FTDI Removes Driver From Windows Update That Bricked Cloned Chips
As a potential end-user (i.e.: I bought an Arduino to explore a hobby, and own a device with an embedded Ardino), I would point out that FTDI's statement isn't an apology but an excuse for their behavior:
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
As such, if you specify FTDI products but your supply chain can't guarantee or hasn't guaranteed genuine FTDI products, or has specified or equivalent products, you're still vulnerable to their drivers suddenly causing your products to fail. You're customers won't love you for that! You still have every reason to evade FTDI at this point as they're still threatening an existing product base.
As an end-user, the issue of counterfeit chips doesn't rise to the level of probably aware.
This perspective is not terribly fair to FTDI's product line being subverted by counterfeits, or the general problem of counterfeit devices. All I can suggest is some form of planned obsolescence implemented by FTDI's drivers (which is just a fig-leaf of protection from irritated end-users.)
PETA Is Not Happy That Google Used a Camel To Get a Desert "StreetView"
The original article doesn't link to any kind of article on PETA's web site. In fact, the only reference I can find to this issue is from Mr. Clint Davis of Scripps.
This is clearly troll-bait for people unhappy with PETA, whether PETA is engaging in a coverup of sorts, or Mr. Clint Davis has falsely attributed a quote to Ms. Newkirk.
US Says It Can Hack Foreign Servers Without Warrants
Within the US, doesn't a warrant do two things?
- (1) Satisfy the Constitutional requirement about unreasonable search and seizure, allowing any evidence gained to be used for prosecution.
- (2) Turn theft or burglary into a legally approved action.
Presumeably, if the FBI has no intent of prosecuting the people involved, (1) is irrelevant. And (2) is only an issue if there are extradition treaties with the foreign country whereby the FBI officers and management involved could be hauled off to some gulag somewhere. Whether the State Department wants to avoid a diplomatic dust-up is another matter.
This assumes that you can put morals and ethics completely aside.
Michigan Builds Driverless Town For Testing Autonomous Cars
I work about a mile from this. It's on University of Michigan property within the City of Ann Arbor - which might make it within the City of Ann Arbor, except that no property taxes are paid on it and the University of Michigan police have jurisdiction rather than the City of Ann Arbor police. (The University of Michigan is chartered by the state of Michigan such that it operates much like an independent civic body.) So maybe it's in Ann Arbor or maybe it's not, but that's probably sharing too much about the local Town vs. Gown whinging that goes on around here.)
I didn't think I'd ever see anyone claiming that A2 is the real world. It certainly isn't what the surrounding conservative communities think of as real - but a lot of those are still besotted by Saint Ronald Reagan.
The most recent tornado that struck the city with any force was back in 1965, but there have been tornadoes in the area much more recently, some causing significant damage. There is a city-wide system of out-door emergency alert sirens primarily for tornado alerts, although I should hope that the monthly testing of those sirens shouldn't adversely affect the behavior of autonomous vehicles. We do get tornado or other severe weather alerts about 3 to 5 times a year.
Yes, we do get snow, but not as much as areas within 15 miles of the Great Lakes. I'm not sure how good a new, purpose-built facility will be able to reflect the decaying roads and (often) horrible snow clearing conditions that exist in this region. In the city, when the snow does get bad, clearing the roads all the way to the curbs is often not possible (due to cars parked or plowed in) and the streets become narrower, and (last winter) virtual potholes formed in the ice covering the streets (as well as real potholes.) Lane markings in those conditions are nonexistent - and even the edges of the roads can be a matter of guesswork. I don't know if a purpose-built facility can quite replicate the chaos of that - you'd need fleets of trucks and cars going out after the snowfall BUT before the snow and ice was cleared in order to pack the snow into an ice, and even then I don't know how you'd achieve the lumpy, washboard effect. And then you'd need to have students, buses (city and university), taxis, ambulances, deer, and pizza cars dodging around. In a controlled, reproducible way.
The Physics of Space Battles
Why have a battle in space anyway?
You need to work backwards (and the forwards again) from that to get an answer that isn't some variation on an old-fashioned boy's pirate adventure on sailing ships.
To do a little bit of middle-school logic ... since space is so big (spacy), the likelihood of individual ships (much less fleets of ships) meeting in space is impossibly unlikely, unless they arrange to meet. And even then, unless they arrange to meet at the same vector of motion (i.e.: speed and direction), any encounter will last only a fraction of a millisecond. Long distance missiles will find it hard too, and even short distance missiles will find it hard to collide.
What's more, in order to determine what kind of defensive measures you can take, you first have to imagine practical offensive measures. In short, what is there in space worth building offensive measures against ... in particular, what is there in space that you can find to blast that makes building the blaster worth it?
