* Posts by bazza

2108 posts • joined 23 Apr 2008

US hospitals to treat medical device malware with AC power probes

bazza
Silver badge

Re: " ineffective and misplaced regulatory oversight,"

"You may well be right. What would you prefer instead?"

I think we'd all prefer and benefit from effective and well focused regulatory oversight.

Part of the problem is that the regulators seem not to have a good feel for where the system boundary should be. In the case of medical devices it's clear that they don't consider the network to be part of the system, yet as any old IT bod knows the network most certainly does matter. We spend a lot of money in IT on network firewalls, network switches, virtualised networks, etc. It is never an afterthought that we throw together after we've put in a load of servers.

Fixed Configuration

With medical devices the regulations prevent you automatically apply OS updates, etc. The regulators approve a fixed hardware design with a fixed software payload; applying updates makes it a "different" device that has not been approved.

So if the 'fixed' nature of the software is so important, how come they're quite happy for these things to be connected to networks that evidently expose them to a grave and real risk of having their software altered by hackers remote installing malware? It's almost as is they're relying on a naive opinion that "no one would ever hack a hospital"... And as I implied in my comment above, if the network provides important functionality, how come the 'fixed' configuration philosophy doesn't extend to the network too?

Inconsistent Regulation

That is inconsistent, has been demonstrated to be ineffective and the regulations need to be updated. However connecting them up to the Internet has been allowed for so long that it is the de facto rule, and all hospital IT is now structured that way. Regulation that doesn't properly and rapidly account for changes in the world isn't worth having at all.

If they want to keep their "fixed configuration" philisophy then they're going to have to apply that to the network too. This realistically means a closed network not connected to the Internet where there are no USB ports or optical drives available on any machine on the network. I can't see that going down well...

"And when you've sorted medial equipment, avionics regulation is in need of a serious reconnection with reality."

Again the situation there is that the regulators have failed to set a clear system boundary within which their rules apply. They've incorrectly set the system boundary as being the whole aircraft, and regulated within that.

However Boeing and Airbus have both implemented a single aircraft-wide network that carries or is exposed to passenger devices. The FAA/EASA let that happen seemingly without once considering the possible consequences of connecting passenger devices. Connecting them makes them part of the system. Passenger devices cannot be regulated. Thus the system now comprises an approved subsystem (the aircraft) and many unapproved subsystems (the passengers' mobiles, etc). With wildcard devices being part of the system all that regulatory oversight now counts for nothing, for it is no longer the same system that the regulators approved.

Of course they have done testing of the separation of passenger and flight control network data, and they have probably been successful in achieving adequate separation. However, no one can be totally sure of that. In contrast a single successful hack would prove that adequate separation had not been achieved.

Penny Pinching, Pound Foolish

The reasons Boeing and Airbus have for doing that is to economise in off-aircraft communications channels. The flight control avionics, the airline's own systems and the in-flight entertainment need to provide off-aircraft communications for various reasons, and sharing a single sat comm terminal makes it "cheap".

Except it's not cheap. First it creates the situation we have now where no one is quite sure whether or not anyone with a mobile can hack and down an aircraft. That's going to be expensive to put right.

Setting that aside, sharing a sat comm terminal is an incredibly short sighted thing to do. Bandwidth upgrades are clearly going to be a major requirement of airlines competing to provide a better service to paying passengers. That means hardware upgrades.

Upgrading a Shared Sat Comm?

With a shared sat comm terminal that means getting a whole new and improved unit designed, tested, approved by the regulators as still allowing the aircraft to fly safely, and installed. That's an expensive process, largely because of the approvals that have to be gained first. That process has to consider (amongst other things) whether or not it still correctly separates passenger and avionics network data. That will have to be checked differently every time they add new features. Effectively they would be redesigning the approval tests every time the design changes, adding more time and cost.

As any IT bod knows, a system that's exensive and slow to upgrade isn't going to be very profitable.

Upgrading a Separate Sat Comm?

Now imagine if the IFE were a completely separate network (with a data diode connection from the flight control avionics to get data for the moving map display), and had it's own sat comm terminal. That could be upgraded at will with minimal regulatory oversight because it is never going to be critical to safety of flight (at least not once basic EMC and airworthiness approvals are in place). Meanwhile the sat comm terminal for the flight control avionics just sits there, never upgraded because it won't ever need it.

That would be a lot cheaper and quicker to do; across the whole life of the aircraft the airlines would be able to offer a premium service that's always the best, with upgrades being easy to role out. And an added benefit is that it avoids the whole mess we have now.

1
0
bazza
Silver badge

Really?

“We are thinking about those machines that are really hard to patch, really hard to upgrade, and really hard to get inside."

If they are so hard to get inside, how come they're running malware?!?! The problem is that they're too easy to get inside...

Like others on this forum I think it's ridiculous that such devices are connected to an Internet facing network in the first place. No doubt somewhere in the small print for these devices there's words suggesting the lack of wisdom in doing so.

Regulators

And actually, where are the regulators in all this? If a device like this is merely one component of a medical network, then why does the regulatory obligation seemingly stop at the Ethernet port? Shouldn't the entire network have to be developed to the same standards as the devices? After all the whole point of the Ethernet port is to provide functionality beyond the device, and presumably that functionality is seen as important otherwise no one would bother wiring it up. And if it is important then the network design and maintenance is as important as the device's design and maintenance.

Sounds like ineffective and misplaced regulatory oversight, and it's allowed a bad situation to develop that is going to be very expensive and difficult to rectify.

