According to the Center for Automotive Embedded Systems Security, there are serious security flaws in the existing technology. Not necessarily a big deal, for now, as they observe that the risks are low at the current time. Emphasis on "current". They also state that no crackers have been observed to use the required level of sophistication. Again, emphasis needs to be on "observed". Yes, it may well be a while before automotive networks reach the point where this is exploited in the wild (at least to any scale), but I would remind you that it took Microsoft from Windows 3.0 through to Windows XP Service Pack 2 to take security even remotely seriously. That's a long, long time. And Microsoft had nothing like the install-base of the car industry. Further, the qualifications required by most companies to be a system administrator were a good deal steeper than the requirements for a car mechanic, so systems administrators were likely far more familiar with the issues involved. Also, said systems administrators are far more accountable for security issues, since there are plenty of third-party tools that novice users can use to spot malicious software.

The first question is why this even matters. It doesn't affect anyone today. No, but it's guaranteed to affect at least some current Slashdot readers in their lifetime and, depending on how rapidly car networks develop, may affect a significant fraction surprisingly fast. Technology doesn't move at Stone Age speeds any more. Technology advances rapidly and you can't use obsolete notions of progress to determine what will happen next year or over the next decade.

The second question is what anyone could seriously do, even if it was an issue. Not too many Slashdotters own automotive companies. In fact, I doubt if ANY Slashdotters own automotive companies. Well, the validation tools are Open Source. MISRA has a fair few links to members and software packages. In fact, even if developers just developed an understanding of MISRA's C and C++ specifications it might be quite valuable as it would allow people to understand what is being done (if anything) to improve reliability and to understand how (if at all) this impacts security. You don't get reliability for free, there will be some compromises made elsewhere.

I've been having problems with Enterprise DB. This company maintains the Windows port of Postgres, but I have been finding their customer service.... less than satisfactory. This is the second time in, oh, 21 years that I've actually been infuriated by a company. However, to be entirely fair to the business and indeed the sales person, it is entirely possible this was a completely freak incident with no relationship to normal experience. There were all kinds of factors involved, so it's a messy situation all round, but the hard-sell aggressiveness and verbal abuse went way beyond what I have ever experienced from a professional organization in two DECADES. What I want to know from other Slashdotters is whether this is about on-par with the tales of meteorites landing on someone's sofa (which is my personal suspicion) or whether it's a more insidious issue. Please, please, please, do not take one incident as a general rule. I've not seen any article on Slashdot or LWN reporting wider issues with them, which you know perfectly well would have happened had there been a serious, widespread problem. Especially with all of the reporting on database issues over recent times and the search for alternatives to MySQL once leading developers defected and major forks arose.

This is, however, a major question. Like it or not, we need databases we can rely on and trust, which means that when they are backed by companies, we need the companies that back them to be honorable. (PostgreSQL itself isn't owned, so I trust the engine itself just fine. The development team is very impressive - and, yes, I do monitor the mailing lists.) Value-added only has any added value if it's valuable.

What is worse, from my perspective, is that my current boss is now treating it like this is how companies work when reselling Open Source products. His practical experience was being on the receiving end of all this. If we're to take advantage of the freedom (and bloody high quality) provided in the Open Source world, I need to deprogram him of the notion that they give hassle and sell grief. Does anyone have any experience doing this?

Some time around 2005, Slashdot ran an article about a new hosting company, MacMiniColo that was taking advantage of the new machines that Apple had just released to offer cheap hosting. I got in contact with them, and a little while later, I had a Mac Mini, sitting in a rack somewhere, running OpenBSD and acting as my dedicated server. A 1.42GHz G4 CPU, 512MB of RAM, and an 80GB disk was (and still is) more than adequate for my needs. The biggest load on it is eJabberd, and even that only used under 1% of the CPU.

I had really great service from these people. The hard drive failed a little under a year after I bought the Mini, and Apple refused to honour the warranty because they couldn't find the records of the sale (then, a few weeks later, they could, but by then it was out of the warranty period). MacMiniColo replaced the disk for me at their own expense.

After five years with them, however, I had a little look around and noticed that VPS hosting has gone down in price a lot. I've written a book on Xen, so I thought I might try a Xen-based VPS now that FreeBSD has Xen support.