For the most part, the stuff in space that's going to be findable and worth building a blaster for is going to be closely associated with human habitats that are too big to be maneuverable. I.e.: planets and stuff in orbit around planets. Anything that can move will probably be too hard to find, unless it blazes with radiation (heat.)
Another question to answer is that of the purpose of the blasting. Do you simply want to deny the thing? That'll be relatively easy to do with most structures in space. Kinetic kill with rocks (lots of rocks), or nearby nukes would do that. Planets will be harder. However, if you want to take possession of the thing being blasted, that'll be hard to do with structures in space (and easier with planets - provided you have bring along your own methods for getting on and off planet.
I'm not so naive as to think warfare in space is impossible - just that it isn't going to look like a Rudyard Kipling novel. Without anything but speculation to go on, our story-tellers are letting the demands of the narrative to dominate.
Microsoft Paid NFL $400 Million To Use Surface, But Announcers Call Them iPads
These are SPORTS ANNOUNCERS! People who hold down the left-hand side of the bell-curve for any "dim" metaphor you can try to apply.
Some cautions here about "dim" metaphors:
- Dimmest bulb in chandelier doesn't matter if it isn't lit.
- Hiding your light under a basket doesn't matter if you used a rock.
- "Lights are on but nobody's home" doesn't count out in the woods.
Why Google Is Pushing For a Web Free of SHA-1
A quick check of https://www.irs.gov/ and https://whitehouse.gov/ failed SSL Certificate validation (for different reasons.)
And https://www.healthcare.gov/ is using SHA1
GM To Introduce Hands-Free Driving In Cadillac Model
As this seems to be a limited access express-way only feature, I don't see it as a way for a drunk to get home safely. (Not that some drunk won't try...) But I do wonder how it'll deal with some of the exceptional conditions that weather has recently brought the the Detroit area - in particular the extensive flooding of underpasses that occurred as a result of a very heavy rain storm this summer, and the still ongoing power-outage in parts of the SE Michigan area due to high winds (75mph) last Friday.
If there are active elements to the road requiring electrical power, then what happens when there's power outage? What happens when the elements are submerged by 2 to 6 feet of water? What about maintenance of the active elements? Given the demonstrated ability of the GOP to bring government to a halt, will these active elements even be maintained?
UCLA, CIsco & More Launch Consortium To Replace TCP/IP
They've been doing this for 4 years now and have only gotten the equivalent of IP headers - source/destination, protocol type, payload length, checksum, and blob-payload ?)
They don't even seem to have the old class A/B/C network numbering or IP options to approximate routing.
This seems to be an attempt to mash up service advertisements (such as are done by ARP broadcasts, BGP/RIP routes, TCP/IP SYN & port-unreachable messages, and DNS resource-records, SMTP, HTTP, and HTML) as well as transport (TCP, SMTP body, MIME encapsulation) into one glorified, hierarchically addressed hairball by making everything keyword/value pairs.
One of the astonishing things about it is that it seems to assume store-and-forward capabilities by some nodes. I don't see that working for streaming data - or big-data (like DNA sequencing.)
It's hard to figure out what problem it's trying to solve. It's offering yet another simplified abstraction of distributed systems for people who hope that calling a brick an orange will make it roll easier.
NATO Set To Ratify Joint Defense For Cyberattacks
So what constitutes an attack or an aggressor?
Given the demonstrated built-in vulnerabilities in so much of the internet infrastructure, how is this helpful - other than as an excuse for something akin to drive-by shootings?
The built-in vulnerabilities I'm thinking of are:
- The X509 Certificate Authority model - where any CA can issue a certificate for anything
- BGP route mangling - to either create DOS attacks, or for packet inspection
- The Internet of Things - need I say more about abandoned products, low-bid software development, and quick-and-dirty solutions?
This is only a justification for a quick-response for military action - and frankly I'm more concerned about international criminal attacks than national attacks. Even then, I'm reluctant to give hot-pursuit like powers for trans-border police actions.
The IPv4 Internet Hiccups
This isn't a reason for migrating to IPv6 (although new routers with more TCAM - Ternary Content Addressable Memory) would also likely make implementing IPv6 easier.
The problem is the large number of networks that are being advertised, coupled with the number of locations that want a full BGP feed because their networks are multiply homed. Migrating to IPv6 will allow some reduction of network tables - if only because organizations with a single location that currently have multiple IPv4 networks can be allocated a single IPv6 network (and that might have a knock-on effect for organizations that are multiply homed.) It will work with organizations that are willing to tie themselves to a single ISP.
