Author: philg

According to this article, Hugo Teso, German computer security expert, determined that the very latest communication systems and software approved by the FAA and its counterparts worldwide are “unencrypted and unauthenticated.” The end result is that he was able to write Android software to reprogram Boeing jets’ avionics from a mobile phone.

This is somewhat surprising result considering that the software and systems in question are the subject of years of certification review by sizable committees of extremely risk-averse individuals. I would have expected that the committee-intensive nature of the process would slow development and innovation but would increase security due to the fact that this should be precisely the kind of thing that a reviewer would be looking for.

I was recently out at Robinson Helicopter Company for recurrent training. The CEO was asked why the company had not released any helicopters with glass cockpit instruments (LCD screens instead of mechanical gauges and gyros). Such instruments are actually approved for aftermarket certification, the CEO said, but the FAA keeps asking for more and more paperwork to justify why the factory should be able to install them. Keep in mind that this is for a helicopter that cannot legally be flown in instrument conditions and therefore the pilot can and does fly safely simply by looking out the window. An instrument failure in a Robinson helicopter has no safety consequence.

[According to the CEO, about three years ago the FAA simply stopped acting. Their former glacial pace changed to something more like plate tectonics. He didn’t have an explanation for this but I note that this roughly coincides with the collapse of the private aviation industry from 2008-2010. An FAA employee is now probably paid about 8 times per hour what he or she might earn in the private sector (the salaries are not 8X higher, of course, but consider the actual number of working hours demanded) so the consequences of being fired are enormous. The easiest way to avoid being fired is to avoid acting. If you don’t approve something you can’t be blamed when something turns out not to work.]

A single dissenting voice can hold up an aircraft design for years. The new Robinson R66, for example, caught the attention of a Canadian government worker (story). He looked at the 400 psi hydraulic system on the Robinson and said “There was a failure in a Sikorsky’s 2000 psi system a few years ago. Prove to me that the Robinson system doesn’t need some extra redundancy so as to avoid a situation like that.” Robinson pointed out that the R66’s hydraulic flight control assistance system was virtually identical to that which was flying uneventfully in about 5000 R44s worldwide but this was unavailing. The Canadian dissenter did not hold up U.S. certification but he managed to get the Europeans and Russians to deny certification and that has cost Robinson perhaps $100 million in sales thus far (80 percent of Robinson’s sales are to foreign countries; supposedly 2013 will be the year when the helicopter is finally certified worldwide, three years later than in the U.S. due to this one Canadian guy; note that the original Canadian dissenter eventually took a closer look and apologized for making such a big fuss, but of course it is Robinson that bears all of the costs).

It seems reasonable to expect that a couple of trailblazing developers, excited to get their new protocols and systems into the hands of users, would leave open a security hole. But why doesn’t adding layers upon layers of review by committee and years of delay result in one committee member raising his or her hand to ask “Shouldn’t this be encrypted?”

Full post, including comments

Folks:

Here’s something that I thought would be easy but in fact seems to be difficult….

A friend has an Android tablet. I want to push photos to a gallery on her tablet. I don’t want her to have to do anything other than open the “Gallery” application on the tablet. I want the pictures to be available when the device is offline. The source of the photos is my desktop computer and the most convenient application from which to share them would be Google’s Picasa.

I’m pretty sure that this would be dead simple on iOS. I would create a “Shared Photo Stream” and then share it with her. Once she accepted it the pictures would just trickle onto her device. Android has a “Google Photos” sync setting that, I think, will sync one’s own Picasa albums but it does not seem to sync any of the albums that have been shared with the owner of the tablet/Gmail address.

I don’t think it is practical to ask her to use Dropbox or similar and manually move files from one app to another or to mark individual photos to make available offline, etc.

Ideas?

[Note: Another way to rephrase this question is “How do I use an Android tablet as a remotely managed digital picture frame?” I recently purchased a Pix-Star digital picture frame and it offers this capability. It is a pretty nice interface if what you want to do is remotely manage the photos that a busy or naive user will be able to view. An Android app that had similar capabilities to the picture frame would be ideal, but given all of the fancy features of Picasa and Google+ I wouldn’t expect to need to install anything additional on the tablet.]