GigaTux only claims to offer Linux, but I dropped them an email and they were happy to install FreeBSD for me. I still haven't tried the Xen-enabled kernel yet; they installed the stock x86-64 kernel in an HVM domain for me and performance has been fantastic.

I'm sharing a server with 64 other guests and in spite of that performance tends to be better than my ageing Mac Mini. I was getting 1000IOPS while untaring the ports tree, which is far more than the Mini's old 2.5" laptop drive could handle, and is amazing considering that it's going via the slow, QEMU-derived, emulated device, rather than the fast PV driver. I've been installing software from ports, so everything is compiled on the machine, and even that has been fast.

And my Mini? They found someone else who wants it, and offered me about a third of what I paid for it originally - not bad depreciation after five years of constant use. Shipping it back to the UK would have cost almost as much as buying one on eBay, so I sold it on. Hopefully someone else will get some good use out of it.

As an aside, I've been really impressed by how well OpenBSD works on Mac/PowerPC hardware. If you've got an old Mac Mini lying around, chuck OpenBSD on it and you've got a reasonable low-volume server. The newer ones, of course, are x86 hardware, so will run just about anything.

There are two reasons why I don't use GNU/Linux: One is GNU, the other is Linux. Of these, the larger reason is GNU, and specifically the glibc part. The most recent reinforcement of this is Ulrich Drepper's inability to read the C specification.

For those not familiar with the C specification, all identifiers that start with an underscore are reserved for the implementation (see section 17.4.3.1.2). You should never use them in your own code, because your compiler is completely free to do whatever it wants with them. By convention, single underscores are used for global non-standard libc extensions and double underscores are used for compiler builtins.

You can find a number of these in existing compiler. Microsoft exposes SEH with keywords like __try. GCC provides __asm for inline assembly, ICC uses __cpuid for accessing the CPUID instruction, and so on. Clang added __block as a type specifier for their variables that are copied to the heap for use by blocks (closures).

Unfortunately, it turns out that the glibc headers use __block as a parameter name. There are several things wrong with this. One is that they use double underscores at all. By convention, these are reserved for the compiler, while single underscores are reserved for the libc. The second is that they used underscores at all in a parameter. Parameter names are not in the global scope, so they can be anything to prevent name clashes.

The result of this is that, if you use glibc, you can't also use blocks. This is a shame, because we (Etoile) were shipping a working blocks implementation six months before Apple. Well, working on *BSD and Solaris (and probably Windows, QNX and Symbian with PIPS, but not tested there). This problem means that it doesn't work on GNU/Linux.

No problem for me. I only use platforms with libc implementations written by people who can read specs. It may be a problem for some of you, if you use a broken platform with a libc maintained by someone who'd rather salvage his ego than fix a problem, and if it is then I'm sorry for you. My suggestion is that you remember that there are other options.

A petition calling for the return of perhaps the most important television show since The Great Egg Race is currently running but isn't exactly getting anywhere fast. It is vitally important that intellectually-stimulating shows be encouraged -- the consequence of failure (24 hours of Jersey Shore on all channels) is too horrible to contemplate. Unfortunately, as things stand, that's exactly what we are heading towards. Save your television and your mind before it's too late!

I saw recently that FreeBSD 8 was in BETA state. I ran 7-CURRENT for a while, because it had features I wanted to test (improvements to the OSS implementation mainly), so I thought I'd give it a try.

This time, rather than doing my usual source install, I tried a binary upgrade using freebsd-update. What a disaster. While the source upgrade procedure uses mergemaster to update configuration files, letting you just keep the new version of files you haven't modified, freebsd-update makes you merge them all by hand where there is a conflict. This wouldn't be a problem, except that all of the config files have a version line at the top, which conflicts between the two versions.

Inevitably, when manually handling the merge for a few dozen files, I missed an important bit so my first boot failed with an error complaining about the diff lines still being in the file. I fixed that, and rebooted.

My next boot failed because one of the startup scripts had replaced an if statement with a case. Unfortunately, this hadn't shown up as a conflict, so it had just taken the start of the case statement and the end of the if, giving nonsense. Fortunately, I was able to find the correct version in CVS and copy it out.

