Category Archives: Security

Energy, Security

The drag car incident and risk

Leave a comment

ESPN’s report on the Tennessee drag car incident has a very troubling quote:

Amateur video of the crash, broadcast on WMC-TV in Memphis, showed the car’s engine revving loudly before the vehicle sped down the highway. After a few hundred feet, the smoking car skidded off the road and into the crowd.

“It’s been a safe event until this year,” Police Chief Neal Burks said Monday.

With all due respect to the Chief, it has not been a safe event until this year. Rather, it has been an event without incident. The two conditions are vastly different and should never be confused when calculating risk.

In fact, I’ll go so far as to say it is a pet peeve of mine to find managers who say they have a safe environment when what they really mean is they are unaware of any incidents. Being lucky is definitely not the same thing as studying data and preparing for predictable outcomes.

I wonder what the Chief would say if he pulled someone over for a safety violation (e.g. speeding, no seatbelt, drunk driving, etc.) and that person said “I have been safe so far”.

The crash occurred at a Cars for Kids charity show, which has been an annual event in this small town 80 miles east of Memphis for 18 years. The drivers always do crowd-pleasing burnouts — spinning the tires to make them heat up and smoke — at the end of the parade.

[…]

Cars for Kids holds several events throughout the nation and raises close to $200,000 annually for charities that help children in need, according to its Web site.

The charity was formed in 1990, two years after founder Larry Price’s son, Chad, suffered a severe head injury in a bicycle accident. Price promised that if his son was saved from lifelong injuries, he would spend the rest of his life raising funds for disabled children, according to the Web site.

So here is an interesting question: Would the crowds come and pay admission if there was less risk (to the driver, the environment, or themselves)? Seems to me there is some questionable judgment and sad irony in using high-risk activities to raise funds to pay for injuries from risky activities. Then again, maybe I’m a bit more sensitive than most to the risks of “burning” tires or “burnouts” for show.

Tires are not made of rubber, they are complex chemical mixtures that will release thousands of chemicals in mixtures that will create new ones, the health hazards of this are unknown. As a cancer researcher I know that mixtures of chemicals in low doses are cancer causing in humans, even if the individual chemical is not.

Would you like some asthma with those fries?

Security

Virtual fences

Leave a comment

Some enterprising researchers in Australia have decided to use GPS to update the old concept of electrified collars to control boundaries, according to the Guardian:

The system uses battery-powered collars that emit a sound to warn cattle when they are approaching a virtual boundary. If a cow wanders too near, the collar – which is fitted with a chip – emits a warning hum. If it continues, the cow gets a mild shock.

The key to the description is the “battery-powered” part. What century is this? Battery-powered? Come now, surely there is a renewable energy source like solar cells, or maybe even methane gas, to run these tags.

Commercial versions are up to 10 years away. The batteries currently last about a week and would need to have a life of several months to be practical.

Hmmm, as if batteries are going to be a relevant source of power ten years from today. And what is with the week to several months progress curve? Talk about low expectations.

Dr Fisher said that experiments, conducted in front of independent animal welfare experts, showed that cattle took less than an hour to learn to back off when they heard the warning hum. They were not stressed by wearing the collars, which give off a 250-milliwatts shock that has been described as not much more than the charge from static electricity.

Cow tipping may have to give way to cow humming. How long will it take humans to learn not to step past a point that gives them a static charge?

History, Poetry, Security

China censors Guan Shan Yue from Disney movie

Leave a comment

I’ve been thinking about the news from Variety for a few days:

China Film initially said it had made no cuts, then declined to comment on a Beijing News report that it had cut scenes involving too much violence and horror.

[…]

It also cuts his reading of a poem by Tang dynasty poet Li Bai (701-762) called “Guan Shan Yue” (The Moon Shining Over the Mountain on the Border).

First of all, I am a bit unimpressed with that translation of the title. The poem is about separation and longing due to conflict — costs incurred by a point of control, from a security viewpoint. This makes me think of something like “The Moon Shines on the Mountain Border” or “The Moon Shines Over the Wall on the Mountain”, or maybe even “Moon on the Mountain Pass”.

Second, how does this have anything to do with the Beijing News mention of violence and horror? Variety mentions a censored poem and then stops. Perhaps they didn’t feel it necessary to research the rationale and the history of the poem’s importance, or just didn’t care to elaborate?

Here is a closer look at the issue. 300 Tang poems has a page called Tangshi II. 1. (38), where you can see the text of Li Bai’s poem as well as English and French interpretations. Note the title of the poem:
Guan Shan Yue

Here’s their version in English:

The bright moon lifts from the Mountain of Heaven
In an infinite haze of cloud and sea,
And the wind, that has come a thousand miles,
Beats at the Jade Pass battlements….
China marches its men down Baideng Road
While Tartar troops peer across blue waters of the bay….
And since not one battle famous in history
Sent all its fighters back again,
The soldiers turn round, looking toward the border,
And think of home, with wistful eyes,
And of those tonight in the upper chambers
Who toss and sigh and cannot rest.

And, since 300 Tang site conveniently explains all the characters, here’s mine:

Moonlight shines upon the mountain
bringing clarity through a deep blue sea of fog.
The constant winds from almost ten thousand miles
blow against the Jade pass garrisons.
China’s men climb upon an empty path,
as Tartar soldiers gaze across a blue-green sea.
Because great battles in history
never return all men to their beds,
many look back upon the garrison
with eyes of pain, and think of home.
Those who this night lay upstairs
toss and turn, they cannot rest.

Security

Apple Safari for Windows Exploit

Leave a comment

Congratulations to Apple for releasing a browser for Windows. If it is as bad as their iTunes for Windows product, it probably will make little or no progress into a new user base. However, it does give their existing users more options, which is still a good thing. Er, sort of a good thing, according to Apple Product Security:

A command injection vulnerability exists in the Windows
version of Safari 3 Public Beta. By enticing a user to visit a
maliciously crafted web page, an attacker can trigger the issue which
may lead to arbitrary code execution.

[…]

An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website.

[…]

A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page.

The message from Apple points out that none of this has anything to do with OS X. Apple Product Security also emphasizes how much they look forward to hearing from the public about products that they release with flaws:

As with all our products, we encourage security researchers to report issues to product-security@apple.com.

It would be funny if the product security notes included a phrase like “Patch available…or click here for help on how to migrate from Windows”. That would be so Microsoft-like of them.