According to the Center for Automotive Embedded Systems Security, there are serious security flaws in the existing technology. Not necessarily a big deal, for now, as they observe that the risks are low at the current time. Emphasis on "current". They also state that no crackers have been observed to use the required level of sophistication. Again, emphasis needs to be on "observed". Yes, it may well be a while before automotive networks reach the point where this is exploited in the wild (at least to any scale), but I would remind you that it took Microsoft from Windows 3.0 through to Windows XP Service Pack 2 to take security even remotely seriously. That's a long, long time. And Microsoft had nothing like the install-base of the car industry. Further, the qualifications required by most companies to be a system administrator were a good deal steeper than the requirements for a car mechanic, so systems administrators were likely far more familiar with the issues involved. Also, said systems administrators are far more accountable for security issues, since there are plenty of third-party tools that novice users can use to spot malicious software.

The first question is why this even matters. It doesn't affect anyone today. No, but it's guaranteed to affect at least some current Slashdot readers in their lifetime and, depending on how rapidly car networks develop, may affect a significant fraction surprisingly fast. Technology doesn't move at Stone Age speeds any more. Technology advances rapidly and you can't use obsolete notions of progress to determine what will happen next year or over the next decade.

The second question is what anyone could seriously do, even if it was an issue. Not too many Slashdotters own automotive companies. In fact, I doubt if ANY Slashdotters own automotive companies. Well, the validation tools are Open Source. MISRA has a fair few links to members and software packages. In fact, even if developers just developed an understanding of MISRA's C and C++ specifications it might be quite valuable as it would allow people to understand what is being done (if anything) to improve reliability and to understand how (if at all) this impacts security. You don't get reliability for free, there will be some compromises made elsewhere.

I've been having problems with Enterprise DB. This company maintains the Windows port of Postgres, but I have been finding their customer service.... less than satisfactory. This is the second time in, oh, 21 years that I've actually been infuriated by a company. However, to be entirely fair to the business and indeed the sales person, it is entirely possible this was a completely freak incident with no relationship to normal experience. There were all kinds of factors involved, so it's a messy situation all round, but the hard-sell aggressiveness and verbal abuse went way beyond what I have ever experienced from a professional organization in two DECADES. What I want to know from other Slashdotters is whether this is about on-par with the tales of meteorites landing on someone's sofa (which is my personal suspicion) or whether it's a more insidious issue. Please, please, please, do not take one incident as a general rule. I've not seen any article on Slashdot or LWN reporting wider issues with them, which you know perfectly well would have happened had there been a serious, widespread problem. Especially with all of the reporting on database issues over recent times and the search for alternatives to MySQL once leading developers defected and major forks arose.

This is, however, a major question. Like it or not, we need databases we can rely on and trust, which means that when they are backed by companies, we need the companies that back them to be honorable. (PostgreSQL itself isn't owned, so I trust the engine itself just fine. The development team is very impressive - and, yes, I do monitor the mailing lists.) Value-added only has any added value if it's valuable.

What is worse, from my perspective, is that my current boss is now treating it like this is how companies work when reselling Open Source products. His practical experience was being on the receiving end of all this. If we're to take advantage of the freedom (and bloody high quality) provided in the Open Source world, I need to deprogram him of the notion that they give hassle and sell grief. Does anyone have any experience doing this?

New JonesBlog update. Experiments
 

A petition calling for the return of perhaps the most important television show since The Great Egg Race is currently running but isn't exactly getting anywhere fast. It is vitally important that intellectually-stimulating shows be encouraged -- the consequence of failure (24 hours of Jersey Shore on all channels) is too horrible to contemplate. Unfortunately, as things stand, that's exactly what we are heading towards. Save your television and your mind before it's too late!

I had checked out... The environment was so complete that for a discrete moment I had completely forgotten that we were still in the continental United States. Perhaps it was the smell of kebabs cooking or the sound of Nusrat Fateh Ali Khan playing from the electronics shop that also sold pirated Western DVDs or the afternoon call to prayer coming from the tops of the minarets in the local mosque. It could have been the women selling bread, fruits or flowers by the side of the road or the Arabic men playing backgammon in the cafe with shisha pipes. Toyota trucks or bicycles being repaired in the roadside repair shops under Iraqi flags added to the realism along with a tangle of wires on poles carrying telephone and electricity around town with satellite dishes for television on rooftops were added elements. But the thing that completed it was the sound of Baghdadi Arabic from a gentleman greeting us as we drove through town.

Read all about it here. Medina Wasl with the 3rd Special Forces Group

New JonesBlog update. Sundance New Frontier 2010 and a Banksy sighting

I ran up to Park City for the Sundance Festival and to photograph an art installation, the Cloud Mirror by Eric Gradman. The point of the Cloud Mirror is to search out information on the Internet about visitors and merge that information with a real time image of the person on an LCD screen in front of them using computer vision to augment reality. You see yourself reflected back live, in person on the LCD screen in front of you with a thought bubble out of a comic book superimposed next to your head displaying all sorts of information that can be dug up through the Internet. The Cloud Mirror searches Facebook, Twitter, Flickr, IMDB, sex offenders databases and displays activities, relationship status, your favorite movies, books, music, any status updates you post etc...etc...etc... along with snarky comments.