(Yes, I know that IPv6 builds in automatic address provisioning, intended to make deployment easier - but I still think that renumbering your network will be enough of a problem that there will continue to be ISP lock-in enough to encourage large organizations to get their own network numbers outside of an ISP's range.)
Every Day Is Goof-Off-At-Work Day At the US Patent and Trademark Office
If you've been following this issue, it isn't really about goof-off Federal employees protected by a union (sorry wing-nuts...)
A major part of it was that the US Patent and Trademark office expanded (probably to deal with earlier criticism about slow response or poor quality). But then the Federal judges - who were outside of the USPTO - weren't expanded (due to a hiring freeze from the Party of No, so work piled up while waiting for a judge.
It's easy to understand that the USPTO management might have been reluctant to lay people off in what may have seemed a temporary and artificial situation. It might even have been difficult to lay people off with year-long contracts (but I don't know how that works for the Feds.)
That still leaves plenty of criticism of the USPTO management. If it was inconvenient (rather than difficult) to lay people off, they should have started the process. They CERTAINLY should have kept better track of people's time - and even required certain minimal requirements (like availability, checkins, etc.)
It was management that got lazy or wanted to preserve their kingdom of employees. And the spark for this forest-fire of recriminations was The Party of No screwing up the country with the sequestration and other brain dead forms misguided budgeting.
DARPA Wants To Kill the Password
Using biometrics as an authentication factor (with or without passwords or token generators) brings me to:
 Can the biometric be consistent across different vendors or models of readers - or will people be locked-in to individual vendors (or worse, models) of readers?
 Is the interface between the biometric reader and the computer secure?
 How stable are biometrics over time - both long term and short term?
 What happens when the same biometric is used in different security contexts - from banking to dating sites?
I doubt that these are new questions, but other than the stability of biometrics over time, I don't recall seeing them asked before.
Ask Slashdot: Open Hardware/Software-Based Security Token?
RSA did implement their scheme as an iPhone app. If you're willing to consider something that might work as a smart-phone app, think about S/Key. It's supported as a PAM module for the *nixes. (Of course, that assumes you're willing to trust the smart-phone apps.)
I recall using S/key ages ago (1990s) back in the days of Telnet (before ssh.) Back then, if you didn't have an S/key calculator, you could also use a paper list of one-time passwords. Ever so often, we had to re-seed our s/key (because we limited the number of passwords per. seeding.) S/key can be a bit annoying, but it ought to be cheap to implement.
If you want to go with a hand-held device, I'm sure you could implement an S/Key end-user calculator on an Arduino or Raspberry Pi - but how much can you afford to spend? I wouldn't be surprised if a Arduino-like solution cost more than RSA tokens.
S/Key is focused on a single server. If you require your users to connect through a bastion host, it might be workable - but the model breaks down if you want multiple servers, unless they share a filesystem.
The Hacking of NASDAQ
Wow. Something happened, but we don't know what or why.
The Improbable Story of the 184 MPH Jet Train
TL;DV - but it seems that the the demonstration was a single car/engine. Does that count as a "train"?
FBI Concerned About Criminals Using Driverless Cars
Gun battles and bombs? If those are the worries of the FBI, the FBI is making itself look like a bunch of idiots. That's worrying about all the wrong things for all the wrong reasons.
The bombs issue is (sort of) plausible - if we had as bad a problem with bombs as other parts of the world. The gun battles issue is like worrying about your house burning down from lightning strikes because you're using electricity instead of candles. However, given the number of complete idiots who shoot themselves in Big Box stores, etc. we're far more likely to have accidental shootings on highways.
Autonomous cars - ESPECIALLY for-hire (or subscription or shared) autonomous vehicles would create a huge number of changes (good and bad.) I amused myself speculating about this last year without even thinking about the criminal aspect (which a co-worker brought to mind - none of which has been discussed here yet.)
But just think if there was a way to broadcast a signal to cause autonomous vehicles to pull over, slow down, or provide or audio video of the cabin. You know the security of that system is going to be broken in a few months (at most) - but it's going to have to be a pretty standard system in order for it to be used.
Solar-Powered Electrochemical Cell Used To Produce Formic Acid From CO2
Solar-Powered Electrochemical Cell Used To Produce Formic Acid From CO2
I didn't see where Carbon Monoxide (CO) is mentioned in the articles or the summary of the paper. (The paper itself is more than I can read right now.)
Where is CO involved in this process?
Google, Detroit Split On Autonomous Cars
I was trying to express the idea that an urban-only vehicle that only needs to go 5-10 miles per. trip might not need to achieve highway speeds. Detroit might not be willing to build and market a car that satisfies 95% of people's needs - and that could make them vulnerable to someone (like Google) who would - and might consider Google arrogant for contemplating such an idea.