Thanks in advance for any help.

Full post, including comments

Things have calmed down in Boston with the arrest of a 19-year-old. The city’s residents spent nearly a week glued to the news. Our flight school was effectively shut down on Thursday when President Obama came to visit. Nearly all businesses were then shut down on Friday while literally thousands of police and other armed government agents, equipped with armored cars and helicopters, searched for this teenager.

The events that started with the attack on Boston Marathon spectators and runners got me thinking about how the 21st Century seems to be the age of the individual. For most of human history the power of the individual has been limited. Unless the individual inherited, seized, was elected to, or appointed to a position of power, e.g., head of an army, state, or church, there was not much that an individual could do to disrupt society. Our century, however, started with 19 visitors to the U.S. whose actions on 9/11/2001 transformed American society to a much larger extent than any politician within memory. So far in 2013 the trend of individual power seems to have continued. A student wearing a white blanket, mistaken for a Ku Klux Klansman, managed to shut down Oberlin College for a day. And now we have two young brothers from the Cambridge Rindge and Latin High School, not notably distinguished from their classmates, who managed to shut down a city of 3 million.

I’m wondering to what we can attribute this shift in power. It does not seem to me that guns or bombs have changed during my lifetime (I was born in 1963). Governments have become stronger rather than weaker. The typical police force in 1963 could not rely on security camera footage from thousands of sources, nor did it have a SWAT team, bulletproof vests, armored cars, or military-style rifles. If the police needed a helicopter they would have to ask the nearest Army unit to provide assistance and the Army pilots would not have night vision goggles or an infrared camera. The Internet did not exist in 1963 but nearly every American family had access to a television or radio and dramatic news was broadcast over these media.

Full post, including comments

A couple of images from the D.C. Metro. Given the cultural prominence of “Big Brother is Watching You” from Orwell’s 1984 I was surprised to see these posters reading “Our cameras, undercover police and passengers are watching you.”

Full post, including comments

One thing that seems to be absent from the public debates concerning restricting gun ownership in the U.S. is the fact that so many Americans just love guns (see my December 2012 posting on the subject). I was at the Lincoln Memorial on Saturday and a group of U.S. Navy (?) sailors was performing some sort of drill/demonstration involving throwing rifles back and forth and twirling them. After the demo, they were mingling with the tourists:

Check out the big smiles on these folks of all ages and sexes. Apparently there is very little that they enjoy more than playing with rifles on a sunny day.

[Personally I was horrified by the demonstration. One thing that I definitely do not want to see is a rifle being twirled or tossed, especially next to a huge crowd of people. I was pretty confident that the rifles weren’t loaded, of course, and that the bayonets were not sharp, but this did not strike me as a good way to teach firearms safety!]

Full post, including comments

Here’s a traveler at Reagan National Airport wearing a T-shirt reading “You are the CSS to my HTML”:

(It seems to be available at amazon.)

Full post, including comments

My connection with the Boston Marathon was slight. I have donated money over the years to friends who were running for the benefit of one hospital or another, their 4-hour times not sufficient to qualify under the standard rules. I have seen a few friends run fast enough (3 hours?) that they actually qualified. I photographed the 100th anniversary event back in 1996 for Hearst Magazines (see my 100th anniversary Boston Marathon photos). I’ve flown aerial photographers over the event in an East Coast Aero Club helicopter.