2
0

NINETY PER CENT of Java black hats migrate to footling Flash

bazza
Silver badge

Well that took a long time...

So the war against bad plug-ins might actually be being won? Well that's taken only 20 years to make plug in version checking commonplace and effective...

It shows the power of having software version checking and automatic update mechanisms. It's the only effective way to keep connected software and operating systems secure for at least some of the time.

With desktops and laptops of all types we are now in a position where the OSes, the browsers and the plug-ins are either updated or blocked automatically (just flash on Windows 7 left?). That's good.

IOT

It should be a lesson for eveyone else doing software driven Internet connected devices. I mean the IoT crowd. They just don't seem to realise what they're getting themselves into. Without a similar constant stream of updates and vigilance their products will become infested with malware, and their reputation will be wrecked. It's not far off that already.

Worse still a lot of things that are becoming Internet connected will require very long term support e.g. fridges; people will not be expecting to have to buy a new fridge after just a couple of years simply because the software in their old one is no longer supported. That's not how we buy fridges. Same with thermostats, aircon, etc. Cars might turn out to be slightly better, though given BMWs poor start perhaps they too won't ever be good enough.

Keeping software up to date for that length of time is very expensive, and a lot of the manufacturers just aren't set up to maintain old software.

10
0

Google TUGS Nexus 7-INCHER from its online store

bazza
Silver badge

Re: Already gone

Actually no. It was an Asus device in development that they bought naming rights for and sold dirt cheap.

What, and Asus didn't give them a full hardware specification? Did they somehow forget to reveal every technical detail to Google? Hmmmmm?

No. In any relevant sense this is a device Google own.

14
0
bazza
Silver badge

Re: Already gone

"Lollipop did indeed make a nexus 7 run like a dog. The update 5.1 has made things a bit better (really a better description is 'not as bloody awful'). I wish that they had left it alone..."

This a poor execution by Google. It is their own device, and they cannot make their own operating system run properly on it. Now I do not know whether Google ever claimed that Nexus 7 would be supported by Lollipop. If they did, then they have properly bollocksed it. If they did not (and the 7 is an oldish device now), then why is it seemingly available for download for the 7? Given that they've only just pulled it from sale one has to conclude that Google's official position was that it was a 'current' device; but not one they were able to support properly.

I used to think that were I ever to by an Android device it would have to be either a Samsung or a Nexus so as to stand a reasonable chance of getting a steady stream of updates. Now it seems that Nexus is not reliably updated either.

All that makes you wonder how mature Google's software dev team actually is. Failing to account for (i.e. either say it won't be supported, or support it) one of your models that are for sale when you're updating the OS is, well, an amateurish mistake. When done properly you plan your updates, you know your devices, you work out in advance what is going to work and what won't. It feels like Google haven't done that. It feels like Google have rather hacked Lollipop together without thinking too much about it. It makes one wonder what else they've screwed up.

For comparison both Microsoft and the Linux world have a pretty good history for not cocking up support for existing hardware, and that's in an arena where there is an unbelievable variety of hardware. Even Apple and BlackBerry aren't too bad at it in their closed ecosystems.

If Google cannot manage to get it right in their closed Nexus ecosystem then they've clearly got a lot to learn.

16
2

FBI alert: Get these motherf'king hackers off this motherf'king plane

bazza
Silver badge

@JeffyPooh,

If you have an LED on one side, and a phototransistor on the other, with an air gap in between, then that in itself guarantees the 'diode' unidirectionality. Unless you think that phototransistors can emit light to be detected by the LED. So what's the fibre got to do with it?

Oh, the fibre doesn't of itself provide any one way-ness, it is as you say the lack of a light emitter at the other end that gives that.

Data diodes use a single fibre optic because that way you can get a high data rate too, and simply looking to see which end is emitting light is a convincing and unarguable test of the data diode-ness. There's also the point that you can easily implement it using standard-ish kit (eg fibre ethernet cards, or sFPDP) which is a lot cheaper than building your own through air high speed data link.

0
0
bazza
Silver badge

I'm not certain if this is the case on the 737-800 (Roberts' plane). But in the case of the 787, Boeing asked the FAA on a ruling regarding just this configuration. Here it is.

That was an interesting read.

Some of the exchanges between Airbus and the FAA are probably due to the fact that it is hard to be unambiguous in English, and easy to be unambiguous in French (so linguistic scientists say...). Same for Russian and German. It shows up in their engineering; it's easy to convey meaning correctly, whereas it isn't easy in English. Incidentally that's why we have (in the UK at least) lawyer-speak, a special variety of English that is unambiguous but hard for non-lawyers to understand...

Also Airbus's comment about the FAA's requirement referring to a solution is fair. Requirements should never, ever do that!

I can see why they'd want to share the satcomm terminal between the two/three different types of system. But in this day and age it would make sense to have two separate terminals for safety and for upgradeability.

1
0
bazza
Silver badge

But then you would need a separate GPS receiver to feed the moving map display on the seat back.

No, all you would need is a data diode between the flight control network and the IFE system. These are fairly standard items, and generally rely on a single core of fibre optic to get a guaranteed one way flow of data (it's physically impossible to send any bytes, data or instructions back the other way). With one of those in place you can send any data you like to the IFE system, and there's no way anyone can do anything to harm the flight control system.

There may indeed be one of these in place and the whole fuss is based on ignorance on the part of the FBI, the traveller, the hacker, etc. If that were the case it would be easy to dispel by publishing that part of the design.

