Posts by Steve Hersey 113 publicly visible posts • joined 11 Aug 2009
When, in times of disaster, the ruler would be ritually sacrificed to carry to the gods a petition for rescue.
Now, I don't personally think those gods existed, but the practice DID tend to have a self-correcting effect on incompetent leadership, and in those cases where the disasters were caused by said incompetence, the petitions were actually effective...
Reminds me of the calibration house that used to annually certify our digital multimeters. We suspected that they were certifying them without actually testing them, so we opened one up, diddled its trimpots well beyond its stated calibration limits, and sent it off. Sure enough, back it came with a fresh sticker -- and still horribly out of calibration.
To your first point, it appears that the MCAS system was added because without it, the aircraft was not stable enough to get flight certification. I'd say that DOES qualify as "inherently unstable," though I'll agree it isn't as inherently unstable as, say, an F-14.
To your second point, it's actually even worse than just fail-safe: If I read the reports correctly, the two-sensor configuration was sold as an extra-cost option; the standard configuration had a single sensor, with no failover capability at all. Set negligence level to "criminal stupidity with a side order of arrogant avarice."
I smell BS coming from Atari in this interview. No major project that is real and being responsibly managed gets THAT close to its release date and then decides, "Well, maybe we'll just change the fundamental CPU architecture." By the time you're carrying engineering prototypes to trade shows to show them off, you damn' well better have settled on a chip architecture. Once settled, you only change that under dire circumstances. Even if the replacement is essentially identical, you don't delay the project for things that "would be nice." Delays to an almost-ready project cost a LOT of money.
The Atari bloke's statements make it clear that the project is nowhere near the state of readiness they would like us to think it is in.
Having listened to the rest of the excerpts, it's even a bit worse than that. They went all the way to a "product launch" when they knew they didn't have working *engineering prototype* hardware (else they'd have been willing to show at least a don't-touch-this static display of an operating prototype.
I agree with Milton's point about Chinese IP theft, but in this case I'm not especially worried about its consequences. Here's why: The US military establishment has a decent understanding that strategic control of space is an enormous military advantage. With that in mind, the competition from China, India and Russia for space launch capability represents a challenge they cannot ignore; keeping the USA's launch capability technologically competitive is thus a must-do thing from their point of view. (Who has an automated mini-Shuttle that can spend a year on-orbit?)
So even if China steals lots of other folks' tech secrets, the competition for space capability will mean that the human species is back in space on an ongoing basis this time. The faster any one party advances, the harder the rest will work to keep up. From a species point of view, that's all to the good.
The cheating and stealing are aggravating, but are at most a damned nuisance, and may even prove neutral to beneficial in the long run. Though we should still feed the bastards some subtly defective designs just to mess with their heads.
It escapes my poor, limited understanding how a scheme that requires a large number of nodes (inherent in its "distributed web of trust") to store EVERY TRANSACTION EVER MADE could possibly be sustainable at a large enough scale to count as a "currency." Yes, "lightweight" nodes can store a subset, but that doesn't fix the fundamental insanity of the design.
Even the global banking system doesn't require every major bank to maintain the full transaction history of all major banks in order to function. For comparison, the Internet Archive only exists as one instance, not replicated X thousand times.
This sounds like a banking system designed by someone who didn't understand banking. There's no way it can possibly scale up far enough to be more than a curiosity/money-laundering tool/means to fleece the unwary.
I once built some external I/O hardware for a ZX80 to drive solid-state relays. The customer wanted to use it to automate a sawmill. They were disinclined to accept the notion that the ZX80 wan't really an appropriate platform for controlling potentially man-killing machinery. I never did get my AC adapter back...
It's not critical if the ground support hardware no longer exists. So long as the documentation on the telemetry formats and comms parameters is still available, some bright grad student or motivated Ham radio operator can set up a software-controlled radio setup to receive and decode it, and the same goes for satellite commanding (though that requires a suitable ground control transmitter, which NASA certainly still has).
Of course, that will require some time and money to set up, but it's not a gargantuan effort. Debugging the recreated commanding system on-orbit can be exciting, but the worst that can happen is you lose the bird again.
