Microsoft Paid NFL $400 Million To Use Surface, But Announcers Call Them iPads
These are SPORTS ANNOUNCERS! People who hold down the left-hand side of the bell-curve for any "dim" metaphor you can try to apply.
Some cautions here about "dim" metaphors:
- Dimmest bulb in chandelier doesn't matter if it isn't lit.
- Hiding your light under a basket doesn't matter if you used a rock.
- "Lights are on but nobody's home" doesn't count out in the woods.
Why Google Is Pushing For a Web Free of SHA-1
A quick check of https://www.irs.gov/ and https://whitehouse.gov/ failed SSL Certificate validation (for different reasons.)
And https://www.healthcare.gov/ is using SHA1
GM To Introduce Hands-Free Driving In Cadillac Model
As this seems to be a limited access express-way only feature, I don't see it as a way for a drunk to get home safely. (Not that some drunk won't try...) But I do wonder how it'll deal with some of the exceptional conditions that weather has recently brought the the Detroit area - in particular the extensive flooding of underpasses that occurred as a result of a very heavy rain storm this summer, and the still ongoing power-outage in parts of the SE Michigan area due to high winds (75mph) last Friday.
If there are active elements to the road requiring electrical power, then what happens when there's power outage? What happens when the elements are submerged by 2 to 6 feet of water? What about maintenance of the active elements? Given the demonstrated ability of the GOP to bring government to a halt, will these active elements even be maintained?
UCLA, CIsco & More Launch Consortium To Replace TCP/IP
They've been doing this for 4 years now and have only gotten the equivalent of IP headers - source/destination, protocol type, payload length, checksum, and blob-payload ?)
They don't even seem to have the old class A/B/C network numbering or IP options to approximate routing.
This seems to be an attempt to mash up service advertisements (such as are done by ARP broadcasts, BGP/RIP routes, TCP/IP SYN & port-unreachable messages, and DNS resource-records, SMTP, HTTP, and HTML) as well as transport (TCP, SMTP body, MIME encapsulation) into one glorified, hierarchically addressed hairball by making everything keyword/value pairs.
One of the astonishing things about it is that it seems to assume store-and-forward capabilities by some nodes. I don't see that working for streaming data - or big-data (like DNA sequencing.)
It's hard to figure out what problem it's trying to solve. It's offering yet another simplified abstraction of distributed systems for people who hope that calling a brick an orange will make it roll easier.
NATO Set To Ratify Joint Defense For Cyberattacks
So what constitutes an attack or an aggressor?
Given the demonstrated built-in vulnerabilities in so much of the internet infrastructure, how is this helpful - other than as an excuse for something akin to drive-by shootings?
The built-in vulnerabilities I'm thinking of are:
- The X509 Certificate Authority model - where any CA can issue a certificate for anything
- BGP route mangling - to either create DOS attacks, or for packet inspection
- The Internet of Things - need I say more about abandoned products, low-bid software development, and quick-and-dirty solutions?
This is only a justification for a quick-response for military action - and frankly I'm more concerned about international criminal attacks than national attacks. Even then, I'm reluctant to give hot-pursuit like powers for trans-border police actions.
The IPv4 Internet Hiccups
This isn't a reason for migrating to IPv6 (although new routers with more TCAM - Ternary Content Addressable Memory) would also likely make implementing IPv6 easier.
The problem is the large number of networks that are being advertised, coupled with the number of locations that want a full BGP feed because their networks are multiply homed. Migrating to IPv6 will allow some reduction of network tables - if only because organizations with a single location that currently have multiple IPv4 networks can be allocated a single IPv6 network (and that might have a knock-on effect for organizations that are multiply homed.) It will work with organizations that are willing to tie themselves to a single ISP.
(Yes, I know that IPv6 builds in automatic address provisioning, intended to make deployment easier - but I still think that renumbering your network will be enough of a problem that there will continue to be ISP lock-in enough to encourage large organizations to get their own network numbers outside of an ISP's range.)
Every Day Is Goof-Off-At-Work Day At the US Patent and Trademark Office
If you've been following this issue, it isn't really about goof-off Federal employees protected by a union (sorry wing-nuts...)
