* Posts by Francis Vaughan

367 posts • joined 28 Apr 2007

Page:

Why a detachable cabin probably won’t save your life in a plane crash

Francis Vaughan

Fair Go

Who doesn't remember sketching such inventions in their exercise books during a really dull afternoon at school? Sure, once you reach puberty idle thoughts turn to more base topics. But as a seven year old such inventions were part of life. I mean, there was this fabulous documentary on TV all about such ideas, let me think, yes, it was called Thunderbirds.

3
0

Stop the music! Booby-trapped song carjacked vehicles – security prof

Francis Vaughan

Scale

One of the problems with criticisms of the design of the car systems is that it doesn't fit the mindset of the car engineers, and places a model over the car that actually doesn't exist in computers either.

Last I saw your average PC was just about as open a trainwreck as the cars we are criticising. There are a huge number of separate processors, many interconnection buses, and zero security. A PC typically has a number of high speed buses (SATA for a start) talking to subsystems with their own embedded operating systems. Then there are the slow buses for trivial stuff (USB 1.1 devices) and faster USB for things like WiFi and Bluetooth. Every one of these device controllers has embedded processors, many with subvertable hardware, and known attack vectors.

I don't hear pious moaning that it should be trivial to add firewalls to all the buses inside a PC. Yet it is essentially the same problem. There are hacks that can pwn a hard disk drive (many of which run say three separate ARM processors and a full multitasking OS). Not to mention hacks that can subvert your ethernet controller or WiFi controller to take over your PC. We all know not to plug an unknown USB device into a PC - but I bet that is a rule more observed in the breach. It isn't trivial autorun exploits we have to defend against now.

Yes, car system security is a big deal. But don't pretend that somehow the mainstream computer industry has trod these tracks long ago and it is the car engineers that are dolts. Everything is built to a price, and when there isn't a clear driver for change, change doesn't happen.

The care taken in car system where the issues are understood makes the mainstream computer industry look like a bunch of idiots blindly walking into walls. These are hard real time systems, and they are tested and simulated to clock edge and instruction boundary precision. But like so many stories of security in the history of computing, nobody even thought it was an issue. (Like the Morris worm, when the first message that went out had the point that was along the lines of - "we all knew this was possible, we just didn't think anyone would be stupid enough to do it.")

1
0

Rust 1.6 released, complete with a stabilised libcore

Francis Vaughan

Re: interesting, but...

If you have enough time and money - sure.

But we don't.

If we had some bacon we could have some bacon and eggs - if we had some eggs.

We don't have the time, the money, or the required number of skilled people. Nor will we ever. It is the nature of the world. So it simply isn't a solution by itself.

So you need better tools. Researching better tools is probably a good idea. Researching better tools seems to have provided some useful benefits in the past. It might be a good policy to stay on it. Rust may not be the answer, but C++ most assuredly isn't, as is demanding impossible funding and time.

3
0
Francis Vaughan

Re: No it's not garbage collection but it amounts to automatic resource management

A segv is when you are lucky, and the access went somewhere protected. Program crashes right there and you get some clue as to why. A buffer overrun is when you run into the next variable allocated in memory and no protection violation is caught. Your program doesn't crash, behaves badly (anything up to your system being pwned) and you never know.

An indexing exception is what you expect from any sensible language. A segv tells you that the language or its implementation has a bug. Any language that allows you to generate a segv is insecure. It is all well and good to have the nice new abstractions. But why then does the language retain the insecure ones? If they are bad practice, remove them.

1
1
Francis Vaughan

Last I saw C++ did not support garbage collection (they pulled it from the spec.) Dynamic memory management is not the same as automatic memory management. C++ still provides all the tools you need to utterly subvert the memory abstractions - especially when you start calling libraries that were not written with the same abstractions. You both can and must be able to find and manufacture naked pointers and use them. Once the language allows this you are dead.

0
0
Francis Vaughan

Re: interesting, but...

Pointers are not the problem. It is any language that allows pointers to be manufactured or modified directly by user code that is the problem. Languages where you write your own loop control and indexing are part of this. That is where the buffer overflows, stack smashing, and a large number of other amusing problems come from.

Any language where type casting is allowed, or languages, that support pointer arithmetic are intrinsically insecure. It matters not that C++ has some nicer abstractions available. You can still write utterly insecure code in it. Until the language prohibits insecure code its security is only a matter of coding with a set of rules next to you. And you can do that in assembler. C++ remains syntactic sugar over the top of C for any questions of security. Unless the language stops you writing insecure code, it does not support security intrinsically.