Trust me, you don't want to rely on the original ground support equipment after all this time, even if you can find it. If nothing else, the ancient PC's RTC chips with their built-in batteries and configuration memory have gone dead, cannot be sourced any longer, and can only be revived by judicious use of a Dremel grinder, a coin cell battery/holder, and a soldering iron. Been there, done that on satellite ground support gear.
Apple could have derated the batteries properly so that the phones would continue to work as they -- predictably -- aged. Apple being Apple, it's not like profit margins on iThings are razor-thin, so they *could* certainly afford to do a proper engineering job on power management and get $5 less profit per unit.
Every electronic device I've helped to develop in a long career has gone through worst-case analyses and has included design margins to make sure it works reliably over its life, and this always includes power management. If Apple's iCrap won't work with batteries that aren't new any more, it's because Management isn't setting realistic goals for the engineering teams, and that means that Corners Will Be Cut.
... build a case for 'reasonable apprehension of bias'?
I seem to recall that SCO's lawyers tried that trick, and Alsup is certainly wise to it by now. He seems to have a bottomless reserve of cool, and the occasional decapitating strike of sarcasm stays within the limits. This IS going to be fun to watch; he'll grind them up using their own documents as the millstones.
You simply cannot get away with blatantly hiding relevant material from discovery like that and just claiming "they didn't use their company name as a search term." I expect to see their lawyers stripped of attorney-client privilege and hauled into the dock themselves; the misconduct is just that extreme.
On the other hand letting a criminal off when they've clearly done something wrong..........
The US Constitution operates on the principle that incorrectly releasing the guilty is preferable to incorrectly jailing the innocent. That's the theory, anyway.
The point of letting the crim walk away if the evidence was improperly obtained is that if you allow the use of improper evidence, then the whole due-process principle just became unenforceable, and we're right back to forced confessions under torture, faked evidence, and all the other abuses the due-process clause was intended to prevent.
It's a harsh punishment of the cops to toss out their case, true, but the alternative was held to be a worse price to pay.
If the Reg article is correct (there are things said that cannot be verified from the linked docs), then the authors at IOActive are a bit uneven in their research.
The Reg article reports (though I can't find this in the linked docs) a claim that the UR robot has a "static SSH key," which is claimed to facilitate MITM attacks. This is drivel. A given SSH host MUST have a static SSH key, or you cannot authenticate the host; that's how SSH works.
Elsewhere, they make much of happily hacking the Baxter RSDK, blissfully ignorant of the fact that it is *built* for open access, not security. Yes, you can get into the ROS interfaces and do whatever you want; that's the whole point of a "research software development kit;" it isn't meant to be a secured industrial production system.
Still elsewhere, there's mention of carrying out MITM attacks on unencrypted communications traffic. Plaintext traffic is *inherently insecure*, so complaining about MITM is a bit beside the point of "totally insecure comms link." And, as noted above, it is important to know whether the system was intended for use in a hostile environment or in a university environment where open access is the whole point.
Certainly some of these systems are inadequately secured for their advertised purpose, but it's not accurate to slam them all as written by fools.
I do enjoy a good SF movie now and then, but I generally find that the plot depth and special effects are much better in the books.
With the notable exception of Battlefield Earth, which I watched in bored horror one afternoon when marooned in San Jose on a business trip. I kept saying to myself, "That's ridiculous! The book this is based on couldn't possibly be THAT bad!" So I borrowed a copy from the library, skimmed it, and discovered that, yes, it was EXACTLY that bad, if not worse. Fully-functional 1000-year-old F14's and all.
" I'd much rather have a government too incompetent to do anything than a government doing all the wrong things."
Be careful what you wish for. What we have is a government doing deliberately evil and destructive things to great effect, while incompetent to do anything positive. Not to mention being exceedingly corrupt even by comparison with a century's worth of US administrations.
I fail to see any sense in deliberately throwing a grenade into the works of government; it would be far better to work toward a government that furthers rational policies you agree with -- assuming that rational policies are your goal. (I've met enough folks who voted for that nutjob explicitly in order to break the government that rationality cannot be assumed here.)
Immobilizing the government might have been relatively harmless in the 1790s, but it's a lethally bad idea in the 21st century. Drop the ball on climate change, pollution control, voter disenfranchisement, and everything to do with civil rights? Abandon all allies and threaten other nuclear-armed nutjobs? Deliberately destabilize the health insurance markets, such as they are? People will die on account of this stuff. It is indefensible.