A major part of it was that the US Patent and Trademark office expanded (probably to deal with earlier criticism about slow response or poor quality). But then the Federal judges - who were outside of the USPTO - weren't expanded (due to a hiring freeze from the Party of No, so work piled up while waiting for a judge.
It's easy to understand that the USPTO management might have been reluctant to lay people off in what may have seemed a temporary and artificial situation. It might even have been difficult to lay people off with year-long contracts (but I don't know how that works for the Feds.)
That still leaves plenty of criticism of the USPTO management. If it was inconvenient (rather than difficult) to lay people off, they should have started the process. They CERTAINLY should have kept better track of people's time - and even required certain minimal requirements (like availability, checkins, etc.)
It was management that got lazy or wanted to preserve their kingdom of employees. And the spark for this forest-fire of recriminations was The Party of No screwing up the country with the sequestration and other brain dead forms misguided budgeting.
DARPA Wants To Kill the Password
Using biometrics as an authentication factor (with or without passwords or token generators) brings me to:
 Can the biometric be consistent across different vendors or models of readers - or will people be locked-in to individual vendors (or worse, models) of readers?
 Is the interface between the biometric reader and the computer secure?
 How stable are biometrics over time - both long term and short term?
 What happens when the same biometric is used in different security contexts - from banking to dating sites?
I doubt that these are new questions, but other than the stability of biometrics over time, I don't recall seeing them asked before.
Ask Slashdot: Open Hardware/Software-Based Security Token?
RSA did implement their scheme as an iPhone app. If you're willing to consider something that might work as a smart-phone app, think about S/Key. It's supported as a PAM module for the *nixes. (Of course, that assumes you're willing to trust the smart-phone apps.)
I recall using S/key ages ago (1990s) back in the days of Telnet (before ssh.) Back then, if you didn't have an S/key calculator, you could also use a paper list of one-time passwords. Ever so often, we had to re-seed our s/key (because we limited the number of passwords per. seeding.) S/key can be a bit annoying, but it ought to be cheap to implement.
If you want to go with a hand-held device, I'm sure you could implement an S/Key end-user calculator on an Arduino or Raspberry Pi - but how much can you afford to spend? I wouldn't be surprised if a Arduino-like solution cost more than RSA tokens.
S/Key is focused on a single server. If you require your users to connect through a bastion host, it might be workable - but the model breaks down if you want multiple servers, unless they share a filesystem.
The Hacking of NASDAQ
Wow. Something happened, but we don't know what or why.
The Improbable Story of the 184 MPH Jet Train
TL;DV - but it seems that the the demonstration was a single car/engine. Does that count as a "train"?
FBI Concerned About Criminals Using Driverless Cars
Gun battles and bombs? If those are the worries of the FBI, the FBI is making itself look like a bunch of idiots. That's worrying about all the wrong things for all the wrong reasons.
The bombs issue is (sort of) plausible - if we had as bad a problem with bombs as other parts of the world. The gun battles issue is like worrying about your house burning down from lightning strikes because you're using electricity instead of candles. However, given the number of complete idiots who shoot themselves in Big Box stores, etc. we're far more likely to have accidental shootings on highways.
Autonomous cars - ESPECIALLY for-hire (or subscription or shared) autonomous vehicles would create a huge number of changes (good and bad.) I amused myself speculating about this last year without even thinking about the criminal aspect (which a co-worker brought to mind - none of which has been discussed here yet.)
But just think if there was a way to broadcast a signal to cause autonomous vehicles to pull over, slow down, or provide or audio video of the cabin. You know the security of that system is going to be broken in a few months (at most) - but it's going to have to be a pretty standard system in order for it to be used.
Solar-Powered Electrochemical Cell Used To Produce Formic Acid From CO2
Solar-Powered Electrochemical Cell Used To Produce Formic Acid From CO2
I didn't see where Carbon Monoxide (CO) is mentioned in the articles or the summary of the paper. (The paper itself is more than I can read right now.)
Where is CO involved in this process?
