedious machining for a part that would end up being ultimately overbuilt and overkill for the problem. So here's a great example of how 3D printing works DAVID MALAN: And now for a new segment, we like to call-- [LOUD BANGING] Yes, indeed. Samsung and other manufacturers have been producing of late something called smart TVs, which generally mean that they have an internet connection, so that they can download TV guide information and other interactive content. Unfortunately, it also means that these TVs tend to have other hardware as well, including microphones so that you can upon hitting a button on the remote or speaking some spoken command trigger your TV to start listening to you at which point it uploads your words to Samsung servers, analyzes them, and then responds accordingly on the TV to your voice commands. In other words, if you're sitting at home watching TV in your living room or if you're lying in bed watching TV in bed, Samsung is there with you. Now, it turns out that recently came to light is this clause here from Samsung's own privacy policy. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party, in this case Samsung. Now thankfully a day later, Samsung responded with this reassurance on February 6th. Samsung takes consumer privacy very seriously. In all of our smart TVs, we employ industry standard security safeguards and practices, including data encryption to secure consumers' personal information and prevent unauthorized collection or use, whew. In fact, what Samsung has been doing is this as came to light a few days later, all of those voice commands that you might be speaking into your smart TV are being transmitted to this address here, nuancemobility.net. And thankfully, at least at first glance, they're being transmitted on TCP port 443, which generally indicates that the connection is secure because it's using HTTPS. Unfortunately, this is just a convention that encrypted data is generally sent on port 443. You can send any data you want, and indeed, Samsung is taking advantage of that opportunity. It turns out that some security researchers at a company called Pen Test Partners. Using open source software called Wireshark, listen to the traffic that was being sent from one of their Samsung Smart TVs to Samsung's servers and what they discovered was this. A bit cryptic to be sure at first glance, but it is nonetheless clear text. This is a markup language, not unlike HTML, called XML inside of which is some encoded audio data. And sure enough, these same researchers were able to decode that audio data, ultimately revealing their own spoken words being sent in the clear over the internet to Samsung. Indeed their conclusion was this, so it does kind of spy on you, but then leaks the spy data out onto the public internet. Now thankfully, Samsung has responded as follows. Samsung takes consumer privacy very seriously and our products are designed with privacy in mind. Our latest smart TV models are equipped with data encryption and software update will soon be available for download on other models. And now for another stressor, it turns out the computer manufacturer Lenovo has been doing the following. Pre-installed for quite some months has been software called Superfish, which ostensibly is designed to inject additional search results into images that you might be searching for on something like Google images or the like. Thereby, providing you effectively with some advertisements or links to related information. Unfortunately, Superfish has been doing this by breaking how HTTPS works. In other words, if you normally visit a website that is encrypted with HTTPS, you'd hope to see a URL bar like this. This for instance is a US Bank called bankofamerica.com. And indeed, that green URL bar and the fact that it starts with HTTPS is generally a good thing, because it means you have an encrypted connection between you and bankofamerica.com's websites. And if you were to look at the SSL certificate being used for this encryption by some sequence of commands in your browser, you would hopefully see a window not unlike this. And if you focus in on there on who issued the so-called security certificate, you would hopefully see a reputable party like VeriSign who signs many of these so-called SSL certificates in the world. Unfortunately, if you own a Lenovo computer as this researcher here did and with his camera phone took a photo of what he saw. He saw this window here, which if we focus in on that same line, the security certificate being issued by Bank of America that he received was apparently issued by Superfish Inc. In other words, the software that's being pre-installed on these Lenovo computers is effectively pretending to be bankofamerica.com, gmail.com, facebook.com, any number of websites that normally have their own security certificates. But no, Superfish is instead masquerading as a so-called man in the middle presenting its own security certificates as though they belong to Bank of America and the like. Indeed, if you start poking around the so-called root certificates on your Windows computer, you might see a line like this, which indeed indicates that one of the root certificates, the most powerful in a computer, it was in fact installed as Superfish's own. So not only is this bad in the context of this software on your own computer potentially spying on your otherwise encrypted traffic, it also means that so can anyone else nearby you in Starbucks or an airport alike where there's some Wi-Fi, because every Lenovo computer that has the Superfish software also has the same public and private key, which means even if some other Lenovo computer is in fact encrypting data, albeit with Superfish's certificate, then that data is being sent over the Wi-Fi encrypted. But so can anyone else on that connection, decrypt that same data because they of course, have the same key. Now thankfully, Lenovo has since responded as follows. Superfish was previously included on some consumer notebook products shipped between September 2014 and now February 2015 to assist customers with discovering product similar to what they are viewing. However, user feedback was not positive to say the least and you can confirm as much yourself with a bit of Googling. And we responded quickly and decisively. And indeed, they have begun to remove and provided users with instructions for removing this software. And if you'd like to learn more because you own a Lenovo laptop, do take a look at this URL here. And now for something a lot less stressful. Our good friend John Oliver recently took a look at an amazing new product called a Salmon Cannon. And we thought we'd take a look. JOHN OLIVER: Salmon famously have to fight their way upstream to spawn. But thanks to hydroelectric dams, that's become increasingly difficult. But don't worry, because as we found out recently, America is on it. BEN TRACY: I'm Ben Tracy in Washington state where we're going to introduce you to a pretty sweet piece of technology known as the Salmon Cannon. That's coming up on CBS this morning. JOHN OLIVER: Let me tell you how much I love the Salmon Cannon. I love it so much, we made our own cannon this week. So this thing is pretty powerful. So who wants to give this puppy a go? Let's see where this salmon ends up. SPEAKER 3: Of course, situation the Mideast, only getting more complicated. The US has been bombing pretty-- [APPLAUSE] JOHN OLIVER: OK, OK. So we know it works, we know it works. Let's try firing two fish somewhere else. JIMMY FALLON: Thank you spatulas-- oh, it's a fish. [LAUGHTER AND APPLAUSE] JOHN OLIVER: Very nice. Let's try something a little more difficult. SPEAKER 4: Picture, And this is what it looks like in-- JOHN OLIVER: Clearly, this is the greatest object that has ever been invented, so I am emptying this bucket. And let us see how big we can go on this thing. SPEAKER 5: Where we get started with revealing of the crew, what we really want to do is we'll-- [CHEERFUL MUSIC PLAYING] SPEAKER 6: All right. SPEAKER 7: In this for loop, you're going to want to direct them-- DAVID MALAN: That's it for CS50 Live. Thanks so much to the whole team behind the camera, thanks so much to you for tuning in. This was CS50. [GUITAR MUSIC PLAYING]