The X-rays that got filtered out by ~1 cm of leaded glass in a CRT faceplate had energies of up to 25 KeV max. based on the TV's 25 KV anode voltage. That's pretty soft for X-rays.
The radiation making it through the water at Fukushima (ignoring suspended or dissolved radionuclides for the moment) is essentially all gamma rays, with orders of magnitude higher energy than CRT X-rays. As a result, leaded glass lenses wouldn't block enough of it to notice.
The other thing to keep in mind about radiation shielding, aside from having to shield your electronics from all angles, is that its effect is exponential rather than linear. If 1 cm of solid lead reduces exposure from a particular source by 50%, another 1 cm will only cut THAT dose by another 50% (= 25% of the original incoming dose), so twice the shielding thickness doesn't get you twice the effectiveness. Takeaway is this: Effectively shielding sensitive electronics from high radiation levels requires really bulky, massive hunks of stuff, or else staying far enough away that 1/R^2 is your friend.
I rather prefer the clay pot approach, as a metal can gets hotter on the outside from the fire within (though it is indeed quite fine if placed on a concrete floor). A handle is nice, but for best safety, the container must survive total burnout of the battery without setting anything else on fire.
The savvier R/C model fliers have known of this battery hazard for years. A Web search for "Lipo battery bunker" will show both commercial and home-built versions of fireproof charging containers for flight batteries. Some battery chargers make this a tad difficult by turning the charger into a wall-wart that the battery physically slots into, so the whole thing normally sits on the wall socket.
I have little to no interest in the silly spinners, so the idea of electrifying them evokes only a goggle-eyed wonderment, followed by "Gee, I wonder if they can be hacked remotely to go poof."
And occasionally a stunned chipmunk.
And, on two days running when mice were in short supply, a very large toad from the front garden. THE SAME TOAD, TWICE. Undamaged.
I've always wondered how that went down. Did the cats bribe the toad somehow? Was the toad thinking, "Not this again!" as they carried it into the house?
In the variant I encountered, the message randomly cycled through a set of slight variants, such as, IIRC:
You are in a maze of twisty little passages, all alike.
You are in a maze of little twisty passages, all alike.
You are in a maze of twisty little passages, all different.
The sneaky bit being that the exact message text had no relationship to your actual location in the maze, and would change even if you went nowhere. I have a grudging admiration for the person who thought THAT part up.
I imagine that Uber actively detecting the enforcement authorities in places it wasn't allowed to operate, then feeding them a fake app to conceal the illegal operation, constitutes obstruction of justice. That seems quite apparent, though applying logic to the operations of law is always fraught with the most extreme hazard.
Clearly, I'm *not* the first to think of some of these dark-side things. My first thought when hearing today's Uber-automated-cars-will-Borg-the-taxi-industry story was that there will be a serious problem with vandals fouling automated cabs in assorted unpleasant ways.
Alas, the problem with sarcasm is the same as the problem with cynicism: It's so <expletive> hard to keep up with the you-can't-make-this-stuff-up that reality hands us.
I think the major problem with unreliable news at Internet speed is not that there's a greatly higher fake-to-real ratio (tabloids have been around for more'n a century), but rather that the information firehose is now so big and fast that human processing faculties are overloaded, and end up (metaphorically) lying dead-shorted in a smoking, charred heap.
With the equivalent of a hundred newspapers shouting for our attention every morning, it's not really a surprise that folks pick and choose the news sources that best fir their world views. It's a formula for society to end up in a (literally) lying dead-shorted in a smoking, charred heap, but it's not a surprise.
Back on topic, surely I'm not the first person to read about ubiquitous automated parcel delivery and wonder when and how some nasty minds will try to weaponize it?
So, a notorious monopolist that screws its customers at every opportunity is offering a new jail cell -- I mean, computing experience -- and wants the sheeple to step inside? No, thanks, I'll wait until the hardware has been jailbroken and I can load Ubuntu onto a unit bought from the reminder bin.
I only tolerate Windows because of applications that run on no other platform. These days, that no longer even includes software development environments OR office apps; all the good stuff has versions for Linux. LibreOffice on Linux is amazingly useful. I can only see the Windows S platform being used for sacrificial computing devices to be issued to folks traveling internationally and to run Office apps for road warriors, never for any serious work that can be done on any other OS.