The fact that they've apparently not done so suggests that there isn't a data diode, and that there is rather more electronic connectivity than is desirable, and the safety depends on some protocols, firewalls, etc. Proving that they're correct is a near impossible task. Proving them to be inadequate is easier but "undesirable"...

6
0
bazza
Silver badge

We (the general public) don't know for sure.

If there were an air gap between the two systems, or a physical data diode (single fibre optic core, guaranteed one way) then it is easy to be very sure indeed. The fact that there seems to be some doubt is not encouraging...

10
0
bazza
Silver badge

May or May Not...

The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi network.

The only reason for there being any doubt in the matter is if there is some sort of electronic connection between the IFE and the flight control systems, and it relies on firewalls, protocols, etc. (and not air gaps) to prevent a hack taking place.

The only reason that connection exists is because the manufacturers wanted to do that (and were allowed to by the regulators [FAA, CAA, etc]), because it was cheaper. Penny pinching.

If the regulators had said no, they must be air-gapped, there would be absolutely no doubt at all. A hack would clearly be impossible via a seat IFE port.

Instead we have a situation where no one can really say for sure whether there is a problem or not. The people charged with keeping us safe are always going to 'er' on the side of caution. Meanwhile the people who can answer the question aren't going to be allowed to do so. That's because the law enforcement guys know damned well that if the answer is yes, a hack is feasible, that knowledge will leak out. And if that happens then chaos will ensue.

Law enforcement types might try and find the answer themselves, but they'd need a huge amount of extra resources. And they might just discover that the dreaded answer is 'yes', the knowledge that no one wants to have. And the worst is that they might never be totally sure of a 'no' answer.

This is a totally predictable outcome stemming from a poor design choice made by manufacturers seeking to save a few dollars / euros, and it's going to cost us millions. Already has in fact. Some aged retired avionics engineer somewhere (not me) is sat at home right now feeling somewhat vindicated and smug, and contemplating phoning his old boss to say, "told you so, you prick".

Pound foolish idiots.

32
0

Cash register maker used same password – 166816 – non-stop since 1990

bazza
Silver badge
FAIL

(untitled)

The icon ---> isn't big enough...

18
0

Hi, Fi: Google JOWL-SLAPS mobile bigguns with $20/mo wireless service

bazza
Silver badge

Re: Wow!

The Americans sure pay for their data: I use anything from 10 to 30GB per month for £15 in the UK

Yep, recently had a conversation with an American along similar lines. He couldn't believe it, properly gobsmacked! I told him that that's what you get when you win a revolutionary war of independence, that they only have themselves to blame for their weak and feeble government...

What they need over there is a good dose of UK / european style (and very nearly communistical) market regulation!

Mind you, if you think $10/GB is a lot, you should see what they pay in Japan. And if you go there leave roaming data on, be prepared for an apocalyptically sphincter tightening bill. £2000 in two weeks is not unusual for a busy business trip. If you ever go there be sure to rent a SIM at the airport with a decent data allowance, or better still pre-arrange one (£150 / week unlimited data is achievable).

10
0

ARM wrestles analysts' guesses to floor after slurping IP Kool-Aid

bazza
Silver badge

Re: No mention of "contra revenue" here then?

The website revealed it to be the big I...

0
0
bazza
Silver badge

Re: No mention of "contra revenue" here then?

Is it the Big I, or the little A?

0
0
bazza
Silver badge

Re: Crazy

I don't think any of the major players will ever be able to buy ARM. The competition regulators all over the world would have a hard time saying why it would be ok for, say, Apple to buy ARM at the expense of everyone else.

That kinda suits everyone. ARM don't make mobiles and so don't threaten their customers' business. ARM benefit from a large licensing market, and their customers benefit from a large pool of engineers who know ARM's designs inside out. Their customers know that they don't have to make a preemptive and costly acquisition of ARM because non of their competitors can acquire it.

So by being indispensable ARM are effectively invulnerable to a take over. I have no doubt that if, say, Samsung came along and offered a large wodge of cash for the company the ARM shareholders would be tempted but wouldn't be allowed to sell to them. However they are earning their money the old fashioned way: dividends. There's a few companies out there that could learn from that...

1
0

Windows 10 MURDERED your Lumia? Microsoft says it may have a fix

bazza
Silver badge

This is *NOT* how you do interfaces

"To avoid future problems, Microsoft has published a new version of the Recovery Tool that sends data in 128KB blocks, rather than 2MB blocks as before. The data rate has also been lowered from 8MB per second to 5MB per second."

If you've got a slow thing being fed by a fast thing, you're gonna need flow control. Invented, oh I dunno, some decades ago? You don't go messing around with guessing data flow rates.

10
0

America was founded on a dislike of taxes, so how did it get the IRS?

bazza
Silver badge

Re: a country that was founded on a dislike of taxes

Tell that to residents of Washington DC. (Still?) no votes for them...

1
2

Android finally shows up for work, app in hand

bazza
Silver badge

"Or make dual sim phones widely available instead of keeping them restricted to either crappy phones or emerging markets."

Actually that doesn't work so well. Dual SIM phones generally cannot use both at once, you have to switch between them and use one at a time. There's only one set of radio hardware in the phone. It doesn't work well because if you're switched to one SIM people cannot call you on the other SIM's number until you change over.

If there were two sets of radio hardware then it would be like having two separate phones, twice the power consumption, etc. Feasible, but not very good either.

Sorting out the duality back in the network (like BlackBerry would seem to be planning on doing with that company acquisition) is the better way. Minimum hardware and power consumption in the mobile, all the clever stuck in the network. Hell, you could have all sorts of phone numbers!

Skype is quite good because it already does this kind of thing, for a fee. Skype In can give you a number anywhere in the world, and can give you multiple numbers too. Only thing it won't do as far as I can tell is let you make a phone call back out through those Skype In numbers.

0
2
bazza
Silver badge

Re: The Missing Piece

"What's the point of using your own personal smartphone for work if, when you make a call, you have to reveal your personal mobile number? What happens then - customers, suppliers, even recruiters then have your personal mobile number to harass you long after you've left the office. Maybe even after you've left the company....."

Perhaps this article BlackBerry buys service that lets you have two numbers on one smartphone will prove to be interesting reading.

Of course we're in danger of entering a world of madness here. 4G is IP, and voice calls on 4G have to be synthesized using VOIP technology. So we could be in a place where we look up a contact in an address book, dial their number, the call gets routed as a voice call to a 4G network, it gets turned into a VOIP stream, then gets presented as phone call again with the caller ID presented as a phone number which gets looked up in an address book to discover who it was that is calling.

So what's wrong with everyone just using Skype (or whatever) for everything which would then eradicate all the pointless intermediate transitions?! If it were possible to run two copies of Skype (or whatever), then that would solve the problem you describe without any additional cocking about with complicated bodges on existing telephony protocols!

0
2
bazza
Silver badge

BlackBerry Balance Clone...

...but probably not as good as BlackBerry's.

If Android for Work can present all your calendars (work and home) together in a single view, and all your emails (work and non-work) in one view, and allow copy/paste in one direction but not the other, then perhaps Google are beginning to get the right idea.

3
0

Easy ... easy ... Aw CRAP! SpaceX rocket ALMOST lands on ocean hoverbase

bazza
Silver badge

Re: Landing a rocket is retarded

@Grikath,

"To use your F1 analogy: Try racing when you have to chuck out and replace the engine every single lap. Things get expensive that way...."

SpaceX a long time ago were confident that they could get the manufacturing costs of their rocket down so that disposability was very affordable. They had some good ideas. For example the way their first (and current?) engine bells were designed was clever; ever so slightly heavier and slightly less performance than an 'ultimate' design, but very easy (= cheap) to make.

I don't know how that worked out, but the drive for re-usability is either because the 'cheap to build' approach didn't pan out or they're going for dropping the launch price even further. It's probably a bit of both.

0
0
bazza
Silver badge

Re: Video

To my untutored eye the descent velocity looks quite high all the way down to the barge. Even Neil Armstrong had time to hover and maneouvre a bit before actually touch down, and he'd gone all the way to the moon, not just a quick hop into the outer atmosphere!

Looks like the control system hadn't achieved stable control over the rocket's orientation either, it's weaving all over the place.

Getting closer though

2
0
bazza
Silver badge

Needs One of These

Helicopter grab grill on HMS St Albans. There's a hook that the ship's helo can push through this as it lands, instant grab. Stops the helo rolling all over the place.

These are so effective that when divers went down to the wreck of one of ships sunk in the Falklands war, they found that the Lynx that had gone down with it was still attached, hanging upside down (the ship had capsized), after all these years.

1
0

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

bazza
Silver badge

Genuinely interested; is it proving to be a write-once-run-everywhere experience?

Good luck!

1
0

Need speed? Then PCIe it is – server power without the politics

bazza
Silver badge

Re: PCIe? Yeurk!

@Trevor Potts,

"Don't be so sure that paying the patents isn't cheaper than inventing it all over again. If your assertions were correct, we wouldn't have companies reinventing interconnects over and over. Sorry mate, but which you are correct that proprietary interconnects are technologically and technically superior, that does not mean they'll win."

Yes, you are completely correct! The wheel keeps getting re-invented because someone somewhere thinks they can do it better / cheaper. Sometimes they're right, sometimes they're wrong. Personally I think that trying to create an inter-chassis interconnect around PCIe would take a long time and won't be as good as Tofu, which would be a technological pity. However that won't necessarily stop it turning into a commercial success.

When I read this article the first thoughts I had was, had they (whoever 'they' are) even heard of the K Computer / Tofu, and if so had they ever thought to even ask Fujitsu about doing a deal? Super computers are fairly obscure, so there's a high probability that the answer to the first question is no. However if someone somewhere really, really wanted to bring this sort of thing to market quickly then Tofu is there. In a sense it already is on the market; Fujitsu will sell you a mini K computer to have all to yourself :-) I want one but haven't got one :-(

Even Intel are considering going down the Tofu-esque route (i.e. putting the Interconnect on the CPU). El Reg covered this back in 2012. However it won't be high up Intel's list of things to do; the full benefit of such things can be realised only if significant changes to OSes and software are made. The OSes and software that everyone has today assumes an SMP environment. As that article says, SMP doesn't work well over a wide area. It doesn't sound like there's a lot of profit to be made, yet.

0
0
bazza
Silver badge

Re: PCIe? Yeurk!

@AC,

Thanks for posting that, I'm going to eat some TOFU!

No worries. It's a cool architecture, you can even buy one if you want to!

Current interconnect technology is pretty much brain-dead, when you consider that there is no link between software architectures and the hardware they run on

It's not that bad. Intel and AMD have both done very well in making an old fashioned programming model (SMP) work well in a general sense by emulating it in NUMA architectures (That's what QPI and Hypertransport do). We've all got better performance without having to redevelop software or OSes. In that sense Intel and AMD have both done very well. However if you want all out performance then you have to do something different, e.g. Tofu.