Next boot, my network interfaces weren't working. Actually, this was a problem I'd found earlier. When you update FreeBSD, you update the kernel, reboot, then update the userland (the new kernel is guaranteed to support the old userland, but the converse is not true). The em driver for Intel GigE cards complained that they both had invalid MAC addresses. Not a huge problem; it's a VM so I could just change the kind of virtual network card it was providing to the machine, but checking the bugs database I discovered that it's giving the same error for people with ThinkPads that actually do have this kind of hardware built in. Great.

Finally, my system decided to fail to boot with the error:

mounting /etc/fstab failed, startup aborted

Strange, I thought, I wonder which disk is failing to mount. A quick check in single-user mode showed that everything in fstab had mounted correctly. I eventually tracked this down to a bug in /etc/rc.d/mountcritlocal. This is not present in CVS, so it's probably introduced by the merge process. The value of $? (the exit value from the last command) is stored in $err, another command is run, and then there is supposed to be a switch statement branching on $err, which instead is branching on $?.

I've run betas, release candidates, and even the development branch of FreeBSD before, but 8-BETA2 is the first time I've ever had a FreeBSD install that feels like a beta. The merging done by freebsd-update seems completely broken; it prompted me for things it could have trivially done automatically, but failed to prompt me when it broke random system files. My system is now working again, but it's irritating to have to spend this much effort on an update.

Does anyone remember Frontier, a space trading game from the '90s? No, not that one, but a much lesser-known top-down game that only ran on Windows NT. It was released back in '95 and I found it a couple of years later when I was running NT 4 on my PC.

The game was incredibly addictive, but it was unfinished. The version I had was 0.5, and Altavista (this was a few years before Google) was unable to find a newer version. The gameplay owed a lot to games like Nethack. You started off in one solar system and then got to the next through a jump gate (analogous to descending to the next dungeon level). Over time, you'd upgrade your ship, with better shields and weapons, and progress further. Being a 0.5 release, there were a few things missing. The lack of sound was a shame, but the real killer was that there was no save system. You could play for an hour, then get hit by a stray nuclear warhead and have to start from the beginning. A game with so much potential, but it never went anywhere...

...or so I though. Over the weekend, some random googling turned up the author's web site and it turns out that he has recycled a lot of the ideas into a brand new game: Transcendence. This has a improved graphics, sound, and working savegames (nicely integrated into the game so they aren't a crutch). The story line is much expanded on Frontier (which was basically 'you are in space. Have fun') and the universe is much richer. Things I liked in the original, like the randomly-generated solar systems, the black market and the different possible gameplay styles are all still there, but now there is a rich backdrop and the player can choose to help the military, fight pirates, provide comet-grown food for expensive restaurants, or any combination.

There's one down side: It's still Windows-only, and I don't have a Windows machine anymore. Fortunately, it runs very well in WINE. I've playing it on the Mac in the free version of CrossOver Games that was released last year.

Oh, and if anyone's interested, you can still download Frontier 0.5. It does have one advantage over the newer game; the AI didn't have any sensible friendly-fire logic, so you could easily destroy (and loot) friendly space stations by getting one of the ships defending it to fire while docked. This was easy to do: just get the pirates to chase you there and when their stray shots hit the station all of the docked ships will launch firing. This works really well for the black market outpost, which is protected by very powerful ships and is full of fun technology to steal.

The venerable BBC is reporting that a survey of light emitted from white dwarfs showed that between 1% and 3% had material (such as silicon) falling into the star on a continuous basis, potential evidence of dead worlds and asteroids. On this basis, the authors of the study speculate that the same percentage of mainstream stars in the active part of their life will have rocky matter. This is not firm evidence of actual planetary formation, as asteroids would produce the same results, but it does give an upper bound and some idea of what a lower bound might be for planetary formation.

Aside from being a useful value for Drake's Equation, the rate of planetary formation would be valuable in understanding how solar systems develop and what sort of preconditions are required for an accretion disk of suitable material to form.

Because the test only looked for elements too heavy to have been formed in the star, we can rule out the observations being that of cometary debris.