Show me a serious use case for needing to do X in your home from half a world away, and I'll believe there's a reason for it to be on the Internet. 'Course, its security will still be crap ;-)
When I bought my home many years ago, 'twas the first time I'd had a garage door with a remote opener. For yucks, one day I wandered the neighborhood clicking the clicker, and discovered several owners of compatible openers who, like the previous owner of my house, had never changed the default switch settings on their remote openers. It was fun running their doors up and down, but I went home and changed my switch settings right away. Still not really secure, of course, but less miserably INsecure.
I've done IT support as a many-hats activity from time to time, and I know how that world feels on the inside. So for many years I've made it a practice to ALWAYS establish a friendly, supportive relationship with the IT and facilities people. (Not that it's a *good* idea to make enemies anywhere, for that matter.) And always admit your mistakes to IT, especially the bonehead ones.
Aside from making everyone's life easier, this approach yields immense benefits when you really, really need some help from IT or the facilities crew. What goes around, comes around, and when it comes around with a replacement hard drive and a friendly greeting, you'll be glad.
Well, the handset manufacturers basically have no business if they don't continue to buy those chips, as the chips embody standards-essential tech. The manufacturers don't have anywhere else to go until Intel becomes a viable alternative. Consequently, it's no surprise that they continue to place orders...
Or at least much more complicated.
Yes, China has a lot of money sunk into US government debt. However, that provides the second edge on the sword: If China were to dump T-bills onto the market in an effort to punish the US, it would depress the dollar, but the Chinese government would take a massive loss. Lower-cost dollar-priced US exports would also be an increased competitive threat against exports priced in the suddenly higher yuan.
These risks are likely to inhibit any use of China's US debt holdings as a weapon or threat, as that sword is pointy on both ends.
A DDoS is hard to spot at the source end, but is pretty unmistakable at the target end (that's rather the idea, after all). The idea would be something like this: A DDoS target notifies their ISP, who analyzes the attack pattern, then starts back-tracing the source addresses of incoming attack packets and reporting them to participating source ISPs, who then filter or disconnect the originating addresses. A significant percentage of inbound traffic to the target will be malicious in a DDoS, so it's not such a needle-in-haystack proposition if you're the destination ISP.
Other ISPs could conceivably be triggered to get into the act by logging source addresses sending to the affected targets, filtering out the legitimate players, and dealing with the rest.
This is not a simple endeavor by any means, and it would definitely require careful automation, but if properly implemented it could nobble many DDoS attacks and deprive them of effect. Even if you don't actively disconnect attack sources, but simply throttle their traffic to the target, a DDoS could be mitigated to the point where it becomes not worth the trouble.
Agreed, everyone *should* behave responsibly, but the core of the problem is that there are a lot of nonspecialists out there with no idea that this is a problem, and lotsa cheap-artists building insecure junk to sell to them. Educating everyone's Aunt Sally that the cheap baby-cam is a hazard will be a challenge, and getting the cheap-baby-cam folks to clean up their act will be a near impossibility (the sky is high and the Emperor is far away, after all). For that matter, even specialists (like us) would be hard put to name a SOHO router with decent security that we could recommend to our friends.
I agree with your stated principle, it's just that getting everyone to be responsible is difficult and unlikely.
The major ISPs and network infrastructure operators, who of anyone have the most skin in the game, wind up banding together and establishing an infrastructure to (semi-)automatically identify and black-hole the IP addresses of the insecure tat that's doing the DDoS'ing, preferably in close to real time. Your internet connection gets turned off until you fix or disconnect the offending devices on your net.
I already hear you thinking, "But that just creates another hackable service the bad guys can use to disable connectivity for the target of an attack, and this time they don't even need to pwn a thousand devices to do it, just pwn the countermeasure system!" Alas, that argument is true, and weighs against *any* realistic countermeasure; the ISPs would simply have to do a good job designing their system to be resistant to abuse. An imperfect system for sure, but at least it doesn't rely on tat-makers to become responsible netizens.
Clearly, *someone* needs to do a good job designing their system to be resistant to abuse, and it self-evidently won't be the bottom-dollar bottom-feeders making said insecure tat. Until then, it'll continue to be the Wild Wild Web.