If you want high performance numeric code you want a language that allows you to specify the mathematics of what you are doing properly, and then allows you to identify the parts where there are issues worth addressing (preferably with pragma like hints.) Modern Fortrans are actually pretty good at this. They still allow insecure code to be written, but it would not be a huge stretch to modify them to remove most of the old insecure legacy bits. Coding with forall and where clauses can capture the mathematics better, allow for better optimisation, and does not require indexes and pointers to be exposed.

1
2

Cocky SpaceX will try another sea landing with next rocket launch

Francis Vaughan
Headmaster

Pendantry

"The launch is also taking place in California, rather than Florida. This means the rocket can't do the most efficient eastward route,"

No. It is launching a polar orbiting satellite. An Eastward route is not more efficient for a polar orbit, in fact it is impossible to reach a polar orbit insertion launching to the east. The whole point is that the launch MUST launch to the west in order to wipe off the entire rotational speed of the Earth. You need the orbital motion to go over the poles, not over the equator. It launches to the west from the west coast for the same reason eastward launches launch from the east coast. To avoid flying over populated areas.

Pedant comment:

"Which begs the question why is SpaceX doing it?"

"begging the question" has nothing to do with asking a question in response to something. It means to assume the answer to the question. It is a contraction of "beggaring the question". "Begets" the question perhaps, but "begs", is just plain wrong.

8
0

Death Stars are a waste of time – here's the best way to take over the galaxy

Francis Vaughan

Energy

The article pretty much fails to take account of energy.

Given an arbitrary lump of mater floating about in space - say some planetoid, there is only going to be a limited amount of recoverable useful energy resource available for it. That new energy is what will limit the number of useful droids the exponential manufacturing can create. However you need to subtract the energy needed to mine that energy. Unless you have some form of matter converter to create energy directly from matter. The existence of which would be a game changer that would make droid armies the least of your plot worries.

Also, an asteroid travelling at speed is identically efficient as an energy beam. Both carry energy. It is all well and good to point out that a large rock travelling at relativistic speeds carries insane energy. But how did it get to those speeds? The energy it carries has to be imparted to it from something, and the energy must balance. If your rock carries a 100 zillion joules of energy because it is moving at 0.9C you need technology that can usefully direct at least 100 zillion joules into it. Why not just deliver that 100 zillion joules directly? It will have the same effect.

2
0

How to log into any backdoored Juniper firewall – hard-coded password published

Francis Vaughan

No, it is clear that the vulnerability was introduced into the source, it wasn't added as a hack to a binary image. The clue is in the password string. It is one of two things.

1. An intentionally coded backdoor with a password deliberately made to look like a legitimate printf format, so that simple strings analysis of the binary would not suggest it was anything special to any potential attacker.

1a. Actually is a legitimate printf format string that has been reused for an intentionally coded backdoor.

2. It is a legitimate printf format, and someone has tweaked the source code to make it work as a backdoor password by introducing a small but critical flaw in the program.

The difference is that option 1 should show up in a code review. Option 2 may be very hard to pick up. Languages like C and C++ contain a great many ways of burying such exploits in ways that take considerable care and expertise to notice, let alone figure out. Indeed both languages seem to encourage coding habits that make such things hard to detect.

It could be as simple as an extra * in the right place, or the difference between 1 and I in a carefully chosen spot.

4
0
Francis Vaughan

Re: I guess this would have shown up with a cursory glance at the code?

Exactly - there is existing history for security breaches that are deliberately hard to pick in code reviews, and when very well done are plausibly deniable as a simple slip of the keyboard, and not actually done with malicious intent.

Now in its eighth year - http://www.underhanded-c.org/

4
0

Hillary Clinton says for crypto 'maybe the back door is the wrong door'

Francis Vaughan

The point was - the US isn't going to stop the Paris attacks. France might, but the US won't. Hillary allowing the FBI to decrypt US communications does not help stop ISIS wreak havoc half way across the planet, despite the implication it does. Indeed, they don't need to use encryption. Like I wrote, a note passed hand to hand will do. Or if they really are worried, a one time pad, either for the note, or for an electronic communication.

2
0
Francis Vaughan

Its pretty clean the encryption they are worried about is communications. Data on disks is a sideline in comparison. Next, although everyone talks ISIS, the reality is, and the FBI and the rest well understand, they have just as many threats from homegrown Christian or just pain nutter terrorists as external ones. This will, and always will, be about the local population. It isn't about stopping the next Paris attack.

We already have the ironic spectacle of one part of the government inventing and popularising a secure and untraceable communication system to further its operations, and another spending great effort to subvert it again.

In the end, real terrorists resort to notes passed from hand to hand, and one time pads. No Manhattan project can solve a one-time-pad. Demands for weakened or backdoor'ed encryption are a solution to a problem that only uses existing encryption because of convenience. If it is not possible to use common encrypted channels operationally, terrorists simply move to other methods. Methods for which current meta-data analysis probably have less traction - making the job of the security agencies harder, rather than easier.

4
1

EU's Paris terror response includes 'virtual currencies' crimp

Francis Vaughan

Re: Roads....

I think everyone has missed the phrase "in line with the risk they present" in the quote.

This isn't a call for blanket controls and surveillance. (At least not yet). Mostly it is sensible.

Assuming it is in-line with the risk. But it isn't as if they have infinite resources.

1
3
Francis Vaughan

Re: Stopping movement of non-banking currencies

Been watching too many movies. The problem with diamonds is that they are implicitly an illicit commodity. Outside of the controlled market of deBeers - where the prices are artificially high, diamonds are dirty from the outset. So you are already dealing with other criminals, or shady to black markets. This is not a sensible place to be if you are trying to be discreet and move money about to fund anti-state activities. What is needed is proper first class fungible assets. You can buy anything with a fist full of Euros or Dollars. The first thing you need to do with diamonds is to try to convert them into Euros or Dollars. It is at this point you need a market that wishes to buy your diamonds - for which you can expect a highly discounted price, and you will be selling them to an untrusted, implicitly criminal, buyer. Assuming it isn't a sting run by the local security agencies. A sack of greasy Euros won't attract attention on the black market. Diamonds most certainly would.

2
0

Taxi for NASA! SpaceX to fly astronauts to space station

Francis Vaughan

Re: Isaac Asimov on the subject of rocket fuel

And to follow up my recommendation for Ignition! An Informal History of Liquid Rocket Propellants, I got a copy down, and guess what? The Asimov quote is from the forward, written by Asimov. Asimov knew John Clark as a fellow chemist and SF writer.

4
0
Francis Vaughan

Re: Crazy Fuel

¿Que? They use LOX and RP-1. Same as the Saturn V 1st stage. V2 used LOX and ethanol. M163B used hydrazine and hydrogen peroxide. There is nothing about the Nazi era fuels that is unusual either. Hydrazine is a very popular fuel, it even powers the APU in an F16 fighter.

6
0
Francis Vaughan

Re: Isaac Asimov on the subject of rocket fuel

"LOX/H2 or LOX/KEROSENE are pretty ok."

You are welcome to drink a cup of either.

The cannonical book of liquid rocket fuels is Ignition! An Informal History of Liquid Rocket Propellants by John D. Clark.

If you want insane rocket fuel oxidisers - try Chlorine trifluoride. It will burn asbestos, sand and concrete. Glass ignites on contact. It isn't clear how you would die if you had some spilled on you, it would be a matter of which of a number of horrific and painful mechanisms got you first.

6
0

Tor Project: US government paid university $1m bounty to hack our networks

Francis Vaughan

Exactly. Somehow it is forgotten who invented Tor, and for what purpose. It is hardly the first time that the the spooks and the FBI are on opposite sides. Neither are exactly working with clean hands, but that is more a reflection on the nature of life than much else.

0
0

Space fans eye launch of Lego Saturn V

Francis Vaughan

Re: The Real Thing

One of the three remaining actually. All three are on display at various NASA facilities. They are a mix of flight and test-article parts. Apollo 18 and 19 were cancelled. But the hardware was all ready. Skylab used the first two stages of a Saturn to fly, the Skylab itself being a refitted third stage. Add in the Dynamic test article (which whilst not considered flightworthy was built identically to the flying ones) and you get one at KSC, one at JSC, and one at the US Space and Rocket Centre.

http://history.msfc.nasa.gov/saturn_apollo/display.html

A visit to building 30 at the JSC in Houston is also an absolute must. You walk up the same stairs that Gene Kranz and his fellow mission controllers took each day. They have refitted one of the control rooms back with all the Apollo era gear. Little beats seeing that.

3
0

Sennheiser announces €50,000 headphones (we checked, no typos)

Francis Vaughan

One of the most common studio headphones is the Sony MDR 7506. Whilst not the absolute best sounding, or the cheapest, they are pretty good, and a known good standard that is still made, robust, and has a service backup via Sony's pro distribution and service network.

But for artists to monitor sound as they perform there are many other phones commonly used. One of the key points about these is that they don't leak sound back into the recording.

1
0
Francis Vaughan

Re: shit music

I really hope you mean Johann Strauss and the other members of his family. Richard Strauss has no relationship to them, and did not compose sickly sweet waltzes and dance music for polite Viennese society. Richard Strauss wrote seriously good powerful music. Sunrise from Also sprach Zarathustra is of course very well known from 2001. But Salomé, Electra, his Last Four Songs - just to pick a few high points. Richard Strauss was a giant.

0
0

Crash this beauty? James Bond's concept DB10 Aston debuts in Spectre

Francis Vaughan

Re: I got 900,000 problems

"I can't believe that many people are going to be swayed into buying one just because it was in a movie... "

What people forget is that it wasn't all that long ago that Aston Martin were really hurting, were selling not all that many cars at all, and those that they did were heavily based upon Jag bits. The cars were not very good, and people with money went elsewhere. Ford poured silly money into turning the company around, but even then, Aston had very little visibility. It doesn't matter that 99.99% of the movie goers will never buy an Aston. The remainder represent a very tidy fraction of the very few that do buy Astons. Enough that for a very niche maker of very low production volume cars that it makes perfect sense to build on the Bond franchise like this. There is almost no equivalent to Bond.

If you want, the boat he sailed in Casino Royale is currently for sale. It will cost rather more than an Aston.

0
0

Let's talk about that NSA Diffie-Hellman crack

Francis Vaughan

"Graham calculates that cracking 1024-bit DH it the computational equivalent of 2.5 hours' worth of global Bitcoin mining power."

The article also stated that the NSA system took a year to crack a prime, and cost $100m

Thus the equivalent value of the global bitcoin mining equipment is $350 billion.

Hmmm. Obviously there is a lag in technology between the NSA system and now, but there remains something of a gap here.

0
0
Francis Vaughan

Re: No, it WAS obvious

No, what was obvious is that eventually enough compute power would break it. That was explicitly understood. Everyone knew that.

What the problem is, is that it isn't a trivial fix. You can be sure that a lot of the "fixes" will be more likely to introduce new vulnerabilities, ones that may even weaken the system to be easier to break than now. Unless you understand the protocol in detail, don't assume you know how to fix this issue.

Don't assume the flaw is laziness. It is more likely to be a clear decision to favour simplicity over complexity, complexity that in itself leads to hard to understand and difficult to control new weaknesses. Better the devil you know.

4
0

Accidental homicide: how VoLTE kills old style call accounting

Francis Vaughan

Old style acounting, and old style plans

Who has a mobile phone plan where they actually end up paying for individual calls? Seems most telcos and resellers are selling plans that feature some idiotic number of calls "for free" in the plan and then simply use the call count as a way of pushing you up a tier in the plans if you actually make a lot of calls. Under almost all usual circumstances you never actually pay for metered calls.

Getting rid of premium numbers OTOH would be the proverbial good idea.

1
0

The Emissionary Position: screwing the motorist the European way

Francis Vaughan

Re: "...the reason there are very few diesel aeroplanes, because..."

> Jet fuel ≅ diesel fuel

Very curiously this is actually not true.

There are diesel engines for light aircraft, and they don't run on ordinary diesel fuel, they are designed to run on Jet-A. They do get better economy, even when measured as energy per unit mass, rather than by volume. What they are not is common. Continental for one, are in the midst of bringing one to market.

5
0

Top VW exec blames car pollution cheatware scandal on 'a couple of software engineers'

Francis Vaughan

Re: On the other hand....

Nice idea but zero chance of being the case.

ECU code is some of the most reviewed and tested code on the planet. It tends to make Space Shuttle code processes look weak. Somewhere there was code that took in steering wheel angle measurements and affected the engine exhaust recirculation control actuators. Yet the guys that write the code in the ECU don't write the specifications, that comes from the guys that design the engine, and work out the combustion mechanics and engine maps and algorithms. Those specifications are worked over with a fine toothed comb. This is a hard real time system, the entire system will be specified to hard real time deadlines, and the software artefact understood not just to the machine instruction, but down to the clock cycle. There are many engineers involved in this. Something as utterly weird and blatant as steering affecting the EGR will never get past the levels of design and review that are needed in an ECU. You might manage to get the needed bits into the design and coded, but it would require complicity of a range of engineers and their managers. And it would require continued vigilance to keep the lid on things.

One can imagine the idea coming from one of the software levels, and being percolated up the chin just high enough for someone middling senior to give development of the hack the green light. The hack may have languished unto pressure came from way up high that a fix was needed from the engine division or there were serious problems with sales to come. Then the hack may have obtained a life of its own and got into the product, possibly with some higher managers simply realising that it would be better not to ask how things were fixed.

3
1

So, what's happening with LOHAN? Sweet FAA, that's what

Francis Vaughan

Re: Denmark?

Oz shouldn't be an issue:

http://ausrocketry.com.au/motors/reloadable/cesaroni-technology-hpr/cti-54mm/pro54-3g/3-grain-reload-kit-23.html

Go up to Woomera - the place is designed for purpose. Serious amateur rockets geeks fly stuff from there.

It would not be hard to hook you up with the right people.

1
0

Oz regulator warns VW: cheatware scandal could cost you millions

Francis Vaughan

Meaningless

"it is our understanding that the software is inactive"

¿Que? That is sort of the problem. Or do they mean that the software always ensures that the emissions are low, and never switches to higher performance, dirty mode? One rather doubts it. There is no use case for the software to ever work this way. Either they need to cheat the tests to sell into a market, or the market has lax emission requirements and they don't need to cheat the tests, but still leave the engine in dirty mode.

0
0

Reg reader shares AshMad blackmail email about which he gives 'zero f***s'

Francis Vaughan

Why bother with the AM members list?

If you were running this blackmail routine, why would you even bother with the AM email list? Far too much effort. Just spam everyone you possibly can. You will get enough hits on people that actually were on the list, even if they didn't use the email address you send the blackmail too. Enough idiots may fall for it (at least until it becomes one of the more prevalent spam emails) to make it lucrative enough. Actually following up on the threats is a waste of time. Hard to believe the usual villains are not onto this already.

I am a little surprised it isn't already a common general spam email. When it becomes so, a curious result may eventuate. The impact of the release of the real email list may become muted. (If anyone actually has cared so far.)

2
0

Falcon 9 fireworks display grounds SpaceX

Francis Vaughan

Re: Debug Question ?

Telemetry is vital. But you need to meet that with a well defined analysis process. Fault Tree Analysis is a very good start.

3
0

Could our fear of fracking be appeased with CO2 sequestration?

Francis Vaughan

Re: Talking about how the fractures never get near the aquifer

Pressure travels neither up nor down, it isn't a flow.

Shales, coal beds and tight sands (all fracked) are all deep. The only reason you are interested in them is that there is a seal above them that contains the gas. If there were no seal the gas would have long since gone. Shales, coal, and tight sands are weak. That is why you can fracture them. The seals tend to be strong and resilient - which is why they have remained intact for a few tens to hundreds of millions of years. If a hydraulic fracture was able to penetrate a seal, the seal is essentially by definition too weak to have retained the gas being exploited. So, the rather useful outcome is that the very geology that means there is an exploitable reserve to be fracked contains the fractures inside the rocks we actually want to frack.

As above - there is a lot of misinformation and deliberate lying. Fly by night operators dumping wastewater from the fracking operations is not the same as water finding its way to the surface via fractures. Compromised well bores are the only viable path to communicate. This problem has nothing to do with fracking. But the insane "they pump CHEMICALS down the well to break up the rocks" crowd simply don't want to understand.

9
0

Linux boss Torvalds: Don't talk to me about containers and other buzzwords

Francis Vaughan

Re: The IoT Crowd

Given that the Gnu/Hurd predates Linux, one suspects that we will be waiting rather a long time. There is nothing magic in the Mach kernel's size. Putting things inside or outside of kernel mode execution doesn't really help the overall system size. It is the overall minimum system needed to operate that matters. After all, look at Mac OSX. Darwin is also a Mach kernel. Apple's chief scientist was for a long time Avie Trevannian - they guy who probably had the most to do with Mach's architecture and development (although it had some roots in Rick Rashid's Accent OS, and Rick was the guy who drive the Mach team. Ironically Rick vanished into MS years ago.)

0
0

What a shower: METEORS will BLAZE a FIERY TRAIL across our skies

Francis Vaughan

Wrong title

Clearly the title of the book should be "The British Book of Astronomical Flops."

Generally a lovely view down here in the antipodes.

1
0

A close shave: How to destroy your hard drives without burning down the data centre

Francis Vaughan

Re: Degaussing isn't as instantly effective as you might think..

Faraday cages don't make the slightest difference to magnetic fields. They stop electrical fields. Until your magnetic field is oscillating at radio frequencies you won't see enough of an effect from a Faraday cage to make a measurable dent in the magnetic field intensity.

Shielding a magnetic field is extremely difficult, usually done with Mu-metal cages. These have all sorts of problems in implementation, not the least of which is that they saturate and cease to shield at all in the face of high intensity fields.

2
0

Virgin Galactic SpaceShipTwo crackup verdict: PILOT ERROR

Francis Vaughan

"Newsflash: The FAA is not in the business of "ensuring sufficient safety culture" "

Actually they are. The FAA ride the aviation industry with enormous control, and they vet every part of the design and construction of an aircraft. You cannot get a new plane off the ground unless the FAA have OK'ed every aspect of the design and construction, and as part of that process the FAA absolutely want to know everything about your design and testing processes. Safety culture is a key part of those processes, and the FAA will want to know every detail about your companies safety processes and culture.

The NTSB identified that there wasn't enough experience with the kind of work SC were doing in the FAA, and and thus the FAA's oversight didn't extend far enough to have picked up on the deficiencies. The FAA don't have oversight of military aircraft or rockets, so the jump from overseeing companies building subsonic conventional aircraft to rocket propelled supersonic opened a hole in their experience of how tight the safety culture needed to be. Any history of rocket science will show that the levels of detail and care needed to avoid problems is an order of magnitude greater than just about anything else there is.

5
0
Francis Vaughan

The problem seems to have been that there was no interlock - they assumed that a pilots would never do something at the wrong time. This is combined with a lack of human factors - which seems to be a euphemism for not taking into account that humans get flustered, especially under pressure and under conditions that the simulator didn't really match.

The co-pilot had 26 seconds to work through his required actions, and it seems that he made the call of "mach 0.8" and then he performed the next plus one action on his to-do list immediately after. There was no checklist used, just rehearsed actions. So nothing to cope with a flustered co-pilot doing something he was supposed to do, but a few seconds too early.

So one suspects that the final NTSB report will be that this was an accident waiting to happen, and that no-one realised because SC didn't have the background in human factors, and the NTSB didn't have the background in supervising an experimental spacecraft.

18
0

We read Hewlett Packard Enterprise's 316-page post-split blueprint so you don't have to

Francis Vaughan

Back to the future

Called HPE, perhaps sometime later they can rename it to its original. DEC.

2
0

Windows and OS X are malware, claims Richard Stallman

Francis Vaughan

Re: I want that hat!

For those that are too young, it is a disk platter. Probably out of an RM02 or similar. It is too big to have come out of an old 12 inch stack. Given RMS has been doing this gig for decades it is probably looking a bit battered by now.

6
0

Epson joins Microsoft in underwhelming 3D glasses

Francis Vaughan

A quick look at NGrain's web page suggests they need to get their act together a little.

They advertise multiple platform support for their core Ngrain SDK. Where multi-platform is defined as Vista, Windows 7 or Windows 8. Hmmm.

Then one notices that the web page prominently features what is clearly a MacBook Pro - albeit in mirror image, running Vergence. Guess what - Vista, Windows 7 or Windows 8 only as well. Sure, you can run those in a Mac, but it isn't a good look. (The Mac is clearly a mirror image - they keyboard layout is mirrored as well as the ports.)

In fairness they do seem to have a neat high performance 3D volume renderer that is perfect for augmented reality. However usually these tools are used with much more capable devices than low end glasses and iPads. Motion tracking being a key capability for a start.

There have been immersive 3D tools around for 20 odd years. Cartia, and Pro Mechanica's Windchill come to mind (or whatever they are called now - it has been a long time.)

0
0

Apple Watch fanbois suffer PAINFUL RASH after sweaty wristjob action

Francis Vaughan

Watch newbies?

Is is just possible that we have an entire generation of users for whom the Apple Watch is the first device they have ever worn on their wrists - and they need to be taught how to wear a watch?

7
0

Australia cracks tech giants' tax dodge code

Francis Vaughan

It isn't about efficiency.

You are assuming that Singapore levies the same tax rate on all companies.

Apple/Google/et al simply go shopping for a low tax rate. The offer is simple - we will pay you some peppercorn amount of money - not really related to our turnover, or we will go somewhere else. You choose: some money, or none. So there are a range of countries who are quite happy to accept a pittance to provide the legal framework that allows the big international to claim to pay tax there.

It isn't just the high-tech companies. BHP Billiton paid about $100,000 tax on over $2billion income declared in Singapore. It isn't clear what relationship Singapore has to do with mining, or what government services or infrastructure the Singapore government provides to help with mining, but that is where the tax is paid. If you are the government of a country where the miners are crying poor and asking for all sorts of concessions, this sort of thing makes serious government support with things like infrastructure ring hollow.

The question to ask is however close. Why are we taxing companies at all? Should we not be taxing the shareholders when they get a dividend - as the low taxes get turned into greater value to the shareholder eventually. They are the ultimate beneficiary. Which gets you to the next big problem. The US has a tax structure that punishes shareholders of companies that pay dividends, and makes it significantly advantageous to simply increase company value (ie Apples' hundreds of billions in cash) and thus make the shares themselves more valuable.

In Oz we have the notion of franked dividends - dividends upon which the tax has been paid, and which the shareholder does not pay further tax. But the US has almost exactly the opposite notion. Don't forget - the beneficiary of all these tax tricks isn't the company - but the shareholders. Many of which may include mere mortals such as ourselves - via the various mutuals and superannuation funds. These issues make the entire world of tax and national boundaries unclear.