Four fireballs, glowing blue and orange, were visible last night over the skies of the Carolinas on the southeast coast of the United States, followed by the sound of an explosion described as being like thunder. Reports of hearing the noise were coming in from as far afield as Connecticut. There is currently no word from NASA or the USAF as to what it could be, but it seems improbable that anything non-nuclear the military could put up could be heard over that kind of distance. It therefore seems likely to be a very big meteorite.

The next question would be what type of meteorite. This is not an idle question. The one slamming into the Sudan recently was (a) extremely big at an estimated 80 tonnes, and (b) from the extremely rare F-class of asteroid. If this new meteorite is also from an F-class asteroid, then it is likely associated with the one that hit Sudan. This is important as it means we might want to be looking very closely for other fragments yet to hit.

The colours are interesting and allow us to limit what the composition could have been and therefore where it came from. We can deduce this because anything slamming through the atmosphere is basically undergoing a giant version of your basic chemistry "flame test" for substance identification. We simply need to look up what metals produce blue, and in so doing we see that cadmium does produce a blue/violet colour, with copper producing more of a blue/green.

Other metals also produce a blue glow and tables of these colours abound, but some are more likely in meteoric material than others. Cadmium exists in meteorites. Well, all elements do, if you find enough meteorites. but it exists in sufficient quantity that it could produce this sort of effect. (As noted in the chemmaster link, low concentrations can't be detected by this method, however this is going to be vastly worsened by the fact that this isn't a bunsen burner being used and the distance over which you're observing is extreme.)

Ok, what else do we know? The fireballs were also orange. Urelites, such as the Sudan impact, contain a great deal of calcium, which burns brick-red, not orange. This suggests we can rule out the same source, which in turn means we probably don't have to worry about being strafed the way Jupiter was with the Shoemaker-Levy comet (21 impacts).

What can we say about it, though? Well, provided the surviving fragments didn't fall into the ocean, it means every meteorite hunter on the planet will be scouring newspaper stories that might indicate where impacts occurred. Meteoric material is valuable and anything on a scale big enough to be heard across the entire east coast of the US is going to be worth looking for. It had split into four in the upper atmosphere, so you're probably looking at a few thousand fragments reaching ground level that would exceed a year's average pay.

There was once a man who was a Jack-of-all-trades; he had served in the war, and had been brave and bold, but at the end of it he was sent about his business, with three farthings and his discharge.

"I am not going to stand this," said he; "wait till I find the right man to help me, and the king shall give me all the treasures of his kingdom before he has done with me."

Then, full of wrath he went along the road and came to a huntsman who was kneeling on one knee and taking careful aim with his musket.

"Huntsman," said the leader, "what are you aiming at?"

"Two miles from here," answered he, "there sits a fly on the bough of an oak-tree, I mean to put a bullet into its left eye."

"Oh, come along with me," said the leader; "the two of us together can stand against the world."

The huntsman was quite willing to go with him, and so they went on till they came to a man standing on one leg, and the other had been taken off and was lying near him.

"You seem to have got a handy way of resting yourself," said the leader to the man.

"I am a runner," answered he, "and in order to keep myself from going too fast I have taken off a leg, for when I run with both, I go faster than a bird can fly."

"Oh, go with me," cried the leader, "three of us together may well stand against the world."

And to make the long story short, he went and gathered a few more companions, each with a grander claim to some super-ability than the others.

Meanwhile, the old king had tried to persuade his daughter to marry the young and respected son of a duke, for he had no sons and was thinking that the future duke might once make a good king too. Unfortunately the young princess had read a few books too many, and was fond of imagining herself as quite the real Amazon. She demanded of her father that if any man is to win her hand, he must best her in a contest of speed, endurance and military skill, like some ancient queen was said to have chosen her husband. And any man entering the contest must be willing to bet his very life on the outcome.

Now the king was fairly open minded for that age, and more than willing to admit that some women could make fine warriors. His people were still remembering the fierce shieldmaidens of the northmen, for example. But his daughter had always been a sickly bookworm, always short of breath, and also a little on the chubby side. The thought of her besting a trained knight was too much.

