New JonesBlog update. Lockheed Martin C-5M Super Galaxy
New JonesBlog update. Lockheed Martin C-5M Super Galaxy
That I am old enough to remember where my current
Ok, ok, you're too lazy to google it, so here's the link: Son of Hexadecimal Kid
New JonesBlog update. Louisville, Kentucky
We are starting out on a new collaboration on retinal research. Fun stuff.
Jonesblog has finally made the transition to modern underpinnings. It is now running on Wordpress... Huzzah.
According to the Center for Automotive Embedded Systems Security, there are serious security flaws in the existing technology. Not necessarily a big deal, for now, as they observe that the risks are low at the current time. Emphasis on "current". They also state that no crackers have been observed to use the required level of sophistication. Again, emphasis needs to be on "observed". Yes, it may well be a while before automotive networks reach the point where this is exploited in the wild (at least to any scale), but I would remind you that it took Microsoft from Windows 3.0 through to Windows XP Service Pack 2 to take security even remotely seriously. That's a long, long time. And Microsoft had nothing like the install-base of the car industry. Further, the qualifications required by most companies to be a system administrator were a good deal steeper than the requirements for a car mechanic, so systems administrators were likely far more familiar with the issues involved. Also, said systems administrators are far more accountable for security issues, since there are plenty of third-party tools that novice users can use to spot malicious software.
The first question is why this even matters. It doesn't affect anyone today. No, but it's guaranteed to affect at least some current Slashdot readers in their lifetime and, depending on how rapidly car networks develop, may affect a significant fraction surprisingly fast. Technology doesn't move at Stone Age speeds any more. Technology advances rapidly and you can't use obsolete notions of progress to determine what will happen next year or over the next decade.
The second question is what anyone could seriously do, even if it was an issue. Not too many Slashdotters own automotive companies. In fact, I doubt if ANY Slashdotters own automotive companies. Well, the validation tools are Open Source. MISRA has a fair few links to members and software packages. In fact, even if developers just developed an understanding of MISRA's C and C++ specifications it might be quite valuable as it would allow people to understand what is being done (if anything) to improve reliability and to understand how (if at all) this impacts security. You don't get reliability for free, there will be some compromises made elsewhere.
I've been having problems with Enterprise DB. This company maintains the Windows port of Postgres, but I have been finding their customer service.... less than satisfactory. This is the second time in, oh, 21 years that I've actually been infuriated by a company. However, to be entirely fair to the business and indeed the sales person, it is entirely possible this was a completely freak incident with no relationship to normal experience. There were all kinds of factors involved, so it's a messy situation all round, but the hard-sell aggressiveness and verbal abuse went way beyond what I have ever experienced from a professional organization in two DECADES. What I want to know from other Slashdotters is whether this is about on-par with the tales of meteorites landing on someone's sofa (which is my personal suspicion) or whether it's a more insidious issue. Please, please, please, do not take one incident as a general rule. I've not seen any article on Slashdot or LWN reporting wider issues with them, which you know perfectly well would have happened had there been a serious, widespread problem. Especially with all of the reporting on database issues over recent times and the search for alternatives to MySQL once leading developers defected and major forks arose.
This is, however, a major question. Like it or not, we need databases we can rely on and trust, which means that when they are backed by companies, we need the companies that back them to be honorable. (PostgreSQL itself isn't owned, so I trust the engine itself just fine. The development team is very impressive - and, yes, I do monitor the mailing lists.) Value-added only has any added value if it's valuable.
What is worse, from my perspective, is that my current boss is now treating it like this is how companies work when reselling Open Source products. His practical experience was being on the receiving end of all this. If we're to take advantage of the freedom (and bloody high quality) provided in the Open Source world, I need to deprogram him of the notion that they give hassle and sell grief. Does anyone have any experience doing this?
New JonesBlog update. Experiments
A petition calling for the return of perhaps the most important television show since The Great Egg Race is currently running but isn't exactly getting anywhere fast. It is vitally important that intellectually-stimulating shows be encouraged -- the consequence of failure (24 hours of Jersey Shore on all channels) is too horrible to contemplate. Unfortunately, as things stand, that's exactly what we are heading towards. Save your television and your mind before it's too late!
I had checked out... The environment was so complete that for a discrete moment I had completely forgotten that we were still in the continental United States. Perhaps it was the smell of kebabs cooking or the sound of Nusrat Fateh Ali Khan playing from the electronics shop that also sold pirated Western DVDs or the afternoon call to prayer coming from the tops of the minarets in the local mosque. It could have been the women selling bread, fruits or flowers by the side of the road or the Arabic men playing backgammon in the cafe with shisha pipes. Toyota trucks or bicycles being repaired in the roadside repair shops under Iraqi flags added to the realism along with a tangle of wires on poles carrying telephone and electricity around town with satellite dishes for television on rooftops were added elements. But the thing that completed it was the sound of Baghdadi Arabic from a gentleman greeting us as we drove through town.
Read all about it here. Medina Wasl with the 3rd Special Forces Group
New JonesBlog update. Sundance New Frontier 2010 and a Banksy sighting
I ran up to Park City for the Sundance Festival and to photograph an art installation, the Cloud Mirror by Eric Gradman. The point of the Cloud Mirror is to search out information on the Internet about visitors and merge that information with a real time image of the person on an LCD screen in front of them using computer vision to augment reality. You see yourself reflected back live, in person on the LCD screen in front of you with a thought bubble out of a comic book superimposed next to your head displaying all sorts of information that can be dug up through the Internet. The Cloud Mirror searches Facebook, Twitter, Flickr, IMDB, sex offenders databases and displays activities, relationship status, your favorite movies, books, music, any status updates you post etc...etc...etc... along with snarky comments.
I flew down to Las Vegas to do some work that I'll talk about here later. But while I was in town, I took two days to document Media Day and Shot Show 2010 for a number of sources including Wired, The Firearm Blog and other resources. There was some interesting new technology including a new pistol from Armatix that uses RF signals to disable the sidearm if it is too far from the wristwatch the accompanies it. Also new ballistics computers that are mounted on rifles are discussed.
New JonesBlog update(s). Shot Show 2010 Media Day
Shot Show 2010. The Actual Shot Show
and a little after party. AAC Big Bang Party
New JonesBlog update. Bionic implants
The device seen in these images is called the Utah Electrode Array (WARNING: potentially graphic image after the jump of an implant in a human brain). The Utah Electrode Array is a brain implant technology developed here at the University of Utah by Richard Normann. The purpose of this device, built by currently built for us by Blackrock Microsystems is to transduce signals from external devices to deliver to the brain for interpretation. Alternatively, the device can record impulses generated in the brain for delivery of neural signals to external devices. Our potential interests in this approach are manifold, but real use and implementation of these devices is some years away still.
New JonesBlog update. Bonneville Speed Week 2009
New JonesBlog update. Its spelt F-L-Y
New JonesBlog update. USS Toledo SSN-769
All Finagle Laws may be bypassed by learning the simple art of doing without thinking.