Security has not been a primary concern for most Bostonians. We’re not a center of commerce like New York. We’re not a center of power like Washington, D.C. or many of the other cities that have suffered attacks like this. The massive changes in U.S. society since 9/11 touched us mostly when we dealt with TSA at Logan Airport , when we need to visit a high-rise office building tenant for a meeting (ID checks now required in the lobby), or when someone wants to take a helicopter tour during a Red Sox game (a 3-mile, 3000′ “no fly” zone is established over Major League Baseball stadiums, ostensibly to improve security but primarily as a means of excluding advertising competition from banner-towing planes (the typical terrorist would not be worried about violating a regulatory flight restriction such as this one)). We don’t have so many government buildings that our sidewalks are now littered with concrete blocks for protection against truck bombs. It is rare for hundreds of police and Secret Service to shut down large parts of our city for a politician’s visit (Massachusetts is virtually guaranteed to vote for a Democrat so Obama did not campaign here, though he sometimes shows up for fundraising events, thus shutting down the city for all but the donors; Obama’s annual vacations on Martha’s Vineyard have a huge impact on life and commerce there but most Bostonians aren’t rich enough to go to the Vineyard).

People seem to be in shock right now, unsure what to do differently going forward and trying to figure out what happened yesterday. In a metro area of about three million there were not so many who need any kind of direct help as a result of this attack. Therefore the majority of us are left to feel helpless and watch the news.

[I have fielded about 100 emails, text messages, and phone calls from friends and family. It turned out that I spent yesterday practicing 6 instrument approaches in a Cirrus SR20. I flew the eight-year-old four-seat airplane while wearing a hood that obscured my view of the natural horizon. Two pilot friends watched from additional seats to make sure that we did not conflict with other aircraft (the one friend in front is designated the “safety pilot”). We flew from Hanscom Field to Danbury, Connecticut and back for lunch with my cousin and her four-year-old son. Personal aviation is not typically regarded as safer than being a sports spectator but yesterday was an exception. None of my friends were injured, but friends of friends were.]

Full post, including comments

At 1700 K Street in Washington, D.C., American diet trends can be observed in one photo:

(Mixt Greens “eco-gourmet” salad restaurant being replaced by a Dunkin’ Donuts.)

Full post, including comments

I spent Saturday giving a tour of Washington, D.C. to a woman who retired from a career spent as a Soviet comrade and currently lives in Moscow. She loved the streets-paved-with-gold look of the city and the museums and provided some unique reactions, e.g., after seeing the Lincoln Memorial she noted “This is much larger and more grand than Lenin’s Tomb.” Comrade Tourist was particularly awestruck by the size of the buildings housing federal agencies, especially when I explained to her that all of them had long outgrown their D.C. headquarters and now had much larger facilities in the suburbs or in other cities.

Here are some excerpts from our conversation:

• What’s that huge building?
• The Department of Energy. They have a budget of about $30 billion.
• Energy? They are responsible for generating all of the electric power in the U.S.?
• Uh, no. They don’t run any powerplants. They run a couple of research labs and… well I’m not sure what they do with the rest of the money.
• What’s that huge building?
• The Department of Education. They have a budget of about $90 billion.
• So they run the schools here in America?
• No. They don’t run any schools, develop any textbooks, or teach anyone.
• Wow. What about this building?
• Department of Agriculture. They also have the building across Independence Avenue, connected by the bridge. Their budget is about $150 billion per year.
• Such a big building! They work to make farmers more efficient so that food prices will be lower?
• Actually, no, they pay farmers to leave fields idle, restrict imports, and enforce cartels so that food prices stay higher than they would in a free market.
• How can poorer Americans afford the high food prices then?
• The same agency runs a program to give food stamps to about 50 million Americans.

By the end of the afternoon Comrade Tourist, whose conversational English is not great but who has been reading our news magazines, said “Everyone in this city is a taker. There are no makers.”

Full post, including comments

New York’s Museum of Modern Art gives us some insight into the financial health of America’s not-for-profit organizations. The New York Times says that they are buying a 12-year-old building, constructed at a cost of $32 million in 2001 ($42 million in 2013 “mini-dollars”) and demolishing it. Why can’t they reuse the former American Folk Art Museum’s home? Is it that hard to take down a quilt and replace it with a Brice Marden? “MoMA officials said the building’s design did not fit their plans because the opaque facade is not in keeping with the glass aesthetic of the rest of the museum.”

Full post, including comments