Wisely, the king said he'll go to his room to think about it, and laughed himself nearly to death into the pillow.

Still, he figured out that it's simpler than arguing with his daughter. So he agreed to send the town cryer to proclaim the decision. Secretly, he also sent a runner to the duke, urging him to send his son with the swiftest horse to enter the contest he cannot possibly lose.

Unfortunately for the duke's son, the ex-mercenary and his merry band were just entering to city as the cryer proclaimed the news. Thinking that with the help of his marvelous companions he cannot lose, he went straight to the king and asked to be tested against the princess.

The king was taken aback by the audacity of a common man to ask to marry a princess, but he realized that his announcement hadn't actually mentioned any restrictions. Fancying himself a man of great honesty and honour, the king agreed to keep his word and let him try, and sent for the princess to decide the test. She chose a race to a far away well, and the first who would make it back with a pitcher full of water would win.

"Easier than I expected," thought our ex-mercenary. "My runner will surely best any man or woman in the land." And asking for a little time to prepare, he went and asked his man with a detachable leg to dress in his clothes and run the race in his stead.

So the court gathered to watch, and at the blow of a horn the two competitors were off... much to the amusement of everyone present. The princess was soon panting and tripping over her long skirt, and making very poor progress. Unfortunately, her opponent was making even poorer progress, limping and cursing and dragging a leg behind him.

By evening, the race was over, with the princess handing her father the pitcher a good ten minutes before her opponent.

The ex-mercenary was aghast, He went to the man with the detachable leg and started screaming at him, "What was that all about?! What did you think you were doing?! Why didn't you run faster than a bird, like you said you would?!"

"Dude, " said the other man to his defense, "I thought you were kidding and I answered in kind. Haven't you seen a wooden leg before? I lost my real leg to a cannonball at the siege of Altdorf."

The conversation would have continued longer, but a squad of the king's guards showed up and took our depressed ex-mercenary to the king.

"Son, " said the king, "I figure you've lost fair and square, and it's only fair that you keep your end of the bargain. You have until morning to make your peace with God, assisted by the castle's priest. But since I like your courage, you shall not hang like a common rogue. You shall be beheaded at dawn, by sword, like a knight or noble would."

"No, father, wait!" intervened the princess who, truth be told, was starting to find the man more handsome than the groom her father had chosen for her. "This man has shown great valour in taking the challenge. Should we not give him a second chance?"

The king rolled that thought around in his head for a bit, then spoke, "That is very chivalrous of you, my daughter, and it would hardly be befitting me to stand in the way of such chivalry. Fine. Choose your next challenge, then, and tomorrow he shall face you again for his life."

This time the princess chose a contest of archery. Our hero politely inquired if he may use a gun, saying that it was a more familiar weapon to him. The princess agreed. With that, the king called the meeting over, and asked the guards to lead the man and his companions to a guest room in the palace.

So this time the ex-mercenary asked his hunter companion to dress like him and go in his stead the next day.

The next day, two large targets were set at a hundred paces away. The two contestants were given a dozen arrows and respectively a dozen bullets, and told to start shooting.

Again the princess did rather poorly, only now occuring to her that reading about ancient Scythian archer women didn't actually count as archery training. Only half of her arrows hit the target at all, and none of them went even close to the bullseye.

Unfortunately our hero's sharpshooter did even worse, with barely two of his shots even touching the target. As the court jester remarked, he did at least get one bull's eye. He actually shot the eye of a bull across the road to the right, dropping him dead on the spot. But since it wasn't on his target, it didn't count.

Again, our ex-mercenary was shocked and he went to berate his huntsman, "What in the Lord's name was that all about?! Didn't you say you could hit a fly in the eye from two miles away?! How could you miss a five foot wide target at a hundred paces?! I could have shot a higher score myself than you and that tomboy put together!!"

"To be honest, " the hunter answered, staring at his own shoes, "that was a joke, and it never occured to me that anyone would take it seriously. I mean, really," he continued as he showed his gun, "this is a smoothbore musket. You said you were in the army, for crying out loud. Two miles? It can't even shoot a ball past two hundred paces. Even at one hundred, as my old captain used to say, the only way to hit a man is if you aimed at another man."