Interconnects and their switches are becoming a bit of a problem. They're now costing $billions to develop, and the markets that can support that development cost are few. Ethernet will be the only medium / long range interconnect worth having in a few years. We're already seeing HDDs with Ethernet instead of SATA. Ethernet switches will get developed regardless, in which case would it ever be worth doing, say, a competitive PCIe switch chip? I think it highly likely that computer architectures will coalesce around Ethernet and DDRx eventually.

2
0
bazza
Silver badge

Re: PCIe? Yeurk!

@Trevor Potts,

Patents, standards, yes they all cost money. But they're nothing like as expensive as reinventing it all over again.

Hypertransport doesn't work outside the box because it was never designed to do so. Going a few centimetres across a motherboard is, from an electrical and protocol point of view, very different to going between chassis. PCIe is a bit better than Hypertransport, but it's slower and wasn't designed for inter chassis connections either.

As Justicesays points out in the post above you cannot ignore the speed of transmission over a longer distance. Taking account of it means changing the protocol and charging how you utilise it in an application. You are more or less forced into an openmpi style approach to application design. You cannot ever hope to have a single memory address space such as an SMP architecture gives you, it's performance would be terrible. Protocols like hypertransport, QPI and PCIe (which are all about SMP really) are not very appropriate.

2
0
bazza
Silver badge

PCIe? Yeurk!

This is already a solved problem. Take a look at the K computer's Tofu Interconnect (more detail here (pdf)).

Ok, it's a bit specialised, but it is a very high speed wide area CPU-CPU interconnect without any intervening nuisances like PCIe, etc. The benefit of that interconnect shows up in its Rmax/Rpeak ratio, which is not far off 1.0. That means that the interconnect works very well, there's not much latency in the system. A lot of the faster supercomputers have a much worse ratio.

On Tofu each CPU gets 100GByte/sec to other CPUs, which is very good (Xeon manages about 50GByte/sec to memory), and it's effectively a 4+ year old piece of technology.

Other supercomputer guys like Cray are also pretty good at this kind of thing.

PCIe by comparison is childs play. Rather than trying to bend and stretch PCIe they should go and have a good chat to the supercomputer folk, especially Fujitsu.

2
0
bazza
Silver badge

Re: Going to be slow regardless

@Justicesays,

"1 Gigahertz means 1 cpu cycle happens while light travels 30 cm.

Chips run at up over 5 Ghz, so 6cm.

If it turns out the data you needed was on a RAM chip 2 meters away, 66 cpu cycles (at least) will pass while you are waiting for it to turn up, regardless of what bus, technology or whatever you are using for an interconnect."

It's actually worse than that in practise. Light in a vacuum travels at 30cm / nanosecond, but down a fibre or through a wire light / electricity goes at about 20cm / nanosecond. That's a whole lot worse!

6
0

Bonking with Apple is no fun 'cos it's too hard to pay, say punters

bazza
Silver badge

Existing Standards

The whole NFC thing here in the West is crazy.

The Japanese have their own system, they've had it for a long time, and it works brilliantly. They've had it built into phones for ages, and it's completely normal to use a phone (even a budget phone) to pay on the subway, buy a coffee, newspaper, etc.

So why was it that the existing, functional and completely adequate standard in Japan was ignored by the West? Not Invented Here syndrome? Licensing fees? Hadn't been to Japan and didn't bother doing an IPR search for Japanese patents?

Patent Wars

Of course this raises the possibility of Japanese tech companies pursuing the NFC consortium for patent licensing. Bit like Mitsubishi having invented the Dyson AirBlade hand drier years before Dyson themselves got round to it... Mitsubishi obliged Dyson to withdraw their version.

0
0
bazza
Silver badge

Re: I'm puzzled by these attempts.

@Steve Davies 3,

"The difference between this and the other types of payment service is that the merchant does not see your card details. Thus they can't track your shopping habits!

For the likes of Tesco this is not good. I will very surprised if they sign up for apple Pay at launch."

For the likes of Tesco it is irrelevant. The law in the UK prevents retailers retaining credit / debit card details, so they cannot be used for tracking customers' shopping habits anyway. Pay by Bonk doesn't change that existing situation.

This is why they all have loyalty card schemes.

1
0

Is this what Windows XP's death throes look like?

bazza
Silver badge

Re: web or not

"That's an obvious, and perhaps the only realistic way to go about this, but I have a feeling that there are quite a few machines running XP which are no longer (or perhaps never were) connected to the net."

You're probably right, but then there's the old adage, "Does it really exist if it is not connected to the Internet?".

Those machines might be nothing other than an abstract philisophical construct.

9
3

ZTE's stealthy Nubia: China-made Google-free Android mobe

bazza
Silver badge

Hmm, I'm not sure about this. Sure, almost anyone can make a nice piece of hardware these days, all the bits and pieces are available on the open market.

What matters most of all is the software.

[Yeah I knows Jobs said something like that, I don't like Apple at all, I doubt he was the first to say so, but he was right]

It matters most of all when you're talking about software that interacts with someone else's software, like Skype, Facetime, messaging apps, games, etc.

Basing these alternative handsets on Android is about the only way to go to solve that problem. But it's still not plain sailing.

0
0

Did we just wake up in an alternate universe? BlackBerry turns a profit

bazza
Silver badge

Re: The Ed Miliband of smartphones

The problem is the hardware. The Passport is clever but gimmicky, the new Bold-a-like with the forgettable name is too big for what it does. Now a Sony Xperia Z3 Compact with OX 10.3.1...I'd buy that. But BlackBerry doesn't have the scale or the money to produce cutting edge hardware.

The Z30 is fabulous.

BlackBerry got slagged off a lot when it first came out, far too big everyone said. Now look at all the phablets everyone else is doing.

Runs a lot of Android apps. Plus a solid 2 day battery life.

3
0

GitHub ordered to hand over access logs to Uber

bazza
Silver badge

It might be a typical American company with an American attitude towards its corporate responsibilities, but its offices abroad have to play by the local laws. They have an office in Amsterdam which can probably be sued by any EU citizen.

It is amazing how the USA doesn't have any useful data protection laws. Presumably businesses over there lobby against such things. Doing so is self defeating in the long run. Sure, they don't want to have to do 'data protection' because it is a cost item on their balance sheet, which harms their profit margin. But that's nothing compared to being wiped out as a company because your clients have got fed up with doing business with you.

If there was a law saying that you had to bear data protection costs as a normal part of your business then so would your competitors. Then you would be less likely to lose the faith of your clients and would not be disadvantaged by your competitors. That's a far safer business proposition than saying "meh, we'll take the chance". Which is what Uber have done to date and are now suffering the consequences.

They are going to have to do something about their poor reputation sooner rather later. Taking short cuts on safety, privacy and licensing will ultimately wipe them out. There's a reason why countries have cab licensing laws; they are for the protection of the public and the cab company.

Hypothetical scenario: Cab driver commits a string of hideous crimes, victims cannot sue his licensed employer because being licensed means they take all reasonable precautions. But victims could sue an unlicensed employer like Uber because by definition they are not taking all reasonable precautions. Uber's business model is the latter, and they're taking a bet that all of their drivers will never be serial rapists, etc.

7
1
bazza
Silver badge

Re: What If...

What if we're one of Uncle Sam's numerous intel agencies?!

2
1

Wind turbine blown away by control system vulnerability

bazza
Silver badge

Re: Oh Good Grief

Well, in this case I'd expect a malicious hacker would be content to override the governor limits, thus letting the windmill thrash itself to pieces in the next windstorm. Just for kicks.

Just for kicks indeed, and still dangerous. I would like to be confident that important things like governors and interlocks weren't alterable through a Web interface, but who knows.

Exposing critical control features to abuse in this sort of way (if they've actually gone and been and done it) is inviting corporate extinction. One script kiddie does as you suggested for the laugh and the entire lot gets wiped out. It's pretty hard for a company to survive a total loss, and that's bad for pension, stock holdings, salary, etc.

I would like to think that the manufacturer was cognisant of that enormous risk to its profitability, and has not exposed critical controls through a feeble Web interface. However, I'm not 100% confident. From what I've seen companies are generally pretty bad at assessing or even acknowledging their exposure to "that would never happen" risks that would wipe them out. It's a kind of blind spot. Ask TEPCO at Fukushima...

6
1
bazza
Silver badge

Oh Good Grief

How many times has this got to happen before it gets taken seriously?

Either don't connect it to the Internet, or do it properly. Laziness of this sort is a stain on the entire industry. What is it about a major piece of generating equipment that suggested to the idiot who's fault this is that security didn't matter? It's a major piece of equipment that has to be properly controlled otherwise someone somewhere could get hurt. This is dereliction of duty, leaving it as wide open as that.

The muppet developer who wrote this should be found and made to program in gwbasic for 10 years as punishment for giving the rest of us a bad reputation, with another 10 added on top for not caring about the consequences of their laziness. Just because they managed to fool their boss into thinking that they'd done a good job doesn't mean that they won't get found out later.

Safety interlocks

It would be fascinating to know what safety interlocks there are on these turbines to allow a maintenance engineering team to work on them and be sure that it won't start up whilst some poor engineer is, says working on a blade. That blade moves, that engineer could easily be killed.

If the only thing stopping it moving is a setting in that Web interface, then that's a truly safety critical piece of software.

If this is indeed the case, having a flaw as feeble as that is really, really appalling. And in this day and age developers could go to jail if there was a death.

28
0

Google Glass NOT DEAD. We're just making it 'ready' says chief

bazza
Silver badge

Re: The media had it all wrong

And the device sucks compared to HoloLens.

Yep, I'd agree with that. I gave a Glass a go (borrowed a pair) and couldn't see the point of it. Hololens looks like it might actually be able to do something useful. MS have maybe solved the motion sickness problem too; it is translucent so a wearer is less likely to get so disorientated.

Also it's not trying to be just a pair of spectacles, it is very obviously a Hololens, and you'd likely not be wearing it out and about; it's not going to raise the same social issues as Glass did.

1
1

AUTOPILOT: Musk promises Tesla owners a HANDS-OFF hands-on

bazza
Silver badge

Re: They'll get burned by these updates eventually

Quite right. Tesla and the entire auto industry is seemingly sleep walking into a situation that is very dangerous for their future profitability.

As soon as a car becomes the end point of a network then there is a risk that someone somewhere will get inside that network and hold you to ransome. Something like pay us $10,000,000 or every Tesla will fail to boot in the morning.

All these companies are the same, BMW, Audi, etc. They're going for the blingy connected car thing because they think it will sell. Meantime they're blindly taking on a huge corporate risk. In fact calling it a risk is stupid. If the history of IT security is anything to go by someone somewhere will one day succeed in doing something like that. After all, no matter how good your technology is, there is no defence against a disloyal or blackmailed sysadmin. Far from being a risk it is practically guaranteed; it's simply a matter of when.