But whilst the tax treaties allow it, and there are countries who are willing to prostitute themselves by accepting only notional tax rates from companies that they have essentially no relation to, and are no burden on that countries government, whilst our countries provide the infrastructure and social support allowing these companies to operate, you will have a problem.

0
1

Boeing 787 software bug can shut down planes' generators IN FLIGHT

Francis Vaughan

More lessons - Arianne 5

I'm still going to bet the problem isn't a simple coding error.

People are assuming that the GCU was coded from scratch. It probably wasn't. The real time control executive was quite possibly an off the shelf, ready flight qualified and certified system. A great thing to use. But again - who was responsible for the requirements - and especially understanding that the aircraft systems might need to stay powered up for nearly a year?

In a real time control system you have a constraint of CPU cycles. You don't burn them without reason. It may be perfectly reasonably, and well reasoned that the timer will be coded with no wrap. What do you do if it does wrap? It is difficult, to say the least, to cope with time that goes backwards. So as Hugo Tyson notes above - you have more, not less, problems.

In a hard real time control system you can't simply throw an exception. Who catches it, and what does it mean? Indeed - everyone is assuming that the clock wrap wasn't caught - it could easily have been caught and it was the catching of the clock wrapping that caused the shutdown.

This is where it gets messy. And brings us to the first ever flight of Arianne 5. The flight control software was derived from the Arianne 4, and was a known solid bit of code. But it needed modification to cope with the changes in design. A piece of effectively dead (unneeded) code, that was otherwise benign, was driven into an unusual state by higher than expected winds, and threw an exception. Nobody caught it. Exit $400m worth of rocket in a very spectacular failure. The failure was in a perfectly good piece of code that the changed requirements didn't pick up needed addressing and testing - because it was not needed for the new vehicle.

Writing error free code is easy. It is getting the precise requirements and integration of that code that is really hard. The idea that not picking up the clock could wrap is the error isn't the hard part. It is very unlikely that the clock wrapping wasn't known. It is very likely that a clear understanding of the environment the code would see itself in was not fully addressed along the chain of requirements analysis from the early design briefs of the plane, all the way down to the contractor responsible for coding it. This chain can fail in many many ways, and is a vastly harder thing to manage and get right than simply coding a counter, or indeed even a quite complex bit of software.

3
0
Francis Vaughan

Patriot and requirements

As noted earlier, the bug has a great deal in common with the Patriot Missile failure. What is important is to note that the Patriot software wasn't in error. (It wasn't a clock counter wrap, but rather accumulating error in the clock.) The mistake was way back in the system requirements, where the specifications called for an agile system that could be rapidly deployed and moved as needed. The requirements called for a system that could remain stable for about four days. Nobody though that there would be semi-permanent emplacements set up to protect military bases. So nobody added a time span to the requirements.

So, how far back in the system requirements analysis for the GCU was there an explicit expectation for how long the system would stay powered up for? These are the places where issues slip between the cracks, not some poor programmer who was asleep at the wheel. With Boeing outsourcing so much of the systems, it isn't hard to see how hard it is to keep things like this under control. As the 787 is the first airliner to have such a massive reliance on electrical control, it isn't hard to see how traditional expectations of system up-time would influence the analysis done by many engineers.

I bet an analysis of how this bug came into existence has vastly more to do with the difficulties of requirements across many contractors, and much less to do with "obvious" coding errors.

1
0

Apple Watch RIPPED APART, its GUTS EXPOSED to hungry Vultures

Francis Vaughan

It isn't a watch.

Seriously, it is no more a watch than an iPhone is a mobile phone. Sure, an iPhone can make calls, and an Apple Watch can tell the time, but neither are their respective primary functions. Nor does the device dissected cost £10,000, it costs £300.

The peanut gallery's constant desire to compare it to a Rolex is simply stupid. The device that iFixIt dissected costs less than a great many people spend on a watch that does only tell the time. And its purpose isn't to tell the time. Just imagine that Apple had decided not to release the silly gold version, and had called it something other than a watch. The vast majority of the pointless comments would have been stillborn. Perhaps then commentators might have focussed on what it is actually good for, and not what it isn't.

1
2

BOFH: Never mind that old brick, look at this ink-stained BEAUTY

Francis Vaughan

Re: Oh Crap

I own a drum, amongst all the other bits in my garage. That makes me the hoarder, or maybe Simon.

0
0

Guardian: 'Oil reserves will soon be worth NOTHING!' (A bit like their stock tips, really)

Francis Vaughan

Critical point missed.