And as the guards were taking him first to the king, and then to the place of his execution, it occured to our hero that maybe he should have tested his employees instead of simply believing any wild claim.

Well, Mr. 4-digit UID asshat: I now know who you are. Let's just say my spies are everywhere. Oh, no, I'm not going to call you out. I want you to sweat it: does he really know or not? Because you don't want a war. You really don't want to pick a fight with me. I've been on this system at least as long as you have. Think about what that means. Or are you too stupid? Better watch your back, pal.

This is another open letter to Brad Smith, Microsoft's general legal counsel, in regards to their thinly veiled Linux patent threats and related lawsuit against TomTom.

(Disclaimer: As I am a nobody as far as Microsoft is concerned, I don't honestly expect Brad Smith or anyone at Microsoft to read this, and I don't care. Mostly I'm just blowing off steam and getting my beefs out in the open).

So it's come to this, is it? Suing over an ancient filesystem developed from the the 1970s (FAT) and the assorted ugly hackish kluges that have been necessary to keep the decrepit pile of garbage on life support? The one that only became a defacto standard because at one time its use was all but mandated by some older versions of Microsoft Windows that didn't support anything else? You know, the one originally developed for floppy disks?

Why don't you just stop your lawsuit now before you get laughed out of the courtroom? Seriously, you guys are starting to look more and more like your old sock puppet, The SCO Group? Remember them? Yeah, they're basically on life support now thanks to IBM, Novell and Red Hat practically bankrupting them. Guess they chose the wrong opponents to pick a fight with, huh?

So you thought maybe TomTom would roll over and play dead, eh? I guess they didn't. Especially now that they're backed by the Open Invention Network.

So you have $20 billion in the bank? Wanna watch that money continue to slowly dwindle whilst you fight the Linux community? You don't get it do you? A lot of people with serious cash have a vested interest interest in watching Linux succeed in dwindling your market share. You think others in the industry aren't prepared to enter the melee between you and TomTom? Wrong.

Give it up before you embarrass yourself. Seriously.

Sys-Con.tv is reporting that The Pirate Bay is currently offline due to massive DDoS attack:

I just got word that "someone" is currently DDoS'ing the thepiratebay.org. Even more interesting it may be a hijacked botnet causing the problem. More details as they come in.

Interesting. Now we'll know if the theories about the BitTorrent network experiencing difficulties if/when The Pirate Bay gets taken down are true.

In related news Wired is reporting that the prosecutor and Hollywood are demanding prison sentences for the four defendants in The Pirate Bay case.

Think SSDs are so much wickedly faster than top of the line mechanical drives like the Western Digital Velociraptor? Maybe not. Bill O'Brien has an article on his site debunking three common myths about solid state drives (SSDs):

Myth 1: A Solid State Disk will boot faster than mechanical hard drive.
This is true but it's partially smoke and mirrors as well. When SSDs first appeared, they were rather pathetic 8GB and 16GB devices. Not much fits in that size. Even at 32GB you'll still be somewhat cramped if you have hardware drivers and applications. But when you get to 64GB or 80GB or 128GB -and you have some room to feel confident about carrying the additional software you need around with you--you start to add time to the boot process.

Some of you may remember Bill O'Brien from his stint at Computer Shopper, where he co-wrote The Hard Edge with Alice Hill.

I've seen a bunch of complaints lately about the new beta index. Now, I know that it's been in a state of rapid flux in the past few weeks as they try different things -- sometimes the thing doesn't even render right. Of course, this is 'beta', so you take your lumps as they work out the bugs.

Other than the occasional rendering problem and associated weirdness, though, I have to say that I rather like the new interface.

Wha? Why are you all looking at me like that?

Seriously. Listen. Okay, I don't like the green "idle" look very much, either. I personally think it's a bit difficult to read. But, other than that, I think the changes improve the usefulness of the site. Firehose has become more integrated with the main page, for instance. The whole thing is more dynamic, more AJAXy and overall the feel is much faster and much easier to sort through to find what you're looking for.

If you don't like it, you can always use the RSS feeds.

I welcome your opinions and comments, especially opposing viewpoints.