I flew down to Las Vegas to do some work that I'll talk about here later. But while I was in town, I took two days to document Media Day and Shot Show 2010 for a number of sources including Wired, The Firearm Blog and other resources. There was some interesting new technology including a new pistol from Armatix that uses RF signals to disable the sidearm if it is too far from the wristwatch the accompanies it. Also new ballistics computers that are mounted on rifles are discussed.

New JonesBlog update(s). Shot Show 2010 Media Day

Shot Show 2010. The Actual Shot Show

and a little after party. AAC Big Bang Party

New JonesBlog update. Bionic implants

The device seen in these images is called the Utah Electrode Array (WARNING: potentially graphic image after the jump of an implant in a human brain). The Utah Electrode Array is a brain implant technology developed here at the University of Utah by Richard Normann. The purpose of this device, built by currently built for us by Blackrock Microsystems is to transduce signals from external devices to deliver to the brain for interpretation. Alternatively, the device can record impulses generated in the brain for delivery of neural signals to external devices. Our potential interests in this approach are manifold, but real use and implementation of these devices is some years away still.

New JonesBlog update. Bonneville Speed Week 2009

New JonesBlog update. Its spelt F-L-Y

New JonesBlog update. USS Toledo SSN-769

The venerable BBC is reporting that a survey of light emitted from white dwarfs showed that between 1% and 3% had material (such as silicon) falling into the star on a continuous basis, potential evidence of dead worlds and asteroids. On this basis, the authors of the study speculate that the same percentage of mainstream stars in the active part of their life will have rocky matter. This is not firm evidence of actual planetary formation, as asteroids would produce the same results, but it does give an upper bound and some idea of what a lower bound might be for planetary formation.

Aside from being a useful value for Drake's Equation, the rate of planetary formation would be valuable in understanding how solar systems develop and what sort of preconditions are required for an accretion disk of suitable material to form.

Because the test only looked for elements too heavy to have been formed in the star, we can rule out the observations being that of cometary debris.

New JonesBlog update. A Computational Framework for Ultrastructural Mapping of Neural Circuitry

We have just published a manuscript in PLoS Biology where we describe how to build a complete and accurate neural network. This of course is one of the long standing holy grails in neuroscience. So, this effort meets two goals: 1) It meets the goals of building a complete neural connectome (we'll be finished collecting all of the data with cell identity, physiologic response and all synaptic connectivity in approximately six days) and 2) It defines a workflow whereby investigators from around the planet can download and use the tools we are providing to build their own connectome projects using existing infrastructure. We are making those tools available here to enable other groups to assemble, browse and annotate the terabyte sized datasets required of connectome level projects.

Four fireballs, glowing blue and orange, were visible last night over the skies of the Carolinas on the southeast coast of the United States, followed by the sound of an explosion described as being like thunder. Reports of hearing the noise were coming in from as far afield as Connecticut. There is currently no word from NASA or the USAF as to what it could be, but it seems improbable that anything non-nuclear the military could put up could be heard over that kind of distance. It therefore seems likely to be a very big meteorite.

The next question would be what type of meteorite. This is not an idle question. The one slamming into the Sudan recently was (a) extremely big at an estimated 80 tonnes, and (b) from the extremely rare F-class of asteroid. If this new meteorite is also from an F-class asteroid, then it is likely associated with the one that hit Sudan. This is important as it means we might want to be looking very closely for other fragments yet to hit.

The colours are interesting and allow us to limit what the composition could have been and therefore where it came from. We can deduce this because anything slamming through the atmosphere is basically undergoing a giant version of your basic chemistry "flame test" for substance identification. We simply need to look up what metals produce blue, and in so doing we see that cadmium does produce a blue/violet colour, with copper producing more of a blue/green.

Other metals also produce a blue glow and tables of these colours abound, but some are more likely in meteoric material than others. Cadmium exists in meteorites. Well, all elements do, if you find enough meteorites. but it exists in sufficient quantity that it could produce this sort of effect. (As noted in the chemmaster link, low concentrations can't be detected by this method, however this is going to be vastly worsened by the fact that this isn't a bunsen burner being used and the distance over which you're observing is extreme.)

Ok, what else do we know? The fireballs were also orange. Urelites, such as the Sudan impact, contain a great deal of calcium, which burns brick-red, not orange. This suggests we can rule out the same source, which in turn means we probably don't have to worry about being strafed the way Jupiter was with the Shoemaker-Levy comet (21 impacts).

What can we say about it, though? Well, provided the surviving fragments didn't fall into the ocean, it means every meteorite hunter on the planet will be scouring newspaper stories that might indicate where impacts occurred. Meteoric material is valuable and anything on a scale big enough to be heard across the entire east coast of the US is going to be worth looking for. It had split into four in the upper atmosphere, so you're probably looking at a few thousand fragments reaching ground level that would exceed a year's average pay.

New JonesBlog update. Desire...