Would be to put them in a cheap USB hub attached to a Raspberry Pi powered by a suitably current-limited DC supply, to which Pi you're logged in through the serial port. This allows you to safely peruse the malware on said stick without being pwned, and if it's a BadUSB device, only the $5 USB hub takes one for the team. What are the chances that the USB malware can pwn an ARM-based Pi without your being able to detect it?
You already KNOW (or should at a minimum assume) that there's malware on it, the only question is "what kind, and can I turn the tables on the rat-bastards?"
I see that the thumbnail image on the link to this story is the same as the artwork on the Exploding Kittens rulebook (see also https://twitter.com/Efferve8cience/status/761992085281050624). Are they OK with this use of their artwork?
Hmmm. Full-body mocap would appear to be unnecessary if you have haptic gloves with motion tracking features; you're far more likely to care where your fingers are than your elbows, and the positional details of your legs can be similarly vague. Aside from which, your hands are usually in your normal field of view, which cuts down on the volume that has to be motion-captured.
While I myself am in the "Not quite there yet" camp, I *am* grateful to the early adopters who are buying this kit and thus creating the necessary preconditions for manufacturers to go that last vital, expensive, troublesome 10% of the way to "There it is!"
I'm looking forward to putting on VR kit, sitting in the cockpit of a virtual starfighter, and feeling the clicks as I press the buttons on the virtual control panel. Or even being able to type on a virtual keyboard (hey, now it's a work-related partial-disability adaptation to mitigate RSI from decades of beating on an actual keyboard!)
As I read your article, the thing that jumped out at me, threatening to seize my morning coffee mug and drain it dry before I could reach it, was this: If Apple owns the high-priced end of the smartphone market, and Android phones are only profitable in emerging markets, just who will occupy the midrange? Not Apple (their kit is just too expensive unless you've become addicted to the Kool-Aid), not Blackberry (alas, there's some seriously good kit there), and not WinPhones (the two hundred people using them in the world don't count). It's Android or nothing, then; there's no other contender. Someone will sell those phones and profit, there's a serious demand.
Your piece doesn't address this factor. What would you predict when you take it into account?
Me, I expect Samsung and a flood of cheap Chinese Androids to fill the bulk of the market.
Engineering; the discipline of dealing with technical artifacts that don't work. You start with something that is totally nonfunctional (indeed, nonexistent), perform engineering activity on it, and over time produce something that is nonfunctional at progressively higher levels. Just as soon as it all works, it ceases to be the subject of engineering, and the engineer goes on to something else that doesn't work (yet).
Viewed in this context, that overlooked blown fuse is clearly part of the engineering game. Look at it this way; at least you didn't vaporize an entire crew of astronauts because of a problem you'd been explicitly warned about. Plus, you HAVE a fuse, and the worst-case consequences of the error are noncritical. All part of the game.
I hope this craft has a decent autopilot; with no dihedral on the wings, it's not going to have any inherent attitude stability, meaning that it won't glide stably by itself. What do you have planned in terms of flight testing?
Nearly all free-flight model aircraft are designed to have lots of inherent stability to overcome the absence of an active control system. An active autopilot significantly mitigates this requirement, but tuning the autopilot up is a project all by itself. I hope you folks have a few extra copies for the initial test flights.
I work with a translator, and we have multiple versions of Microsoft Office on hand (some on quarantined PCs so they don't eat one another) specifically so we can deal with documents we receive in Word Version ~!@#$, which frequently aren't even compatible with earlier OR later Word versions. We cannot quite leap away from Microsoft Awful because of compatibility fears. It's not that LibreOffice or OpenOffice.org is incompatible with Microsoft Office; it's that they introduce a few extra incompatibilities. largely because Microsoft's file formats are obscure, poorly implemented, obfuscated trash.
While the various versions of Word interoperate poorly even with one another, we need to reduce file-format pain as much as possible, 'cause the translation clients have NO clue about this issue, and we will get the blame for any format weirdness that crops up. Sticking to the crummy software that created the document will, at least, eliminate another headache we just don't need.
In a more desirable environment, Microsoft and everyone else would be using open file formats, and work life would be easier and more productive. I've never really understood the Microsoft mind set; if they played well with others instead of being monstrously evil, I think they would still be the major player they now are, and still approximately as profitable. They just wouldn't be hated and despised to anything like the degree they now are. (Was it really worth it, Bill?)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