Google, Detroit Split On Autonomous Cars
I was trying to express the idea that an urban-only vehicle that only needs to go 5-10 miles per. trip might not need to achieve highway speeds. Detroit might not be willing to build and market a car that satisfies 95% of people's needs - and that could make them vulnerable to someone (like Google) who would - and might consider Google arrogant for contemplating such an idea.
Google, Detroit Split On Autonomous Cars
This might be urban vs. exurban.
Google's existing autonomous prototype is limited to 25mph. If Google could make a production vehicle that'd go as fast as 35mph, that'd satisfy my daily commute (90% of my driving) and shopping (another 9% for a total of 99% of my driving.)
But that assumes I'd still own the car and not use it most of the time. (I.e.: park it at home or at work 23:15 hours per. day.)
I could save money by using public transportation. I'm urban. However, most of the population of SE Lower Michigan (where I and I presume "Detroit"s designer/engineers live) is exurban, driving from one suburb (or exurb) to another for their jobs.
Research Project Pays People To Download, Run Executables
When I read the paper, I didn't see anything to suggest a date after 2010. And as the paper says, this only covers workstation computers - Windows/XP through Windows/7. No tablets or smart-phones, or other app-store like environments.
I suspect that if anything, current behavior - influenced by app-store like environments - is even worse. You could probably get someone to run your mystery app just by promising them access to another mystery app.
2 US Senators Propose 12-Cent Gas Tax Increase
I haven't put gas in my plugin hybrid since March. I'm down to a half-tank.
I live in Michigan - where the GOP dominated state government has turned our roads to gravel - except with bigger chunks. I'd really like to see better roads, and I certainly understand that my lack of gasoline purchases means that I'm being subsidized. Fuel taxes are a great proxy for road usage fees, and so long as there aren't a noticable number of plugin electric vehicles this will probably continue to work - so I won't worry about it. The politics of doing anything with The Party of No is just too difficult for little things like fairness or common sense to have any hope of success.
Are US Hybrid Sales Peaking Already?
I had to replace a 14 year old VW Passat V6 Sedan last fall. I went with a Ford C-Max Energi (it's a plugin hybrid.) I wouldn't have gone with an all electric vehicle because a 80-100 mile range just isn't enough for certain out-of-town trips (and I hadn't anticipated the range halving in sub-freezing temperatures.) I went with it because Ford had a discount/rebate, I also had a discount through my employer (who counts as some sort of Ford supplier), and because of the tax benefits of a plugin/EV. That made the Energi cheaper than a Prius.
I've been enjoying my car for the following reasons:
- My work commute is short enough to be all-electric - even last winter when the all-electric range fell by half.
- The car is very, very quiet.
- It's still under warranty, so the maintenance feels like it's free.
- I'm paying for the free (ish) maintenance with big (ish) car payments.
- Insurance on a new car really is a lot more than for an old car.
- The driver's view a lot poorer than the VW
- I get unreasonably anxious about the EV (electric vehicle) range.
- It's a big, rolling, embedded system with weird software related flaws in the Windows Embedded Automotive based My Ford Touch infotainment syste,
- I don't like getting into arguments with my car's voice controlled systems
- It has a much smaller cargo capacity than any of my previous cars. For instance, I can't rent a roto-tiller that'll fit in the back.
Overall, I do like the car - but I wonder how much of that is because I don't expect having any major maintenance issues simply because it's a new car. If I were to replace it, I might go with an all electric vehicle and rent a car for longer trips - there's an Enterprise Rent-a-car just a couple miles from home - walking distance. But I hope not to replace it for a long time. (Fingers crossed...)
And I don't think my parking's gotten any worse, but I hardly visit Whole Foods anyway. (I'm mostly Kroger.) There are a heck of a lot of Priuses in my neighborhood though (but hardly any in Kroger's parking lot.)
The Coming IT Nightmare of Unpatchable Systems
6 months after the whole issue of embedded systems blew up in Mom and Pop's pizza shop router is breaking news for InfoWorld.
I don't want to think about the number of times more visionary people have brought up this very topic over the past 15 years.
I wonder I'll be concerned in 20+ years - after I've retired from my career and will be paying rent on my hot-bunk from earnings I make washing dogs.