California Will Allow Driverless Cars

August 31, 2012

I first wrote about Google’s project to develop a self-driving car back in October 2010, and I’ve tried to follow its progress here from time to time.  Earlier this year, the state of Nevada approved test operation of the driverless vehicles on public roads, under specified conditions.  (For example, the company is required to post a $1 million insurance bond, and to have human drivers in the vehicle who can take over in an emergency.)

Now, according to a brief article at Ars Technica, Google’s home state of California is getting in on the act.  The state legislature has passed, and sent to the Governor for signature, legislation that would further the move toward self-driving  vehicles.

The new bill requires the state’s Department of Motor Vehicles to adopt new regulations, including safety standards and “performance requirements” for new autonomous vehicles. Once those new rules are put in place, the bill “would permit autonomous vehicles to be operated or tested on the public roads in this state.”

Google has, of course, been conducting tests on roads in California for a while, under various arrrangements, but the new legislation enables testing, and possible future use, to be put on a more formal basis.  The details have been left for the motor vehicle department to sort out, so it remains to be seen what the rules will be.

It seems to me that this technology might potentially improve the safety and efficiency of road transportation, if we can work out a way to solve  not only the technical problems, but the legal and cultural ones also.


Google Updates Chrome to 21.0.1180.89

August 30, 2012

Today, Google released a new version, 21.0.1180.89, of its Chrome Web browser for all platforms: Mac OS X, Linux, Windows, and Chrome Frame.  The new version contains fixes for eight identified security vulnerabilities, three of which Google rates as High severity.  It also incldes fixes for a number of bugs:

  • Several Pepper Flash fixes
  • Microphone issues with tinychat.com
  • devtools regression with “save as” of edited source
  • mini ninjas shaders fails
  • page randomly turns red/green gradient boxes

(That last bug is one I encountered on a site I use regularly; I wondered at the time if I didn’t get the memo on the significance of the color changes.)  Further details are in the Release Announcement.

Because of the security content of the new version, I recommend that you update your systems as soon as you conveniently can. Windows and Mac users should get the new version via the built-in update mechanism. Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.

You can check the version of Chrome that you have by clicking on the tool menu icon (the little wrench), and then selecting “About Google Chrome.”


Mozilla Releases Thunderbird 15.0

August 28, 2012

In addition  to the Firefox release today, Mozilla also released version 15.0 of its Thunderbird E-mail client, for Linux, Mac OS X, and Windows.  The new release includes some new features:

  • Multi-channel chat facility
  • “Do Not Track” support for Web searching
  • Ubuntu One is now supported for Filelink attachments
  • Updated user interface

The new version also includes fixes for 12 identified security vulnerabilities, five of which are rated of Critical importance.  More information is available in the Release Notes.

If you have enabled automatic checking for updates, Thunderbird should inform you of the new version.  Otherwise, you can obtain the new version via the built-in update mechanism (Help / About Thunderbird / Check for Updates), or you can download a complete installation package, in a variety of (human) languages.


Mozilla Releases Firefox 15.0

August 28, 2012

The Mozilla organization today released version 15.0 of its Firefox Web browser, for Windows, Linux, and Mac OS X.   This version incorporates a number of new features, including:

  • WebGL enhancements and performance improvements
  • Support for version 3 of the SPDY protocol
  • Expanded HTML 5 support
  • Optimized memory usage for add-ons

There are also miscellaneous bug fixes and performance enhancements.  Further information is available in the Release Notes.

You can obtain the new version via the built-in update mechanism (Help / About Firefox / Check for Updates), or you can download a complete installation package, in a variety of (human) languages.

Update Tuesday, 28 August, 15:45 EDT

The new Firefox version 15.0  also contains fixes for 16 identified security vulnerabilities; Mozilla rates 7 of these as of Critical importance, 6 as High, and 3 as Moderate.  For some reason, these were not mentioned in the Release Notes.


Missing Vaccinations

August 27, 2012

Vaccines against infectious diseases are one of the great success stories of modern medicine.  Their widespread use has practically eliminated some terrible diseases, like smallpox and polio, and has greatly reduced the incidence of some former scourges of childhood, such as measles and pertussis (whooping cough).   Vaccination programs work in two ways.  The first, and most obvious way, is the stimulation of immunity to the disease pathogen in the vaccinated individual.  The second is the production, when vaccination rates are high, of what is called “herd immunity”.  By reducing the number of individuals susceptible to infection, this makes it harder for the disease to spread; it also provides protection to those who are unable to be vaccinated, perhaps because of allergies or compromised immune systems.  This is the reason that smallpox vaccination, for example, has historically been required for all children entering school.