Even if the car companies have private networks they are at risk. One defence is to simply shut down the network in response to a threat. However that doesn't account for the possibility of a malware payload already being in place. Shut down the network and the malware payload goes active at a given time; attack not thwarted. All a blackmailer needs to do is make a phone call and say that that is what they've done. How are the company going to prove that they're lying before sunrise? Not easily.

I'm surprised that governments aren't more worried about this. If everyone had a connected car then the entire nation is vulnerable. If an entire population wakes up in the morning and cannot get to work because their cars have been hacked, that's pretty much an entire day's GDP lost. That's a huge sum of money, and knocks 0.3% of the economy straight away (which is why keeping the roads clear in winter is so important).

4
1

Zuck: Get your FULLY EXPOSED BUTTOCKS off my Facebook

bazza
Silver badge
Facepalm

Sumo wrestling; cultural norm (120 million Japanese people), or bad (Mark Z)?

1
0

OpenSSL preps fix for mystery high severity hole

bazza
Silver badge

Conspiracy of Optimism

These things happen only because almost everyone is quite prepared to believe that a piece of software must be ok if everyone else is using it too. Almost everyone is too busy/lazy/ill equipped to actually check code they're borrowing.

That places a heavy burden on the designers and implementers of software. There are things out there that can help.

For instance there have been decent schema languages for defining interfaces since the early 1990s, e.g. ASN.1 schemas, and now JSON schemas. With the right tools it is very easy to define and implement an interface whilst making that interface very resilient to abuse. Any residual problems tend to be in the schema tools and libraries, which at least are a fix-once-fix-everywhere thing. How many buffer overrun bugs have we had? Lots. Yet they would not have happened at all had a schema and tools been used instead of hand written code.

In case anyone is interested my view on a reliable schema language is that it must be:

1) Typed. Messages define what message type they are

2) Size constrained. Arrays limited in length, checking enforced

3) Value constrained. Variables limited in value to a defined range, checked.

4) Extendible. Allow old code to handle newer versions of a message.

5) Choice of binary and text wire formats. Supports all needs

6) Support many languages (C, C++, Java, etc). It's a multi platform world.

ASN.1 and the associated tools does all of this, JSON Schema does all of them too I think (BSON comes to the rescue for 5?). Google Protocol Buffers does only 4 and 6, does 1 badly, same for Thrift I think.

3
0

Musk: 'Tesla's electric Model S cars will be less crap soon. I PROMISE'

bazza
Silver badge

"While there's nothing that can be done right now to make long-distance travel _as fast as_ in a petrol/diesel car, more accurate energy-use prediction can help reduce average travel time. Since BEVs' ability to be refueled at home make everyday driving _more_ convenient, so the more you narrow the gap on longer trips, the more the overall balance of convenience shifts to plug-ins."

Right, but if you ever need to do a long journey you'll be taking a different car. No one is going to do a 500 mile journey in a vehicle if it means stopping for a few hours every 150 - 200 miles. For most people that means owning another car. And if you have a 'spare' car that you're not using every day then there's not much point, environmentally speaking, in having the battery powered car.

2
2
bazza
Silver badge

"Interestingly, electric cars become more efficient the slower you drive. Extra traffic would actually extend your range...."

Not if you have the air conditioning switched on...

4
1
bazza
Silver badge

Hmmm, seems difficult to think what could be done. If they make the range indicator more 'reassuring', isn't that just going to result in people actually getting stuck in the middle of nowhere?

Fundamentally Tesla cannot address the real concern for anyone thinking of taking on a longish journey in their car. With a petrol or diesel, you just fill up in moments almost anywhere you like. It takes real talent to stop by the side of the road having run out. But with an electric car you cannot fill up; you have to get to your destination and wait several hours for the car to recharge. If that destination is a long way away you have no margin for error. Extra traffic, a diversion, all sorts of unexpected eventualities that you cannot control can change your electricity usage. There's not many who would relish the hassle of dealing with the consequences.

5
3

Blackberry touts UNCERTIFIED 'secure' slab in hunt for public sector biz

bazza
Silver badge

Re: Lots of claims ..

"Having said that, QNX has potential, but that was until Blackberry decided to allow Android apps."

Er, you clearly don't know how BlackBerry have gone about it. BlackBerry separates personal apps / data from Enterprise apps / data using an AES256 encrypted filesystem (lookup BlackBerry Balance). You can put anything you like, including Android apps, on the personal side of the phone without running a risk of it seeing any Enterprise data. In that sense an Android app is no more or less dangerous than a native QNX app.

Most of Android's problems are related to the OS's inability to guarantee separation of data and enforcement of permissions. BB10 is far, better at this. Arguably it's a much better place to run Android apps than Android is.

3
0

Droidberry dangles: Why the BlackBerry-Samsung alliance is big potatoes

bazza
Silver badge

Re: Failings and hope

"As for the BlackBerry Samsung partnership, I hope that it at least results in the availability of a new, decently specced Android device with a hardware QWERTY keyboard."

Well, current BlackBerry mobiles seem to do a pretty good job of running Android apps. Amazon App Store is an official part of the BB10 OF these days, and a lot of people use the unofficial Snap app to get access to the Google Play Store.

What most people don't realise is the BlackBerry have thought long and hard about making all of that coexist nicely and safely with Enterprise data. Read up on BlackBerry Balance. It gives you an AES256 encryption layer between all that fun and all the enterprise parts of a phone, a strong and very comforting feature for a company.

0
0

US military SATELLITE suddenly BLOWS UP: 'Temperature spike' blamed

bazza
Silver badge

"so who lasered it?"

Dunno, but I expect Sean Connery is rushing to get his tux back from the dry cleaners even as we speak. Secret satellite-blasting laser bases in Antarctica are no doubt run by villainous cat fanciers, and it's just the sort of thing to tempt Connery out of retirement. Lets hope the evening wear still fits. And just by luck his replacement is preoccupied with some sort of caper in the Alps at the moment.

6
0

Elon Musk plans to plonk urban Hyperloop subsonic tube on California

bazza
Silver badge

Re: Let's see how testing goes before coming to any conclusions

"I gave you an (the?) upvote, you make some good points."

Why, thank you!

"A large contingent of reg. commentards automatically downvote any question re. Musk Enterprises."

Perhaps. Personally I'm neutral on the guy and his ambitions; I don't actually care whether or not Hyperloop gets built, but no one should ever see it as being a useful or profitable transport solution. If it gets in the way of something more societally beneficial (like a proper high speed train link) then perhaps it shouldn't be allowed.

If it does get built, I'd definitely like to go on it!

I think that a lot of his projects are commercially crazy and full of contradictions. For example, SpaceX set out to make a disposable rocket extremely cheap (at the cost of performance). Now they're trying to do a reusable rocket the really hard way. Did they discover that rocket science is actually unavoidably expensive?

Tesla cars are also a contradiction. Great yeah, an electric car, but everyone knows that they're flawed as a mode of transportation and hardly anyone asks where the electricity comes from in the first place. They're a long way from being a universal motoring solution. Everyone who's bought one almost certainly has another vehicle too, and environmentally speaking that's a hell of a lot worse than owning just one single vehicle.

None of that really matters, it's his money. If he wanted to maximise his return on investment he'd concentrate on just battery research and not bother with the car, solar panels and rockets. Admittedly that'd much more dull. Clearly he's not doing these things to make the largest possible profit, and to his credit that is refreshing.

However he did crash and destroy a McLaren F1 (according to Wikipedia). He has a lot to answer for in my view.

"Went to see both it and the Tu-144 as a tiny thing, before the latter had a brief career of limited flights, and the Concorde was restricted to N.Y. as a destination."

Concorde was the Hyperloop of the 1960s. An aeronautical dream that was sold to the politicians who were to pay for as as being a solution to increasing the capacity of air travel. Oh how the engineers must have laughed! We did end up with a very seriously cool aircraft. But air travel is now beginning to be limited by the number of landing and take-off slots available at the airports. Fast planes don't help solve that. Big planes do. The A380 is about the only answer to that problem.

"I love the bullet trains, but they wreak havoc on local services. Unless someone else is paying, too expensive to ride in general, but of course, the company is paying for most of the regulars, particularly on the Tokaido."

I'm not quite sure what you mean by "wreeks havoc on local services". The Shinkansen integrates very well with local trains, as does TGV in France and the ICE trains in Germany. It's not dirt cheap, but even at £100ish for a single from Tokyo to Osaka it's just about cheaper than the overall whole-life cost per mile of driving the same distance in a car. The car wins if you put 2 people in it, but it's a hell of a lot slower.

"Also, they are too fast to enjoy any scenery."

I've got a series of photos of Mt Fuji that I took from the bullet train. All but one of them had something like a telegraph pole, house, bridge etc. spoiling the view. Clear gaps just didn't last long enough!

0
0
bazza
Silver badge

Re: Let's see how testing goes before coming to any conclusions

Um, I think you're missing the point.

"Theme parks manage to process thousands of people on rides with more stringent passenger safety measures than this shuttle is likely to require."

"So I don't see it follows that it's going to be slower"

So a 10 car roller coaster with 4 people to a car running once every 2.5 minutes sounds like a reasonable throughput for a roller coaster. That might on a good day amount to 8,000 people per day.

In comparison a train system like the Shinkansen can do that in just half an hour.

If you want to move 100,000 each day you need to move them by hundreds (aircraft) and thousands (trains) at a time. A small pod carrying 20 - 40 people at a time isn't going to work.

"particularly since they could scale with parallel tracks"

The costs would scale upwards too.

"and scheduling to put people with the same destination on the same shuttle."

Er, what? With any form of transport you're going to get to where ever it stops. You're not going to change shuttles midway unless it stops to let you do that. If you get on the wrong one you'll be going the wrong way...

"They could even scale the service according to demand, adding more shuttles in at peak periods. It's like one glorified bin pack - it could designed to ensure an efficient throughput according to the expected demands on the system."

You're missing the point. Unless a shuttle can carry 1000+ people at a time then you cannot beat the throughput of a train. So far the Hyperloop guys are talking about single shuttle carrying 28 people leaving once every 30 seconds (which seems optimistic), and they say that the system could transport 7 million people per year per tube. That's barely 10% of what a single train track can carry.

The 30 seconds separation sounds very optimistic; in an emergency situation you'd have to be able to stop in much less than 30 seconds. It's about 3G for 10 seconds, which is a hell of a lot of braking for a vehicle that'd have to achieve that with nothing but linear motors for traction, and especially when whatever the emergency is has probably badly compromised the system anyway. A 30 second separation sounds like a good way of making an accident a whole lot worse than it already is.

"A hyperloop could potentially deliver people to or close to the actual centre of a city. Look at the Eurostar as an example of this - the train is slower than a plane but it actually to where people want to go and so is faster and more convenient than a plane."

Er, train stations have generally been in town centres for 160 years. This is not a new idea. Hyperloop is a worse idea because it cannot move as many people.

4
2

Forums

Biting the hand that feeds IT © 1998–2018