Oil companies (and mining companies for that matter) do not throw effort at keeping their book value up with reserves. In fact they do the opposite. (Somehow. perhaps the idea that modern CEOs are best served by a high share price is translated into companies keeping the value of reserves high - but this is a thin argument).

Resources are subject to the three Ps - not two. proven, probable, possible (with a fourth as producing).

Not only do you need to be able to show that the oil or gas is there, but that you have a viable way of getting it. Actually currently producing is even better.

But, the economics of how oil and gas (and minerals) does not favour aggressive exploration for probable reserves. The way the system works is geared to effectively limit exploration to provide for just about the right speed of exploration to meet projected needs.

Oil companies do not get to explore for oil for free. Countries auction off exploration rights, and they do this is a highly controlled manner, in order to maximise the amount paid for these rights. Rights to explore time out. There is no value in buying them if you don't intend exploring. Indeed, usually you will forfeit the rights if you don't actively explore. Exploration isn't cheap. This is especially true now that the easy oil and gas has been found. 3D seismic can be astoundingly expensive. Many millions. Sometime a great many millions. Exploratory wells, especially in deep water are silly money. A deep sea exploration rig costs about $1million a day to run. The moment you purchase an exploration lease you are committed to your exploration programme.

Now, what if you find oil or gas? Well then you need to buy a production lease. And these are not going to be cheap. Secondly, the lease will involve a percentage cut for the country you are working in. Since this is a serious money making effort for the country, they are not interested in you sitting on your production lease. Once you have bought it you must start producing, or you may forfeit the lease.

The bottom line is that it is a significant liability to a company to have leases that they are not currently in the process of exploiting. The industries (both oil and gas, and minerals) have always operated this way. All the other economic arguments are a waste of oxygen. The bottom line is that the proven reserves that a company controls via its leases and the prospective reserves that are controlled via its exploration leases are balanced to address the expected demand within the lifetime of those reserves. To add new reserves that will not be added to this pipeline, but are somehow just a book asset is a significant and unwelcome cost, and all companies avoid it.

13
0

Timeout, Time Lords: ICANN says there is only one kind of doctor

Francis Vaughan

Sadly the wrong answer.

The domain will almost certainly become debased, as charlatans of every ilk sneak past the implementation. As soon as the chiropractors weasel past (and they will) the domain will become a cesspit, as all the other pile in. It would be better to leave it totally open from the outset, and even encourage the crystal twirlers and purveyors of quack cancer cures to infest the domain. This would achieve the desired effect much better. Anyone registered with a .doctor URL would be thus instantly known as a fraud.

Those with the need to be seen as a "doctor" are exactly those that are not.

(I have a PhD - thus I have a doctorate, can be addressed as "doctor", but I am emphatically not a Doctor.)

7
1

$17,000 Apple Watch: Pointless bling, right? HA! You're WRONG

Francis Vaughan

Re: Not intended for you

Exactly.

I remain somewhat bemused by all the comments that for the most part totally miss this. You won't see a gold Apple Watch in most western countries from one month to the next. They will sell out in China.

Indeed the Apple Watch has been noted to be much more suited to Asian use patterns - and will probably generally sell better there.

The question no-one seems to have asked. Is the watch upgradable? There is no reason why the case should not be capable of taking the version 2 electronics. It looks very much as if the external interfaces are intended to be consistent for a very long time, so there should be no good reason why it can be upgraded. Upgrade might cost about the same as a new base version, but why would you care?

1
0

UK.gov in pre-election 'Google tax' blitz against internet firms

Francis Vaughan

It's started

Despite the cynicism above, it is clear that governments of all colours, and in most countries are now tired of the evasion tactics being used by these companies. It represents a significant amount of money simply vanishing out of the the country. (There is always going to be a difference between supporting low taxes on local companies - where the money stays in the country - and low taxes on companies that simply export the money.)

This represents the first shot in what is likely to be a protracted war. Ultimately what is going to happen is that the mutual taxation treaties will come undone. But that may take a decade or more.

Here we have the alternative. The tax officials get to deem what is a reasonable company structure versus one that is designed for the purpose of evading tax, and to then apply a tax estimate that assumes a reasonable company structure. So then it goes to court, and the courts decide what is a construct, and what is a reasonable structure. At the moment we have constructs such as local companies paying the parent* 50% of their revenue as a licence fee simply to be allowed to use the company brand name. Indeed a licence fee that just so happens to vacuum up all the profit.

* Where the global parent company isn't the one in California where it all happens, which you might expect, but strangely one registered in a tax haven with an office of a few dozen people.

3
2

Page:

Forums