Some recent research, reported in an article at Science Daily, highlights some recent trends that might reduce the effectiveness of vaccination in promoting public health.  Some US states allow parents to obtain “personal belief” exemptions from vaccinations that would otherwise be compulsory.  A group of researchers from the University of Pennsylvania School of Nursing studied vaccination data from more than 7,000 public and private schools in California, which allows personal belief exemptions; the data cover ~500,000 kindergarten students.  Just looking at the period from 2008 to 2010, the number of students with one or more exemptions increased by 25%.  Also, some schools and school districts had very high rates of exemption; in one county in northern California, nearly half the students were not vaccinated due to exemptions.

The public health implications of losing vaccination’s benefits should not be underestimated.

Measles once infected four million people and killed 4,000 of them each year, mostly young children. With high measles vaccine coverage over several decades, endemic measles was eliminated in the United States as of 2000. The current routine childhood immunization schedule is estimated to prevent 42,000 deaths and 20 million cases of disease and to save $14 billion in direct medical costs per U.S. birth cohort.

There will always be a few individuals for whom vaccination is not a good idea, for sound medical reasons.  But skipping vaccinations on the basis of junk science and fashion puts everyone at greater risk.


Remembering Nikola Tesla

August 25, 2012

Nikola Tesla was a Serbian-American inventor and engineer.  Born in what is now Croatia in 1856, he moved to Paris in 1882, and to the US in 1884, where he worked with Thomas Edison for a few years.  The two then parted ways, in part over a pay dispute in relation to Tesla’s work.   The rift deepened during the “War of Currents”, in which Edison was promoting the use of direct current [DC] power distribution, while Tesla and George Westinghouse were promoting alternating current [AC].   The AC system ultimately won out, because the voltage of an AC supply can be easily stepped up or down with transformers, and high voltage transmission is more efficient over any appreciable distance.  AC distribution is the rule in developed world today.  Tesla also made numerous inventions, including the ubiquitous AC induction motor, which Tesla patented in 1888.

Tesla had a reputation of being somewhat eccentric, and of course having the well-known and apparently none-too-scrupulous Thomas Edison as an enemy did not help.  He died in New York City in 1943, and his work was largely forgotten for a time.  Now, however, there are a couple of efforts under way to commemorate his work.

The first, according to a report at BBC News, is a project to build a Tesla Museum, on the site of Tesla’s laboratory in Shoreham, New York.  A non-profit organization, the Tesla Science Center, originally announced the plan when the property came onto the market, but had trouble raising the needed funds.  A “crowd funding” campaign launched by Matthew Inman, creator of The Oatmeal Web site, raised more than $850,000 in short order, and breathed new life into the project.  The New Scientist site has an interview with Mr. Inman about the project.

According to an article at Wired, another Tesla project is underway at the Kickstarter site, a docudrama about Tesla called Electricity: The Story and Life of Nikola Tesla.

The movie will feature dramatic re-enactments, interviews, vintage film sequences and archival photographs filmed in slow-panning “Ken Burns style,” according to project rep Zach Taiji.

Tesla, by all accounts, was a bit of a strange character.  Still, he made some significant contributions to science and technology, and there is little doubt that he was treated badly by Edison. I hope these projects will help his contributions to be recognized.


BIOS Security for Servers

August 24, 2012

Back in 2011, the US National Institute of Standards and Technology (NIST) published a set of guidelines for achieving better security in the PC BIOS, the initial firmware executed when the PC begins its boot sequence.  An article at Ars Technica reports that the NIST has now issued, in draft form, a similar set of guidelines specifically for servers, BIOS Protection Guidelines for Servers [SP800-147b] [PDF].

The new guidelines mostly parallel those laid out in the 2011 report; the key components are:

  • Authenticated Update Modifications to the BIOS code and data areas must be done through a controlled mechanism, which verifies authentic updates by cryptographic signatures.
  • Optional Local Update An optional update mechanism may be provided that allows any update (signed or not) to be installed provided that the administrator is physically present at the server (this might employ a keyed switch, for example).
  • Firmware Integrity The system must protect its firmware from modification other than by an approved update process.
  • No Bypassing Security It should not be possible to bypass any of the protection mechanisms.

The document goes on to discuss examples of how these rules might be implemented.

NIST’s Computer Security Division is requesting comments on the draft guidelines:

 NIST requests comments on draft NIST SP 800-147B by September 14th, 2012. Please submit all comments to 800-147comments@nist.gov.

As I’ve noted before, attacks that modify the BIOS, although requiring some skill to pull off, are potentially very dangerous, since they can give the attacker complete control of the machine.  Even a complete re-installation of the machine’s operating system will typically not remove them.  So more attention to security in this area is definitely a good thing.

 


%d bloggers like this: